[unix-history] / usr / src / cmd / berknet / nbs.c

# include <stdio.h>
/* file nbs.c
   This file has the necessary procedures to use the NBS algorithm
   to encrypt and decrypt strings of arbitrary length.

   Basically

		ciphertext = nbsencrypt(cleartext,secretkey,ciphertext);

   yields a string ciphertext from string cleartext using
   the secret string secretkey.
   Then

		cleartext = nbsdecrypt(ciphertext,secretkey,cleartext);
		
   yields the original string cleartext IF the string secretkey
   is the same for both calls.
   The third parameter is filled with the result of the call-
   it must be (11/8)*size(firstarg).
   The first and third areguments must be different.
   The cleartext must be ASCII - the top eighth bit is ignored,
   so binary data won't work.
   The plaintext is broken into 8 character sections,
   encrypted, and concatenated separated by $'s to make the ciphertext.
   The first 8 letter section uses the secretkey, subsequent
   sections use the cleartext of the previous section as
   the key.
   Thus the ciphertext depends on itself, except for
   the first section, which depends on the key.
   This means that sections of the ciphertext, except the first,
   may not stand alone.
   Only the first 8 characters of the key matter.
*/
char *deblknot(), *deblkclr();
char *nbs8decrypt(), *nbs8encrypt();
static char	E[48];
char e[];
char *nbsencrypt(str,key,result)
  char *result;
  register char *str, *key; {
	static char buf[20],oldbuf[20];
	register int j;
	result[0] = 0;
	strcpy(oldbuf,key);
	while(*str){
		for(j=0;j<10;j++)buf[j] = 0;
		for(j=0;j<8 && *str;j++)buf[j] = *str++;
		strcat(result,nbs8encrypt(buf,oldbuf));
		strcat(result,"$");
		strcpy(oldbuf,buf);
		}
	return(result);
	}
char *nbsdecrypt(cpt,key,result)
  char *result;
  register char *cpt,*key; {
	register char *s;
	char c,oldbuf[20];
	result[0] = 0;
	strcpy(oldbuf,key);
	while(*cpt){
		for(s = cpt;*s && *s != '$';s++);
		c = *s;
		*s = 0;
		strcpy(oldbuf,nbs8decrypt(cpt,oldbuf));
		strcat(result,oldbuf);
		if(c == 0)break;
		cpt = s + 1;
		}
	return(result);
	}
/* make key to be sent across the network */
makeuukey(skey,sn,mch)
char *skey, *sn, mch;
{
	skey[0] = mch;
	skey[1] = 0;
	strcat(skey,sn);
}

/* all other calls are private */
/*
char _sobuf[BUFSIZ];
testing(){
	static char res[BUFSIZ];
	register char *s;
	char str[BUFSIZ];
	setbuf(stdout,_sobuf);
	while(!feof(stdin)){
		fprintf(stderr,"String:\n");
		fgets(str,BUFSIZ,stdin);
		if(feof(stdin))break;
		strcat(str,"\n");
		s = nbsencrypt(str,"hellothere",res);
		fprintf(stderr,"encrypted:\n%s\n",s);
		fprintf(stderr,"decrypted:\n");
		printf("%s",nbsdecrypt(s,"hellothere",str));
		fprintf(stderr,"\n");
		}
	}
*/
/*
	To encrypt:
	The first level of call splits the input strings into strings
	no longer than 8 characters, for encryption.
	Then the encryption of 8 characters breaks all but the top bit
	of each character into a 64-character block, each character
	with 1 or 0 corresponding to binary.
	The key is set likewise.
	The encrypted form is then converted, 6 bits at a time,
	into an ASCII string.

	To decrypt:
	We take the result of the encryption, 6 significant bits
	per character, and convert it to the block(64-char) fmt.
	This is decrypted by running the nbs algorithm in reverse,
	and transformed back into 7bit ASCII.

	The subroutines to do ASCII blocking and deblocking
	are .....clr and the funny 6-bit code are .....not.

*/

char *nbs8encrypt(str,key)
register char *str, *key; {
	static char keyblk[100], blk[100];
	register int i;

	enblkclr(keyblk,key);
	nbssetkey(keyblk);

	for(i=0;i<48;i++) E[i] = e[i];
	enblkclr(blk,str);
	blkencrypt(blk,0);			/* forward dir */

	return(deblknot(blk));
}
char *nbs8decrypt(crp,key)
register char *crp, *key; {
	static char keyblk[100], blk[100];
	register int i;

	enblkclr(keyblk,key);
	nbssetkey(keyblk);

	for(i=0;i<48;i++) E[i] = e[i];
	enblknot(blk,crp);
	blkencrypt(blk,1);			/* backward dir */

	return(deblkclr(blk));
}
enblkclr(blk,str)		/* ignores top bit of chars in string str */
char *blk,*str; {
	register int i,j;
	register char c;
	for(i=0;i<70;i++)blk[i] = 0;
	for(i=0; (c= *str) && i<64; str++){
		for(j=0; j<7; j++, i++)
			blk[i] = (c>>(6-j)) & 01;
		i++;
		}
	}
char *deblkclr(blk)
char *blk; {
	register int i,j;
	register char c;
	static char iobuf[30];
	for(i=0; i<10; i++){
		c = 0;
		for(j=0; j<7; j++){
			c <<= 1;
			c |= blk[8*i+j];
			}
		iobuf[i] = c;
	}
	iobuf[i] = 0;
	return(iobuf);
	}
enblknot(blk,crp)
char *blk;
char *crp; {
	register int i,j;
	register char c;
	for(i=0;i<70;i++)blk[i] = 0;
	for(i=0; (c= *crp) && i<64; crp++){
		if(c>'Z') c -= 6;
		if(c>'9') c -= 7;
		c -= '.';
		for(j=0; j<6; j++, i++)
			blk[i] = (c>>(5-j)) & 01;
		}
	}
char *deblknot(blk)
char *blk; {
	register int i,j;
	register char c;
	static char iobuf[30];
	for(i=0; i<11; i++){
		c = 0;
		for(j=0; j<6; j++){
			c <<= 1;
			c |= blk[6*i+j];
			}
		c += '.';
		if(c > '9')c += 7;
		if(c > 'Z')c += 6;
		iobuf[i] = c;
	}
	iobuf[i] = 0;
	return(iobuf);
	}
/*
 * This program implements the
 * Proposed Federal Information Processing
 *  Data Encryption Standard.
 * See Federal Register, March 17, 1975 (40FR12134)
 */

/*
 * Initial permutation,
 */
static	char	IP[] = {
	58,50,42,34,26,18,10, 2,
	60,52,44,36,28,20,12, 4,
	62,54,46,38,30,22,14, 6,
	64,56,48,40,32,24,16, 8,
	57,49,41,33,25,17, 9, 1,
	59,51,43,35,27,19,11, 3,
	61,53,45,37,29,21,13, 5,
	63,55,47,39,31,23,15, 7,
};

/*
 * Final permutation, FP = IP^(-1)
 */
static	char	FP[] = {
	40, 8,48,16,56,24,64,32,
	39, 7,47,15,55,23,63,31,
	38, 6,46,14,54,22,62,30,
	37, 5,45,13,53,21,61,29,
	36, 4,44,12,52,20,60,28,
	35, 3,43,11,51,19,59,27,
	34, 2,42,10,50,18,58,26,
	33, 1,41, 9,49,17,57,25,
};

/*
 * Permuted-choice 1 from the key bits
 * to yield C and D.
 * Note that bits 8,16... are left out:
 * They are intended for a parity check.
 */
static	char	PC1_C[] = {
	57,49,41,33,25,17, 9,
	 1,58,50,42,34,26,18,
	10, 2,59,51,43,35,27,
	19,11, 3,60,52,44,36,
};

static	char	PC1_D[] = {
	63,55,47,39,31,23,15,
	 7,62,54,46,38,30,22,
	14, 6,61,53,45,37,29,
	21,13, 5,28,20,12, 4,
};

/*
 * Sequence of shifts used for the key schedule.
*/
static	char	shifts[] = {
	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
};

/*
 * Permuted-choice 2, to pick out the bits from
 * the CD array that generate the key schedule.
 */
static	char	PC2_C[] = {
	14,17,11,24, 1, 5,
	 3,28,15, 6,21,10,
	23,19,12, 4,26, 8,
	16, 7,27,20,13, 2,
};

static	char	PC2_D[] = {
	41,52,31,37,47,55,
	30,40,51,45,33,48,
	44,49,39,56,34,53,
	46,42,50,36,29,32,
};

/*
 * The C and D arrays used to calculate the key schedule.
 */

static	char	C[28];
static	char	D[28];
/*
 * The key schedule.
 * Generated from the key.
 */
static	char	KS[16][48];

/*
 * Set up the key schedule from the key.
 */

nbssetkey(key)
char *key;
{
	register i, j, k;
	int t;

	/*
	 * First, generate C and D by permuting
	 * the key.  The low order bit of each
	 * 8-bit char is not used, so C and D are only 28
	 * bits apiece.
	 */
	for (i=0; i<28; i++) {
		C[i] = key[PC1_C[i]-1];
		D[i] = key[PC1_D[i]-1];
	}
	/*
	 * To generate Ki, rotate C and D according
	 * to schedule and pick up a permutation
	 * using PC2.
	 */
	for (i=0; i<16; i++) {
		/*
		 * rotate.
		 */
		for (k=0; k<shifts[i]; k++) {
			t = C[0];
			for (j=0; j<28-1; j++)
				C[j] = C[j+1];
			C[27] = t;
			t = D[0];
			for (j=0; j<28-1; j++)
				D[j] = D[j+1];
			D[27] = t;
		}
		/*
		 * get Ki. Note C and D are concatenated.
		 */
		for (j=0; j<24; j++) {
			KS[i][j] = C[PC2_C[j]-1];
			KS[i][j+24] = D[PC2_D[j]-28-1];
		}
	}
}

/*
 * The E bit-selection table.
 */
static char	e[] = {
	32, 1, 2, 3, 4, 5,
	 4, 5, 6, 7, 8, 9,
	 8, 9,10,11,12,13,
	12,13,14,15,16,17,
	16,17,18,19,20,21,
	20,21,22,23,24,25,
	24,25,26,27,28,29,
	28,29,30,31,32, 1,
};

/*
 * The 8 selection functions.
 * For some reason, they give a 0-origin
 * index, unlike everything else.
 */
static	char	S[8][64] = {
	14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
	 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
	 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
	15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13,

	15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
	 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
	 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
	13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9,

	10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
	13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
	13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
	 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12,

	 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
	13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
	10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
	 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14,

	 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
	14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
	 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
	11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3,

	12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
	10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
	 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
	 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13,

	 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
	13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
	 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
	 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12,

	13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
	 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
	 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
	 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11,
};

/*
 * P is a permutation on the selected combination
 * of the current L and key.
 */
static	char	P[] = {
	16, 7,20,21,
	29,12,28,17,
	 1,15,23,26,
	 5,18,31,10,
	 2, 8,24,14,
	32,27, 3, 9,
	19,13,30, 6,
	22,11, 4,25,
};

/*
 * The current block, divided into 2 halves.
 */
static	char	L[32], R[32];
static	char	tempL[32];
static	char	f[32];

/*
 * The combination of the key and the input, before selection.
 */
static	char	preS[48];

/*
 * The payoff: encrypt a block.
 */

blkencrypt(block, edflag)
char *block;
{
	int i, ii;
	register t, j, k;

	/*
	 * First, permute the bits in the input
	 */
	for (j=0; j<64; j++)
		L[j] = block[IP[j]-1];
	/*
	 * Perform an encryption operation 16 times.
	 */
	for (ii=0; ii<16; ii++) {
		/*
		 * Set direction
		 */
		if (edflag)
			i = 15-ii;
		else
			i = ii;
		/*
		 * Save the R array,
		 * which will be the new L.
		 */
		for (j=0; j<32; j++)
			tempL[j] = R[j];
		/*
		 * Expand R to 48 bits using the E selector;
		 * exclusive-or with the current key bits.
		 */
		for (j=0; j<48; j++)
			preS[j] = R[E[j]-1] ^ KS[i][j];
		/*
		 * The pre-select bits are now considered
		 * in 8 groups of 6 bits each.
		 * The 8 selection functions map these
		 * 6-bit quantities into 4-bit quantities
		 * and the results permuted
		 * to make an f(R, K).
		 * The indexing into the selection functions
		 * is peculiar; it could be simplified by
		 * rewriting the tables.
		 */
		for (j=0; j<8; j++) {
			t = 6*j;
			k = S[j][(preS[t+0]<<5)+
				(preS[t+1]<<3)+
				(preS[t+2]<<2)+
				(preS[t+3]<<1)+
				(preS[t+4]<<0)+
				(preS[t+5]<<4)];
			t = 4*j;
			f[t+0] = (k>>3)&01;
			f[t+1] = (k>>2)&01;
			f[t+2] = (k>>1)&01;
			f[t+3] = (k>>0)&01;
		}
		/*
		 * The new R is L ^ f(R, K).
		 * The f here has to be permuted first, though.
		 */
		for (j=0; j<32; j++)
			R[j] = L[j] ^ f[P[j]-1];
		/*
		 * Finally, the new L (the original R)
		 * is copied back.
		 */
		for (j=0; j<32; j++)
			L[j] = tempL[j];
	}
	/*
	 * The output L and R are reversed.
	 */
	for (j=0; j<32; j++) {
		t = L[j];
		L[j] = R[j];
		R[j] = t;
	}
	/*
	 * The final output
	 * gets the inverse permutation of the very original.
	 */
	for (j=0; j<64; j++)
		block[j] = L[FP[j]-1];
}
Commit	Line	Data
442dbcf7 BJ	1	# include <stdio.h>
	2	/* file nbs.c
	3	This file has the necessary procedures to use the NBS algorithm
	4	to encrypt and decrypt strings of arbitrary length.
	5
	6	Basically
	7
	8	ciphertext = nbsencrypt(cleartext,secretkey,ciphertext);
	9
	10	yields a string ciphertext from string cleartext using
	11	the secret string secretkey.
	12	Then
	13
	14	cleartext = nbsdecrypt(ciphertext,secretkey,cleartext);
	15
	16	yields the original string cleartext IF the string secretkey
	17	is the same for both calls.
	18	The third parameter is filled with the result of the call-
	19	it must be (11/8)*size(firstarg).
	20	The first and third areguments must be different.
	21	The cleartext must be ASCII - the top eighth bit is ignored,
	22	so binary data won't work.
	23	The plaintext is broken into 8 character sections,
	24	encrypted, and concatenated separated by $'s to make the ciphertext.
	25	The first 8 letter section uses the secretkey, subsequent
	26	sections use the cleartext of the previous section as
	27	the key.
	28	Thus the ciphertext depends on itself, except for
	29	the first section, which depends on the key.
	30	This means that sections of the ciphertext, except the first,
	31	may not stand alone.
	32	Only the first 8 characters of the key matter.
	33	*/
	34	char deblknot(), deblkclr();
	35	char nbs8decrypt(), nbs8encrypt();
	36	static char E[48];
	37	char e[];
	38	char *nbsencrypt(str,key,result)
	39	char *result;
	40	register char str, key; {
	41	static char buf[20],oldbuf[20];
	42	register int j;
	43	result[0] = 0;
	44	strcpy(oldbuf,key);
	45	while(*str){
	46	for(j=0;j<10;j++)buf[j] = 0;
	47	for(j=0;j<8 && str;j++)buf[j] = str++;
	48	strcat(result,nbs8encrypt(buf,oldbuf));
	49	strcat(result,"$");
	50	strcpy(oldbuf,buf);
	51	}
	52	return(result);
	53	}
	54	char *nbsdecrypt(cpt,key,result)
	55	char *result;
	56	register char cpt,key; {
	57	register char *s;
	58	char c,oldbuf[20];
	59	result[0] = 0;
	60	strcpy(oldbuf,key);
	61	while(*cpt){
	62	for(s = cpt;s && s != '$';s++);
	63	c = *s;
	64	*s = 0;
65	strcpy(oldbuf,nbs8decrypt(cpt,oldbuf));
66	strcat(result,oldbuf);
67	if(c == 0)break;
68	cpt = s + 1;
69	}
70	return(result);
71	}
72	/* make key to be sent across the network */
73	makeuukey(skey,sn,mch)
74	char skey, sn, mch;
75	{
76	skey[0] = mch;
77	skey[1] = 0;
78	strcat(skey,sn);
79	}
80
81	/* all other calls are private */
82	/*
83	char _sobuf[BUFSIZ];
84	testing(){
85	static char res[BUFSIZ];
86	register char *s;
87	char str[BUFSIZ];
88	setbuf(stdout,_sobuf);
89	while(!feof(stdin)){
90	fprintf(stderr,"String:\n");
91	fgets(str,BUFSIZ,stdin);
92	if(feof(stdin))break;
93	strcat(str,"\n");
94	s = nbsencrypt(str,"hellothere",res);
95	fprintf(stderr,"encrypted:\n%s\n",s);
96	fprintf(stderr,"decrypted:\n");
97	printf("%s",nbsdecrypt(s,"hellothere",str));
98	fprintf(stderr,"\n");
99	}
100	}
101	*/
102	/*
103	To encrypt:
104	The first level of call splits the input strings into strings
105	no longer than 8 characters, for encryption.
106	Then the encryption of 8 characters breaks all but the top bit
107	of each character into a 64-character block, each character
108	with 1 or 0 corresponding to binary.
109	The key is set likewise.
110	The encrypted form is then converted, 6 bits at a time,
111	into an ASCII string.
112
113	To decrypt:
114	We take the result of the encryption, 6 significant bits
115	per character, and convert it to the block(64-char) fmt.
116	This is decrypted by running the nbs algorithm in reverse,
117	and transformed back into 7bit ASCII.
118
119	The subroutines to do ASCII blocking and deblocking
120	are .....clr and the funny 6-bit code are .....not.
121
122	*/
123
124	char *nbs8encrypt(str,key)
125	register char str, key; {
126	static char keyblk[100], blk[100];
127	register int i;
128
129	enblkclr(keyblk,key);
130	nbssetkey(keyblk);
131
132	for(i=0;i<48;i++) E[i] = e[i];
133	enblkclr(blk,str);
134	blkencrypt(blk,0); /* forward dir */
135
136	return(deblknot(blk));
137	}
138	char *nbs8decrypt(crp,key)
139	register char crp, key; {
140	static char keyblk[100], blk[100];
141	register int i;
142
143	enblkclr(keyblk,key);
144	nbssetkey(keyblk);
145
146	for(i=0;i<48;i++) E[i] = e[i];
147	enblknot(blk,crp);
148	blkencrypt(blk,1); /* backward dir */
149
150	return(deblkclr(blk));
151	}
152	enblkclr(blk,str) /* ignores top bit of chars in string str */
153	char blk,str; {
154	register int i,j;
155	register char c;
156	for(i=0;i<70;i++)blk[i] = 0;
157	for(i=0; (c= *str) && i<64; str++){
158	for(j=0; j<7; j++, i++)
159	blk[i] = (c>>(6-j)) & 01;
160	i++;
161	}
162	}
163	char *deblkclr(blk)
164	char *blk; {
165	register int i,j;
166	register char c;
167	static char iobuf[30];
168	for(i=0; i<10; i++){
169	c = 0;
170	for(j=0; j<7; j++){
171	c <<= 1;
172	c \|= blk[8*i+j];
173	}
174	iobuf[i] = c;
175	}
176	iobuf[i] = 0;
177	return(iobuf);
178	}
179	enblknot(blk,crp)
180	char *blk;
181	char *crp; {
182	register int i,j;
183	register char c;
184	for(i=0;i<70;i++)blk[i] = 0;
185	for(i=0; (c= *crp) && i<64; crp++){
186	if(c>'Z') c -= 6;
187	if(c>'9') c -= 7;
188	c -= '.';
189	for(j=0; j<6; j++, i++)
190	blk[i] = (c>>(5-j)) & 01;
191	}
192	}
193	char *deblknot(blk)
194	char *blk; {
195	register int i,j;
196	register char c;
197	static char iobuf[30];
198	for(i=0; i<11; i++){
199	c = 0;
200	for(j=0; j<6; j++){
201	c <<= 1;
202	c \|= blk[6*i+j];
203	}
204	c += '.';
205	if(c > '9')c += 7;
206	if(c > 'Z')c += 6;
207	iobuf[i] = c;
208	}
209	iobuf[i] = 0;
210	return(iobuf);
211	}
212	/*
213	* This program implements the
214	* Proposed Federal Information Processing
215	* Data Encryption Standard.
216	* See Federal Register, March 17, 1975 (40FR12134)
217	*/
218
219	/*
220	* Initial permutation,
221	*/
222	static char IP[] = {
223	58,50,42,34,26,18,10, 2,
224	60,52,44,36,28,20,12, 4,
225	62,54,46,38,30,22,14, 6,
226	64,56,48,40,32,24,16, 8,
227	57,49,41,33,25,17, 9, 1,
228	59,51,43,35,27,19,11, 3,
229	61,53,45,37,29,21,13, 5,
230	63,55,47,39,31,23,15, 7,
231	};
232
233	/*
234	* Final permutation, FP = IP^(-1)
235	*/
236	static char FP[] = {
237	40, 8,48,16,56,24,64,32,
238	39, 7,47,15,55,23,63,31,
239	38, 6,46,14,54,22,62,30,
240	37, 5,45,13,53,21,61,29,
241	36, 4,44,12,52,20,60,28,
242	35, 3,43,11,51,19,59,27,
243	34, 2,42,10,50,18,58,26,
244	33, 1,41, 9,49,17,57,25,
245	};
246
247	/*
248	* Permuted-choice 1 from the key bits
249	* to yield C and D.
250	* Note that bits 8,16... are left out:
251	* They are intended for a parity check.
252	*/
253	static char PC1_C[] = {
254	57,49,41,33,25,17, 9,
255	1,58,50,42,34,26,18,
256	10, 2,59,51,43,35,27,
257	19,11, 3,60,52,44,36,
258	};
259
260	static char PC1_D[] = {
261	63,55,47,39,31,23,15,
262	7,62,54,46,38,30,22,
263	14, 6,61,53,45,37,29,
264	21,13, 5,28,20,12, 4,
265	};
266
267	/*
268	* Sequence of shifts used for the key schedule.
269	*/
270	static char shifts[] = {
271	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
272	};
273
274	/*
275	* Permuted-choice 2, to pick out the bits from
276	* the CD array that generate the key schedule.
277	*/
278	static char PC2_C[] = {
279	14,17,11,24, 1, 5,
280	3,28,15, 6,21,10,
281	23,19,12, 4,26, 8,
282	16, 7,27,20,13, 2,
283	};
284
285	static char PC2_D[] = {
286	41,52,31,37,47,55,
287	30,40,51,45,33,48,
288	44,49,39,56,34,53,
289	46,42,50,36,29,32,
290	};
291
292	/*
293	* The C and D arrays used to calculate the key schedule.
294	*/
295
296	static char C[28];
297	static char D[28];
298	/*
299	* The key schedule.
300	* Generated from the key.
301	*/
302	static char KS[16][48];
303
304	/*
305	* Set up the key schedule from the key.
306	*/
307
308	nbssetkey(key)
309	char *key;
310	{
311	register i, j, k;
312	int t;
313
314	/*
315	* First, generate C and D by permuting
316	* the key. The low order bit of each
317	* 8-bit char is not used, so C and D are only 28
318	* bits apiece.
319	*/
320	for (i=0; i<28; i++) {
321	C[i] = key[PC1_C[i]-1];
322	D[i] = key[PC1_D[i]-1];
323	}
324	/*
325	* To generate Ki, rotate C and D according
326	* to schedule and pick up a permutation
327	* using PC2.
328	*/
329	for (i=0; i<16; i++) {
330	/*
331	* rotate.
332	*/
333	for (k=0; k<shifts[i]; k++) {
334	t = C[0];
335	for (j=0; j<28-1; j++)
336	C[j] = C[j+1];
337	C[27] = t;
338	t = D[0];
339	for (j=0; j<28-1; j++)
340	D[j] = D[j+1];
341	D[27] = t;
342	}
343	/*
344	* get Ki. Note C and D are concatenated.
345	*/
346	for (j=0; j<24; j++) {
347	KS[i][j] = C[PC2_C[j]-1];
348	KS[i][j+24] = D[PC2_D[j]-28-1];
349	}
350	}
351	}
352
353	/*
354	* The E bit-selection table.
355	*/
356	static char e[] = {
357	32, 1, 2, 3, 4, 5,
358	4, 5, 6, 7, 8, 9,
359	8, 9,10,11,12,13,
360	12,13,14,15,16,17,
361	16,17,18,19,20,21,
362	20,21,22,23,24,25,
363	24,25,26,27,28,29,
364	28,29,30,31,32, 1,
365	};
366
367	/*
368	* The 8 selection functions.
369	* For some reason, they give a 0-origin
370	* index, unlike everything else.
371	*/
372	static char S[8][64] = {
373	14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
374	0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
375	4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
376	15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13,
377
378	15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
379	3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
380	0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
381	13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9,
382
383	10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
384	13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
385	13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
386	1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12,
387
388	7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
389	13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
390	10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
391	3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14,
392
393	2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
394	14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
395	4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
396	11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3,
397
398	12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
399	10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
400	9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
401	4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13,
402
403	4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
404	13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
405	1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
406	6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12,
407
408	13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
409	1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
410	7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
411	2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11,
412	};
413
414	/*
415	* P is a permutation on the selected combination
416	* of the current L and key.
417	*/
418	static char P[] = {
419	16, 7,20,21,
420	29,12,28,17,
421	1,15,23,26,
422	5,18,31,10,
423	2, 8,24,14,
424	32,27, 3, 9,
425	19,13,30, 6,
426	22,11, 4,25,
427	};
428
429	/*
430	* The current block, divided into 2 halves.
431	*/
432	static char L[32], R[32];
433	static char tempL[32];
434	static char f[32];
435
436	/*
437	* The combination of the key and the input, before selection.
438	*/
439	static char preS[48];
440
441	/*
442	* The payoff: encrypt a block.
443	*/
444
445	blkencrypt(block, edflag)
446	char *block;
447	{
448	int i, ii;
449	register t, j, k;
450
451	/*
452	* First, permute the bits in the input
453	*/
454	for (j=0; j<64; j++)
455	L[j] = block[IP[j]-1];
456	/*
457	* Perform an encryption operation 16 times.
458	*/
459	for (ii=0; ii<16; ii++) {
460	/*
461	* Set direction
462	*/
463	if (edflag)
464	i = 15-ii;
465	else
466	i = ii;
467	/*
468	* Save the R array,
469	* which will be the new L.
470	*/
471	for (j=0; j<32; j++)
472	tempL[j] = R[j];
473	/*
474	* Expand R to 48 bits using the E selector;
475	* exclusive-or with the current key bits.
476	*/
477	for (j=0; j<48; j++)
478	preS[j] = R[E[j]-1] ^ KS[i][j];
479	/*
480	* The pre-select bits are now considered
481	* in 8 groups of 6 bits each.
482	* The 8 selection functions map these
483	* 6-bit quantities into 4-bit quantities
484	* and the results permuted
485	* to make an f(R, K).
486	* The indexing into the selection functions
487	* is peculiar; it could be simplified by
488	* rewriting the tables.
489	*/
490	for (j=0; j<8; j++) {
491	t = 6*j;
492	k = S[j][(preS[t+0]<<5)+
493	(preS[t+1]<<3)+
494	(preS[t+2]<<2)+
495	(preS[t+3]<<1)+
496	(preS[t+4]<<0)+
497	(preS[t+5]<<4)];
498	t = 4*j;
499	f[t+0] = (k>>3)&01;
500	f[t+1] = (k>>2)&01;
501	f[t+2] = (k>>1)&01;
502	f[t+3] = (k>>0)&01;
503	}
504	/*
505	* The new R is L ^ f(R, K).
506	* The f here has to be permuted first, though.
507	*/
508	for (j=0; j<32; j++)
509	R[j] = L[j] ^ f[P[j]-1];
510	/*
511	* Finally, the new L (the original R)
512	* is copied back.
513	*/
514	for (j=0; j<32; j++)
515	L[j] = tempL[j];
516	}
517	/*
518	* The output L and R are reversed.
519	*/
520	for (j=0; j<32; j++) {
521	t = L[j];
522	L[j] = R[j];
523	R[j] = t;
524	}
525	/*
526	* The final output
527	* gets the inverse permutation of the very original.
528	*/
529	for (j=0; j<64; j++)
530	block[j] = L[FP[j]-1];
531	}