+/*
+ * $Source: /mit/kerberos/src/lib/des/RCS/des.c,v $
+ * $Author: jtkohl $
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * These routines perform encryption and decryption using the DES
+ * private key algorithm, or else a subset of it-- fewer inner loops.
+ * (AUTH_DES_ITER defaults to 16, may be less.)
+ *
+ * Under U.S. law, this software may not be exported outside the US
+ * without license from the U.S. Commerce department.
+ *
+ * The key schedule is passed as an arg, as well as the cleartext or
+ * ciphertext.
+ *
+ * All registers labeled imply Vax using the Ultrix or 4.2bsd
+ * compiler.
+ *
+ *
+ * NOTE: bit and byte numbering:
+ * DES algorithm is defined in terms of bits of L
+ * followed by bits of R.
+ * bit 0 ==> lsb of L
+ * bit 63 ==> msb of R
+ *
+ * Always work in register pairs, FROM L1,R1 TO L2,R2 to make
+ * bookkeeping easier.
+ *
+ * originally written by Steve Miller, MIT Project Athena
+ */
+
+#ifndef lint
+static char rcsid_des_c[] =
+"$Header: des.c,v 4.13 89/01/21 16:49:55 jtkohl Exp $";
+#endif lint
+
+#include <mit-copyright.h>
+
+#include <stdio.h>
+#include <des.h>
+#include "des_internal.h"
+#include "s_table.h"
+#ifdef BIG
+#include "p_table.h"
+#endif
+
+#ifdef DEBUG
+#define DBG_PRINT(s) if (des_debug & 2) \
+ des_debug_print(s,i,L1&0xffff,(L1>>16)&0xffff, \
+ R1&0xffff,(R1>>16)&0xffff)
+#else
+#define DBG_PRINT(s)
+#endif
+
+extern int des_debug;
+extern des_cblock_print_file ();
+extern des_debug_print ();
+
+int
+des_ecb_encrypt(clear, cipher, schedule, encrypt)
+ unsigned long *clear;
+ unsigned long *cipher;
+ int encrypt; /* 0 ==> decrypt, else encrypt */
+ register des_key_schedule schedule; /* r11 */
+{
+
+ /* better pass 8 bytes, length not checked here */
+
+ register unsigned long R1, L1; /* R1 = r10, L1 = r9 */
+ register unsigned long R2, L2; /* R2 = r8, L2 = r7 */
+ long i;
+ /* one more registers left on VAX, see below P_temp_p */
+#ifdef BITS16
+ sbox_in_16_a S_in_16_a;
+ sbox_in_16_b S_in_16_b;
+ sbox_in_16_c S_in_16_c;
+ unsigned int *S_in_a_16_p = (unsigned int *) &S_in_16_a;
+ unsigned int *S_in_b_16_p = (unsigned int *) &S_in_16_b;
+ unsigned int *S_in_c_16_p = (unsigned int *) &S_in_16_c;
+#endif
+#ifndef BITS32
+#ifndef BITS16
+ dunno how to do this machine type, you lose;
+#endif
+#endif
+ unsigned long P_temp;
+ register unsigned char *P_temp_p = (unsigned char *) & P_temp;
+#ifdef BITS16
+ sbox_out S_out;
+ unsigned long *S_out_p = (unsigned long *) &S_out;
+#endif
+ unsigned long R_save, L_save;
+#ifdef DEBUG
+ unsigned long dbg_tmp[2];
+#endif
+
+ /*
+ * Use L1,R1 and L2,R2 as two sets of "64-bit" registers always
+ * work from L1,R1 input to L2,R2 output; initialize the cleartext
+ * into registers.
+ */
+#ifdef MUSTALIGN
+#ifdef DEBUG
+ /*
+ * If the alignment is wrong, the programmer really screwed up --
+ * we aren't even getting the right data type. His problem. Keep
+ * this code for debugging.
+ */
+ /* Make sure schedule is ok */
+ if ((long) schedule & 3) {
+ fprintf(stderr,"des.c schedule arg pointer not aligned\n");
+ abort();
+ }
+#endif
+ if ((long) clear & 3) {
+ bcopy((char *)clear++,(char *)&L_save,sizeof(L_save));
+ bcopy((char *)clear,(char *)&R_save,sizeof(R_save));
+ L1 = L_save;
+ R1 = R_save;
+ }
+ else
+#endif
+ {
+ if (clear) L1 = *clear++;
+ else L1 = NULL;
+ if (clear) R1 = *clear;
+ else R1 = NULL;
+ }
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ printf("All values printed from low byte (bit 0)");
+ printf(" --> high byte (bit 63)\n");
+ i = 0;
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ printf("iter = %2d before IP\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+
+ DBG_PRINT("before IP");
+#endif
+
+/* IP_start:*/
+
+ /* all the Initial Permutation code is in the include file */
+#include "ip.c"
+ /* reset input to L1,R1 */
+ L1 = L2;
+ R1 = R2;
+
+ /* iterate through the inner loop */
+ for (i = 0; i <= (AUTH_DES_ITER-1); i++) {
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ printf("iter = %2d start loop\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ DBG_PRINT("start loop");
+ }
+
+#endif
+
+ R_save = R1;
+ L_save = L1;
+
+/* E_start:*/
+ /* apply the E permutation from R1 to L2, R2 */
+#ifndef VAXASM
+#ifdef SLOW_E
+#include "e.c"
+#else /* Bill's fast E */
+ L2 = (R1 << 1);
+ if (R1 & (1<<31))
+ L2 |= 1<<0;
+ L2 &= 077;
+ L2 |= (R1 <<3) & 07700;
+ L2 |= (R1 <<5) & 0770000;
+ L2 |= (R1 <<7) & 077000000;
+ L2 |= (R1 <<9) & 07700000000;
+ L2 |= (R1 <<11) & 030000000000;
+
+ /* now from right to right */
+
+ R2 = ((R1 >> 17) & 0176000);
+ if (R1 & (1<<0)) R2 |= 1<<15;
+
+ R2 |= ((R1 >> 21) & 017);
+ R2 |= ((R1 >> 19) & 01760);
+#endif /* SLOW_E */
+#else /* VAXASM */
+ /* E operations */
+ /* right to left */
+ asm(" rotl $1,r10,r7");
+ L2 &= 077;
+ L2 |= (R1 <<3) & 07700;
+ L2 |= (R1 <<5) & 0770000;
+ L2 |= (R1 <<7) & 077000000;
+ L2 |= (R1 <<9) & 07700000000;
+ L2 |= (R1 <<11) & 030000000000;
+
+ asm(" rotl $-17,r10,r8");
+ R2 &= 0176000;
+ asm(" rotl $-21,r10,r0");
+ asm(" bicl2 $-16,r0");
+ asm(" bisl2 r0,r8");
+ asm(" rotl $-19,r10,r0");
+ asm(" bicl2 $-1009,r0");
+ asm(" bisl2 r0,r8");
+
+#endif
+
+ /* reset input to L1,R1 */
+ L1 = L2;
+ R1 = R2;
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("after e");
+ printf("iter = %2d after e\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+#endif
+
+/* XOR_start:*/
+ /*
+ * XOR with the key schedule, "schedule"
+ *
+ * If this is an encryption operation, use schedule[i],
+ * otherwise use schedule [AUTH_DES_ITER-i-1]
+ *
+ * First XOR left half.
+ */
+ if (encrypt) {
+ L1 ^= *(((unsigned long *) &schedule[i] )+0);
+ /* now right half */
+ R1 ^= *(((unsigned long *) &schedule[i] )+1);
+ }
+ else {
+ L1 ^= *(((unsigned long *) &schedule[AUTH_DES_ITER-i-1] )+0);
+ /* now right half */
+ R1 ^= *(((unsigned long *) &schedule[AUTH_DES_ITER-i-1] )+1);
+ }
+
+ /* dont have to reset input to L1, R1 */
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("after xor");
+ printf("iter = %2d after xor\n\t\tL1 R1 =",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+#endif
+
+/* S_start:*/
+ /* apply the S selection from L1, R1 to R2 */
+
+#ifdef notdef
+#include "s.c"
+#endif
+
+ /* S operations , cant use registers for bit field stuff */
+ /* from S_in to S_out */
+
+#ifdef BITS16
+ *S_in_a_16_p = L1&0xffff;
+ *S_in_b_16_p = (L1>>16)&0xffff;
+ *S_in_c_16_p = R1&0xffff;
+ (*(unsigned long *) &S_out) =
+ (unsigned) S_adj[0][S_in_16_a.b0];
+ S_out.b1 = (unsigned) S_adj[1][S_in_16_a.b1];
+ /* b2 spans two words */
+ S_out.b2 = (unsigned)
+ S_adj[2][(unsigned) S_in_16_a.b2
+ + (((unsigned) S_in_16_b.b2) << 4)];
+ S_out.b3 = (unsigned) S_adj[3][S_in_16_b.b3];
+ S_out.b4 = (unsigned) S_adj[4][S_in_16_b.b4];
+ /* b5 spans both parts */
+ S_out.b5 = (unsigned)
+ S_adj[5][(unsigned) S_in_16_b.b5
+ + (((unsigned) S_in_16_c.b5) << 2)];
+ S_out.b6 = (unsigned) S_adj[6][S_in_16_c.b6];
+ S_out.b7 = (unsigned) S_adj[7][S_in_16_c.b7];
+ R1 = *S_out_p;
+#else
+ /* is a 32 bit sys */
+#ifndef VAXASM
+ R2 = (unsigned) S_adj[0][L1 & 077];
+ L2 = (unsigned) S_adj[1][(L1 >> 6) & 077];
+ R2 |= (L2 <<4 );
+ L2 = (unsigned) S_adj[2][(L1 >> 12) & 077];
+ R2 |= (L2 <<8);
+ L2 = (unsigned) S_adj[3][(L1 >> 18) & 077];
+ R2 |= (L2 <<12);
+ L2 = (unsigned) S_adj[4][(L1 >> 24) & 077];
+ R2 |= (L2 <<16);
+ /* b5 spans both parts */
+ L2 = (unsigned)
+ S_adj[5][(unsigned) ((L1 >>30) & 03) + ((R1 & 017) << 2)];
+ R2 |= (L2 << 20);
+ L2 = (unsigned) S_adj[6][(R1 >> 4) & 077];
+ R2 |= (L2 <<24);
+ L2 = (unsigned) S_adj[7][(R1 >> 10) & 077];
+ R1 = R2 | (L2 <<28);
+ /* reset input to L1, R1 */
+#else /* vaxasm */
+ /*
+ * this is the c code produced above, with
+ * extzv replaced by rotl
+ */
+ asm("bicl3 $-64,r9,r0");
+ asm("movzbl _S_adj[r0],r8");
+ asm("rotl $-6,r9,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+64[r0],r7");
+ asm("ashl $4,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-12,r9,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+128[r0],r7");
+ asm("ashl $8,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-18,r9,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+192[r0],r7");
+ asm("ashl $12,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-24,r9,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+256[r0],r7");
+ asm("ashl $16,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-30,r9,r0");
+ asm("bicl2 $-4,r0");
+ asm("bicl3 $-16,r10,r1");
+ asm("ashl $2,r1,r1");
+ asm("addl2 r1,r0");
+ asm("movzbl _S_adj+320[r0],r7");
+ asm("ashl $20,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-4,r10,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+384[r0],r7");
+ asm("ashl $24,r7,r0");
+ asm("bisl2 r0,r8");
+ asm("rotl $-10,r10,r0");
+ asm("bicl2 $-64,r0");
+ asm("movzbl _S_adj+448[r0],r7");
+ asm("ashl $28,r7,r0");
+ asm("bisl2 r8,r0");
+ asm("movl r0,r10");
+
+#endif /* vaxasm */
+#endif
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("after s");
+ printf("iter = %2d after s\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+#endif
+
+/* P_start:*/
+ /* and then the p permutation from R1 into R2 */
+#include "p.c"
+ /* reset the input to L1, R1 */
+ R1 = R2;
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("after p");
+ printf("iter = %2d after p\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+#endif
+
+ /* R1 is the output value from the f() */
+ /* move R[iter] to L[iter+1] */
+/* XOR_2_start:*/
+ L1 = R_save;
+ /* xor with left */
+ R1 = L_save ^ R1;
+ /* reset the input */
+ }
+
+ /* flip left and right before final permutation */
+ L2 = R1; /* flip */
+ R2 = L1;
+ /* reset the input */
+ L1 = L2;
+ R1 = R2;
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("before FP");
+ printf("iter = %2d before FP\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+
+#endif
+
+/*FP_start:*/
+ /* do the final permutation from L1R1 to L2R2 */
+ /* all the fp code is in the include file */
+#include "fp.c"
+
+ /* copy the output to the ciphertext string;
+ * can be same as cleartext
+ */
+
+#ifdef MUSTALIGN
+ if ((long) cipher & 3) {
+ L_save = L2; /* cant bcopy a reg */
+ R_save = R2;
+ bcopy((char *)&L_save,(char *)cipher++,sizeof(L_save));
+ bcopy((char *)&R_save,(char *)cipher,sizeof(R_save));
+ }
+ else
+#endif
+ {
+ *cipher++ = L2;
+ *cipher = R2;
+ }
+
+#ifdef DEBUG
+ if (des_debug & 2) {
+ L1 = L2;
+ R1 = R2;
+ dbg_tmp[0] = L1;
+ dbg_tmp[1] = R1;
+ DBG_PRINT("done");
+ printf("iter = %2d done\n\t\tL1 R1 = ",i);
+ des_cblock_print_file (dbg_tmp, stdout);
+ }
+#endif
+
+ /* that's it, no errors can be returned */
+ return 0;
+}
+