155714Skris/* crypto/des/des_enc.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280304Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280304Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 5955714Skris#include "des_locl.h" 60238405Sjkim#include "spr.h" 6155714Skris 62109998Smarkmvoid DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) 63280304Sjkim{ 64280304Sjkim register DES_LONG l, r, t, u; 6555714Skris#ifdef DES_PTR 66280304Sjkim register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; 6755714Skris#endif 6855714Skris#ifndef DES_UNROLL 69280304Sjkim register int i; 7055714Skris#endif 71280304Sjkim register DES_LONG *s; 7255714Skris 73280304Sjkim r = data[0]; 74280304Sjkim l = data[1]; 7555714Skris 76280304Sjkim IP(r, l); 77280304Sjkim /* 78280304Sjkim * Things have been modified so that the initial rotate is done outside 79280304Sjkim * the loop. This required the DES_SPtrans values in sp.h to be rotated 80280304Sjkim * 1 bit to the right. One perl script later and things have a 5% speed 81280304Sjkim * up on a sparc2. Thanks to Richard Outerbridge 82280304Sjkim * <71755.204@CompuServe.COM> for pointing this out. 83280304Sjkim */ 84280304Sjkim /* clear the top bits on machines with 8byte longs */ 85280304Sjkim /* shift left by 2 */ 86280304Sjkim r = ROTATE(r, 29) & 0xffffffffL; 87280304Sjkim l = ROTATE(l, 29) & 0xffffffffL; 8855714Skris 89280304Sjkim s = ks->ks->deslong; 90280304Sjkim /* 91280304Sjkim * I don't know if it is worth the effort of loop unrolling the inner 92280304Sjkim * loop 93280304Sjkim */ 94280304Sjkim if (enc) { 9555714Skris#ifdef DES_UNROLL 96280304Sjkim D_ENCRYPT(l, r, 0); /* 1 */ 97280304Sjkim D_ENCRYPT(r, l, 2); /* 2 */ 98280304Sjkim D_ENCRYPT(l, r, 4); /* 3 */ 99280304Sjkim D_ENCRYPT(r, l, 6); /* 4 */ 100280304Sjkim D_ENCRYPT(l, r, 8); /* 5 */ 101280304Sjkim D_ENCRYPT(r, l, 10); /* 6 */ 102280304Sjkim D_ENCRYPT(l, r, 12); /* 7 */ 103280304Sjkim D_ENCRYPT(r, l, 14); /* 8 */ 104280304Sjkim D_ENCRYPT(l, r, 16); /* 9 */ 105280304Sjkim D_ENCRYPT(r, l, 18); /* 10 */ 106280304Sjkim D_ENCRYPT(l, r, 20); /* 11 */ 107280304Sjkim D_ENCRYPT(r, l, 22); /* 12 */ 108280304Sjkim D_ENCRYPT(l, r, 24); /* 13 */ 109280304Sjkim D_ENCRYPT(r, l, 26); /* 14 */ 110280304Sjkim D_ENCRYPT(l, r, 28); /* 15 */ 111280304Sjkim D_ENCRYPT(r, l, 30); /* 16 */ 11255714Skris#else 113280304Sjkim for (i = 0; i < 32; i += 4) { 114280304Sjkim D_ENCRYPT(l, r, i + 0); /* 1 */ 115280304Sjkim D_ENCRYPT(r, l, i + 2); /* 2 */ 116280304Sjkim } 11755714Skris#endif 118280304Sjkim } else { 11955714Skris#ifdef DES_UNROLL 120280304Sjkim D_ENCRYPT(l, r, 30); /* 16 */ 121280304Sjkim D_ENCRYPT(r, l, 28); /* 15 */ 122280304Sjkim D_ENCRYPT(l, r, 26); /* 14 */ 123280304Sjkim D_ENCRYPT(r, l, 24); /* 13 */ 124280304Sjkim D_ENCRYPT(l, r, 22); /* 12 */ 125280304Sjkim D_ENCRYPT(r, l, 20); /* 11 */ 126280304Sjkim D_ENCRYPT(l, r, 18); /* 10 */ 127280304Sjkim D_ENCRYPT(r, l, 16); /* 9 */ 128280304Sjkim D_ENCRYPT(l, r, 14); /* 8 */ 129280304Sjkim D_ENCRYPT(r, l, 12); /* 7 */ 130280304Sjkim D_ENCRYPT(l, r, 10); /* 6 */ 131280304Sjkim D_ENCRYPT(r, l, 8); /* 5 */ 132280304Sjkim D_ENCRYPT(l, r, 6); /* 4 */ 133280304Sjkim D_ENCRYPT(r, l, 4); /* 3 */ 134280304Sjkim D_ENCRYPT(l, r, 2); /* 2 */ 135280304Sjkim D_ENCRYPT(r, l, 0); /* 1 */ 13655714Skris#else 137280304Sjkim for (i = 30; i > 0; i -= 4) { 138280304Sjkim D_ENCRYPT(l, r, i - 0); /* 16 */ 139280304Sjkim D_ENCRYPT(r, l, i - 2); /* 15 */ 140280304Sjkim } 14155714Skris#endif 142280304Sjkim } 14355714Skris 144280304Sjkim /* rotate and clear the top bits on machines with 8byte longs */ 145280304Sjkim l = ROTATE(l, 3) & 0xffffffffL; 146280304Sjkim r = ROTATE(r, 3) & 0xffffffffL; 14755714Skris 148280304Sjkim FP(r, l); 149280304Sjkim data[0] = l; 150280304Sjkim data[1] = r; 151280304Sjkim l = r = t = u = 0; 152280304Sjkim} 15355714Skris 154109998Smarkmvoid DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) 155280304Sjkim{ 156280304Sjkim register DES_LONG l, r, t, u; 15755714Skris#ifdef DES_PTR 158280304Sjkim register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; 15955714Skris#endif 16055714Skris#ifndef DES_UNROLL 161280304Sjkim register int i; 16255714Skris#endif 163280304Sjkim register DES_LONG *s; 16455714Skris 165280304Sjkim r = data[0]; 166280304Sjkim l = data[1]; 16755714Skris 168280304Sjkim /* 169280304Sjkim * Things have been modified so that the initial rotate is done outside 170280304Sjkim * the loop. This required the DES_SPtrans values in sp.h to be rotated 171280304Sjkim * 1 bit to the right. One perl script later and things have a 5% speed 172280304Sjkim * up on a sparc2. Thanks to Richard Outerbridge 173280304Sjkim * <71755.204@CompuServe.COM> for pointing this out. 174280304Sjkim */ 175280304Sjkim /* clear the top bits on machines with 8byte longs */ 176280304Sjkim r = ROTATE(r, 29) & 0xffffffffL; 177280304Sjkim l = ROTATE(l, 29) & 0xffffffffL; 17855714Skris 179280304Sjkim s = ks->ks->deslong; 180280304Sjkim /* 181280304Sjkim * I don't know if it is worth the effort of loop unrolling the inner 182280304Sjkim * loop 183280304Sjkim */ 184280304Sjkim if (enc) { 18555714Skris#ifdef DES_UNROLL 186280304Sjkim D_ENCRYPT(l, r, 0); /* 1 */ 187280304Sjkim D_ENCRYPT(r, l, 2); /* 2 */ 188280304Sjkim D_ENCRYPT(l, r, 4); /* 3 */ 189280304Sjkim D_ENCRYPT(r, l, 6); /* 4 */ 190280304Sjkim D_ENCRYPT(l, r, 8); /* 5 */ 191280304Sjkim D_ENCRYPT(r, l, 10); /* 6 */ 192280304Sjkim D_ENCRYPT(l, r, 12); /* 7 */ 193280304Sjkim D_ENCRYPT(r, l, 14); /* 8 */ 194280304Sjkim D_ENCRYPT(l, r, 16); /* 9 */ 195280304Sjkim D_ENCRYPT(r, l, 18); /* 10 */ 196280304Sjkim D_ENCRYPT(l, r, 20); /* 11 */ 197280304Sjkim D_ENCRYPT(r, l, 22); /* 12 */ 198280304Sjkim D_ENCRYPT(l, r, 24); /* 13 */ 199280304Sjkim D_ENCRYPT(r, l, 26); /* 14 */ 200280304Sjkim D_ENCRYPT(l, r, 28); /* 15 */ 201280304Sjkim D_ENCRYPT(r, l, 30); /* 16 */ 20255714Skris#else 203280304Sjkim for (i = 0; i < 32; i += 4) { 204280304Sjkim D_ENCRYPT(l, r, i + 0); /* 1 */ 205280304Sjkim D_ENCRYPT(r, l, i + 2); /* 2 */ 206280304Sjkim } 20755714Skris#endif 208280304Sjkim } else { 20955714Skris#ifdef DES_UNROLL 210280304Sjkim D_ENCRYPT(l, r, 30); /* 16 */ 211280304Sjkim D_ENCRYPT(r, l, 28); /* 15 */ 212280304Sjkim D_ENCRYPT(l, r, 26); /* 14 */ 213280304Sjkim D_ENCRYPT(r, l, 24); /* 13 */ 214280304Sjkim D_ENCRYPT(l, r, 22); /* 12 */ 215280304Sjkim D_ENCRYPT(r, l, 20); /* 11 */ 216280304Sjkim D_ENCRYPT(l, r, 18); /* 10 */ 217280304Sjkim D_ENCRYPT(r, l, 16); /* 9 */ 218280304Sjkim D_ENCRYPT(l, r, 14); /* 8 */ 219280304Sjkim D_ENCRYPT(r, l, 12); /* 7 */ 220280304Sjkim D_ENCRYPT(l, r, 10); /* 6 */ 221280304Sjkim D_ENCRYPT(r, l, 8); /* 5 */ 222280304Sjkim D_ENCRYPT(l, r, 6); /* 4 */ 223280304Sjkim D_ENCRYPT(r, l, 4); /* 3 */ 224280304Sjkim D_ENCRYPT(l, r, 2); /* 2 */ 225280304Sjkim D_ENCRYPT(r, l, 0); /* 1 */ 22655714Skris#else 227280304Sjkim for (i = 30; i > 0; i -= 4) { 228280304Sjkim D_ENCRYPT(l, r, i - 0); /* 16 */ 229280304Sjkim D_ENCRYPT(r, l, i - 2); /* 15 */ 230280304Sjkim } 23155714Skris#endif 232280304Sjkim } 233280304Sjkim /* rotate and clear the top bits on machines with 8byte longs */ 234280304Sjkim data[0] = ROTATE(l, 3) & 0xffffffffL; 235280304Sjkim data[1] = ROTATE(r, 3) & 0xffffffffL; 236280304Sjkim l = r = t = u = 0; 237280304Sjkim} 23855714Skris 239109998Smarkmvoid DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, 240280304Sjkim DES_key_schedule *ks2, DES_key_schedule *ks3) 241280304Sjkim{ 242280304Sjkim register DES_LONG l, r; 24355714Skris 244280304Sjkim l = data[0]; 245280304Sjkim r = data[1]; 246280304Sjkim IP(l, r); 247280304Sjkim data[0] = l; 248280304Sjkim data[1] = r; 249280304Sjkim DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); 250280304Sjkim DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); 251280304Sjkim DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); 252280304Sjkim l = data[0]; 253280304Sjkim r = data[1]; 254280304Sjkim FP(r, l); 255280304Sjkim data[0] = l; 256280304Sjkim data[1] = r; 257280304Sjkim} 25855714Skris 259109998Smarkmvoid DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, 260280304Sjkim DES_key_schedule *ks2, DES_key_schedule *ks3) 261280304Sjkim{ 262280304Sjkim register DES_LONG l, r; 26355714Skris 264280304Sjkim l = data[0]; 265280304Sjkim r = data[1]; 266280304Sjkim IP(l, r); 267280304Sjkim data[0] = l; 268280304Sjkim data[1] = r; 269280304Sjkim DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); 270280304Sjkim DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); 271280304Sjkim DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); 272280304Sjkim l = data[0]; 273280304Sjkim r = data[1]; 274280304Sjkim FP(r, l); 275280304Sjkim data[0] = l; 276280304Sjkim data[1] = r; 277280304Sjkim} 27855714Skris 27955714Skris#ifndef DES_DEFAULT_OPTIONS 28055714Skris 281280304Sjkim# undef CBC_ENC_C__DONT_UPDATE_IV 282280304Sjkim# include "ncbc_enc.c" /* DES_ncbc_encrypt */ 28355714Skris 284109998Smarkmvoid DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, 285280304Sjkim long length, DES_key_schedule *ks1, 286280304Sjkim DES_key_schedule *ks2, DES_key_schedule *ks3, 287280304Sjkim DES_cblock *ivec, int enc) 288280304Sjkim{ 289280304Sjkim register DES_LONG tin0, tin1; 290280304Sjkim register DES_LONG tout0, tout1, xor0, xor1; 291280304Sjkim register const unsigned char *in; 292280304Sjkim unsigned char *out; 293280304Sjkim register long l = length; 294280304Sjkim DES_LONG tin[2]; 295280304Sjkim unsigned char *iv; 29655714Skris 297280304Sjkim in = input; 298280304Sjkim out = output; 299280304Sjkim iv = &(*ivec)[0]; 30055714Skris 301280304Sjkim if (enc) { 302280304Sjkim c2l(iv, tout0); 303280304Sjkim c2l(iv, tout1); 304280304Sjkim for (l -= 8; l >= 0; l -= 8) { 305280304Sjkim c2l(in, tin0); 306280304Sjkim c2l(in, tin1); 307280304Sjkim tin0 ^= tout0; 308280304Sjkim tin1 ^= tout1; 30955714Skris 310280304Sjkim tin[0] = tin0; 311280304Sjkim tin[1] = tin1; 312280304Sjkim DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); 313280304Sjkim tout0 = tin[0]; 314280304Sjkim tout1 = tin[1]; 31555714Skris 316280304Sjkim l2c(tout0, out); 317280304Sjkim l2c(tout1, out); 318280304Sjkim } 319280304Sjkim if (l != -8) { 320280304Sjkim c2ln(in, tin0, tin1, l + 8); 321280304Sjkim tin0 ^= tout0; 322280304Sjkim tin1 ^= tout1; 32355714Skris 324280304Sjkim tin[0] = tin0; 325280304Sjkim tin[1] = tin1; 326280304Sjkim DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); 327280304Sjkim tout0 = tin[0]; 328280304Sjkim tout1 = tin[1]; 32955714Skris 330280304Sjkim l2c(tout0, out); 331280304Sjkim l2c(tout1, out); 332280304Sjkim } 333280304Sjkim iv = &(*ivec)[0]; 334280304Sjkim l2c(tout0, iv); 335280304Sjkim l2c(tout1, iv); 336280304Sjkim } else { 337280304Sjkim register DES_LONG t0, t1; 33855714Skris 339280304Sjkim c2l(iv, xor0); 340280304Sjkim c2l(iv, xor1); 341280304Sjkim for (l -= 8; l >= 0; l -= 8) { 342280304Sjkim c2l(in, tin0); 343280304Sjkim c2l(in, tin1); 34455714Skris 345280304Sjkim t0 = tin0; 346280304Sjkim t1 = tin1; 34755714Skris 348280304Sjkim tin[0] = tin0; 349280304Sjkim tin[1] = tin1; 350280304Sjkim DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); 351280304Sjkim tout0 = tin[0]; 352280304Sjkim tout1 = tin[1]; 35355714Skris 354280304Sjkim tout0 ^= xor0; 355280304Sjkim tout1 ^= xor1; 356280304Sjkim l2c(tout0, out); 357280304Sjkim l2c(tout1, out); 358280304Sjkim xor0 = t0; 359280304Sjkim xor1 = t1; 360280304Sjkim } 361280304Sjkim if (l != -8) { 362280304Sjkim c2l(in, tin0); 363280304Sjkim c2l(in, tin1); 36455714Skris 365280304Sjkim t0 = tin0; 366280304Sjkim t1 = tin1; 36755714Skris 368280304Sjkim tin[0] = tin0; 369280304Sjkim tin[1] = tin1; 370280304Sjkim DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); 371280304Sjkim tout0 = tin[0]; 372280304Sjkim tout1 = tin[1]; 37355714Skris 374280304Sjkim tout0 ^= xor0; 375280304Sjkim tout1 ^= xor1; 376280304Sjkim l2cn(tout0, tout1, out, l + 8); 377280304Sjkim xor0 = t0; 378280304Sjkim xor1 = t1; 379280304Sjkim } 380280304Sjkim 381280304Sjkim iv = &(*ivec)[0]; 382280304Sjkim l2c(xor0, iv); 383280304Sjkim l2c(xor1, iv); 384280304Sjkim } 385280304Sjkim tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; 386280304Sjkim tin[0] = tin[1] = 0; 387280304Sjkim} 388280304Sjkim 389280304Sjkim#endif /* DES_DEFAULT_OPTIONS */ 390