summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rc2
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rc2')
-rw-r--r--src/lib/libcrypto/rc2/rc2_cbc.c235
-rw-r--r--src/lib/libcrypto/rc2/rc2_ecb.c90
-rw-r--r--src/lib/libcrypto/rc2/rc2_locl.h156
-rw-r--r--src/lib/libcrypto/rc2/rc2_skey.c142
-rw-r--r--src/lib/libcrypto/rc2/rc2cfb64.c127
-rw-r--r--src/lib/libcrypto/rc2/rc2ofb64.c115
-rw-r--r--src/lib/libcrypto/rc2/rrc2.doc219
-rw-r--r--src/lib/libcrypto/rc2/version22
8 files changed, 1106 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2_cbc.c
new file mode 100644
index 0000000000..22e89f0441
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_cbc.c
@@ -0,0 +1,235 @@
1/* crypto/rc2/rc2_cbc.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "rc2.h"
60#include "rc2_locl.h"
61
62void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt)
63unsigned char *in;
64unsigned char *out;
65long length;
66RC2_KEY *ks;
67unsigned char *iv;
68int encrypt;
69 {
70 register unsigned long tin0,tin1;
71 register unsigned long tout0,tout1,xor0,xor1;
72 register long l=length;
73 unsigned long tin[2];
74
75 if (encrypt)
76 {
77 c2l(iv,tout0);
78 c2l(iv,tout1);
79 iv-=8;
80 for (l-=8; l>=0; l-=8)
81 {
82 c2l(in,tin0);
83 c2l(in,tin1);
84 tin0^=tout0;
85 tin1^=tout1;
86 tin[0]=tin0;
87 tin[1]=tin1;
88 RC2_encrypt(tin,ks);
89 tout0=tin[0]; l2c(tout0,out);
90 tout1=tin[1]; l2c(tout1,out);
91 }
92 if (l != -8)
93 {
94 c2ln(in,tin0,tin1,l+8);
95 tin0^=tout0;
96 tin1^=tout1;
97 tin[0]=tin0;
98 tin[1]=tin1;
99 RC2_encrypt(tin,ks);
100 tout0=tin[0]; l2c(tout0,out);
101 tout1=tin[1]; l2c(tout1,out);
102 }
103 l2c(tout0,iv);
104 l2c(tout1,iv);
105 }
106 else
107 {
108 c2l(iv,xor0);
109 c2l(iv,xor1);
110 iv-=8;
111 for (l-=8; l>=0; l-=8)
112 {
113 c2l(in,tin0); tin[0]=tin0;
114 c2l(in,tin1); tin[1]=tin1;
115 RC2_decrypt(tin,ks);
116 tout0=tin[0]^xor0;
117 tout1=tin[1]^xor1;
118 l2c(tout0,out);
119 l2c(tout1,out);
120 xor0=tin0;
121 xor1=tin1;
122 }
123 if (l != -8)
124 {
125 c2l(in,tin0); tin[0]=tin0;
126 c2l(in,tin1); tin[1]=tin1;
127 RC2_decrypt(tin,ks);
128 tout0=tin[0]^xor0;
129 tout1=tin[1]^xor1;
130 l2cn(tout0,tout1,out,l+8);
131 xor0=tin0;
132 xor1=tin1;
133 }
134 l2c(xor0,iv);
135 l2c(xor1,iv);
136 }
137 tin0=tin1=tout0=tout1=xor0=xor1=0;
138 tin[0]=tin[1]=0;
139 }
140
141void RC2_encrypt(d,key)
142unsigned long *d;
143RC2_KEY *key;
144 {
145 int i,n;
146 register RC2_INT *p0,*p1;
147 register RC2_INT x0,x1,x2,x3,t;
148 unsigned long l;
149
150 l=d[0];
151 x0=(RC2_INT)l&0xffff;
152 x1=(RC2_INT)(l>>16L);
153 l=d[1];
154 x2=(RC2_INT)l&0xffff;
155 x3=(RC2_INT)(l>>16L);
156
157 n=3;
158 i=5;
159
160 p0=p1= &(key->data[0]);
161 for (;;)
162 {
163 t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
164 x0=(t<<1)|(t>>15);
165 t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
166 x1=(t<<2)|(t>>14);
167 t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
168 x2=(t<<3)|(t>>13);
169 t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
170 x3=(t<<5)|(t>>11);
171
172 if (--i == 0)
173 {
174 if (--n == 0) break;
175 i=(n == 2)?6:5;
176
177 x0+=p1[x3&0x3f];
178 x1+=p1[x0&0x3f];
179 x2+=p1[x1&0x3f];
180 x3+=p1[x2&0x3f];
181 }
182 }
183
184 d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
185 d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
186 }
187
188void RC2_decrypt(d,key)
189unsigned long *d;
190RC2_KEY *key;
191 {
192 int i,n;
193 register RC2_INT *p0,*p1;
194 register RC2_INT x0,x1,x2,x3,t;
195 unsigned long l;
196
197 l=d[0];
198 x0=(RC2_INT)l&0xffff;
199 x1=(RC2_INT)(l>>16L);
200 l=d[1];
201 x2=(RC2_INT)l&0xffff;
202 x3=(RC2_INT)(l>>16L);
203
204 n=3;
205 i=5;
206
207 p0= &(key->data[63]);
208 p1= &(key->data[0]);
209 for (;;)
210 {
211 t=((x3<<11)|(x3>>5))&0xffff;
212 x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
213 t=((x2<<13)|(x2>>3))&0xffff;
214 x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
215 t=((x1<<14)|(x1>>2))&0xffff;
216 x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
217 t=((x0<<15)|(x0>>1))&0xffff;
218 x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
219
220 if (--i == 0)
221 {
222 if (--n == 0) break;
223 i=(n == 2)?6:5;
224
225 x3=(x3-p1[x2&0x3f])&0xffff;
226 x2=(x2-p1[x1&0x3f])&0xffff;
227 x1=(x1-p1[x0&0x3f])&0xffff;
228 x0=(x0-p1[x3&0x3f])&0xffff;
229 }
230 }
231
232 d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
233 d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
234 }
235
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c
new file mode 100644
index 0000000000..96239cd4e0
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_ecb.c
@@ -0,0 +1,90 @@
1/* crypto/rc2/rc2_ecb.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "rc2.h"
60#include "rc2_locl.h"
61
62char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998";
63
64/* RC2 as implemented frm a posting from
65 * Newsgroups: sci.crypt
66 * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
67 * Subject: Specification for Ron Rivests Cipher No.2
68 * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
69 * Date: 11 Feb 1996 06:45:03 GMT
70 */
71
72void RC2_ecb_encrypt(in, out, ks, encrypt)
73unsigned char *in;
74unsigned char *out;
75RC2_KEY *ks;
76int encrypt;
77 {
78 unsigned long l,d[2];
79
80 c2l(in,l); d[0]=l;
81 c2l(in,l); d[1]=l;
82 if (encrypt)
83 RC2_encrypt(d,ks);
84 else
85 RC2_decrypt(d,ks);
86 l=d[0]; l2c(l,out);
87 l=d[1]; l2c(l,out);
88 l=d[0]=d[1]=0;
89 }
90
diff --git a/src/lib/libcrypto/rc2/rc2_locl.h b/src/lib/libcrypto/rc2/rc2_locl.h
new file mode 100644
index 0000000000..565cd17619
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_locl.h
@@ -0,0 +1,156 @@
1/* crypto/rc2/rc2_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#undef c2l
60#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
61 l|=((unsigned long)(*((c)++)))<< 8L, \
62 l|=((unsigned long)(*((c)++)))<<16L, \
63 l|=((unsigned long)(*((c)++)))<<24L)
64
65/* NOTE - c is not incremented as per c2l */
66#undef c2ln
67#define c2ln(c,l1,l2,n) { \
68 c+=n; \
69 l1=l2=0; \
70 switch (n) { \
71 case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
72 case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
73 case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
74 case 5: l2|=((unsigned long)(*(--(c)))); \
75 case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
76 case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
77 case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
78 case 1: l1|=((unsigned long)(*(--(c)))); \
79 } \
80 }
81
82#undef l2c
83#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
84 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
85 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
86 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
87
88/* NOTE - c is not incremented as per l2c */
89#undef l2cn
90#define l2cn(l1,l2,c,n) { \
91 c+=n; \
92 switch (n) { \
93 case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
94 case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
95 case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
96 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
97 case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
98 case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
99 case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
100 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
101 } \
102 }
103
104/* NOTE - c is not incremented as per n2l */
105#define n2ln(c,l1,l2,n) { \
106 c+=n; \
107 l1=l2=0; \
108 switch (n) { \
109 case 8: l2 =((unsigned long)(*(--(c)))) ; \
110 case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
111 case 6: l2|=((unsigned long)(*(--(c))))<<16; \
112 case 5: l2|=((unsigned long)(*(--(c))))<<24; \
113 case 4: l1 =((unsigned long)(*(--(c)))) ; \
114 case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
115 case 2: l1|=((unsigned long)(*(--(c))))<<16; \
116 case 1: l1|=((unsigned long)(*(--(c))))<<24; \
117 } \
118 }
119
120/* NOTE - c is not incremented as per l2n */
121#define l2nn(l1,l2,c,n) { \
122 c+=n; \
123 switch (n) { \
124 case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
125 case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
126 case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
127 case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
128 case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
129 case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
130 case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
131 case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
132 } \
133 }
134
135#undef n2l
136#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
137 l|=((unsigned long)(*((c)++)))<<16L, \
138 l|=((unsigned long)(*((c)++)))<< 8L, \
139 l|=((unsigned long)(*((c)++))))
140
141#undef l2n
142#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
143 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
144 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
145 *((c)++)=(unsigned char)(((l) )&0xff))
146
147#define C_RC2(n) \
148 t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
149 x0=(t<<1)|(t>>15); \
150 t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
151 x1=(t<<2)|(t>>14); \
152 t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
153 x2=(t<<3)|(t>>13); \
154 t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
155 x3=(t<<5)|(t>>11);
156
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
new file mode 100644
index 0000000000..0f1f253395
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -0,0 +1,142 @@
1/* crypto/rc2/rc2_skey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "rc2.h"
60#include "rc2_locl.h"
61
62static unsigned char key_table[256]={
63 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
64 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
65 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
66 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
67 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
68 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
69 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
70 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
71 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
72 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
73 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
74 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
75 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
76 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
77 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
78 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
79 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
80 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
81 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
82 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
83 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
84 0xfe,0x7f,0xc1,0xad,
85 };
86
87/* It has come to my attention that there are 2 versions of the RC2
88 * key schedule. One which is normal, and anther which has a hook to
89 * use a reduced key length.
90 * BSAFE uses the 'retarded' version. What I previously shipped is
91 * the same as specifying 1024 for the 'bits' parameter. Bsafe uses
92 * a version where the bits parameter is the same as len*8 */
93void RC2_set_key(key,len,data,bits)
94RC2_KEY *key;
95int len;
96unsigned char *data;
97int bits;
98 {
99 int i,j;
100 unsigned char *k;
101 RC2_INT *ki;
102 unsigned int c,d;
103
104 k= (unsigned char *)&(key->data[0]);
105 *k=0; /* for if there is a zero length key */
106
107 if (len > 128) len=128;
108 if (bits <= 0) bits=1024;
109 if (bits > 1024) bits=1024;
110
111 for (i=0; i<len; i++)
112 k[i]=data[i];
113
114 /* expand table */
115 d=k[len-1];
116 j=0;
117 for (i=len; i < 128; i++,j++)
118 {
119 d=key_table[(k[j]+d)&0xff];
120 k[i]=d;
121 }
122
123 /* hmm.... key reduction to 'bits' bits */
124
125 j=(bits+7)>>3;
126 i=128-j;
127 c= (0xff>>(-bits & 0x07));
128
129 d=key_table[k[i]&c];
130 k[i]=d;
131 while (i--)
132 {
133 d=key_table[k[i+j]^d];
134 k[i]=d;
135 }
136
137 /* copy from bytes into RC2_INT's */
138 ki= &(key->data[63]);
139 for (i=127; i>=0; i-=2)
140 *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
141 }
142
diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c
new file mode 100644
index 0000000000..d409fb77e9
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2cfb64.c
@@ -0,0 +1,127 @@
1/* crypto/rc2/rc2cfb64.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "rc2.h"
60#include "rc2_locl.h"
61
62/* The input and output encrypted as though 64bit cfb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66
67void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
68unsigned char *in;
69unsigned char *out;
70long length;
71RC2_KEY *schedule;
72unsigned char *ivec;
73int *num;
74int encrypt;
75 {
76 register unsigned long v0,v1,t;
77 register int n= *num;
78 register long l=length;
79 unsigned long ti[2];
80 unsigned char *iv,c,cc;
81
82 iv=(unsigned char *)ivec;
83 if (encrypt)
84 {
85 while (l--)
86 {
87 if (n == 0)
88 {
89 c2l(iv,v0); ti[0]=v0;
90 c2l(iv,v1); ti[1]=v1;
91 RC2_encrypt((unsigned long *)ti,schedule);
92 iv=(unsigned char *)ivec;
93 t=ti[0]; l2c(t,iv);
94 t=ti[1]; l2c(t,iv);
95 iv=(unsigned char *)ivec;
96 }
97 c= *(in++)^iv[n];
98 *(out++)=c;
99 iv[n]=c;
100 n=(n+1)&0x07;
101 }
102 }
103 else
104 {
105 while (l--)
106 {
107 if (n == 0)
108 {
109 c2l(iv,v0); ti[0]=v0;
110 c2l(iv,v1); ti[1]=v1;
111 RC2_encrypt((unsigned long *)ti,schedule);
112 iv=(unsigned char *)ivec;
113 t=ti[0]; l2c(t,iv);
114 t=ti[1]; l2c(t,iv);
115 iv=(unsigned char *)ivec;
116 }
117 cc= *(in++);
118 c=iv[n];
119 iv[n]=cc;
120 *(out++)=c^cc;
121 n=(n+1)&0x07;
122 }
123 }
124 v0=v1=ti[0]=ti[1]=t=c=cc=0;
125 *num=n;
126 }
127
diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c
new file mode 100644
index 0000000000..4f09167447
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2ofb64.c
@@ -0,0 +1,115 @@
1/* crypto/rc2/rc2ofb64.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "rc2.h"
60#include "rc2_locl.h"
61
62/* The input and output encrypted as though 64bit ofb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num)
67unsigned char *in;
68unsigned char *out;
69long length;
70RC2_KEY *schedule;
71unsigned char *ivec;
72int *num;
73 {
74 register unsigned long v0,v1,t;
75 register int n= *num;
76 register long l=length;
77 unsigned char d[8];
78 register char *dp;
79 unsigned long ti[2];
80 unsigned char *iv;
81 int save=0;
82
83 iv=(unsigned char *)ivec;
84 c2l(iv,v0);
85 c2l(iv,v1);
86 ti[0]=v0;
87 ti[1]=v1;
88 dp=(char *)d;
89 l2c(v0,dp);
90 l2c(v1,dp);
91 while (l--)
92 {
93 if (n == 0)
94 {
95 RC2_encrypt((unsigned long *)ti,schedule);
96 dp=(char *)d;
97 t=ti[0]; l2c(t,dp);
98 t=ti[1]; l2c(t,dp);
99 save++;
100 }
101 *(out++)= *(in++)^d[n];
102 n=(n+1)&0x07;
103 }
104 if (save)
105 {
106 v0=ti[0];
107 v1=ti[1];
108 iv=(unsigned char *)ivec;
109 l2c(v0,iv);
110 l2c(v1,iv);
111 }
112 t=v0=v1=ti[0]=ti[1]=0;
113 *num=n;
114 }
115
diff --git a/src/lib/libcrypto/rc2/rrc2.doc b/src/lib/libcrypto/rc2/rrc2.doc
new file mode 100644
index 0000000000..f93ee003d2
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rrc2.doc
@@ -0,0 +1,219 @@
1>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
2Article 23601 of sci.crypt:
3Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
4>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
5Newsgroups: sci.crypt
6Subject: Specification for Ron Rivests Cipher No.2
7Date: 11 Feb 1996 06:45:03 GMT
8Organization: University of Auckland
9Lines: 203
10Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
11Message-ID: <4fk39f$f70@net.auckland.ac.nz>
12NNTP-Posting-Host: cs26.cs.auckland.ac.nz
13X-Newsreader: NN version 6.5.0 #3 (NOV)
14
15
16
17
18 Ron Rivest's Cipher No.2
19 ------------------------
20
21Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
22refer to it by other names) is word oriented, operating on a block of 64 bits
23divided into four 16-bit words, with a key table of 64 words. All data units
24are little-endian. This functional description of the algorithm is based in
25the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
26the same general layout, terminology, and pseudocode style.
27
28
29Notation and RRC.2 Primitive Operations
30
31RRC.2 uses the following primitive operations:
32
331. Two's-complement addition of words, denoted by "+". The inverse operation,
34 subtraction, is denoted by "-".
352. Bitwise exclusive OR, denoted by "^".
363. Bitwise AND, denoted by "&".
374. Bitwise NOT, denoted by "~".
385. A left-rotation of words; the rotation of word x left by y is denoted
39 x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
40
41These operations are directly and efficiently supported by most processors.
42
43
44The RRC.2 Algorithm
45
46RRC.2 consists of three components, a *key expansion* algorithm, an
47*encryption* algorithm, and a *decryption* algorithm.
48
49
50Key Expansion
51
52The purpose of the key-expansion routine is to expand the user's key K to fill
53the expanded key array S, so S resembles an array of random binary words
54determined by the user's secret key K.
55
56Initialising the S-box
57
58RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
59Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
60cryptography by enough time that there should be no concerns about trapdoors
61hidden in the data. They have been published widely, and the S-box can be
62easily recreated from the one-time pad values and the Beale Cipher data taken
63from a standard source. To initialise the S-box:
64
65 for i = 0 to 255 do
66 sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
67
68The contents of Beale Cipher No.1 and the necessary one-time pad are given as
69an appendix at the end of this document. For efficiency, implementors may wish
70to skip the Beale Cipher expansion and store the sBox table directly.
71
72Expanding the Secret Key to 128 Bytes
73
74The secret key is first expanded to fill 128 bytes (64 words). The expansion
75consists of taking the sum of the first and last bytes in the user key, looking
76up the sum (modulo 256) in the S-box, and appending the result to the key. The
77operation is repeated with the second byte and new last byte of the key until
78all 128 bytes have been generated. Note that the following pseudocode treats
79the S array as an array of 128 bytes rather than 64 words.
80
81 for j = 0 to length-1 do
82 S[ j ] = K[ j ]
83 for j = length to 127 do
84 s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
85
86At this point it is possible to perform a truncation of the effective key
87length to ease the creation of espionage-enabled software products. However
88since the author cannot conceive why anyone would want to do this, it will not
89be considered further.
90
91The final phase of the key expansion involves replacing the first byte of S
92with the entry selected from the S-box:
93
94 S[ 0 ] = sBox[ S[ 0 ] ]
95
96
97Encryption
98
99The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
100rounds perform an additional transformation on the data. Note that the
101following pseudocode treats the S array as an array of 64 words rather than 128
102bytes.
103
104 for i = 0 to 15 do
105 j = i * 4;
106 word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
107 word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
108 word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
109 word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
110
111In addition the fifth and eleventh rounds add the contents of the S-box indexed
112by one of the data words to another of the data words following the four
113subrounds as follows:
114
115 word0 = word0 + S[ word3 & 63 ];
116 word1 = word1 + S[ word0 & 63 ];
117 word2 = word2 + S[ word1 & 63 ];
118 word3 = word3 + S[ word2 & 63 ];
119
120
121Decryption
122
123The decryption operation is simply the inverse of the encryption operation.
124Note that the following pseudocode treats the S array as an array of 64 words
125rather than 128 bytes.
126
127 for i = 15 downto 0 do
128 j = i * 4;
129 word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
130 word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
131 word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
132 word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
133
134In addition the fifth and eleventh rounds subtract the contents of the S-box
135indexed by one of the data words from another one of the data words following
136the four subrounds as follows:
137
138 word3 = word3 - S[ word2 & 63 ]
139 word2 = word2 - S[ word1 & 63 ]
140 word1 = word1 - S[ word0 & 63 ]
141 word0 = word0 - S[ word3 & 63 ]
142
143
144Test Vectors
145
146The following test vectors may be used to test the correctness of an RRC.2
147implementation:
148
149 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
151 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
152 Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
153
154 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
155 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
156 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
157 Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
158
159 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
161 Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
162 Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
163
164 Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
165 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
166 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
167 Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
168
169
170Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
171 Creating the S-Box
172
173Beale Cipher No.1.
174
175 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
176 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
177 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
178 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
179 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
180 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
181 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
182 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
183 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
184 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
185 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
186 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
187 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
188 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
189 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
190 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
191
192One-time Pad.
193
194 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
195 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
196 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
197 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
198 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
199 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
200 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
201 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
202 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
203 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
204 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
205 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
206 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
207 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
208 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
209 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
210
211
212Implementation
213
214A non-US based programmer who has never seen any encryption code before will
215shortly be implementing RRC.2 based solely on this specification and not on
216knowledge of any other encryption algorithms. Stand by.
217
218
219
diff --git a/src/lib/libcrypto/rc2/version b/src/lib/libcrypto/rc2/version
new file mode 100644
index 0000000000..6f89d595f1
--- /dev/null
+++ b/src/lib/libcrypto/rc2/version
@@ -0,0 +1,22 @@
11.1 23/08/96 - eay
2 Changed RC2_set_key() so it now takes another argument. Many
3 thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
4 clarification and origional specification of RC2. BSAFE uses
5 this last parameter, 'bits'. It the key is 128 bits, BSAFE
6 also sets this parameter to 128. The old behaviour can be
7 duplicated by setting this parameter to 1024.
8
91.0 08/04/96 - eay
10 First version of SSLeay with rc2. This has been written from the spec
11 posted sci.crypt. It is in this directory under rrc2.doc
12 I have no test values for any mode other than ecb, my wrappers for the
13 other modes should be ok since they are basically the same as
14 the ones taken from idea and des :-). I have implemented them as
15 little-endian operators.
16 While rc2 is included because it is used with SSL, I don't know how
17 far I trust it. It is about the same speed as IDEA and DES.
18 So if you are paranoid, used Tripple DES, else IDEA. If RC2
19 does get used more, perhaps more people will look for weaknesses in
20 it.
21
22
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 15:04:45 +0000