The Tor Browser / annotate

security/nss/lib/freebl/des.c@b8a032363ba2 (annotated)

security/nss/lib/freebl/des.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /*
michael@0 2 * des.c
michael@0 3 *
michael@0 4 * core source file for DES-150 library
michael@0 5 * Make key schedule from DES key.
michael@0 6 * Encrypt/Decrypt one 8-byte block.
michael@0 7 *
michael@0 8 * This Source Code Form is subject to the terms of the Mozilla Public
michael@0 9 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 10 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 11
michael@0 12 #include "des.h"
michael@0 13 #include <stddef.h> /* for ptrdiff_t */
michael@0 14 /* #define USE_INDEXING 1 */
michael@0 15
michael@0 16 /*
michael@0 17 * The tables below are the 8 sbox functions, with the 6-bit input permutation
michael@0 18 * and the 32-bit output permutation pre-computed.
michael@0 19 * They are shifted circularly to the left 3 bits, which removes 2 shifts
michael@0 20 * and an or from each round by reducing the number of sboxes whose
michael@0 21 * indices cross word broundaries from 2 to 1.
michael@0 22 */
michael@0 23
michael@0 24 static const HALF SP[8][64] = {
michael@0 25 /* Box S1 */ {
michael@0 26 0x04041000, 0x00000000, 0x00040000, 0x04041010,
michael@0 27 0x04040010, 0x00041010, 0x00000010, 0x00040000,
michael@0 28 0x00001000, 0x04041000, 0x04041010, 0x00001000,
michael@0 29 0x04001010, 0x04040010, 0x04000000, 0x00000010,
michael@0 30 0x00001010, 0x04001000, 0x04001000, 0x00041000,
michael@0 31 0x00041000, 0x04040000, 0x04040000, 0x04001010,
michael@0 32 0x00040010, 0x04000010, 0x04000010, 0x00040010,
michael@0 33 0x00000000, 0x00001010, 0x00041010, 0x04000000,
michael@0 34 0x00040000, 0x04041010, 0x00000010, 0x04040000,
michael@0 35 0x04041000, 0x04000000, 0x04000000, 0x00001000,
michael@0 36 0x04040010, 0x00040000, 0x00041000, 0x04000010,
michael@0 37 0x00001000, 0x00000010, 0x04001010, 0x00041010,
michael@0 38 0x04041010, 0x00040010, 0x04040000, 0x04001010,
michael@0 39 0x04000010, 0x00001010, 0x00041010, 0x04041000,
michael@0 40 0x00001010, 0x04001000, 0x04001000, 0x00000000,
michael@0 41 0x00040010, 0x00041000, 0x00000000, 0x04040010
michael@0 42 },
michael@0 43 /* Box S2 */ {
michael@0 44 0x00420082, 0x00020002, 0x00020000, 0x00420080,
michael@0 45 0x00400000, 0x00000080, 0x00400082, 0x00020082,
michael@0 46 0x00000082, 0x00420082, 0x00420002, 0x00000002,
michael@0 47 0x00020002, 0x00400000, 0x00000080, 0x00400082,
michael@0 48 0x00420000, 0x00400080, 0x00020082, 0x00000000,
michael@0 49 0x00000002, 0x00020000, 0x00420080, 0x00400002,
michael@0 50 0x00400080, 0x00000082, 0x00000000, 0x00420000,
michael@0 51 0x00020080, 0x00420002, 0x00400002, 0x00020080,
michael@0 52 0x00000000, 0x00420080, 0x00400082, 0x00400000,
michael@0 53 0x00020082, 0x00400002, 0x00420002, 0x00020000,
michael@0 54 0x00400002, 0x00020002, 0x00000080, 0x00420082,
michael@0 55 0x00420080, 0x00000080, 0x00020000, 0x00000002,
michael@0 56 0x00020080, 0x00420002, 0x00400000, 0x00000082,
michael@0 57 0x00400080, 0x00020082, 0x00000082, 0x00400080,
michael@0 58 0x00420000, 0x00000000, 0x00020002, 0x00020080,
michael@0 59 0x00000002, 0x00400082, 0x00420082, 0x00420000
michael@0 60 },
michael@0 61 /* Box S3 */ {
michael@0 62 0x00000820, 0x20080800, 0x00000000, 0x20080020,
michael@0 63 0x20000800, 0x00000000, 0x00080820, 0x20000800,
michael@0 64 0x00080020, 0x20000020, 0x20000020, 0x00080000,
michael@0 65 0x20080820, 0x00080020, 0x20080000, 0x00000820,
michael@0 66 0x20000000, 0x00000020, 0x20080800, 0x00000800,
michael@0 67 0x00080800, 0x20080000, 0x20080020, 0x00080820,
michael@0 68 0x20000820, 0x00080800, 0x00080000, 0x20000820,
michael@0 69 0x00000020, 0x20080820, 0x00000800, 0x20000000,
michael@0 70 0x20080800, 0x20000000, 0x00080020, 0x00000820,
michael@0 71 0x00080000, 0x20080800, 0x20000800, 0x00000000,
michael@0 72 0x00000800, 0x00080020, 0x20080820, 0x20000800,
michael@0 73 0x20000020, 0x00000800, 0x00000000, 0x20080020,
michael@0 74 0x20000820, 0x00080000, 0x20000000, 0x20080820,
michael@0 75 0x00000020, 0x00080820, 0x00080800, 0x20000020,
michael@0 76 0x20080000, 0x20000820, 0x00000820, 0x20080000,
michael@0 77 0x00080820, 0x00000020, 0x20080020, 0x00080800
michael@0 78 },
michael@0 79 /* Box S4 */ {
michael@0 80 0x02008004, 0x00008204, 0x00008204, 0x00000200,
michael@0 81 0x02008200, 0x02000204, 0x02000004, 0x00008004,
michael@0 82 0x00000000, 0x02008000, 0x02008000, 0x02008204,
michael@0 83 0x00000204, 0x00000000, 0x02000200, 0x02000004,
michael@0 84 0x00000004, 0x00008000, 0x02000000, 0x02008004,
michael@0 85 0x00000200, 0x02000000, 0x00008004, 0x00008200,
michael@0 86 0x02000204, 0x00000004, 0x00008200, 0x02000200,
michael@0 87 0x00008000, 0x02008200, 0x02008204, 0x00000204,
michael@0 88 0x02000200, 0x02000004, 0x02008000, 0x02008204,
michael@0 89 0x00000204, 0x00000000, 0x00000000, 0x02008000,
michael@0 90 0x00008200, 0x02000200, 0x02000204, 0x00000004,
michael@0 91 0x02008004, 0x00008204, 0x00008204, 0x00000200,
michael@0 92 0x02008204, 0x00000204, 0x00000004, 0x00008000,
michael@0 93 0x02000004, 0x00008004, 0x02008200, 0x02000204,
michael@0 94 0x00008004, 0x00008200, 0x02000000, 0x02008004,
michael@0 95 0x00000200, 0x02000000, 0x00008000, 0x02008200
michael@0 96 },
michael@0 97 /* Box S5 */ {
michael@0 98 0x00000400, 0x08200400, 0x08200000, 0x08000401,
michael@0 99 0x00200000, 0x00000400, 0x00000001, 0x08200000,
michael@0 100 0x00200401, 0x00200000, 0x08000400, 0x00200401,
michael@0 101 0x08000401, 0x08200001, 0x00200400, 0x00000001,
michael@0 102 0x08000000, 0x00200001, 0x00200001, 0x00000000,
michael@0 103 0x00000401, 0x08200401, 0x08200401, 0x08000400,
michael@0 104 0x08200001, 0x00000401, 0x00000000, 0x08000001,
michael@0 105 0x08200400, 0x08000000, 0x08000001, 0x00200400,
michael@0 106 0x00200000, 0x08000401, 0x00000400, 0x08000000,
michael@0 107 0x00000001, 0x08200000, 0x08000401, 0x00200401,
michael@0 108 0x08000400, 0x00000001, 0x08200001, 0x08200400,
michael@0 109 0x00200401, 0x00000400, 0x08000000, 0x08200001,
michael@0 110 0x08200401, 0x00200400, 0x08000001, 0x08200401,
michael@0 111 0x08200000, 0x00000000, 0x00200001, 0x08000001,
michael@0 112 0x00200400, 0x08000400, 0x00000401, 0x00200000,
michael@0 113 0x00000000, 0x00200001, 0x08200400, 0x00000401
michael@0 114 },
michael@0 115 /* Box S6 */ {
michael@0 116 0x80000040, 0x81000000, 0x00010000, 0x81010040,
michael@0 117 0x81000000, 0x00000040, 0x81010040, 0x01000000,
michael@0 118 0x80010000, 0x01010040, 0x01000000, 0x80000040,
michael@0 119 0x01000040, 0x80010000, 0x80000000, 0x00010040,
michael@0 120 0x00000000, 0x01000040, 0x80010040, 0x00010000,
michael@0 121 0x01010000, 0x80010040, 0x00000040, 0x81000040,
michael@0 122 0x81000040, 0x00000000, 0x01010040, 0x81010000,
michael@0 123 0x00010040, 0x01010000, 0x81010000, 0x80000000,
michael@0 124 0x80010000, 0x00000040, 0x81000040, 0x01010000,
michael@0 125 0x81010040, 0x01000000, 0x00010040, 0x80000040,
michael@0 126 0x01000000, 0x80010000, 0x80000000, 0x00010040,
michael@0 127 0x80000040, 0x81010040, 0x01010000, 0x81000000,
michael@0 128 0x01010040, 0x81010000, 0x00000000, 0x81000040,
michael@0 129 0x00000040, 0x00010000, 0x81000000, 0x01010040,
michael@0 130 0x00010000, 0x01000040, 0x80010040, 0x00000000,
michael@0 131 0x81010000, 0x80000000, 0x01000040, 0x80010040
michael@0 132 },
michael@0 133 /* Box S7 */ {
michael@0 134 0x00800000, 0x10800008, 0x10002008, 0x00000000,
michael@0 135 0x00002000, 0x10002008, 0x00802008, 0x10802000,
michael@0 136 0x10802008, 0x00800000, 0x00000000, 0x10000008,
michael@0 137 0x00000008, 0x10000000, 0x10800008, 0x00002008,
michael@0 138 0x10002000, 0x00802008, 0x00800008, 0x10002000,
michael@0 139 0x10000008, 0x10800000, 0x10802000, 0x00800008,
michael@0 140 0x10800000, 0x00002000, 0x00002008, 0x10802008,
michael@0 141 0x00802000, 0x00000008, 0x10000000, 0x00802000,
michael@0 142 0x10000000, 0x00802000, 0x00800000, 0x10002008,
michael@0 143 0x10002008, 0x10800008, 0x10800008, 0x00000008,
michael@0 144 0x00800008, 0x10000000, 0x10002000, 0x00800000,
michael@0 145 0x10802000, 0x00002008, 0x00802008, 0x10802000,
michael@0 146 0x00002008, 0x10000008, 0x10802008, 0x10800000,
michael@0 147 0x00802000, 0x00000000, 0x00000008, 0x10802008,
michael@0 148 0x00000000, 0x00802008, 0x10800000, 0x00002000,
michael@0 149 0x10000008, 0x10002000, 0x00002000, 0x00800008
michael@0 150 },
michael@0 151 /* Box S8 */ {
michael@0 152 0x40004100, 0x00004000, 0x00100000, 0x40104100,
michael@0 153 0x40000000, 0x40004100, 0x00000100, 0x40000000,
michael@0 154 0x00100100, 0x40100000, 0x40104100, 0x00104000,
michael@0 155 0x40104000, 0x00104100, 0x00004000, 0x00000100,
michael@0 156 0x40100000, 0x40000100, 0x40004000, 0x00004100,
michael@0 157 0x00104000, 0x00100100, 0x40100100, 0x40104000,
michael@0 158 0x00004100, 0x00000000, 0x00000000, 0x40100100,
michael@0 159 0x40000100, 0x40004000, 0x00104100, 0x00100000,
michael@0 160 0x00104100, 0x00100000, 0x40104000, 0x00004000,
michael@0 161 0x00000100, 0x40100100, 0x00004000, 0x00104100,
michael@0 162 0x40004000, 0x00000100, 0x40000100, 0x40100000,
michael@0 163 0x40100100, 0x40000000, 0x00100000, 0x40004100,
michael@0 164 0x00000000, 0x40104100, 0x00100100, 0x40000100,
michael@0 165 0x40100000, 0x40004000, 0x40004100, 0x00000000,
michael@0 166 0x40104100, 0x00104000, 0x00104000, 0x00004100,
michael@0 167 0x00004100, 0x00100100, 0x40000000, 0x40104000
michael@0 168 }
michael@0 169 };
michael@0 170
michael@0 171 static const HALF PC2[8][64] = {
michael@0 172 /* table 0 */ {
michael@0 173 0x00000000, 0x00001000, 0x04000000, 0x04001000,
michael@0 174 0x00100000, 0x00101000, 0x04100000, 0x04101000,
michael@0 175 0x00008000, 0x00009000, 0x04008000, 0x04009000,
michael@0 176 0x00108000, 0x00109000, 0x04108000, 0x04109000,
michael@0 177 0x00000004, 0x00001004, 0x04000004, 0x04001004,
michael@0 178 0x00100004, 0x00101004, 0x04100004, 0x04101004,
michael@0 179 0x00008004, 0x00009004, 0x04008004, 0x04009004,
michael@0 180 0x00108004, 0x00109004, 0x04108004, 0x04109004,
michael@0 181 0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
michael@0 182 0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
michael@0 183 0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
michael@0 184 0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
michael@0 185 0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
michael@0 186 0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
michael@0 187 0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
michael@0 188 0x08108004, 0x08109004, 0x0c108004, 0x0c109004
michael@0 189 },
michael@0 190 /* table 1 */ {
michael@0 191 0x00000000, 0x00002000, 0x80000000, 0x80002000,
michael@0 192 0x00000008, 0x00002008, 0x80000008, 0x80002008,
michael@0 193 0x00200000, 0x00202000, 0x80200000, 0x80202000,
michael@0 194 0x00200008, 0x00202008, 0x80200008, 0x80202008,
michael@0 195 0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
michael@0 196 0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
michael@0 197 0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
michael@0 198 0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
michael@0 199 0x00000400, 0x00002400, 0x80000400, 0x80002400,
michael@0 200 0x00000408, 0x00002408, 0x80000408, 0x80002408,
michael@0 201 0x00200400, 0x00202400, 0x80200400, 0x80202400,
michael@0 202 0x00200408, 0x00202408, 0x80200408, 0x80202408,
michael@0 203 0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
michael@0 204 0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
michael@0 205 0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
michael@0 206 0x20200408, 0x20202408, 0xa0200408, 0xa0202408
michael@0 207 },
michael@0 208 /* table 2 */ {
michael@0 209 0x00000000, 0x00004000, 0x00000020, 0x00004020,
michael@0 210 0x00080000, 0x00084000, 0x00080020, 0x00084020,
michael@0 211 0x00000800, 0x00004800, 0x00000820, 0x00004820,
michael@0 212 0x00080800, 0x00084800, 0x00080820, 0x00084820,
michael@0 213 0x00000010, 0x00004010, 0x00000030, 0x00004030,
michael@0 214 0x00080010, 0x00084010, 0x00080030, 0x00084030,
michael@0 215 0x00000810, 0x00004810, 0x00000830, 0x00004830,
michael@0 216 0x00080810, 0x00084810, 0x00080830, 0x00084830,
michael@0 217 0x00400000, 0x00404000, 0x00400020, 0x00404020,
michael@0 218 0x00480000, 0x00484000, 0x00480020, 0x00484020,
michael@0 219 0x00400800, 0x00404800, 0x00400820, 0x00404820,
michael@0 220 0x00480800, 0x00484800, 0x00480820, 0x00484820,
michael@0 221 0x00400010, 0x00404010, 0x00400030, 0x00404030,
michael@0 222 0x00480010, 0x00484010, 0x00480030, 0x00484030,
michael@0 223 0x00400810, 0x00404810, 0x00400830, 0x00404830,
michael@0 224 0x00480810, 0x00484810, 0x00480830, 0x00484830
michael@0 225 },
michael@0 226 /* table 3 */ {
michael@0 227 0x00000000, 0x40000000, 0x00000080, 0x40000080,
michael@0 228 0x00040000, 0x40040000, 0x00040080, 0x40040080,
michael@0 229 0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
michael@0 230 0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
michael@0 231 0x10000000, 0x50000000, 0x10000080, 0x50000080,
michael@0 232 0x10040000, 0x50040000, 0x10040080, 0x50040080,
michael@0 233 0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
michael@0 234 0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
michael@0 235 0x00800000, 0x40800000, 0x00800080, 0x40800080,
michael@0 236 0x00840000, 0x40840000, 0x00840080, 0x40840080,
michael@0 237 0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
michael@0 238 0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
michael@0 239 0x10800000, 0x50800000, 0x10800080, 0x50800080,
michael@0 240 0x10840000, 0x50840000, 0x10840080, 0x50840080,
michael@0 241 0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
michael@0 242 0x10840040, 0x50840040, 0x108400c0, 0x508400c0
michael@0 243 },
michael@0 244 /* table 4 */ {
michael@0 245 0x00000000, 0x00000008, 0x08000000, 0x08000008,
michael@0 246 0x00040000, 0x00040008, 0x08040000, 0x08040008,
michael@0 247 0x00002000, 0x00002008, 0x08002000, 0x08002008,
michael@0 248 0x00042000, 0x00042008, 0x08042000, 0x08042008,
michael@0 249 0x80000000, 0x80000008, 0x88000000, 0x88000008,
michael@0 250 0x80040000, 0x80040008, 0x88040000, 0x88040008,
michael@0 251 0x80002000, 0x80002008, 0x88002000, 0x88002008,
michael@0 252 0x80042000, 0x80042008, 0x88042000, 0x88042008,
michael@0 253 0x00080000, 0x00080008, 0x08080000, 0x08080008,
michael@0 254 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
michael@0 255 0x00082000, 0x00082008, 0x08082000, 0x08082008,
michael@0 256 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
michael@0 257 0x80080000, 0x80080008, 0x88080000, 0x88080008,
michael@0 258 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
michael@0 259 0x80082000, 0x80082008, 0x88082000, 0x88082008,
michael@0 260 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008
michael@0 261 },
michael@0 262 /* table 5 */ {
michael@0 263 0x00000000, 0x00400000, 0x00008000, 0x00408000,
michael@0 264 0x40000000, 0x40400000, 0x40008000, 0x40408000,
michael@0 265 0x00000020, 0x00400020, 0x00008020, 0x00408020,
michael@0 266 0x40000020, 0x40400020, 0x40008020, 0x40408020,
michael@0 267 0x00001000, 0x00401000, 0x00009000, 0x00409000,
michael@0 268 0x40001000, 0x40401000, 0x40009000, 0x40409000,
michael@0 269 0x00001020, 0x00401020, 0x00009020, 0x00409020,
michael@0 270 0x40001020, 0x40401020, 0x40009020, 0x40409020,
michael@0 271 0x00100000, 0x00500000, 0x00108000, 0x00508000,
michael@0 272 0x40100000, 0x40500000, 0x40108000, 0x40508000,
michael@0 273 0x00100020, 0x00500020, 0x00108020, 0x00508020,
michael@0 274 0x40100020, 0x40500020, 0x40108020, 0x40508020,
michael@0 275 0x00101000, 0x00501000, 0x00109000, 0x00509000,
michael@0 276 0x40101000, 0x40501000, 0x40109000, 0x40509000,
michael@0 277 0x00101020, 0x00501020, 0x00109020, 0x00509020,
michael@0 278 0x40101020, 0x40501020, 0x40109020, 0x40509020
michael@0 279 },
michael@0 280 /* table 6 */ {
michael@0 281 0x00000000, 0x00000040, 0x04000000, 0x04000040,
michael@0 282 0x00000800, 0x00000840, 0x04000800, 0x04000840,
michael@0 283 0x00800000, 0x00800040, 0x04800000, 0x04800040,
michael@0 284 0x00800800, 0x00800840, 0x04800800, 0x04800840,
michael@0 285 0x10000000, 0x10000040, 0x14000000, 0x14000040,
michael@0 286 0x10000800, 0x10000840, 0x14000800, 0x14000840,
michael@0 287 0x10800000, 0x10800040, 0x14800000, 0x14800040,
michael@0 288 0x10800800, 0x10800840, 0x14800800, 0x14800840,
michael@0 289 0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
michael@0 290 0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
michael@0 291 0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
michael@0 292 0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
michael@0 293 0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
michael@0 294 0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
michael@0 295 0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
michael@0 296 0x10800880, 0x108008c0, 0x14800880, 0x148008c0
michael@0 297 },
michael@0 298 /* table 7 */ {
michael@0 299 0x00000000, 0x00000010, 0x00000400, 0x00000410,
michael@0 300 0x00000004, 0x00000014, 0x00000404, 0x00000414,
michael@0 301 0x00004000, 0x00004010, 0x00004400, 0x00004410,
michael@0 302 0x00004004, 0x00004014, 0x00004404, 0x00004414,
michael@0 303 0x20000000, 0x20000010, 0x20000400, 0x20000410,
michael@0 304 0x20000004, 0x20000014, 0x20000404, 0x20000414,
michael@0 305 0x20004000, 0x20004010, 0x20004400, 0x20004410,
michael@0 306 0x20004004, 0x20004014, 0x20004404, 0x20004414,
michael@0 307 0x00200000, 0x00200010, 0x00200400, 0x00200410,
michael@0 308 0x00200004, 0x00200014, 0x00200404, 0x00200414,
michael@0 309 0x00204000, 0x00204010, 0x00204400, 0x00204410,
michael@0 310 0x00204004, 0x00204014, 0x00204404, 0x00204414,
michael@0 311 0x20200000, 0x20200010, 0x20200400, 0x20200410,
michael@0 312 0x20200004, 0x20200014, 0x20200404, 0x20200414,
michael@0 313 0x20204000, 0x20204010, 0x20204400, 0x20204410,
michael@0 314 0x20204004, 0x20204014, 0x20204404, 0x20204414
michael@0 315 }
michael@0 316 };
michael@0 317
michael@0 318 /*
michael@0 319 * The PC-1 Permutation
michael@0 320 * If we number the bits of the 8 bytes of key input like this (in octal):
michael@0 321 * 00 01 02 03 04 05 06 07
michael@0 322 * 10 11 12 13 14 15 16 17
michael@0 323 * 20 21 22 23 24 25 26 27
michael@0 324 * 30 31 32 33 34 35 36 37
michael@0 325 * 40 41 42 43 44 45 46 47
michael@0 326 * 50 51 52 53 54 55 56 57
michael@0 327 * 60 61 62 63 64 65 66 67
michael@0 328 * 70 71 72 73 74 75 76 77
michael@0 329 * then after the PC-1 permutation,
michael@0 330 * C0 is
michael@0 331 * 70 60 50 40 30 20 10 00
michael@0 332 * 71 61 51 41 31 21 11 01
michael@0 333 * 72 62 52 42 32 22 12 02
michael@0 334 * 73 63 53 43
michael@0 335 * D0 is
michael@0 336 * 76 66 56 46 36 26 16 06
michael@0 337 * 75 65 55 45 35 25 15 05
michael@0 338 * 74 64 54 44 34 24 14 04
michael@0 339 * 33 23 13 03
michael@0 340 * and these parity bits have been discarded:
michael@0 341 * 77 67 57 47 37 27 17 07
michael@0 342 *
michael@0 343 * We achieve this by flipping the input matrix about the diagonal from 70-07,
michael@0 344 * getting left =
michael@0 345 * 77 67 57 47 37 27 17 07 (these are the parity bits)
michael@0 346 * 76 66 56 46 36 26 16 06
michael@0 347 * 75 65 55 45 35 25 15 05
michael@0 348 * 74 64 54 44 34 24 14 04
michael@0 349 * right =
michael@0 350 * 73 63 53 43 33 23 13 03
michael@0 351 * 72 62 52 42 32 22 12 02
michael@0 352 * 71 61 51 41 31 21 11 01
michael@0 353 * 70 60 50 40 30 20 10 00
michael@0 354 * then byte swap right, ala htonl() on a little endian machine.
michael@0 355 * right =
michael@0 356 * 70 60 50 40 30 20 10 00
michael@0 357 * 71 67 57 47 37 27 11 07
michael@0 358 * 72 62 52 42 32 22 12 02
michael@0 359 * 73 63 53 43 33 23 13 03
michael@0 360 * then
michael@0 361 * c0 = right >> 4;
michael@0 362 * d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
michael@0 363 */
michael@0 364
michael@0 365 #define FLIP_RIGHT_DIAGONAL(word, temp) \
michael@0 366 temp = (word ^ (word >> 18)) & 0x00003333; \
michael@0 367 word ^= temp | (temp << 18); \
michael@0 368 temp = (word ^ (word >> 9)) & 0x00550055; \
michael@0 369 word ^= temp | (temp << 9);
michael@0 370
michael@0 371 #if defined(__GNUC__) && defined(NSS_X86_OR_X64)
michael@0 372 #define BYTESWAP(word, temp) \
michael@0 373 __asm("bswap %0" : "+r" (word));
michael@0 374 #elif (_MSC_VER >= 1300) && defined(NSS_X86_OR_X64)
michael@0 375 #include <stdlib.h>
michael@0 376 #pragma intrinsic(_byteswap_ulong)
michael@0 377 #define BYTESWAP(word, temp) \
michael@0 378 word = _byteswap_ulong(word);
michael@0 379 #elif defined(__GNUC__) && (defined(__thumb2__) || \
michael@0 380 (!defined(__thumb__) && \
michael@0 381 (defined(__ARM_ARCH_6__) || \
michael@0 382 defined(__ARM_ARCH_6J__) || \
michael@0 383 defined(__ARM_ARCH_6K__) || \
michael@0 384 defined(__ARM_ARCH_6Z__) || \
michael@0 385 defined(__ARM_ARCH_6ZK__) || \
michael@0 386 defined(__ARM_ARCH_6T2__) || \
michael@0 387 defined(__ARM_ARCH_7__) || \
michael@0 388 defined(__ARM_ARCH_7A__) || \
michael@0 389 defined(__ARM_ARCH_7R__))))
michael@0 390 #define BYTESWAP(word, temp) \
michael@0 391 __asm("rev %0, %0" : "+r" (word));
michael@0 392 #else
michael@0 393 #define BYTESWAP(word, temp) \
michael@0 394 word = (word >> 16) | (word << 16); \
michael@0 395 temp = 0x00ff00ff; \
michael@0 396 word = ((word & temp) << 8) | ((word >> 8) & temp);
michael@0 397 #endif
michael@0 398
michael@0 399 #define PC1(left, right, c0, d0, temp) \
michael@0 400 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
michael@0 401 left ^= temp << 4; \
michael@0 402 FLIP_RIGHT_DIAGONAL(left, temp); \
michael@0 403 FLIP_RIGHT_DIAGONAL(right, temp); \
michael@0 404 BYTESWAP(right, temp); \
michael@0 405 c0 = right >> 4; \
michael@0 406 d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
michael@0 407
michael@0 408 #define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
michael@0 409 #define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
michael@0 410
michael@0 411 /*
michael@0 412 * setup key schedules from key
michael@0 413 */
michael@0 414
michael@0 415 void
michael@0 416 DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction)
michael@0 417 {
michael@0 418 register HALF left, right;
michael@0 419 register HALF c0, d0;
michael@0 420 register HALF temp;
michael@0 421 int delta;
michael@0 422 unsigned int ls;
michael@0 423
michael@0 424 #if defined(NSS_X86_OR_X64)
michael@0 425 left = HALFPTR(key)[0];
michael@0 426 right = HALFPTR(key)[1];
michael@0 427 BYTESWAP(left, temp);
michael@0 428 BYTESWAP(right, temp);
michael@0 429 #else
michael@0 430 if (((ptrdiff_t)key & 0x03) == 0) {
michael@0 431 left = HALFPTR(key)[0];
michael@0 432 right = HALFPTR(key)[1];
michael@0 433 #if defined(IS_LITTLE_ENDIAN)
michael@0 434 BYTESWAP(left, temp);
michael@0 435 BYTESWAP(right, temp);
michael@0 436 #endif
michael@0 437 } else {
michael@0 438 left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
michael@0 439 ((HALF)key[2] << 8) | key[3];
michael@0 440 right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
michael@0 441 ((HALF)key[6] << 8) | key[7];
michael@0 442 }
michael@0 443 #endif
michael@0 444
michael@0 445 PC1(left, right, c0, d0, temp);
michael@0 446
michael@0 447 if (direction == DES_ENCRYPT) {
michael@0 448 delta = 2 * (int)sizeof(HALF);
michael@0 449 } else {
michael@0 450 ks += 30;
michael@0 451 delta = (-2) * (int)sizeof(HALF);
michael@0 452 }
michael@0 453
michael@0 454 for (ls = 0x8103; ls; ls >>= 1) {
michael@0 455 if ( ls & 1 ) {
michael@0 456 c0 = LEFT_SHIFT_1( c0 );
michael@0 457 d0 = LEFT_SHIFT_1( d0 );
michael@0 458 } else {
michael@0 459 c0 = LEFT_SHIFT_2( c0 );
michael@0 460 d0 = LEFT_SHIFT_2( d0 );
michael@0 461 }
michael@0 462
michael@0 463 #ifdef USE_INDEXING
michael@0 464 #define PC2LOOKUP(b,c) PC2[b][c]
michael@0 465
michael@0 466 left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
michael@0 467 left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
michael@0 468 left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
michael@0 469 left |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
michael@0 470
michael@0 471 right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
michael@0 472 right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
michael@0 473 right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F) );
michael@0 474 right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
michael@0 475 #else
michael@0 476 #define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
michael@0 477
michael@0 478 left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
michael@0 479 left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
michael@0 480 left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C) );
michael@0 481 left |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
michael@0 482
michael@0 483 right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
michael@0 484 right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
michael@0 485 right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC) );
michael@0 486 right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
michael@0 487 #endif
michael@0 488 /* left contains key bits for S1 S3 S2 S4 */
michael@0 489 /* right contains key bits for S6 S8 S5 S7 */
michael@0 490 temp = (left << 16) /* S2 S4 XX XX */
michael@0 491 | (right >> 16); /* XX XX S6 S8 */
michael@0 492 ks[0] = temp;
michael@0 493
michael@0 494 temp = (left & 0xffff0000) /* S1 S3 XX XX */
michael@0 495 | (right & 0x0000ffff);/* XX XX S5 S7 */
michael@0 496 ks[1] = temp;
michael@0 497
michael@0 498 ks = (HALF*)((BYTE *)ks + delta);
michael@0 499 }
michael@0 500 }
michael@0 501
michael@0 502 /*
michael@0 503 * The DES Initial Permutation
michael@0 504 * if we number the bits of the 8 bytes of input like this (in octal):
michael@0 505 * 00 01 02 03 04 05 06 07
michael@0 506 * 10 11 12 13 14 15 16 17
michael@0 507 * 20 21 22 23 24 25 26 27
michael@0 508 * 30 31 32 33 34 35 36 37
michael@0 509 * 40 41 42 43 44 45 46 47
michael@0 510 * 50 51 52 53 54 55 56 57
michael@0 511 * 60 61 62 63 64 65 66 67
michael@0 512 * 70 71 72 73 74 75 76 77
michael@0 513 * then after the initial permutation, they will be in this order.
michael@0 514 * 71 61 51 41 31 21 11 01
michael@0 515 * 73 63 53 43 33 23 13 03
michael@0 516 * 75 65 55 45 35 25 15 05
michael@0 517 * 77 67 57 47 37 27 17 07
michael@0 518 * 70 60 50 40 30 20 10 00
michael@0 519 * 72 62 52 42 32 22 12 02
michael@0 520 * 74 64 54 44 34 24 14 04
michael@0 521 * 76 66 56 46 36 26 16 06
michael@0 522 *
michael@0 523 * One way to do this is in two steps:
michael@0 524 * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
michael@0 525 * 2. Rearrange the bytes (rows in the matrix above) with the following code.
michael@0 526 *
michael@0 527 * #define swapHiLo(word, temp) \
michael@0 528 * temp = (word ^ (word >> 24)) & 0x000000ff; \
michael@0 529 * word ^= temp | (temp << 24);
michael@0 530 *
michael@0 531 * right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
michael@0 532 * left ^= temp >> 8;
michael@0 533 * swapHiLo(left, temp);
michael@0 534 * swapHiLo(right,temp);
michael@0 535 *
michael@0 536 * However, the two steps can be combined, so that the rows are rearranged
michael@0 537 * while the matrix is being flipped, reducing the number of bit exchange
michael@0 538 * operations from 8 ot 5.
michael@0 539 *
michael@0 540 * Initial Permutation */
michael@0 541 #define IP(left, right, temp) \
michael@0 542 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
michael@0 543 left ^= temp << 4; \
michael@0 544 right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
michael@0 545 left ^= temp << 16; \
michael@0 546 right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
michael@0 547 left ^= temp >> 2; \
michael@0 548 right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
michael@0 549 left ^= temp >> 8; \
michael@0 550 right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
michael@0 551 left ^= temp << 1;
michael@0 552
michael@0 553 /* The Final (Inverse Initial) permutation is done by reversing the
michael@0 554 ** steps of the Initital Permutation
michael@0 555 */
michael@0 556
michael@0 557 #define FP(left, right, temp) \
michael@0 558 right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
michael@0 559 left ^= temp << 1; \
michael@0 560 right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
michael@0 561 left ^= temp >> 8; \
michael@0 562 right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
michael@0 563 left ^= temp >> 2; \
michael@0 564 right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
michael@0 565 left ^= temp << 16; \
michael@0 566 right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
michael@0 567 left ^= temp << 4;
michael@0 568
michael@0 569 void
michael@0 570 DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
michael@0 571 {
michael@0 572 register HALF left, right;
michael@0 573 register HALF temp;
michael@0 574
michael@0 575 #if defined(NSS_X86_OR_X64)
michael@0 576 left = HALFPTR(inbuf)[0];
michael@0 577 right = HALFPTR(inbuf)[1];
michael@0 578 BYTESWAP(left, temp);
michael@0 579 BYTESWAP(right, temp);
michael@0 580 #else
michael@0 581 if (((ptrdiff_t)inbuf & 0x03) == 0) {
michael@0 582 left = HALFPTR(inbuf)[0];
michael@0 583 right = HALFPTR(inbuf)[1];
michael@0 584 #if defined(IS_LITTLE_ENDIAN)
michael@0 585 BYTESWAP(left, temp);
michael@0 586 BYTESWAP(right, temp);
michael@0 587 #endif
michael@0 588 } else {
michael@0 589 left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
michael@0 590 ((HALF)inbuf[2] << 8) | inbuf[3];
michael@0 591 right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
michael@0 592 ((HALF)inbuf[6] << 8) | inbuf[7];
michael@0 593 }
michael@0 594 #endif
michael@0 595
michael@0 596 IP(left, right, temp);
michael@0 597
michael@0 598 /* shift the values left circularly 3 bits. */
michael@0 599 left = (left << 3) | (left >> 29);
michael@0 600 right = (right << 3) | (right >> 29);
michael@0 601
michael@0 602 #ifdef USE_INDEXING
michael@0 603 #define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
michael@0 604 #else
michael@0 605 #define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
michael@0 606 #endif
michael@0 607 #define ROUND(out, in, r) \
michael@0 608 temp = in ^ ks[2*r]; \
michael@0 609 out ^= KSLOOKUP( 1, 24 ); \
michael@0 610 out ^= KSLOOKUP( 3, 16 ); \
michael@0 611 out ^= KSLOOKUP( 5, 8 ); \
michael@0 612 out ^= KSLOOKUP( 7, 0 ); \
michael@0 613 temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
michael@0 614 out ^= KSLOOKUP( 0, 24 ); \
michael@0 615 out ^= KSLOOKUP( 2, 16 ); \
michael@0 616 out ^= KSLOOKUP( 4, 8 ); \
michael@0 617 out ^= KSLOOKUP( 6, 0 );
michael@0 618
michael@0 619 /* Do the 16 Feistel rounds */
michael@0 620 ROUND(left, right, 0)
michael@0 621 ROUND(right, left, 1)
michael@0 622 ROUND(left, right, 2)
michael@0 623 ROUND(right, left, 3)
michael@0 624 ROUND(left, right, 4)
michael@0 625 ROUND(right, left, 5)
michael@0 626 ROUND(left, right, 6)
michael@0 627 ROUND(right, left, 7)
michael@0 628 ROUND(left, right, 8)
michael@0 629 ROUND(right, left, 9)
michael@0 630 ROUND(left, right, 10)
michael@0 631 ROUND(right, left, 11)
michael@0 632 ROUND(left, right, 12)
michael@0 633 ROUND(right, left, 13)
michael@0 634 ROUND(left, right, 14)
michael@0 635 ROUND(right, left, 15)
michael@0 636
michael@0 637 /* now shift circularly right 3 bits to undo the shifting done
michael@0 638 ** above. switch left and right here.
michael@0 639 */
michael@0 640 temp = (left >> 3) | (left << 29);
michael@0 641 left = (right >> 3) | (right << 29);
michael@0 642 right = temp;
michael@0 643
michael@0 644 FP(left, right, temp);
michael@0 645
michael@0 646 #if defined(NSS_X86_OR_X64)
michael@0 647 BYTESWAP(left, temp);
michael@0 648 BYTESWAP(right, temp);
michael@0 649 HALFPTR(outbuf)[0] = left;
michael@0 650 HALFPTR(outbuf)[1] = right;
michael@0 651 #else
michael@0 652 if (((ptrdiff_t)outbuf & 0x03) == 0) {
michael@0 653 #if defined(IS_LITTLE_ENDIAN)
michael@0 654 BYTESWAP(left, temp);
michael@0 655 BYTESWAP(right, temp);
michael@0 656 #endif
michael@0 657 HALFPTR(outbuf)[0] = left;
michael@0 658 HALFPTR(outbuf)[1] = right;
michael@0 659 } else {
michael@0 660 outbuf[0] = (BYTE)(left >> 24);
michael@0 661 outbuf[1] = (BYTE)(left >> 16);
michael@0 662 outbuf[2] = (BYTE)(left >> 8);
michael@0 663 outbuf[3] = (BYTE)(left );
michael@0 664
michael@0 665 outbuf[4] = (BYTE)(right >> 24);
michael@0 666 outbuf[5] = (BYTE)(right >> 16);
michael@0 667 outbuf[6] = (BYTE)(right >> 8);
michael@0 668 outbuf[7] = (BYTE)(right );
michael@0 669 }
michael@0 670 #endif
michael@0 671
michael@0 672 }
michael@0 673
michael@0 674 /* Ackowledgements:
michael@0 675 ** Two ideas used in this implementation were shown to me by Dennis Ferguson
michael@0 676 ** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were:
michael@0 677 ** 1. The method of computing the Initial and Final permutations.
michael@0 678 ** 2. Circularly rotating the SP tables and the initial values of left and
michael@0 679 ** right to reduce the number of shifts required during the 16 rounds.
michael@0 680 */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial