Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/des/des_locl.h	Lines:	1	1	100.0 %
Date:	2017-11-07	Branches:	0	0	0.0 %


/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#ifndef HEADER_DES_LOCL_H
#define HEADER_DES_LOCL_H

#include <math.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <openssl/opensslconf.h>

#include <openssl/des.h>

__BEGIN_HIDDEN_DECLS

#define ITERATIONS 16
#define HALF_ITERATIONS 8

/* used in des_read and des_write */
#define MAXWRITE	(1024*16)
#define BSIZE		(MAXWRITE+4)

#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
			 l|=((DES_LONG)(*((c)++)))<< 8L, \
			 l|=((DES_LONG)(*((c)++)))<<16L, \
			 l|=((DES_LONG)(*((c)++)))<<24L)

/* NOTE - c is not incremented as per c2l */
#define c2ln(c,l1,l2,n)	{ \
			c+=n; \
			l1=l2=0; \
			switch (n) { \
			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
			case 5: l2|=((DES_LONG)(*(--(c))));     \
			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
			case 1: l1|=((DES_LONG)(*(--(c))));     \
				} \
			}

#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

/* replacements for htonl and ntohl since I have no idea what to do
 * when faced with machines with 8 byte longs. */
#define HDRSIZE 4

#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
			 l|=((DES_LONG)(*((c)++)))<<16L, \
			 l|=((DES_LONG)(*((c)++)))<< 8L, \
			 l|=((DES_LONG)(*((c)++))))

#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
			 *((c)++)=(unsigned char)(((l)     )&0xff))

/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n)	{ \
			c+=n; \
			switch (n) { \
			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
				} \
			}

static inline uint32_t ROTATE(uint32_t a, uint32_t n)
{
	return (a>>n)+(a<<(32-n));
}

/* Don't worry about the LOAD_DATA() stuff, that is used by
 * fcrypt() to add it's little bit to the front */

#ifdef DES_FCRYPT

#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }

#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
	t=R^(R>>16L); \
	u=t&E0; t&=E1; \
	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
#else
#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
	u=R^s[S  ]; \
	t=R^s[S+1]
#endif

/* The changes to this macro may help or hinder, depending on the
 * compiler and the architecture.  gcc2 always seems to do well :-).
 * Inspired by Dana How <how@isl.stanford.edu>
 * DO NOT use the alternative version on machines with 8 byte longs.
 * It does not seem to work on the Alpha, even when DES_LONG is 4
 * bytes, probably an issue of accessing non-word aligned objects :-( */
#ifdef DES_PTR

/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
 * is no reason to not xor all the sub items together.  This potentially
 * saves a register since things can be xored directly into L */

#if defined(DES_RISC1) || defined(DES_RISC2)
#ifdef DES_RISC1
#define D_ENCRYPT(LL,R,S) { \
	unsigned int u1,u2,u3; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u2=(int)u>>8L; \
	u1=(int)u&0xfc; \
	u2&=0xfc; \
	t=ROTATE(t,4); \
	u>>=16L; \
	LL^= *(const DES_LONG *)(des_SP      +u1); \
	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
	u3=(int)(u>>8L); \
	u1=(int)u&0xfc; \
	u3&=0xfc; \
	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
	u2=(int)t>>8L; \
	u1=(int)t&0xfc; \
	u2&=0xfc; \
	t>>=16L; \
	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
	u3=(int)t>>8L; \
	u1=(int)t&0xfc; \
	u3&=0xfc; \
	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
#endif
#ifdef DES_RISC2
#define D_ENCRYPT(LL,R,S) { \
	unsigned int u1,u2,s1,s2; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u2=(int)u>>8L; \
	u1=(int)u&0xfc; \
	u2&=0xfc; \
	t=ROTATE(t,4); \
	LL^= *(const DES_LONG *)(des_SP      +u1); \
	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
	s1=(int)(u>>16L); \
	s2=(int)(u>>24L); \
	s1&=0xfc; \
	s2&=0xfc; \
	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
	u2=(int)t>>8L; \
	u1=(int)t&0xfc; \
	u2&=0xfc; \
	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
	s1=(int)(t>>16L); \
	s2=(int)(t>>24L); \
	s1&=0xfc; \
	s2&=0xfc; \
	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
#endif
#else
#define D_ENCRYPT(LL,R,S) { \
	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
	t=ROTATE(t,4); \
	LL^= \
	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
#endif

#else /* original version */

#if defined(DES_RISC1) || defined(DES_RISC2)
#ifdef DES_RISC1
#define D_ENCRYPT(LL,R,S) {\
	unsigned int u1,u2,u3; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u>>=2L; \
	t=ROTATE(t,6); \
	u2=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u2&=0x3f; \
	u>>=16L; \
	LL^=DES_SPtrans[0][u1]; \
	LL^=DES_SPtrans[2][u2]; \
	u3=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u3&=0x3f; \
	LL^=DES_SPtrans[4][u1]; \
	LL^=DES_SPtrans[6][u3]; \
	u2=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u2&=0x3f; \
	t>>=16L; \
	LL^=DES_SPtrans[1][u1]; \
	LL^=DES_SPtrans[3][u2]; \
	u3=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u3&=0x3f; \
	LL^=DES_SPtrans[5][u1]; \
	LL^=DES_SPtrans[7][u3]; }
#endif
#ifdef DES_RISC2
#define D_ENCRYPT(LL,R,S) {\
	unsigned int u1,u2,s1,s2; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u>>=2L; \
	t=ROTATE(t,6); \
	u2=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u2&=0x3f; \
	LL^=DES_SPtrans[0][u1]; \
	LL^=DES_SPtrans[2][u2]; \
	s1=(int)u>>16L; \
	s2=(int)u>>24L; \
	s1&=0x3f; \
	s2&=0x3f; \
	LL^=DES_SPtrans[4][s1]; \
	LL^=DES_SPtrans[6][s2]; \
	u2=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u2&=0x3f; \
	LL^=DES_SPtrans[1][u1]; \
	LL^=DES_SPtrans[3][u2]; \
	s1=(int)t>>16; \
	s2=(int)t>>24L; \
	s1&=0x3f; \
	s2&=0x3f; \
	LL^=DES_SPtrans[5][s1]; \
	LL^=DES_SPtrans[7][s2]; }
#endif

#else

#define D_ENCRYPT(LL,R,S) {\
	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
	t=ROTATE(t,4); \
	LL^=\
		DES_SPtrans[0][(u>> 2L)&0x3f]^ \
		DES_SPtrans[2][(u>>10L)&0x3f]^ \
		DES_SPtrans[4][(u>>18L)&0x3f]^ \
		DES_SPtrans[6][(u>>26L)&0x3f]^ \
		DES_SPtrans[1][(t>> 2L)&0x3f]^ \
		DES_SPtrans[3][(t>>10L)&0x3f]^ \
		DES_SPtrans[5][(t>>18L)&0x3f]^ \
		DES_SPtrans[7][(t>>26L)&0x3f]; }
#endif
#endif

	/* IP and FP
	 * The problem is more of a geometric problem that random bit fiddling.
	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0

	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1

	The output has been subject to swaps of the form
	0 1 -> 3 1 but the odd and even bits have been put into
	2 3    2 0
	different words.  The main trick is to remember that
	t=((l>>size)^r)&(mask);
	r^=t;
	l^=(t<<size);
	can be used to swap and move bits between words.

	So l =  0  1  2  3  r = 16 17 18 19
	        4  5  6  7      20 21 22 23
	        8  9 10 11      24 25 26 27
	       12 13 14 15      28 29 30 31
	becomes (for size == 2 and mask == 0x3333)
	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
		10^24 11^25 -- --        8  9 24 25      10 11 24 25
		14^28 15^29 -- --       12 13 28 29      14 15 28 29

	Thanks for hints from Richard Outerbridge - he told me IP&FP
	could be done in 15 xor, 10 shifts and 5 ands.
	When I finally started to think of the problem in 2D
	I first got ~42 operations without xors.  When I remembered
	how to use xors :-) I got it to its final state.
	*/
#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
	(b)^=(t),\
	(a)^=((t)<<(n)))

#define IP(l,r) \
	{ \
	DES_LONG tt; \
	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
	PERM_OP(l,r,tt,16,0x0000ffffL); \
	PERM_OP(r,l,tt, 2,0x33333333L); \
	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
	PERM_OP(r,l,tt, 1,0x55555555L); \
	}

#define FP(l,r) \
	{ \
	DES_LONG tt; \
	PERM_OP(l,r,tt, 1,0x55555555L); \
	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
	PERM_OP(l,r,tt, 2,0x33333333L); \
	PERM_OP(r,l,tt,16,0x0000ffffL); \
	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
	}

extern const DES_LONG DES_SPtrans[8][64];

void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
		 DES_LONG Eswap0, DES_LONG Eswap1);

#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
#endif

__END_HIDDEN_DECLS

#endif


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */
2			/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3			* All rights reserved.
4			*
5			* This package is an SSL implementation written
6			* by Eric Young (eay@cryptsoft.com).
7			* The implementation was written so as to conform with Netscapes SSL.
8			*
9			* This library is free for commercial and non-commercial use as long as
10			* the following conditions are aheared to. The following conditions
11			* apply to all code found in this distribution, be it the RC4, RSA,
12			* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13			* included with this distribution is covered by the same copyright terms
14			* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15			*
16			* Copyright remains Eric Young's, and as such any Copyright notices in
17			* the code are not to be removed.
18			* If this package is used in a product, Eric Young should be given attribution
19			* as the author of the parts of the library used.
20			* This can be in the form of a textual message at program startup or
21			* in documentation (online or textual) provided with the package.
22			*
23			* Redistribution and use in source and binary forms, with or without
24			* modification, are permitted provided that the following conditions
25			* are met:
26			* 1. Redistributions of source code must retain the copyright
27			* notice, this list of conditions and the following disclaimer.
28			* 2. Redistributions in binary form must reproduce the above copyright
29			* notice, this list of conditions and the following disclaimer in the
30			* documentation and/or other materials provided with the distribution.
31			* 3. All advertising materials mentioning features or use of this software
32			* must display the following acknowledgement:
33			* "This product includes cryptographic software written by
34			* Eric Young (eay@cryptsoft.com)"
35			* The word 'cryptographic' can be left out if the rouines from the library
36			* being used are not cryptographic related :-).
37			* 4. If you include any Windows specific code (or a derivative thereof) from
38			* the apps directory (application code) you must include an acknowledgement:
39			* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40			*
41			* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42			* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44			* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45			* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46			* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47			* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50			* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51			* SUCH DAMAGE.
52			*
53			* The licence and distribution terms for any publically available version or
54			* derivative of this code cannot be changed. i.e. this code cannot simply be
55			* copied and put under another distribution licence
56			* [including the GNU Public Licence.]
57			*/
58
59			#ifndef HEADER_DES_LOCL_H
60			#define HEADER_DES_LOCL_H
61
62			#include <math.h>
63			#include <stdint.h>
64			#include <stdio.h>
65			#include <stdlib.h>
66			#include <string.h>
67			#include <unistd.h>
68
69			#include <openssl/opensslconf.h>
70
71			#include <openssl/des.h>
72
73			__BEGIN_HIDDEN_DECLS
74
75			#define ITERATIONS 16
76			#define HALF_ITERATIONS 8
77
78			/* used in des_read and des_write */
79			#define MAXWRITE (1024*16)
80			#define BSIZE (MAXWRITE+4)
81
82			#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
83			l\|=((DES_LONG)(*((c)++)))<< 8L, \
84			l\|=((DES_LONG)(*((c)++)))<<16L, \
85			l\|=((DES_LONG)(*((c)++)))<<24L)
86
87			/* NOTE - c is not incremented as per c2l */
88			#define c2ln(c,l1,l2,n) { \
89			c+=n; \
90			l1=l2=0; \
91			switch (n) { \
92			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
93			case 7: l2\|=((DES_LONG)(*(--(c))))<<16L; \
94			case 6: l2\|=((DES_LONG)(*(--(c))))<< 8L; \
95			case 5: l2\|=((DES_LONG)(*(--(c)))); \
96			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
97			case 3: l1\|=((DES_LONG)(*(--(c))))<<16L; \
98			case 2: l1\|=((DES_LONG)(*(--(c))))<< 8L; \
99			case 1: l1\|=((DES_LONG)(*(--(c)))); \
100			} \
101			}
102
103			#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
104			*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
105			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
106			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
107
108			/* replacements for htonl and ntohl since I have no idea what to do
109			* when faced with machines with 8 byte longs. */
110			#define HDRSIZE 4
111
112			#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
113			l\|=((DES_LONG)(*((c)++)))<<16L, \
114			l\|=((DES_LONG)(*((c)++)))<< 8L, \
115			l\|=((DES_LONG)(*((c)++))))
116
117			#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
118			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
119			*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
120			*((c)++)=(unsigned char)(((l) )&0xff))
121
122			/* NOTE - c is not incremented as per l2c */
123			#define l2cn(l1,l2,c,n) { \
124			c+=n; \
125			switch (n) { \
126			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
127			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
128			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
129			case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
130			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
131			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
132			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
133			case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
134			} \
135			}
136
137			static inline uint32_t ROTATE(uint32_t a, uint32_t n)
138			{
139		1746888	return (a>>n)+(a<<(32-n));
140			}
141
142			/* Don't worry about the LOAD_DATA() stuff, that is used by
143			* fcrypt() to add it's little bit to the front */
144
145			#ifdef DES_FCRYPT
146
147			#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
148			{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
149
150			#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
151			t=R^(R>>16L); \
152			u=t&E0; t&=E1; \
153			tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
154			tmp=(t<<16); t^=R^s[S+1]; t^=tmp
155			#else
156			#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
157			#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
158			u=R^s[S ]; \
159			t=R^s[S+1]
160			#endif
161
162			/* The changes to this macro may help or hinder, depending on the
163			* compiler and the architecture. gcc2 always seems to do well :-).
164			* Inspired by Dana How <how@isl.stanford.edu>
165			* DO NOT use the alternative version on machines with 8 byte longs.
166			* It does not seem to work on the Alpha, even when DES_LONG is 4
167			* bytes, probably an issue of accessing non-word aligned objects :-( */
168			#ifdef DES_PTR
169
170			/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
171			* is no reason to not xor all the sub items together. This potentially
172			* saves a register since things can be xored directly into L */
173
174			#if defined(DES_RISC1) \|\| defined(DES_RISC2)
175			#ifdef DES_RISC1
176			#define D_ENCRYPT(LL,R,S) { \
177			unsigned int u1,u2,u3; \
178			LOAD_DATA(R,S,u,t,E0,E1,u1); \
179			u2=(int)u>>8L; \
180			u1=(int)u&0xfc; \
181			u2&=0xfc; \
182			t=ROTATE(t,4); \
183			u>>=16L; \
184			LL^= (const DES_LONG )(des_SP +u1); \
185			LL^= (const DES_LONG )(des_SP+0x200+u2); \
186			u3=(int)(u>>8L); \
187			u1=(int)u&0xfc; \
188			u3&=0xfc; \
189			LL^= (const DES_LONG )(des_SP+0x400+u1); \
190			LL^= (const DES_LONG )(des_SP+0x600+u3); \
191			u2=(int)t>>8L; \
192			u1=(int)t&0xfc; \
193			u2&=0xfc; \
194			t>>=16L; \
195			LL^= (const DES_LONG )(des_SP+0x100+u1); \
196			LL^= (const DES_LONG )(des_SP+0x300+u2); \
197			u3=(int)t>>8L; \
198			u1=(int)t&0xfc; \
199			u3&=0xfc; \
200			LL^= (const DES_LONG )(des_SP+0x500+u1); \
201			LL^= (const DES_LONG )(des_SP+0x700+u3); }
202			#endif
203			#ifdef DES_RISC2
204			#define D_ENCRYPT(LL,R,S) { \
205			unsigned int u1,u2,s1,s2; \
206			LOAD_DATA(R,S,u,t,E0,E1,u1); \
207			u2=(int)u>>8L; \
208			u1=(int)u&0xfc; \
209			u2&=0xfc; \
210			t=ROTATE(t,4); \
211			LL^= (const DES_LONG )(des_SP +u1); \
212			LL^= (const DES_LONG )(des_SP+0x200+u2); \
213			s1=(int)(u>>16L); \
214			s2=(int)(u>>24L); \
215			s1&=0xfc; \
216			s2&=0xfc; \
217			LL^= (const DES_LONG )(des_SP+0x400+s1); \
218			LL^= (const DES_LONG )(des_SP+0x600+s2); \
219			u2=(int)t>>8L; \
220			u1=(int)t&0xfc; \
221			u2&=0xfc; \
222			LL^= (const DES_LONG )(des_SP+0x100+u1); \
223			LL^= (const DES_LONG )(des_SP+0x300+u2); \
224			s1=(int)(t>>16L); \
225			s2=(int)(t>>24L); \
226			s1&=0xfc; \
227			s2&=0xfc; \
228			LL^= (const DES_LONG )(des_SP+0x500+s1); \
229			LL^= (const DES_LONG )(des_SP+0x700+s2); }
230			#endif
231			#else
232			#define D_ENCRYPT(LL,R,S) { \
233			LOAD_DATA_tmp(R,S,u,t,E0,E1); \
234			t=ROTATE(t,4); \
235			LL^= \
236			(const DES_LONG )(des_SP +((u )&0xfc))^ \
237			(const DES_LONG )(des_SP+0x200+((u>> 8L)&0xfc))^ \
238			(const DES_LONG )(des_SP+0x400+((u>>16L)&0xfc))^ \
239			(const DES_LONG )(des_SP+0x600+((u>>24L)&0xfc))^ \
240			(const DES_LONG )(des_SP+0x100+((t )&0xfc))^ \
241			(const DES_LONG )(des_SP+0x300+((t>> 8L)&0xfc))^ \
242			(const DES_LONG )(des_SP+0x500+((t>>16L)&0xfc))^ \
243			(const DES_LONG )(des_SP+0x700+((t>>24L)&0xfc)); }
244			#endif
245
246			#else /* original version */
247
248			#if defined(DES_RISC1) \|\| defined(DES_RISC2)
249			#ifdef DES_RISC1
250			#define D_ENCRYPT(LL,R,S) {\
251			unsigned int u1,u2,u3; \
252			LOAD_DATA(R,S,u,t,E0,E1,u1); \
253			u>>=2L; \
254			t=ROTATE(t,6); \
255			u2=(int)u>>8L; \
256			u1=(int)u&0x3f; \
257			u2&=0x3f; \
258			u>>=16L; \
259			LL^=DES_SPtrans[0][u1]; \
260			LL^=DES_SPtrans[2][u2]; \
261			u3=(int)u>>8L; \
262			u1=(int)u&0x3f; \
263			u3&=0x3f; \
264			LL^=DES_SPtrans[4][u1]; \
265			LL^=DES_SPtrans[6][u3]; \
266			u2=(int)t>>8L; \
267			u1=(int)t&0x3f; \
268			u2&=0x3f; \
269			t>>=16L; \
270			LL^=DES_SPtrans[1][u1]; \
271			LL^=DES_SPtrans[3][u2]; \
272			u3=(int)t>>8L; \
273			u1=(int)t&0x3f; \
274			u3&=0x3f; \
275			LL^=DES_SPtrans[5][u1]; \
276			LL^=DES_SPtrans[7][u3]; }
277			#endif
278			#ifdef DES_RISC2
279			#define D_ENCRYPT(LL,R,S) {\
280			unsigned int u1,u2,s1,s2; \
281			LOAD_DATA(R,S,u,t,E0,E1,u1); \
282			u>>=2L; \
283			t=ROTATE(t,6); \
284			u2=(int)u>>8L; \
285			u1=(int)u&0x3f; \
286			u2&=0x3f; \
287			LL^=DES_SPtrans[0][u1]; \
288			LL^=DES_SPtrans[2][u2]; \
289			s1=(int)u>>16L; \
290			s2=(int)u>>24L; \
291			s1&=0x3f; \
292			s2&=0x3f; \
293			LL^=DES_SPtrans[4][s1]; \
294			LL^=DES_SPtrans[6][s2]; \
295			u2=(int)t>>8L; \
296			u1=(int)t&0x3f; \
297			u2&=0x3f; \
298			LL^=DES_SPtrans[1][u1]; \
299			LL^=DES_SPtrans[3][u2]; \
300			s1=(int)t>>16; \
301			s2=(int)t>>24L; \
302			s1&=0x3f; \
303			s2&=0x3f; \
304			LL^=DES_SPtrans[5][s1]; \
305			LL^=DES_SPtrans[7][s2]; }
306			#endif
307
308			#else
309
310			#define D_ENCRYPT(LL,R,S) {\
311			LOAD_DATA_tmp(R,S,u,t,E0,E1); \
312			t=ROTATE(t,4); \
313			LL^=\
314			DES_SPtrans[0][(u>> 2L)&0x3f]^ \
315			DES_SPtrans[2][(u>>10L)&0x3f]^ \
316			DES_SPtrans[4][(u>>18L)&0x3f]^ \
317			DES_SPtrans[6][(u>>26L)&0x3f]^ \
318			DES_SPtrans[1][(t>> 2L)&0x3f]^ \
319			DES_SPtrans[3][(t>>10L)&0x3f]^ \
320			DES_SPtrans[5][(t>>18L)&0x3f]^ \
321			DES_SPtrans[7][(t>>26L)&0x3f]; }
322			#endif
323			#endif
324
325			/* IP and FP
326			* The problem is more of a geometric problem that random bit fiddling.
327			0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
328			8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
329			16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
330			24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
331
332			32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
333			40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
334			48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
335			56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
336
337			The output has been subject to swaps of the form
338			0 1 -> 3 1 but the odd and even bits have been put into
339			2 3 2 0
340			different words. The main trick is to remember that
341			t=((l>>size)^r)&(mask);
342			r^=t;
343			l^=(t<<size);
344			can be used to swap and move bits between words.
345
346			So l = 0 1 2 3 r = 16 17 18 19
347			4 5 6 7 20 21 22 23
348			8 9 10 11 24 25 26 27
349			12 13 14 15 28 29 30 31
350			becomes (for size == 2 and mask == 0x3333)
351			t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
352			6^20 7^21 -- -- 4 5 20 21 6 7 22 23
353			10^24 11^25 -- -- 8 9 24 25 10 11 24 25
354			14^28 15^29 -- -- 12 13 28 29 14 15 28 29
355
356			Thanks for hints from Richard Outerbridge - he told me IP&FP
357			could be done in 15 xor, 10 shifts and 5 ands.
358			When I finally started to think of the problem in 2D
359			I first got ~42 operations without xors. When I remembered
360			how to use xors :-) I got it to its final state.
361			*/
362			#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
363			(b)^=(t),\
364			(a)^=((t)<<(n)))
365
366			#define IP(l,r) \
367			{ \
368			DES_LONG tt; \
369			PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
370			PERM_OP(l,r,tt,16,0x0000ffffL); \
371			PERM_OP(r,l,tt, 2,0x33333333L); \
372			PERM_OP(l,r,tt, 8,0x00ff00ffL); \
373			PERM_OP(r,l,tt, 1,0x55555555L); \
374			}
375
376			#define FP(l,r) \
377			{ \
378			DES_LONG tt; \
379			PERM_OP(l,r,tt, 1,0x55555555L); \
380			PERM_OP(r,l,tt, 8,0x00ff00ffL); \
381			PERM_OP(l,r,tt, 2,0x33333333L); \
382			PERM_OP(r,l,tt,16,0x0000ffffL); \
383			PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
384			}
385
386			extern const DES_LONG DES_SPtrans[8][64];
387
388			void fcrypt_body(DES_LONG out,DES_key_schedule ks,
389			DES_LONG Eswap0, DES_LONG Eswap1);
390
391			#ifdef OPENSSL_SMALL_FOOTPRINT
392			#undef DES_UNROLL
393			#endif
394
395			__END_HIDDEN_DECLS
396
397			#endif