| 1 | /* $NetBSD: des_locl.h,v 1.4 2001/09/09 11:01:02 tls Exp $ */ |
| 2 | /* $KAME: des_locl.h,v 1.6 2000/11/06 13:58:09 itojun Exp $ */ |
| 3 | |
| 4 | /* crypto/des/des_locl.h */ |
| 5 | /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) |
| 6 | * All rights reserved. |
| 7 | * |
| 8 | * This file is part of an SSL implementation written |
| 9 | * by Eric Young (eay@mincom.oz.au). |
| 10 | * The implementation was written so as to conform with Netscapes SSL |
| 11 | * specification. This library and applications are |
| 12 | * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE |
| 13 | * as long as the following conditions are aheared to. |
| 14 | * |
| 15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 16 | * the code are not to be removed. If this code is used in a product, |
| 17 | * Eric Young should be given attribution as the author of the parts used. |
| 18 | * This can be in the form of a textual message at program startup or |
| 19 | * in documentation (online or textual) provided with the package. |
| 20 | * |
| 21 | * Redistribution and use in source and binary forms, with or without |
| 22 | * modification, are permitted provided that the following conditions |
| 23 | * are met: |
| 24 | * 1. Redistributions of source code must retain the copyright |
| 25 | * notice, this list of conditions and the following disclaimer. |
| 26 | * 2. Redistributions in binary form must reproduce the above copyright |
| 27 | * notice, this list of conditions and the following disclaimer in the |
| 28 | * documentation and/or other materials provided with the distribution. |
| 29 | * 3. All advertising materials mentioning features or use of this software |
| 30 | * must display the following acknowledgement: |
| 31 | * This product includes software developed by Eric Young (eay@mincom.oz.au) |
| 32 | * |
| 33 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 34 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 35 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 36 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 37 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 38 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 39 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 40 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 41 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 42 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 43 | * SUCH DAMAGE. |
| 44 | * |
| 45 | * The licence and distribution terms for any publically available version or |
| 46 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 47 | * copied and put under another distribution licence |
| 48 | * [including the GNU Public Licence.] |
| 49 | */ |
| 50 | |
| 51 | #ifndef HEADER_DES_LOCL_H |
| 52 | #define |
| 53 | |
| 54 | #include <crypto/des/des.h> |
| 55 | |
| 56 | #undef DES_PTR |
| 57 | |
| 58 | #ifdef __STDC__ |
| 59 | #undef NOPROTO |
| 60 | #endif |
| 61 | |
| 62 | #define ITERATIONS 16 |
| 63 | #define HALF_ITERATIONS 8 |
| 64 | |
| 65 | /* used in des_read and des_write */ |
| 66 | #define MAXWRITE (1024*16) |
| 67 | #define BSIZE (MAXWRITE+4) |
| 68 | |
| 69 | #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ |
| 70 | l|=((DES_LONG)(*((c)++)))<< 8L, \ |
| 71 | l|=((DES_LONG)(*((c)++)))<<16L, \ |
| 72 | l|=((DES_LONG)(*((c)++)))<<24L) |
| 73 | |
| 74 | /* NOTE - c is not incremented as per c2l */ |
| 75 | #define c2ln(c,l1,l2,n) { \ |
| 76 | c+=n; \ |
| 77 | l1=l2=0; \ |
| 78 | switch (n) { \ |
| 79 | case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ |
| 80 | case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ |
| 81 | case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ |
| 82 | case 5: l2|=((DES_LONG)(*(--(c)))); \ |
| 83 | case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ |
| 84 | case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ |
| 85 | case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ |
| 86 | case 1: l1|=((DES_LONG)(*(--(c)))); \ |
| 87 | } \ |
| 88 | } |
| 89 | |
| 90 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ |
| 91 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ |
| 92 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ |
| 93 | *((c)++)=(unsigned char)(((l)>>24L)&0xff)) |
| 94 | |
| 95 | /* replacements for htonl and ntohl since I have no idea what to do |
| 96 | * when faced with machines with 8 byte longs. */ |
| 97 | #define HDRSIZE 4 |
| 98 | |
| 99 | #define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ |
| 100 | l|=((DES_LONG)(*((c)++)))<<16L, \ |
| 101 | l|=((DES_LONG)(*((c)++)))<< 8L, \ |
| 102 | l|=((DES_LONG)(*((c)++)))) |
| 103 | |
| 104 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ |
| 105 | *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ |
| 106 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ |
| 107 | *((c)++)=(unsigned char)(((l) )&0xff)) |
| 108 | |
| 109 | /* NOTE - c is not incremented as per l2c */ |
| 110 | #define l2cn(l1,l2,c,n) { \ |
| 111 | c+=n; \ |
| 112 | switch (n) { \ |
| 113 | case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ |
| 114 | case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ |
| 115 | case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ |
| 116 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ |
| 117 | case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ |
| 118 | case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ |
| 119 | case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ |
| 120 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ |
| 121 | } \ |
| 122 | } |
| 123 | |
| 124 | #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) |
| 125 | |
| 126 | #define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) |
| 127 | #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ |
| 128 | u=R^s[S ]; \ |
| 129 | t=R^s[S+1] |
| 130 | |
| 131 | /* The changes to this macro may help or hinder, depending on the |
| 132 | * compiler and the achitecture. gcc2 always seems to do well :-). |
| 133 | * Inspired by Dana How <how@isl.stanford.edu> |
| 134 | * DO NOT use the alternative version on machines with 8 byte longs. |
| 135 | * It does not seem to work on the Alpha, even when DES_LONG is 4 |
| 136 | * bytes, probably an issue of accessing non-word aligned objects :-( */ |
| 137 | #ifdef DES_PTR |
| 138 | |
| 139 | /* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there |
| 140 | * is no reason to not xor all the sub items together. This potentially |
| 141 | * saves a register since things can be xored directly into L */ |
| 142 | |
| 143 | #if defined(DES_RISC1) || defined(DES_RISC2) |
| 144 | #ifdef DES_RISC1 |
| 145 | #define D_ENCRYPT(LL,R,S) { \ |
| 146 | unsigned int u1,u2,u3; \ |
| 147 | LOAD_DATA(R,S,u,t,E0,E1,u1); \ |
| 148 | u2=(int)u>>8L; \ |
| 149 | u1=(int)u&0xfc; \ |
| 150 | u2&=0xfc; \ |
| 151 | t=ROTATE(t,4); \ |
| 152 | u>>=16L; \ |
| 153 | LL^= *(const DES_LONG *)(des_SP +u1); \ |
| 154 | LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ |
| 155 | u3=(int)(u>>8L); \ |
| 156 | u1=(int)u&0xfc; \ |
| 157 | u3&=0xfc; \ |
| 158 | LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ |
| 159 | LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ |
| 160 | u2=(int)t>>8L; \ |
| 161 | u1=(int)t&0xfc; \ |
| 162 | u2&=0xfc; \ |
| 163 | t>>=16L; \ |
| 164 | LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ |
| 165 | LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ |
| 166 | u3=(int)t>>8L; \ |
| 167 | u1=(int)t&0xfc; \ |
| 168 | u3&=0xfc; \ |
| 169 | LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ |
| 170 | LL^= *(const DES_LONG *)(des_SP+0x700+u3); } |
| 171 | #endif /* DES_RISC1 */ |
| 172 | #ifdef DES_RISC2 |
| 173 | #define D_ENCRYPT(LL,R,S) { \ |
| 174 | unsigned int u1,u2,s1,s2; \ |
| 175 | LOAD_DATA(R,S,u,t,E0,E1,u1); \ |
| 176 | u2=(int)u>>8L; \ |
| 177 | u1=(int)u&0xfc; \ |
| 178 | u2&=0xfc; \ |
| 179 | t=ROTATE(t,4); \ |
| 180 | LL^= *(const DES_LONG *)(des_SP +u1); \ |
| 181 | LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ |
| 182 | s1=(int)(u>>16L); \ |
| 183 | s2=(int)(u>>24L); \ |
| 184 | s1&=0xfc; \ |
| 185 | s2&=0xfc; \ |
| 186 | LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ |
| 187 | LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ |
| 188 | u2=(int)t>>8L; \ |
| 189 | u1=(int)t&0xfc; \ |
| 190 | u2&=0xfc; \ |
| 191 | LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ |
| 192 | LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ |
| 193 | s1=(int)(t>>16L); \ |
| 194 | s2=(int)(t>>24L); \ |
| 195 | s1&=0xfc; \ |
| 196 | s2&=0xfc; \ |
| 197 | LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ |
| 198 | LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ |
| 199 | u2=(int)t>>8L; \ |
| 200 | u1=(int)t&0xfc; \ |
| 201 | u2&=0xfc; \ |
| 202 | LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ |
| 203 | LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ |
| 204 | s1=(int)(t>>16L); \ |
| 205 | s2=(int)(t>>24L); \ |
| 206 | s1&=0xfc; \ |
| 207 | s2&=0xfc; \ |
| 208 | LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ |
| 209 | LL^= *(const DES_LONG *)(des_SP+0x700+s2); } |
| 210 | #endif /* DES_RISC2 */ |
| 211 | #else /* DES_RISC1 || DES_RISC2 */ |
| 212 | #define D_ENCRYPT(LL,R,S) { \ |
| 213 | LOAD_DATA_tmp(R,S,u,t,E0,E1); \ |
| 214 | t=ROTATE(t,4); \ |
| 215 | LL^= \ |
| 216 | *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ |
| 217 | *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ |
| 218 | *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ |
| 219 | *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ |
| 220 | *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ |
| 221 | *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ |
| 222 | *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ |
| 223 | *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } |
| 224 | #endif /* DES_RISC1 || DES_RISC2 */ |
| 225 | #else /* original version */ |
| 226 | |
| 227 | #if defined(DES_RISC1) || defined(DES_RISC2) |
| 228 | #ifdef DES_RISC1 |
| 229 | #define D_ENCRYPT(LL,R,S) {\ |
| 230 | unsigned int u1,u2,u3; \ |
| 231 | LOAD_DATA(R,S,u,t,E0,E1,u1); \ |
| 232 | u>>=2L; \ |
| 233 | t=ROTATE(t,6); \ |
| 234 | u2=(int)u>>8L; \ |
| 235 | u1=(int)u&0x3f; \ |
| 236 | u2&=0x3f; \ |
| 237 | u>>=16L; \ |
| 238 | LL^=des_SPtrans[0][u1]; \ |
| 239 | LL^=des_SPtrans[2][u2]; \ |
| 240 | u3=(int)u>>8L; \ |
| 241 | u1=(int)u&0x3f; \ |
| 242 | u3&=0x3f; \ |
| 243 | LL^=des_SPtrans[4][u1]; \ |
| 244 | LL^=des_SPtrans[6][u3]; \ |
| 245 | u2=(int)t>>8L; \ |
| 246 | u1=(int)t&0x3f; \ |
| 247 | u2&=0x3f; \ |
| 248 | t>>=16L; \ |
| 249 | LL^=des_SPtrans[1][u1]; \ |
| 250 | LL^=des_SPtrans[3][u2]; \ |
| 251 | u3=(int)t>>8L; \ |
| 252 | u1=(int)t&0x3f; \ |
| 253 | u3&=0x3f; \ |
| 254 | LL^=des_SPtrans[5][u1]; \ |
| 255 | LL^=des_SPtrans[7][u3]; } |
| 256 | #endif /* DES_RISC1 */ |
| 257 | #ifdef DES_RISC2 |
| 258 | #define D_ENCRYPT(LL,R,S) {\ |
| 259 | unsigned int u1,u2,s1,s2; \ |
| 260 | LOAD_DATA(R,S,u,t,E0,E1,u1); \ |
| 261 | u>>=2L; \ |
| 262 | t=ROTATE(t,6); \ |
| 263 | u2=(int)u>>8L; \ |
| 264 | u1=(int)u&0x3f; \ |
| 265 | u2&=0x3f; \ |
| 266 | LL^=des_SPtrans[0][u1]; \ |
| 267 | LL^=des_SPtrans[2][u2]; \ |
| 268 | s1=(int)u>>16L; \ |
| 269 | s2=(int)u>>24L; \ |
| 270 | s1&=0x3f; \ |
| 271 | s2&=0x3f; \ |
| 272 | LL^=des_SPtrans[4][s1]; \ |
| 273 | LL^=des_SPtrans[6][s2]; \ |
| 274 | u2=(int)t>>8L; \ |
| 275 | u1=(int)t&0x3f; \ |
| 276 | u2&=0x3f; \ |
| 277 | LL^=des_SPtrans[1][u1]; \ |
| 278 | LL^=des_SPtrans[3][u2]; \ |
| 279 | s1=(int)t>>16; \ |
| 280 | s2=(int)t>>24L; \ |
| 281 | s1&=0x3f; \ |
| 282 | s2&=0x3f; \ |
| 283 | LL^=des_SPtrans[5][s1]; \ |
| 284 | LL^=des_SPtrans[7][s2]; } |
| 285 | #endif /* DES_RISC2 */ |
| 286 | |
| 287 | #else /* DES_RISC1 || DES_RISC2 */ |
| 288 | |
| 289 | #define D_ENCRYPT(LL,R,S) {\ |
| 290 | LOAD_DATA_tmp(R,S,u,t,E0,E1); \ |
| 291 | t=ROTATE(t,4); \ |
| 292 | LL^=\ |
| 293 | des_SPtrans[0][(u>> 2L)&0x3f]^ \ |
| 294 | des_SPtrans[2][(u>>10L)&0x3f]^ \ |
| 295 | des_SPtrans[4][(u>>18L)&0x3f]^ \ |
| 296 | des_SPtrans[6][(u>>26L)&0x3f]^ \ |
| 297 | des_SPtrans[1][(t>> 2L)&0x3f]^ \ |
| 298 | des_SPtrans[3][(t>>10L)&0x3f]^ \ |
| 299 | des_SPtrans[5][(t>>18L)&0x3f]^ \ |
| 300 | des_SPtrans[7][(t>>26L)&0x3f]; } |
| 301 | #endif /* DES_RISC1 || DES_RISC2 */ |
| 302 | #endif /* DES_PTR */ |
| 303 | |
| 304 | /* IP and FP |
| 305 | * The problem is more of a geometric problem that random bit fiddling. |
| 306 | 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 |
| 307 | 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 |
| 308 | 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 |
| 309 | 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 |
| 310 | |
| 311 | 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 |
| 312 | 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 |
| 313 | 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 |
| 314 | 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 |
| 315 | |
| 316 | The output has been subject to swaps of the form |
| 317 | 0 1 -> 3 1 but the odd and even bits have been put into |
| 318 | 2 3 2 0 |
| 319 | different words. The main trick is to remember that |
| 320 | t=((l>>size)^r)&(mask); |
| 321 | r^=t; |
| 322 | l^=(t<<size); |
| 323 | can be used to swap and move bits between words. |
| 324 | |
| 325 | So l = 0 1 2 3 r = 16 17 18 19 |
| 326 | 4 5 6 7 20 21 22 23 |
| 327 | 8 9 10 11 24 25 26 27 |
| 328 | 12 13 14 15 28 29 30 31 |
| 329 | becomes (for size == 2 and mask == 0x3333) |
| 330 | t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 |
| 331 | 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 |
| 332 | 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 |
| 333 | 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 |
| 334 | |
| 335 | Thanks for hints from Richard Outerbridge - he told me IP&FP |
| 336 | could be done in 15 xor, 10 shifts and 5 ands. |
| 337 | When I finally started to think of the problem in 2D |
| 338 | I first got ~42 operations without xors. When I remembered |
| 339 | how to use xors :-) I got it to its final state. |
| 340 | */ |
| 341 | #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ |
| 342 | (b)^=(t),\ |
| 343 | (a)^=((t)<<(n))) |
| 344 | |
| 345 | #define IP(l,r) \ |
| 346 | { \ |
| 347 | register DES_LONG tt; \ |
| 348 | PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ |
| 349 | PERM_OP(l,r,tt,16,0x0000ffffL); \ |
| 350 | PERM_OP(r,l,tt, 2,0x33333333L); \ |
| 351 | PERM_OP(l,r,tt, 8,0x00ff00ffL); \ |
| 352 | PERM_OP(r,l,tt, 1,0x55555555L); \ |
| 353 | } |
| 354 | |
| 355 | #define FP(l,r) \ |
| 356 | { \ |
| 357 | register DES_LONG tt; \ |
| 358 | PERM_OP(l,r,tt, 1,0x55555555L); \ |
| 359 | PERM_OP(r,l,tt, 8,0x00ff00ffL); \ |
| 360 | PERM_OP(l,r,tt, 2,0x33333333L); \ |
| 361 | PERM_OP(r,l,tt,16,0x0000ffffL); \ |
| 362 | PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ |
| 363 | } |
| 364 | #endif |
| 365 | |