Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1311)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/freebl/des.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/freebl/des.h ('k') | nss/lib/freebl/desblapi.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * des.c
3 *
4 * core source file for DES-150 library
5 * Make key schedule from DES key.
6 * Encrypt/Decrypt one 8-byte block.
7 *
8 * This Source Code Form is subject to the terms of the Mozilla Public
9 * License, v. 2.0. If a copy of the MPL was not distributed with this
10 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
11
12 #include "des.h"
13 #include <stddef.h> /* for ptrdiff_t */
14 /* #define USE_INDEXING 1 */
15
16 /* Some processors automatically fix up unaligned memory access, so they can
17 * read or write a HALF (4 bytes) at a time whether the address is 4-byte
18 * aligned or not. */
19 #if defined(NSS_X86_OR_X64)
20 #define HAVE_UNALIGNED_ACCESS 1
21 #endif
22
23 /*
24 * The tables below are the 8 sbox functions, with the 6-bit input permutation
25 * and the 32-bit output permutation pre-computed.
26 * They are shifted circularly to the left 3 bits, which removes 2 shifts
27 * and an or from each round by reducing the number of sboxes whose
28 * indices cross word broundaries from 2 to 1.
29 */
30
31 static const HALF SP[8][64] = {
32 /* Box S1 */ {
33 0x04041000, 0x00000000, 0x00040000, 0x04041010,
34 0x04040010, 0x00041010, 0x00000010, 0x00040000,
35 0x00001000, 0x04041000, 0x04041010, 0x00001000,
36 0x04001010, 0x04040010, 0x04000000, 0x00000010,
37 0x00001010, 0x04001000, 0x04001000, 0x00041000,
38 0x00041000, 0x04040000, 0x04040000, 0x04001010,
39 0x00040010, 0x04000010, 0x04000010, 0x00040010,
40 0x00000000, 0x00001010, 0x00041010, 0x04000000,
41 0x00040000, 0x04041010, 0x00000010, 0x04040000,
42 0x04041000, 0x04000000, 0x04000000, 0x00001000,
43 0x04040010, 0x00040000, 0x00041000, 0x04000010,
44 0x00001000, 0x00000010, 0x04001010, 0x00041010,
45 0x04041010, 0x00040010, 0x04040000, 0x04001010,
46 0x04000010, 0x00001010, 0x00041010, 0x04041000,
47 0x00001010, 0x04001000, 0x04001000, 0x00000000,
48 0x00040010, 0x00041000, 0x00000000, 0x04040010
49 },
50 /* Box S2 */ {
51 0x00420082, 0x00020002, 0x00020000, 0x00420080,
52 0x00400000, 0x00000080, 0x00400082, 0x00020082,
53 0x00000082, 0x00420082, 0x00420002, 0x00000002,
54 0x00020002, 0x00400000, 0x00000080, 0x00400082,
55 0x00420000, 0x00400080, 0x00020082, 0x00000000,
56 0x00000002, 0x00020000, 0x00420080, 0x00400002,
57 0x00400080, 0x00000082, 0x00000000, 0x00420000,
58 0x00020080, 0x00420002, 0x00400002, 0x00020080,
59 0x00000000, 0x00420080, 0x00400082, 0x00400000,
60 0x00020082, 0x00400002, 0x00420002, 0x00020000,
61 0x00400002, 0x00020002, 0x00000080, 0x00420082,
62 0x00420080, 0x00000080, 0x00020000, 0x00000002,
63 0x00020080, 0x00420002, 0x00400000, 0x00000082,
64 0x00400080, 0x00020082, 0x00000082, 0x00400080,
65 0x00420000, 0x00000000, 0x00020002, 0x00020080,
66 0x00000002, 0x00400082, 0x00420082, 0x00420000
67 },
68 /* Box S3 */ {
69 0x00000820, 0x20080800, 0x00000000, 0x20080020,
70 0x20000800, 0x00000000, 0x00080820, 0x20000800,
71 0x00080020, 0x20000020, 0x20000020, 0x00080000,
72 0x20080820, 0x00080020, 0x20080000, 0x00000820,
73 0x20000000, 0x00000020, 0x20080800, 0x00000800,
74 0x00080800, 0x20080000, 0x20080020, 0x00080820,
75 0x20000820, 0x00080800, 0x00080000, 0x20000820,
76 0x00000020, 0x20080820, 0x00000800, 0x20000000,
77 0x20080800, 0x20000000, 0x00080020, 0x00000820,
78 0x00080000, 0x20080800, 0x20000800, 0x00000000,
79 0x00000800, 0x00080020, 0x20080820, 0x20000800,
80 0x20000020, 0x00000800, 0x00000000, 0x20080020,
81 0x20000820, 0x00080000, 0x20000000, 0x20080820,
82 0x00000020, 0x00080820, 0x00080800, 0x20000020,
83 0x20080000, 0x20000820, 0x00000820, 0x20080000,
84 0x00080820, 0x00000020, 0x20080020, 0x00080800
85 },
86 /* Box S4 */ {
87 0x02008004, 0x00008204, 0x00008204, 0x00000200,
88 0x02008200, 0x02000204, 0x02000004, 0x00008004,
89 0x00000000, 0x02008000, 0x02008000, 0x02008204,
90 0x00000204, 0x00000000, 0x02000200, 0x02000004,
91 0x00000004, 0x00008000, 0x02000000, 0x02008004,
92 0x00000200, 0x02000000, 0x00008004, 0x00008200,
93 0x02000204, 0x00000004, 0x00008200, 0x02000200,
94 0x00008000, 0x02008200, 0x02008204, 0x00000204,
95 0x02000200, 0x02000004, 0x02008000, 0x02008204,
96 0x00000204, 0x00000000, 0x00000000, 0x02008000,
97 0x00008200, 0x02000200, 0x02000204, 0x00000004,
98 0x02008004, 0x00008204, 0x00008204, 0x00000200,
99 0x02008204, 0x00000204, 0x00000004, 0x00008000,
100 0x02000004, 0x00008004, 0x02008200, 0x02000204,
101 0x00008004, 0x00008200, 0x02000000, 0x02008004,
102 0x00000200, 0x02000000, 0x00008000, 0x02008200
103 },
104 /* Box S5 */ {
105 0x00000400, 0x08200400, 0x08200000, 0x08000401,
106 0x00200000, 0x00000400, 0x00000001, 0x08200000,
107 0x00200401, 0x00200000, 0x08000400, 0x00200401,
108 0x08000401, 0x08200001, 0x00200400, 0x00000001,
109 0x08000000, 0x00200001, 0x00200001, 0x00000000,
110 0x00000401, 0x08200401, 0x08200401, 0x08000400,
111 0x08200001, 0x00000401, 0x00000000, 0x08000001,
112 0x08200400, 0x08000000, 0x08000001, 0x00200400,
113 0x00200000, 0x08000401, 0x00000400, 0x08000000,
114 0x00000001, 0x08200000, 0x08000401, 0x00200401,
115 0x08000400, 0x00000001, 0x08200001, 0x08200400,
116 0x00200401, 0x00000400, 0x08000000, 0x08200001,
117 0x08200401, 0x00200400, 0x08000001, 0x08200401,
118 0x08200000, 0x00000000, 0x00200001, 0x08000001,
119 0x00200400, 0x08000400, 0x00000401, 0x00200000,
120 0x00000000, 0x00200001, 0x08200400, 0x00000401
121 },
122 /* Box S6 */ {
123 0x80000040, 0x81000000, 0x00010000, 0x81010040,
124 0x81000000, 0x00000040, 0x81010040, 0x01000000,
125 0x80010000, 0x01010040, 0x01000000, 0x80000040,
126 0x01000040, 0x80010000, 0x80000000, 0x00010040,
127 0x00000000, 0x01000040, 0x80010040, 0x00010000,
128 0x01010000, 0x80010040, 0x00000040, 0x81000040,
129 0x81000040, 0x00000000, 0x01010040, 0x81010000,
130 0x00010040, 0x01010000, 0x81010000, 0x80000000,
131 0x80010000, 0x00000040, 0x81000040, 0x01010000,
132 0x81010040, 0x01000000, 0x00010040, 0x80000040,
133 0x01000000, 0x80010000, 0x80000000, 0x00010040,
134 0x80000040, 0x81010040, 0x01010000, 0x81000000,
135 0x01010040, 0x81010000, 0x00000000, 0x81000040,
136 0x00000040, 0x00010000, 0x81000000, 0x01010040,
137 0x00010000, 0x01000040, 0x80010040, 0x00000000,
138 0x81010000, 0x80000000, 0x01000040, 0x80010040
139 },
140 /* Box S7 */ {
141 0x00800000, 0x10800008, 0x10002008, 0x00000000,
142 0x00002000, 0x10002008, 0x00802008, 0x10802000,
143 0x10802008, 0x00800000, 0x00000000, 0x10000008,
144 0x00000008, 0x10000000, 0x10800008, 0x00002008,
145 0x10002000, 0x00802008, 0x00800008, 0x10002000,
146 0x10000008, 0x10800000, 0x10802000, 0x00800008,
147 0x10800000, 0x00002000, 0x00002008, 0x10802008,
148 0x00802000, 0x00000008, 0x10000000, 0x00802000,
149 0x10000000, 0x00802000, 0x00800000, 0x10002008,
150 0x10002008, 0x10800008, 0x10800008, 0x00000008,
151 0x00800008, 0x10000000, 0x10002000, 0x00800000,
152 0x10802000, 0x00002008, 0x00802008, 0x10802000,
153 0x00002008, 0x10000008, 0x10802008, 0x10800000,
154 0x00802000, 0x00000000, 0x00000008, 0x10802008,
155 0x00000000, 0x00802008, 0x10800000, 0x00002000,
156 0x10000008, 0x10002000, 0x00002000, 0x00800008
157 },
158 /* Box S8 */ {
159 0x40004100, 0x00004000, 0x00100000, 0x40104100,
160 0x40000000, 0x40004100, 0x00000100, 0x40000000,
161 0x00100100, 0x40100000, 0x40104100, 0x00104000,
162 0x40104000, 0x00104100, 0x00004000, 0x00000100,
163 0x40100000, 0x40000100, 0x40004000, 0x00004100,
164 0x00104000, 0x00100100, 0x40100100, 0x40104000,
165 0x00004100, 0x00000000, 0x00000000, 0x40100100,
166 0x40000100, 0x40004000, 0x00104100, 0x00100000,
167 0x00104100, 0x00100000, 0x40104000, 0x00004000,
168 0x00000100, 0x40100100, 0x00004000, 0x00104100,
169 0x40004000, 0x00000100, 0x40000100, 0x40100000,
170 0x40100100, 0x40000000, 0x00100000, 0x40004100,
171 0x00000000, 0x40104100, 0x00100100, 0x40000100,
172 0x40100000, 0x40004000, 0x40004100, 0x00000000,
173 0x40104100, 0x00104000, 0x00104000, 0x00004100,
174 0x00004100, 0x00100100, 0x40000000, 0x40104000
175 }
176 };
177
178 static const HALF PC2[8][64] = {
179 /* table 0 */ {
180 0x00000000, 0x00001000, 0x04000000, 0x04001000,
181 0x00100000, 0x00101000, 0x04100000, 0x04101000,
182 0x00008000, 0x00009000, 0x04008000, 0x04009000,
183 0x00108000, 0x00109000, 0x04108000, 0x04109000,
184 0x00000004, 0x00001004, 0x04000004, 0x04001004,
185 0x00100004, 0x00101004, 0x04100004, 0x04101004,
186 0x00008004, 0x00009004, 0x04008004, 0x04009004,
187 0x00108004, 0x00109004, 0x04108004, 0x04109004,
188 0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
189 0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
190 0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
191 0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
192 0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
193 0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
194 0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
195 0x08108004, 0x08109004, 0x0c108004, 0x0c109004
196 },
197 /* table 1 */ {
198 0x00000000, 0x00002000, 0x80000000, 0x80002000,
199 0x00000008, 0x00002008, 0x80000008, 0x80002008,
200 0x00200000, 0x00202000, 0x80200000, 0x80202000,
201 0x00200008, 0x00202008, 0x80200008, 0x80202008,
202 0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
203 0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
204 0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
205 0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
206 0x00000400, 0x00002400, 0x80000400, 0x80002400,
207 0x00000408, 0x00002408, 0x80000408, 0x80002408,
208 0x00200400, 0x00202400, 0x80200400, 0x80202400,
209 0x00200408, 0x00202408, 0x80200408, 0x80202408,
210 0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
211 0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
212 0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
213 0x20200408, 0x20202408, 0xa0200408, 0xa0202408
214 },
215 /* table 2 */ {
216 0x00000000, 0x00004000, 0x00000020, 0x00004020,
217 0x00080000, 0x00084000, 0x00080020, 0x00084020,
218 0x00000800, 0x00004800, 0x00000820, 0x00004820,
219 0x00080800, 0x00084800, 0x00080820, 0x00084820,
220 0x00000010, 0x00004010, 0x00000030, 0x00004030,
221 0x00080010, 0x00084010, 0x00080030, 0x00084030,
222 0x00000810, 0x00004810, 0x00000830, 0x00004830,
223 0x00080810, 0x00084810, 0x00080830, 0x00084830,
224 0x00400000, 0x00404000, 0x00400020, 0x00404020,
225 0x00480000, 0x00484000, 0x00480020, 0x00484020,
226 0x00400800, 0x00404800, 0x00400820, 0x00404820,
227 0x00480800, 0x00484800, 0x00480820, 0x00484820,
228 0x00400010, 0x00404010, 0x00400030, 0x00404030,
229 0x00480010, 0x00484010, 0x00480030, 0x00484030,
230 0x00400810, 0x00404810, 0x00400830, 0x00404830,
231 0x00480810, 0x00484810, 0x00480830, 0x00484830
232 },
233 /* table 3 */ {
234 0x00000000, 0x40000000, 0x00000080, 0x40000080,
235 0x00040000, 0x40040000, 0x00040080, 0x40040080,
236 0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
237 0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
238 0x10000000, 0x50000000, 0x10000080, 0x50000080,
239 0x10040000, 0x50040000, 0x10040080, 0x50040080,
240 0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
241 0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
242 0x00800000, 0x40800000, 0x00800080, 0x40800080,
243 0x00840000, 0x40840000, 0x00840080, 0x40840080,
244 0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
245 0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
246 0x10800000, 0x50800000, 0x10800080, 0x50800080,
247 0x10840000, 0x50840000, 0x10840080, 0x50840080,
248 0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
249 0x10840040, 0x50840040, 0x108400c0, 0x508400c0
250 },
251 /* table 4 */ {
252 0x00000000, 0x00000008, 0x08000000, 0x08000008,
253 0x00040000, 0x00040008, 0x08040000, 0x08040008,
254 0x00002000, 0x00002008, 0x08002000, 0x08002008,
255 0x00042000, 0x00042008, 0x08042000, 0x08042008,
256 0x80000000, 0x80000008, 0x88000000, 0x88000008,
257 0x80040000, 0x80040008, 0x88040000, 0x88040008,
258 0x80002000, 0x80002008, 0x88002000, 0x88002008,
259 0x80042000, 0x80042008, 0x88042000, 0x88042008,
260 0x00080000, 0x00080008, 0x08080000, 0x08080008,
261 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
262 0x00082000, 0x00082008, 0x08082000, 0x08082008,
263 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
264 0x80080000, 0x80080008, 0x88080000, 0x88080008,
265 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
266 0x80082000, 0x80082008, 0x88082000, 0x88082008,
267 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008
268 },
269 /* table 5 */ {
270 0x00000000, 0x00400000, 0x00008000, 0x00408000,
271 0x40000000, 0x40400000, 0x40008000, 0x40408000,
272 0x00000020, 0x00400020, 0x00008020, 0x00408020,
273 0x40000020, 0x40400020, 0x40008020, 0x40408020,
274 0x00001000, 0x00401000, 0x00009000, 0x00409000,
275 0x40001000, 0x40401000, 0x40009000, 0x40409000,
276 0x00001020, 0x00401020, 0x00009020, 0x00409020,
277 0x40001020, 0x40401020, 0x40009020, 0x40409020,
278 0x00100000, 0x00500000, 0x00108000, 0x00508000,
279 0x40100000, 0x40500000, 0x40108000, 0x40508000,
280 0x00100020, 0x00500020, 0x00108020, 0x00508020,
281 0x40100020, 0x40500020, 0x40108020, 0x40508020,
282 0x00101000, 0x00501000, 0x00109000, 0x00509000,
283 0x40101000, 0x40501000, 0x40109000, 0x40509000,
284 0x00101020, 0x00501020, 0x00109020, 0x00509020,
285 0x40101020, 0x40501020, 0x40109020, 0x40509020
286 },
287 /* table 6 */ {
288 0x00000000, 0x00000040, 0x04000000, 0x04000040,
289 0x00000800, 0x00000840, 0x04000800, 0x04000840,
290 0x00800000, 0x00800040, 0x04800000, 0x04800040,
291 0x00800800, 0x00800840, 0x04800800, 0x04800840,
292 0x10000000, 0x10000040, 0x14000000, 0x14000040,
293 0x10000800, 0x10000840, 0x14000800, 0x14000840,
294 0x10800000, 0x10800040, 0x14800000, 0x14800040,
295 0x10800800, 0x10800840, 0x14800800, 0x14800840,
296 0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
297 0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
298 0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
299 0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
300 0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
301 0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
302 0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
303 0x10800880, 0x108008c0, 0x14800880, 0x148008c0
304 },
305 /* table 7 */ {
306 0x00000000, 0x00000010, 0x00000400, 0x00000410,
307 0x00000004, 0x00000014, 0x00000404, 0x00000414,
308 0x00004000, 0x00004010, 0x00004400, 0x00004410,
309 0x00004004, 0x00004014, 0x00004404, 0x00004414,
310 0x20000000, 0x20000010, 0x20000400, 0x20000410,
311 0x20000004, 0x20000014, 0x20000404, 0x20000414,
312 0x20004000, 0x20004010, 0x20004400, 0x20004410,
313 0x20004004, 0x20004014, 0x20004404, 0x20004414,
314 0x00200000, 0x00200010, 0x00200400, 0x00200410,
315 0x00200004, 0x00200014, 0x00200404, 0x00200414,
316 0x00204000, 0x00204010, 0x00204400, 0x00204410,
317 0x00204004, 0x00204014, 0x00204404, 0x00204414,
318 0x20200000, 0x20200010, 0x20200400, 0x20200410,
319 0x20200004, 0x20200014, 0x20200404, 0x20200414,
320 0x20204000, 0x20204010, 0x20204400, 0x20204410,
321 0x20204004, 0x20204014, 0x20204404, 0x20204414
322 }
323 };
324
325 /*
326 * The PC-1 Permutation
327 * If we number the bits of the 8 bytes of key input like this (in octal):
328 * 00 01 02 03 04 05 06 07
329 * 10 11 12 13 14 15 16 17
330 * 20 21 22 23 24 25 26 27
331 * 30 31 32 33 34 35 36 37
332 * 40 41 42 43 44 45 46 47
333 * 50 51 52 53 54 55 56 57
334 * 60 61 62 63 64 65 66 67
335 * 70 71 72 73 74 75 76 77
336 * then after the PC-1 permutation,
337 * C0 is
338 * 70 60 50 40 30 20 10 00
339 * 71 61 51 41 31 21 11 01
340 * 72 62 52 42 32 22 12 02
341 * 73 63 53 43
342 * D0 is
343 * 76 66 56 46 36 26 16 06
344 * 75 65 55 45 35 25 15 05
345 * 74 64 54 44 34 24 14 04
346 * 33 23 13 03
347 * and these parity bits have been discarded:
348 * 77 67 57 47 37 27 17 07
349 *
350 * We achieve this by flipping the input matrix about the diagonal from 70-07,
351 * getting left =
352 * 77 67 57 47 37 27 17 07 (these are the parity bits)
353 * 76 66 56 46 36 26 16 06
354 * 75 65 55 45 35 25 15 05
355 * 74 64 54 44 34 24 14 04
356 * right =
357 * 73 63 53 43 33 23 13 03
358 * 72 62 52 42 32 22 12 02
359 * 71 61 51 41 31 21 11 01
360 * 70 60 50 40 30 20 10 00
361 * then byte swap right, ala htonl() on a little endian machine.
362 * right =
363 * 70 60 50 40 30 20 10 00
364 * 71 67 57 47 37 27 11 07
365 * 72 62 52 42 32 22 12 02
366 * 73 63 53 43 33 23 13 03
367 * then
368 * c0 = right >> 4;
369 * d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
370 */
371
372 #define FLIP_RIGHT_DIAGONAL(word, temp) \
373 temp = (word ^ (word >> 18)) & 0x00003333; \
374 word ^= temp | (temp << 18); \
375 temp = (word ^ (word >> 9)) & 0x00550055; \
376 word ^= temp | (temp << 9);
377
378 #if defined(__GNUC__) && defined(NSS_X86_OR_X64)
379 #define BYTESWAP(word, temp) \
380 __asm("bswap %0" : "+r" (word));
381 #elif (_MSC_VER >= 1300) && defined(NSS_X86_OR_X64)
382 #include <stdlib.h>
383 #pragma intrinsic(_byteswap_ulong)
384 #define BYTESWAP(word, temp) \
385 word = _byteswap_ulong(word);
386 #elif defined(__GNUC__) && (defined(__thumb2__) || \
387 (!defined(__thumb__) && \
388 (defined(__ARM_ARCH_6__) || \
389 defined(__ARM_ARCH_6J__) || \
390 defined(__ARM_ARCH_6K__) || \
391 defined(__ARM_ARCH_6Z__) || \
392 defined(__ARM_ARCH_6ZK__) || \
393 defined(__ARM_ARCH_6T2__) || \
394 defined(__ARM_ARCH_7__) || \
395 defined(__ARM_ARCH_7A__) || \
396 defined(__ARM_ARCH_7R__))))
397 #define BYTESWAP(word, temp) \
398 __asm("rev %0, %0" : "+r" (word));
399 #else
400 #define BYTESWAP(word, temp) \
401 word = (word >> 16) | (word << 16); \
402 temp = 0x00ff00ff; \
403 word = ((word & temp) << 8) | ((word >> 8) & temp);
404 #endif
405
406 #define PC1(left, right, c0, d0, temp) \
407 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
408 left ^= temp << 4; \
409 FLIP_RIGHT_DIAGONAL(left, temp); \
410 FLIP_RIGHT_DIAGONAL(right, temp); \
411 BYTESWAP(right, temp); \
412 c0 = right >> 4; \
413 d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
414
415 #define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
416 #define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
417
418 /*
419 * setup key schedules from key
420 */
421
422 void
423 DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction)
424 {
425 register HALF left, right;
426 register HALF c0, d0;
427 register HALF temp;
428 int delta;
429 unsigned int ls;
430
431 #if defined(HAVE_UNALIGNED_ACCESS)
432 left = HALFPTR(key)[0];
433 right = HALFPTR(key)[1];
434 #if defined(IS_LITTLE_ENDIAN)
435 BYTESWAP(left, temp);
436 BYTESWAP(right, temp);
437 #endif
438 #else
439 if (((ptrdiff_t)key & 0x03) == 0) {
440 left = HALFPTR(key)[0];
441 right = HALFPTR(key)[1];
442 #if defined(IS_LITTLE_ENDIAN)
443 BYTESWAP(left, temp);
444 BYTESWAP(right, temp);
445 #endif
446 } else {
447 left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
448 ((HALF)key[2] << 8) | key[3];
449 right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
450 ((HALF)key[6] << 8) | key[7];
451 }
452 #endif
453
454 PC1(left, right, c0, d0, temp);
455
456 if (direction == DES_ENCRYPT) {
457 delta = 2 * (int)sizeof(HALF);
458 } else {
459 ks += 30;
460 delta = (-2) * (int)sizeof(HALF);
461 }
462
463 for (ls = 0x8103; ls; ls >>= 1) {
464 if ( ls & 1 ) {
465 c0 = LEFT_SHIFT_1( c0 );
466 d0 = LEFT_SHIFT_1( d0 );
467 } else {
468 c0 = LEFT_SHIFT_2( c0 );
469 d0 = LEFT_SHIFT_2( d0 );
470 }
471
472 #ifdef USE_INDEXING
473 #define PC2LOOKUP(b,c) PC2[b][c]
474
475 left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
476 left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
477 left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
478 left |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
479
480 right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
481 right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
482 right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F) );
483 right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
484 #else
485 #define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
486
487 left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
488 left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
489 left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C) );
490 left |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
491
492 right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
493 right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
494 right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC) );
495 right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
496 #endif
497 /* left contains key bits for S1 S3 S2 S4 */
498 /* right contains key bits for S6 S8 S5 S7 */
499 temp = (left << 16) /* S2 S4 XX XX */
500 | (right >> 16); /* XX XX S6 S8 */
501 ks[0] = temp;
502
503 temp = (left & 0xffff0000) /* S1 S3 XX XX */
504 | (right & 0x0000ffff);/* XX XX S5 S7 */
505 ks[1] = temp;
506
507 ks = (HALF*)((BYTE *)ks + delta);
508 }
509 }
510
511 /*
512 * The DES Initial Permutation
513 * if we number the bits of the 8 bytes of input like this (in octal):
514 * 00 01 02 03 04 05 06 07
515 * 10 11 12 13 14 15 16 17
516 * 20 21 22 23 24 25 26 27
517 * 30 31 32 33 34 35 36 37
518 * 40 41 42 43 44 45 46 47
519 * 50 51 52 53 54 55 56 57
520 * 60 61 62 63 64 65 66 67
521 * 70 71 72 73 74 75 76 77
522 * then after the initial permutation, they will be in this order.
523 * 71 61 51 41 31 21 11 01
524 * 73 63 53 43 33 23 13 03
525 * 75 65 55 45 35 25 15 05
526 * 77 67 57 47 37 27 17 07
527 * 70 60 50 40 30 20 10 00
528 * 72 62 52 42 32 22 12 02
529 * 74 64 54 44 34 24 14 04
530 * 76 66 56 46 36 26 16 06
531 *
532 * One way to do this is in two steps:
533 * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
534 * 2. Rearrange the bytes (rows in the matrix above) with the following code.
535 *
536 * #define swapHiLo(word, temp) \
537 * temp = (word ^ (word >> 24)) & 0x000000ff; \
538 * word ^= temp | (temp << 24);
539 *
540 * right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
541 * left ^= temp >> 8;
542 * swapHiLo(left, temp);
543 * swapHiLo(right,temp);
544 *
545 * However, the two steps can be combined, so that the rows are rearranged
546 * while the matrix is being flipped, reducing the number of bit exchange
547 * operations from 8 ot 5.
548 *
549 * Initial Permutation */
550 #define IP(left, right, temp) \
551 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
552 left ^= temp << 4; \
553 right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
554 left ^= temp << 16; \
555 right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
556 left ^= temp >> 2; \
557 right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
558 left ^= temp >> 8; \
559 right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
560 left ^= temp << 1;
561
562 /* The Final (Inverse Initial) permutation is done by reversing the
563 ** steps of the Initital Permutation
564 */
565
566 #define FP(left, right, temp) \
567 right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
568 left ^= temp << 1; \
569 right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
570 left ^= temp >> 8; \
571 right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
572 left ^= temp >> 2; \
573 right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
574 left ^= temp << 16; \
575 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
576 left ^= temp << 4;
577
578 void
579 DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
580 {
581 register HALF left, right;
582 register HALF temp;
583
584 #if defined(HAVE_UNALIGNED_ACCESS)
585 left = HALFPTR(inbuf)[0];
586 right = HALFPTR(inbuf)[1];
587 #if defined(IS_LITTLE_ENDIAN)
588 BYTESWAP(left, temp);
589 BYTESWAP(right, temp);
590 #endif
591 #else
592 if (((ptrdiff_t)inbuf & 0x03) == 0) {
593 left = HALFPTR(inbuf)[0];
594 right = HALFPTR(inbuf)[1];
595 #if defined(IS_LITTLE_ENDIAN)
596 BYTESWAP(left, temp);
597 BYTESWAP(right, temp);
598 #endif
599 } else {
600 left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
601 ((HALF)inbuf[2] << 8) | inbuf[3];
602 right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
603 ((HALF)inbuf[6] << 8) | inbuf[7];
604 }
605 #endif
606
607 IP(left, right, temp);
608
609 /* shift the values left circularly 3 bits. */
610 left = (left << 3) | (left >> 29);
611 right = (right << 3) | (right >> 29);
612
613 #ifdef USE_INDEXING
614 #define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
615 #else
616 #define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
617 #endif
618 #define ROUND(out, in, r) \
619 temp = in ^ ks[2*r]; \
620 out ^= KSLOOKUP( 1, 24 ); \
621 out ^= KSLOOKUP( 3, 16 ); \
622 out ^= KSLOOKUP( 5, 8 ); \
623 out ^= KSLOOKUP( 7, 0 ); \
624 temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
625 out ^= KSLOOKUP( 0, 24 ); \
626 out ^= KSLOOKUP( 2, 16 ); \
627 out ^= KSLOOKUP( 4, 8 ); \
628 out ^= KSLOOKUP( 6, 0 );
629
630 /* Do the 16 Feistel rounds */
631 ROUND(left, right, 0)
632 ROUND(right, left, 1)
633 ROUND(left, right, 2)
634 ROUND(right, left, 3)
635 ROUND(left, right, 4)
636 ROUND(right, left, 5)
637 ROUND(left, right, 6)
638 ROUND(right, left, 7)
639 ROUND(left, right, 8)
640 ROUND(right, left, 9)
641 ROUND(left, right, 10)
642 ROUND(right, left, 11)
643 ROUND(left, right, 12)
644 ROUND(right, left, 13)
645 ROUND(left, right, 14)
646 ROUND(right, left, 15)
647
648 /* now shift circularly right 3 bits to undo the shifting done
649 ** above. switch left and right here.
650 */
651 temp = (left >> 3) | (left << 29);
652 left = (right >> 3) | (right << 29);
653 right = temp;
654
655 FP(left, right, temp);
656
657 #if defined(HAVE_UNALIGNED_ACCESS)
658 #if defined(IS_LITTLE_ENDIAN)
659 BYTESWAP(left, temp);
660 BYTESWAP(right, temp);
661 #endif
662 HALFPTR(outbuf)[0] = left;
663 HALFPTR(outbuf)[1] = right;
664 #else
665 if (((ptrdiff_t)outbuf & 0x03) == 0) {
666 #if defined(IS_LITTLE_ENDIAN)
667 BYTESWAP(left, temp);
668 BYTESWAP(right, temp);
669 #endif
670 HALFPTR(outbuf)[0] = left;
671 HALFPTR(outbuf)[1] = right;
672 } else {
673 outbuf[0] = (BYTE)(left >> 24);
674 outbuf[1] = (BYTE)(left >> 16);
675 outbuf[2] = (BYTE)(left >> 8);
676 outbuf[3] = (BYTE)(left );
677
678 outbuf[4] = (BYTE)(right >> 24);
679 outbuf[5] = (BYTE)(right >> 16);
680 outbuf[6] = (BYTE)(right >> 8);
681 outbuf[7] = (BYTE)(right );
682 }
683 #endif
684
685 }
686
687 /* Ackowledgements:
688 ** Two ideas used in this implementation were shown to me by Dennis Ferguson
689 ** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were:
690 ** 1. The method of computing the Initial and Final permutations.
691 ** 2. Circularly rotating the SP tables and the initial values of left and
692 ** right to reduce the number of shifts required during the 16 rounds.
693 */
OLDNEW
« no previous file with comments | « nss/lib/freebl/des.h ('k') | nss/lib/freebl/desblapi.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698