]>
Commit | Line | Data |
---|---|---|
4f22f405 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
2d48d5dd | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
d02b48c6 | 10 | #ifndef HEADER_DES_LOCL_H |
0f113f3e | 11 | # define HEADER_DES_LOCL_H |
d02b48c6 | 12 | |
0f113f3e | 13 | # include <openssl/e_os2.h> |
a5bc1e85 | 14 | |
0f113f3e MC |
15 | # include <stdio.h> |
16 | # include <stdlib.h> | |
bfcdd4d0 | 17 | # include <string.h> |
0f113f3e | 18 | |
0f113f3e | 19 | # include <openssl/des.h> |
d02b48c6 | 20 | |
0f113f3e MC |
21 | # ifdef OPENSSL_BUILD_SHLIBCRYPTO |
22 | # undef OPENSSL_EXTERN | |
23 | # define OPENSSL_EXTERN OPENSSL_EXPORT | |
24 | # endif | |
26da3e65 | 25 | |
0f113f3e MC |
26 | # define ITERATIONS 16 |
27 | # define HALF_ITERATIONS 8 | |
d02b48c6 | 28 | |
0f113f3e MC |
29 | # define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ |
30 | l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
31 | l|=((DES_LONG)(*((c)++)))<<16L, \ | |
32 | l|=((DES_LONG)(*((c)++)))<<24L) | |
d02b48c6 RE |
33 | |
34 | /* NOTE - c is not incremented as per c2l */ | |
0f113f3e MC |
35 | # define c2ln(c,l1,l2,n) { \ |
36 | c+=n; \ | |
37 | l1=l2=0; \ | |
38 | switch (n) { \ | |
39 | case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ | |
018fcbec | 40 | /* fall thru */ \ |
0f113f3e | 41 | case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ |
018fcbec | 42 | /* fall thru */ \ |
0f113f3e | 43 | case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ |
018fcbec BE |
44 | /* fall thru */ \ |
45 | case 5: l2|=((DES_LONG)(*(--(c)))); \ | |
46 | /* fall thru */ \ | |
0f113f3e | 47 | case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ |
018fcbec | 48 | /* fall thru */ \ |
0f113f3e | 49 | case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ |
018fcbec | 50 | /* fall thru */ \ |
0f113f3e | 51 | case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ |
018fcbec BE |
52 | /* fall thru */ \ |
53 | case 1: l1|=((DES_LONG)(*(--(c)))); \ | |
0f113f3e MC |
54 | } \ |
55 | } | |
56 | ||
57 | # define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | |
58 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
59 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
60 | *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | |
61 | ||
62 | /* | |
63 | * replacements for htonl and ntohl since I have no idea what to do when | |
64 | * faced with machines with 8 byte longs. | |
65 | */ | |
d02b48c6 | 66 | |
0f113f3e MC |
67 | # define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ |
68 | l|=((DES_LONG)(*((c)++)))<<16L, \ | |
69 | l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
70 | l|=((DES_LONG)(*((c)++)))) | |
d02b48c6 | 71 | |
0f113f3e MC |
72 | # define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ |
73 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
74 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
75 | *((c)++)=(unsigned char)(((l) )&0xff)) | |
d02b48c6 | 76 | |
0f113f3e MC |
77 | /* NOTE - c is not incremented as per l2c */ |
78 | # define l2cn(l1,l2,c,n) { \ | |
79 | c+=n; \ | |
80 | switch (n) { \ | |
81 | case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | |
018fcbec | 82 | /* fall thru */ \ |
0f113f3e | 83 | case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ |
018fcbec | 84 | /* fall thru */ \ |
0f113f3e | 85 | case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ |
018fcbec | 86 | /* fall thru */ \ |
0f113f3e | 87 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ |
018fcbec | 88 | /* fall thru */ \ |
0f113f3e | 89 | case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ |
018fcbec | 90 | /* fall thru */ \ |
0f113f3e | 91 | case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ |
018fcbec | 92 | /* fall thru */ \ |
0f113f3e | 93 | case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ |
018fcbec | 94 | /* fall thru */ \ |
0f113f3e MC |
95 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ |
96 | } \ | |
97 | } | |
98 | ||
604c853d | 99 | # if defined(_MSC_VER) |
0f113f3e MC |
100 | # define ROTATE(a,n) (_lrotr(a,n)) |
101 | # elif defined(__ICC) | |
102 | # define ROTATE(a,n) (_rotr(a,n)) | |
103 | # elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | |
104 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | |
105 | # define ROTATE(a,n) ({ register unsigned int ret; \ | |
106 | asm ("rorl %1,%0" \ | |
107 | : "=r"(ret) \ | |
108 | : "I"(n),"0"(a) \ | |
109 | : "cc"); \ | |
110 | ret; \ | |
111 | }) | |
112 | # endif | |
113 | # endif | |
114 | # ifndef ROTATE | |
115 | # define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) | |
116 | # endif | |
d02b48c6 | 117 | |
0f113f3e MC |
118 | /* |
119 | * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add | |
120 | * it's little bit to the front | |
121 | */ | |
d02b48c6 | 122 | |
0f113f3e MC |
123 | # ifdef DES_FCRYPT |
124 | ||
125 | # define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ | |
126 | { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } | |
127 | ||
128 | # define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
129 | t=R^(R>>16L); \ | |
130 | u=t&E0; t&=E1; \ | |
131 | tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ | |
132 | tmp=(t<<16); t^=R^s[S+1]; t^=tmp | |
133 | # else | |
134 | # define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) | |
135 | # define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
136 | u=R^s[S ]; \ | |
137 | t=R^s[S+1] | |
138 | # endif | |
d02b48c6 | 139 | |
0f113f3e MC |
140 | /* |
141 | * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason | |
142 | * to not xor all the sub items together. This potentially saves a register | |
143 | * since things can be xored directly into L | |
144 | */ | |
d02b48c6 | 145 | |
3e9e810f | 146 | # define D_ENCRYPT(LL,R,S) { \ |
0f113f3e MC |
147 | LOAD_DATA_tmp(R,S,u,t,E0,E1); \ |
148 | t=ROTATE(t,4); \ | |
149 | LL^= \ | |
3e9e810f RS |
150 | DES_SPtrans[0][(u>> 2L)&0x3f]^ \ |
151 | DES_SPtrans[2][(u>>10L)&0x3f]^ \ | |
152 | DES_SPtrans[4][(u>>18L)&0x3f]^ \ | |
153 | DES_SPtrans[6][(u>>26L)&0x3f]^ \ | |
154 | DES_SPtrans[1][(t>> 2L)&0x3f]^ \ | |
155 | DES_SPtrans[3][(t>>10L)&0x3f]^ \ | |
156 | DES_SPtrans[5][(t>>18L)&0x3f]^ \ | |
157 | DES_SPtrans[7][(t>>26L)&0x3f]; } | |
d02b48c6 | 158 | |
0f113f3e MC |
159 | /*- |
160 | * IP and FP | |
161 | * The problem is more of a geometric problem that random bit fiddling. | |
162 | 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 | |
163 | 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 | |
164 | 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 | |
165 | 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 | |
166 | ||
167 | 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 | |
168 | 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 | |
169 | 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 | |
170 | 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 | |
171 | ||
172 | The output has been subject to swaps of the form | |
173 | 0 1 -> 3 1 but the odd and even bits have been put into | |
174 | 2 3 2 0 | |
175 | different words. The main trick is to remember that | |
176 | t=((l>>size)^r)&(mask); | |
177 | r^=t; | |
178 | l^=(t<<size); | |
179 | can be used to swap and move bits between words. | |
180 | ||
181 | So l = 0 1 2 3 r = 16 17 18 19 | |
182 | 4 5 6 7 20 21 22 23 | |
183 | 8 9 10 11 24 25 26 27 | |
184 | 12 13 14 15 28 29 30 31 | |
185 | becomes (for size == 2 and mask == 0x3333) | |
186 | t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 | |
187 | 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 | |
188 | 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 | |
189 | 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 | |
190 | ||
191 | Thanks for hints from Richard Outerbridge - he told me IP&FP | |
192 | could be done in 15 xor, 10 shifts and 5 ands. | |
193 | When I finally started to think of the problem in 2D | |
194 | I first got ~42 operations without xors. When I remembered | |
195 | how to use xors :-) I got it to its final state. | |
196 | */ | |
197 | # define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
198 | (b)^=(t),\ | |
199 | (a)^=((t)<<(n))) | |
200 | ||
201 | # define IP(l,r) \ | |
202 | { \ | |
203 | register DES_LONG tt; \ | |
204 | PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ | |
205 | PERM_OP(l,r,tt,16,0x0000ffffL); \ | |
206 | PERM_OP(r,l,tt, 2,0x33333333L); \ | |
207 | PERM_OP(l,r,tt, 8,0x00ff00ffL); \ | |
208 | PERM_OP(r,l,tt, 1,0x55555555L); \ | |
209 | } | |
210 | ||
211 | # define FP(l,r) \ | |
212 | { \ | |
213 | register DES_LONG tt; \ | |
214 | PERM_OP(l,r,tt, 1,0x55555555L); \ | |
215 | PERM_OP(r,l,tt, 8,0x00ff00ffL); \ | |
216 | PERM_OP(l,r,tt, 2,0x33333333L); \ | |
217 | PERM_OP(r,l,tt,16,0x0000ffffL); \ | |
218 | PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ | |
219 | } | |
d02b48c6 | 220 | |
e62991a0 | 221 | extern const DES_LONG DES_SPtrans[8][64]; |
d02b48c6 | 222 | |
0f113f3e MC |
223 | void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, |
224 | DES_LONG Eswap0, DES_LONG Eswap1); | |
3d6312e8 | 225 | |
d02b48c6 | 226 | #endif |