xref: /dragonfly/crypto/libressl/crypto/rc2/rc2_cbc.c (revision f5b1c8a1)
1 /* $OpenBSD: rc2_cbc.c,v 1.4 2014/06/12 15:49:30 deraadt Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <openssl/rc2.h>
60 #include "rc2_locl.h"
61 
62 void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
63 	     RC2_KEY *ks, unsigned char *iv, int encrypt)
64 	{
65 	unsigned long tin0,tin1;
66 	unsigned long tout0,tout1,xor0,xor1;
67 	long l=length;
68 	unsigned long tin[2];
69 
70 	if (encrypt)
71 		{
72 		c2l(iv,tout0);
73 		c2l(iv,tout1);
74 		iv-=8;
75 		for (l-=8; l>=0; l-=8)
76 			{
77 			c2l(in,tin0);
78 			c2l(in,tin1);
79 			tin0^=tout0;
80 			tin1^=tout1;
81 			tin[0]=tin0;
82 			tin[1]=tin1;
83 			RC2_encrypt(tin,ks);
84 			tout0=tin[0]; l2c(tout0,out);
85 			tout1=tin[1]; l2c(tout1,out);
86 			}
87 		if (l != -8)
88 			{
89 			c2ln(in,tin0,tin1,l+8);
90 			tin0^=tout0;
91 			tin1^=tout1;
92 			tin[0]=tin0;
93 			tin[1]=tin1;
94 			RC2_encrypt(tin,ks);
95 			tout0=tin[0]; l2c(tout0,out);
96 			tout1=tin[1]; l2c(tout1,out);
97 			}
98 		l2c(tout0,iv);
99 		l2c(tout1,iv);
100 		}
101 	else
102 		{
103 		c2l(iv,xor0);
104 		c2l(iv,xor1);
105 		iv-=8;
106 		for (l-=8; l>=0; l-=8)
107 			{
108 			c2l(in,tin0); tin[0]=tin0;
109 			c2l(in,tin1); tin[1]=tin1;
110 			RC2_decrypt(tin,ks);
111 			tout0=tin[0]^xor0;
112 			tout1=tin[1]^xor1;
113 			l2c(tout0,out);
114 			l2c(tout1,out);
115 			xor0=tin0;
116 			xor1=tin1;
117 			}
118 		if (l != -8)
119 			{
120 			c2l(in,tin0); tin[0]=tin0;
121 			c2l(in,tin1); tin[1]=tin1;
122 			RC2_decrypt(tin,ks);
123 			tout0=tin[0]^xor0;
124 			tout1=tin[1]^xor1;
125 			l2cn(tout0,tout1,out,l+8);
126 			xor0=tin0;
127 			xor1=tin1;
128 			}
129 		l2c(xor0,iv);
130 		l2c(xor1,iv);
131 		}
132 	tin0=tin1=tout0=tout1=xor0=xor1=0;
133 	tin[0]=tin[1]=0;
134 	}
135 
136 void RC2_encrypt(unsigned long *d, RC2_KEY *key)
137 	{
138 	int i,n;
139 	RC2_INT *p0,*p1;
140 	RC2_INT x0,x1,x2,x3,t;
141 	unsigned long l;
142 
143 	l=d[0];
144 	x0=(RC2_INT)l&0xffff;
145 	x1=(RC2_INT)(l>>16L);
146 	l=d[1];
147 	x2=(RC2_INT)l&0xffff;
148 	x3=(RC2_INT)(l>>16L);
149 
150 	n=3;
151 	i=5;
152 
153 	p0=p1= &(key->data[0]);
154 	for (;;)
155 		{
156 		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
157 		x0=(t<<1)|(t>>15);
158 		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
159 		x1=(t<<2)|(t>>14);
160 		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
161 		x2=(t<<3)|(t>>13);
162 		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
163 		x3=(t<<5)|(t>>11);
164 
165 		if (--i == 0)
166 			{
167 			if (--n == 0) break;
168 			i=(n == 2)?6:5;
169 
170 			x0+=p1[x3&0x3f];
171 			x1+=p1[x0&0x3f];
172 			x2+=p1[x1&0x3f];
173 			x3+=p1[x2&0x3f];
174 			}
175 		}
176 
177 	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
178 	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
179 	}
180 
181 void RC2_decrypt(unsigned long *d, RC2_KEY *key)
182 	{
183 	int i,n;
184 	RC2_INT *p0,*p1;
185 	RC2_INT x0,x1,x2,x3,t;
186 	unsigned long l;
187 
188 	l=d[0];
189 	x0=(RC2_INT)l&0xffff;
190 	x1=(RC2_INT)(l>>16L);
191 	l=d[1];
192 	x2=(RC2_INT)l&0xffff;
193 	x3=(RC2_INT)(l>>16L);
194 
195 	n=3;
196 	i=5;
197 
198 	p0= &(key->data[63]);
199 	p1= &(key->data[0]);
200 	for (;;)
201 		{
202 		t=((x3<<11)|(x3>>5))&0xffff;
203 		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
204 		t=((x2<<13)|(x2>>3))&0xffff;
205 		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
206 		t=((x1<<14)|(x1>>2))&0xffff;
207 		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
208 		t=((x0<<15)|(x0>>1))&0xffff;
209 		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
210 
211 		if (--i == 0)
212 			{
213 			if (--n == 0) break;
214 			i=(n == 2)?6:5;
215 
216 			x3=(x3-p1[x2&0x3f])&0xffff;
217 			x2=(x2-p1[x1&0x3f])&0xffff;
218 			x1=(x1-p1[x0&0x3f])&0xffff;
219 			x0=(x0-p1[x3&0x3f])&0xffff;
220 			}
221 		}
222 
223 	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
224 	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
225 	}
226 
227