HCoop / hcoop / debian / openafs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import Upstream version 1.8.5
[hcoop/debian/openafs.git] / src / external / heimdal / hcrypto / des.c
1 /*
2 * Copyright (c) 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /**
35 * @page page_des DES - Data Encryption Standard crypto interface
36 *
37 * See the library functions here: @ref hcrypto_des
38 *
39 * DES was created by IBM, modififed by NSA and then adopted by NBS
40 * (now NIST) and published ad FIPS PUB 46 (updated by FIPS 46-1).
41 *
42 * Since the 19th May 2005 DES was withdrawn by NIST and should no
43 * longer be used. See @ref page_evp for replacement encryption
44 * algorithms and interfaces.
45 *
46 * Read more the iteresting history of DES on Wikipedia
47 * http://www.wikipedia.org/wiki/Data_Encryption_Standard .
48 *
49 * @section des_keygen DES key generation
50 *
51 * To generate a DES key safely you have to use the code-snippet
52 * below. This is because the DES_random_key() can fail with an
53 * abort() in case of and failure to start the random generator.
54 *
55 * There is a replacement function DES_new_random_key(), however that
56 * function does not exists in OpenSSL.
57 *
58 * @code
59 * DES_cblock key;
60 * do {
61 * if (RAND_rand(&key, sizeof(key)) != 1)
62 * goto failure;
63 * DES_set_odd_parity(key);
64 * } while (DES_is_weak_key(&key));
65 * @endcode
66 *
67 * @section des_impl DES implementation history
68 *
69 * There was no complete BSD licensed, fast, GPL compatible
70 * implementation of DES, so Love wrote the part that was missing,
71 * fast key schedule setup and adapted the interface to the orignal
72 * libdes.
73 *
74 * The document that got me started for real was "Efficient
75 * Implementation of the Data Encryption Standard" by Dag Arne Osvik.
76 * I never got to the PC1 transformation was working, instead I used
77 * table-lookup was used for all key schedule setup. The document was
78 * very useful since it de-mystified other implementations for me.
79 *
80 * The core DES function (SBOX + P transformation) is from Richard
81 * Outerbridge public domain DES implementation. My sanity is saved
82 * thanks to his work. Thank you Richard.
83 */
84
85 #include <config.h>
86
87 #define HC_DEPRECATED
88
89 #include <stdio.h>
90 #include <stdlib.h>
91 #include <string.h>
92 #include <krb5-types.h>
93 #include <assert.h>
94
95 #include <roken.h>
96
97 #include "des.h"
98 #include "ui.h"
99
100 static void desx(uint32_t [2], DES_key_schedule *, int);
101 static void IP(uint32_t [2]);
102 static void FP(uint32_t [2]);
103
104 #include "des-tables.h"
105
106 #define ROTATE_LEFT28(x,one) \
107 if (one) { \
108 x = ( ((x)<<(1)) & 0xffffffe) | ((x) >> 27); \
109 } else { \
110 x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \
111 }
112
113 /**
114 * Set the parity of the key block, used to generate a des key from a
115 * random key. See @ref des_keygen.
116 *
117 * @param key key to fixup the parity for.
118 * @ingroup hcrypto_des
119 */
120
121 void
122 DES_set_odd_parity(DES_cblock *key)
123 {
124 unsigned int i;
125 for (i = 0; i < DES_CBLOCK_LEN; i++)
126 (*key)[i] = odd_parity[(*key)[i]];
127 }
128
129 /**
130 * Check if the key have correct parity.
131 *
132 * @param key key to check the parity.
133 * @return 1 on success, 0 on failure.
134 * @ingroup hcrypto_des
135 */
136
137 int HC_DEPRECATED
138 DES_check_key_parity(DES_cblock *key)
139 {
140 unsigned int i;
141
142 for (i = 0; i < DES_CBLOCK_LEN; i++)
143 if ((*key)[i] != odd_parity[(*key)[i]])
144 return 0;
145 return 1;
146 }
147
148 /*
149 *
150 */
151
152 /* FIPS 74 */
153 static DES_cblock weak_keys[] = {
154 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, /* weak keys */
155 {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
156 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
157 {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
158 {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, /* semi-weak keys */
159 {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
160 {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
161 {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
162 {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
163 {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
164 {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
165 {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
166 {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
167 {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
168 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
169 {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}
170 };
171
172 /**
173 * Checks if the key is any of the weaks keys that makes DES attacks
174 * trival.
175 *
176 * @param key key to check.
177 *
178 * @return 1 if the key is weak, 0 otherwise.
179 * @ingroup hcrypto_des
180 */
181
182 int
183 DES_is_weak_key(DES_cblock *key)
184 {
185 int weak = 0;
186 int i;
187
188 for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
189 weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
190
191 return !!weak;
192 }
193
194 /**
195 * Setup a des key schedule from a key. Deprecated function, use
196 * DES_set_key_unchecked() or DES_set_key_checked() instead.
197 *
198 * @param key a key to initialize the key schedule with.
199 * @param ks a key schedule to initialize.
200 *
201 * @return 0 on success
202 * @ingroup hcrypto_des
203 */
204
205 int HC_DEPRECATED
206 DES_set_key(DES_cblock *key, DES_key_schedule *ks)
207 {
208 return DES_set_key_checked(key, ks);
209 }
210
211 /**
212 * Setup a des key schedule from a key. The key is no longer needed
213 * after this transaction and can cleared.
214 *
215 * Does NOT check that the key is weak for or have wrong parity.
216 *
217 * @param key a key to initialize the key schedule with.
218 * @param ks a key schedule to initialize.
219 *
220 * @return 0 on success
221 * @ingroup hcrypto_des
222 */
223
224 int
225 DES_set_key_unchecked(DES_cblock *key, DES_key_schedule *ks)
226 {
227 uint32_t t1, t2;
228 uint32_t c, d;
229 int shifts[16] = { 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1 };
230 uint32_t *k = &ks->ks[0];
231 int i;
232
233 t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3];
234 t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7];
235
236 c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3)
237 | (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2)
238 | (pc1_c_3[(t1 >> (5 + 8 + 8 )) & 0x7] << 1)
239 | (pc1_c_3[(t1 >> (5 + 8 + 8 + 8)) & 0x7] << 0)
240 | (pc1_c_4[(t2 >> (4 )) & 0xf] << 3)
241 | (pc1_c_4[(t2 >> (4 + 8 )) & 0xf] << 2)
242 | (pc1_c_4[(t2 >> (4 + 8 + 8 )) & 0xf] << 1)
243 | (pc1_c_4[(t2 >> (4 + 8 + 8 + 8)) & 0xf] << 0);
244
245
246 d = (pc1_d_3[(t2 >> (1 )) & 0x7] << 3)
247 | (pc1_d_3[(t2 >> (1 + 8 )) & 0x7] << 2)
248 | (pc1_d_3[(t2 >> (1 + 8 + 8 )) & 0x7] << 1)
249 | (pc1_d_3[(t2 >> (1 + 8 + 8 + 8)) & 0x7] << 0)
250 | (pc1_d_4[(t1 >> (1 )) & 0xf] << 3)
251 | (pc1_d_4[(t1 >> (1 + 8 )) & 0xf] << 2)
252 | (pc1_d_4[(t1 >> (1 + 8 + 8 )) & 0xf] << 1)
253 | (pc1_d_4[(t1 >> (1 + 8 + 8 + 8)) & 0xf] << 0);
254
255 for (i = 0; i < 16; i++) {
256 uint32_t kc, kd;
257
258 ROTATE_LEFT28(c, shifts[i]);
259 ROTATE_LEFT28(d, shifts[i]);
260
261 kc = pc2_c_1[(c >> 22) & 0x3f] |
262 pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] |
263 pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] |
264 pc2_c_4[((c >> 2 ) & 0x20) | ((c >> 1) & 0x18) | (c & 0x7)];
265 kd = pc2_d_1[(d >> 22) & 0x3f] |
266 pc2_d_2[((d >> 15) & 0x30) | ((d >> 14) & 0xf)] |
267 pc2_d_3[ (d >> 7 ) & 0x3f] |
268 pc2_d_4[((d >> 1 ) & 0x3c) | ((d ) & 0x3)];
269
270 /* Change to byte order used by the S boxes */
271 *k = (kc & 0x00fc0000L) << 6;
272 *k |= (kc & 0x00000fc0L) << 10;
273 *k |= (kd & 0x00fc0000L) >> 10;
274 *k++ |= (kd & 0x00000fc0L) >> 6;
275 *k = (kc & 0x0003f000L) << 12;
276 *k |= (kc & 0x0000003fL) << 16;
277 *k |= (kd & 0x0003f000L) >> 4;
278 *k++ |= (kd & 0x0000003fL);
279 }
280
281 return 0;
282 }
283
284 /**
285 * Just like DES_set_key_unchecked() except checking that the key is
286 * not weak for or have correct parity.
287 *
288 * @param key a key to initialize the key schedule with.
289 * @param ks a key schedule to initialize.
290 *
291 * @return 0 on success, -1 on invalid parity, -2 on weak key.
292 * @ingroup hcrypto_des
293 */
294
295 int
296 DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks)
297 {
298 if (!DES_check_key_parity(key)) {
299 memset(ks, 0, sizeof(*ks));
300 return -1;
301 }
302 if (DES_is_weak_key(key)) {
303 memset(ks, 0, sizeof(*ks));
304 return -2;
305 }
306 return DES_set_key_unchecked(key, ks);
307 }
308
309 /**
310 * Compatibility function for eay libdes, works just like
311 * DES_set_key_checked().
312 *
313 * @param key a key to initialize the key schedule with.
314 * @param ks a key schedule to initialize.
315 *
316 * @return 0 on success, -1 on invalid parity, -2 on weak key.
317 * @ingroup hcrypto_des
318 */
319
320 int
321 DES_key_sched(DES_cblock *key, DES_key_schedule *ks)
322 {
323 return DES_set_key_checked(key, ks);
324 }
325
326 /*
327 *
328 */
329
330 static void
331 load(const unsigned char *b, uint32_t v[2])
332 {
333 v[0] = b[0] << 24;
334 v[0] |= b[1] << 16;
335 v[0] |= b[2] << 8;
336 v[0] |= b[3] << 0;
337 v[1] = b[4] << 24;
338 v[1] |= b[5] << 16;
339 v[1] |= b[6] << 8;
340 v[1] |= b[7] << 0;
341 }
342
343 static void
344 store(const uint32_t v[2], unsigned char *b)
345 {
346 b[0] = (v[0] >> 24) & 0xff;
347 b[1] = (v[0] >> 16) & 0xff;
348 b[2] = (v[0] >> 8) & 0xff;
349 b[3] = (v[0] >> 0) & 0xff;
350 b[4] = (v[1] >> 24) & 0xff;
351 b[5] = (v[1] >> 16) & 0xff;
352 b[6] = (v[1] >> 8) & 0xff;
353 b[7] = (v[1] >> 0) & 0xff;
354 }
355
356 /**
357 * Encrypt/decrypt a block using DES. Also called ECB mode
358 *
359 * @param u data to encrypt
360 * @param ks key schedule to use
361 * @param encp if non zero, encrypt. if zero, decrypt.
362 *
363 * @ingroup hcrypto_des
364 */
365
366 void
367 DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int encp)
368 {
369 IP(u);
370 desx(u, ks, encp);
371 FP(u);
372 }
373
374 /**
375 * Encrypt/decrypt a block using DES.
376 *
377 * @param input data to encrypt
378 * @param output data to encrypt
379 * @param ks key schedule to use
380 * @param encp if non zero, encrypt. if zero, decrypt.
381 *
382 * @ingroup hcrypto_des
383 */
384
385 void
386 DES_ecb_encrypt(DES_cblock *input, DES_cblock *output,
387 DES_key_schedule *ks, int encp)
388 {
389 uint32_t u[2];
390 load(*input, u);
391 DES_encrypt(u, ks, encp);
392 store(u, *output);
393 }
394
395 /**
396 * Encrypt/decrypt a block using DES in Chain Block Cipher mode (cbc).
397 *
398 * The IV must always be diffrent for diffrent input data blocks.
399 *
400 * @param in data to encrypt
401 * @param out data to encrypt
402 * @param length length of data
403 * @param ks key schedule to use
404 * @param iv initial vector to use
405 * @param encp if non zero, encrypt. if zero, decrypt.
406 *
407 * @ingroup hcrypto_des
408 */
409
410 void
411 DES_cbc_encrypt(const void *in, void *out, long length,
412 DES_key_schedule *ks, DES_cblock *iv, int encp)
413 {
414 const unsigned char *input = in;
415 unsigned char *output = out;
416 uint32_t u[2];
417 uint32_t uiv[2];
418
419 load(*iv, uiv);
420
421 if (encp) {
422 while (length >= DES_CBLOCK_LEN) {
423 load(input, u);
424 u[0] ^= uiv[0]; u[1] ^= uiv[1];
425 DES_encrypt(u, ks, 1);
426 uiv[0] = u[0]; uiv[1] = u[1];
427 store(u, output);
428
429 length -= DES_CBLOCK_LEN;
430 input += DES_CBLOCK_LEN;
431 output += DES_CBLOCK_LEN;
432 }
433 if (length) {
434 unsigned char tmp[DES_CBLOCK_LEN];
435 memcpy(tmp, input, length);
436 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
437 load(tmp, u);
438 u[0] ^= uiv[0]; u[1] ^= uiv[1];
439 DES_encrypt(u, ks, 1);
440 store(u, output);
441 }
442 } else {
443 uint32_t t[2];
444 while (length >= DES_CBLOCK_LEN) {
445 load(input, u);
446 t[0] = u[0]; t[1] = u[1];
447 DES_encrypt(u, ks, 0);
448 u[0] ^= uiv[0]; u[1] ^= uiv[1];
449 store(u, output);
450 uiv[0] = t[0]; uiv[1] = t[1];
451
452 length -= DES_CBLOCK_LEN;
453 input += DES_CBLOCK_LEN;
454 output += DES_CBLOCK_LEN;
455 }
456 if (length) {
457 unsigned char tmp[DES_CBLOCK_LEN];
458 memcpy(tmp, input, length);
459 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
460 load(tmp, u);
461 DES_encrypt(u, ks, 0);
462 u[0] ^= uiv[0]; u[1] ^= uiv[1];
463 store(u, output);
464 }
465 }
466 uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
467 }
468
469 /**
470 * Encrypt/decrypt a block using DES in Propagating Cipher Block
471 * Chaining mode. This mode is only used for Kerberos 4, and it should
472 * stay that way.
473 *
474 * The IV must always be diffrent for diffrent input data blocks.
475 *
476 * @param in data to encrypt
477 * @param out data to encrypt
478 * @param length length of data
479 * @param ks key schedule to use
480 * @param iv initial vector to use
481 * @param encp if non zero, encrypt. if zero, decrypt.
482 *
483 * @ingroup hcrypto_des
484 */
485
486 void
487 DES_pcbc_encrypt(const void *in, void *out, long length,
488 DES_key_schedule *ks, DES_cblock *iv, int encp)
489 {
490 const unsigned char *input = in;
491 unsigned char *output = out;
492 uint32_t u[2];
493 uint32_t uiv[2];
494
495 load(*iv, uiv);
496
497 if (encp) {
498 uint32_t t[2];
499 while (length >= DES_CBLOCK_LEN) {
500 load(input, u);
501 t[0] = u[0]; t[1] = u[1];
502 u[0] ^= uiv[0]; u[1] ^= uiv[1];
503 DES_encrypt(u, ks, 1);
504 uiv[0] = u[0] ^ t[0]; uiv[1] = u[1] ^ t[1];
505 store(u, output);
506
507 length -= DES_CBLOCK_LEN;
508 input += DES_CBLOCK_LEN;
509 output += DES_CBLOCK_LEN;
510 }
511 if (length) {
512 unsigned char tmp[DES_CBLOCK_LEN];
513 memcpy(tmp, input, length);
514 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
515 load(tmp, u);
516 u[0] ^= uiv[0]; u[1] ^= uiv[1];
517 DES_encrypt(u, ks, 1);
518 store(u, output);
519 }
520 } else {
521 uint32_t t[2];
522 while (length >= DES_CBLOCK_LEN) {
523 load(input, u);
524 t[0] = u[0]; t[1] = u[1];
525 DES_encrypt(u, ks, 0);
526 u[0] ^= uiv[0]; u[1] ^= uiv[1];
527 store(u, output);
528 uiv[0] = t[0] ^ u[0]; uiv[1] = t[1] ^ u[1];
529
530 length -= DES_CBLOCK_LEN;
531 input += DES_CBLOCK_LEN;
532 output += DES_CBLOCK_LEN;
533 }
534 if (length) {
535 unsigned char tmp[DES_CBLOCK_LEN];
536 memcpy(tmp, input, length);
537 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
538 load(tmp, u);
539 DES_encrypt(u, ks, 0);
540 u[0] ^= uiv[0]; u[1] ^= uiv[1];
541 }
542 }
543 uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
544 }
545
546 /*
547 *
548 */
549
550 static void
551 _des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2,
552 DES_key_schedule *ks3, int encp)
553 {
554 IP(u);
555 if (encp) {
556 desx(u, ks1, 1); /* IP + FP cancel out each other */
557 desx(u, ks2, 0);
558 desx(u, ks3, 1);
559 } else {
560 desx(u, ks3, 0);
561 desx(u, ks2, 1);
562 desx(u, ks1, 0);
563 }
564 FP(u);
565 }
566
567 /**
568 * Encrypt/decrypt a block using triple DES using EDE mode,
569 * encrypt/decrypt/encrypt.
570 *
571 * @param input data to encrypt
572 * @param output data to encrypt
573 * @param ks1 key schedule to use
574 * @param ks2 key schedule to use
575 * @param ks3 key schedule to use
576 * @param encp if non zero, encrypt. if zero, decrypt.
577 *
578 * @ingroup hcrypto_des
579 */
580
581 void
582 DES_ecb3_encrypt(DES_cblock *input,
583 DES_cblock *output,
584 DES_key_schedule *ks1,
585 DES_key_schedule *ks2,
586 DES_key_schedule *ks3,
587 int encp)
588 {
589 uint32_t u[2];
590 load(*input, u);
591 _des3_encrypt(u, ks1, ks2, ks3, encp);
592 store(u, *output);
593 return;
594 }
595
596 /**
597 * Encrypt/decrypt using Triple DES in Chain Block Cipher mode (cbc).
598 *
599 * The IV must always be diffrent for diffrent input data blocks.
600 *
601 * @param in data to encrypt
602 * @param out data to encrypt
603 * @param length length of data
604 * @param ks1 key schedule to use
605 * @param ks2 key schedule to use
606 * @param ks3 key schedule to use
607 * @param iv initial vector to use
608 * @param encp if non zero, encrypt. if zero, decrypt.
609 *
610 * @ingroup hcrypto_des
611 */
612
613 void
614 DES_ede3_cbc_encrypt(const void *in, void *out,
615 long length, DES_key_schedule *ks1,
616 DES_key_schedule *ks2, DES_key_schedule *ks3,
617 DES_cblock *iv, int encp)
618 {
619 const unsigned char *input = in;
620 unsigned char *output = out;
621 uint32_t u[2];
622 uint32_t uiv[2];
623
624 load(*iv, uiv);
625
626 if (encp) {
627 while (length >= DES_CBLOCK_LEN) {
628 load(input, u);
629 u[0] ^= uiv[0]; u[1] ^= uiv[1];
630 _des3_encrypt(u, ks1, ks2, ks3, 1);
631 uiv[0] = u[0]; uiv[1] = u[1];
632 store(u, output);
633
634 length -= DES_CBLOCK_LEN;
635 input += DES_CBLOCK_LEN;
636 output += DES_CBLOCK_LEN;
637 }
638 if (length) {
639 unsigned char tmp[DES_CBLOCK_LEN];
640 memcpy(tmp, input, length);
641 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
642 load(tmp, u);
643 u[0] ^= uiv[0]; u[1] ^= uiv[1];
644 _des3_encrypt(u, ks1, ks2, ks3, 1);
645 store(u, output);
646 }
647 } else {
648 uint32_t t[2];
649 while (length >= DES_CBLOCK_LEN) {
650 load(input, u);
651 t[0] = u[0]; t[1] = u[1];
652 _des3_encrypt(u, ks1, ks2, ks3, 0);
653 u[0] ^= uiv[0]; u[1] ^= uiv[1];
654 store(u, output);
655 uiv[0] = t[0]; uiv[1] = t[1];
656
657 length -= DES_CBLOCK_LEN;
658 input += DES_CBLOCK_LEN;
659 output += DES_CBLOCK_LEN;
660 }
661 if (length) {
662 unsigned char tmp[DES_CBLOCK_LEN];
663 memcpy(tmp, input, length);
664 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
665 load(tmp, u);
666 _des3_encrypt(u, ks1, ks2, ks3, 0);
667 u[0] ^= uiv[0]; u[1] ^= uiv[1];
668 store(u, output);
669 }
670 }
671 store(uiv, *iv);
672 uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0;
673 }
674
675 /**
676 * Encrypt/decrypt using DES in cipher feedback mode with 64 bit
677 * feedback.
678 *
679 * The IV must always be diffrent for diffrent input data blocks.
680 *
681 * @param in data to encrypt
682 * @param out data to encrypt
683 * @param length length of data
684 * @param ks key schedule to use
685 * @param iv initial vector to use
686 * @param num offset into in cipher block encryption/decryption stop last time.
687 * @param encp if non zero, encrypt. if zero, decrypt.
688 *
689 * @ingroup hcrypto_des
690 */
691
692 void
693 DES_cfb64_encrypt(const void *in, void *out,
694 long length, DES_key_schedule *ks, DES_cblock *iv,
695 int *num, int encp)
696 {
697 const unsigned char *input = in;
698 unsigned char *output = out;
699 unsigned char tmp[DES_CBLOCK_LEN];
700 uint32_t uiv[2];
701
702 load(*iv, uiv);
703
704 assert(*num >= 0 && *num < DES_CBLOCK_LEN);
705
706 if (encp) {
707 int i = *num;
708
709 while (length > 0) {
710 if (i == 0)
711 DES_encrypt(uiv, ks, 1);
712 store(uiv, tmp);
713 for (; i < DES_CBLOCK_LEN && i < length; i++) {
714 output[i] = tmp[i] ^ input[i];
715 }
716 if (i == DES_CBLOCK_LEN)
717 load(output, uiv);
718 output += i;
719 input += i;
720 length -= i;
721 if (i == DES_CBLOCK_LEN)
722 i = 0;
723 }
724 store(uiv, *iv);
725 *num = i;
726 } else {
727 int i = *num;
728 unsigned char c;
729
730 while (length > 0) {
731 if (i == 0) {
732 DES_encrypt(uiv, ks, 1);
733 store(uiv, tmp);
734 }
735 for (; i < DES_CBLOCK_LEN && i < length; i++) {
736 c = input[i];
737 output[i] = tmp[i] ^ input[i];
738 (*iv)[i] = c;
739 }
740 output += i;
741 input += i;
742 length -= i;
743 if (i == DES_CBLOCK_LEN) {
744 i = 0;
745 load(*iv, uiv);
746 }
747 }
748 store(uiv, *iv);
749 *num = i;
750 }
751 }
752
753 /**
754 * Crete a checksum using DES in CBC encryption mode. This mode is
755 * only used for Kerberos 4, and it should stay that way.
756 *
757 * The IV must always be diffrent for diffrent input data blocks.
758 *
759 * @param in data to checksum
760 * @param output the checksum
761 * @param length length of data
762 * @param ks key schedule to use
763 * @param iv initial vector to use
764 *
765 * @ingroup hcrypto_des
766 */
767
768 uint32_t
769 DES_cbc_cksum(const void *in, DES_cblock *output,
770 long length, DES_key_schedule *ks, DES_cblock *iv)
771 {
772 const unsigned char *input = in;
773 uint32_t uiv[2];
774 uint32_t u[2] = { 0, 0 };
775
776 load(*iv, uiv);
777
778 while (length >= DES_CBLOCK_LEN) {
779 load(input, u);
780 u[0] ^= uiv[0]; u[1] ^= uiv[1];
781 DES_encrypt(u, ks, 1);
782 uiv[0] = u[0]; uiv[1] = u[1];
783
784 length -= DES_CBLOCK_LEN;
785 input += DES_CBLOCK_LEN;
786 }
787 if (length) {
788 unsigned char tmp[DES_CBLOCK_LEN];
789 memcpy(tmp, input, length);
790 memset(tmp + length, 0, DES_CBLOCK_LEN - length);
791 load(tmp, u);
792 u[0] ^= uiv[0]; u[1] ^= uiv[1];
793 DES_encrypt(u, ks, 1);
794 }
795 if (output)
796 store(u, *output);
797
798 uiv[0] = 0; u[0] = 0; uiv[1] = 0;
799 return u[1];
800 }
801
802 /*
803 *
804 */
805
806 static unsigned char
807 bitswap8(unsigned char b)
808 {
809 unsigned char r = 0;
810 int i;
811 for (i = 0; i < 8; i++) {
812 r = r << 1 | (b & 1);
813 b = b >> 1;
814 }
815 return r;
816 }
817
818 /**
819 * Convert a string to a DES key. Use something like
820 * PKCS5_PBKDF2_HMAC_SHA1() to create key from passwords.
821 *
822 * @param str The string to convert to a key
823 * @param key the resulting key
824 *
825 * @ingroup hcrypto_des
826 */
827
828 void
829 DES_string_to_key(const char *str, DES_cblock *key)
830 {
831 const unsigned char *s;
832 unsigned char *k;
833 DES_key_schedule ks;
834 size_t i, len;
835
836 memset(key, 0, sizeof(*key));
837 k = *key;
838 s = (const unsigned char *)str;
839
840 len = strlen(str);
841 for (i = 0; i < len; i++) {
842 if ((i % 16) < 8)
843 k[i % 8] ^= s[i] << 1;
844 else
845 k[7 - (i % 8)] ^= bitswap8(s[i]);
846 }
847 DES_set_odd_parity(key);
848 if (DES_is_weak_key(key))
849 k[7] ^= 0xF0;
850 DES_set_key(key, &ks);
851 DES_cbc_cksum(s, key, len, &ks, key);
852 memset(&ks, 0, sizeof(ks));
853 DES_set_odd_parity(key);
854 if (DES_is_weak_key(key))
855 k[7] ^= 0xF0;
856 }
857
858 /**
859 * Read password from prompt and create a DES key. Internal uses
860 * DES_string_to_key(). Really, go use a really string2key function
861 * like PKCS5_PBKDF2_HMAC_SHA1().
862 *
863 * @param key key to convert to
864 * @param prompt prompt to display user
865 * @param verify prompt twice.
866 *
867 * @return 1 on success, non 1 on failure.
868 */
869
870 int
871 DES_read_password(DES_cblock *key, char *prompt, int verify)
872 {
873 char buf[512];
874 int ret;
875
876 ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify);
877 if (ret == 1)
878 DES_string_to_key(buf, key);
879 return ret;
880 }
881
882 /*
883 *
884 */
885
886
887 void
888 _DES_ipfp_test(void)
889 {
890 DES_cblock k = "\x01\x02\x04\x08\x10\x20\x40\x80", k2;
891 uint32_t u[2] = { 1, 0 };
892 IP(u);
893 FP(u);
894 IP(u);
895 FP(u);
896 if (u[0] != 1 || u[1] != 0)
897 abort();
898
899 load(k, u);
900 store(u, k2);
901 if (memcmp(k, k2, 8) != 0)
902 abort();
903 }
904
905 /* D3DES (V5.09) -
906 *
907 * A portable, public domain, version of the Data Encryption Standard.
908 *
909 * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
910 * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
911 * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
912 * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
913 * for humouring me on.
914 *
915 * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
916 * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
917 */
918
919 static uint32_t SP1[64] = {
920 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
921 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
922 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
923 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
924 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
925 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
926 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
927 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
928 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
929 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
930 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
931 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
932 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
933 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
934 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
935 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L };
936
937 static uint32_t SP2[64] = {
938 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
939 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
940 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
941 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
942 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
943 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
944 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
945 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
946 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
947 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
948 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
949 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
950 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
951 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
952 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
953 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L };
954
955 static uint32_t SP3[64] = {
956 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
957 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
958 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
959 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
960 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
961 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
962 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
963 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
964 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
965 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
966 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
967 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
968 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
969 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
970 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
971 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L };
972
973 static uint32_t SP4[64] = {
974 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
975 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
976 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
977 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
978 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
979 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
980 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
981 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
982 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
983 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
984 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
985 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
986 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
987 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
988 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
989 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L };
990
991 static uint32_t SP5[64] = {
992 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
993 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
994 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
995 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
996 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
997 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
998 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
999 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
1000 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
1001 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
1002 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
1003 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
1004 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
1005 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
1006 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
1007 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L };
1008
1009 static uint32_t SP6[64] = {
1010 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
1011 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
1012 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
1013 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
1014 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
1015 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
1016 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
1017 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
1018 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
1019 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
1020 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
1021 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
1022 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
1023 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
1024 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
1025 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L };
1026
1027 static uint32_t SP7[64] = {
1028 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
1029 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
1030 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
1031 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
1032 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
1033 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
1034 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
1035 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
1036 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
1037 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
1038 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
1039 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
1040 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
1041 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
1042 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
1043 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L };
1044
1045 static uint32_t SP8[64] = {
1046 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
1047 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
1048 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
1049 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
1050 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
1051 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
1052 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
1053 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
1054 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
1055 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
1056 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
1057 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
1058 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
1059 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
1060 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
1061 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L };
1062
1063 static void
1064 IP(uint32_t v[2])
1065 {
1066 uint32_t work;
1067
1068 work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL;
1069 v[1] ^= work;
1070 v[0] ^= (work << 4);
1071 work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL;
1072 v[1] ^= work;
1073 v[0] ^= (work << 16);
1074 work = ((v[1] >> 2) ^ v[0]) & 0x33333333L;
1075 v[0] ^= work;
1076 v[1] ^= (work << 2);
1077 work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL;
1078 v[0] ^= work;
1079 v[1] ^= (work << 8);
1080 v[1] = ((v[1] << 1) | ((v[1] >> 31) & 1L)) & 0xffffffffL;
1081 work = (v[0] ^ v[1]) & 0xaaaaaaaaL;
1082 v[0] ^= work;
1083 v[1] ^= work;
1084 v[0] = ((v[0] << 1) | ((v[0] >> 31) & 1L)) & 0xffffffffL;
1085 }
1086
1087 static void
1088 FP(uint32_t v[2])
1089 {
1090 uint32_t work;
1091
1092 v[0] = (v[0] << 31) | (v[0] >> 1);
1093 work = (v[1] ^ v[0]) & 0xaaaaaaaaL;
1094 v[1] ^= work;
1095 v[0] ^= work;
1096 v[1] = (v[1] << 31) | (v[1] >> 1);
1097 work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL;
1098 v[0] ^= work;
1099 v[1] ^= (work << 8);
1100 work = ((v[1] >> 2) ^ v[0]) & 0x33333333L;
1101 v[0] ^= work;
1102 v[1] ^= (work << 2);
1103 work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL;
1104 v[1] ^= work;
1105 v[0] ^= (work << 16);
1106 work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL;
1107 v[1] ^= work;
1108 v[0] ^= (work << 4);
1109 }
1110
1111 static void
1112 desx(uint32_t block[2], DES_key_schedule *ks, int encp)
1113 {
1114 uint32_t *keys;
1115 uint32_t fval, work, right, left;
1116 int round;
1117
1118 left = block[0];
1119 right = block[1];
1120
1121 if (encp) {
1122 keys = &ks->ks[0];
1123
1124 for( round = 0; round < 8; round++ ) {
1125 work = (right << 28) | (right >> 4);
1126 work ^= *keys++;
1127 fval = SP7[ work & 0x3fL];
1128 fval |= SP5[(work >> 8) & 0x3fL];
1129 fval |= SP3[(work >> 16) & 0x3fL];
1130 fval |= SP1[(work >> 24) & 0x3fL];
1131 work = right ^ *keys++;
1132 fval |= SP8[ work & 0x3fL];
1133 fval |= SP6[(work >> 8) & 0x3fL];
1134 fval |= SP4[(work >> 16) & 0x3fL];
1135 fval |= SP2[(work >> 24) & 0x3fL];
1136 left ^= fval;
1137 work = (left << 28) | (left >> 4);
1138 work ^= *keys++;
1139 fval = SP7[ work & 0x3fL];
1140 fval |= SP5[(work >> 8) & 0x3fL];
1141 fval |= SP3[(work >> 16) & 0x3fL];
1142 fval |= SP1[(work >> 24) & 0x3fL];
1143 work = left ^ *keys++;
1144 fval |= SP8[ work & 0x3fL];
1145 fval |= SP6[(work >> 8) & 0x3fL];
1146 fval |= SP4[(work >> 16) & 0x3fL];
1147 fval |= SP2[(work >> 24) & 0x3fL];
1148 right ^= fval;
1149 }
1150 } else {
1151 keys = &ks->ks[30];
1152
1153 for( round = 0; round < 8; round++ ) {
1154 work = (right << 28) | (right >> 4);
1155 work ^= *keys++;
1156 fval = SP7[ work & 0x3fL];
1157 fval |= SP5[(work >> 8) & 0x3fL];
1158 fval |= SP3[(work >> 16) & 0x3fL];
1159 fval |= SP1[(work >> 24) & 0x3fL];
1160 work = right ^ *keys++;
1161 fval |= SP8[ work & 0x3fL];
1162 fval |= SP6[(work >> 8) & 0x3fL];
1163 fval |= SP4[(work >> 16) & 0x3fL];
1164 fval |= SP2[(work >> 24) & 0x3fL];
1165 left ^= fval;
1166 work = (left << 28) | (left >> 4);
1167 keys -= 4;
1168 work ^= *keys++;
1169 fval = SP7[ work & 0x3fL];
1170 fval |= SP5[(work >> 8) & 0x3fL];
1171 fval |= SP3[(work >> 16) & 0x3fL];
1172 fval |= SP1[(work >> 24) & 0x3fL];
1173 work = left ^ *keys++;
1174 fval |= SP8[ work & 0x3fL];
1175 fval |= SP6[(work >> 8) & 0x3fL];
1176 fval |= SP4[(work >> 16) & 0x3fL];
1177 fval |= SP2[(work >> 24) & 0x3fL];
1178 right ^= fval;
1179 keys -= 4;
1180 }
1181 }
1182 block[0] = right;
1183 block[1] = left;
1184 }
openafs packaging