1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/des.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,680 @@
1.4 +/*
1.5 + * des.c
1.6 + *
1.7 + * core source file for DES-150 library
1.8 + * Make key schedule from DES key.
1.9 + * Encrypt/Decrypt one 8-byte block.
1.10 + *
1.11 + * This Source Code Form is subject to the terms of the Mozilla Public
1.12 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.13 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.14 +
1.15 +#include "des.h"
1.16 +#include <stddef.h> /* for ptrdiff_t */
1.17 +/* #define USE_INDEXING 1 */
1.18 +
1.19 +/*
1.20 + * The tables below are the 8 sbox functions, with the 6-bit input permutation
1.21 + * and the 32-bit output permutation pre-computed.
1.22 + * They are shifted circularly to the left 3 bits, which removes 2 shifts
1.23 + * and an or from each round by reducing the number of sboxes whose
1.24 + * indices cross word broundaries from 2 to 1.
1.25 + */
1.26 +
1.27 +static const HALF SP[8][64] = {
1.28 +/* Box S1 */ {
1.29 + 0x04041000, 0x00000000, 0x00040000, 0x04041010,
1.30 + 0x04040010, 0x00041010, 0x00000010, 0x00040000,
1.31 + 0x00001000, 0x04041000, 0x04041010, 0x00001000,
1.32 + 0x04001010, 0x04040010, 0x04000000, 0x00000010,
1.33 + 0x00001010, 0x04001000, 0x04001000, 0x00041000,
1.34 + 0x00041000, 0x04040000, 0x04040000, 0x04001010,
1.35 + 0x00040010, 0x04000010, 0x04000010, 0x00040010,
1.36 + 0x00000000, 0x00001010, 0x00041010, 0x04000000,
1.37 + 0x00040000, 0x04041010, 0x00000010, 0x04040000,
1.38 + 0x04041000, 0x04000000, 0x04000000, 0x00001000,
1.39 + 0x04040010, 0x00040000, 0x00041000, 0x04000010,
1.40 + 0x00001000, 0x00000010, 0x04001010, 0x00041010,
1.41 + 0x04041010, 0x00040010, 0x04040000, 0x04001010,
1.42 + 0x04000010, 0x00001010, 0x00041010, 0x04041000,
1.43 + 0x00001010, 0x04001000, 0x04001000, 0x00000000,
1.44 + 0x00040010, 0x00041000, 0x00000000, 0x04040010
1.45 + },
1.46 +/* Box S2 */ {
1.47 + 0x00420082, 0x00020002, 0x00020000, 0x00420080,
1.48 + 0x00400000, 0x00000080, 0x00400082, 0x00020082,
1.49 + 0x00000082, 0x00420082, 0x00420002, 0x00000002,
1.50 + 0x00020002, 0x00400000, 0x00000080, 0x00400082,
1.51 + 0x00420000, 0x00400080, 0x00020082, 0x00000000,
1.52 + 0x00000002, 0x00020000, 0x00420080, 0x00400002,
1.53 + 0x00400080, 0x00000082, 0x00000000, 0x00420000,
1.54 + 0x00020080, 0x00420002, 0x00400002, 0x00020080,
1.55 + 0x00000000, 0x00420080, 0x00400082, 0x00400000,
1.56 + 0x00020082, 0x00400002, 0x00420002, 0x00020000,
1.57 + 0x00400002, 0x00020002, 0x00000080, 0x00420082,
1.58 + 0x00420080, 0x00000080, 0x00020000, 0x00000002,
1.59 + 0x00020080, 0x00420002, 0x00400000, 0x00000082,
1.60 + 0x00400080, 0x00020082, 0x00000082, 0x00400080,
1.61 + 0x00420000, 0x00000000, 0x00020002, 0x00020080,
1.62 + 0x00000002, 0x00400082, 0x00420082, 0x00420000
1.63 + },
1.64 +/* Box S3 */ {
1.65 + 0x00000820, 0x20080800, 0x00000000, 0x20080020,
1.66 + 0x20000800, 0x00000000, 0x00080820, 0x20000800,
1.67 + 0x00080020, 0x20000020, 0x20000020, 0x00080000,
1.68 + 0x20080820, 0x00080020, 0x20080000, 0x00000820,
1.69 + 0x20000000, 0x00000020, 0x20080800, 0x00000800,
1.70 + 0x00080800, 0x20080000, 0x20080020, 0x00080820,
1.71 + 0x20000820, 0x00080800, 0x00080000, 0x20000820,
1.72 + 0x00000020, 0x20080820, 0x00000800, 0x20000000,
1.73 + 0x20080800, 0x20000000, 0x00080020, 0x00000820,
1.74 + 0x00080000, 0x20080800, 0x20000800, 0x00000000,
1.75 + 0x00000800, 0x00080020, 0x20080820, 0x20000800,
1.76 + 0x20000020, 0x00000800, 0x00000000, 0x20080020,
1.77 + 0x20000820, 0x00080000, 0x20000000, 0x20080820,
1.78 + 0x00000020, 0x00080820, 0x00080800, 0x20000020,
1.79 + 0x20080000, 0x20000820, 0x00000820, 0x20080000,
1.80 + 0x00080820, 0x00000020, 0x20080020, 0x00080800
1.81 + },
1.82 +/* Box S4 */ {
1.83 + 0x02008004, 0x00008204, 0x00008204, 0x00000200,
1.84 + 0x02008200, 0x02000204, 0x02000004, 0x00008004,
1.85 + 0x00000000, 0x02008000, 0x02008000, 0x02008204,
1.86 + 0x00000204, 0x00000000, 0x02000200, 0x02000004,
1.87 + 0x00000004, 0x00008000, 0x02000000, 0x02008004,
1.88 + 0x00000200, 0x02000000, 0x00008004, 0x00008200,
1.89 + 0x02000204, 0x00000004, 0x00008200, 0x02000200,
1.90 + 0x00008000, 0x02008200, 0x02008204, 0x00000204,
1.91 + 0x02000200, 0x02000004, 0x02008000, 0x02008204,
1.92 + 0x00000204, 0x00000000, 0x00000000, 0x02008000,
1.93 + 0x00008200, 0x02000200, 0x02000204, 0x00000004,
1.94 + 0x02008004, 0x00008204, 0x00008204, 0x00000200,
1.95 + 0x02008204, 0x00000204, 0x00000004, 0x00008000,
1.96 + 0x02000004, 0x00008004, 0x02008200, 0x02000204,
1.97 + 0x00008004, 0x00008200, 0x02000000, 0x02008004,
1.98 + 0x00000200, 0x02000000, 0x00008000, 0x02008200
1.99 + },
1.100 +/* Box S5 */ {
1.101 + 0x00000400, 0x08200400, 0x08200000, 0x08000401,
1.102 + 0x00200000, 0x00000400, 0x00000001, 0x08200000,
1.103 + 0x00200401, 0x00200000, 0x08000400, 0x00200401,
1.104 + 0x08000401, 0x08200001, 0x00200400, 0x00000001,
1.105 + 0x08000000, 0x00200001, 0x00200001, 0x00000000,
1.106 + 0x00000401, 0x08200401, 0x08200401, 0x08000400,
1.107 + 0x08200001, 0x00000401, 0x00000000, 0x08000001,
1.108 + 0x08200400, 0x08000000, 0x08000001, 0x00200400,
1.109 + 0x00200000, 0x08000401, 0x00000400, 0x08000000,
1.110 + 0x00000001, 0x08200000, 0x08000401, 0x00200401,
1.111 + 0x08000400, 0x00000001, 0x08200001, 0x08200400,
1.112 + 0x00200401, 0x00000400, 0x08000000, 0x08200001,
1.113 + 0x08200401, 0x00200400, 0x08000001, 0x08200401,
1.114 + 0x08200000, 0x00000000, 0x00200001, 0x08000001,
1.115 + 0x00200400, 0x08000400, 0x00000401, 0x00200000,
1.116 + 0x00000000, 0x00200001, 0x08200400, 0x00000401
1.117 + },
1.118 +/* Box S6 */ {
1.119 + 0x80000040, 0x81000000, 0x00010000, 0x81010040,
1.120 + 0x81000000, 0x00000040, 0x81010040, 0x01000000,
1.121 + 0x80010000, 0x01010040, 0x01000000, 0x80000040,
1.122 + 0x01000040, 0x80010000, 0x80000000, 0x00010040,
1.123 + 0x00000000, 0x01000040, 0x80010040, 0x00010000,
1.124 + 0x01010000, 0x80010040, 0x00000040, 0x81000040,
1.125 + 0x81000040, 0x00000000, 0x01010040, 0x81010000,
1.126 + 0x00010040, 0x01010000, 0x81010000, 0x80000000,
1.127 + 0x80010000, 0x00000040, 0x81000040, 0x01010000,
1.128 + 0x81010040, 0x01000000, 0x00010040, 0x80000040,
1.129 + 0x01000000, 0x80010000, 0x80000000, 0x00010040,
1.130 + 0x80000040, 0x81010040, 0x01010000, 0x81000000,
1.131 + 0x01010040, 0x81010000, 0x00000000, 0x81000040,
1.132 + 0x00000040, 0x00010000, 0x81000000, 0x01010040,
1.133 + 0x00010000, 0x01000040, 0x80010040, 0x00000000,
1.134 + 0x81010000, 0x80000000, 0x01000040, 0x80010040
1.135 + },
1.136 +/* Box S7 */ {
1.137 + 0x00800000, 0x10800008, 0x10002008, 0x00000000,
1.138 + 0x00002000, 0x10002008, 0x00802008, 0x10802000,
1.139 + 0x10802008, 0x00800000, 0x00000000, 0x10000008,
1.140 + 0x00000008, 0x10000000, 0x10800008, 0x00002008,
1.141 + 0x10002000, 0x00802008, 0x00800008, 0x10002000,
1.142 + 0x10000008, 0x10800000, 0x10802000, 0x00800008,
1.143 + 0x10800000, 0x00002000, 0x00002008, 0x10802008,
1.144 + 0x00802000, 0x00000008, 0x10000000, 0x00802000,
1.145 + 0x10000000, 0x00802000, 0x00800000, 0x10002008,
1.146 + 0x10002008, 0x10800008, 0x10800008, 0x00000008,
1.147 + 0x00800008, 0x10000000, 0x10002000, 0x00800000,
1.148 + 0x10802000, 0x00002008, 0x00802008, 0x10802000,
1.149 + 0x00002008, 0x10000008, 0x10802008, 0x10800000,
1.150 + 0x00802000, 0x00000000, 0x00000008, 0x10802008,
1.151 + 0x00000000, 0x00802008, 0x10800000, 0x00002000,
1.152 + 0x10000008, 0x10002000, 0x00002000, 0x00800008
1.153 + },
1.154 +/* Box S8 */ {
1.155 + 0x40004100, 0x00004000, 0x00100000, 0x40104100,
1.156 + 0x40000000, 0x40004100, 0x00000100, 0x40000000,
1.157 + 0x00100100, 0x40100000, 0x40104100, 0x00104000,
1.158 + 0x40104000, 0x00104100, 0x00004000, 0x00000100,
1.159 + 0x40100000, 0x40000100, 0x40004000, 0x00004100,
1.160 + 0x00104000, 0x00100100, 0x40100100, 0x40104000,
1.161 + 0x00004100, 0x00000000, 0x00000000, 0x40100100,
1.162 + 0x40000100, 0x40004000, 0x00104100, 0x00100000,
1.163 + 0x00104100, 0x00100000, 0x40104000, 0x00004000,
1.164 + 0x00000100, 0x40100100, 0x00004000, 0x00104100,
1.165 + 0x40004000, 0x00000100, 0x40000100, 0x40100000,
1.166 + 0x40100100, 0x40000000, 0x00100000, 0x40004100,
1.167 + 0x00000000, 0x40104100, 0x00100100, 0x40000100,
1.168 + 0x40100000, 0x40004000, 0x40004100, 0x00000000,
1.169 + 0x40104100, 0x00104000, 0x00104000, 0x00004100,
1.170 + 0x00004100, 0x00100100, 0x40000000, 0x40104000
1.171 + }
1.172 +};
1.173 +
1.174 +static const HALF PC2[8][64] = {
1.175 +/* table 0 */ {
1.176 + 0x00000000, 0x00001000, 0x04000000, 0x04001000,
1.177 + 0x00100000, 0x00101000, 0x04100000, 0x04101000,
1.178 + 0x00008000, 0x00009000, 0x04008000, 0x04009000,
1.179 + 0x00108000, 0x00109000, 0x04108000, 0x04109000,
1.180 + 0x00000004, 0x00001004, 0x04000004, 0x04001004,
1.181 + 0x00100004, 0x00101004, 0x04100004, 0x04101004,
1.182 + 0x00008004, 0x00009004, 0x04008004, 0x04009004,
1.183 + 0x00108004, 0x00109004, 0x04108004, 0x04109004,
1.184 + 0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
1.185 + 0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
1.186 + 0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
1.187 + 0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
1.188 + 0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
1.189 + 0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
1.190 + 0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
1.191 + 0x08108004, 0x08109004, 0x0c108004, 0x0c109004
1.192 + },
1.193 +/* table 1 */ {
1.194 + 0x00000000, 0x00002000, 0x80000000, 0x80002000,
1.195 + 0x00000008, 0x00002008, 0x80000008, 0x80002008,
1.196 + 0x00200000, 0x00202000, 0x80200000, 0x80202000,
1.197 + 0x00200008, 0x00202008, 0x80200008, 0x80202008,
1.198 + 0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
1.199 + 0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
1.200 + 0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
1.201 + 0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
1.202 + 0x00000400, 0x00002400, 0x80000400, 0x80002400,
1.203 + 0x00000408, 0x00002408, 0x80000408, 0x80002408,
1.204 + 0x00200400, 0x00202400, 0x80200400, 0x80202400,
1.205 + 0x00200408, 0x00202408, 0x80200408, 0x80202408,
1.206 + 0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
1.207 + 0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
1.208 + 0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
1.209 + 0x20200408, 0x20202408, 0xa0200408, 0xa0202408
1.210 + },
1.211 +/* table 2 */ {
1.212 + 0x00000000, 0x00004000, 0x00000020, 0x00004020,
1.213 + 0x00080000, 0x00084000, 0x00080020, 0x00084020,
1.214 + 0x00000800, 0x00004800, 0x00000820, 0x00004820,
1.215 + 0x00080800, 0x00084800, 0x00080820, 0x00084820,
1.216 + 0x00000010, 0x00004010, 0x00000030, 0x00004030,
1.217 + 0x00080010, 0x00084010, 0x00080030, 0x00084030,
1.218 + 0x00000810, 0x00004810, 0x00000830, 0x00004830,
1.219 + 0x00080810, 0x00084810, 0x00080830, 0x00084830,
1.220 + 0x00400000, 0x00404000, 0x00400020, 0x00404020,
1.221 + 0x00480000, 0x00484000, 0x00480020, 0x00484020,
1.222 + 0x00400800, 0x00404800, 0x00400820, 0x00404820,
1.223 + 0x00480800, 0x00484800, 0x00480820, 0x00484820,
1.224 + 0x00400010, 0x00404010, 0x00400030, 0x00404030,
1.225 + 0x00480010, 0x00484010, 0x00480030, 0x00484030,
1.226 + 0x00400810, 0x00404810, 0x00400830, 0x00404830,
1.227 + 0x00480810, 0x00484810, 0x00480830, 0x00484830
1.228 + },
1.229 +/* table 3 */ {
1.230 + 0x00000000, 0x40000000, 0x00000080, 0x40000080,
1.231 + 0x00040000, 0x40040000, 0x00040080, 0x40040080,
1.232 + 0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
1.233 + 0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
1.234 + 0x10000000, 0x50000000, 0x10000080, 0x50000080,
1.235 + 0x10040000, 0x50040000, 0x10040080, 0x50040080,
1.236 + 0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
1.237 + 0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
1.238 + 0x00800000, 0x40800000, 0x00800080, 0x40800080,
1.239 + 0x00840000, 0x40840000, 0x00840080, 0x40840080,
1.240 + 0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
1.241 + 0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
1.242 + 0x10800000, 0x50800000, 0x10800080, 0x50800080,
1.243 + 0x10840000, 0x50840000, 0x10840080, 0x50840080,
1.244 + 0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
1.245 + 0x10840040, 0x50840040, 0x108400c0, 0x508400c0
1.246 + },
1.247 +/* table 4 */ {
1.248 + 0x00000000, 0x00000008, 0x08000000, 0x08000008,
1.249 + 0x00040000, 0x00040008, 0x08040000, 0x08040008,
1.250 + 0x00002000, 0x00002008, 0x08002000, 0x08002008,
1.251 + 0x00042000, 0x00042008, 0x08042000, 0x08042008,
1.252 + 0x80000000, 0x80000008, 0x88000000, 0x88000008,
1.253 + 0x80040000, 0x80040008, 0x88040000, 0x88040008,
1.254 + 0x80002000, 0x80002008, 0x88002000, 0x88002008,
1.255 + 0x80042000, 0x80042008, 0x88042000, 0x88042008,
1.256 + 0x00080000, 0x00080008, 0x08080000, 0x08080008,
1.257 + 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
1.258 + 0x00082000, 0x00082008, 0x08082000, 0x08082008,
1.259 + 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
1.260 + 0x80080000, 0x80080008, 0x88080000, 0x88080008,
1.261 + 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
1.262 + 0x80082000, 0x80082008, 0x88082000, 0x88082008,
1.263 + 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008
1.264 + },
1.265 +/* table 5 */ {
1.266 + 0x00000000, 0x00400000, 0x00008000, 0x00408000,
1.267 + 0x40000000, 0x40400000, 0x40008000, 0x40408000,
1.268 + 0x00000020, 0x00400020, 0x00008020, 0x00408020,
1.269 + 0x40000020, 0x40400020, 0x40008020, 0x40408020,
1.270 + 0x00001000, 0x00401000, 0x00009000, 0x00409000,
1.271 + 0x40001000, 0x40401000, 0x40009000, 0x40409000,
1.272 + 0x00001020, 0x00401020, 0x00009020, 0x00409020,
1.273 + 0x40001020, 0x40401020, 0x40009020, 0x40409020,
1.274 + 0x00100000, 0x00500000, 0x00108000, 0x00508000,
1.275 + 0x40100000, 0x40500000, 0x40108000, 0x40508000,
1.276 + 0x00100020, 0x00500020, 0x00108020, 0x00508020,
1.277 + 0x40100020, 0x40500020, 0x40108020, 0x40508020,
1.278 + 0x00101000, 0x00501000, 0x00109000, 0x00509000,
1.279 + 0x40101000, 0x40501000, 0x40109000, 0x40509000,
1.280 + 0x00101020, 0x00501020, 0x00109020, 0x00509020,
1.281 + 0x40101020, 0x40501020, 0x40109020, 0x40509020
1.282 + },
1.283 +/* table 6 */ {
1.284 + 0x00000000, 0x00000040, 0x04000000, 0x04000040,
1.285 + 0x00000800, 0x00000840, 0x04000800, 0x04000840,
1.286 + 0x00800000, 0x00800040, 0x04800000, 0x04800040,
1.287 + 0x00800800, 0x00800840, 0x04800800, 0x04800840,
1.288 + 0x10000000, 0x10000040, 0x14000000, 0x14000040,
1.289 + 0x10000800, 0x10000840, 0x14000800, 0x14000840,
1.290 + 0x10800000, 0x10800040, 0x14800000, 0x14800040,
1.291 + 0x10800800, 0x10800840, 0x14800800, 0x14800840,
1.292 + 0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
1.293 + 0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
1.294 + 0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
1.295 + 0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
1.296 + 0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
1.297 + 0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
1.298 + 0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
1.299 + 0x10800880, 0x108008c0, 0x14800880, 0x148008c0
1.300 + },
1.301 +/* table 7 */ {
1.302 + 0x00000000, 0x00000010, 0x00000400, 0x00000410,
1.303 + 0x00000004, 0x00000014, 0x00000404, 0x00000414,
1.304 + 0x00004000, 0x00004010, 0x00004400, 0x00004410,
1.305 + 0x00004004, 0x00004014, 0x00004404, 0x00004414,
1.306 + 0x20000000, 0x20000010, 0x20000400, 0x20000410,
1.307 + 0x20000004, 0x20000014, 0x20000404, 0x20000414,
1.308 + 0x20004000, 0x20004010, 0x20004400, 0x20004410,
1.309 + 0x20004004, 0x20004014, 0x20004404, 0x20004414,
1.310 + 0x00200000, 0x00200010, 0x00200400, 0x00200410,
1.311 + 0x00200004, 0x00200014, 0x00200404, 0x00200414,
1.312 + 0x00204000, 0x00204010, 0x00204400, 0x00204410,
1.313 + 0x00204004, 0x00204014, 0x00204404, 0x00204414,
1.314 + 0x20200000, 0x20200010, 0x20200400, 0x20200410,
1.315 + 0x20200004, 0x20200014, 0x20200404, 0x20200414,
1.316 + 0x20204000, 0x20204010, 0x20204400, 0x20204410,
1.317 + 0x20204004, 0x20204014, 0x20204404, 0x20204414
1.318 + }
1.319 +};
1.320 +
1.321 +/*
1.322 + * The PC-1 Permutation
1.323 + * If we number the bits of the 8 bytes of key input like this (in octal):
1.324 + * 00 01 02 03 04 05 06 07
1.325 + * 10 11 12 13 14 15 16 17
1.326 + * 20 21 22 23 24 25 26 27
1.327 + * 30 31 32 33 34 35 36 37
1.328 + * 40 41 42 43 44 45 46 47
1.329 + * 50 51 52 53 54 55 56 57
1.330 + * 60 61 62 63 64 65 66 67
1.331 + * 70 71 72 73 74 75 76 77
1.332 + * then after the PC-1 permutation,
1.333 + * C0 is
1.334 + * 70 60 50 40 30 20 10 00
1.335 + * 71 61 51 41 31 21 11 01
1.336 + * 72 62 52 42 32 22 12 02
1.337 + * 73 63 53 43
1.338 + * D0 is
1.339 + * 76 66 56 46 36 26 16 06
1.340 + * 75 65 55 45 35 25 15 05
1.341 + * 74 64 54 44 34 24 14 04
1.342 + * 33 23 13 03
1.343 + * and these parity bits have been discarded:
1.344 + * 77 67 57 47 37 27 17 07
1.345 + *
1.346 + * We achieve this by flipping the input matrix about the diagonal from 70-07,
1.347 + * getting left =
1.348 + * 77 67 57 47 37 27 17 07 (these are the parity bits)
1.349 + * 76 66 56 46 36 26 16 06
1.350 + * 75 65 55 45 35 25 15 05
1.351 + * 74 64 54 44 34 24 14 04
1.352 + * right =
1.353 + * 73 63 53 43 33 23 13 03
1.354 + * 72 62 52 42 32 22 12 02
1.355 + * 71 61 51 41 31 21 11 01
1.356 + * 70 60 50 40 30 20 10 00
1.357 + * then byte swap right, ala htonl() on a little endian machine.
1.358 + * right =
1.359 + * 70 60 50 40 30 20 10 00
1.360 + * 71 67 57 47 37 27 11 07
1.361 + * 72 62 52 42 32 22 12 02
1.362 + * 73 63 53 43 33 23 13 03
1.363 + * then
1.364 + * c0 = right >> 4;
1.365 + * d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
1.366 +*/
1.367 +
1.368 +#define FLIP_RIGHT_DIAGONAL(word, temp) \
1.369 + temp = (word ^ (word >> 18)) & 0x00003333; \
1.370 + word ^= temp | (temp << 18); \
1.371 + temp = (word ^ (word >> 9)) & 0x00550055; \
1.372 + word ^= temp | (temp << 9);
1.373 +
1.374 +#if defined(__GNUC__) && defined(NSS_X86_OR_X64)
1.375 +#define BYTESWAP(word, temp) \
1.376 + __asm("bswap %0" : "+r" (word));
1.377 +#elif (_MSC_VER >= 1300) && defined(NSS_X86_OR_X64)
1.378 +#include <stdlib.h>
1.379 +#pragma intrinsic(_byteswap_ulong)
1.380 +#define BYTESWAP(word, temp) \
1.381 + word = _byteswap_ulong(word);
1.382 +#elif defined(__GNUC__) && (defined(__thumb2__) || \
1.383 + (!defined(__thumb__) && \
1.384 + (defined(__ARM_ARCH_6__) || \
1.385 + defined(__ARM_ARCH_6J__) || \
1.386 + defined(__ARM_ARCH_6K__) || \
1.387 + defined(__ARM_ARCH_6Z__) || \
1.388 + defined(__ARM_ARCH_6ZK__) || \
1.389 + defined(__ARM_ARCH_6T2__) || \
1.390 + defined(__ARM_ARCH_7__) || \
1.391 + defined(__ARM_ARCH_7A__) || \
1.392 + defined(__ARM_ARCH_7R__))))
1.393 +#define BYTESWAP(word, temp) \
1.394 + __asm("rev %0, %0" : "+r" (word));
1.395 +#else
1.396 +#define BYTESWAP(word, temp) \
1.397 + word = (word >> 16) | (word << 16); \
1.398 + temp = 0x00ff00ff; \
1.399 + word = ((word & temp) << 8) | ((word >> 8) & temp);
1.400 +#endif
1.401 +
1.402 +#define PC1(left, right, c0, d0, temp) \
1.403 + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
1.404 + left ^= temp << 4; \
1.405 + FLIP_RIGHT_DIAGONAL(left, temp); \
1.406 + FLIP_RIGHT_DIAGONAL(right, temp); \
1.407 + BYTESWAP(right, temp); \
1.408 + c0 = right >> 4; \
1.409 + d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
1.410 +
1.411 +#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
1.412 +#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
1.413 +
1.414 +/*
1.415 + * setup key schedules from key
1.416 + */
1.417 +
1.418 +void
1.419 +DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction)
1.420 +{
1.421 + register HALF left, right;
1.422 + register HALF c0, d0;
1.423 + register HALF temp;
1.424 + int delta;
1.425 + unsigned int ls;
1.426 +
1.427 +#if defined(NSS_X86_OR_X64)
1.428 + left = HALFPTR(key)[0];
1.429 + right = HALFPTR(key)[1];
1.430 + BYTESWAP(left, temp);
1.431 + BYTESWAP(right, temp);
1.432 +#else
1.433 + if (((ptrdiff_t)key & 0x03) == 0) {
1.434 + left = HALFPTR(key)[0];
1.435 + right = HALFPTR(key)[1];
1.436 +#if defined(IS_LITTLE_ENDIAN)
1.437 + BYTESWAP(left, temp);
1.438 + BYTESWAP(right, temp);
1.439 +#endif
1.440 + } else {
1.441 + left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
1.442 + ((HALF)key[2] << 8) | key[3];
1.443 + right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
1.444 + ((HALF)key[6] << 8) | key[7];
1.445 + }
1.446 +#endif
1.447 +
1.448 + PC1(left, right, c0, d0, temp);
1.449 +
1.450 + if (direction == DES_ENCRYPT) {
1.451 + delta = 2 * (int)sizeof(HALF);
1.452 + } else {
1.453 + ks += 30;
1.454 + delta = (-2) * (int)sizeof(HALF);
1.455 + }
1.456 +
1.457 + for (ls = 0x8103; ls; ls >>= 1) {
1.458 + if ( ls & 1 ) {
1.459 + c0 = LEFT_SHIFT_1( c0 );
1.460 + d0 = LEFT_SHIFT_1( d0 );
1.461 + } else {
1.462 + c0 = LEFT_SHIFT_2( c0 );
1.463 + d0 = LEFT_SHIFT_2( d0 );
1.464 + }
1.465 +
1.466 +#ifdef USE_INDEXING
1.467 +#define PC2LOOKUP(b,c) PC2[b][c]
1.468 +
1.469 + left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
1.470 + left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
1.471 + left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
1.472 + left |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
1.473 +
1.474 + right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
1.475 + right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
1.476 + right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F) );
1.477 + right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
1.478 +#else
1.479 +#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
1.480 +
1.481 + left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
1.482 + left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
1.483 + left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C) );
1.484 + left |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
1.485 +
1.486 + right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
1.487 + right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
1.488 + right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC) );
1.489 + right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
1.490 +#endif
1.491 + /* left contains key bits for S1 S3 S2 S4 */
1.492 + /* right contains key bits for S6 S8 S5 S7 */
1.493 + temp = (left << 16) /* S2 S4 XX XX */
1.494 + | (right >> 16); /* XX XX S6 S8 */
1.495 + ks[0] = temp;
1.496 +
1.497 + temp = (left & 0xffff0000) /* S1 S3 XX XX */
1.498 + | (right & 0x0000ffff);/* XX XX S5 S7 */
1.499 + ks[1] = temp;
1.500 +
1.501 + ks = (HALF*)((BYTE *)ks + delta);
1.502 + }
1.503 +}
1.504 +
1.505 +/*
1.506 + * The DES Initial Permutation
1.507 + * if we number the bits of the 8 bytes of input like this (in octal):
1.508 + * 00 01 02 03 04 05 06 07
1.509 + * 10 11 12 13 14 15 16 17
1.510 + * 20 21 22 23 24 25 26 27
1.511 + * 30 31 32 33 34 35 36 37
1.512 + * 40 41 42 43 44 45 46 47
1.513 + * 50 51 52 53 54 55 56 57
1.514 + * 60 61 62 63 64 65 66 67
1.515 + * 70 71 72 73 74 75 76 77
1.516 + * then after the initial permutation, they will be in this order.
1.517 + * 71 61 51 41 31 21 11 01
1.518 + * 73 63 53 43 33 23 13 03
1.519 + * 75 65 55 45 35 25 15 05
1.520 + * 77 67 57 47 37 27 17 07
1.521 + * 70 60 50 40 30 20 10 00
1.522 + * 72 62 52 42 32 22 12 02
1.523 + * 74 64 54 44 34 24 14 04
1.524 + * 76 66 56 46 36 26 16 06
1.525 + *
1.526 + * One way to do this is in two steps:
1.527 + * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
1.528 + * 2. Rearrange the bytes (rows in the matrix above) with the following code.
1.529 + *
1.530 + * #define swapHiLo(word, temp) \
1.531 + * temp = (word ^ (word >> 24)) & 0x000000ff; \
1.532 + * word ^= temp | (temp << 24);
1.533 + *
1.534 + * right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
1.535 + * left ^= temp >> 8;
1.536 + * swapHiLo(left, temp);
1.537 + * swapHiLo(right,temp);
1.538 + *
1.539 + * However, the two steps can be combined, so that the rows are rearranged
1.540 + * while the matrix is being flipped, reducing the number of bit exchange
1.541 + * operations from 8 ot 5.
1.542 + *
1.543 + * Initial Permutation */
1.544 +#define IP(left, right, temp) \
1.545 + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
1.546 + left ^= temp << 4; \
1.547 + right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
1.548 + left ^= temp << 16; \
1.549 + right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
1.550 + left ^= temp >> 2; \
1.551 + right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
1.552 + left ^= temp >> 8; \
1.553 + right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
1.554 + left ^= temp << 1;
1.555 +
1.556 +/* The Final (Inverse Initial) permutation is done by reversing the
1.557 +** steps of the Initital Permutation
1.558 +*/
1.559 +
1.560 +#define FP(left, right, temp) \
1.561 + right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
1.562 + left ^= temp << 1; \
1.563 + right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
1.564 + left ^= temp >> 8; \
1.565 + right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
1.566 + left ^= temp >> 2; \
1.567 + right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
1.568 + left ^= temp << 16; \
1.569 + right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
1.570 + left ^= temp << 4;
1.571 +
1.572 +void
1.573 +DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
1.574 +{
1.575 + register HALF left, right;
1.576 + register HALF temp;
1.577 +
1.578 +#if defined(NSS_X86_OR_X64)
1.579 + left = HALFPTR(inbuf)[0];
1.580 + right = HALFPTR(inbuf)[1];
1.581 + BYTESWAP(left, temp);
1.582 + BYTESWAP(right, temp);
1.583 +#else
1.584 + if (((ptrdiff_t)inbuf & 0x03) == 0) {
1.585 + left = HALFPTR(inbuf)[0];
1.586 + right = HALFPTR(inbuf)[1];
1.587 +#if defined(IS_LITTLE_ENDIAN)
1.588 + BYTESWAP(left, temp);
1.589 + BYTESWAP(right, temp);
1.590 +#endif
1.591 + } else {
1.592 + left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
1.593 + ((HALF)inbuf[2] << 8) | inbuf[3];
1.594 + right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
1.595 + ((HALF)inbuf[6] << 8) | inbuf[7];
1.596 + }
1.597 +#endif
1.598 +
1.599 + IP(left, right, temp);
1.600 +
1.601 + /* shift the values left circularly 3 bits. */
1.602 + left = (left << 3) | (left >> 29);
1.603 + right = (right << 3) | (right >> 29);
1.604 +
1.605 +#ifdef USE_INDEXING
1.606 +#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
1.607 +#else
1.608 +#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
1.609 +#endif
1.610 +#define ROUND(out, in, r) \
1.611 + temp = in ^ ks[2*r]; \
1.612 + out ^= KSLOOKUP( 1, 24 ); \
1.613 + out ^= KSLOOKUP( 3, 16 ); \
1.614 + out ^= KSLOOKUP( 5, 8 ); \
1.615 + out ^= KSLOOKUP( 7, 0 ); \
1.616 + temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
1.617 + out ^= KSLOOKUP( 0, 24 ); \
1.618 + out ^= KSLOOKUP( 2, 16 ); \
1.619 + out ^= KSLOOKUP( 4, 8 ); \
1.620 + out ^= KSLOOKUP( 6, 0 );
1.621 +
1.622 + /* Do the 16 Feistel rounds */
1.623 + ROUND(left, right, 0)
1.624 + ROUND(right, left, 1)
1.625 + ROUND(left, right, 2)
1.626 + ROUND(right, left, 3)
1.627 + ROUND(left, right, 4)
1.628 + ROUND(right, left, 5)
1.629 + ROUND(left, right, 6)
1.630 + ROUND(right, left, 7)
1.631 + ROUND(left, right, 8)
1.632 + ROUND(right, left, 9)
1.633 + ROUND(left, right, 10)
1.634 + ROUND(right, left, 11)
1.635 + ROUND(left, right, 12)
1.636 + ROUND(right, left, 13)
1.637 + ROUND(left, right, 14)
1.638 + ROUND(right, left, 15)
1.639 +
1.640 + /* now shift circularly right 3 bits to undo the shifting done
1.641 + ** above. switch left and right here.
1.642 + */
1.643 + temp = (left >> 3) | (left << 29);
1.644 + left = (right >> 3) | (right << 29);
1.645 + right = temp;
1.646 +
1.647 + FP(left, right, temp);
1.648 +
1.649 +#if defined(NSS_X86_OR_X64)
1.650 + BYTESWAP(left, temp);
1.651 + BYTESWAP(right, temp);
1.652 + HALFPTR(outbuf)[0] = left;
1.653 + HALFPTR(outbuf)[1] = right;
1.654 +#else
1.655 + if (((ptrdiff_t)outbuf & 0x03) == 0) {
1.656 +#if defined(IS_LITTLE_ENDIAN)
1.657 + BYTESWAP(left, temp);
1.658 + BYTESWAP(right, temp);
1.659 +#endif
1.660 + HALFPTR(outbuf)[0] = left;
1.661 + HALFPTR(outbuf)[1] = right;
1.662 + } else {
1.663 + outbuf[0] = (BYTE)(left >> 24);
1.664 + outbuf[1] = (BYTE)(left >> 16);
1.665 + outbuf[2] = (BYTE)(left >> 8);
1.666 + outbuf[3] = (BYTE)(left );
1.667 +
1.668 + outbuf[4] = (BYTE)(right >> 24);
1.669 + outbuf[5] = (BYTE)(right >> 16);
1.670 + outbuf[6] = (BYTE)(right >> 8);
1.671 + outbuf[7] = (BYTE)(right );
1.672 + }
1.673 +#endif
1.674 +
1.675 +}
1.676 +
1.677 +/* Ackowledgements:
1.678 +** Two ideas used in this implementation were shown to me by Dennis Ferguson
1.679 +** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were:
1.680 +** 1. The method of computing the Initial and Final permutations.
1.681 +** 2. Circularly rotating the SP tables and the initial values of left and
1.682 +** right to reduce the number of shifts required during the 16 rounds.
1.683 +*/
