1 /*
2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DES low level APIs are deprecated for public use, but still ok for internal
12 * use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/crypto.h>
17 #include "des_local.h"
18 #include "spr.h"
19
DES_encrypt1(DES_LONG * data,DES_key_schedule * ks,int enc)20 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
21 {
22 register DES_LONG l, r, t, u;
23 register DES_LONG *s;
24
25 r = data[0];
26 l = data[1];
27
28 IP(r, l);
29 /*
30 * Things have been modified so that the initial rotate is done outside
31 * the loop. This required the DES_SPtrans values in sp.h to be rotated
32 * 1 bit to the right. One perl script later and things have a 5% speed
33 * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
34 */
35 /* clear the top bits on machines with 8byte longs */
36 /* shift left by 2 */
37 r = ROTATE(r, 29) & 0xffffffffL;
38 l = ROTATE(l, 29) & 0xffffffffL;
39
40 s = ks->ks->deslong;
41 /*
42 * I don't know if it is worth the effort of loop unrolling the inner
43 * loop
44 */
45 if (enc) {
46 D_ENCRYPT(l, r, 0); /* 1 */
47 D_ENCRYPT(r, l, 2); /* 2 */
48 D_ENCRYPT(l, r, 4); /* 3 */
49 D_ENCRYPT(r, l, 6); /* 4 */
50 D_ENCRYPT(l, r, 8); /* 5 */
51 D_ENCRYPT(r, l, 10); /* 6 */
52 D_ENCRYPT(l, r, 12); /* 7 */
53 D_ENCRYPT(r, l, 14); /* 8 */
54 D_ENCRYPT(l, r, 16); /* 9 */
55 D_ENCRYPT(r, l, 18); /* 10 */
56 D_ENCRYPT(l, r, 20); /* 11 */
57 D_ENCRYPT(r, l, 22); /* 12 */
58 D_ENCRYPT(l, r, 24); /* 13 */
59 D_ENCRYPT(r, l, 26); /* 14 */
60 D_ENCRYPT(l, r, 28); /* 15 */
61 D_ENCRYPT(r, l, 30); /* 16 */
62 } else {
63 D_ENCRYPT(l, r, 30); /* 16 */
64 D_ENCRYPT(r, l, 28); /* 15 */
65 D_ENCRYPT(l, r, 26); /* 14 */
66 D_ENCRYPT(r, l, 24); /* 13 */
67 D_ENCRYPT(l, r, 22); /* 12 */
68 D_ENCRYPT(r, l, 20); /* 11 */
69 D_ENCRYPT(l, r, 18); /* 10 */
70 D_ENCRYPT(r, l, 16); /* 9 */
71 D_ENCRYPT(l, r, 14); /* 8 */
72 D_ENCRYPT(r, l, 12); /* 7 */
73 D_ENCRYPT(l, r, 10); /* 6 */
74 D_ENCRYPT(r, l, 8); /* 5 */
75 D_ENCRYPT(l, r, 6); /* 4 */
76 D_ENCRYPT(r, l, 4); /* 3 */
77 D_ENCRYPT(l, r, 2); /* 2 */
78 D_ENCRYPT(r, l, 0); /* 1 */
79 }
80
81 /* rotate and clear the top bits on machines with 8byte longs */
82 l = ROTATE(l, 3) & 0xffffffffL;
83 r = ROTATE(r, 3) & 0xffffffffL;
84
85 FP(r, l);
86 data[0] = l;
87 data[1] = r;
88 l = r = t = u = 0;
89 }
90
DES_encrypt2(DES_LONG * data,DES_key_schedule * ks,int enc)91 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
92 {
93 register DES_LONG l, r, t, u;
94 register DES_LONG *s;
95
96 r = data[0];
97 l = data[1];
98
99 /*
100 * Things have been modified so that the initial rotate is done outside
101 * the loop. This required the DES_SPtrans values in sp.h to be rotated
102 * 1 bit to the right. One perl script later and things have a 5% speed
103 * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
104 */
105 /* clear the top bits on machines with 8byte longs */
106 r = ROTATE(r, 29) & 0xffffffffL;
107 l = ROTATE(l, 29) & 0xffffffffL;
108
109 s = ks->ks->deslong;
110 /*
111 * I don't know if it is worth the effort of loop unrolling the inner
112 * loop
113 */
114 if (enc) {
115 D_ENCRYPT(l, r, 0); /* 1 */
116 D_ENCRYPT(r, l, 2); /* 2 */
117 D_ENCRYPT(l, r, 4); /* 3 */
118 D_ENCRYPT(r, l, 6); /* 4 */
119 D_ENCRYPT(l, r, 8); /* 5 */
120 D_ENCRYPT(r, l, 10); /* 6 */
121 D_ENCRYPT(l, r, 12); /* 7 */
122 D_ENCRYPT(r, l, 14); /* 8 */
123 D_ENCRYPT(l, r, 16); /* 9 */
124 D_ENCRYPT(r, l, 18); /* 10 */
125 D_ENCRYPT(l, r, 20); /* 11 */
126 D_ENCRYPT(r, l, 22); /* 12 */
127 D_ENCRYPT(l, r, 24); /* 13 */
128 D_ENCRYPT(r, l, 26); /* 14 */
129 D_ENCRYPT(l, r, 28); /* 15 */
130 D_ENCRYPT(r, l, 30); /* 16 */
131 } else {
132 D_ENCRYPT(l, r, 30); /* 16 */
133 D_ENCRYPT(r, l, 28); /* 15 */
134 D_ENCRYPT(l, r, 26); /* 14 */
135 D_ENCRYPT(r, l, 24); /* 13 */
136 D_ENCRYPT(l, r, 22); /* 12 */
137 D_ENCRYPT(r, l, 20); /* 11 */
138 D_ENCRYPT(l, r, 18); /* 10 */
139 D_ENCRYPT(r, l, 16); /* 9 */
140 D_ENCRYPT(l, r, 14); /* 8 */
141 D_ENCRYPT(r, l, 12); /* 7 */
142 D_ENCRYPT(l, r, 10); /* 6 */
143 D_ENCRYPT(r, l, 8); /* 5 */
144 D_ENCRYPT(l, r, 6); /* 4 */
145 D_ENCRYPT(r, l, 4); /* 3 */
146 D_ENCRYPT(l, r, 2); /* 2 */
147 D_ENCRYPT(r, l, 0); /* 1 */
148 }
149 /* rotate and clear the top bits on machines with 8byte longs */
150 data[0] = ROTATE(l, 3) & 0xffffffffL;
151 data[1] = ROTATE(r, 3) & 0xffffffffL;
152 l = r = t = u = 0;
153 }
154
DES_encrypt3(DES_LONG * data,DES_key_schedule * ks1,DES_key_schedule * ks2,DES_key_schedule * ks3)155 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
156 DES_key_schedule *ks2, DES_key_schedule *ks3)
157 {
158 register DES_LONG l, r;
159
160 l = data[0];
161 r = data[1];
162 IP(l, r);
163 data[0] = l;
164 data[1] = r;
165 DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
166 DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
167 DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
168 l = data[0];
169 r = data[1];
170 FP(r, l);
171 data[0] = l;
172 data[1] = r;
173 }
174
DES_decrypt3(DES_LONG * data,DES_key_schedule * ks1,DES_key_schedule * ks2,DES_key_schedule * ks3)175 void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
176 DES_key_schedule *ks2, DES_key_schedule *ks3)
177 {
178 register DES_LONG l, r;
179
180 l = data[0];
181 r = data[1];
182 IP(l, r);
183 data[0] = l;
184 data[1] = r;
185 DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
186 DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
187 DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
188 l = data[0];
189 r = data[1];
190 FP(r, l);
191 data[0] = l;
192 data[1] = r;
193 }
194
195 #ifndef DES_DEFAULT_OPTIONS
196
197 # undef CBC_ENC_C__DONT_UPDATE_IV
198 # include "ncbc_enc.c" /* DES_ncbc_encrypt */
199
DES_ede3_cbc_encrypt(const unsigned char * input,unsigned char * output,long length,DES_key_schedule * ks1,DES_key_schedule * ks2,DES_key_schedule * ks3,DES_cblock * ivec,int enc)200 void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
201 long length, DES_key_schedule *ks1,
202 DES_key_schedule *ks2, DES_key_schedule *ks3,
203 DES_cblock *ivec, int enc)
204 {
205 register DES_LONG tin0, tin1;
206 register DES_LONG tout0, tout1, xor0, xor1;
207 register const unsigned char *in;
208 unsigned char *out;
209 register long l = length;
210 DES_LONG tin[2];
211 unsigned char *iv;
212
213 in = input;
214 out = output;
215 iv = &(*ivec)[0];
216
217 if (enc) {
218 c2l(iv, tout0);
219 c2l(iv, tout1);
220 for (l -= 8; l >= 0; l -= 8) {
221 c2l(in, tin0);
222 c2l(in, tin1);
223 tin0 ^= tout0;
224 tin1 ^= tout1;
225
226 tin[0] = tin0;
227 tin[1] = tin1;
228 DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
229 tout0 = tin[0];
230 tout1 = tin[1];
231
232 l2c(tout0, out);
233 l2c(tout1, out);
234 }
235 if (l != -8) {
236 c2ln(in, tin0, tin1, l + 8);
237 tin0 ^= tout0;
238 tin1 ^= tout1;
239
240 tin[0] = tin0;
241 tin[1] = tin1;
242 DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
243 tout0 = tin[0];
244 tout1 = tin[1];
245
246 l2c(tout0, out);
247 l2c(tout1, out);
248 }
249 iv = &(*ivec)[0];
250 l2c(tout0, iv);
251 l2c(tout1, iv);
252 } else {
253 register DES_LONG t0, t1;
254
255 c2l(iv, xor0);
256 c2l(iv, xor1);
257 for (l -= 8; l >= 0; l -= 8) {
258 c2l(in, tin0);
259 c2l(in, tin1);
260
261 t0 = tin0;
262 t1 = tin1;
263
264 tin[0] = tin0;
265 tin[1] = tin1;
266 DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
267 tout0 = tin[0];
268 tout1 = tin[1];
269
270 tout0 ^= xor0;
271 tout1 ^= xor1;
272 l2c(tout0, out);
273 l2c(tout1, out);
274 xor0 = t0;
275 xor1 = t1;
276 }
277 if (l != -8) {
278 c2l(in, tin0);
279 c2l(in, tin1);
280
281 t0 = tin0;
282 t1 = tin1;
283
284 tin[0] = tin0;
285 tin[1] = tin1;
286 DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
287 tout0 = tin[0];
288 tout1 = tin[1];
289
290 tout0 ^= xor0;
291 tout1 ^= xor1;
292 l2cn(tout0, tout1, out, l + 8);
293 xor0 = t0;
294 xor1 = t1;
295 }
296
297 iv = &(*ivec)[0];
298 l2c(xor0, iv);
299 l2c(xor1, iv);
300 }
301 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
302 tin[0] = tin[1] = 0;
303 }
304
305 #endif /* DES_DEFAULT_OPTIONS */
306