155714Skris/* ede_cbcm_enc.c */ 2280304Sjkim/* 3280304Sjkim * Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL project 13 Feb 4280304Sjkim * 1999. 555714Skris */ 655714Skris/* ==================================================================== 755714Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 855714Skris * 955714Skris * Redistribution and use in source and binary forms, with or without 1055714Skris * modification, are permitted provided that the following conditions 1155714Skris * are met: 1255714Skris * 1355714Skris * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 1555714Skris * 1655714Skris * 2. Redistributions in binary form must reproduce the above copyright 1755714Skris * notice, this list of conditions and the following disclaimer in 1855714Skris * the documentation and/or other materials provided with the 1955714Skris * distribution. 2055714Skris * 2155714Skris * 3. All advertising materials mentioning features or use of this 2255714Skris * software must display the following acknowledgment: 2355714Skris * "This product includes software developed by the OpenSSL Project 2455714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2555714Skris * 2655714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2755714Skris * endorse or promote products derived from this software without 2855714Skris * prior written permission. For written permission, please contact 2955714Skris * licensing@OpenSSL.org. 3055714Skris * 3155714Skris * 5. Products derived from this software may not be called "OpenSSL" 3255714Skris * nor may "OpenSSL" appear in their names without prior written 3355714Skris * permission of the OpenSSL Project. 3455714Skris * 3555714Skris * 6. Redistributions of any form whatsoever must retain the following 3655714Skris * acknowledgment: 3755714Skris * "This product includes software developed by the OpenSSL Project 3855714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3955714Skris * 4055714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4155714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4255714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4355714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4455714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4555714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4655714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4755714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4955714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5055714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5155714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5255714Skris * ==================================================================== 5355714Skris * 5455714Skris * This product includes cryptographic software written by Eric Young 5555714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5655714Skris * Hudson (tjh@cryptsoft.com). 5755714Skris * 5855714Skris */ 5955714Skris 6055714Skris/* 61280304Sjkim * 62280304Sjkim * This is an implementation of Triple DES Cipher Block Chaining with Output 63280304Sjkim * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). 64280304Sjkim * 65280304Sjkim * Note that there is a known attack on this by Biham and Knudsen but it 66280304Sjkim * takes a lot of work: 67280304Sjkim * 68280304Sjkim * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz 69280304Sjkim * 70280304Sjkim */ 7155714Skris 72160814Ssimon#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */ 73160814Ssimon 74109998Smarkm#ifndef OPENSSL_NO_DESCBCM 75280304Sjkim# include "des_locl.h" 7655714Skris 77109998Smarkmvoid DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 78280304Sjkim long length, DES_key_schedule *ks1, 79280304Sjkim DES_key_schedule *ks2, DES_key_schedule *ks3, 80280304Sjkim DES_cblock *ivec1, DES_cblock *ivec2, int enc) 81280304Sjkim{ 82280304Sjkim register DES_LONG tin0, tin1; 83280304Sjkim register DES_LONG tout0, tout1, xor0, xor1, m0, m1; 84280304Sjkim register long l = length; 8555714Skris DES_LONG tin[2]; 86280304Sjkim unsigned char *iv1, *iv2; 8755714Skris 8855714Skris iv1 = &(*ivec1)[0]; 8955714Skris iv2 = &(*ivec2)[0]; 9055714Skris 91280304Sjkim if (enc) { 92280304Sjkim c2l(iv1, m0); 93280304Sjkim c2l(iv1, m1); 94280304Sjkim c2l(iv2, tout0); 95280304Sjkim c2l(iv2, tout1); 96280304Sjkim for (l -= 8; l >= -7; l -= 8) { 97280304Sjkim tin[0] = m0; 98280304Sjkim tin[1] = m1; 99280304Sjkim DES_encrypt1(tin, ks3, 1); 100280304Sjkim m0 = tin[0]; 101280304Sjkim m1 = tin[1]; 10255714Skris 103280304Sjkim if (l < 0) { 104280304Sjkim c2ln(in, tin0, tin1, l + 8); 105280304Sjkim } else { 106280304Sjkim c2l(in, tin0); 107280304Sjkim c2l(in, tin1); 108280304Sjkim } 109280304Sjkim tin0 ^= tout0; 110280304Sjkim tin1 ^= tout1; 11155714Skris 112280304Sjkim tin[0] = tin0; 113280304Sjkim tin[1] = tin1; 114280304Sjkim DES_encrypt1(tin, ks1, 1); 115280304Sjkim tin[0] ^= m0; 116280304Sjkim tin[1] ^= m1; 117280304Sjkim DES_encrypt1(tin, ks2, 0); 118280304Sjkim tin[0] ^= m0; 119280304Sjkim tin[1] ^= m1; 120280304Sjkim DES_encrypt1(tin, ks1, 1); 121280304Sjkim tout0 = tin[0]; 122280304Sjkim tout1 = tin[1]; 12355714Skris 124280304Sjkim l2c(tout0, out); 125280304Sjkim l2c(tout1, out); 126280304Sjkim } 127280304Sjkim iv1 = &(*ivec1)[0]; 128280304Sjkim l2c(m0, iv1); 129280304Sjkim l2c(m1, iv1); 13055714Skris 131280304Sjkim iv2 = &(*ivec2)[0]; 132280304Sjkim l2c(tout0, iv2); 133280304Sjkim l2c(tout1, iv2); 134280304Sjkim } else { 135280304Sjkim register DES_LONG t0, t1; 13655714Skris 137280304Sjkim c2l(iv1, m0); 138280304Sjkim c2l(iv1, m1); 139280304Sjkim c2l(iv2, xor0); 140280304Sjkim c2l(iv2, xor1); 141280304Sjkim for (l -= 8; l >= -7; l -= 8) { 142280304Sjkim tin[0] = m0; 143280304Sjkim tin[1] = m1; 144280304Sjkim DES_encrypt1(tin, ks3, 1); 145280304Sjkim m0 = tin[0]; 146280304Sjkim m1 = tin[1]; 14755714Skris 148280304Sjkim c2l(in, tin0); 149280304Sjkim c2l(in, tin1); 15055714Skris 151280304Sjkim t0 = tin0; 152280304Sjkim t1 = tin1; 15355714Skris 154280304Sjkim tin[0] = tin0; 155280304Sjkim tin[1] = tin1; 156280304Sjkim DES_encrypt1(tin, ks1, 0); 157280304Sjkim tin[0] ^= m0; 158280304Sjkim tin[1] ^= m1; 159280304Sjkim DES_encrypt1(tin, ks2, 1); 160280304Sjkim tin[0] ^= m0; 161280304Sjkim tin[1] ^= m1; 162280304Sjkim DES_encrypt1(tin, ks1, 0); 163280304Sjkim tout0 = tin[0]; 164280304Sjkim tout1 = tin[1]; 16555714Skris 166280304Sjkim tout0 ^= xor0; 167280304Sjkim tout1 ^= xor1; 168280304Sjkim if (l < 0) { 169280304Sjkim l2cn(tout0, tout1, out, l + 8); 170280304Sjkim } else { 171280304Sjkim l2c(tout0, out); 172280304Sjkim l2c(tout1, out); 173280304Sjkim } 174280304Sjkim xor0 = t0; 175280304Sjkim xor1 = t1; 176280304Sjkim } 17755714Skris 178280304Sjkim iv1 = &(*ivec1)[0]; 179280304Sjkim l2c(m0, iv1); 180280304Sjkim l2c(m1, iv1); 18155714Skris 182280304Sjkim iv2 = &(*ivec2)[0]; 183280304Sjkim l2c(xor0, iv2); 184280304Sjkim l2c(xor1, iv2); 18555714Skris } 186280304Sjkim tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; 187280304Sjkim tin[0] = tin[1] = 0; 188280304Sjkim} 18955714Skris#endif 190