GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/des/des_enc.c Lines: 178 178 100.0 %
Date: 2017-11-13 Branches: 26 32 81.3 %

Line Branch Exec Source
1
/* $OpenBSD: des_enc.c,v 1.12 2014/10/28 07:35:58 jsg Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include "des_locl.h"
60
#include "spr.h"
61
62
#ifndef OPENBSD_DES_ASM
63
64
void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
65
	{
66
	DES_LONG l,r,t,u;
67
#ifdef DES_PTR
68
	const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
69
#endif
70
#ifndef DES_UNROLL
71
	int i;
72
#endif
73
	DES_LONG *s;
74
75
26860
	r=data[0];
76
13430
	l=data[1];
77
78
13430
	IP(r,l);
79
	/* Things have been modified so that the initial rotate is
80
	 * done outside the loop.  This required the
81
	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
82
	 * One perl script later and things have a 5% speed up on a sparc2.
83
	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
84
	 * for pointing this out. */
85
	/* clear the top bits on machines with 8byte longs */
86
	/* shift left by 2 */
87
13430
	r=ROTATE(r,29)&0xffffffffL;
88
13430
	l=ROTATE(l,29)&0xffffffffL;
89
90
13430
	s=ks->ks->deslong;
91
	/* I don't know if it is worth the effort of loop unrolling the
92
	 * inner loop */
93
13430
	if (enc)
94
		{
95
#ifdef DES_UNROLL
96
11335
		D_ENCRYPT(l,r, 0); /*  1 */
97
11335
		D_ENCRYPT(r,l, 2); /*  2 */
98
11335
		D_ENCRYPT(l,r, 4); /*  3 */
99
11335
		D_ENCRYPT(r,l, 6); /*  4 */
100
11335
		D_ENCRYPT(l,r, 8); /*  5 */
101
11335
		D_ENCRYPT(r,l,10); /*  6 */
102
11335
		D_ENCRYPT(l,r,12); /*  7 */
103
11335
		D_ENCRYPT(r,l,14); /*  8 */
104
11335
		D_ENCRYPT(l,r,16); /*  9 */
105
11335
		D_ENCRYPT(r,l,18); /*  10 */
106
11335
		D_ENCRYPT(l,r,20); /*  11 */
107
11335
		D_ENCRYPT(r,l,22); /*  12 */
108
11335
		D_ENCRYPT(l,r,24); /*  13 */
109
11335
		D_ENCRYPT(r,l,26); /*  14 */
110
11335
		D_ENCRYPT(l,r,28); /*  15 */
111
11335
		D_ENCRYPT(r,l,30); /*  16 */
112
#else
113
		for (i=0; i<32; i+=4)
114
			{
115
			D_ENCRYPT(l,r,i+0); /*  1 */
116
			D_ENCRYPT(r,l,i+2); /*  2 */
117
			}
118
#endif
119
11335
		}
120
	else
121
		{
122
#ifdef DES_UNROLL
123
2095
		D_ENCRYPT(l,r,30); /* 16 */
124
2095
		D_ENCRYPT(r,l,28); /* 15 */
125
2095
		D_ENCRYPT(l,r,26); /* 14 */
126
2095
		D_ENCRYPT(r,l,24); /* 13 */
127
2095
		D_ENCRYPT(l,r,22); /* 12 */
128
2095
		D_ENCRYPT(r,l,20); /* 11 */
129
2095
		D_ENCRYPT(l,r,18); /* 10 */
130
2095
		D_ENCRYPT(r,l,16); /*  9 */
131
2095
		D_ENCRYPT(l,r,14); /*  8 */
132
2095
		D_ENCRYPT(r,l,12); /*  7 */
133
2095
		D_ENCRYPT(l,r,10); /*  6 */
134
2095
		D_ENCRYPT(r,l, 8); /*  5 */
135
2095
		D_ENCRYPT(l,r, 6); /*  4 */
136
2095
		D_ENCRYPT(r,l, 4); /*  3 */
137
2095
		D_ENCRYPT(l,r, 2); /*  2 */
138
2095
		D_ENCRYPT(r,l, 0); /*  1 */
139
#else
140
		for (i=30; i>0; i-=4)
141
			{
142
			D_ENCRYPT(l,r,i-0); /* 16 */
143
			D_ENCRYPT(r,l,i-2); /* 15 */
144
			}
145
#endif
146
		}
147
148
	/* rotate and clear the top bits on machines with 8byte longs */
149
13430
	l=ROTATE(l,3)&0xffffffffL;
150
13430
	r=ROTATE(r,3)&0xffffffffL;
151
152
13430
	FP(r,l);
153
13430
	data[0]=l;
154
13430
	data[1]=r;
155
	l=r=t=u=0;
156
13430
	}
157
158
void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
159
	{
160
	DES_LONG l,r,t,u;
161
#ifdef DES_PTR
162
	const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
163
#endif
164
#ifndef DES_UNROLL
165
	int i;
166
#endif
167
	DES_LONG *s;
168
169
50052
	r=data[0];
170
25026
	l=data[1];
171
172
	/* Things have been modified so that the initial rotate is
173
	 * done outside the loop.  This required the
174
	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
175
	 * One perl script later and things have a 5% speed up on a sparc2.
176
	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
177
	 * for pointing this out. */
178
	/* clear the top bits on machines with 8byte longs */
179
25026
	r=ROTATE(r,29)&0xffffffffL;
180
25026
	l=ROTATE(l,29)&0xffffffffL;
181
182
25026
	s=ks->ks->deslong;
183
	/* I don't know if it is worth the effort of loop unrolling the
184
	 * inner loop */
185
25026
	if (enc)
186
		{
187
#ifdef DES_UNROLL
188
14480
		D_ENCRYPT(l,r, 0); /*  1 */
189
14480
		D_ENCRYPT(r,l, 2); /*  2 */
190
14480
		D_ENCRYPT(l,r, 4); /*  3 */
191
14480
		D_ENCRYPT(r,l, 6); /*  4 */
192
14480
		D_ENCRYPT(l,r, 8); /*  5 */
193
14480
		D_ENCRYPT(r,l,10); /*  6 */
194
14480
		D_ENCRYPT(l,r,12); /*  7 */
195
14480
		D_ENCRYPT(r,l,14); /*  8 */
196
14480
		D_ENCRYPT(l,r,16); /*  9 */
197
14480
		D_ENCRYPT(r,l,18); /*  10 */
198
14480
		D_ENCRYPT(l,r,20); /*  11 */
199
14480
		D_ENCRYPT(r,l,22); /*  12 */
200
14480
		D_ENCRYPT(l,r,24); /*  13 */
201
14480
		D_ENCRYPT(r,l,26); /*  14 */
202
14480
		D_ENCRYPT(l,r,28); /*  15 */
203
14480
		D_ENCRYPT(r,l,30); /*  16 */
204
#else
205
		for (i=0; i<32; i+=4)
206
			{
207
			D_ENCRYPT(l,r,i+0); /*  1 */
208
			D_ENCRYPT(r,l,i+2); /*  2 */
209
			}
210
#endif
211
14480
		}
212
	else
213
		{
214
#ifdef DES_UNROLL
215
10546
		D_ENCRYPT(l,r,30); /* 16 */
216
10546
		D_ENCRYPT(r,l,28); /* 15 */
217
10546
		D_ENCRYPT(l,r,26); /* 14 */
218
10546
		D_ENCRYPT(r,l,24); /* 13 */
219
10546
		D_ENCRYPT(l,r,22); /* 12 */
220
10546
		D_ENCRYPT(r,l,20); /* 11 */
221
10546
		D_ENCRYPT(l,r,18); /* 10 */
222
10546
		D_ENCRYPT(r,l,16); /*  9 */
223
10546
		D_ENCRYPT(l,r,14); /*  8 */
224
10546
		D_ENCRYPT(r,l,12); /*  7 */
225
10546
		D_ENCRYPT(l,r,10); /*  6 */
226
10546
		D_ENCRYPT(r,l, 8); /*  5 */
227
10546
		D_ENCRYPT(l,r, 6); /*  4 */
228
10546
		D_ENCRYPT(r,l, 4); /*  3 */
229
10546
		D_ENCRYPT(l,r, 2); /*  2 */
230
10546
		D_ENCRYPT(r,l, 0); /*  1 */
231
#else
232
		for (i=30; i>0; i-=4)
233
			{
234
			D_ENCRYPT(l,r,i-0); /* 16 */
235
			D_ENCRYPT(r,l,i-2); /* 15 */
236
			}
237
#endif
238
		}
239
	/* rotate and clear the top bits on machines with 8byte longs */
240
25026
	data[0]=ROTATE(l,3)&0xffffffffL;
241
25026
	data[1]=ROTATE(r,3)&0xffffffffL;
242
	l=r=t=u=0;
243
25026
	}
244
245
#endif /* OPENBSD_DES_ASM */
246
247
void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
248
		  DES_key_schedule *ks2, DES_key_schedule *ks3)
249
	{
250
	DES_LONG l,r;
251
252
12276
	l=data[0];
253
6138
	r=data[1];
254
6138
	IP(l,r);
255
6138
	data[0]=l;
256
6138
	data[1]=r;
257
6138
	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
258
6138
	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
259
6138
	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
260
6138
	l=data[0];
261
6138
	r=data[1];
262
6138
	FP(r,l);
263
6138
	data[0]=l;
264
6138
	data[1]=r;
265
6138
	}
266
267
void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
268
		  DES_key_schedule *ks2, DES_key_schedule *ks3)
269
	{
270
	DES_LONG l,r;
271
272
4408
	l=data[0];
273
2204
	r=data[1];
274
2204
	IP(l,r);
275
2204
	data[0]=l;
276
2204
	data[1]=r;
277
2204
	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
278
2204
	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
279
2204
	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
280
2204
	l=data[0];
281
2204
	r=data[1];
282
2204
	FP(r,l);
283
2204
	data[0]=l;
284
2204
	data[1]=r;
285
2204
	}
286
287
#ifndef DES_DEFAULT_OPTIONS
288
289
#undef CBC_ENC_C__DONT_UPDATE_IV
290
#include "ncbc_enc.c" /* DES_ncbc_encrypt */
291
292
void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
293
			  long length, DES_key_schedule *ks1,
294
			  DES_key_schedule *ks2, DES_key_schedule *ks3,
295
			  DES_cblock *ivec, int enc)
296
	{
297
	DES_LONG tin0,tin1;
298
	DES_LONG tout0,tout1,xor0,xor1;
299
	const unsigned char *in;
300
	unsigned char *out;
301
	long l=length;
302
582
	DES_LONG tin[2];
303
	unsigned char *iv;
304
305
	in=input;
306
	out=output;
307
291
	iv = &(*ivec)[0];
308
309
291
	if (enc)
310
		{
311
177
		c2l(iv,tout0);
312
177
		c2l(iv,tout1);
313
3600
		for (l-=8; l>=0; l-=8)
314
			{
315
1623
			c2l(in,tin0);
316
1623
			c2l(in,tin1);
317
1623
			tin0^=tout0;
318
1623
			tin1^=tout1;
319
320
1623
			tin[0]=tin0;
321
1623
			tin[1]=tin1;
322
1623
			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
323
1623
			tout0=tin[0];
324
1623
			tout1=tin[1];
325
326
1623
			l2c(tout0,out);
327
1623
			l2c(tout1,out);
328
			}
329
177
		if (l != -8)
330
			{
331


33
			c2ln(in,tin0,tin1,l+8);
332
3
			tin0^=tout0;
333
3
			tin1^=tout1;
334
335
3
			tin[0]=tin0;
336
3
			tin[1]=tin1;
337
3
			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
338
3
			tout0=tin[0];
339
3
			tout1=tin[1];
340
341
3
			l2c(tout0,out);
342
3
			l2c(tout1,out);
343
3
			}
344
		iv = &(*ivec)[0];
345
177
		l2c(tout0,iv);
346
177
		l2c(tout1,iv);
347
177
		}
348
	else
349
		{
350
		DES_LONG t0,t1;
351
352
114
		c2l(iv,xor0);
353
114
		c2l(iv,xor1);
354
2686
		for (l-=8; l>=0; l-=8)
355
			{
356
1229
			c2l(in,tin0);
357
1229
			c2l(in,tin1);
358
359
			t0=tin0;
360
			t1=tin1;
361
362
1229
			tin[0]=tin0;
363
1229
			tin[1]=tin1;
364
1229
			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
365
1229
			tout0=tin[0];
366
1229
			tout1=tin[1];
367
368
1229
			tout0^=xor0;
369
1229
			tout1^=xor1;
370
1229
			l2c(tout0,out);
371
1229
			l2c(tout1,out);
372
			xor0=t0;
373
			xor1=t1;
374
			}
375
114
		if (l != -8)
376
			{
377
18
			c2l(in,tin0);
378
18
			c2l(in,tin1);
379
380
			t0=tin0;
381
			t1=tin1;
382
383
18
			tin[0]=tin0;
384
18
			tin[1]=tin1;
385
18
			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
386
18
			tout0=tin[0];
387
18
			tout1=tin[1];
388
389
18
			tout0^=xor0;
390
18
			tout1^=xor1;
391


33
			l2cn(tout0,tout1,out,l+8);
392
			xor0=t0;
393
			xor1=t1;
394
3
			}
395
396
		iv = &(*ivec)[0];
397
114
		l2c(xor0,iv);
398
114
		l2c(xor1,iv);
399
		}
400
	tin0=tin1=tout0=tout1=xor0=xor1=0;
401
291
	tin[0]=tin[1]=0;
402
291
	}
403
404
#endif /* DES_DEFAULT_OPTIONS */