1/* $OpenBSD: cfb64ede.c,v 1.13 2024/03/29 01:47:29 joshua Exp $ */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include "des_local.h" 60 61/* The input and output encrypted as though 64bit cfb mode is being 62 * used. The extra state information to record how much of the 63 * 64bit block we have used is contained in *num; 64 */ 65 66void 67DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 68 long length, DES_key_schedule *ks1, 69 DES_key_schedule *ks2, DES_key_schedule *ks3, 70 DES_cblock *ivec, int *num, int enc) 71{ 72 DES_LONG v0, v1; 73 long l = length; 74 int n = *num; 75 DES_LONG ti[2]; 76 unsigned char *iv, c, cc; 77 78 iv = &(*ivec)[0]; 79 if (enc) { 80 while (l--) { 81 if (n == 0) { 82 c2l(iv, v0); 83 c2l(iv, v1); 84 85 ti[0] = v0; 86 ti[1] = v1; 87 DES_encrypt3(ti, ks1, ks2, ks3); 88 v0 = ti[0]; 89 v1 = ti[1]; 90 91 iv = &(*ivec)[0]; 92 l2c(v0, iv); 93 l2c(v1, iv); 94 iv = &(*ivec)[0]; 95 } 96 c = *(in++) ^ iv[n]; 97 *(out++) = c; 98 iv[n] = c; 99 n = (n + 1) & 0x07; 100 } 101 } else { 102 while (l--) { 103 if (n == 0) { 104 c2l(iv, v0); 105 c2l(iv, v1); 106 107 ti[0] = v0; 108 ti[1] = v1; 109 DES_encrypt3(ti, ks1, ks2, ks3); 110 v0 = ti[0]; 111 v1 = ti[1]; 112 113 iv = &(*ivec)[0]; 114 l2c(v0, iv); 115 l2c(v1, iv); 116 iv = &(*ivec)[0]; 117 } 118 cc = *(in++); 119 c = iv[n]; 120 iv[n] = cc; 121 *(out++) = c ^ cc; 122 n = (n + 1) & 0x07; 123 } 124 } 125 v0 = v1 = ti[0] = ti[1] = c = cc = 0; 126 *num = n; 127} 128LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt); 129 130/* This is compatible with the single key CFB-r for DES, even thought that's 131 * not what EVP needs. 132 */ 133 134void 135DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, 136 int numbits, long length, DES_key_schedule *ks1, 137 DES_key_schedule *ks2, DES_key_schedule *ks3, 138 DES_cblock *ivec, int enc) 139{ 140 DES_LONG d0, d1, v0, v1; 141 unsigned long l = length, n = ((unsigned int)numbits + 7)/8; 142 int num = numbits, i; 143 DES_LONG ti[2]; 144 unsigned char *iv; 145 unsigned char ovec[16]; 146 147 if (num > 64) 148 return; 149 iv = &(*ivec)[0]; 150 c2l(iv, v0); 151 c2l(iv, v1); 152 if (enc) { 153 while (l >= n) { 154 l -= n; 155 ti[0] = v0; 156 ti[1] = v1; 157 DES_encrypt3(ti, ks1, ks2, ks3); 158 c2ln(in, d0, d1, n); 159 in += n; 160 d0 ^= ti[0]; 161 d1 ^= ti[1]; 162 l2cn(d0, d1, out, n); 163 out += n; 164 /* 30-08-94 - eay - changed because l>>32 and 165 * l<<32 are bad under gcc :-( */ 166 if (num == 32) { 167 v0 = v1; 168 v1 = d0; 169 } else if (num == 64) { 170 v0 = d0; 171 v1 = d1; 172 } else { 173 iv = &ovec[0]; 174 l2c(v0, iv); 175 l2c(v1, iv); 176 l2c(d0, iv); 177 l2c(d1, iv); 178 /* shift ovec left most of the bits... */ 179 memmove(ovec, ovec + num/8, 180 8 + (num % 8 ? 1 : 0)); 181 /* now the remaining bits */ 182 if (num % 8 != 0) { 183 for (i = 0; i < 8; ++i) { 184 ovec[i] <<= num % 8; 185 ovec[i] |= ovec[i + 1] >> 186 (8 - num % 8); 187 } 188 } 189 iv = &ovec[0]; 190 c2l(iv, v0); 191 c2l(iv, v1); 192 } 193 } 194 } else { 195 while (l >= n) { 196 l -= n; 197 ti[0] = v0; 198 ti[1] = v1; 199 DES_encrypt3(ti, ks1, ks2, ks3); 200 c2ln(in, d0, d1, n); 201 in += n; 202 /* 30-08-94 - eay - changed because l>>32 and 203 * l<<32 are bad under gcc :-( */ 204 if (num == 32) { 205 v0 = v1; 206 v1 = d0; 207 } else if (num == 64) { 208 v0 = d0; 209 v1 = d1; 210 } else { 211 iv = &ovec[0]; 212 l2c(v0, iv); 213 l2c(v1, iv); 214 l2c(d0, iv); 215 l2c(d1, iv); 216 /* shift ovec left most of the bits... */ 217 memmove(ovec, ovec + num/8, 218 8 + (num % 8 ? 1 : 0)); 219 /* now the remaining bits */ 220 if (num % 8 != 0) { 221 for (i = 0; i < 8; ++i) { 222 ovec[i] <<= num % 8; 223 ovec[i] |= ovec[i + 1] >> 224 (8 - num % 8); 225 } 226 } 227 iv = &ovec[0]; 228 c2l(iv, v0); 229 c2l(iv, v1); 230 } 231 d0 ^= ti[0]; 232 d1 ^= ti[1]; 233 l2cn(d0, d1, out, n); 234 out += n; 235 } 236 } 237 iv = &(*ivec)[0]; 238 l2c(v0, iv); 239 l2c(v1, iv); 240 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; 241} 242LCRYPTO_ALIAS(DES_ede3_cfb_encrypt); 243