summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/des
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
committercvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
commit027351f729b9e837200dae6e1520cda6577ab930 (patch)
treee25a717057aa4529e433fc3b1fac8d4df8db3a5c /src/lib/libcrypto/des
parentaeeae06a79815dc190061534d47236cec09f9e32 (diff)
downloadopenbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.gz
openbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.bz2
openbsd-027351f729b9e837200dae6e1520cda6577ab930.zip
This commit was manufactured by cvs2git to create branch 'unlabeled-1.1.1'.
Diffstat (limited to 'src/lib/libcrypto/des')
-rw-r--r--src/lib/libcrypto/des/des.h249
-rw-r--r--src/lib/libcrypto/des/des_locl.h408
-rw-r--r--src/lib/libcrypto/des/ede_cbcm_enc.c197
3 files changed, 854 insertions, 0 deletions
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
new file mode 100644
index 0000000000..67f90aaf17
--- /dev/null
+++ b/src/lib/libcrypto/des/des.h
@@ -0,0 +1,249 @@
1/* crypto/des/des.h */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DES_H
60#define HEADER_DES_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#ifdef NO_DES
67#error DES is disabled.
68#endif
69
70#ifdef _KERBEROS_DES_H
71#error <openssl/des.h> replaces <kerberos/des.h>.
72#endif
73
74#include <stdio.h>
75#include <openssl/opensslconf.h> /* DES_LONG */
76#include <openssl/e_os2.h> /* OPENSSL_EXTERN */
77
78typedef unsigned char des_cblock[8];
79typedef /* const */ unsigned char const_des_cblock[8];
80/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
81 * and const_des_cblock * are incompatible pointer types.
82 * I haven't seen that warning on other systems ... I'll look
83 * what the standard says. */
84
85
86typedef struct des_ks_struct
87 {
88 union {
89 des_cblock cblock;
90 /* make sure things are correct size on machines with
91 * 8 byte longs */
92 DES_LONG deslong[2];
93 } ks;
94 int weak_key;
95 } des_key_schedule[16];
96
97#define DES_KEY_SZ (sizeof(des_cblock))
98#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
99
100#define DES_ENCRYPT 1
101#define DES_DECRYPT 0
102
103#define DES_CBC_MODE 0
104#define DES_PCBC_MODE 1
105
106#define des_ecb2_encrypt(i,o,k1,k2,e) \
107 des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
108
109#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
110 des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
111
112#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
113 des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
114
115#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
116 des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
117
118OPENSSL_EXTERN int des_check_key; /* defaults to false */
119OPENSSL_EXTERN int des_rw_mode; /* defaults to DES_PCBC_MODE */
120OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */
121
122const char *des_options(void);
123void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
124 des_key_schedule ks1,des_key_schedule ks2,
125 des_key_schedule ks3, int enc);
126DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
127 long length,des_key_schedule schedule,
128 const_des_cblock *ivec);
129/* des_cbc_encrypt does not update the IV! Use des_ncbc_encrypt instead. */
130void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
131 long length,des_key_schedule schedule,des_cblock *ivec,
132 int enc);
133void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
134 long length,des_key_schedule schedule,des_cblock *ivec,
135 int enc);
136void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
137 long length,des_key_schedule schedule,des_cblock *ivec,
138 const_des_cblock *inw,const_des_cblock *outw,int enc);
139void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
140 long length,des_key_schedule schedule,des_cblock *ivec,
141 int enc);
142void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
143 des_key_schedule ks,int enc);
144void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
145void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
146void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
147 des_key_schedule ks2, des_key_schedule ks3);
148void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
149 des_key_schedule ks2, des_key_schedule ks3);
150void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,
151 long length,
152 des_key_schedule ks1,des_key_schedule ks2,
153 des_key_schedule ks3,des_cblock *ivec,int enc);
154void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
155 long length,
156 des_key_schedule ks1,des_key_schedule ks2,
157 des_key_schedule ks3,
158 des_cblock *ivec1,des_cblock *ivec2,
159 int enc);
160void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
161 long length,des_key_schedule ks1,
162 des_key_schedule ks2,des_key_schedule ks3,
163 des_cblock *ivec,int *num,int enc);
164void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
165 long length,des_key_schedule ks1,
166 des_key_schedule ks2,des_key_schedule ks3,
167 des_cblock *ivec,int *num);
168
169void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
170 des_cblock *out_white);
171
172int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
173 des_cblock *iv);
174int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
175 des_cblock *iv);
176char *des_fcrypt(const char *buf,const char *salt, char *ret);
177char *des_crypt(const char *buf,const char *salt);
178#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
179char *crypt(const char *buf,const char *salt);
180#endif
181void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
182 long length,des_key_schedule schedule,des_cblock *ivec);
183void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
184 long length,des_key_schedule schedule,des_cblock *ivec,
185 int enc);
186DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
187 long length,int out_count,des_cblock *seed);
188void des_random_seed(des_cblock *key);
189void des_random_key(des_cblock *ret);
190int des_read_password(des_cblock *key,const char *prompt,int verify);
191int des_read_2passwords(des_cblock *key1,des_cblock *key2,
192 const char *prompt,int verify);
193int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
194void des_set_odd_parity(des_cblock *key);
195int des_is_weak_key(const_des_cblock *key);
196int des_set_key(const_des_cblock *key,des_key_schedule schedule);
197int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
198void des_string_to_key(const char *str,des_cblock *key);
199void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
200void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
201 des_key_schedule schedule,des_cblock *ivec,int *num,
202 int enc);
203void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
204 des_key_schedule schedule,des_cblock *ivec,int *num);
205int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
206
207/* Extra functions from Mark Murray <mark@grondar.za> */
208void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
209
210/* The following definitions provide compatibility with the MIT Kerberos
211 * library. The des_key_schedule structure is not binary compatible. */
212
213#define _KERBEROS_DES_H
214
215#define KRBDES_ENCRYPT DES_ENCRYPT
216#define KRBDES_DECRYPT DES_DECRYPT
217
218#ifdef KERBEROS
219# define ENCRYPT DES_ENCRYPT
220# define DECRYPT DES_DECRYPT
221#endif
222
223#ifndef NCOMPAT
224# define C_Block des_cblock
225# define Key_schedule des_key_schedule
226# define KEY_SZ DES_KEY_SZ
227# define string_to_key des_string_to_key
228# define read_pw_string des_read_pw_string
229# define random_key des_random_key
230# define pcbc_encrypt des_pcbc_encrypt
231# define set_key des_set_key
232# define key_sched des_key_sched
233# define ecb_encrypt des_ecb_encrypt
234# define cbc_encrypt des_cbc_encrypt
235# define ncbc_encrypt des_ncbc_encrypt
236# define xcbc_encrypt des_xcbc_encrypt
237# define cbc_cksum des_cbc_cksum
238# define quad_cksum des_quad_cksum
239#endif
240
241typedef des_key_schedule bit_64;
242#define des_fixup_key_parity des_set_odd_parity
243#define des_check_key_parity check_parity
244
245#ifdef __cplusplus
246}
247#endif
248
249#endif
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
new file mode 100644
index 0000000000..d6ea17cb68
--- /dev/null
+++ b/src/lib/libcrypto/des/des_locl.h
@@ -0,0 +1,408 @@
1/* crypto/des/des_locl.h */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DES_LOCL_H
60#define HEADER_DES_LOCL_H
61
62#if defined(WIN32) || defined(WIN16)
63#ifndef MSDOS
64#define MSDOS
65#endif
66#endif
67
68#include <stdio.h>
69#include <stdlib.h>
70
71#include <openssl/opensslconf.h>
72
73#ifndef MSDOS
74#if !defined(VMS) || defined(__DECC)
75#include OPENSSL_UNISTD
76#include <math.h>
77#endif
78#endif
79#include <openssl/des.h>
80
81#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */
82#include <stdlib.h>
83#include <errno.h>
84#include <time.h>
85#include <io.h>
86#endif
87
88#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
89#include <string.h>
90#endif
91
92#define ITERATIONS 16
93#define HALF_ITERATIONS 8
94
95/* used in des_read and des_write */
96#define MAXWRITE (1024*16)
97#define BSIZE (MAXWRITE+4)
98
99#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
100 l|=((DES_LONG)(*((c)++)))<< 8L, \
101 l|=((DES_LONG)(*((c)++)))<<16L, \
102 l|=((DES_LONG)(*((c)++)))<<24L)
103
104/* NOTE - c is not incremented as per c2l */
105#define c2ln(c,l1,l2,n) { \
106 c+=n; \
107 l1=l2=0; \
108 switch (n) { \
109 case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
110 case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
111 case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
112 case 5: l2|=((DES_LONG)(*(--(c)))); \
113 case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
114 case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
115 case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
116 case 1: l1|=((DES_LONG)(*(--(c)))); \
117 } \
118 }
119
120#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
121 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
122 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
123 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
124
125/* replacements for htonl and ntohl since I have no idea what to do
126 * when faced with machines with 8 byte longs. */
127#define HDRSIZE 4
128
129#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
130 l|=((DES_LONG)(*((c)++)))<<16L, \
131 l|=((DES_LONG)(*((c)++)))<< 8L, \
132 l|=((DES_LONG)(*((c)++))))
133
134#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
135 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
136 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
137 *((c)++)=(unsigned char)(((l) )&0xff))
138
139/* NOTE - c is not incremented as per l2c */
140#define l2cn(l1,l2,c,n) { \
141 c+=n; \
142 switch (n) { \
143 case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
144 case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
145 case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
146 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
147 case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
148 case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
149 case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
150 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
151 } \
152 }
153
154#if defined(WIN32)
155#define ROTATE(a,n) (_lrotr(a,n))
156#else
157#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
158#endif
159
160/* Don't worry about the LOAD_DATA() stuff, that is used by
161 * fcrypt() to add it's little bit to the front */
162
163#ifdef DES_FCRYPT
164
165#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
166 { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
167
168#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
169 t=R^(R>>16L); \
170 u=t&E0; t&=E1; \
171 tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
172 tmp=(t<<16); t^=R^s[S+1]; t^=tmp
173#else
174#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
175#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
176 u=R^s[S ]; \
177 t=R^s[S+1]
178#endif
179
180/* The changes to this macro may help or hinder, depending on the
181 * compiler and the achitecture. gcc2 always seems to do well :-).
182 * Inspired by Dana How <how@isl.stanford.edu>
183 * DO NOT use the alternative version on machines with 8 byte longs.
184 * It does not seem to work on the Alpha, even when DES_LONG is 4
185 * bytes, probably an issue of accessing non-word aligned objects :-( */
186#ifdef DES_PTR
187
188/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
189 * is no reason to not xor all the sub items together. This potentially
190 * saves a register since things can be xored directly into L */
191
192#if defined(DES_RISC1) || defined(DES_RISC2)
193#ifdef DES_RISC1
194#define D_ENCRYPT(LL,R,S) { \
195 unsigned int u1,u2,u3; \
196 LOAD_DATA(R,S,u,t,E0,E1,u1); \
197 u2=(int)u>>8L; \
198 u1=(int)u&0xfc; \
199 u2&=0xfc; \
200 t=ROTATE(t,4); \
201 u>>=16L; \
202 LL^= *(const DES_LONG *)(des_SP +u1); \
203 LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
204 u3=(int)(u>>8L); \
205 u1=(int)u&0xfc; \
206 u3&=0xfc; \
207 LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
208 LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
209 u2=(int)t>>8L; \
210 u1=(int)t&0xfc; \
211 u2&=0xfc; \
212 t>>=16L; \
213 LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
214 LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
215 u3=(int)t>>8L; \
216 u1=(int)t&0xfc; \
217 u3&=0xfc; \
218 LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
219 LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
220#endif
221#ifdef DES_RISC2
222#define D_ENCRYPT(LL,R,S) { \
223 unsigned int u1,u2,s1,s2; \
224 LOAD_DATA(R,S,u,t,E0,E1,u1); \
225 u2=(int)u>>8L; \
226 u1=(int)u&0xfc; \
227 u2&=0xfc; \
228 t=ROTATE(t,4); \
229 LL^= *(const DES_LONG *)(des_SP +u1); \
230 LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
231 s1=(int)(u>>16L); \
232 s2=(int)(u>>24L); \
233 s1&=0xfc; \
234 s2&=0xfc; \
235 LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
236 LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
237 u2=(int)t>>8L; \
238 u1=(int)t&0xfc; \
239 u2&=0xfc; \
240 LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
241 LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
242 s1=(int)(t>>16L); \
243 s2=(int)(t>>24L); \
244 s1&=0xfc; \
245 s2&=0xfc; \
246 LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
247 LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
248#endif
249#else
250#define D_ENCRYPT(LL,R,S) { \
251 LOAD_DATA_tmp(R,S,u,t,E0,E1); \
252 t=ROTATE(t,4); \
253 LL^= \
254 *(const DES_LONG *)(des_SP +((u )&0xfc))^ \
255 *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
256 *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
257 *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
258 *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \
259 *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
260 *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
261 *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
262#endif
263
264#else /* original version */
265
266#if defined(DES_RISC1) || defined(DES_RISC2)
267#ifdef DES_RISC1
268#define D_ENCRYPT(LL,R,S) {\
269 unsigned int u1,u2,u3; \
270 LOAD_DATA(R,S,u,t,E0,E1,u1); \
271 u>>=2L; \
272 t=ROTATE(t,6); \
273 u2=(int)u>>8L; \
274 u1=(int)u&0x3f; \
275 u2&=0x3f; \
276 u>>=16L; \
277 LL^=des_SPtrans[0][u1]; \
278 LL^=des_SPtrans[2][u2]; \
279 u3=(int)u>>8L; \
280 u1=(int)u&0x3f; \
281 u3&=0x3f; \
282 LL^=des_SPtrans[4][u1]; \
283 LL^=des_SPtrans[6][u3]; \
284 u2=(int)t>>8L; \
285 u1=(int)t&0x3f; \
286 u2&=0x3f; \
287 t>>=16L; \
288 LL^=des_SPtrans[1][u1]; \
289 LL^=des_SPtrans[3][u2]; \
290 u3=(int)t>>8L; \
291 u1=(int)t&0x3f; \
292 u3&=0x3f; \
293 LL^=des_SPtrans[5][u1]; \
294 LL^=des_SPtrans[7][u3]; }
295#endif
296#ifdef DES_RISC2
297#define D_ENCRYPT(LL,R,S) {\
298 unsigned int u1,u2,s1,s2; \
299 LOAD_DATA(R,S,u,t,E0,E1,u1); \
300 u>>=2L; \
301 t=ROTATE(t,6); \
302 u2=(int)u>>8L; \
303 u1=(int)u&0x3f; \
304 u2&=0x3f; \
305 LL^=des_SPtrans[0][u1]; \
306 LL^=des_SPtrans[2][u2]; \
307 s1=(int)u>>16L; \
308 s2=(int)u>>24L; \
309 s1&=0x3f; \
310 s2&=0x3f; \
311 LL^=des_SPtrans[4][s1]; \
312 LL^=des_SPtrans[6][s2]; \
313 u2=(int)t>>8L; \
314 u1=(int)t&0x3f; \
315 u2&=0x3f; \
316 LL^=des_SPtrans[1][u1]; \
317 LL^=des_SPtrans[3][u2]; \
318 s1=(int)t>>16; \
319 s2=(int)t>>24L; \
320 s1&=0x3f; \
321 s2&=0x3f; \
322 LL^=des_SPtrans[5][s1]; \
323 LL^=des_SPtrans[7][s2]; }
324#endif
325
326#else
327
328#define D_ENCRYPT(LL,R,S) {\
329 LOAD_DATA_tmp(R,S,u,t,E0,E1); \
330 t=ROTATE(t,4); \
331 LL^=\
332 des_SPtrans[0][(u>> 2L)&0x3f]^ \
333 des_SPtrans[2][(u>>10L)&0x3f]^ \
334 des_SPtrans[4][(u>>18L)&0x3f]^ \
335 des_SPtrans[6][(u>>26L)&0x3f]^ \
336 des_SPtrans[1][(t>> 2L)&0x3f]^ \
337 des_SPtrans[3][(t>>10L)&0x3f]^ \
338 des_SPtrans[5][(t>>18L)&0x3f]^ \
339 des_SPtrans[7][(t>>26L)&0x3f]; }
340#endif
341#endif
342
343 /* IP and FP
344 * The problem is more of a geometric problem that random bit fiddling.
345 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
346 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
347 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
348 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
349
350 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
351 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
352 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
353 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
354
355 The output has been subject to swaps of the form
356 0 1 -> 3 1 but the odd and even bits have been put into
357 2 3 2 0
358 different words. The main trick is to remember that
359 t=((l>>size)^r)&(mask);
360 r^=t;
361 l^=(t<<size);
362 can be used to swap and move bits between words.
363
364 So l = 0 1 2 3 r = 16 17 18 19
365 4 5 6 7 20 21 22 23
366 8 9 10 11 24 25 26 27
367 12 13 14 15 28 29 30 31
368 becomes (for size == 2 and mask == 0x3333)
369 t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
370 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
371 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
372 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
373
374 Thanks for hints from Richard Outerbridge - he told me IP&FP
375 could be done in 15 xor, 10 shifts and 5 ands.
376 When I finally started to think of the problem in 2D
377 I first got ~42 operations without xors. When I remembered
378 how to use xors :-) I got it to its final state.
379 */
380#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
381 (b)^=(t),\
382 (a)^=((t)<<(n)))
383
384#define IP(l,r) \
385 { \
386 register DES_LONG tt; \
387 PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
388 PERM_OP(l,r,tt,16,0x0000ffffL); \
389 PERM_OP(r,l,tt, 2,0x33333333L); \
390 PERM_OP(l,r,tt, 8,0x00ff00ffL); \
391 PERM_OP(r,l,tt, 1,0x55555555L); \
392 }
393
394#define FP(l,r) \
395 { \
396 register DES_LONG tt; \
397 PERM_OP(l,r,tt, 1,0x55555555L); \
398 PERM_OP(r,l,tt, 8,0x00ff00ffL); \
399 PERM_OP(l,r,tt, 2,0x33333333L); \
400 PERM_OP(r,l,tt,16,0x0000ffffL); \
401 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
402 }
403
404OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64];
405
406void fcrypt_body(DES_LONG *out,des_key_schedule ks,
407 DES_LONG Eswap0, DES_LONG Eswap1);
408#endif
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c
new file mode 100644
index 0000000000..c53062481d
--- /dev/null
+++ b/src/lib/libcrypto/des/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
1/* ede_cbcm_enc.c */
2/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
3 * project 13 Feb 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/*
60
61This is an implementation of Triple DES Cipher Block Chaining with Output
62Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
63
64Note that there is a known attack on this by Biham and Knudsen but it takes
65a lot of work:
66
67http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
68
69*/
70
71#ifndef NO_DESCBCM
72#include "des_locl.h"
73
74void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
75 long length, des_key_schedule ks1, des_key_schedule ks2,
76 des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
77 int enc)
78 {
79 register DES_LONG tin0,tin1;
80 register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
81 register long l=length;
82 DES_LONG tin[2];
83 unsigned char *iv1,*iv2;
84
85 iv1 = &(*ivec1)[0];
86 iv2 = &(*ivec2)[0];
87
88 if (enc)
89 {
90 c2l(iv1,m0);
91 c2l(iv1,m1);
92 c2l(iv2,tout0);
93 c2l(iv2,tout1);
94 for (l-=8; l>=-7; l-=8)
95 {
96 tin[0]=m0;
97 tin[1]=m1;
98 des_encrypt(tin,ks3,1);
99 m0=tin[0];
100 m1=tin[1];
101
102 if(l < 0)
103 {
104 c2ln(in,tin0,tin1,l+8);
105 }
106 else
107 {
108 c2l(in,tin0);
109 c2l(in,tin1);
110 }
111 tin0^=tout0;
112 tin1^=tout1;
113
114 tin[0]=tin0;
115 tin[1]=tin1;
116 des_encrypt(tin,ks1,1);
117 tin[0]^=m0;
118 tin[1]^=m1;
119 des_encrypt(tin,ks2,0);
120 tin[0]^=m0;
121 tin[1]^=m1;
122 des_encrypt(tin,ks1,1);
123 tout0=tin[0];
124 tout1=tin[1];
125
126 l2c(tout0,out);
127 l2c(tout1,out);
128 }
129 iv1=&(*ivec1)[0];
130 l2c(m0,iv1);
131 l2c(m1,iv1);
132
133 iv2=&(*ivec2)[0];
134 l2c(tout0,iv2);
135 l2c(tout1,iv2);
136 }
137 else
138 {
139 register DES_LONG t0,t1;
140
141 c2l(iv1,m0);
142 c2l(iv1,m1);
143 c2l(iv2,xor0);
144 c2l(iv2,xor1);
145 for (l-=8; l>=-7; l-=8)
146 {
147 tin[0]=m0;
148 tin[1]=m1;
149 des_encrypt(tin,ks3,1);
150 m0=tin[0];
151 m1=tin[1];
152
153 c2l(in,tin0);
154 c2l(in,tin1);
155
156 t0=tin0;
157 t1=tin1;
158
159 tin[0]=tin0;
160 tin[1]=tin1;
161 des_encrypt(tin,ks1,0);
162 tin[0]^=m0;
163 tin[1]^=m1;
164 des_encrypt(tin,ks2,1);
165 tin[0]^=m0;
166 tin[1]^=m1;
167 des_encrypt(tin,ks1,0);
168 tout0=tin[0];
169 tout1=tin[1];
170
171 tout0^=xor0;
172 tout1^=xor1;
173 if(l < 0)
174 {
175 l2cn(tout0,tout1,out,l+8);
176 }
177 else
178 {
179 l2c(tout0,out);
180 l2c(tout1,out);
181 }
182 xor0=t0;
183 xor1=t1;
184 }
185
186 iv1=&(*ivec1)[0];
187 l2c(m0,iv1);
188 l2c(m1,iv1);
189
190 iv2=&(*ivec2)[0];
191 l2c(xor0,iv2);
192 l2c(xor1,iv2);
193 }
194 tin0=tin1=tout0=tout1=xor0=xor1=0;
195 tin[0]=tin[1]=0;
196 }
197#endif