xref: /illumos-gate/usr/src/common/crypto/des/des_impl.c (revision 5528cade4e43d027d848fdca33cccc9faa97823b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/types.h>
27 #include <sys/systm.h>
28 #include <sys/ddi.h>
29 #include <sys/sysmacros.h>
30 #include <sys/strsun.h>
31 #include <sys/crypto/spi.h>
32 #include <modes/modes.h>
33 #include <sys/crypto/common.h>
34 #include "des_impl.h"
35 #ifndef	_KERNEL
36 #include <strings.h>
37 #include <stdlib.h>
38 #endif	/* !_KERNEL */
39 
40 #if defined(__i386) || defined(__amd64)
41 #include <sys/byteorder.h>
42 #define	UNALIGNED_POINTERS_PERMITTED
43 #endif
44 
45 typedef struct keysched_s {
46 	uint64_t ksch_encrypt[16];
47 	uint64_t ksch_decrypt[16];
48 } keysched_t;
49 
50 typedef struct keysched3_s {
51 	uint64_t ksch_encrypt[48];
52 	uint64_t ksch_decrypt[48];
53 } keysched3_t;
54 
55 static void fix_des_parity(uint64_t *);
56 
57 #ifndef sun4u
58 
59 static const uint64_t sbox_table[8][64]=
60 {
61 /* BEGIN CSTYLED */
62 {
63 0x0000140140020000ULL, 0x0000000000000000ULL, 0x0000000140000000ULL, 0x0000140140020020ULL,
64 0x0000140140000020ULL, 0x0000000140020020ULL, 0x0000000000000020ULL, 0x0000000140000000ULL,
65 0x0000000000020000ULL, 0x0000140140020000ULL, 0x0000140140020020ULL, 0x0000000000020000ULL,
66 0x0000140000020020ULL, 0x0000140140000020ULL, 0x0000140000000000ULL, 0x0000000000000020ULL,
67 0x0000000000020020ULL, 0x0000140000020000ULL, 0x0000140000020000ULL, 0x0000000140020000ULL,
68 0x0000000140020000ULL, 0x0000140140000000ULL, 0x0000140140000000ULL, 0x0000140000020020ULL,
69 0x0000000140000020ULL, 0x0000140000000020ULL, 0x0000140000000020ULL, 0x0000000140000020ULL,
70 0x0000000000000000ULL, 0x0000000000020020ULL, 0x0000000140020020ULL, 0x0000140000000000ULL,
71 0x0000000140000000ULL, 0x0000140140020020ULL, 0x0000000000000020ULL, 0x0000140140000000ULL,
72 0x0000140140020000ULL, 0x0000140000000000ULL, 0x0000140000000000ULL, 0x0000000000020000ULL,
73 0x0000140140000020ULL, 0x0000000140000000ULL, 0x0000000140020000ULL, 0x0000140000000020ULL,
74 0x0000000000020000ULL, 0x0000000000000020ULL, 0x0000140000020020ULL, 0x0000000140020020ULL,
75 0x0000140140020020ULL, 0x0000000140000020ULL, 0x0000140140000000ULL, 0x0000140000020020ULL,
76 0x0000140000000020ULL, 0x0000000000020020ULL, 0x0000000140020020ULL, 0x0000140140020000ULL,
77 0x0000000000020020ULL, 0x0000140000020000ULL, 0x0000140000020000ULL, 0x0000000000000000ULL,
78 0x0000000140000020ULL, 0x0000000140020000ULL, 0x0000000000000000ULL, 0x0000140140000020ULL
79 },
80 {
81 0x2000005020000500ULL, 0x2000000020000000ULL, 0x0000000020000000ULL, 0x0000005020000500ULL,
82 0x0000005000000000ULL, 0x0000000000000500ULL, 0x2000005000000500ULL, 0x2000000020000500ULL,
83 0x2000000000000500ULL, 0x2000005020000500ULL, 0x2000005020000000ULL, 0x2000000000000000ULL,
84 0x2000000020000000ULL, 0x0000005000000000ULL, 0x0000000000000500ULL, 0x2000005000000500ULL,
85 0x0000005020000000ULL, 0x0000005000000500ULL, 0x2000000020000500ULL, 0x0000000000000000ULL,
86 0x2000000000000000ULL, 0x0000000020000000ULL, 0x0000005020000500ULL, 0x2000005000000000ULL,
87 0x0000005000000500ULL, 0x2000000000000500ULL, 0x0000000000000000ULL, 0x0000005020000000ULL,
88 0x0000000020000500ULL, 0x2000005020000000ULL, 0x2000005000000000ULL, 0x0000000020000500ULL,
89 0x0000000000000000ULL, 0x0000005020000500ULL, 0x2000005000000500ULL, 0x0000005000000000ULL,
90 0x2000000020000500ULL, 0x2000005000000000ULL, 0x2000005020000000ULL, 0x0000000020000000ULL,
91 0x2000005000000000ULL, 0x2000000020000000ULL, 0x0000000000000500ULL, 0x2000005020000500ULL,
92 0x0000005020000500ULL, 0x0000000000000500ULL, 0x0000000020000000ULL, 0x2000000000000000ULL,
93 0x0000000020000500ULL, 0x2000005020000000ULL, 0x0000005000000000ULL, 0x2000000000000500ULL,
94 0x0000005000000500ULL, 0x2000000020000500ULL, 0x2000000000000500ULL, 0x0000005000000500ULL,
95 0x0000005020000000ULL, 0x0000000000000000ULL, 0x2000000020000000ULL, 0x0000000020000500ULL,
96 0x2000000000000000ULL, 0x2000005000000500ULL, 0x2000005020000500ULL, 0x0000005020000000ULL
97 },
98 {
99 0x0000000000014040ULL, 0x0000800280014000ULL, 0x0000000000000000ULL, 0x0000800280000040ULL,
100 0x0000800000014000ULL, 0x0000000000000000ULL, 0x0000000280014040ULL, 0x0000800000014000ULL,
101 0x0000000280000040ULL, 0x0000800000000040ULL, 0x0000800000000040ULL, 0x0000000280000000ULL,
102 0x0000800280014040ULL, 0x0000000280000040ULL, 0x0000800280000000ULL, 0x0000000000014040ULL,
103 0x0000800000000000ULL, 0x0000000000000040ULL, 0x0000800280014000ULL, 0x0000000000014000ULL,
104 0x0000000280014000ULL, 0x0000800280000000ULL, 0x0000800280000040ULL, 0x0000000280014040ULL,
105 0x0000800000014040ULL, 0x0000000280014000ULL, 0x0000000280000000ULL, 0x0000800000014040ULL,
106 0x0000000000000040ULL, 0x0000800280014040ULL, 0x0000000000014000ULL, 0x0000800000000000ULL,
107 0x0000800280014000ULL, 0x0000800000000000ULL, 0x0000000280000040ULL, 0x0000000000014040ULL,
108 0x0000000280000000ULL, 0x0000800280014000ULL, 0x0000800000014000ULL, 0x0000000000000000ULL,
109 0x0000000000014000ULL, 0x0000000280000040ULL, 0x0000800280014040ULL, 0x0000800000014000ULL,
110 0x0000800000000040ULL, 0x0000000000014000ULL, 0x0000000000000000ULL, 0x0000800280000040ULL,
111 0x0000800000014040ULL, 0x0000000280000000ULL, 0x0000800000000000ULL, 0x0000800280014040ULL,
112 0x0000000000000040ULL, 0x0000000280014040ULL, 0x0000000280014000ULL, 0x0000800000000040ULL,
113 0x0000800280000000ULL, 0x0000800000014040ULL, 0x0000000000014040ULL, 0x0000800280000000ULL,
114 0x0000000280014040ULL, 0x0000000000000040ULL, 0x0000800280000040ULL, 0x0000000280014000ULL
115 },
116 {
117 0x4000020008100008ULL, 0x4000000008101008ULL, 0x4000000008101008ULL, 0x0000000000001000ULL,
118 0x0000020008101000ULL, 0x4000020000001008ULL, 0x4000020000000008ULL, 0x4000000008100008ULL,
119 0x0000000000000000ULL, 0x0000020008100000ULL, 0x0000020008100000ULL, 0x4000020008101008ULL,
120 0x4000000000001008ULL, 0x0000000000000000ULL, 0x0000020000001000ULL, 0x4000020000000008ULL,
121 0x4000000000000008ULL, 0x0000000008100000ULL, 0x0000020000000000ULL, 0x4000020008100008ULL,
122 0x0000000000001000ULL, 0x0000020000000000ULL, 0x4000000008100008ULL, 0x0000000008101000ULL,
123 0x4000020000001008ULL, 0x4000000000000008ULL, 0x0000000008101000ULL, 0x0000020000001000ULL,
124 0x0000000008100000ULL, 0x0000020008101000ULL, 0x4000020008101008ULL, 0x4000000000001008ULL,
125 0x0000020000001000ULL, 0x4000020000000008ULL, 0x0000020008100000ULL, 0x4000020008101008ULL,
126 0x4000000000001008ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000020008100000ULL,
127 0x0000000008101000ULL, 0x0000020000001000ULL, 0x4000020000001008ULL, 0x4000000000000008ULL,
128 0x4000020008100008ULL, 0x4000000008101008ULL, 0x4000000008101008ULL, 0x0000000000001000ULL,
129 0x4000020008101008ULL, 0x4000000000001008ULL, 0x4000000000000008ULL, 0x0000000008100000ULL,
130 0x4000020000000008ULL, 0x4000000008100008ULL, 0x0000020008101000ULL, 0x4000020000001008ULL,
131 0x4000000008100008ULL, 0x0000000008101000ULL, 0x0000020000000000ULL, 0x4000020008100008ULL,
132 0x0000000000001000ULL, 0x0000020000000000ULL, 0x0000000008100000ULL, 0x0000020008101000ULL
133 },
134 {
135 0x000000000000a000ULL, 0x000028080000a000ULL, 0x0000280800000000ULL, 0x100028000000a000ULL,
136 0x0000000800000000ULL, 0x000000000000a000ULL, 0x1000000000000000ULL, 0x0000280800000000ULL,
137 0x100000080000a000ULL, 0x0000000800000000ULL, 0x000028000000a000ULL, 0x100000080000a000ULL,
138 0x100028000000a000ULL, 0x1000280800000000ULL, 0x000000080000a000ULL, 0x1000000000000000ULL,
139 0x0000280000000000ULL, 0x1000000800000000ULL, 0x1000000800000000ULL, 0x0000000000000000ULL,
140 0x100000000000a000ULL, 0x100028080000a000ULL, 0x100028080000a000ULL, 0x000028000000a000ULL,
141 0x1000280800000000ULL, 0x100000000000a000ULL, 0x0000000000000000ULL, 0x1000280000000000ULL,
142 0x000028080000a000ULL, 0x0000280000000000ULL, 0x1000280000000000ULL, 0x000000080000a000ULL,
143 0x0000000800000000ULL, 0x100028000000a000ULL, 0x000000000000a000ULL, 0x0000280000000000ULL,
144 0x1000000000000000ULL, 0x0000280800000000ULL, 0x100028000000a000ULL, 0x100000080000a000ULL,
145 0x000028000000a000ULL, 0x1000000000000000ULL, 0x1000280800000000ULL, 0x000028080000a000ULL,
146 0x100000080000a000ULL, 0x000000000000a000ULL, 0x0000280000000000ULL, 0x1000280800000000ULL,
147 0x100028080000a000ULL, 0x000000080000a000ULL, 0x1000280000000000ULL, 0x100028080000a000ULL,
148 0x0000280800000000ULL, 0x0000000000000000ULL, 0x1000000800000000ULL, 0x1000280000000000ULL,
149 0x000000080000a000ULL, 0x000028000000a000ULL, 0x100000000000a000ULL, 0x0000000800000000ULL,
150 0x0000000000000000ULL, 0x1000000800000000ULL, 0x000028080000a000ULL, 0x100000000000a000ULL
151 },
152 {
153 0x0802000000000280ULL, 0x0802010000000000ULL, 0x0000000010000000ULL, 0x0802010010000280ULL,
154 0x0802010000000000ULL, 0x0000000000000280ULL, 0x0802010010000280ULL, 0x0000010000000000ULL,
155 0x0802000010000000ULL, 0x0000010010000280ULL, 0x0000010000000000ULL, 0x0802000000000280ULL,
156 0x0000010000000280ULL, 0x0802000010000000ULL, 0x0802000000000000ULL, 0x0000000010000280ULL,
157 0x0000000000000000ULL, 0x0000010000000280ULL, 0x0802000010000280ULL, 0x0000000010000000ULL,
158 0x0000010010000000ULL, 0x0802000010000280ULL, 0x0000000000000280ULL, 0x0802010000000280ULL,
159 0x0802010000000280ULL, 0x0000000000000000ULL, 0x0000010010000280ULL, 0x0802010010000000ULL,
160 0x0000000010000280ULL, 0x0000010010000000ULL, 0x0802010010000000ULL, 0x0802000000000000ULL,
161 0x0802000010000000ULL, 0x0000000000000280ULL, 0x0802010000000280ULL, 0x0000010010000000ULL,
162 0x0802010010000280ULL, 0x0000010000000000ULL, 0x0000000010000280ULL, 0x0802000000000280ULL,
163 0x0000010000000000ULL, 0x0802000010000000ULL, 0x0802000000000000ULL, 0x0000000010000280ULL,
164 0x0802000000000280ULL, 0x0802010010000280ULL, 0x0000010010000000ULL, 0x0802010000000000ULL,
165 0x0000010010000280ULL, 0x0802010010000000ULL, 0x0000000000000000ULL, 0x0802010000000280ULL,
166 0x0000000000000280ULL, 0x0000000010000000ULL, 0x0802010000000000ULL, 0x0000010010000280ULL,
167 0x0000000010000000ULL, 0x0000010000000280ULL, 0x0802000010000280ULL, 0x0000000000000000ULL,
168 0x0802010010000000ULL, 0x0802000000000000ULL, 0x0000010000000280ULL, 0x0802000010000280ULL
169 },
170 {
171 0x000000a000000000ULL, 0x800040a000000010ULL, 0x8000400000040010ULL, 0x0000000000000000ULL,
172 0x0000000000040000ULL, 0x8000400000040010ULL, 0x800000a000040010ULL, 0x000040a000040000ULL,
173 0x800040a000040010ULL, 0x000000a000000000ULL, 0x0000000000000000ULL, 0x8000400000000010ULL,
174 0x8000000000000010ULL, 0x0000400000000000ULL, 0x800040a000000010ULL, 0x8000000000040010ULL,
175 0x0000400000040000ULL, 0x800000a000040010ULL, 0x800000a000000010ULL, 0x0000400000040000ULL,
176 0x8000400000000010ULL, 0x000040a000000000ULL, 0x000040a000040000ULL, 0x800000a000000010ULL,
177 0x000040a000000000ULL, 0x0000000000040000ULL, 0x8000000000040010ULL, 0x800040a000040010ULL,
178 0x000000a000040000ULL, 0x8000000000000010ULL, 0x0000400000000000ULL, 0x000000a000040000ULL,
179 0x0000400000000000ULL, 0x000000a000040000ULL, 0x000000a000000000ULL, 0x8000400000040010ULL,
180 0x8000400000040010ULL, 0x800040a000000010ULL, 0x800040a000000010ULL, 0x8000000000000010ULL,
181 0x800000a000000010ULL, 0x0000400000000000ULL, 0x0000400000040000ULL, 0x000000a000000000ULL,
182 0x000040a000040000ULL, 0x8000000000040010ULL, 0x800000a000040010ULL, 0x000040a000040000ULL,
183 0x8000000000040010ULL, 0x8000400000000010ULL, 0x800040a000040010ULL, 0x000040a000000000ULL,
184 0x000000a000040000ULL, 0x0000000000000000ULL, 0x8000000000000010ULL, 0x800040a000040010ULL,
185 0x0000000000000000ULL, 0x800000a000040010ULL, 0x000040a000000000ULL, 0x0000000000040000ULL,
186 0x8000400000000010ULL, 0x0000400000040000ULL, 0x0000000000040000ULL, 0x800000a000000010ULL
187 },
188 {
189 0x0401000004080800ULL, 0x0000000004080000ULL, 0x0000000400000000ULL, 0x0401000404080800ULL,
190 0x0401000000000000ULL, 0x0401000004080800ULL, 0x0000000000000800ULL, 0x0401000000000000ULL,
191 0x0000000400000800ULL, 0x0401000400000000ULL, 0x0401000404080800ULL, 0x0000000404080000ULL,
192 0x0401000404080000ULL, 0x0000000404080800ULL, 0x0000000004080000ULL, 0x0000000000000800ULL,
193 0x0401000400000000ULL, 0x0401000000000800ULL, 0x0401000004080000ULL, 0x0000000004080800ULL,
194 0x0000000404080000ULL, 0x0000000400000800ULL, 0x0401000400000800ULL, 0x0401000404080000ULL,
195 0x0000000004080800ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0401000400000800ULL,
196 0x0401000000000800ULL, 0x0401000004080000ULL, 0x0000000404080800ULL, 0x0000000400000000ULL,
197 0x0000000404080800ULL, 0x0000000400000000ULL, 0x0401000404080000ULL, 0x0000000004080000ULL,
198 0x0000000000000800ULL, 0x0401000400000800ULL, 0x0000000004080000ULL, 0x0000000404080800ULL,
199 0x0401000004080000ULL, 0x0000000000000800ULL, 0x0401000000000800ULL, 0x0401000400000000ULL,
200 0x0401000400000800ULL, 0x0401000000000000ULL, 0x0000000400000000ULL, 0x0401000004080800ULL,
201 0x0000000000000000ULL, 0x0401000404080800ULL, 0x0000000400000800ULL, 0x0401000000000800ULL,
202 0x0401000400000000ULL, 0x0401000004080000ULL, 0x0401000004080800ULL, 0x0000000000000000ULL,
203 0x0401000404080800ULL, 0x0000000404080000ULL, 0x0000000404080000ULL, 0x0000000004080800ULL,
204 0x0000000004080800ULL, 0x0000000400000800ULL, 0x0401000000000000ULL, 0x0401000404080000ULL
205 }
206 /* END CSTYLED */
207 };
208 
209 
210 static const uint64_t ip_table[2][256]=
211 {
212 /* BEGIN CSTYLED */
213 {
214 0x0000000000000000ULL, 0x0000000000000400ULL, 0x0080000000000280ULL, 0x0080000000000680ULL,
215 0x0000000000400000ULL, 0x0000000000400400ULL, 0x0080000000400280ULL, 0x0080000000400680ULL,
216 0x0000000000280000ULL, 0x0000000000280400ULL, 0x0080000000280280ULL, 0x0080000000280680ULL,
217 0x0000000000680000ULL, 0x0000000000680400ULL, 0x0080000000680280ULL, 0x0080000000680680ULL,
218 0x0000000400000000ULL, 0x0000000400000400ULL, 0x0080000400000280ULL, 0x0080000400000680ULL,
219 0x0000000400400000ULL, 0x0000000400400400ULL, 0x0080000400400280ULL, 0x0080000400400680ULL,
220 0x0000000400280000ULL, 0x0000000400280400ULL, 0x0080000400280280ULL, 0x0080000400280680ULL,
221 0x0000000400680000ULL, 0x0000000400680400ULL, 0x0080000400680280ULL, 0x0080000400680680ULL,
222 0x0000000280000000ULL, 0x0000000280000400ULL, 0x0080000280000280ULL, 0x0080000280000680ULL,
223 0x0000000280400000ULL, 0x0000000280400400ULL, 0x0080000280400280ULL, 0x0080000280400680ULL,
224 0x0000000280280000ULL, 0x0000000280280400ULL, 0x0080000280280280ULL, 0x0080000280280680ULL,
225 0x0000000280680000ULL, 0x0000000280680400ULL, 0x0080000280680280ULL, 0x0080000280680680ULL,
226 0x0000000680000000ULL, 0x0000000680000400ULL, 0x0080000680000280ULL, 0x0080000680000680ULL,
227 0x0000000680400000ULL, 0x0000000680400400ULL, 0x0080000680400280ULL, 0x0080000680400680ULL,
228 0x0000000680280000ULL, 0x0000000680280400ULL, 0x0080000680280280ULL, 0x0080000680280680ULL,
229 0x0000000680680000ULL, 0x0000000680680400ULL, 0x0080000680680280ULL, 0x0080000680680680ULL,
230 0x0000400000000000ULL, 0x0000400000000400ULL, 0x0080400000000280ULL, 0x0080400000000680ULL,
231 0x0000400000400000ULL, 0x0000400000400400ULL, 0x0080400000400280ULL, 0x0080400000400680ULL,
232 0x0000400000280000ULL, 0x0000400000280400ULL, 0x0080400000280280ULL, 0x0080400000280680ULL,
233 0x0000400000680000ULL, 0x0000400000680400ULL, 0x0080400000680280ULL, 0x0080400000680680ULL,
234 0x0000400400000000ULL, 0x0000400400000400ULL, 0x0080400400000280ULL, 0x0080400400000680ULL,
235 0x0000400400400000ULL, 0x0000400400400400ULL, 0x0080400400400280ULL, 0x0080400400400680ULL,
236 0x0000400400280000ULL, 0x0000400400280400ULL, 0x0080400400280280ULL, 0x0080400400280680ULL,
237 0x0000400400680000ULL, 0x0000400400680400ULL, 0x0080400400680280ULL, 0x0080400400680680ULL,
238 0x0000400280000000ULL, 0x0000400280000400ULL, 0x0080400280000280ULL, 0x0080400280000680ULL,
239 0x0000400280400000ULL, 0x0000400280400400ULL, 0x0080400280400280ULL, 0x0080400280400680ULL,
240 0x0000400280280000ULL, 0x0000400280280400ULL, 0x0080400280280280ULL, 0x0080400280280680ULL,
241 0x0000400280680000ULL, 0x0000400280680400ULL, 0x0080400280680280ULL, 0x0080400280680680ULL,
242 0x0000400680000000ULL, 0x0000400680000400ULL, 0x0080400680000280ULL, 0x0080400680000680ULL,
243 0x0000400680400000ULL, 0x0000400680400400ULL, 0x0080400680400280ULL, 0x0080400680400680ULL,
244 0x0000400680280000ULL, 0x0000400680280400ULL, 0x0080400680280280ULL, 0x0080400680280680ULL,
245 0x0000400680680000ULL, 0x0000400680680400ULL, 0x0080400680680280ULL, 0x0080400680680680ULL,
246 0x0000280000000000ULL, 0x0000280000000400ULL, 0x0080280000000280ULL, 0x0080280000000680ULL,
247 0x0000280000400000ULL, 0x0000280000400400ULL, 0x0080280000400280ULL, 0x0080280000400680ULL,
248 0x0000280000280000ULL, 0x0000280000280400ULL, 0x0080280000280280ULL, 0x0080280000280680ULL,
249 0x0000280000680000ULL, 0x0000280000680400ULL, 0x0080280000680280ULL, 0x0080280000680680ULL,
250 0x0000280400000000ULL, 0x0000280400000400ULL, 0x0080280400000280ULL, 0x0080280400000680ULL,
251 0x0000280400400000ULL, 0x0000280400400400ULL, 0x0080280400400280ULL, 0x0080280400400680ULL,
252 0x0000280400280000ULL, 0x0000280400280400ULL, 0x0080280400280280ULL, 0x0080280400280680ULL,
253 0x0000280400680000ULL, 0x0000280400680400ULL, 0x0080280400680280ULL, 0x0080280400680680ULL,
254 0x0000280280000000ULL, 0x0000280280000400ULL, 0x0080280280000280ULL, 0x0080280280000680ULL,
255 0x0000280280400000ULL, 0x0000280280400400ULL, 0x0080280280400280ULL, 0x0080280280400680ULL,
256 0x0000280280280000ULL, 0x0000280280280400ULL, 0x0080280280280280ULL, 0x0080280280280680ULL,
257 0x0000280280680000ULL, 0x0000280280680400ULL, 0x0080280280680280ULL, 0x0080280280680680ULL,
258 0x0000280680000000ULL, 0x0000280680000400ULL, 0x0080280680000280ULL, 0x0080280680000680ULL,
259 0x0000280680400000ULL, 0x0000280680400400ULL, 0x0080280680400280ULL, 0x0080280680400680ULL,
260 0x0000280680280000ULL, 0x0000280680280400ULL, 0x0080280680280280ULL, 0x0080280680280680ULL,
261 0x0000280680680000ULL, 0x0000280680680400ULL, 0x0080280680680280ULL, 0x0080280680680680ULL,
262 0x0000680000000000ULL, 0x0000680000000400ULL, 0x0080680000000280ULL, 0x0080680000000680ULL,
263 0x0000680000400000ULL, 0x0000680000400400ULL, 0x0080680000400280ULL, 0x0080680000400680ULL,
264 0x0000680000280000ULL, 0x0000680000280400ULL, 0x0080680000280280ULL, 0x0080680000280680ULL,
265 0x0000680000680000ULL, 0x0000680000680400ULL, 0x0080680000680280ULL, 0x0080680000680680ULL,
266 0x0000680400000000ULL, 0x0000680400000400ULL, 0x0080680400000280ULL, 0x0080680400000680ULL,
267 0x0000680400400000ULL, 0x0000680400400400ULL, 0x0080680400400280ULL, 0x0080680400400680ULL,
268 0x0000680400280000ULL, 0x0000680400280400ULL, 0x0080680400280280ULL, 0x0080680400280680ULL,
269 0x0000680400680000ULL, 0x0000680400680400ULL, 0x0080680400680280ULL, 0x0080680400680680ULL,
270 0x0000680280000000ULL, 0x0000680280000400ULL, 0x0080680280000280ULL, 0x0080680280000680ULL,
271 0x0000680280400000ULL, 0x0000680280400400ULL, 0x0080680280400280ULL, 0x0080680280400680ULL,
272 0x0000680280280000ULL, 0x0000680280280400ULL, 0x0080680280280280ULL, 0x0080680280280680ULL,
273 0x0000680280680000ULL, 0x0000680280680400ULL, 0x0080680280680280ULL, 0x0080680280680680ULL,
274 0x0000680680000000ULL, 0x0000680680000400ULL, 0x0080680680000280ULL, 0x0080680680000680ULL,
275 0x0000680680400000ULL, 0x0000680680400400ULL, 0x0080680680400280ULL, 0x0080680680400680ULL,
276 0x0000680680280000ULL, 0x0000680680280400ULL, 0x0080680680280280ULL, 0x0080680680280680ULL,
277 0x0000680680680000ULL, 0x0000680680680400ULL, 0x0080680680680280ULL, 0x0080680680680680ULL
278 },
279 {
280 0x0000000000000000ULL, 0x0000000000005000ULL, 0x0000000000000800ULL, 0x0000000000005800ULL,
281 0x0000000005000000ULL, 0x0000000005005000ULL, 0x0000000005000800ULL, 0x0000000005005800ULL,
282 0x0000000000800000ULL, 0x0000000000805000ULL, 0x0000000000800800ULL, 0x0000000000805800ULL,
283 0x0000000005800000ULL, 0x0000000005805000ULL, 0x0000000005800800ULL, 0x0000000005805800ULL,
284 0x0000005000000000ULL, 0x0000005000005000ULL, 0x0000005000000800ULL, 0x0000005000005800ULL,
285 0x0000005005000000ULL, 0x0000005005005000ULL, 0x0000005005000800ULL, 0x0000005005005800ULL,
286 0x0000005000800000ULL, 0x0000005000805000ULL, 0x0000005000800800ULL, 0x0000005000805800ULL,
287 0x0000005005800000ULL, 0x0000005005805000ULL, 0x0000005005800800ULL, 0x0000005005805800ULL,
288 0x0000000800000000ULL, 0x0000000800005000ULL, 0x0000000800000800ULL, 0x0000000800005800ULL,
289 0x0000000805000000ULL, 0x0000000805005000ULL, 0x0000000805000800ULL, 0x0000000805005800ULL,
290 0x0000000800800000ULL, 0x0000000800805000ULL, 0x0000000800800800ULL, 0x0000000800805800ULL,
291 0x0000000805800000ULL, 0x0000000805805000ULL, 0x0000000805800800ULL, 0x0000000805805800ULL,
292 0x0000005800000000ULL, 0x0000005800005000ULL, 0x0000005800000800ULL, 0x0000005800005800ULL,
293 0x0000005805000000ULL, 0x0000005805005000ULL, 0x0000005805000800ULL, 0x0000005805005800ULL,
294 0x0000005800800000ULL, 0x0000005800805000ULL, 0x0000005800800800ULL, 0x0000005800805800ULL,
295 0x0000005805800000ULL, 0x0000005805805000ULL, 0x0000005805800800ULL, 0x0000005805805800ULL,
296 0x0005000000000004ULL, 0x0005000000005004ULL, 0x0005000000000804ULL, 0x0005000000005804ULL,
297 0x0005000005000004ULL, 0x0005000005005004ULL, 0x0005000005000804ULL, 0x0005000005005804ULL,
298 0x0005000000800004ULL, 0x0005000000805004ULL, 0x0005000000800804ULL, 0x0005000000805804ULL,
299 0x0005000005800004ULL, 0x0005000005805004ULL, 0x0005000005800804ULL, 0x0005000005805804ULL,
300 0x0005005000000004ULL, 0x0005005000005004ULL, 0x0005005000000804ULL, 0x0005005000005804ULL,
301 0x0005005005000004ULL, 0x0005005005005004ULL, 0x0005005005000804ULL, 0x0005005005005804ULL,
302 0x0005005000800004ULL, 0x0005005000805004ULL, 0x0005005000800804ULL, 0x0005005000805804ULL,
303 0x0005005005800004ULL, 0x0005005005805004ULL, 0x0005005005800804ULL, 0x0005005005805804ULL,
304 0x0005000800000004ULL, 0x0005000800005004ULL, 0x0005000800000804ULL, 0x0005000800005804ULL,
305 0x0005000805000004ULL, 0x0005000805005004ULL, 0x0005000805000804ULL, 0x0005000805005804ULL,
306 0x0005000800800004ULL, 0x0005000800805004ULL, 0x0005000800800804ULL, 0x0005000800805804ULL,
307 0x0005000805800004ULL, 0x0005000805805004ULL, 0x0005000805800804ULL, 0x0005000805805804ULL,
308 0x0005005800000004ULL, 0x0005005800005004ULL, 0x0005005800000804ULL, 0x0005005800005804ULL,
309 0x0005005805000004ULL, 0x0005005805005004ULL, 0x0005005805000804ULL, 0x0005005805005804ULL,
310 0x0005005800800004ULL, 0x0005005800805004ULL, 0x0005005800800804ULL, 0x0005005800805804ULL,
311 0x0005005805800004ULL, 0x0005005805805004ULL, 0x0005005805800804ULL, 0x0005005805805804ULL,
312 0x0000800000000000ULL, 0x0000800000005000ULL, 0x0000800000000800ULL, 0x0000800000005800ULL,
313 0x0000800005000000ULL, 0x0000800005005000ULL, 0x0000800005000800ULL, 0x0000800005005800ULL,
314 0x0000800000800000ULL, 0x0000800000805000ULL, 0x0000800000800800ULL, 0x0000800000805800ULL,
315 0x0000800005800000ULL, 0x0000800005805000ULL, 0x0000800005800800ULL, 0x0000800005805800ULL,
316 0x0000805000000000ULL, 0x0000805000005000ULL, 0x0000805000000800ULL, 0x0000805000005800ULL,
317 0x0000805005000000ULL, 0x0000805005005000ULL, 0x0000805005000800ULL, 0x0000805005005800ULL,
318 0x0000805000800000ULL, 0x0000805000805000ULL, 0x0000805000800800ULL, 0x0000805000805800ULL,
319 0x0000805005800000ULL, 0x0000805005805000ULL, 0x0000805005800800ULL, 0x0000805005805800ULL,
320 0x0000800800000000ULL, 0x0000800800005000ULL, 0x0000800800000800ULL, 0x0000800800005800ULL,
321 0x0000800805000000ULL, 0x0000800805005000ULL, 0x0000800805000800ULL, 0x0000800805005800ULL,
322 0x0000800800800000ULL, 0x0000800800805000ULL, 0x0000800800800800ULL, 0x0000800800805800ULL,
323 0x0000800805800000ULL, 0x0000800805805000ULL, 0x0000800805800800ULL, 0x0000800805805800ULL,
324 0x0000805800000000ULL, 0x0000805800005000ULL, 0x0000805800000800ULL, 0x0000805800005800ULL,
325 0x0000805805000000ULL, 0x0000805805005000ULL, 0x0000805805000800ULL, 0x0000805805005800ULL,
326 0x0000805800800000ULL, 0x0000805800805000ULL, 0x0000805800800800ULL, 0x0000805800805800ULL,
327 0x0000805805800000ULL, 0x0000805805805000ULL, 0x0000805805800800ULL, 0x0000805805805800ULL,
328 0x0005800000000004ULL, 0x0005800000005004ULL, 0x0005800000000804ULL, 0x0005800000005804ULL,
329 0x0005800005000004ULL, 0x0005800005005004ULL, 0x0005800005000804ULL, 0x0005800005005804ULL,
330 0x0005800000800004ULL, 0x0005800000805004ULL, 0x0005800000800804ULL, 0x0005800000805804ULL,
331 0x0005800005800004ULL, 0x0005800005805004ULL, 0x0005800005800804ULL, 0x0005800005805804ULL,
332 0x0005805000000004ULL, 0x0005805000005004ULL, 0x0005805000000804ULL, 0x0005805000005804ULL,
333 0x0005805005000004ULL, 0x0005805005005004ULL, 0x0005805005000804ULL, 0x0005805005005804ULL,
334 0x0005805000800004ULL, 0x0005805000805004ULL, 0x0005805000800804ULL, 0x0005805000805804ULL,
335 0x0005805005800004ULL, 0x0005805005805004ULL, 0x0005805005800804ULL, 0x0005805005805804ULL,
336 0x0005800800000004ULL, 0x0005800800005004ULL, 0x0005800800000804ULL, 0x0005800800005804ULL,
337 0x0005800805000004ULL, 0x0005800805005004ULL, 0x0005800805000804ULL, 0x0005800805005804ULL,
338 0x0005800800800004ULL, 0x0005800800805004ULL, 0x0005800800800804ULL, 0x0005800800805804ULL,
339 0x0005800805800004ULL, 0x0005800805805004ULL, 0x0005800805800804ULL, 0x0005800805805804ULL,
340 0x0005805800000004ULL, 0x0005805800005004ULL, 0x0005805800000804ULL, 0x0005805800005804ULL,
341 0x0005805805000004ULL, 0x0005805805005004ULL, 0x0005805805000804ULL, 0x0005805805005804ULL,
342 0x0005805800800004ULL, 0x0005805800805004ULL, 0x0005805800800804ULL, 0x0005805800805804ULL,
343 0x0005805805800004ULL, 0x0005805805805004ULL, 0x0005805805800804ULL, 0x0005805805805804ULL
344 }
345 /* END CSTYLED */
346 };
347 
348 static const uint32_t fp_table[256]=
349 {
350 0x00000000, 0x80000000, 0x00800000, 0x80800000,
351 0x00008000, 0x80008000, 0x00808000, 0x80808000,
352 0x00000080, 0x80000080, 0x00800080, 0x80800080,
353 0x00008080, 0x80008080, 0x00808080, 0x80808080,
354 0x40000000, 0xc0000000, 0x40800000, 0xc0800000,
355 0x40008000, 0xc0008000, 0x40808000, 0xc0808000,
356 0x40000080, 0xc0000080, 0x40800080, 0xc0800080,
357 0x40008080, 0xc0008080, 0x40808080, 0xc0808080,
358 0x00400000, 0x80400000, 0x00c00000, 0x80c00000,
359 0x00408000, 0x80408000, 0x00c08000, 0x80c08000,
360 0x00400080, 0x80400080, 0x00c00080, 0x80c00080,
361 0x00408080, 0x80408080, 0x00c08080, 0x80c08080,
362 0x40400000, 0xc0400000, 0x40c00000, 0xc0c00000,
363 0x40408000, 0xc0408000, 0x40c08000, 0xc0c08000,
364 0x40400080, 0xc0400080, 0x40c00080, 0xc0c00080,
365 0x40408080, 0xc0408080, 0x40c08080, 0xc0c08080,
366 0x00004000, 0x80004000, 0x00804000, 0x80804000,
367 0x0000c000, 0x8000c000, 0x0080c000, 0x8080c000,
368 0x00004080, 0x80004080, 0x00804080, 0x80804080,
369 0x0000c080, 0x8000c080, 0x0080c080, 0x8080c080,
370 0x40004000, 0xc0004000, 0x40804000, 0xc0804000,
371 0x4000c000, 0xc000c000, 0x4080c000, 0xc080c000,
372 0x40004080, 0xc0004080, 0x40804080, 0xc0804080,
373 0x4000c080, 0xc000c080, 0x4080c080, 0xc080c080,
374 0x00404000, 0x80404000, 0x00c04000, 0x80c04000,
375 0x0040c000, 0x8040c000, 0x00c0c000, 0x80c0c000,
376 0x00404080, 0x80404080, 0x00c04080, 0x80c04080,
377 0x0040c080, 0x8040c080, 0x00c0c080, 0x80c0c080,
378 0x40404000, 0xc0404000, 0x40c04000, 0xc0c04000,
379 0x4040c000, 0xc040c000, 0x40c0c000, 0xc0c0c000,
380 0x40404080, 0xc0404080, 0x40c04080, 0xc0c04080,
381 0x4040c080, 0xc040c080, 0x40c0c080, 0xc0c0c080,
382 0x00000040, 0x80000040, 0x00800040, 0x80800040,
383 0x00008040, 0x80008040, 0x00808040, 0x80808040,
384 0x000000c0, 0x800000c0, 0x008000c0, 0x808000c0,
385 0x000080c0, 0x800080c0, 0x008080c0, 0x808080c0,
386 0x40000040, 0xc0000040, 0x40800040, 0xc0800040,
387 0x40008040, 0xc0008040, 0x40808040, 0xc0808040,
388 0x400000c0, 0xc00000c0, 0x408000c0, 0xc08000c0,
389 0x400080c0, 0xc00080c0, 0x408080c0, 0xc08080c0,
390 0x00400040, 0x80400040, 0x00c00040, 0x80c00040,
391 0x00408040, 0x80408040, 0x00c08040, 0x80c08040,
392 0x004000c0, 0x804000c0, 0x00c000c0, 0x80c000c0,
393 0x004080c0, 0x804080c0, 0x00c080c0, 0x80c080c0,
394 0x40400040, 0xc0400040, 0x40c00040, 0xc0c00040,
395 0x40408040, 0xc0408040, 0x40c08040, 0xc0c08040,
396 0x404000c0, 0xc04000c0, 0x40c000c0, 0xc0c000c0,
397 0x404080c0, 0xc04080c0, 0x40c080c0, 0xc0c080c0,
398 0x00004040, 0x80004040, 0x00804040, 0x80804040,
399 0x0000c040, 0x8000c040, 0x0080c040, 0x8080c040,
400 0x000040c0, 0x800040c0, 0x008040c0, 0x808040c0,
401 0x0000c0c0, 0x8000c0c0, 0x0080c0c0, 0x8080c0c0,
402 0x40004040, 0xc0004040, 0x40804040, 0xc0804040,
403 0x4000c040, 0xc000c040, 0x4080c040, 0xc080c040,
404 0x400040c0, 0xc00040c0, 0x408040c0, 0xc08040c0,
405 0x4000c0c0, 0xc000c0c0, 0x4080c0c0, 0xc080c0c0,
406 0x00404040, 0x80404040, 0x00c04040, 0x80c04040,
407 0x0040c040, 0x8040c040, 0x00c0c040, 0x80c0c040,
408 0x004040c0, 0x804040c0, 0x00c040c0, 0x80c040c0,
409 0x0040c0c0, 0x8040c0c0, 0x00c0c0c0, 0x80c0c0c0,
410 0x40404040, 0xc0404040, 0x40c04040, 0xc0c04040,
411 0x4040c040, 0xc040c040, 0x40c0c040, 0xc0c0c040,
412 0x404040c0, 0xc04040c0, 0x40c040c0, 0xc0c040c0,
413 0x4040c0c0, 0xc040c0c0, 0x40c0c0c0, 0xc0c0c0c0
414 };
415 
416 static const uint64_t all_a = 0xaaaaaaaaaaaaaaaaULL;
417 static const uint64_t all_5 = 0x5555555555555555ULL;
418 static const uint64_t top_1 = 0xfc000000000000ULL;
419 static const uint64_t mid_4 = 0x3fffffc000000ULL;
420 static const uint64_t low_3 = 0x3ffff00ULL;
421 
422 
423 static void
des_ip(uint64_t * l,uint64_t * r,uint64_t pt)424 des_ip(uint64_t *l, uint64_t *r, uint64_t pt)
425 {
426 	uint64_t a, b;
427 
428 	a = pt & all_a;
429 	b = pt & all_5;
430 	a = a | (a << 7);
431 	b = b | (b >> 7);
432 
433 	b = (ip_table[0][(b >> 48) & 255ULL]) |
434 	    (ip_table[1][(b >> 32) & 255ULL]) |
435 	    (ip_table[0][(b >> 16) & 255ULL] << 6) |
436 	    (ip_table[1][b & 255ULL] << 6);
437 
438 	a = (ip_table[0][(a >> 56) & 255]) |
439 	    (ip_table[1][(a >> 40) & 255]) |
440 	    (ip_table[0][(a >> 24) & 255] << 6) |
441 	    (ip_table[1][(a >> 8) & 255] << 6);
442 
443 	*l = ((b & top_1) << 8) |
444 	    (b & mid_4) |
445 	    ((b & low_3) >> 5);
446 
447 	*r = ((a & top_1) << 8) |
448 	    (a & mid_4) |
449 	    ((a & low_3) >> 5);
450 }
451 
452 
453 static uint64_t
des_fp(uint64_t l,uint64_t r)454 des_fp(uint64_t l, uint64_t r)
455 {
456 	uint32_t upper, lower;
457 
458 	lower = fp_table[((l >> 55) & 240) | ((r >> 59) & 15)] |
459 	    (fp_table[((l >> 35) & 240) | ((r>>39) & 15)] >> 2) |
460 	    (fp_table[((l >> 23) & 240) | ((r >> 27) & 15)] >> 4) |
461 	    (fp_table[((l >> 6) & 240) | ((r >> 10) & 15)] >> 6);
462 
463 	upper = fp_table[((l >> 41) & 240) | ((r >> 45) & 15)] |
464 	    (fp_table[((l >> 29) & 240) | ((r >> 33) & 15)] >> 2) |
465 	    (fp_table[((l >> 12) & 240) | ((r >> 16) & 15)] >> 4) |
466 	    (fp_table[(l & 240) | (r >> 4) & 15] >> 6);
467 
468 	return ((((uint64_t)upper) << 32) | (uint64_t)lower);
469 
470 }
471 
472 uint64_t
des_crypt_impl(uint64_t * ks,uint64_t block,int one_or_three)473 des_crypt_impl(uint64_t *ks, uint64_t block, int one_or_three)
474 {
475 	int i, j;
476 	uint64_t l, r, t;
477 
478 	des_ip(&l, &r, block);
479 	for (j = 0; j < one_or_three; j++) {
480 		for (i = j * 16; i < (j + 1) * 16; i++) {
481 			t = r ^ ks[i];
482 			t = sbox_table[0][t >> 58] |
483 			    sbox_table[1][(t >> 44) & 63] |
484 			    sbox_table[2][(t >> 38) & 63] |
485 			    sbox_table[3][(t >> 32) & 63] |
486 			    sbox_table[4][(t >> 26) & 63] |
487 			    sbox_table[5][(t >> 15) & 63] |
488 			    sbox_table[6][(t >> 9) & 63] |
489 			    sbox_table[7][(t >> 3) & 63];
490 			t = t^l;
491 			l = r;
492 			r = t;
493 		}
494 		r = l;
495 		l = t;
496 	}
497 
498 	return (des_fp(l, r));
499 }
500 #endif /* !sun4u */
501 
502 /*
503  * block and out_block are assumed to be uint8_t [DES_BLOCK_LEN].
504  */
505 int
des3_crunch_block(const void * cookie,const uint8_t * block,uint8_t * out_block,boolean_t decrypt)506 des3_crunch_block(const void *cookie, const uint8_t *block,
507     uint8_t *out_block, boolean_t decrypt)
508 {
509 	keysched3_t *ksch = (keysched3_t *)cookie;
510 
511 	/*
512 	 * The code below, that is always executed on LITTLE_ENDIAN machines,
513 	 * reverses bytes in the block.  On BIG_ENDIAN, the same code
514 	 * copies the block without reversing bytes.
515 	 */
516 #ifdef _BIG_ENDIAN
517 	if (IS_P2ALIGNED(block, sizeof (uint64_t)) &&
518 	    IS_P2ALIGNED(out_block, sizeof (uint64_t))) {
519 		if (decrypt == B_TRUE)
520 			/* LINTED */
521 			*(uint64_t *)out_block = des_crypt_impl(
522 			    ksch->ksch_decrypt, /* LINTED */
523 			    *(uint64_t *)block, 3);
524 		else
525 			/* LINTED */
526 			*(uint64_t *)out_block = des_crypt_impl(
527 			    ksch->ksch_encrypt, /* LINTED */
528 			    *(uint64_t *)block, 3);
529 	} else
530 #endif	/* _BIG_ENDIAN */
531 	{
532 		uint64_t tmp;
533 
534 #ifdef UNALIGNED_POINTERS_PERMITTED
535 		tmp = htonll(*(uint64_t *)(void *)&block[0]);
536 #else
537 		tmp = (((uint64_t)block[0] << 56) | ((uint64_t)block[1] << 48) |
538 		    ((uint64_t)block[2] << 40) | ((uint64_t)block[3] << 32) |
539 		    ((uint64_t)block[4] << 24) | ((uint64_t)block[5] << 16) |
540 		    ((uint64_t)block[6] << 8) | (uint64_t)block[7]);
541 #endif	/* UNALIGNED_POINTERS_PERMITTED */
542 
543 		if (decrypt == B_TRUE)
544 			tmp = des_crypt_impl(ksch->ksch_decrypt, tmp, 3);
545 		else
546 			tmp = des_crypt_impl(ksch->ksch_encrypt, tmp, 3);
547 
548 #ifdef UNALIGNED_POINTERS_PERMITTED
549 		*(uint64_t *)(void *)&out_block[0] = htonll(tmp);
550 #else
551 		out_block[0] = tmp >> 56;
552 		out_block[1] = tmp >> 48;
553 		out_block[2] = tmp >> 40;
554 		out_block[3] = tmp >> 32;
555 		out_block[4] = tmp >> 24;
556 		out_block[5] = tmp >> 16;
557 		out_block[6] = tmp >> 8;
558 		out_block[7] = (uint8_t)tmp;
559 #endif	/* UNALIGNED_POINTERS_PERMITTED */
560 	}
561 	return (CRYPTO_SUCCESS);
562 }
563 
564 /*
565  * block and out_block are assumed to be uint8_t [DES_BLOCK_LEN].
566  */
567 int
des_crunch_block(const void * cookie,const uint8_t * block,uint8_t * out_block,boolean_t decrypt)568 des_crunch_block(const void *cookie, const uint8_t *block,
569     uint8_t *out_block, boolean_t decrypt)
570 {
571 	keysched_t *ksch = (keysched_t *)cookie;
572 
573 	/*
574 	 * The code below, that is always executed on LITTLE_ENDIAN machines,
575 	 * reverses bytes in the block.  On BIG_ENDIAN, the same code
576 	 * copies the block without reversing bytes.
577 	 */
578 #ifdef _BIG_ENDIAN
579 	if (IS_P2ALIGNED(block, sizeof (uint64_t)) &&
580 	    IS_P2ALIGNED(out_block, sizeof (uint64_t))) {
581 		if (decrypt == B_TRUE)
582 			/* LINTED */
583 			*(uint64_t *)out_block = des_crypt_impl(
584 			    ksch->ksch_decrypt, /* LINTED */
585 			    *(uint64_t *)block, 1);
586 		else
587 			/* LINTED */
588 			*(uint64_t *)out_block = des_crypt_impl(
589 			    ksch->ksch_encrypt, /* LINTED */
590 			    *(uint64_t *)block, 1);
591 
592 	} else
593 #endif	/* _BIG_ENDIAN */
594 	{
595 		uint64_t tmp;
596 
597 #ifdef UNALIGNED_POINTERS_PERMITTED
598 		tmp = htonll(*(uint64_t *)(void *)&block[0]);
599 #else
600 		tmp = (((uint64_t)block[0] << 56) | ((uint64_t)block[1] << 48) |
601 		    ((uint64_t)block[2] << 40) | ((uint64_t)block[3] << 32) |
602 		    ((uint64_t)block[4] << 24) | ((uint64_t)block[5] << 16) |
603 		    ((uint64_t)block[6] << 8) | (uint64_t)block[7]);
604 #endif	/* UNALIGNED_POINTERS_PERMITTED */
605 
606 
607 		if (decrypt == B_TRUE)
608 			tmp = des_crypt_impl(ksch->ksch_decrypt, tmp, 1);
609 		else
610 			tmp = des_crypt_impl(ksch->ksch_encrypt, tmp, 1);
611 
612 #ifdef UNALIGNED_POINTERS_PERMITTED
613 		*(uint64_t *)(void *)&out_block[0] = htonll(tmp);
614 #else
615 		out_block[0] = tmp >> 56;
616 		out_block[1] = tmp >> 48;
617 		out_block[2] = tmp >> 40;
618 		out_block[3] = tmp >> 32;
619 		out_block[4] = tmp >> 24;
620 		out_block[5] = tmp >> 16;
621 		out_block[6] = tmp >> 8;
622 		out_block[7] = (uint8_t)tmp;
623 #endif	/* UNALIGNED_POINTERS_PERMITTED */
624 	}
625 	return (CRYPTO_SUCCESS);
626 }
627 
628 static boolean_t
keycheck(uint8_t * key,uint8_t * corrected_key)629 keycheck(uint8_t *key, uint8_t *corrected_key)
630 {
631 	uint64_t key_so_far;
632 	uint_t i;
633 	/*
634 	 * Table of weak and semi-weak keys.  Fortunately, weak keys are
635 	 * endian-independent, and some semi-weak keys can be paired up in
636 	 * endian-opposite order.  Since keys are stored as uint64_t's,
637 	 * use the ifdef _LITTLE_ENDIAN where appropriate.
638 	 */
639 	static uint64_t des_weak_keys[] = {
640 		/* Really weak keys.  Byte-order independent values. */
641 		0x0101010101010101ULL,
642 		0x1f1f1f1f0e0e0e0eULL,
643 		0xe0e0e0e0f1f1f1f1ULL,
644 		0xfefefefefefefefeULL,
645 
646 		/* Semi-weak (and a few possibly-weak) keys. */
647 
648 		/* Byte-order independent semi-weak keys. */
649 		0x01fe01fe01fe01feULL,	0xfe01fe01fe01fe01ULL,
650 
651 		/* Byte-order dependent semi-weak keys. */
652 #ifdef _LITTLE_ENDIAN
653 		0xf10ef10ee01fe01fULL,	0x0ef10ef11fe01fe0ULL,
654 		0x01f101f101e001e0ULL,	0xf101f101e001e001ULL,
655 		0x0efe0efe1ffe1ffeULL,	0xfe0efe0efe1ffe1fULL,
656 		0x010e010e011f011fULL,	0x0e010e011f011f01ULL,
657 		0xf1fef1fee0fee0feULL,	0xfef1fef1fee0fee0ULL,
658 #else	/* Big endian */
659 		0x1fe01fe00ef10ef1ULL,	0xe01fe01ff10ef10eULL,
660 		0x01e001e001f101f1ULL,	0xe001e001f101f101ULL,
661 		0x1ffe1ffe0efe0efeULL,	0xfe1ffe1ffe0efe0eULL,
662 		0x011f011f010e010eULL,	0x1f011f010e010e01ULL,
663 		0xe0fee0fef1fef1feULL,	0xfee0fee0fef1fef1ULL,
664 #endif	/* _LITTLE_ENDIAN */
665 
666 		/* We'll save the other possibly-weak keys for the future. */
667 	};
668 
669 	if (key == NULL)
670 		return (B_FALSE);
671 
672 #ifdef UNALIGNED_POINTERS_PERMITTED
673 	key_so_far = htonll(*(uint64_t *)(void *)&key[0]);
674 #else
675 	/*
676 	 * The code below reverses the bytes on LITTLE_ENDIAN machines.
677 	 * On BIG_ENDIAN, the same code copies without reversing
678 	 * the bytes.
679 	 */
680 	key_so_far = (((uint64_t)key[0] << 56) | ((uint64_t)key[1] << 48) |
681 	    ((uint64_t)key[2] << 40) | ((uint64_t)key[3] << 32) |
682 	    ((uint64_t)key[4] << 24) | ((uint64_t)key[5] << 16) |
683 	    ((uint64_t)key[6] << 8) | (uint64_t)key[7]);
684 #endif	/* UNALIGNED_POINTERS_PERMITTED */
685 
686 	/*
687 	 * Fix parity.
688 	 */
689 	fix_des_parity(&key_so_far);
690 
691 	/* Do weak key check itself. */
692 	for (i = 0; i < (sizeof (des_weak_keys) / sizeof (uint64_t)); i++)
693 		if (key_so_far == des_weak_keys[i]) {
694 			return (B_FALSE);
695 		}
696 
697 	if (corrected_key != NULL) {
698 #ifdef UNALIGNED_POINTERS_PERMITTED
699 		*(uint64_t *)(void *)&corrected_key[0] = htonll(key_so_far);
700 #else
701 		/*
702 		 * The code below reverses the bytes on LITTLE_ENDIAN machines.
703 		 * On BIG_ENDIAN, the same code copies without reversing
704 		 * the bytes.
705 		 */
706 		corrected_key[0] = key_so_far >> 56;
707 		corrected_key[1] = key_so_far >> 48;
708 		corrected_key[2] = key_so_far >> 40;
709 		corrected_key[3] = key_so_far >> 32;
710 		corrected_key[4] = key_so_far >> 24;
711 		corrected_key[5] = key_so_far >> 16;
712 		corrected_key[6] = key_so_far >> 8;
713 		corrected_key[7] = (uint8_t)key_so_far;
714 #endif	/* UNALIGNED_POINTERS_PERMITTED */
715 	}
716 	return (B_TRUE);
717 }
718 
719 static boolean_t
des23_keycheck(uint8_t * key,uint8_t * corrected_key,boolean_t des3)720 des23_keycheck(uint8_t *key, uint8_t *corrected_key, boolean_t des3)
721 {
722 	uint64_t aligned_key[DES3_KEYSIZE / sizeof (uint64_t)];
723 	uint64_t key_so_far, scratch, *currentkey;
724 	uint_t j, num_weakkeys = 0;
725 	uint8_t keysize = DES3_KEYSIZE;
726 	uint8_t checks = 3;
727 
728 	if (key == NULL) {
729 		return (B_FALSE);
730 	}
731 
732 	if (des3 == B_FALSE) {
733 		keysize = DES2_KEYSIZE;
734 		checks = 2;
735 	}
736 
737 	if (!IS_P2ALIGNED(key, sizeof (uint64_t))) {
738 		bcopy(key, aligned_key, keysize);
739 		currentkey = (uint64_t *)aligned_key;
740 	} else {
741 		/* LINTED */
742 		currentkey = (uint64_t *)key;
743 	}
744 
745 	for (j = 0; j < checks; j++) {
746 		key_so_far = currentkey[j];
747 
748 		if (!keycheck((uint8_t *)&key_so_far, (uint8_t *)&scratch)) {
749 			if (++num_weakkeys > 1) {
750 				return (B_FALSE);
751 			}
752 			/*
753 			 * We found a weak key, but since
754 			 * we've only found one weak key,
755 			 * we can not reject the whole 3DES
756 			 * set of keys as weak.
757 			 *
758 			 * Break from the weak key loop
759 			 * (since this DES key is weak) and
760 			 * continue on.
761 			 */
762 		}
763 
764 		currentkey[j] = scratch;
765 	}
766 
767 	/*
768 	 * Perform key equivalence checks, now that parity is properly set.
769 	 * 1st and 2nd keys must be unique, the 3rd key can be the same as
770 	 * the 1st key for the 2 key variant of 3DES.
771 	 */
772 	if (currentkey[0] == currentkey[1] || currentkey[1] == currentkey[2])
773 		return (B_FALSE);
774 
775 	if (corrected_key != NULL) {
776 		bcopy(currentkey, corrected_key, keysize);
777 	}
778 
779 	return (B_TRUE);
780 }
781 
782 boolean_t
des_keycheck(uint8_t * key,des_strength_t strength,uint8_t * corrected_key)783 des_keycheck(uint8_t *key, des_strength_t strength, uint8_t *corrected_key)
784 {
785 	if (strength == DES) {
786 		return (keycheck(key, corrected_key));
787 	} else if (strength == DES2) {
788 		return (des23_keycheck(key, corrected_key, B_FALSE));
789 	} else if (strength == DES3) {
790 		return (des23_keycheck(key, corrected_key, B_TRUE));
791 	} else {
792 		return (B_FALSE);
793 	}
794 }
795 
796 void
des_parity_fix(uint8_t * key,des_strength_t strength,uint8_t * corrected_key)797 des_parity_fix(uint8_t *key, des_strength_t strength, uint8_t *corrected_key)
798 {
799 	uint64_t aligned_key[DES3_KEYSIZE / sizeof (uint64_t)];
800 	uint8_t *paritied_key;
801 	uint64_t key_so_far;
802 	int i = 0, offset = 0;
803 
804 	if (strength == DES)
805 		bcopy(key, aligned_key, DES_KEYSIZE);
806 	else
807 		bcopy(key, aligned_key, DES3_KEYSIZE);
808 
809 	paritied_key = (uint8_t *)aligned_key;
810 	while (strength > i) {
811 		offset = 8 * i;
812 #ifdef UNALIGNED_POINTERS_PERMITTED
813 		key_so_far = htonll(*(uint64_t *)(void *)&paritied_key[offset]);
814 #else
815 		key_so_far = (((uint64_t)paritied_key[offset + 0] << 56) |
816 		    ((uint64_t)paritied_key[offset + 1] << 48) |
817 		    ((uint64_t)paritied_key[offset + 2] << 40) |
818 		    ((uint64_t)paritied_key[offset + 3] << 32) |
819 		    ((uint64_t)paritied_key[offset + 4] << 24) |
820 		    ((uint64_t)paritied_key[offset + 5] << 16) |
821 		    ((uint64_t)paritied_key[offset + 6] << 8) |
822 		    (uint64_t)paritied_key[offset + 7]);
823 #endif	/* UNALIGNED_POINTERS_PERMITTED */
824 
825 		fix_des_parity(&key_so_far);
826 
827 #ifdef UNALIGNED_POINTERS_PERMITTED
828 		*(uint64_t *)(void *)&paritied_key[offset] = htonll(key_so_far);
829 #else
830 		paritied_key[offset + 0] = key_so_far >> 56;
831 		paritied_key[offset + 1] = key_so_far >> 48;
832 		paritied_key[offset + 2] = key_so_far >> 40;
833 		paritied_key[offset + 3] = key_so_far >> 32;
834 		paritied_key[offset + 4] = key_so_far >> 24;
835 		paritied_key[offset + 5] = key_so_far >> 16;
836 		paritied_key[offset + 6] = key_so_far >> 8;
837 		paritied_key[offset + 7] = (uint8_t)key_so_far;
838 #endif	/* UNALIGNED_POINTERS_PERMITTED */
839 
840 		i++;
841 	}
842 
843 	bcopy(paritied_key, corrected_key, DES_KEYSIZE * strength);
844 }
845 
846 
847 /*
848  * Initialize key schedule for DES, DES2, and DES3
849  */
850 void
des_init_keysched(uint8_t * cipherKey,des_strength_t strength,void * ks)851 des_init_keysched(uint8_t *cipherKey, des_strength_t strength, void *ks)
852 {
853 	uint64_t *encryption_ks;
854 	uint64_t *decryption_ks;
855 	uint64_t keysched[48];
856 	uint64_t key_uint64[3];
857 	uint64_t tmp;
858 	uint_t keysize, i, j;
859 
860 	switch (strength) {
861 	case DES:
862 		keysize = DES_KEYSIZE;
863 		encryption_ks = ((keysched_t *)ks)->ksch_encrypt;
864 		decryption_ks = ((keysched_t *)ks)->ksch_decrypt;
865 		break;
866 	case DES2:
867 		keysize = DES2_KEYSIZE;
868 		encryption_ks = ((keysched3_t *)ks)->ksch_encrypt;
869 		decryption_ks = ((keysched3_t *)ks)->ksch_decrypt;
870 		break;
871 	case DES3:
872 		keysize = DES3_KEYSIZE;
873 		encryption_ks = ((keysched3_t *)ks)->ksch_encrypt;
874 		decryption_ks = ((keysched3_t *)ks)->ksch_decrypt;
875 	}
876 
877 	/*
878 	 * The code below, that is always executed on LITTLE_ENDIAN machines,
879 	 * reverses every 8 bytes in the key.  On BIG_ENDIAN, the same code
880 	 * copies the key without reversing bytes.
881 	 */
882 #ifdef _BIG_ENDIAN
883 	if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) {
884 		for (i = 0, j = 0; j < keysize; i++, j += 8) {
885 			/* LINTED: pointer alignment */
886 			key_uint64[i] = *((uint64_t *)&cipherKey[j]);
887 		}
888 	} else
889 #endif	/* _BIG_ENDIAN */
890 	{
891 		for (i = 0, j = 0; j < keysize; i++, j += 8) {
892 #ifdef UNALIGNED_POINTERS_PERMITTED
893 			key_uint64[i] =
894 			    htonll(*(uint64_t *)(void *)&cipherKey[j]);
895 #else
896 			key_uint64[i] = (((uint64_t)cipherKey[j] << 56) |
897 			    ((uint64_t)cipherKey[j + 1] << 48) |
898 			    ((uint64_t)cipherKey[j + 2] << 40) |
899 			    ((uint64_t)cipherKey[j + 3] << 32) |
900 			    ((uint64_t)cipherKey[j + 4] << 24) |
901 			    ((uint64_t)cipherKey[j + 5] << 16) |
902 			    ((uint64_t)cipherKey[j + 6] << 8) |
903 			    (uint64_t)cipherKey[j + 7]);
904 #endif	/* UNALIGNED_POINTERS_PERMITTED */
905 		}
906 	}
907 
908 	switch (strength) {
909 	case DES:
910 		des_ks(keysched, key_uint64[0]);
911 		break;
912 
913 	case DES2:
914 		/* DES2 is just DES3 with the first and third keys the same */
915 		bcopy(key_uint64, key_uint64 + 2, DES_KEYSIZE);
916 		/* FALLTHRU */
917 	case DES3:
918 		des_ks(keysched, key_uint64[0]);
919 		des_ks(keysched + 16, key_uint64[1]);
920 		for (i = 0; i < 8; i++) {
921 			tmp = keysched[16+i];
922 			keysched[16+i] = keysched[31-i];
923 			keysched[31-i] = tmp;
924 		}
925 		des_ks(keysched+32, key_uint64[2]);
926 		keysize = DES3_KEYSIZE;
927 	}
928 
929 	/* save the encryption keyschedule */
930 	bcopy(keysched, encryption_ks, keysize * 16);
931 
932 	/* reverse the key schedule */
933 	for (i = 0; i < keysize; i++) {
934 		tmp = keysched[i];
935 		keysched[i] = keysched[2 * keysize - 1 - i];
936 		keysched[2 * keysize -1 -i] = tmp;
937 	}
938 
939 	/* save the decryption keyschedule */
940 	bcopy(keysched, decryption_ks, keysize * 16);
941 }
942 
943 /*
944  * Allocate key schedule.
945  */
946 /*ARGSUSED*/
947 void *
des_alloc_keysched(size_t * keysched_size,des_strength_t strength,int kmflag)948 des_alloc_keysched(size_t *keysched_size, des_strength_t strength, int kmflag)
949 {
950 	void *keysched;
951 
952 	size_t size;
953 
954 	switch (strength) {
955 	case DES:
956 		size = sizeof (keysched_t);
957 		break;
958 	case DES2:
959 	case DES3:
960 		size = sizeof (keysched3_t);
961 	}
962 
963 #ifdef	_KERNEL
964 	keysched = (keysched_t *)kmem_alloc(size, kmflag);
965 #else	/* !_KERNEL */
966 	keysched = (keysched_t *)malloc(size);
967 #endif	/* _KERNEL */
968 
969 	if (keysched == NULL)
970 		return (NULL);
971 
972 	if (keysched_size != NULL)
973 		*keysched_size = size;
974 
975 	return (keysched);
976 }
977 
978 /*
979  * Replace the LSB of each byte by the xor of the other
980  * 7 bits.  The tricky thing is that the original contents of the LSBs
981  * are nullified by including them twice in the xor computation.
982  */
983 static void
fix_des_parity(uint64_t * keyp)984 fix_des_parity(uint64_t *keyp)
985 {
986 	uint64_t k = *keyp;
987 	k ^= k >> 1;
988 	k ^= k >> 2;
989 	k ^= k >> 4;
990 	*keyp ^= (k & 0x0101010101010101ULL);
991 	*keyp ^= 0x0101010101010101ULL;
992 }
993 
994 void
des_copy_block(uint8_t * in,uint8_t * out)995 des_copy_block(uint8_t *in, uint8_t *out)
996 {
997 	if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
998 	    IS_P2ALIGNED(out, sizeof (uint32_t))) {
999 		/* LINTED: pointer alignment */
1000 		*(uint32_t *)&out[0] = *(uint32_t *)&in[0];
1001 		/* LINTED: pointer alignment */
1002 		*(uint32_t *)&out[4] = *(uint32_t *)&in[4];
1003 	} else {
1004 		DES_COPY_BLOCK(in, out);
1005 	}
1006 }
1007 
1008 /* XOR block of data into dest */
1009 void
des_xor_block(uint8_t * data,uint8_t * dst)1010 des_xor_block(uint8_t *data, uint8_t *dst)
1011 {
1012 	if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1013 	    IS_P2ALIGNED(data, sizeof (uint32_t))) {
1014 		/* LINTED: pointer alignment */
1015 		*(uint32_t *)&dst[0] ^=
1016 		    /* LINTED: pointer alignment */
1017 		    *(uint32_t *)&data[0];
1018 		    /* LINTED: pointer alignment */
1019 		*(uint32_t *)&dst[4] ^=
1020 		    /* LINTED: pointer alignment */
1021 		    *(uint32_t *)&data[4];
1022 	} else {
1023 		DES_XOR_BLOCK(data, dst);
1024 	}
1025 }
1026 
1027 int
des_encrypt_block(const void * keysched,const uint8_t * in,uint8_t * out)1028 des_encrypt_block(const void *keysched, const uint8_t *in, uint8_t *out)
1029 {
1030 	return (des_crunch_block(keysched, in, out, B_FALSE));
1031 }
1032 
1033 int
des3_encrypt_block(const void * keysched,const uint8_t * in,uint8_t * out)1034 des3_encrypt_block(const void *keysched, const uint8_t *in, uint8_t *out)
1035 {
1036 	return (des3_crunch_block(keysched, in, out, B_FALSE));
1037 }
1038 
1039 int
des_decrypt_block(const void * keysched,const uint8_t * in,uint8_t * out)1040 des_decrypt_block(const void *keysched, const uint8_t *in, uint8_t *out)
1041 {
1042 	return (des_crunch_block(keysched, in, out, B_TRUE));
1043 }
1044 
1045 int
des3_decrypt_block(const void * keysched,const uint8_t * in,uint8_t * out)1046 des3_decrypt_block(const void *keysched, const uint8_t *in, uint8_t *out)
1047 {
1048 	return (des3_crunch_block(keysched, in, out, B_TRUE));
1049 }
1050 
1051 /*
1052  * Encrypt multiple blocks of data according to mode.
1053  */
1054 int
des_encrypt_contiguous_blocks(void * ctx,char * data,size_t length,crypto_data_t * out)1055 des_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1056     crypto_data_t *out)
1057 {
1058 	des_ctx_t *des_ctx = ctx;
1059 	int rv;
1060 
1061 	if (des_ctx->dc_flags & DES3_STRENGTH) {
1062 		if (des_ctx->dc_flags & CBC_MODE) {
1063 			rv = cbc_encrypt_contiguous_blocks(ctx, data,
1064 			    length, out, DES_BLOCK_LEN, des3_encrypt_block,
1065 			    des_copy_block, des_xor_block);
1066 		} else {
1067 			rv = ecb_cipher_contiguous_blocks(ctx, data, length,
1068 			    out, DES_BLOCK_LEN, des3_encrypt_block);
1069 		}
1070 	} else {
1071 		if (des_ctx->dc_flags & CBC_MODE) {
1072 			rv = cbc_encrypt_contiguous_blocks(ctx, data,
1073 			    length, out, DES_BLOCK_LEN, des_encrypt_block,
1074 			    des_copy_block, des_xor_block);
1075 		} else {
1076 			rv = ecb_cipher_contiguous_blocks(ctx, data, length,
1077 			    out, DES_BLOCK_LEN, des_encrypt_block);
1078 		}
1079 	}
1080 	return (rv);
1081 }
1082 
1083 /*
1084  * Decrypt multiple blocks of data according to mode.
1085  */
1086 int
des_decrypt_contiguous_blocks(void * ctx,char * data,size_t length,crypto_data_t * out)1087 des_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
1088     crypto_data_t *out)
1089 {
1090 	des_ctx_t *des_ctx = ctx;
1091 	int rv;
1092 
1093 	if (des_ctx->dc_flags & DES3_STRENGTH) {
1094 		if (des_ctx->dc_flags & CBC_MODE) {
1095 			rv = cbc_decrypt_contiguous_blocks(ctx, data,
1096 			    length, out, DES_BLOCK_LEN, des3_decrypt_block,
1097 			    des_copy_block, des_xor_block);
1098 		} else {
1099 			rv = ecb_cipher_contiguous_blocks(ctx, data, length,
1100 			    out, DES_BLOCK_LEN, des3_decrypt_block);
1101 			if (rv == CRYPTO_DATA_LEN_RANGE)
1102 				rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1103 		}
1104 	} else {
1105 		if (des_ctx->dc_flags & CBC_MODE) {
1106 			rv = cbc_decrypt_contiguous_blocks(ctx, data,
1107 			    length, out, DES_BLOCK_LEN, des_decrypt_block,
1108 			    des_copy_block, des_xor_block);
1109 		} else {
1110 			rv = ecb_cipher_contiguous_blocks(ctx, data, length,
1111 			    out, DES_BLOCK_LEN, des_decrypt_block);
1112 			if (rv == CRYPTO_DATA_LEN_RANGE)
1113 				rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
1114 		}
1115 	}
1116 	return (rv);
1117 }
1118