OLD | NEW |
| (Empty) |
1 /* crypto/des/des_locl.h */ | |
2 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
3 * All rights reserved. | |
4 * | |
5 * This package is an SSL implementation written | |
6 * by Eric Young (eay@cryptsoft.com). | |
7 * The implementation was written so as to conform with Netscapes SSL. | |
8 * | |
9 * This library is free for commercial and non-commercial use as long as | |
10 * the following conditions are aheared to. The following conditions | |
11 * apply to all code found in this distribution, be it the RC4, RSA, | |
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 * included with this distribution is covered by the same copyright terms | |
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 * | |
16 * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 * the code are not to be removed. | |
18 * If this package is used in a product, Eric Young should be given attribution | |
19 * as the author of the parts of the library used. | |
20 * This can be in the form of a textual message at program startup or | |
21 * in documentation (online or textual) provided with the package. | |
22 * | |
23 * Redistribution and use in source and binary forms, with or without | |
24 * modification, are permitted provided that the following conditions | |
25 * are met: | |
26 * 1. Redistributions of source code must retain the copyright | |
27 * notice, this list of conditions and the following disclaimer. | |
28 * 2. Redistributions in binary form must reproduce the above copyright | |
29 * notice, this list of conditions and the following disclaimer in the | |
30 * documentation and/or other materials provided with the distribution. | |
31 * 3. All advertising materials mentioning features or use of this software | |
32 * must display the following acknowledgement: | |
33 * "This product includes cryptographic software written by | |
34 * Eric Young (eay@cryptsoft.com)" | |
35 * The word 'cryptographic' can be left out if the rouines from the library | |
36 * being used are not cryptographic related :-). | |
37 * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 * the apps directory (application code) you must include an acknowledgement: | |
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 * | |
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 * SUCH DAMAGE. | |
52 * | |
53 * The licence and distribution terms for any publically available version or | |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 * copied and put under another distribution licence | |
56 * [including the GNU Public Licence.] | |
57 */ | |
58 | |
59 #ifndef HEADER_DES_LOCL_H | |
60 #define HEADER_DES_LOCL_H | |
61 | |
62 #include <openssl/e_os2.h> | |
63 | |
64 #if defined(OPENSSL_SYS_WIN32) | |
65 #ifndef OPENSSL_SYS_MSDOS | |
66 #define OPENSSL_SYS_MSDOS | |
67 #endif | |
68 #endif | |
69 | |
70 #include <stdio.h> | |
71 #include <stdlib.h> | |
72 | |
73 #ifndef OPENSSL_SYS_MSDOS | |
74 #if !defined(OPENSSL_SYS_VMS) || defined(__DECC) | |
75 #ifdef OPENSSL_UNISTD | |
76 # include OPENSSL_UNISTD | |
77 #else | |
78 # include <unistd.h> | |
79 #endif | |
80 #include <math.h> | |
81 #endif | |
82 #endif | |
83 #include <openssl/des.h> | |
84 | |
85 #ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ | |
86 #include <stdlib.h> | |
87 #include <errno.h> | |
88 #include <time.h> | |
89 #include <io.h> | |
90 #endif | |
91 | |
92 #if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined
(OPENSSL_SYS_MSDOS) | |
93 #include <string.h> | |
94 #endif | |
95 | |
96 #ifdef OPENSSL_BUILD_SHLIBCRYPTO | |
97 # undef OPENSSL_EXTERN | |
98 # define OPENSSL_EXTERN OPENSSL_EXPORT | |
99 #endif | |
100 | |
101 #define ITERATIONS 16 | |
102 #define HALF_ITERATIONS 8 | |
103 | |
104 /* used in des_read and des_write */ | |
105 #define MAXWRITE (1024*16) | |
106 #define BSIZE (MAXWRITE+4) | |
107 | |
108 #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ | |
109 l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
110 l|=((DES_LONG)(*((c)++)))<<16L, \ | |
111 l|=((DES_LONG)(*((c)++)))<<24L) | |
112 | |
113 /* NOTE - c is not incremented as per c2l */ | |
114 #define c2ln(c,l1,l2,n) { \ | |
115 c+=n; \ | |
116 l1=l2=0; \ | |
117 switch (n) { \ | |
118 case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ | |
119 case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ | |
120 case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ | |
121 case 5: l2|=((DES_LONG)(*(--(c)))); \ | |
122 case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ | |
123 case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ | |
124 case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ | |
125 case 1: l1|=((DES_LONG)(*(--(c)))); \ | |
126 } \ | |
127 } | |
128 | |
129 #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | |
130 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
131 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
132 *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | |
133 | |
134 /* replacements for htonl and ntohl since I have no idea what to do | |
135 * when faced with machines with 8 byte longs. */ | |
136 #define HDRSIZE 4 | |
137 | |
138 #define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ | |
139 l|=((DES_LONG)(*((c)++)))<<16L, \ | |
140 l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
141 l|=((DES_LONG)(*((c)++)))) | |
142 | |
143 #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ | |
144 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
145 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
146 *((c)++)=(unsigned char)(((l) )&0xff)) | |
147 | |
148 /* NOTE - c is not incremented as per l2c */ | |
149 #define l2cn(l1,l2,c,n) { \ | |
150 c+=n; \ | |
151 switch (n) { \ | |
152 case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | |
153 case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ | |
154 case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ | |
155 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | |
156 case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ | |
157 case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ | |
158 case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ | |
159 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | |
160 } \ | |
161 } | |
162 | |
163 #if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC) | |
164 #define ROTATE(a,n) (_lrotr(a,n)) | |
165 #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(
OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | |
166 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_
64__) | |
167 # define ROTATE(a,n) ({ register unsigned int ret; \ | |
168 asm ("rorl %1,%0" \ | |
169 : "=r"(ret) \ | |
170 : "I"(n),"0"(a) \ | |
171 : "cc"); \ | |
172 ret; \ | |
173 }) | |
174 # endif | |
175 #endif | |
176 #ifndef ROTATE | |
177 #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) | |
178 #endif | |
179 | |
180 /* Don't worry about the LOAD_DATA() stuff, that is used by | |
181 * fcrypt() to add it's little bit to the front */ | |
182 | |
183 #ifdef DES_FCRYPT | |
184 | |
185 #define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ | |
186 { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } | |
187 | |
188 #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
189 t=R^(R>>16L); \ | |
190 u=t&E0; t&=E1; \ | |
191 tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ | |
192 tmp=(t<<16); t^=R^s[S+1]; t^=tmp | |
193 #else | |
194 #define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) | |
195 #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
196 u=R^s[S ]; \ | |
197 t=R^s[S+1] | |
198 #endif | |
199 | |
200 /* The changes to this macro may help or hinder, depending on the | |
201 * compiler and the architecture. gcc2 always seems to do well :-). | |
202 * Inspired by Dana How <how@isl.stanford.edu> | |
203 * DO NOT use the alternative version on machines with 8 byte longs. | |
204 * It does not seem to work on the Alpha, even when DES_LONG is 4 | |
205 * bytes, probably an issue of accessing non-word aligned objects :-( */ | |
206 #ifdef DES_PTR | |
207 | |
208 /* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there | |
209 * is no reason to not xor all the sub items together. This potentially | |
210 * saves a register since things can be xored directly into L */ | |
211 | |
212 #if defined(DES_RISC1) || defined(DES_RISC2) | |
213 #ifdef DES_RISC1 | |
214 #define D_ENCRYPT(LL,R,S) { \ | |
215 unsigned int u1,u2,u3; \ | |
216 LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
217 u2=(int)u>>8L; \ | |
218 u1=(int)u&0xfc; \ | |
219 u2&=0xfc; \ | |
220 t=ROTATE(t,4); \ | |
221 u>>=16L; \ | |
222 LL^= *(const DES_LONG *)(des_SP +u1); \ | |
223 LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ | |
224 u3=(int)(u>>8L); \ | |
225 u1=(int)u&0xfc; \ | |
226 u3&=0xfc; \ | |
227 LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ | |
228 LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ | |
229 u2=(int)t>>8L; \ | |
230 u1=(int)t&0xfc; \ | |
231 u2&=0xfc; \ | |
232 t>>=16L; \ | |
233 LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ | |
234 LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ | |
235 u3=(int)t>>8L; \ | |
236 u1=(int)t&0xfc; \ | |
237 u3&=0xfc; \ | |
238 LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ | |
239 LL^= *(const DES_LONG *)(des_SP+0x700+u3); } | |
240 #endif | |
241 #ifdef DES_RISC2 | |
242 #define D_ENCRYPT(LL,R,S) { \ | |
243 unsigned int u1,u2,s1,s2; \ | |
244 LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
245 u2=(int)u>>8L; \ | |
246 u1=(int)u&0xfc; \ | |
247 u2&=0xfc; \ | |
248 t=ROTATE(t,4); \ | |
249 LL^= *(const DES_LONG *)(des_SP +u1); \ | |
250 LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ | |
251 s1=(int)(u>>16L); \ | |
252 s2=(int)(u>>24L); \ | |
253 s1&=0xfc; \ | |
254 s2&=0xfc; \ | |
255 LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ | |
256 LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ | |
257 u2=(int)t>>8L; \ | |
258 u1=(int)t&0xfc; \ | |
259 u2&=0xfc; \ | |
260 LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ | |
261 LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ | |
262 s1=(int)(t>>16L); \ | |
263 s2=(int)(t>>24L); \ | |
264 s1&=0xfc; \ | |
265 s2&=0xfc; \ | |
266 LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ | |
267 LL^= *(const DES_LONG *)(des_SP+0x700+s2); } | |
268 #endif | |
269 #else | |
270 #define D_ENCRYPT(LL,R,S) { \ | |
271 LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
272 t=ROTATE(t,4); \ | |
273 LL^= \ | |
274 *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ | |
275 *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ | |
276 *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ | |
277 *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ | |
278 *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ | |
279 *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ | |
280 *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ | |
281 *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } | |
282 #endif | |
283 | |
284 #else /* original version */ | |
285 | |
286 #if defined(DES_RISC1) || defined(DES_RISC2) | |
287 #ifdef DES_RISC1 | |
288 #define D_ENCRYPT(LL,R,S) {\ | |
289 unsigned int u1,u2,u3; \ | |
290 LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
291 u>>=2L; \ | |
292 t=ROTATE(t,6); \ | |
293 u2=(int)u>>8L; \ | |
294 u1=(int)u&0x3f; \ | |
295 u2&=0x3f; \ | |
296 u>>=16L; \ | |
297 LL^=DES_SPtrans[0][u1]; \ | |
298 LL^=DES_SPtrans[2][u2]; \ | |
299 u3=(int)u>>8L; \ | |
300 u1=(int)u&0x3f; \ | |
301 u3&=0x3f; \ | |
302 LL^=DES_SPtrans[4][u1]; \ | |
303 LL^=DES_SPtrans[6][u3]; \ | |
304 u2=(int)t>>8L; \ | |
305 u1=(int)t&0x3f; \ | |
306 u2&=0x3f; \ | |
307 t>>=16L; \ | |
308 LL^=DES_SPtrans[1][u1]; \ | |
309 LL^=DES_SPtrans[3][u2]; \ | |
310 u3=(int)t>>8L; \ | |
311 u1=(int)t&0x3f; \ | |
312 u3&=0x3f; \ | |
313 LL^=DES_SPtrans[5][u1]; \ | |
314 LL^=DES_SPtrans[7][u3]; } | |
315 #endif | |
316 #ifdef DES_RISC2 | |
317 #define D_ENCRYPT(LL,R,S) {\ | |
318 unsigned int u1,u2,s1,s2; \ | |
319 LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
320 u>>=2L; \ | |
321 t=ROTATE(t,6); \ | |
322 u2=(int)u>>8L; \ | |
323 u1=(int)u&0x3f; \ | |
324 u2&=0x3f; \ | |
325 LL^=DES_SPtrans[0][u1]; \ | |
326 LL^=DES_SPtrans[2][u2]; \ | |
327 s1=(int)u>>16L; \ | |
328 s2=(int)u>>24L; \ | |
329 s1&=0x3f; \ | |
330 s2&=0x3f; \ | |
331 LL^=DES_SPtrans[4][s1]; \ | |
332 LL^=DES_SPtrans[6][s2]; \ | |
333 u2=(int)t>>8L; \ | |
334 u1=(int)t&0x3f; \ | |
335 u2&=0x3f; \ | |
336 LL^=DES_SPtrans[1][u1]; \ | |
337 LL^=DES_SPtrans[3][u2]; \ | |
338 s1=(int)t>>16; \ | |
339 s2=(int)t>>24L; \ | |
340 s1&=0x3f; \ | |
341 s2&=0x3f; \ | |
342 LL^=DES_SPtrans[5][s1]; \ | |
343 LL^=DES_SPtrans[7][s2]; } | |
344 #endif | |
345 | |
346 #else | |
347 | |
348 #define D_ENCRYPT(LL,R,S) {\ | |
349 LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
350 t=ROTATE(t,4); \ | |
351 LL^=\ | |
352 DES_SPtrans[0][(u>> 2L)&0x3f]^ \ | |
353 DES_SPtrans[2][(u>>10L)&0x3f]^ \ | |
354 DES_SPtrans[4][(u>>18L)&0x3f]^ \ | |
355 DES_SPtrans[6][(u>>26L)&0x3f]^ \ | |
356 DES_SPtrans[1][(t>> 2L)&0x3f]^ \ | |
357 DES_SPtrans[3][(t>>10L)&0x3f]^ \ | |
358 DES_SPtrans[5][(t>>18L)&0x3f]^ \ | |
359 DES_SPtrans[7][(t>>26L)&0x3f]; } | |
360 #endif | |
361 #endif | |
362 | |
363 /* IP and FP | |
364 * The problem is more of a geometric problem that random bit fiddling. | |
365 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 | |
366 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 | |
367 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 | |
368 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 | |
369 | |
370 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 | |
371 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 | |
372 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 | |
373 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 | |
374 | |
375 The output has been subject to swaps of the form | |
376 0 1 -> 3 1 but the odd and even bits have been put into | |
377 2 3 2 0 | |
378 different words. The main trick is to remember that | |
379 t=((l>>size)^r)&(mask); | |
380 r^=t; | |
381 l^=(t<<size); | |
382 can be used to swap and move bits between words. | |
383 | |
384 So l = 0 1 2 3 r = 16 17 18 19 | |
385 4 5 6 7 20 21 22 23 | |
386 8 9 10 11 24 25 26 27 | |
387 12 13 14 15 28 29 30 31 | |
388 becomes (for size == 2 and mask == 0x3333) | |
389 t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 | |
390 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 | |
391 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 | |
392 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 | |
393 | |
394 Thanks for hints from Richard Outerbridge - he told me IP&FP | |
395 could be done in 15 xor, 10 shifts and 5 ands. | |
396 When I finally started to think of the problem in 2D | |
397 I first got ~42 operations without xors. When I remembered | |
398 how to use xors :-) I got it to its final state. | |
399 */ | |
400 #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
401 (b)^=(t),\ | |
402 (a)^=((t)<<(n))) | |
403 | |
404 #define IP(l,r) \ | |
405 { \ | |
406 register DES_LONG tt; \ | |
407 PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ | |
408 PERM_OP(l,r,tt,16,0x0000ffffL); \ | |
409 PERM_OP(r,l,tt, 2,0x33333333L); \ | |
410 PERM_OP(l,r,tt, 8,0x00ff00ffL); \ | |
411 PERM_OP(r,l,tt, 1,0x55555555L); \ | |
412 } | |
413 | |
414 #define FP(l,r) \ | |
415 { \ | |
416 register DES_LONG tt; \ | |
417 PERM_OP(l,r,tt, 1,0x55555555L); \ | |
418 PERM_OP(r,l,tt, 8,0x00ff00ffL); \ | |
419 PERM_OP(l,r,tt, 2,0x33333333L); \ | |
420 PERM_OP(r,l,tt,16,0x0000ffffL); \ | |
421 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ | |
422 } | |
423 | |
424 extern const DES_LONG DES_SPtrans[8][64]; | |
425 | |
426 void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, | |
427 DES_LONG Eswap0, DES_LONG Eswap1); | |
428 | |
429 #ifdef OPENSSL_SMALL_FOOTPRINT | |
430 #undef DES_UNROLL | |
431 #endif | |
432 #endif | |
OLD | NEW |