summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/des/des.c
diff options
context:
space:
mode:
authorjsing <>2024-08-31 15:56:09 +0000
committerjsing <>2024-08-31 15:56:09 +0000
commitf9b9e21742d3301ba7b9599b7dce4b24758771df (patch)
tree5be74158601e3b85e402eb7beaf58bd8a48fccb6 /src/lib/libcrypto/des/des.c
parent3c39830fa152936fa313a77ccae2d45e94a01253 (diff)
downloadopenbsd-f9b9e21742d3301ba7b9599b7dce4b24758771df.tar.gz
openbsd-f9b9e21742d3301ba7b9599b7dce4b24758771df.tar.bz2
openbsd-f9b9e21742d3301ba7b9599b7dce4b24758771df.zip
Combine DES code into a smaller set of files.
Discussed with tb@
Diffstat (limited to 'src/lib/libcrypto/des/des.c')
-rw-r--r--src/lib/libcrypto/des/des.c1022
1 files changed, 1022 insertions, 0 deletions
diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c
new file mode 100644
index 0000000000..113fc4b9f9
--- /dev/null
+++ b/src/lib/libcrypto/des/des.c
@@ -0,0 +1,1022 @@
1/* $OpenBSD: des.c,v 1.9 2024/08/31 15:56:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <endian.h>
60
61#include <openssl/opensslconf.h>
62
63#include "des_local.h"
64
65void
66DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
67 DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
68{
69 DES_LONG tin0, tin1;
70 DES_LONG tout0, tout1, xor0, xor1;
71 long l = length;
72 DES_LONG tin[2];
73 unsigned char *iv;
74
75 iv = &(*ivec)[0];
76
77 if (enc) {
78 c2l(iv, tout0);
79 c2l(iv, tout1);
80 for (l -= 8; l >= 0; l -= 8) {
81 c2l(in, tin0);
82 c2l(in, tin1);
83 tin0 ^= tout0;
84 tin[0] = tin0;
85 tin1 ^= tout1;
86 tin[1] = tin1;
87 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
88 tout0 = tin[0];
89 l2c(tout0, out);
90 tout1 = tin[1];
91 l2c(tout1, out);
92 }
93 if (l != -8) {
94 c2ln(in, tin0, tin1, l + 8);
95 tin0 ^= tout0;
96 tin[0] = tin0;
97 tin1 ^= tout1;
98 tin[1] = tin1;
99 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
100 tout0 = tin[0];
101 l2c(tout0, out);
102 tout1 = tin[1];
103 l2c(tout1, out);
104 }
105 } else {
106 c2l(iv, xor0);
107 c2l(iv, xor1);
108 for (l -= 8; l >= 0; l -= 8) {
109 c2l(in, tin0);
110 tin[0] = tin0;
111 c2l(in, tin1);
112 tin[1] = tin1;
113 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
114 tout0 = tin[0] ^ xor0;
115 tout1 = tin[1] ^ xor1;
116 l2c(tout0, out);
117 l2c(tout1, out);
118 xor0 = tin0;
119 xor1 = tin1;
120 }
121 if (l != -8) {
122 c2l(in, tin0);
123 tin[0] = tin0;
124 c2l(in, tin1);
125 tin[1] = tin1;
126 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
127 tout0 = tin[0] ^ xor0;
128 tout1 = tin[1] ^ xor1;
129 l2cn(tout0, tout1, out, l + 8);
130 }
131 }
132 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
133 tin[0] = tin[1] = 0;
134}
135LCRYPTO_ALIAS(DES_cbc_encrypt);
136
137/* The input and output encrypted as though 64bit cfb mode is being
138 * used. The extra state information to record how much of the
139 * 64bit block we have used is contained in *num;
140 */
141
142void
143DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
144 long length, DES_key_schedule *ks1,
145 DES_key_schedule *ks2, DES_key_schedule *ks3,
146 DES_cblock *ivec, int *num, int enc)
147{
148 DES_LONG v0, v1;
149 long l = length;
150 int n = *num;
151 DES_LONG ti[2];
152 unsigned char *iv, c, cc;
153
154 iv = &(*ivec)[0];
155 if (enc) {
156 while (l--) {
157 if (n == 0) {
158 c2l(iv, v0);
159 c2l(iv, v1);
160
161 ti[0] = v0;
162 ti[1] = v1;
163 DES_encrypt3(ti, ks1, ks2, ks3);
164 v0 = ti[0];
165 v1 = ti[1];
166
167 iv = &(*ivec)[0];
168 l2c(v0, iv);
169 l2c(v1, iv);
170 iv = &(*ivec)[0];
171 }
172 c = *(in++) ^ iv[n];
173 *(out++) = c;
174 iv[n] = c;
175 n = (n + 1) & 0x07;
176 }
177 } else {
178 while (l--) {
179 if (n == 0) {
180 c2l(iv, v0);
181 c2l(iv, v1);
182
183 ti[0] = v0;
184 ti[1] = v1;
185 DES_encrypt3(ti, ks1, ks2, ks3);
186 v0 = ti[0];
187 v1 = ti[1];
188
189 iv = &(*ivec)[0];
190 l2c(v0, iv);
191 l2c(v1, iv);
192 iv = &(*ivec)[0];
193 }
194 cc = *(in++);
195 c = iv[n];
196 iv[n] = cc;
197 *(out++) = c ^ cc;
198 n = (n + 1) & 0x07;
199 }
200 }
201 v0 = v1 = ti[0] = ti[1] = c = cc = 0;
202 *num = n;
203}
204LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt);
205
206/* This is compatible with the single key CFB-r for DES, even thought that's
207 * not what EVP needs.
208 */
209
210void
211DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
212 int numbits, long length, DES_key_schedule *ks1,
213 DES_key_schedule *ks2, DES_key_schedule *ks3,
214 DES_cblock *ivec, int enc)
215{
216 DES_LONG d0, d1, v0, v1;
217 unsigned long l = length, n = ((unsigned int)numbits + 7)/8;
218 int num = numbits, i;
219 DES_LONG ti[2];
220 unsigned char *iv;
221 unsigned char ovec[16];
222
223 if (num > 64)
224 return;
225 iv = &(*ivec)[0];
226 c2l(iv, v0);
227 c2l(iv, v1);
228 if (enc) {
229 while (l >= n) {
230 l -= n;
231 ti[0] = v0;
232 ti[1] = v1;
233 DES_encrypt3(ti, ks1, ks2, ks3);
234 c2ln(in, d0, d1, n);
235 in += n;
236 d0 ^= ti[0];
237 d1 ^= ti[1];
238 l2cn(d0, d1, out, n);
239 out += n;
240 /* 30-08-94 - eay - changed because l>>32 and
241 * l<<32 are bad under gcc :-( */
242 if (num == 32) {
243 v0 = v1;
244 v1 = d0;
245 } else if (num == 64) {
246 v0 = d0;
247 v1 = d1;
248 } else {
249 iv = &ovec[0];
250 l2c(v0, iv);
251 l2c(v1, iv);
252 l2c(d0, iv);
253 l2c(d1, iv);
254 /* shift ovec left most of the bits... */
255 memmove(ovec, ovec + num/8,
256 8 + (num % 8 ? 1 : 0));
257 /* now the remaining bits */
258 if (num % 8 != 0) {
259 for (i = 0; i < 8; ++i) {
260 ovec[i] <<= num % 8;
261 ovec[i] |= ovec[i + 1] >>
262 (8 - num % 8);
263 }
264 }
265 iv = &ovec[0];
266 c2l(iv, v0);
267 c2l(iv, v1);
268 }
269 }
270 } else {
271 while (l >= n) {
272 l -= n;
273 ti[0] = v0;
274 ti[1] = v1;
275 DES_encrypt3(ti, ks1, ks2, ks3);
276 c2ln(in, d0, d1, n);
277 in += n;
278 /* 30-08-94 - eay - changed because l>>32 and
279 * l<<32 are bad under gcc :-( */
280 if (num == 32) {
281 v0 = v1;
282 v1 = d0;
283 } else if (num == 64) {
284 v0 = d0;
285 v1 = d1;
286 } else {
287 iv = &ovec[0];
288 l2c(v0, iv);
289 l2c(v1, iv);
290 l2c(d0, iv);
291 l2c(d1, iv);
292 /* shift ovec left most of the bits... */
293 memmove(ovec, ovec + num/8,
294 8 + (num % 8 ? 1 : 0));
295 /* now the remaining bits */
296 if (num % 8 != 0) {
297 for (i = 0; i < 8; ++i) {
298 ovec[i] <<= num % 8;
299 ovec[i] |= ovec[i + 1] >>
300 (8 - num % 8);
301 }
302 }
303 iv = &ovec[0];
304 c2l(iv, v0);
305 c2l(iv, v1);
306 }
307 d0 ^= ti[0];
308 d1 ^= ti[1];
309 l2cn(d0, d1, out, n);
310 out += n;
311 }
312 }
313 iv = &(*ivec)[0];
314 l2c(v0, iv);
315 l2c(v1, iv);
316 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
317}
318LCRYPTO_ALIAS(DES_ede3_cfb_encrypt);
319
320/* The input and output encrypted as though 64bit cfb mode is being
321 * used. The extra state information to record how much of the
322 * 64bit block we have used is contained in *num;
323 */
324
325void
326DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
327 long length, DES_key_schedule *schedule,
328 DES_cblock *ivec, int *num, int enc)
329{
330 DES_LONG v0, v1;
331 long l = length;
332 int n = *num;
333 DES_LONG ti[2];
334 unsigned char *iv, c, cc;
335
336 iv = &(*ivec)[0];
337 if (enc) {
338 while (l--) {
339 if (n == 0) {
340 c2l(iv, v0);
341 ti[0] = v0;
342 c2l(iv, v1);
343 ti[1] = v1;
344 DES_encrypt1(ti, schedule, DES_ENCRYPT);
345 iv = &(*ivec)[0];
346 v0 = ti[0];
347 l2c(v0, iv);
348 v0 = ti[1];
349 l2c(v0, iv);
350 iv = &(*ivec)[0];
351 }
352 c = *(in++) ^ iv[n];
353 *(out++) = c;
354 iv[n] = c;
355 n = (n + 1) & 0x07;
356 }
357 } else {
358 while (l--) {
359 if (n == 0) {
360 c2l(iv, v0);
361 ti[0] = v0;
362 c2l(iv, v1);
363 ti[1] = v1;
364 DES_encrypt1(ti, schedule, DES_ENCRYPT);
365 iv = &(*ivec)[0];
366 v0 = ti[0];
367 l2c(v0, iv);
368 v0 = ti[1];
369 l2c(v0, iv);
370 iv = &(*ivec)[0];
371 }
372 cc = *(in++);
373 c = iv[n];
374 iv[n] = cc;
375 *(out++) = c ^ cc;
376 n = (n + 1) & 0x07;
377 }
378 }
379 v0 = v1 = ti[0] = ti[1] = c = cc = 0;
380 *num = n;
381}
382LCRYPTO_ALIAS(DES_cfb64_encrypt);
383
384/* The input and output are loaded in multiples of 8 bits.
385 * What this means is that if you hame numbits=12 and length=2
386 * the first 12 bits will be retrieved from the first byte and half
387 * the second. The second 12 bits will come from the 3rd and half the 4th
388 * byte.
389 */
390/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
391 * will not be compatible with any encryption prior to that date. Ben. */
392void
393DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
394 long length, DES_key_schedule *schedule, DES_cblock *ivec,
395 int enc)
396{
397 DES_LONG d0, d1, v0, v1;
398 unsigned long l = length;
399 int num = numbits/8, n = (numbits + 7)/8, i, rem = numbits % 8;
400 DES_LONG ti[2];
401 unsigned char *iv;
402#if BYTE_ORDER != LITTLE_ENDIAN
403 unsigned char ovec[16];
404#else
405 unsigned int sh[4];
406 unsigned char *ovec = (unsigned char *)sh;
407#endif
408
409 if (numbits <= 0 || numbits > 64)
410 return;
411 iv = &(*ivec)[0];
412 c2l(iv, v0);
413 c2l(iv, v1);
414 if (enc) {
415 while (l >= (unsigned long)n) {
416 l -= n;
417 ti[0] = v0;
418 ti[1] = v1;
419 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
420 c2ln(in, d0, d1, n);
421 in += n;
422 d0 ^= ti[0];
423 d1 ^= ti[1];
424 l2cn(d0, d1, out, n);
425 out += n;
426 /* 30-08-94 - eay - changed because l>>32 and
427 * l<<32 are bad under gcc :-( */
428 if (numbits == 32) {
429 v0 = v1;
430 v1 = d0;
431 } else if (numbits == 64) {
432 v0 = d0;
433 v1 = d1;
434 } else {
435#if BYTE_ORDER != LITTLE_ENDIAN
436 iv = &ovec[0];
437 l2c(v0, iv);
438 l2c(v1, iv);
439 l2c(d0, iv);
440 l2c(d1, iv);
441#else
442 sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
443#endif
444 if (rem == 0)
445 memmove(ovec, ovec + num, 8);
446 else
447 for (i = 0; i < 8; ++i)
448 ovec[i] = ovec[i + num] << rem |
449 ovec[i + num + 1] >> (8 -
450 rem);
451#if BYTE_ORDER == LITTLE_ENDIAN
452 v0 = sh[0], v1 = sh[1];
453#else
454 iv = &ovec[0];
455 c2l(iv, v0);
456 c2l(iv, v1);
457#endif
458 }
459 }
460 } else {
461 while (l >= (unsigned long)n) {
462 l -= n;
463 ti[0] = v0;
464 ti[1] = v1;
465 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
466 c2ln(in, d0, d1, n);
467 in += n;
468 /* 30-08-94 - eay - changed because l>>32 and
469 * l<<32 are bad under gcc :-( */
470 if (numbits == 32) {
471 v0 = v1;
472 v1 = d0;
473 } else if (numbits == 64) {
474 v0 = d0;
475 v1 = d1;
476 } else {
477#if BYTE_ORDER != LITTLE_ENDIAN
478 iv = &ovec[0];
479 l2c(v0, iv);
480 l2c(v1, iv);
481 l2c(d0, iv);
482 l2c(d1, iv);
483#else
484 sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
485#endif
486 if (rem == 0)
487 memmove(ovec, ovec + num, 8);
488 else
489 for (i = 0; i < 8; ++i)
490 ovec[i] = ovec[i + num] << rem |
491 ovec[i + num + 1] >> (8 -
492 rem);
493#if BYTE_ORDER == LITTLE_ENDIAN
494 v0 = sh[0], v1 = sh[1];
495#else
496 iv = &ovec[0];
497 c2l(iv, v0);
498 c2l(iv, v1);
499#endif
500 }
501 d0 ^= ti[0];
502 d1 ^= ti[1];
503 l2cn(d0, d1, out, n);
504 out += n;
505 }
506 }
507 iv = &(*ivec)[0];
508 l2c(v0, iv);
509 l2c(v1, iv);
510 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
511}
512LCRYPTO_ALIAS(DES_cfb_encrypt);
513
514void
515DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
516 DES_key_schedule *ks1, DES_key_schedule *ks2,
517 DES_key_schedule *ks3,
518 int enc)
519{
520 DES_LONG l0, l1;
521 DES_LONG ll[2];
522 const unsigned char *in = &(*input)[0];
523 unsigned char *out = &(*output)[0];
524
525 c2l(in, l0);
526 c2l(in, l1);
527 ll[0] = l0;
528 ll[1] = l1;
529 if (enc)
530 DES_encrypt3(ll, ks1, ks2, ks3);
531 else
532 DES_decrypt3(ll, ks1, ks2, ks3);
533 l0 = ll[0];
534 l1 = ll[1];
535 l2c(l0, out);
536 l2c(l1, out);
537}
538LCRYPTO_ALIAS(DES_ecb3_encrypt);
539
540void
541DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
542 DES_key_schedule *ks, int enc)
543{
544 DES_LONG l;
545 DES_LONG ll[2];
546 const unsigned char *in = &(*input)[0];
547 unsigned char *out = &(*output)[0];
548
549 c2l(in, l);
550 ll[0] = l;
551 c2l(in, l);
552 ll[1] = l;
553 DES_encrypt1(ll, ks, enc);
554 l = ll[0];
555 l2c(l, out);
556 l = ll[1];
557 l2c(l, out);
558 l = ll[0] = ll[1] = 0;
559}
560LCRYPTO_ALIAS(DES_ecb_encrypt);
561
562/*
563
564This is an implementation of Triple DES Cipher Block Chaining with Output
565Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
566
567Note that there is a known attack on this by Biham and Knudsen but it takes
568a lot of work:
569
570http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
571
572*/
573
574#ifndef OPENSSL_NO_DESCBCM
575void
576DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
577 long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
578 DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
579 int enc)
580{
581 DES_LONG tin0, tin1;
582 DES_LONG tout0, tout1, xor0, xor1, m0, m1;
583 long l = length;
584 DES_LONG tin[2];
585 unsigned char *iv1, *iv2;
586
587 iv1 = &(*ivec1)[0];
588 iv2 = &(*ivec2)[0];
589
590 if (enc) {
591 c2l(iv1, m0);
592 c2l(iv1, m1);
593 c2l(iv2, tout0);
594 c2l(iv2, tout1);
595 for (l -= 8; l >= -7; l -= 8) {
596 tin[0] = m0;
597 tin[1] = m1;
598 DES_encrypt1(tin, ks3, 1);
599 m0 = tin[0];
600 m1 = tin[1];
601
602 if (l < 0) {
603 c2ln(in, tin0, tin1, l + 8);
604 } else {
605 c2l(in, tin0);
606 c2l(in, tin1);
607 }
608 tin0 ^= tout0;
609 tin1 ^= tout1;
610
611 tin[0] = tin0;
612 tin[1] = tin1;
613 DES_encrypt1(tin, ks1, 1);
614 tin[0] ^= m0;
615 tin[1] ^= m1;
616 DES_encrypt1(tin, ks2, 0);
617 tin[0] ^= m0;
618 tin[1] ^= m1;
619 DES_encrypt1(tin, ks1, 1);
620 tout0 = tin[0];
621 tout1 = tin[1];
622
623 l2c(tout0, out);
624 l2c(tout1, out);
625 }
626 iv1 = &(*ivec1)[0];
627 l2c(m0, iv1);
628 l2c(m1, iv1);
629
630 iv2 = &(*ivec2)[0];
631 l2c(tout0, iv2);
632 l2c(tout1, iv2);
633 } else {
634 DES_LONG t0, t1;
635
636 c2l(iv1, m0);
637 c2l(iv1, m1);
638 c2l(iv2, xor0);
639 c2l(iv2, xor1);
640 for (l -= 8; l >= -7; l -= 8) {
641 tin[0] = m0;
642 tin[1] = m1;
643 DES_encrypt1(tin, ks3, 1);
644 m0 = tin[0];
645 m1 = tin[1];
646
647 c2l(in, tin0);
648 c2l(in, tin1);
649
650 t0 = tin0;
651 t1 = tin1;
652
653 tin[0] = tin0;
654 tin[1] = tin1;
655 DES_encrypt1(tin, ks1, 0);
656 tin[0] ^= m0;
657 tin[1] ^= m1;
658 DES_encrypt1(tin, ks2, 1);
659 tin[0] ^= m0;
660 tin[1] ^= m1;
661 DES_encrypt1(tin, ks1, 0);
662 tout0 = tin[0];
663 tout1 = tin[1];
664
665 tout0 ^= xor0;
666 tout1 ^= xor1;
667 if (l < 0) {
668 l2cn(tout0, tout1, out, l + 8);
669 } else {
670 l2c(tout0, out);
671 l2c(tout1, out);
672 }
673 xor0 = t0;
674 xor1 = t1;
675 }
676
677 iv1 = &(*ivec1)[0];
678 l2c(m0, iv1);
679 l2c(m1, iv1);
680
681 iv2 = &(*ivec2)[0];
682 l2c(xor0, iv2);
683 l2c(xor1, iv2);
684 }
685 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
686 tin[0] = tin[1] = 0;
687}
688LCRYPTO_ALIAS(DES_ede3_cbcm_encrypt);
689#endif
690
691/* The input and output encrypted as though 64bit ofb mode is being
692 * used. The extra state information to record how much of the
693 * 64bit block we have used is contained in *num;
694 */
695void
696DES_ede3_ofb64_encrypt(const unsigned char *in,
697 unsigned char *out, long length,
698 DES_key_schedule *k1, DES_key_schedule *k2,
699 DES_key_schedule *k3, DES_cblock *ivec,
700 int *num)
701{
702 DES_LONG v0, v1;
703 int n = *num;
704 long l = length;
705 DES_cblock d;
706 char *dp;
707 DES_LONG ti[2];
708 unsigned char *iv;
709 int save = 0;
710
711 iv = &(*ivec)[0];
712 c2l(iv, v0);
713 c2l(iv, v1);
714 ti[0] = v0;
715 ti[1] = v1;
716 dp = (char *)d;
717 l2c(v0, dp);
718 l2c(v1, dp);
719 while (l--) {
720 if (n == 0) {
721 /* ti[0]=v0; */
722 /* ti[1]=v1; */
723 DES_encrypt3(ti, k1, k2, k3);
724 v0 = ti[0];
725 v1 = ti[1];
726
727 dp = (char *)d;
728 l2c(v0, dp);
729 l2c(v1, dp);
730 save++;
731 }
732 *(out++) = *(in++) ^ d[n];
733 n = (n + 1) & 0x07;
734 }
735 if (save) {
736 iv = &(*ivec)[0];
737 l2c(v0, iv);
738 l2c(v1, iv);
739 }
740 v0 = v1 = ti[0] = ti[1] = 0;
741 *num = n;
742}
743LCRYPTO_ALIAS(DES_ede3_ofb64_encrypt);
744
745/* The input and output encrypted as though 64bit ofb mode is being
746 * used. The extra state information to record how much of the
747 * 64bit block we have used is contained in *num;
748 */
749void
750DES_ofb64_encrypt(const unsigned char *in,
751 unsigned char *out, long length,
752 DES_key_schedule *schedule, DES_cblock *ivec, int *num)
753{
754 DES_LONG v0, v1, t;
755 int n = *num;
756 long l = length;
757 DES_cblock d;
758 unsigned char *dp;
759 DES_LONG ti[2];
760 unsigned char *iv;
761 int save = 0;
762
763 iv = &(*ivec)[0];
764 c2l(iv, v0);
765 c2l(iv, v1);
766 ti[0] = v0;
767 ti[1] = v1;
768 dp = d;
769 l2c(v0, dp);
770 l2c(v1, dp);
771 while (l--) {
772 if (n == 0) {
773 DES_encrypt1(ti, schedule, DES_ENCRYPT);
774 dp = d;
775 t = ti[0];
776 l2c(t, dp);
777 t = ti[1];
778 l2c(t, dp);
779 save++;
780 }
781 *(out++) = *(in++) ^ d[n];
782 n = (n + 1) & 0x07;
783 }
784 if (save) {
785 v0 = ti[0];
786 v1 = ti[1];
787 iv = &(*ivec)[0];
788 l2c(v0, iv);
789 l2c(v1, iv);
790 }
791 t = v0 = v1 = ti[0] = ti[1] = 0;
792 *num = n;
793}
794LCRYPTO_ALIAS(DES_ofb64_encrypt);
795
796/* The input and output are loaded in multiples of 8 bits.
797 * What this means is that if you hame numbits=12 and length=2
798 * the first 12 bits will be retrieved from the first byte and half
799 * the second. The second 12 bits will come from the 3rd and half the 4th
800 * byte.
801 */
802void
803DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
804 long length, DES_key_schedule *schedule,
805 DES_cblock *ivec)
806{
807 DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7)/8;
808 DES_LONG mask0, mask1;
809 long l = length;
810 int num = numbits;
811 DES_LONG ti[2];
812 unsigned char *iv;
813
814 if (num > 64)
815 return;
816 if (num > 32) {
817 mask0 = 0xffffffffL;
818 if (num >= 64)
819 mask1 = mask0;
820 else
821 mask1 = (1L << (num - 32)) - 1;
822 } else {
823 if (num == 32)
824 mask0 = 0xffffffffL;
825 else
826 mask0 = (1L << num) - 1;
827 mask1 = 0x00000000L;
828 }
829
830 iv = &(*ivec)[0];
831 c2l(iv, v0);
832 c2l(iv, v1);
833 ti[0] = v0;
834 ti[1] = v1;
835 while (l-- > 0) {
836 ti[0] = v0;
837 ti[1] = v1;
838 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
839 vv0 = ti[0];
840 vv1 = ti[1];
841 c2ln(in, d0, d1, n);
842 in += n;
843 d0 = (d0 ^ vv0) & mask0;
844 d1 = (d1 ^ vv1) & mask1;
845 l2cn(d0, d1, out, n);
846 out += n;
847
848 if (num == 32) {
849 v0 = v1;
850 v1 = vv0;
851 } else if (num == 64) {
852 v0 = vv0;
853 v1 = vv1;
854 } else if (num > 32) { /* && num != 64 */
855 v0 = ((v1 >> (num - 32))|(vv0 << (64 - num))) &
856 0xffffffffL;
857 v1 = ((vv0 >> (num - 32))|(vv1 << (64 - num))) &
858 0xffffffffL;
859 } else /* num < 32 */ {
860 v0 = ((v0 >> num)|(v1 << (32 - num))) & 0xffffffffL;
861 v1 = ((v1 >> num)|(vv0 << (32 - num))) & 0xffffffffL;
862 }
863 }
864 iv = &(*ivec)[0];
865 l2c(v0, iv);
866 l2c(v1, iv);
867 v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
868}
869LCRYPTO_ALIAS(DES_ofb_encrypt);
870
871void
872DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
873 long length, DES_key_schedule *schedule,
874 DES_cblock *ivec, int enc)
875{
876 DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
877 DES_LONG tin[2];
878 const unsigned char *in;
879 unsigned char *out, *iv;
880
881 in = input;
882 out = output;
883 iv = &(*ivec)[0];
884
885 if (enc) {
886 c2l(iv, xor0);
887 c2l(iv, xor1);
888 for (; length > 0; length -= 8) {
889 if (length >= 8) {
890 c2l(in, sin0);
891 c2l(in, sin1);
892 } else
893 c2ln(in, sin0, sin1, length);
894 tin[0] = sin0 ^ xor0;
895 tin[1] = sin1 ^ xor1;
896 DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
897 tout0 = tin[0];
898 tout1 = tin[1];
899 xor0 = sin0 ^ tout0;
900 xor1 = sin1 ^ tout1;
901 l2c(tout0, out);
902 l2c(tout1, out);
903 }
904 } else {
905 c2l(iv, xor0);
906 c2l(iv, xor1);
907 for (; length > 0; length -= 8) {
908 c2l(in, sin0);
909 c2l(in, sin1);
910 tin[0] = sin0;
911 tin[1] = sin1;
912 DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
913 tout0 = tin[0] ^ xor0;
914 tout1 = tin[1] ^ xor1;
915 if (length >= 8) {
916 l2c(tout0, out);
917 l2c(tout1, out);
918 } else
919 l2cn(tout0, tout1, out, length);
920 xor0 = tout0 ^ sin0;
921 xor1 = tout1 ^ sin1;
922 }
923 }
924 tin[0] = tin[1] = 0;
925 sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
926}
927LCRYPTO_ALIAS(DES_pcbc_encrypt);
928
929/* RSA's DESX */
930
931void
932DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
933 long length, DES_key_schedule *schedule,
934 DES_cblock *ivec, const_DES_cblock *inw,
935 const_DES_cblock *outw, int enc)
936{
937 DES_LONG tin0, tin1;
938 DES_LONG tout0, tout1, xor0, xor1;
939 DES_LONG inW0, inW1, outW0, outW1;
940 const unsigned char *in2;
941 long l = length;
942 DES_LONG tin[2];
943 unsigned char *iv;
944
945 in2 = &(*inw)[0];
946 c2l(in2, inW0);
947 c2l(in2, inW1);
948 in2 = &(*outw)[0];
949 c2l(in2, outW0);
950 c2l(in2, outW1);
951
952 iv = &(*ivec)[0];
953
954 if (enc) {
955 c2l(iv, tout0);
956 c2l(iv, tout1);
957 for (l -= 8; l >= 0; l -= 8) {
958 c2l(in, tin0);
959 c2l(in, tin1);
960 tin0 ^= tout0 ^ inW0;
961 tin[0] = tin0;
962 tin1 ^= tout1 ^ inW1;
963 tin[1] = tin1;
964 DES_encrypt1(tin, schedule, DES_ENCRYPT);
965 tout0 = tin[0] ^ outW0;
966 l2c(tout0, out);
967 tout1 = tin[1] ^ outW1;
968 l2c(tout1, out);
969 }
970 if (l != -8) {
971 c2ln(in, tin0, tin1, l + 8);
972 tin0 ^= tout0 ^ inW0;
973 tin[0] = tin0;
974 tin1 ^= tout1 ^ inW1;
975 tin[1] = tin1;
976 DES_encrypt1(tin, schedule, DES_ENCRYPT);
977 tout0 = tin[0] ^ outW0;
978 l2c(tout0, out);
979 tout1 = tin[1] ^ outW1;
980 l2c(tout1, out);
981 }
982 iv = &(*ivec)[0];
983 l2c(tout0, iv);
984 l2c(tout1, iv);
985 } else {
986 c2l(iv, xor0);
987 c2l(iv, xor1);
988 for (l -= 8; l > 0; l -= 8) {
989 c2l(in, tin0);
990 tin[0] = tin0 ^ outW0;
991 c2l(in, tin1);
992 tin[1] = tin1 ^ outW1;
993 DES_encrypt1(tin, schedule, DES_DECRYPT);
994 tout0 = tin[0] ^ xor0 ^ inW0;
995 tout1 = tin[1] ^ xor1 ^ inW1;
996 l2c(tout0, out);
997 l2c(tout1, out);
998 xor0 = tin0;
999 xor1 = tin1;
1000 }
1001 if (l != -8) {
1002 c2l(in, tin0);
1003 tin[0] = tin0 ^ outW0;
1004 c2l(in, tin1);
1005 tin[1] = tin1 ^ outW1;
1006 DES_encrypt1(tin, schedule, DES_DECRYPT);
1007 tout0 = tin[0] ^ xor0 ^ inW0;
1008 tout1 = tin[1] ^ xor1 ^ inW1;
1009 l2cn(tout0, tout1, out, l + 8);
1010 xor0 = tin0;
1011 xor1 = tin1;
1012 }
1013
1014 iv = &(*ivec)[0];
1015 l2c(xor0, iv);
1016 l2c(xor1, iv);
1017 }
1018 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
1019 inW0 = inW1 = outW0 = outW1 = 0;
1020 tin[0] = tin[1] = 0;
1021}
1022LCRYPTO_ALIAS(DES_xcbc_encrypt);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:22:45 +0000