1 /*****************************************************************************
2
3 Saleem N. Bhatti
4 February 1993
5
6 Patch for Intel/Linux courtesy of Mark Handley & George Pavlou
7 Added 2 August 1996, Saleem
8 *****************************************************************************/
9
10 #include "config_unix.h"
11 #include "config_win32.h"
12 #include "qfDES.h"
13 #include "crypt_random.h"
14
15 typedef unsigned long Word;
16
17 #define B00 0x80000000
18 #define B01 0x40000000
19 #define B02 0x20000000
20 #define B03 0x10000000
21 #define B04 0x08000000
22 #define B05 0x04000000
23 #define B06 0x02000000
24 #define B07 0x01000000
25 #define B08 0x00800000
26 #define B09 0x00400000
27 #define B10 0x00200000
28 #define B11 0x00100000
29 #define B12 0x00080000
30 #define B13 0x00040000
31 #define B14 0x00020000
32 #define B15 0x00010000
33 #define B16 0x00008000
34 #define B17 0x00004000
35 #define B18 0x00002000
36 #define B19 0x00001000
37 #define B20 0x00000800
38 #define B21 0x00000400
39 #define B22 0x00000200
40 #define B23 0x00000100
41 #define B24 0x00000080
42 #define B25 0x00000040
43 #define B26 0x00000020
44 #define B27 0x00000010
45 #define B28 0x00000008
46 #define B29 0x00000004
47 #define B30 0x00000002
48 #define B31 0x00000001
49
50 #define INITIAL_PERMUTATION_AUX(_i0, _i1, _o0, _o1) \
51 { \
52 _o0 = _o1 = 0; \
53 _o0 |= (_i1 & B25) << 25; /* 58 */ \
54 _o0 |= (_i1 & B17) << 16; /* 50 */ \
55 _o0 |= (_i1 & B09) << 7; /* 42 */ \
56 _o0 |= (_i1 & B01) >> 2; /* 34 */ \
57 _o0 |= (_i0 & B25) << 21; /* 26 */ \
58 _o0 |= (_i0 & B17) << 12; /* 18 */ \
59 _o0 |= (_i0 & B09) << 3; /* 10 */ \
60 _o0 |= (_i0 & B01) >> 6; /* 2 */ \
61 _o0 |= (_i1 & B27) << 19; /* 60 */ \
62 _o0 |= (_i1 & B19) << 10; /* 52 */ \
63 _o0 |= (_i1 & B11) << 1; /* 44 */ \
64 _o0 |= (_i1 & B03) >> 8; /* 36 */ \
65 _o0 |= (_i0 & B27) << 15; /* 28 */ \
66 _o0 |= (_i0 & B19) << 6; /* 20 */ \
67 _o0 |= (_i0 & B11) >> 3; /* 12 */ \
68 _o0 |= (_i0 & B03) >> 12; /* 4 */ \
69 _o0 |= (_i1 & B29) << 13; /* 62 */ \
70 _o0 |= (_i1 & B21) << 4; /* 54 */ \
71 _o0 |= (_i1 & B13) >> 5; /* 46 */ \
72 _o0 |= (_i1 & B05) >> 14; /* 38 */ \
73 _o0 |= (_i0 & B29) << 9; /* 30 */ \
74 _o0 |= (_i0 & B21) ; /* 22 */ \
75 _o0 |= (_i0 & B13) >> 9; /* 14 */ \
76 _o0 |= (_i0 & B05) >> 18; /* 6 */ \
77 _o0 |= (_i1 & B31) << 7; /* 64 */ \
78 _o0 |= (_i1 & B23) >> 2; /* 56 */ \
79 _o0 |= (_i1 & B15) >> 11; /* 48 */ \
80 _o0 |= (_i1 & B07) >> 20; /* 40 */ \
81 _o0 |= (_i0 & B31) << 3; /* 32 */ \
82 _o0 |= (_i0 & B23) >> 6; /* 24 */ \
83 _o0 |= (_i0 & B15) >> 15; /* 16 */ \
84 _o0 |= (_i0 & B07) >> 24; /* 8 */ \
85 _o1 |= (_i1 & B24) << 24; /* 57 */ \
86 _o1 |= (_i1 & B16) << 15; /* 49 */ \
87 _o1 |= (_i1 & B08) << 6; /* 41 */ \
88 _o1 |= (_i1 & B00) >> 3; /* 33 */ \
89 _o1 |= (_i0 & B24) << 20; /* 25 */ \
90 _o1 |= (_i0 & B16) << 11; /* 17 */ \
91 _o1 |= (_i0 & B08) << 2; /* 9 */ \
92 _o1 |= (_i0 & B00) >> 7; /* 1 */ \
93 _o1 |= (_i1 & B26) << 18; /* 59 */ \
94 _o1 |= (_i1 & B18) << 9; /* 51 */ \
95 _o1 |= (_i1 & B10) ; /* 43 */ \
96 _o1 |= (_i1 & B02) >> 9; /* 35 */ \
97 _o1 |= (_i0 & B26) << 14; /* 27 */ \
98 _o1 |= (_i0 & B18) << 5; /* 19 */ \
99 _o1 |= (_i0 & B10) >> 4; /* 11 */ \
100 _o1 |= (_i0 & B02) >> 13; /* 3 */ \
101 _o1 |= (_i1 & B28) << 12; /* 61 */ \
102 _o1 |= (_i1 & B20) << 3; /* 53 */ \
103 _o1 |= (_i1 & B12) >> 6; /* 45 */ \
104 _o1 |= (_i1 & B04) >> 15; /* 37 */ \
105 _o1 |= (_i0 & B28) << 8; /* 29 */ \
106 _o1 |= (_i0 & B20) >> 1; /* 21 */ \
107 _o1 |= (_i0 & B12) >> 10; /* 13 */ \
108 _o1 |= (_i0 & B04) >> 19; /* 5 */ \
109 _o1 |= (_i1 & B30) << 6; /* 63 */ \
110 _o1 |= (_i1 & B22) >> 3; /* 55 */ \
111 _o1 |= (_i1 & B14) >> 12; /* 47 */ \
112 _o1 |= (_i1 & B06) >> 21; /* 39 */ \
113 _o1 |= (_i0 & B30) << 2; /* 31 */ \
114 _o1 |= (_i0 & B22) >> 7; /* 23 */ \
115 _o1 |= (_i0 & B14) >> 16; /* 15 */ \
116 _o1 |= (_i0 & B06) >> 25; /* 7 */ \
117 }
118
119 #define FINAL_PERMUTATION_AUX(_i0, _i1, _o0, _o1) \
120 { \
121 _o0 = _o1 = 0; \
122 _o0 |= (_i1 & B07) << 7; /* 40 */ \
123 _o0 |= (_i0 & B07) << 6; /* 8 */ \
124 _o0 |= (_i1 & B15) << 13; /* 48 */ \
125 _o0 |= (_i0 & B15) << 12; /* 16 */ \
126 _o0 |= (_i1 & B23) << 19; /* 56 */ \
127 _o0 |= (_i0 & B23) << 18; /* 24 */ \
128 _o0 |= (_i1 & B31) << 25; /* 64 */ \
129 _o0 |= (_i0 & B31) << 24; /* 32 */ \
130 _o0 |= (_i1 & B06) >> 2; /* 39 */ \
131 _o0 |= (_i0 & B06) >> 3; /* 7 */ \
132 _o0 |= (_i1 & B14) << 4; /* 47 */ \
133 _o0 |= (_i0 & B14) << 3; /* 15 */ \
134 _o0 |= (_i1 & B22) << 10; /* 55 */ \
135 _o0 |= (_i0 & B22) << 9; /* 23 */ \
136 _o0 |= (_i1 & B30) << 16; /* 63 */ \
137 _o0 |= (_i0 & B30) << 15; /* 31 */ \
138 _o0 |= (_i1 & B05) >> 11; /* 38 */ \
139 _o0 |= (_i0 & B05) >> 12; /* 6 */ \
140 _o0 |= (_i1 & B13) >> 5; /* 46 */ \
141 _o0 |= (_i0 & B13) >> 6; /* 14 */ \
142 _o0 |= (_i1 & B21) << 1; /* 54 */ \
143 _o0 |= (_i0 & B21) ; /* 22 */ \
144 _o0 |= (_i1 & B29) << 7; /* 62 */ \
145 _o0 |= (_i0 & B29) << 6; /* 30 */ \
146 _o0 |= (_i1 & B04) >> 20; /* 37 */ \
147 _o0 |= (_i0 & B04) >> 21; /* 5 */ \
148 _o0 |= (_i1 & B12) >> 14; /* 45 */ \
149 _o0 |= (_i0 & B12) >> 15; /* 13 */ \
150 _o0 |= (_i1 & B20) >> 8; /* 53 */ \
151 _o0 |= (_i0 & B20) >> 9; /* 21 */ \
152 _o0 |= (_i1 & B28) >> 2; /* 61 */ \
153 _o0 |= (_i0 & B28) >> 3; /* 29 */ \
154 _o1 |= (_i1 & B03) << 3; /* 36 */ \
155 _o1 |= (_i0 & B03) << 2; /* 4 */ \
156 _o1 |= (_i1 & B11) << 9; /* 44 */ \
157 _o1 |= (_i0 & B11) << 8; /* 12 */ \
158 _o1 |= (_i1 & B19) << 15; /* 52 */ \
159 _o1 |= (_i0 & B19) << 14; /* 20 */ \
160 _o1 |= (_i1 & B27) << 21; /* 60 */ \
161 _o1 |= (_i0 & B27) << 20; /* 28 */ \
162 _o1 |= (_i1 & B02) >> 6; /* 35 */ \
163 _o1 |= (_i0 & B02) >> 7; /* 3 */ \
164 _o1 |= (_i1 & B10) ; /* 43 */ \
165 _o1 |= (_i0 & B10) >> 1; /* 11 */ \
166 _o1 |= (_i1 & B18) << 6; /* 51 */ \
167 _o1 |= (_i0 & B18) << 5; /* 19 */ \
168 _o1 |= (_i1 & B26) << 12; /* 59 */ \
169 _o1 |= (_i0 & B26) << 11; /* 27 */ \
170 _o1 |= (_i1 & B01) >> 15; /* 34 */ \
171 _o1 |= (_i0 & B01) >> 16; /* 2 */ \
172 _o1 |= (_i1 & B09) >> 9; /* 42 */ \
173 _o1 |= (_i0 & B09) >> 10; /* 10 */ \
174 _o1 |= (_i1 & B17) >> 3; /* 50 */ \
175 _o1 |= (_i0 & B17) >> 4; /* 18 */ \
176 _o1 |= (_i1 & B25) << 3; /* 58 */ \
177 _o1 |= (_i0 & B25) << 2; /* 26 */ \
178 _o1 |= (_i1 & B00) >> 24; /* 33 */ \
179 _o1 |= (_i0 & B00) >> 25; /* 1 */ \
180 _o1 |= (_i1 & B08) >> 18; /* 41 */ \
181 _o1 |= (_i0 & B08) >> 19; /* 9 */ \
182 _o1 |= (_i1 & B16) >> 12; /* 49 */ \
183 _o1 |= (_i0 & B16) >> 13; /* 17 */ \
184 _o1 |= (_i1 & B24) >> 6; /* 57 */ \
185 _o1 |= (_i0 & B24) >> 7; /* 25 */ \
186 }
187
188 /* 64b -> 2x28b */
189 #define PC1_AUX(_i0, _i1, _o0, _o1) \
190 { \
191 _o0 = _o1 = 0; \
192 _o0 |= (_i1 & B24) << 24; /* 57 */ \
193 _o0 |= (_i1 & B16) << 15; /* 49 */ \
194 _o0 |= (_i1 & B08) << 6; /* 41 */ \
195 _o0 |= (_i1 & B00) >> 3; /* 33 */ \
196 _o0 |= (_i0 & B24) << 20; /* 25 */ \
197 _o0 |= (_i0 & B16) << 11; /* 17 */ \
198 _o0 |= (_i0 & B08) << 2; /* 9 */ \
199 _o0 |= (_i0 & B00) >> 7; /* 1 */ \
200 _o0 |= (_i1 & B25) << 17; /* 58 */ \
201 _o0 |= (_i1 & B17) << 8; /* 50 */ \
202 _o0 |= (_i1 & B09) >> 1; /* 42 */ \
203 _o0 |= (_i1 & B01) >> 10; /* 34 */ \
204 _o0 |= (_i0 & B25) << 13; /* 26 */ \
205 _o0 |= (_i0 & B17) << 4; /* 18 */ \
206 _o0 |= (_i0 & B09) >> 5; /* 10 */ \
207 _o0 |= (_i0 & B01) >> 14; /* 2 */ \
208 _o0 |= (_i1 & B26) << 10; /* 59 */ \
209 _o0 |= (_i1 & B18) << 1; /* 51 */ \
210 _o0 |= (_i1 & B10) >> 8; /* 43 */ \
211 _o0 |= (_i1 & B02) >> 17; /* 35 */ \
212 _o0 |= (_i0 & B26) << 6; /* 27 */ \
213 _o0 |= (_i0 & B18) >> 3; /* 19 */ \
214 _o0 |= (_i0 & B10) >> 12; /* 11 */ \
215 _o0 |= (_i0 & B02) >> 21; /* 3 */ \
216 _o0 |= (_i1 & B27) << 3; /* 60 */ \
217 _o0 |= (_i1 & B19) >> 6; /* 52 */ \
218 _o0 |= (_i1 & B11) >> 15; /* 44 */ \
219 _o0 |= (_i1 & B03) >> 24; /* 36 */ \
220 _o1 |= (_i1 & B30) << 30; /* 63 */ \
221 _o1 |= (_i1 & B22) << 21; /* 55 */ \
222 _o1 |= (_i1 & B14) << 12; /* 47 */ \
223 _o1 |= (_i1 & B06) << 3; /* 39 */ \
224 _o1 |= (_i0 & B30) << 26; /* 31 */ \
225 _o1 |= (_i0 & B22) << 17; /* 23 */ \
226 _o1 |= (_i0 & B14) << 8; /* 15 */ \
227 _o1 |= (_i0 & B06) >> 1; /* 7 */ \
228 _o1 |= (_i1 & B29) << 21; /* 62 */ \
229 _o1 |= (_i1 & B21) << 12; /* 54 */ \
230 _o1 |= (_i1 & B13) << 3; /* 46 */ \
231 _o1 |= (_i1 & B05) >> 6; /* 38 */ \
232 _o1 |= (_i0 & B29) << 17; /* 30 */ \
233 _o1 |= (_i0 & B21) << 8; /* 22 */ \
234 _o1 |= (_i0 & B13) >> 1; /* 14 */ \
235 _o1 |= (_i0 & B05) >> 10; /* 6 */ \
236 _o1 |= (_i1 & B28) << 12; /* 61 */ \
237 _o1 |= (_i1 & B20) << 3; /* 53 */ \
238 _o1 |= (_i1 & B12) >> 6; /* 45 */ \
239 _o1 |= (_i1 & B04) >> 15; /* 37 */ \
240 _o1 |= (_i0 & B28) << 8; /* 29 */ \
241 _o1 |= (_i0 & B20) >> 1; /* 21 */ \
242 _o1 |= (_i0 & B12) >> 10; /* 13 */ \
243 _o1 |= (_i0 & B04) >> 19; /* 5 */ \
244 _o1 |= (_i0 & B27) << 3; /* 28 */ \
245 _o1 |= (_i0 & B19) >> 6; /* 20 */ \
246 _o1 |= (_i0 & B11) >> 15; /* 12 */ \
247 _o1 |= (_i0 & B03) >> 24; /* 4 */ \
248 }
249
250 /* 2x28b -> 8x6b */
251 #define PC2_AUX(_i0, _i1, _o0, _o1) \
252 { \
253 _o0 = _o1 = 0; \
254 _o0 |= (_i0 & B13) << 11; /* 14 */ \
255 _o0 |= (_i0 & B16) << 13; /* 17 */ \
256 _o0 |= (_i0 & B10) << 6; /* 11 */ \
257 _o0 |= (_i0 & B23) << 18; /* 24 */ \
258 _o0 |= (_i0 & B00) >> 6; /* 1 */ \
259 _o0 |= (_i0 & B04) >> 3; /* 5 */ \
260 _o0 |= (_i0 & B02) >> 8; /* 3 */ \
261 _o0 |= (_i0 & B27) << 16; /* 28 */ \
262 _o0 |= (_i0 & B14) << 2; /* 15 */ \
263 _o0 |= (_i0 & B05) >> 8; /* 6 */ \
264 _o0 |= (_i0 & B20) << 6; /* 21 */ \
265 _o0 |= (_i0 & B09) >> 6; /* 10 */ \
266 _o0 |= (_i0 & B22) << 4; /* 23 */ \
267 _o0 |= (_i0 & B18) >> 1; /* 19 */ \
268 _o0 |= (_i0 & B11) >> 9; /* 12 */ \
269 _o0 |= (_i0 & B03) >> 18; /* 4 */ \
270 _o0 |= (_i0 & B25) << 3; /* 26 */ \
271 _o0 |= (_i0 & B07) >> 16; /* 8 */ \
272 _o0 |= (_i0 & B15) >> 11; /* 16 */ \
273 _o0 |= (_i0 & B06) >> 21; /* 7 */ \
274 _o0 |= (_i0 & B26) >> 2; /* 27 */ \
275 _o0 |= (_i0 & B19) >> 10; /* 20 */ \
276 _o0 |= (_i0 & B12) >> 18; /* 13 */ \
277 _o0 |= (_i0 & B01) >> 30; /* 2 */ \
278 _o1 |= (_i1 & B12) << 10; /* 41 */ \
279 _o1 |= (_i1 & B23) << 20; /* 52 */ \
280 _o1 |= (_i1 & B02) >> 2; /* 31 */ \
281 _o1 |= (_i1 & B08) << 3; /* 37 */ \
282 _o1 |= (_i1 & B18) << 12; /* 47 */ \
283 _o1 |= (_i1 & B26) << 19; /* 55 */ \
284 _o1 |= (_i1 & B01) >> 9; /* 30 */ \
285 _o1 |= (_i1 & B11) ; /* 40 */ \
286 _o1 |= (_i1 & B22) << 10; /* 51 */ \
287 _o1 |= (_i1 & B16) << 3; /* 45 */ \
288 _o1 |= (_i1 & B04) >> 10; /* 33 */ \
289 _o1 |= (_i1 & B19) << 4; /* 48 */ \
290 _o1 |= (_i1 & B15) >> 3; /* 44 */ \
291 _o1 |= (_i1 & B20) << 1; /* 49 */ \
292 _o1 |= (_i1 & B10) >> 10; /* 39 */ \
293 _o1 |= (_i1 & B27) << 6; /* 56 */ \
294 _o1 |= (_i1 & B05) >> 17; /* 34 */ \
295 _o1 |= (_i1 & B24) << 1; /* 53 */ \
296 _o1 |= (_i1 & B17) >> 9; /* 46 */ \
297 _o1 |= (_i1 & B13) >> 14; /* 42 */ \
298 _o1 |= (_i1 & B21) >> 7; /* 50 */ \
299 _o1 |= (_i1 & B07) >> 22; /* 36 */ \
300 _o1 |= (_i1 & B00) >> 30; /* 29 */ \
301 _o1 |= (_i1 & B03) >> 28; /* 32 */ \
302 }
303
304 static
305 Word s_p0[64] =
306 { /* Combined S-Box1 and permutation P */
307 0x00808200, 0x00000000, 0x00008000, 0x00808202,
308 0x00808002, 0x00008202, 0x00000002, 0x00008000,
309 0x00000200, 0x00808200, 0x00808202, 0x00000200,
310 0x00800202, 0x00808002, 0x00800000, 0x00000002,
311 0x00000202, 0x00800200, 0x00800200, 0x00008200,
312 0x00008200, 0x00808000, 0x00808000, 0x00800202,
313 0x00008002, 0x00800002, 0x00800002, 0x00008002,
314 0x00000000, 0x00000202, 0x00008202, 0x00800000,
315 0x00008000, 0x00808202, 0x00000002, 0x00808000,
316 0x00808200, 0x00800000, 0x00800000, 0x00000200,
317 0x00808002, 0x00008000, 0x00008200, 0x00800002,
318 0x00000200, 0x00000002, 0x00800202, 0x00008202,
319 0x00808202, 0x00008002, 0x00808000, 0x00800202,
320 0x00800002, 0x00000202, 0x00008202, 0x00808200,
321 0x00000202, 0x00800200, 0x00800200, 0x00000000,
322 0x00008002, 0x00008200, 0x00000000, 0x00808002
323 };
324
325 static
326 Word s_p1[64] =
327 { /* Combined S-Box2 and permutation P */
328 0x40084010, 0x40004000, 0x00004000, 0x00084010,
329 0x00080000, 0x00000010, 0x40080010, 0x40004010,
330 0x40000010, 0x40084010, 0x40084000, 0x40000000,
331 0x40004000, 0x00080000, 0x00000010, 0x40080010,
332 0x00084000, 0x00080010, 0x40004010, 0x00000000,
333 0x40000000, 0x00004000, 0x00084010, 0x40080000,
334 0x00080010, 0x40000010, 0x00000000, 0x00084000,
335 0x00004010, 0x40084000, 0x40080000, 0x00004010,
336 0x00000000, 0x00084010, 0x40080010, 0x00080000,
337 0x40004010, 0x40080000, 0x40084000, 0x00004000,
338 0x40080000, 0x40004000, 0x00000010, 0x40084010,
339 0x00084010, 0x00000010, 0x00004000, 0x40000000,
340 0x00004010, 0x40084000, 0x00080000, 0x40000010,
341 0x00080010, 0x40004010, 0x40000010, 0x00080010,
342 0x00084000, 0x00000000, 0x40004000, 0x00004010,
343 0x40000000, 0x40080010, 0x40084010, 0x00084000
344 };
345
346 static
347 Word s_p2[64] =
348 { /* Combined S-Box3 and permutation P */
349 0x00000104, 0x04010100, 0x00000000, 0x04010004,
350 0x04000100, 0x00000000, 0x00010104, 0x04000100,
351 0x00010004, 0x04000004, 0x04000004, 0x00010000,
352 0x04010104, 0x00010004, 0x04010000, 0x00000104,
353 0x04000000, 0x00000004, 0x04010100, 0x00000100,
354 0x00010100, 0x04010000, 0x04010004, 0x00010104,
355 0x04000104, 0x00010100, 0x00010000, 0x04000104,
356 0x00000004, 0x04010104, 0x00000100, 0x04000000,
357 0x04010100, 0x04000000, 0x00010004, 0x00000104,
358 0x00010000, 0x04010100, 0x04000100, 0x00000000,
359 0x00000100, 0x00010004, 0x04010104, 0x04000100,
360 0x04000004, 0x00000100, 0x00000000, 0x04010004,
361 0x04000104, 0x00010000, 0x04000000, 0x04010104,
362 0x00000004, 0x00010104, 0x00010100, 0x04000004,
363 0x04010000, 0x04000104, 0x00000104, 0x04010000,
364 0x00010104, 0x00000004, 0x04010004, 0x00010100
365 };
366
367 static
368 Word s_p3[64] =
369 { /* Combined S-Box4 and permutation P */
370 0x80401000, 0x80001040, 0x80001040, 0x00000040,
371 0x00401040, 0x80400040, 0x80400000, 0x80001000,
372 0x00000000, 0x00401000, 0x00401000, 0x80401040,
373 0x80000040, 0x00000000, 0x00400040, 0x80400000,
374 0x80000000, 0x00001000, 0x00400000, 0x80401000,
375 0x00000040, 0x00400000, 0x80001000, 0x00001040,
376 0x80400040, 0x80000000, 0x00001040, 0x00400040,
377 0x00001000, 0x00401040, 0x80401040, 0x80000040,
378 0x00400040, 0x80400000, 0x00401000, 0x80401040,
379 0x80000040, 0x00000000, 0x00000000, 0x00401000,
380 0x00001040, 0x00400040, 0x80400040, 0x80000000,
381 0x80401000, 0x80001040, 0x80001040, 0x00000040,
382 0x80401040, 0x80000040, 0x80000000, 0x00001000,
383 0x80400000, 0x80001000, 0x00401040, 0x80400040,
384 0x80001000, 0x00001040, 0x00400000, 0x80401000,
385 0x00000040, 0x00400000, 0x00001000, 0x00401040
386 };
387
388 static
389 Word s_p4[64] =
390 { /* Combined S-Box5 and permutation P */
391 0x00000080, 0x01040080, 0x01040000, 0x21000080,
392 0x00040000, 0x00000080, 0x20000000, 0x01040000,
393 0x20040080, 0x00040000, 0x01000080, 0x20040080,
394 0x21000080, 0x21040000, 0x00040080, 0x20000000,
395 0x01000000, 0x20040000, 0x20040000, 0x00000000,
396 0x20000080, 0x21040080, 0x21040080, 0x01000080,
397 0x21040000, 0x20000080, 0x00000000, 0x21000000,
398 0x01040080, 0x01000000, 0x21000000, 0x00040080,
399 0x00040000, 0x21000080, 0x00000080, 0x01000000,
400 0x20000000, 0x01040000, 0x21000080, 0x20040080,
401 0x01000080, 0x20000000, 0x21040000, 0x01040080,
402 0x20040080, 0x00000080, 0x01000000, 0x21040000,
403 0x21040080, 0x00040080, 0x21000000, 0x21040080,
404 0x01040000, 0x00000000, 0x20040000, 0x21000000,
405 0x00040080, 0x01000080, 0x20000080, 0x00040000,
406 0x00000000, 0x20040000, 0x01040080, 0x20000080
407 };
408
409 static
410 Word s_p5[64] =
411 { /* Combined S-Box6 and permutation P */
412 0x10000008, 0x10200000, 0x00002000, 0x10202008,
413 0x10200000, 0x00000008, 0x10202008, 0x00200000,
414 0x10002000, 0x00202008, 0x00200000, 0x10000008,
415 0x00200008, 0x10002000, 0x10000000, 0x00002008,
416 0x00000000, 0x00200008, 0x10002008, 0x00002000,
417 0x00202000, 0x10002008, 0x00000008, 0x10200008,
418 0x10200008, 0x00000000, 0x00202008, 0x10202000,
419 0x00002008, 0x00202000, 0x10202000, 0x10000000,
420 0x10002000, 0x00000008, 0x10200008, 0x00202000,
421 0x10202008, 0x00200000, 0x00002008, 0x10000008,
422 0x00200000, 0x10002000, 0x10000000, 0x00002008,
423 0x10000008, 0x10202008, 0x00202000, 0x10200000,
424 0x00202008, 0x10202000, 0x00000000, 0x10200008,
425 0x00000008, 0x00002000, 0x10200000, 0x00202008,
426 0x00002000, 0x00200008, 0x10002008, 0x00000000,
427 0x10202000, 0x10000000, 0x00200008, 0x10002008
428 };
429
430 static
431 Word s_p6[64] =
432 { /* Combined S-Box7 and permutation P */
433 0x00100000, 0x02100001, 0x02000401, 0x00000000,
434 0x00000400, 0x02000401, 0x00100401, 0x02100400,
435 0x02100401, 0x00100000, 0x00000000, 0x02000001,
436 0x00000001, 0x02000000, 0x02100001, 0x00000401,
437 0x02000400, 0x00100401, 0x00100001, 0x02000400,
438 0x02000001, 0x02100000, 0x02100400, 0x00100001,
439 0x02100000, 0x00000400, 0x00000401, 0x02100401,
440 0x00100400, 0x00000001, 0x02000000, 0x00100400,
441 0x02000000, 0x00100400, 0x00100000, 0x02000401,
442 0x02000401, 0x02100001, 0x02100001, 0x00000001,
443 0x00100001, 0x02000000, 0x02000400, 0x00100000,
444 0x02100400, 0x00000401, 0x00100401, 0x02100400,
445 0x00000401, 0x02000001, 0x02100401, 0x02100000,
446 0x00100400, 0x00000000, 0x00000001, 0x02100401,
447 0x00000000, 0x00100401, 0x02100000, 0x00000400,
448 0x02000001, 0x02000400, 0x00000400, 0x00100001
449 };
450
451 static
452 Word s_p7[64] =
453 { /* Combined S-Box8 and permutation P */
454 0x08000820, 0x00000800, 0x00020000, 0x08020820,
455 0x08000000, 0x08000820, 0x00000020, 0x08000000,
456 0x00020020, 0x08020000, 0x08020820, 0x00020800,
457 0x08020800, 0x00020820, 0x00000800, 0x00000020,
458 0x08020000, 0x08000020, 0x08000800, 0x00000820,
459 0x00020800, 0x00020020, 0x08020020, 0x08020800,
460 0x00000820, 0x00000000, 0x00000000, 0x08020020,
461 0x08000020, 0x08000800, 0x00020820, 0x00020000,
462 0x00020820, 0x00020000, 0x08020800, 0x00000800,
463 0x00000020, 0x08020020, 0x00000800, 0x00020820,
464 0x08000800, 0x00000020, 0x08000020, 0x08020000,
465 0x08020020, 0x08000000, 0x00020000, 0x08000820,
466 0x00000000, 0x08020820, 0x00020020, 0x08000020,
467 0x08020000, 0x08000800, 0x08000820, 0x00000000,
468 0x08020820, 0x00020800, 0x00020800, 0x00000820,
469 0x00000820, 0x00020020, 0x08000000, 0x08020800
470 };
471
472 #define INITIAL_PERMUTATION(t, regL, regR) \
473 INITIAL_PERMUTATION_AUX(t[0], t[1], regL, regR)
474
475 #define FINAL_PERMUTATION(regR, regL, t) \
476 FINAL_PERMUTATION_AUX(regR, regL, t[0], t[1])
477
478 #define PC1(k, regC, regD) \
479 PC1_AUX(k[0], k[1], regC, regD)
480
481 #define PC2(regC, regD, k) \
482 PC2_AUX(regC, regD, k[0], k[1])
483
484 unsigned char G_padChar = (char) 0; /* Default pad charcater */
485
ROTATE_LEFT(Word x)486 static Word ROTATE_LEFT(Word x)
487 {
488 Word a;
489 a = (x & 0x80000000) >> 27;
490 return (x << 1) | a;
491 }
492
ROTATE_RIGHT(Word x)493 static Word ROTATE_RIGHT(Word x)
494 {
495 Word a;
496 a = x & 0x00000010;
497 return (x >> 1) | (a << 27);
498 }
499
500 /*
501 ** The S Box transformations and the permutation P are combined in the vectors
502 ** s_p0 - s_p7. Permutation E and the MOD 2 addition with the intermediate key
503 ** are then done "inline" on each round. The intermediate key is already in a
504 ** a 8x6bit form because of the modified permuation PC2 used.
505 */
506
507 #if !defined(WORDS_BIGENDIAN)
508
509 #define DES(t, ik) \
510 { \
511 register Word l, r, reg32, round; \
512 register unsigned char *bb; \
513 INITIAL_PERMUTATION(t, l, r); \
514 for(bb = (unsigned char *) ik, round = 0x8000; round; bb += 8, round >>= 1) { \
515 register Word w = (r << 1) | (r >> 31); \
516 reg32 = s_p7[( w & 0x3f) ^ bb[4]]; \
517 reg32 |= s_p6[((w >>= 4) & 0x3f) ^ bb[5]]; \
518 reg32 |= s_p5[((w >>= 4) & 0x3f) ^ bb[6]]; \
519 reg32 |= s_p4[((w >>= 4) & 0x3f) ^ bb[7]]; \
520 reg32 |= s_p3[((w >>= 4) & 0x3f) ^ bb[0]]; \
521 reg32 |= s_p2[((w >>= 4) & 0x3f) ^ bb[1]]; \
522 reg32 |= s_p1[((w >> 4) & 0x3f) ^ bb[2]]; \
523 reg32 |= s_p0[(((r & 0x1) << 5) | ((r & 0xf8000000) >> 27)) ^ bb[3]]; \
524 reg32 ^= l; \
525 l = r; \
526 r = reg32; \
527 } \
528 FINAL_PERMUTATION(r, l, t); \
529 }
530
531
532 #define MAKE_LITTLE_ENDIAN(t, s) \
533 { \
534 register unsigned int z, l = s/4; \
535 register Word *tp = (Word *) t; \
536 for(z = 0; z < l; ++z) tp[z] = htonl(tp[z]); \
537 }
538
539 #else /* WORDS_BIGENDIAN */
540
541 #define DES(t, ik) \
542 { \
543 register Word l, r, reg32, round; \
544 register unsigned char *bb; \
545 INITIAL_PERMUTATION(t, l, r); \
546 for(bb = (unsigned char *) ik, round = 0x8000; round; bb += 8, round >>= 1) { \
547 register Word w = (r << 1) | (r >> 31); \
548 reg32 = s_p7[( w & 0x3f) ^ bb[7]]; \
549 reg32 |= s_p6[((w >>= 4) & 0x3f) ^ bb[6]]; \
550 reg32 |= s_p5[((w >>= 4) & 0x3f) ^ bb[5]]; \
551 reg32 |= s_p4[((w >>= 4) & 0x3f) ^ bb[4]]; \
552 reg32 |= s_p3[((w >>= 4) & 0x3f) ^ bb[3]]; \
553 reg32 |= s_p2[((w >>= 4) & 0x3f) ^ bb[2]]; \
554 reg32 |= s_p1[((w >> 4) & 0x3f) ^ bb[1]]; \
555 reg32 |= s_p0[(((r & 0x1) << 5) | ((r & 0xf8000000) >> 27)) ^ bb[0]]; \
556 reg32 ^= l; \
557 l = r; \
558 r = reg32; \
559 } \
560 FINAL_PERMUTATION(r, l, t); \
561 }
562
563 #endif /* WORDS_BIGENDIAN */
564
565 int
qfDES(unsigned char * key,unsigned char * data,unsigned int size,const QFDES_what what,const QFDES_mode mode,unsigned char * initVec)566 qfDES(unsigned char *key,
567 unsigned char *data,
568 unsigned int size,
569 const QFDES_what what,
570 const QFDES_mode mode,
571 unsigned char *initVec)
572 {
573 /* Store some info to optimise for multiple calls ... */
574 static unsigned char desKey[8], desKeys[128];
575 static Word *oldKey = (Word *) desKey,
576 *keys = (Word *) desKeys;
577 static QFDES_what oldWhat;
578 static QFDES_mode oldMode;
579 unsigned char b0[8], b1[8]; /* feedback blocks */
580 Word *newKey = (Word *) key, /* key from user */
581 *text, /* text to be [en|de]crypted */
582 *cb = (Word *) b0, /* the chained block in CBC mode */
583 *cb1 = (Word *) b1; /* a copy for use when decrypting */
584
585 #if !defined(WORDS_BIGENDIAN)
586 unsigned int origSize = size;
587 MAKE_LITTLE_ENDIAN(key, 8);
588 MAKE_LITTLE_ENDIAN(data, origSize);
589 #endif
590
591 /*
592 ** Check new key against old key
593 ** and set up intermediate keys.
594 */
595 if (newKey[0] != oldKey[0] || newKey[1] != oldKey[1]) {
596 Word c, d; /* C and D registers */
597
598 oldKey[0] = newKey[0]; oldKey[1] = newKey[1];
599 oldWhat = what;
600 oldMode = mode;
601
602 PC1(newKey, c, d);
603
604 if ((what == qfDES_encrypt) || (mode == qfDES_cfb) || (mode == qfDES_ofb)) {
605 int z;
606 Word r;
607 Word *k = keys;
608 Word rol[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
609
610 for(z = 0; z < 16; z++, k += 2) {
611 for (r = 0; r < rol[z]; r++) {
612 c = ROTATE_LEFT(c);
613 d = ROTATE_LEFT(d);
614 }
615 PC2(c, d, k);
616 }
617 } else {
618 int z;
619 Word r;
620 Word *k = keys;
621 Word ror[16] = {0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
622
623 for(z = 0; z < 16; z++, k += 2) {
624 r = 0;
625 while (ror[z] > r) {
626 r++;
627 c = ROTATE_RIGHT(c);
628 d = ROTATE_RIGHT(d);
629 }
630 PC2(c, d, k);
631 }
632 }
633 } else if ((what != oldWhat) && ((mode == qfDES_ecb) || (mode == qfDES_cbc))) {
634 /*
635 ** Same key but different direction.
636 ** Reverse intermediate key sequence (ECB and CBC).
637 */
638 Word *ik1, *ik2, ik3[2];
639
640 for(ik1 = keys, ik2 = &(keys[30]); ik1 < ik2; ik1 += 2, ik2 -= 2) {
641 ik3[0] = ik1[0]; ik3[1] = ik1[1];
642 ik1[0] = ik2[0]; ik1[1] = ik2[1];
643 ik2[0] = ik3[0]; ik2[1] = ik3[1];
644 }
645
646 oldWhat = what;
647 }
648
649 /* Set up initilaisation vector */
650 if (mode != qfDES_ecb) {
651 if (initVec) {
652 { cb[0] = ((Word *) initVec)[0]; cb[1] = ((Word *) initVec)[1]; }
653 } else {
654 cb[0] = 0;
655 cb[1] = 0;
656 }
657 #if !defined(WORDS_BIGENDIAN)
658 MAKE_LITTLE_ENDIAN(cb, 8);
659 #endif
660 }
661
662 /*
663 ** Lots of gotos and code duplication follow (arrgh) but it speeds
664 ** it up a wee bit!
665 ** What would be more useful is looking more carefully at the DES
666 ** permutations to produce more efficient versions of the macros
667 ** of the "auto-generated" versions used in qfDES-aux.c.
668 */
669
670 size >>= 3; /* this is always a multpile of 8 */
671
672 if (what == qfDES_encrypt) {
673 switch ((int) mode) {
674 case ((int) qfDES_ecb): goto _ECB_;
675 case ((int) qfDES_cbc): goto _CBC_encrypt_;
676 case ((int) qfDES_cfb): goto _CFB_encrypt_;
677 case ((int) qfDES_ofb): goto _OFB_;
678 }
679 }
680 else {
681 switch ((int) mode) {
682 case ((int) qfDES_ecb): goto _ECB_;
683 case ((int) qfDES_cbc): goto _CBC_decrypt_;
684 case ((int) qfDES_cfb): goto _CFB_decrypt_;
685 case ((int) qfDES_ofb): goto _OFB_;
686 }
687 }
688
689 _ECB_:
690
691 /* ECB */
692 for(text = (Word *) data; size; --size, text += 2)
693 { DES(text, keys); }
694
695 goto _exit_qfDES_;
696
697 _CBC_encrypt_:
698
699 /* CBC Encryption */
700 for(text = (Word *) data; size; --size, text += 2) {
701
702 /* chaining block */
703 text[0] ^= cb[0]; text[1] ^= cb[1];
704
705 DES(text, keys);
706
707 /* set up chaining block for next round */
708 cb[0] = text[0]; cb[1] = text[1];
709 }
710
711 goto _initVec_;
712
713 _CBC_decrypt_:
714
715 /* CBC Decryption */
716 for(text = (Word *) data; size; --size, text += 2) {
717
718 /* set up chaining block */
719 /*
720 ** The decryption is done in place so I need
721 ** to copy this text block for the next round.
722 */
723 cb1[0] = text[0]; cb1[1] = text[1];
724
725 DES(text, keys);
726
727 /* chaining block for next round */
728 text[0] ^= cb[0]; text[1] ^= cb[1];
729
730 /*
731 ** Copy back the saved encrypted text - this makes
732 ** CBC decryption slower than CBC encryption.
733 */
734 cb[0] = cb1[0]; cb[1] = cb1[1];
735 }
736
737 goto _initVec_;
738
739 _CFB_encrypt_:
740
741 /* CFB Encryption */
742 for(text = (Word *) data; size; --size, text += 2) {
743
744 /* use cb as the feedback block */
745 DES(cb, keys);
746
747 text[0] ^= cb[0]; text[1] ^= cb[1];
748
749 /* set up feedback block for next round */
750 cb[0] = text[0]; cb[1] = text[1];
751 }
752
753 goto _initVec_;
754
755 _CFB_decrypt_:
756
757 /* CFB Decryption */
758 for(text = (Word *) data; size; --size, text += 2) {
759
760 /* set up feedback block */
761 /*
762 ** The decryption is done in place so I need
763 ** to copy this text block for the next round.
764 */
765 cb1[0] = text[0]; cb1[1] = text[1];
766
767 /* use cb as the feedback block */
768 DES(cb, keys);
769
770 text[0] ^= cb[0]; text[1] ^= cb[1];
771
772 /* set up feedback block for next round */
773 cb[0] = cb1[0]; cb[1] = cb1[1];
774 }
775
776 goto _initVec_;
777
778 _OFB_:
779
780 /* OFB */
781 for(text = (Word *) data; size; --size, text += 2) {
782
783 /* use cb as the feed back block */
784 DES(cb, keys);
785
786 text[0] ^= cb[0]; text[1] ^= cb[1];
787 }
788
789 _initVec_:
790
791 /*
792 ** Copy the final chained block back to initVec (CBC, CFB and OFB).
793 ** This allows the [en|de]cryption of large amounts of data in small
794 ** chunks.
795 */
796 if (initVec) {
797 ((Word *) initVec)[0] = cb[0];
798 ((Word *) initVec)[1] = cb[1];
799
800 #if !defined(WORDS_BIGENDIAN)
801 MAKE_LITTLE_ENDIAN(initVec, 8);
802 #endif
803 }
804
805 _exit_qfDES_:
806
807 #if !defined(WORDS_BIGENDIAN)
808 MAKE_LITTLE_ENDIAN(key, 8);
809 MAKE_LITTLE_ENDIAN(data, origSize);
810 #endif
811
812 return 0;
813 }
814
815 /*
816 ** This function sets bit 8 of each byte to odd or even parity as requested.
817 ** It is assumed that the right-most bit of each byte is the parity bit.
818 ** Although this is really only used by the two key generation functions below,
819 ** it may be useful to someone.
820 */
821
qfDES_setParity(unsigned char * ptr,unsigned int size,const QFDES_parity parity)822 void qfDES_setParity(unsigned char *ptr, unsigned int size, const QFDES_parity parity)
823 {
824 unsigned int i, mask, bits;
825
826 for(i = 0; i < size; ++i, ++ptr) {
827 for(mask = 0x80, bits = 0; mask > 0x01; mask >>= 1)
828 if (((unsigned int) *ptr) & mask) ++bits;
829
830 *ptr |= bits % 2 == (unsigned int) parity ? 0x00 : 0x01;
831 }
832 }
833
qfDES_checkParity(unsigned char * ptr,unsigned int size,const QFDES_parity parity)834 unsigned int qfDES_checkParity(unsigned char *ptr, unsigned int size, const QFDES_parity parity)
835 {
836 unsigned int i, mask, bits, parityBit, parityErrors = 0;
837
838 for(i = 0; i < size; ++i, ++ptr) {
839 for(mask = 0x80, bits = 0; mask > 0x01; mask >>= 1)
840 if (((unsigned int) *ptr) & mask) ++bits;
841
842 parityBit = bits % 2 == (unsigned int) parity ? 0 : 1;
843
844 if ((((unsigned int) *ptr) & 0x1) != parityBit)
845 ++parityErrors;
846 }
847
848 return parityErrors;
849 }
850
851 static
852 unsigned char weakKeys[18][8] =
853 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
854 {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
855 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
856 {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe},
857 {0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e},
858 {0xe0, 0xe0, 0xe0, 0xe0, 0xf1, 0xf1, 0xf1, 0xf1},
859 {0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe},
860 {0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01},
861 {0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1},
862 {0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e},
863 {0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1},
864 {0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01},
865 {0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe},
866 {0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e},
867 {0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e},
868 {0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01},
869 {0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe},
870 {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1}};
871
872 /*
873 ** Although this is really only used by the key generation function below,
874 ** it may be handy to someone.
875 */
876
qfDES_checkWeakKeys(unsigned char * key)877 int qfDES_checkWeakKeys(unsigned char *key)
878 {
879 unsigned char *bp;
880 int i;
881
882 for(bp = weakKeys[i = 0]; i < 18; bp = weakKeys[++i])
883 if (memcmp((void *) key, (void *) bp, 8) == 0) return -1;
884
885 return 0;
886 }
887
888 /*
889 ** The following function attempts to genreate a random key or IV.
890 ** It relies on the randomness of the of the random(3) function. Although
891 ** it is probably not particularly fast, keys and IV will most probably be
892 ** generated off-line so it does not matter too much.
893 */
894
qfDES_generate(const QFDES_generate what)895 unsigned char *qfDES_generate(const QFDES_generate what)
896 {
897 static
898 unsigned char buffer[8];
899 static
900 int flag = 0;
901
902 unsigned char *bp;
903 long mask = what == qfDES_key ? 0xfe : 0xff;
904
905 /* Set up a seed - 42 is the answer ... */
906 if (!flag) {
907 lbl_srandom((int) (getpid() * 42) ^ (int) time((time_t *) 0));
908 flag = 1;
909 }
910 do {
911
912 for(bp = buffer; bp <= &(buffer[7]); *bp++ = (unsigned char) (lbl_random() & mask));
913
914 if (what == qfDES_key)
915 qfDES_setParity(buffer, 8, qfDES_odd);
916
917 } while(what == qfDES_key ? qfDES_checkWeakKeys(buffer) : 0);
918
919 return buffer;
920 }
921
922 unsigned char
qfDES_setPad(unsigned char pad)923 qfDES_setPad(unsigned char pad)
924 {
925 unsigned char b = G_padChar; G_padChar = pad; return b;
926 }
927
928