1/* $OpenBSD: cfb64ede.c,v 1.13 2024/03/29 01:47:29 joshua Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "des_local.h"
60
61/* The input and output encrypted as though 64bit cfb mode is being
62 * used.  The extra state information to record how much of the
63 * 64bit block we have used is contained in *num;
64 */
65
66void
67DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
68    long length, DES_key_schedule *ks1,
69    DES_key_schedule *ks2, DES_key_schedule *ks3,
70    DES_cblock *ivec, int *num, int enc)
71{
72	DES_LONG v0, v1;
73	long l = length;
74	int n = *num;
75	DES_LONG ti[2];
76	unsigned char *iv, c, cc;
77
78	iv = &(*ivec)[0];
79	if (enc) {
80		while (l--) {
81			if (n == 0) {
82				c2l(iv, v0);
83				c2l(iv, v1);
84
85				ti[0] = v0;
86				ti[1] = v1;
87				DES_encrypt3(ti, ks1, ks2, ks3);
88				v0 = ti[0];
89				v1 = ti[1];
90
91				iv = &(*ivec)[0];
92				l2c(v0, iv);
93				l2c(v1, iv);
94				iv = &(*ivec)[0];
95			}
96			c = *(in++) ^ iv[n];
97			*(out++) = c;
98			iv[n] = c;
99			n = (n + 1) & 0x07;
100		}
101	} else {
102		while (l--) {
103			if (n == 0) {
104				c2l(iv, v0);
105				c2l(iv, v1);
106
107				ti[0] = v0;
108				ti[1] = v1;
109				DES_encrypt3(ti, ks1, ks2, ks3);
110				v0 = ti[0];
111				v1 = ti[1];
112
113				iv = &(*ivec)[0];
114				l2c(v0, iv);
115				l2c(v1, iv);
116				iv = &(*ivec)[0];
117			}
118			cc = *(in++);
119			c = iv[n];
120			iv[n] = cc;
121			*(out++) = c ^ cc;
122			n = (n + 1) & 0x07;
123		}
124	}
125	v0 = v1 = ti[0] = ti[1] = c = cc = 0;
126	*num = n;
127}
128LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt);
129
130/* This is compatible with the single key CFB-r for DES, even thought that's
131 * not what EVP needs.
132 */
133
134void
135DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
136    int numbits, long length, DES_key_schedule *ks1,
137    DES_key_schedule *ks2, DES_key_schedule *ks3,
138    DES_cblock *ivec, int enc)
139{
140	DES_LONG d0, d1, v0, v1;
141	unsigned long l = length, n = ((unsigned int)numbits + 7)/8;
142	int num = numbits, i;
143	DES_LONG ti[2];
144	unsigned char *iv;
145	unsigned char ovec[16];
146
147	if (num > 64)
148		return;
149	iv = &(*ivec)[0];
150	c2l(iv, v0);
151	c2l(iv, v1);
152	if (enc) {
153		while (l >= n) {
154			l -= n;
155			ti[0] = v0;
156			ti[1] = v1;
157			DES_encrypt3(ti, ks1, ks2, ks3);
158			c2ln(in, d0, d1, n);
159			in += n;
160			d0 ^= ti[0];
161			d1 ^= ti[1];
162			l2cn(d0, d1, out, n);
163			out += n;
164			/* 30-08-94 - eay - changed because l>>32 and
165			 * l<<32 are bad under gcc :-( */
166			if (num == 32) {
167				v0 = v1;
168				v1 = d0;
169			} else if (num == 64) {
170				v0 = d0;
171				v1 = d1;
172			} else {
173				iv = &ovec[0];
174				l2c(v0, iv);
175				l2c(v1, iv);
176				l2c(d0, iv);
177				l2c(d1, iv);
178				/* shift ovec left most of the bits... */
179				memmove(ovec, ovec + num/8,
180				    8 + (num % 8 ? 1 : 0));
181				/* now the remaining bits */
182				if (num % 8 != 0) {
183					for (i = 0; i < 8; ++i) {
184						ovec[i] <<= num % 8;
185						ovec[i] |= ovec[i + 1] >>
186						    (8 - num % 8);
187					}
188				}
189				iv = &ovec[0];
190				c2l(iv, v0);
191				c2l(iv, v1);
192			}
193		}
194	} else {
195		while (l >= n) {
196			l -= n;
197			ti[0] = v0;
198			ti[1] = v1;
199			DES_encrypt3(ti, ks1, ks2, ks3);
200			c2ln(in, d0, d1, n);
201			in += n;
202			/* 30-08-94 - eay - changed because l>>32 and
203			 * l<<32 are bad under gcc :-( */
204			if (num == 32) {
205				v0 = v1;
206				v1 = d0;
207			} else if (num == 64) {
208				v0 = d0;
209				v1 = d1;
210			} else {
211				iv = &ovec[0];
212				l2c(v0, iv);
213				l2c(v1, iv);
214				l2c(d0, iv);
215				l2c(d1, iv);
216				/* shift ovec left most of the bits... */
217				memmove(ovec, ovec + num/8,
218				    8 + (num % 8 ? 1 : 0));
219				/* now the remaining bits */
220				if (num % 8 != 0) {
221					for (i = 0; i < 8; ++i) {
222						ovec[i] <<= num % 8;
223						ovec[i] |= ovec[i + 1] >>
224						    (8 - num % 8);
225					}
226				}
227				iv = &ovec[0];
228				c2l(iv, v0);
229				c2l(iv, v1);
230			}
231			d0 ^= ti[0];
232			d1 ^= ti[1];
233			l2cn(d0, d1, out, n);
234			out += n;
235		}
236	}
237	iv = &(*ivec)[0];
238	l2c(v0, iv);
239	l2c(v1, iv);
240	v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
241}
242LCRYPTO_ALIAS(DES_ede3_cfb_encrypt);
243