155714Skris/* crypto/des/xcbc_enc.c */
255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
355714Skris * All rights reserved.
455714Skris *
555714Skris * This package is an SSL implementation written
655714Skris * by Eric Young (eay@cryptsoft.com).
755714Skris * The implementation was written so as to conform with Netscapes SSL.
8296465Sdelphij *
955714Skris * This library is free for commercial and non-commercial use as long as
1055714Skris * the following conditions are aheared to.  The following conditions
1155714Skris * apply to all code found in this distribution, be it the RC4, RSA,
1255714Skris * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1355714Skris * included with this distribution is covered by the same copyright terms
1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15296465Sdelphij *
1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in
1755714Skris * the code are not to be removed.
1855714Skris * If this package is used in a product, Eric Young should be given attribution
1955714Skris * as the author of the parts of the library used.
2055714Skris * This can be in the form of a textual message at program startup or
2155714Skris * in documentation (online or textual) provided with the package.
22296465Sdelphij *
2355714Skris * Redistribution and use in source and binary forms, with or without
2455714Skris * modification, are permitted provided that the following conditions
2555714Skris * are met:
2655714Skris * 1. Redistributions of source code must retain the copyright
2755714Skris *    notice, this list of conditions and the following disclaimer.
2855714Skris * 2. Redistributions in binary form must reproduce the above copyright
2955714Skris *    notice, this list of conditions and the following disclaimer in the
3055714Skris *    documentation and/or other materials provided with the distribution.
3155714Skris * 3. All advertising materials mentioning features or use of this software
3255714Skris *    must display the following acknowledgement:
3355714Skris *    "This product includes cryptographic software written by
3455714Skris *     Eric Young (eay@cryptsoft.com)"
3555714Skris *    The word 'cryptographic' can be left out if the rouines from the library
3655714Skris *    being used are not cryptographic related :-).
37296465Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from
3855714Skris *    the apps directory (application code) you must include an acknowledgement:
3955714Skris *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40296465Sdelphij *
4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4455714Skris * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5155714Skris * SUCH DAMAGE.
52296465Sdelphij *
5355714Skris * The licence and distribution terms for any publically available version or
5455714Skris * derivative of this code cannot be changed.  i.e. this code cannot simply be
5555714Skris * copied and put under another distribution licence
5655714Skris * [including the GNU Public Licence.]
5755714Skris */
5855714Skris
5955714Skris#include "des_locl.h"
6055714Skris
6155714Skris/* RSA's DESX */
6255714Skris
63296465Sdelphij#if 0                           /* broken code, preserved just in case anyone
64296465Sdelphij                                 * specifically looks for this */
65296465Sdelphijstatic unsigned char desx_white_in2out[256] = {
66296465Sdelphij    0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
67296465Sdelphij    0x1B, 0x33, 0xFD, 0xD0,
68296465Sdelphij    0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B,
69296465Sdelphij    0x31, 0xBB, 0x21, 0x5A,
70296465Sdelphij    0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3,
71296465Sdelphij    0x27, 0x5F, 0x80, 0x36,
72296465Sdelphij    0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
73296465Sdelphij    0xA6, 0x3F, 0xD8, 0x0C,
74296465Sdelphij    0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7,
75296465Sdelphij    0xE8, 0x07, 0xB8, 0x60,
76296465Sdelphij    0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E,
77296465Sdelphij    0x86, 0x00, 0x84, 0xFA,
78296465Sdelphij    0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
79296465Sdelphij    0xBA, 0x3C, 0x06, 0x4E,
80296465Sdelphij    0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71,
81296465Sdelphij    0x74, 0xD3, 0xE4, 0xBF,
82296465Sdelphij    0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03,
83296465Sdelphij    0x79, 0x89, 0x62, 0xC6,
84296465Sdelphij    0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
85296465Sdelphij    0x75, 0xD5, 0x61, 0xE3,
86296465Sdelphij    0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57,
87296465Sdelphij    0x63, 0xCA, 0x3D, 0x6C,
88296465Sdelphij    0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F,
89296465Sdelphij    0x58, 0xE0, 0x01, 0xE2,
90296465Sdelphij    0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
91296465Sdelphij    0x82, 0xF9, 0x40, 0xB5,
92296465Sdelphij    0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28,
93296465Sdelphij    0xAA, 0x98, 0x9D, 0xA5,
94296465Sdelphij    0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E,
95296465Sdelphij    0xDD, 0x76, 0x5C, 0x2F,
96296465Sdelphij    0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
97296465Sdelphij    0x4C, 0xFF, 0x43, 0xAB,
98296465Sdelphij};
9955714Skris
100109998Smarkmvoid DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
101296465Sdelphij                       DES_cblock *out_white)
102296465Sdelphij{
103296465Sdelphij    int out0, out1;
104296465Sdelphij    int i;
105296465Sdelphij    const unsigned char *key = &(*des_key)[0];
106296465Sdelphij    const unsigned char *in = &(*in_white)[0];
107296465Sdelphij    unsigned char *out = &(*out_white)[0];
10855714Skris
109296465Sdelphij    out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0;
110296465Sdelphij    out0 = out1 = 0;
111296465Sdelphij    for (i = 0; i < 8; i++) {
112296465Sdelphij        out[i] = key[i] ^ desx_white_in2out[out0 ^ out1];
113296465Sdelphij        out0 = out1;
114296465Sdelphij        out1 = (int)out[i & 0x07];
115296465Sdelphij    }
11655714Skris
117296465Sdelphij    out0 = out[0];
118296465Sdelphij    out1 = out[i];              /* BUG: out-of-bounds read */
119296465Sdelphij    for (i = 0; i < 8; i++) {
120296465Sdelphij        out[i] = in[i] ^ desx_white_in2out[out0 ^ out1];
121296465Sdelphij        out0 = out1;
122296465Sdelphij        out1 = (int)out[i & 0x07];
123296465Sdelphij    }
124296465Sdelphij}
125194206Ssimon#endif
12655714Skris
127109998Smarkmvoid DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
128296465Sdelphij                      long length, DES_key_schedule *schedule,
129296465Sdelphij                      DES_cblock *ivec, const_DES_cblock *inw,
130296465Sdelphij                      const_DES_cblock *outw, int enc)
131296465Sdelphij{
132296465Sdelphij    register DES_LONG tin0, tin1;
133296465Sdelphij    register DES_LONG tout0, tout1, xor0, xor1;
134296465Sdelphij    register DES_LONG inW0, inW1, outW0, outW1;
135296465Sdelphij    register const unsigned char *in2;
136296465Sdelphij    register long l = length;
137296465Sdelphij    DES_LONG tin[2];
138296465Sdelphij    unsigned char *iv;
13955714Skris
140296465Sdelphij    in2 = &(*inw)[0];
141296465Sdelphij    c2l(in2, inW0);
142296465Sdelphij    c2l(in2, inW1);
143296465Sdelphij    in2 = &(*outw)[0];
144296465Sdelphij    c2l(in2, outW0);
145296465Sdelphij    c2l(in2, outW1);
14655714Skris
147296465Sdelphij    iv = &(*ivec)[0];
14855714Skris
149296465Sdelphij    if (enc) {
150296465Sdelphij        c2l(iv, tout0);
151296465Sdelphij        c2l(iv, tout1);
152296465Sdelphij        for (l -= 8; l >= 0; l -= 8) {
153296465Sdelphij            c2l(in, tin0);
154296465Sdelphij            c2l(in, tin1);
155296465Sdelphij            tin0 ^= tout0 ^ inW0;
156296465Sdelphij            tin[0] = tin0;
157296465Sdelphij            tin1 ^= tout1 ^ inW1;
158296465Sdelphij            tin[1] = tin1;
159296465Sdelphij            DES_encrypt1(tin, schedule, DES_ENCRYPT);
160296465Sdelphij            tout0 = tin[0] ^ outW0;
161296465Sdelphij            l2c(tout0, out);
162296465Sdelphij            tout1 = tin[1] ^ outW1;
163296465Sdelphij            l2c(tout1, out);
164296465Sdelphij        }
165296465Sdelphij        if (l != -8) {
166296465Sdelphij            c2ln(in, tin0, tin1, l + 8);
167296465Sdelphij            tin0 ^= tout0 ^ inW0;
168296465Sdelphij            tin[0] = tin0;
169296465Sdelphij            tin1 ^= tout1 ^ inW1;
170296465Sdelphij            tin[1] = tin1;
171296465Sdelphij            DES_encrypt1(tin, schedule, DES_ENCRYPT);
172296465Sdelphij            tout0 = tin[0] ^ outW0;
173296465Sdelphij            l2c(tout0, out);
174296465Sdelphij            tout1 = tin[1] ^ outW1;
175296465Sdelphij            l2c(tout1, out);
176296465Sdelphij        }
177296465Sdelphij        iv = &(*ivec)[0];
178296465Sdelphij        l2c(tout0, iv);
179296465Sdelphij        l2c(tout1, iv);
180296465Sdelphij    } else {
181296465Sdelphij        c2l(iv, xor0);
182296465Sdelphij        c2l(iv, xor1);
183296465Sdelphij        for (l -= 8; l > 0; l -= 8) {
184296465Sdelphij            c2l(in, tin0);
185296465Sdelphij            tin[0] = tin0 ^ outW0;
186296465Sdelphij            c2l(in, tin1);
187296465Sdelphij            tin[1] = tin1 ^ outW1;
188296465Sdelphij            DES_encrypt1(tin, schedule, DES_DECRYPT);
189296465Sdelphij            tout0 = tin[0] ^ xor0 ^ inW0;
190296465Sdelphij            tout1 = tin[1] ^ xor1 ^ inW1;
191296465Sdelphij            l2c(tout0, out);
192296465Sdelphij            l2c(tout1, out);
193296465Sdelphij            xor0 = tin0;
194296465Sdelphij            xor1 = tin1;
195296465Sdelphij        }
196296465Sdelphij        if (l != -8) {
197296465Sdelphij            c2l(in, tin0);
198296465Sdelphij            tin[0] = tin0 ^ outW0;
199296465Sdelphij            c2l(in, tin1);
200296465Sdelphij            tin[1] = tin1 ^ outW1;
201296465Sdelphij            DES_encrypt1(tin, schedule, DES_DECRYPT);
202296465Sdelphij            tout0 = tin[0] ^ xor0 ^ inW0;
203296465Sdelphij            tout1 = tin[1] ^ xor1 ^ inW1;
204296465Sdelphij            l2cn(tout0, tout1, out, l + 8);
205296465Sdelphij            xor0 = tin0;
206296465Sdelphij            xor1 = tin1;
207296465Sdelphij        }
20855714Skris
209296465Sdelphij        iv = &(*ivec)[0];
210296465Sdelphij        l2c(xor0, iv);
211296465Sdelphij        l2c(xor1, iv);
212296465Sdelphij    }
213296465Sdelphij    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
214296465Sdelphij    inW0 = inW1 = outW0 = outW1 = 0;
215296465Sdelphij    tin[0] = tin[1] = 0;
216296465Sdelphij}
217