des_locl.h

Jenkins

des_locl.h

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/des/des_locl.h

Line	Source	Count
1	/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */	-
2	/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)	-
3	* All rights reserved.	-
4	*	-
5	* This package is an SSL implementation written	-
6	* by Eric Young (eay@cryptsoft.com).	-
7	* The implementation was written so as to conform with Netscapes SSL.	-
8	*	-
9	* This library is free for commercial and non-commercial use as long as	-
10	* the following conditions are aheared to. The following conditions	-
11	* apply to all code found in this distribution, be it the RC4, RSA,	-
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation	-
13	* included with this distribution is covered by the same copyright terms	-
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).	-
15	*	-
16	* Copyright remains Eric Young's, and as such any Copyright notices in	-
17	* the code are not to be removed.	-
18	* If this package is used in a product, Eric Young should be given attribution	-
19	* as the author of the parts of the library used.	-
20	* This can be in the form of a textual message at program startup or	-
21	* in documentation (online or textual) provided with the package.	-
22	*	-
23	* Redistribution and use in source and binary forms, with or without	-
24	* modification, are permitted provided that the following conditions	-
25	* are met:	-
26	* 1. Redistributions of source code must retain the copyright	-
27	* notice, this list of conditions and the following disclaimer.	-
28	* 2. Redistributions in binary form must reproduce the above copyright	-
29	* notice, this list of conditions and the following disclaimer in the	-
30	* documentation and/or other materials provided with the distribution.	-
31	* 3. All advertising materials mentioning features or use of this software	-
32	* must display the following acknowledgement:	-
33	* "This product includes cryptographic software written by	-
34	* Eric Young (eay@cryptsoft.com)"	-
35	* The word 'cryptographic' can be left out if the rouines from the library	-
36	* being used are not cryptographic related :-).	-
37	* 4. If you include any Windows specific code (or a derivative thereof) from	-
38	* the apps directory (application code) you must include an acknowledgement:	-
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"	-
40	*	-
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND	-
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE	-
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE	-
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE	-
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL	-
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS	-
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)	-
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT	-
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	-
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	-
51	* SUCH DAMAGE.	-
52	*	-
53	* The licence and distribution terms for any publically available version or	-
54	* derivative of this code cannot be changed. i.e. this code cannot simply be	-
55	* copied and put under another distribution licence	-
56	* [including the GNU Public Licence.]	-
57	*/	-
58		-
59	#ifndef HEADER_DES_LOCL_H	-
60	#define HEADER_DES_LOCL_H	-
61		-
62	#include <math.h>	-
63	#include <stdint.h>	-
64	#include <stdio.h>	-
65	#include <stdlib.h>	-
66	#include <string.h>	-
67	#include <unistd.h>	-
68		-
69	#include <openssl/opensslconf.h>	-
70		-
71	#include <openssl/des.h>	-
72		-
73	__BEGIN_HIDDEN_DECLS	-
74		-
75	#define ITERATIONS 16	-
76	#define HALF_ITERATIONS 8	-
77		-
78	/* used in des_read and des_write */	-
79	#define MAXWRITE (1024*16)	-
80	#define BSIZE (MAXWRITE+4)	-
81		-
82	#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \	-
83	l\|=((DES_LONG)(*((c)++)))<< 8L, \	-
84	l\|=((DES_LONG)(*((c)++)))<<16L, \	-
85	l\|=((DES_LONG)(*((c)++)))<<24L)	-
86		-
87	/* NOTE - c is not incremented as per c2l */	-
88	#define c2ln(c,l1,l2,n) { \	-
89	c+=n; \	-
90	l1=l2=0; \	-
91	switch (n) { \	-
92	case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \	-
93	case 7: l2\|=((DES_LONG)(*(--(c))))<<16L; \	-
94	case 6: l2\|=((DES_LONG)(*(--(c))))<< 8L; \	-
95	case 5: l2\|=((DES_LONG)(*(--(c)))); \	-
96	case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \	-
97	case 3: l1\|=((DES_LONG)(*(--(c))))<<16L; \	-
98	case 2: l1\|=((DES_LONG)(*(--(c))))<< 8L; \	-
99	case 1: l1\|=((DES_LONG)(*(--(c)))); \	-
100	} \	-
101	}	-
102		-
103	#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \	-
104	*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \	-
105	*((c)++)=(unsigned char)(((l)>>16L)&0xff), \	-
106	*((c)++)=(unsigned char)(((l)>>24L)&0xff))	-
107		-
108	/* replacements for htonl and ntohl since I have no idea what to do	-
109	* when faced with machines with 8 byte longs. */	-
110	#define HDRSIZE 4	-
111		-
112	#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \	-
113	l\|=((DES_LONG)(*((c)++)))<<16L, \	-
114	l\|=((DES_LONG)(*((c)++)))<< 8L, \	-
115	l\|=((DES_LONG)(*((c)++))))	-
116		-
117	#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \	-
118	*((c)++)=(unsigned char)(((l)>>16L)&0xff), \	-
119	*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \	-
120	*((c)++)=(unsigned char)(((l) )&0xff))	-
121		-
122	/* NOTE - c is not incremented as per l2c */	-
123	#define l2cn(l1,l2,c,n) { \	-
124	c+=n; \	-
125	switch (n) { \	-
126	case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \	-
127	case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \	-
128	case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \	-
129	case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \	-
130	case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \	-
131	case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \	-
132	case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \	-
133	case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \	-
134	} \	-
135	}	-
136		-
137	static inline uint32_t ROTATE(uint32_t a, uint32_t n)	-
138	{	-
139	return (a>>n)+(a<<(32-n)); executed 363084 times by 4 tests: `return (a>>n)+(a<<(32-n));` Executed by: destest evptest libcrypto.so.44.0.1 ssltest	363084
140	}	-
141		-
142	/* Don't worry about the LOAD_DATA() stuff, that is used by	-
143	* fcrypt() to add it's little bit to the front */	-
144		-
145	#ifdef DES_FCRYPT	-
146		-
147	#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \	-
148	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }	-
149		-
150	#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \	-
151	t=R^(R>>16L); \	-
152	u=t&E0; t&=E1; \	-
153	tmp=(u<<16); u^=R^s[S ]; u^=tmp; \	-
154	tmp=(t<<16); t^=R^s[S+1]; t^=tmp	-
155	#else	-
156	#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)	-
157	#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \	-
158	u=R^s[S ]; \	-
159	t=R^s[S+1]	-
160	#endif	-
161		-
162	/* The changes to this macro may help or hinder, depending on the	-
163	* compiler and the architecture. gcc2 always seems to do well :-).	-
164	* Inspired by Dana How <how@isl.stanford.edu>	-
165	* DO NOT use the alternative version on machines with 8 byte longs.	-
166	* It does not seem to work on the Alpha, even when DES_LONG is 4	-
167	* bytes, probably an issue of accessing non-word aligned objects :-( */	-
168	#ifdef DES_PTR	-
169		-
170	/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there	-
171	* is no reason to not xor all the sub items together. This potentially	-
172	* saves a register since things can be xored directly into L */	-
173		-
174	#if defined(DES_RISC1) \|\| defined(DES_RISC2)	-
175	#ifdef DES_RISC1	-
176	#define D_ENCRYPT(LL,R,S) { \	-
177	unsigned int u1,u2,u3; \	-
178	LOAD_DATA(R,S,u,t,E0,E1,u1); \	-
179	u2=(int)u>>8L; \	-
180	u1=(int)u&0xfc; \	-
181	u2&=0xfc; \	-
182	t=ROTATE(t,4); \	-
183	u>>=16L; \	-
184	LL^= (const DES_LONG )(des_SP +u1); \	-
185	LL^= (const DES_LONG )(des_SP+0x200+u2); \	-
186	u3=(int)(u>>8L); \	-
187	u1=(int)u&0xfc; \	-
188	u3&=0xfc; \	-
189	LL^= (const DES_LONG )(des_SP+0x400+u1); \	-
190	LL^= (const DES_LONG )(des_SP+0x600+u3); \	-
191	u2=(int)t>>8L; \	-
192	u1=(int)t&0xfc; \	-
193	u2&=0xfc; \	-
194	t>>=16L; \	-
195	LL^= (const DES_LONG )(des_SP+0x100+u1); \	-
196	LL^= (const DES_LONG )(des_SP+0x300+u2); \	-
197	u3=(int)t>>8L; \	-
198	u1=(int)t&0xfc; \	-
199	u3&=0xfc; \	-
200	LL^= (const DES_LONG )(des_SP+0x500+u1); \	-
201	LL^= (const DES_LONG )(des_SP+0x700+u3); }	-
202	#endif	-
203	#ifdef DES_RISC2	-
204	#define D_ENCRYPT(LL,R,S) { \	-
205	unsigned int u1,u2,s1,s2; \	-
206	LOAD_DATA(R,S,u,t,E0,E1,u1); \	-
207	u2=(int)u>>8L; \	-
208	u1=(int)u&0xfc; \	-
209	u2&=0xfc; \	-
210	t=ROTATE(t,4); \	-
211	LL^= (const DES_LONG )(des_SP +u1); \	-
212	LL^= (const DES_LONG )(des_SP+0x200+u2); \	-
213	s1=(int)(u>>16L); \	-
214	s2=(int)(u>>24L); \	-
215	s1&=0xfc; \	-
216	s2&=0xfc; \	-
217	LL^= (const DES_LONG )(des_SP+0x400+s1); \	-
218	LL^= (const DES_LONG )(des_SP+0x600+s2); \	-
219	u2=(int)t>>8L; \	-
220	u1=(int)t&0xfc; \	-
221	u2&=0xfc; \	-
222	LL^= (const DES_LONG )(des_SP+0x100+u1); \	-
223	LL^= (const DES_LONG )(des_SP+0x300+u2); \	-
224	s1=(int)(t>>16L); \	-
225	s2=(int)(t>>24L); \	-
226	s1&=0xfc; \	-
227	s2&=0xfc; \	-
228	LL^= (const DES_LONG )(des_SP+0x500+s1); \	-
229	LL^= (const DES_LONG )(des_SP+0x700+s2); }	-
230	#endif	-
231	#else	-
232	#define D_ENCRYPT(LL,R,S) { \	-
233	LOAD_DATA_tmp(R,S,u,t,E0,E1); \	-
234	t=ROTATE(t,4); \	-
235	LL^= \	-
236	(const DES_LONG )(des_SP +((u )&0xfc))^ \	-
237	(const DES_LONG )(des_SP+0x200+((u>> 8L)&0xfc))^ \	-
238	(const DES_LONG )(des_SP+0x400+((u>>16L)&0xfc))^ \	-
239	(const DES_LONG )(des_SP+0x600+((u>>24L)&0xfc))^ \	-
240	(const DES_LONG )(des_SP+0x100+((t )&0xfc))^ \	-
241	(const DES_LONG )(des_SP+0x300+((t>> 8L)&0xfc))^ \	-
242	(const DES_LONG )(des_SP+0x500+((t>>16L)&0xfc))^ \	-
243	(const DES_LONG )(des_SP+0x700+((t>>24L)&0xfc)); }	-
244	#endif	-
245		-
246	#else /* original version */	-
247		-
248	#if defined(DES_RISC1) \|\| defined(DES_RISC2)	-
249	#ifdef DES_RISC1	-
250	#define D_ENCRYPT(LL,R,S) {\	-
251	unsigned int u1,u2,u3; \	-
252	LOAD_DATA(R,S,u,t,E0,E1,u1); \	-
253	u>>=2L; \	-
254	t=ROTATE(t,6); \	-
255	u2=(int)u>>8L; \	-
256	u1=(int)u&0x3f; \	-
257	u2&=0x3f; \	-
258	u>>=16L; \	-
259	LL^=DES_SPtrans[0][u1]; \	-
260	LL^=DES_SPtrans[2][u2]; \	-
261	u3=(int)u>>8L; \	-
262	u1=(int)u&0x3f; \	-
263	u3&=0x3f; \	-
264	LL^=DES_SPtrans[4][u1]; \	-
265	LL^=DES_SPtrans[6][u3]; \	-
266	u2=(int)t>>8L; \	-
267	u1=(int)t&0x3f; \	-
268	u2&=0x3f; \	-
269	t>>=16L; \	-
270	LL^=DES_SPtrans[1][u1]; \	-
271	LL^=DES_SPtrans[3][u2]; \	-
272	u3=(int)t>>8L; \	-
273	u1=(int)t&0x3f; \	-
274	u3&=0x3f; \	-
275	LL^=DES_SPtrans[5][u1]; \	-
276	LL^=DES_SPtrans[7][u3]; }	-
277	#endif	-
278	#ifdef DES_RISC2	-
279	#define D_ENCRYPT(LL,R,S) {\	-
280	unsigned int u1,u2,s1,s2; \	-
281	LOAD_DATA(R,S,u,t,E0,E1,u1); \	-
282	u>>=2L; \	-
283	t=ROTATE(t,6); \	-
284	u2=(int)u>>8L; \	-
285	u1=(int)u&0x3f; \	-
286	u2&=0x3f; \	-
287	LL^=DES_SPtrans[0][u1]; \	-
288	LL^=DES_SPtrans[2][u2]; \	-
289	s1=(int)u>>16L; \	-
290	s2=(int)u>>24L; \	-
291	s1&=0x3f; \	-
292	s2&=0x3f; \	-
293	LL^=DES_SPtrans[4][s1]; \	-
294	LL^=DES_SPtrans[6][s2]; \	-
295	u2=(int)t>>8L; \	-
296	u1=(int)t&0x3f; \	-
297	u2&=0x3f; \	-
298	LL^=DES_SPtrans[1][u1]; \	-
299	LL^=DES_SPtrans[3][u2]; \	-
300	s1=(int)t>>16; \	-
301	s2=(int)t>>24L; \	-
302	s1&=0x3f; \	-
303	s2&=0x3f; \	-
304	LL^=DES_SPtrans[5][s1]; \	-
305	LL^=DES_SPtrans[7][s2]; }	-
306	#endif	-
307		-
308	#else	-
309		-
310	#define D_ENCRYPT(LL,R,S) {\	-
311	LOAD_DATA_tmp(R,S,u,t,E0,E1); \	-
312	t=ROTATE(t,4); \	-
313	LL^=\	-
314	DES_SPtrans[0][(u>> 2L)&0x3f]^ \	-
315	DES_SPtrans[2][(u>>10L)&0x3f]^ \	-
316	DES_SPtrans[4][(u>>18L)&0x3f]^ \	-
317	DES_SPtrans[6][(u>>26L)&0x3f]^ \	-
318	DES_SPtrans[1][(t>> 2L)&0x3f]^ \	-
319	DES_SPtrans[3][(t>>10L)&0x3f]^ \	-
320	DES_SPtrans[5][(t>>18L)&0x3f]^ \	-
321	DES_SPtrans[7][(t>>26L)&0x3f]; }	-
322	#endif	-
323	#endif	-
324		-
325	/* IP and FP	-
326	* The problem is more of a geometric problem that random bit fiddling.	-
327	0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6	-
328	8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4	-
329	16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2	-
330	24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0	-
331		-
332	32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7	-
333	40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5	-
334	48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3	-
335	56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1	-
336		-
337	The output has been subject to swaps of the form	-
338	0 1 -> 3 1 but the odd and even bits have been put into	-
339	2 3 2 0	-
340	different words. The main trick is to remember that	-
341	t=((l>>size)^r)&(mask);	-
342	r^=t;	-
343	l^=(t<<size);	-
344	can be used to swap and move bits between words.	-
345		-
346	So l = 0 1 2 3 r = 16 17 18 19	-
347	4 5 6 7 20 21 22 23	-
348	8 9 10 11 24 25 26 27	-
349	12 13 14 15 28 29 30 31	-
350	becomes (for size == 2 and mask == 0x3333)	-
351	t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19	-
352	6^20 7^21 -- -- 4 5 20 21 6 7 22 23	-
353	10^24 11^25 -- -- 8 9 24 25 10 11 24 25	-
354	14^28 15^29 -- -- 12 13 28 29 14 15 28 29	-
355		-
356	Thanks for hints from Richard Outerbridge - he told me IP&FP	-
357	could be done in 15 xor, 10 shifts and 5 ands.	-
358	When I finally started to think of the problem in 2D	-
359	I first got ~42 operations without xors. When I remembered	-
360	how to use xors :-) I got it to its final state.	-
361	*/	-
362	#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\	-
363	(b)^=(t),\	-
364	(a)^=((t)<<(n)))	-
365		-
366	#define IP(l,r) \	-
367	{ \	-
368	DES_LONG tt; \	-
369	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \	-
370	PERM_OP(l,r,tt,16,0x0000ffffL); \	-
371	PERM_OP(r,l,tt, 2,0x33333333L); \	-
372	PERM_OP(l,r,tt, 8,0x00ff00ffL); \	-
373	PERM_OP(r,l,tt, 1,0x55555555L); \	-
374	}	-
375		-
376	#define FP(l,r) \	-
377	{ \	-
378	DES_LONG tt; \	-
379	PERM_OP(l,r,tt, 1,0x55555555L); \	-
380	PERM_OP(r,l,tt, 8,0x00ff00ffL); \	-
381	PERM_OP(l,r,tt, 2,0x33333333L); \	-
382	PERM_OP(r,l,tt,16,0x0000ffffL); \	-
383	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \	-
384	}	-
385		-
386	extern const DES_LONG DES_SPtrans[8][64];	-
387		-
388	void fcrypt_body(DES_LONG out,DES_key_schedule ks,	-
389	DES_LONG Eswap0, DES_LONG Eswap1);	-
390		-
391	#ifdef OPENSSL_SMALL_FOOTPRINT	-
392	#undef DES_UNROLL	-
393	#endif	-
394		-
395	__END_HIDDEN_DECLS	-
396		-
397	#endif	-

Line

Source

Count

/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */

* This package is an SSL implementation written

* by Eric Young (eay@cryptsoft.com).

* The implementation was written so as to conform with Netscapes SSL.

* This library is free for commercial and non-commercial use as long as

* the following conditions are aheared to. The following conditions

* apply to all code found in this distribution, be it the RC4, RSA,

* lhash, DES, etc., code; not just the SSL code. The SSL documentation

* included with this distribution is covered by the same copyright terms

* except that the holder is Tim Hudson (tjh@cryptsoft.com).

* Copyright remains Eric Young's, and as such any Copyright notices in

* the code are not to be removed.

* If this package is used in a product, Eric Young should be given attribution

* as the author of the parts of the library used.

* This can be in the form of a textual message at program startup or

* in documentation (online or textual) provided with the package.

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* 3. All advertising materials mentioning features or use of this software

* must display the following acknowledgement:

* "This product includes cryptographic software written by

* Eric Young (eay@cryptsoft.com)"

* The word 'cryptographic' can be left out if the rouines from the library

* being used are not cryptographic related :-).

* 4. If you include any Windows specific code (or a derivative thereof) from

* the apps directory (application code) you must include an acknowledgement:

* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

* The licence and distribution terms for any publically available version or

* derivative of this code cannot be changed. i.e. this code cannot simply be

* copied and put under another distribution licence

* [including the GNU Public Licence.]

#ifndef HEADER_DES_LOCL_H

#define HEADER_DES_LOCL_H

#include <math.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <openssl/opensslconf.h>

#include <openssl/des.h>

__BEGIN_HIDDEN_DECLS

#define ITERATIONS 16

#define HALF_ITERATIONS 8

/* used in des_read and des_write */

#define MAXWRITE (1024*16)

#define BSIZE (MAXWRITE+4)

#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \

l|=((DES_LONG)(*((c)++)))<< 8L, \

l|=((DES_LONG)(*((c)++)))<<16L, \

l|=((DES_LONG)(*((c)++)))<<24L)

/* NOTE - c is not incremented as per c2l */

#define c2ln(c,l1,l2,n) { \

c+=n; \

l1=l2=0; \

switch (n) { \

case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \

case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \

case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \

case 5: l2|=((DES_LONG)(*(--(c)))); \

case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \

case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \

case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \

case 1: l1|=((DES_LONG)(*(--(c)))); \

} \

}

#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \

104

*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

105

*((c)++)=(unsigned char)(((l)>>16L)&0xff), \

106

*((c)++)=(unsigned char)(((l)>>24L)&0xff))

107

108

/* replacements for htonl and ntohl since I have no idea what to do

109

* when faced with machines with 8 byte longs. */

110

#define HDRSIZE 4

111

112

#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \

113

l|=((DES_LONG)(*((c)++)))<<16L, \

114

l|=((DES_LONG)(*((c)++)))<< 8L, \

115

l|=((DES_LONG)(*((c)++))))

116

117

#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \

118

*((c)++)=(unsigned char)(((l)>>16L)&0xff), \

119

*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \

120

*((c)++)=(unsigned char)(((l) )&0xff))

121

122

/* NOTE - c is not incremented as per l2c */

123

#define l2cn(l1,l2,c,n) { \

124

c+=n; \

125

switch (n) { \

126

case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \

127

case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \

128

case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \

129

case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \

130

case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \

131

case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \

132

case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \

133

case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \

} \

}

static inline uint32_t ROTATE(uint32_t a, uint32_t n)

138

{

139

return (a>>n)+(a<<(32-n));

executed 363084 times by 4 tests: return (a>>n)+(a<<(32-n));

Executed by:

destest
evptest
libcrypto.so.44.0.1
ssltest

363084

140

}

141

142

/* Don't worry about the LOAD_DATA() stuff, that is used by

143

* fcrypt() to add it's little bit to the front */

#ifdef DES_FCRYPT

#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \

148

{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }

149

150

#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \

151

t=R^(R>>16L); \

152

u=t&E0; t&=E1; \

153

tmp=(u<<16); u^=R^s[S ]; u^=tmp; \

154

tmp=(t<<16); t^=R^s[S+1]; t^=tmp

155

#else

156

#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)

157

#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \

u=R^s[S ]; \

t=R^s[S+1]

#endif

/* The changes to this macro may help or hinder, depending on the

163

* compiler and the architecture. gcc2 always seems to do well :-).

164

* Inspired by Dana How <how@isl.stanford.edu>

165

* DO NOT use the alternative version on machines with 8 byte longs.

166

* It does not seem to work on the Alpha, even when DES_LONG is 4

167

* bytes, probably an issue of accessing non-word aligned objects :-( */

168

#ifdef DES_PTR

169

170

/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there

171

* is no reason to not xor all the sub items together. This potentially

172

* saves a register since things can be xored directly into L */

173

174

#if defined(DES_RISC1) || defined(DES_RISC2)

175

#ifdef DES_RISC1

176

#define D_ENCRYPT(LL,R,S) { \

177

unsigned int u1,u2,u3; \

178

LOAD_DATA(R,S,u,t,E0,E1,u1); \

u2=(int)u>>8L; \

u1=(int)u&0xfc; \

u2&=0xfc; \

t=ROTATE(t,4); \

u>>=16L; \

LL^= *(const DES_LONG *)(des_SP +u1); \

185

LL^= *(const DES_LONG *)(des_SP+0x200+u2); \

u3=(int)(u>>8L); \

u1=(int)u&0xfc; \

u3&=0xfc; \

LL^= *(const DES_LONG *)(des_SP+0x400+u1); \

190

LL^= *(const DES_LONG *)(des_SP+0x600+u3); \

u2=(int)t>>8L; \

u1=(int)t&0xfc; \

u2&=0xfc; \

t>>=16L; \

LL^= *(const DES_LONG *)(des_SP+0x100+u1); \

196

LL^= *(const DES_LONG *)(des_SP+0x300+u2); \

u3=(int)t>>8L; \

u1=(int)t&0xfc; \

u3&=0xfc; \

LL^= *(const DES_LONG *)(des_SP+0x500+u1); \

201

LL^= *(const DES_LONG *)(des_SP+0x700+u3); }

202

#endif

203

#ifdef DES_RISC2

204

#define D_ENCRYPT(LL,R,S) { \

205

unsigned int u1,u2,s1,s2; \

206

LOAD_DATA(R,S,u,t,E0,E1,u1); \

u2=(int)u>>8L; \

u1=(int)u&0xfc; \

u2&=0xfc; \

t=ROTATE(t,4); \

LL^= *(const DES_LONG *)(des_SP +u1); \

212

LL^= *(const DES_LONG *)(des_SP+0x200+u2); \

s1=(int)(u>>16L); \

s2=(int)(u>>24L); \

s1&=0xfc; \

s2&=0xfc; \

LL^= *(const DES_LONG *)(des_SP+0x400+s1); \

218

LL^= *(const DES_LONG *)(des_SP+0x600+s2); \

u2=(int)t>>8L; \

u1=(int)t&0xfc; \

u2&=0xfc; \

LL^= *(const DES_LONG *)(des_SP+0x100+u1); \

223

LL^= *(const DES_LONG *)(des_SP+0x300+u2); \

s1=(int)(t>>16L); \

s2=(int)(t>>24L); \

s1&=0xfc; \

s2&=0xfc; \

LL^= *(const DES_LONG *)(des_SP+0x500+s1); \

229

LL^= *(const DES_LONG *)(des_SP+0x700+s2); }

230

#endif

231

#else

232

#define D_ENCRYPT(LL,R,S) { \

233

LOAD_DATA_tmp(R,S,u,t,E0,E1); \

234

t=ROTATE(t,4); \

235

LL^= \

236

*(const DES_LONG *)(des_SP +((u )&0xfc))^ \

237

*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \

238

*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \

239

*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \

240

*(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \

241

*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \

242

*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \

243

*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }

244

#endif

245

246

#else /* original version */

247

248

#if defined(DES_RISC1) || defined(DES_RISC2)

249

#ifdef DES_RISC1

250

#define D_ENCRYPT(LL,R,S) {\

251

unsigned int u1,u2,u3; \

252

LOAD_DATA(R,S,u,t,E0,E1,u1); \

u>>=2L; \

t=ROTATE(t,6); \

u2=(int)u>>8L; \

u1=(int)u&0x3f; \

u2&=0x3f; \

u>>=16L; \

LL^=DES_SPtrans[0][u1]; \

260

LL^=DES_SPtrans[2][u2]; \

u3=(int)u>>8L; \

u1=(int)u&0x3f; \

u3&=0x3f; \

LL^=DES_SPtrans[4][u1]; \

265

LL^=DES_SPtrans[6][u3]; \

u2=(int)t>>8L; \

u1=(int)t&0x3f; \

u2&=0x3f; \

t>>=16L; \

LL^=DES_SPtrans[1][u1]; \

271

LL^=DES_SPtrans[3][u2]; \

u3=(int)t>>8L; \

u1=(int)t&0x3f; \

u3&=0x3f; \

LL^=DES_SPtrans[5][u1]; \

276

LL^=DES_SPtrans[7][u3]; }

277

#endif

278

#ifdef DES_RISC2

279

#define D_ENCRYPT(LL,R,S) {\

280

unsigned int u1,u2,s1,s2; \

281

LOAD_DATA(R,S,u,t,E0,E1,u1); \

u>>=2L; \

t=ROTATE(t,6); \

u2=(int)u>>8L; \

u1=(int)u&0x3f; \

u2&=0x3f; \

LL^=DES_SPtrans[0][u1]; \

288

LL^=DES_SPtrans[2][u2]; \

s1=(int)u>>16L; \

s2=(int)u>>24L; \

s1&=0x3f; \

s2&=0x3f; \

LL^=DES_SPtrans[4][s1]; \

294

LL^=DES_SPtrans[6][s2]; \

u2=(int)t>>8L; \

u1=(int)t&0x3f; \

u2&=0x3f; \

LL^=DES_SPtrans[1][u1]; \

299

LL^=DES_SPtrans[3][u2]; \

s1=(int)t>>16; \

s2=(int)t>>24L; \

s1&=0x3f; \

s2&=0x3f; \

LL^=DES_SPtrans[5][s1]; \

305

LL^=DES_SPtrans[7][s2]; }

#endif

#else

#define D_ENCRYPT(LL,R,S) {\

311

LOAD_DATA_tmp(R,S,u,t,E0,E1); \

312

t=ROTATE(t,4); \

313

LL^=\

314

DES_SPtrans[0][(u>> 2L)&0x3f]^ \

315

DES_SPtrans[2][(u>>10L)&0x3f]^ \

316

DES_SPtrans[4][(u>>18L)&0x3f]^ \

317

DES_SPtrans[6][(u>>26L)&0x3f]^ \

318

DES_SPtrans[1][(t>> 2L)&0x3f]^ \

319

DES_SPtrans[3][(t>>10L)&0x3f]^ \

320

DES_SPtrans[5][(t>>18L)&0x3f]^ \

321

DES_SPtrans[7][(t>>26L)&0x3f]; }

#endif

#endif

/* IP and FP

* The problem is more of a geometric problem that random bit fiddling.

327

0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6

328

8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4

329

16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2

330

24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0

331

332

32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7

333

40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5

334

48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3

335

56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1

336

337

The output has been subject to swaps of the form

338

0 1 -> 3 1 but the odd and even bits have been put into

339

2 3 2 0

340

different words. The main trick is to remember that

341

t=((l>>size)^r)&(mask);

342

r^=t;

343

l^=(t<<size);

344

can be used to swap and move bits between words.

345

346

So l = 0 1 2 3 r = 16 17 18 19

347

4 5 6 7 20 21 22 23

348

8 9 10 11 24 25 26 27

349

12 13 14 15 28 29 30 31

350

becomes (for size == 2 and mask == 0x3333)

351

t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19

352

6^20 7^21 -- -- 4 5 20 21 6 7 22 23

353

10^24 11^25 -- -- 8 9 24 25 10 11 24 25

354

14^28 15^29 -- -- 12 13 28 29 14 15 28 29

355

356

Thanks for hints from Richard Outerbridge - he told me IP&FP

357

could be done in 15 xor, 10 shifts and 5 ands.

358

When I finally started to think of the problem in 2D

359

I first got ~42 operations without xors. When I remembered

360

how to use xors :-) I got it to its final state.

361

362

#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\

(b)^=(t),\

(a)^=((t)<<(n)))

#define IP(l,r) \

{ \

DES_LONG tt; \

PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \

370

PERM_OP(l,r,tt,16,0x0000ffffL); \

371

PERM_OP(r,l,tt, 2,0x33333333L); \

372

PERM_OP(l,r,tt, 8,0x00ff00ffL); \

373

PERM_OP(r,l,tt, 1,0x55555555L); \

}

#define FP(l,r) \

{ \

DES_LONG tt; \

PERM_OP(l,r,tt, 1,0x55555555L); \

380

PERM_OP(r,l,tt, 8,0x00ff00ffL); \

381

PERM_OP(l,r,tt, 2,0x33333333L); \

382

PERM_OP(r,l,tt,16,0x0000ffffL); \

383

PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \

384

}

385

386

extern const DES_LONG DES_SPtrans[8][64];

387

388

void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,

389

DES_LONG Eswap0, DES_LONG Eswap1);

390

391

#ifdef OPENSSL_SMALL_FOOTPRINT

#undef DES_UNROLL

#endif

__END_HIDDEN_DECLS

#endif

Generated by Squish Coco 4.2.2