xref: /openbsd-src/lib/libcrypto/rc2/rc2_cbc.c (revision f6aab3d83b51b91c24247ad2c2573574de475a82) 
1 /* $OpenBSD: rc2_cbc.c,v 1.8 2023/07/07 13:40:44 beck Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <openssl/rc2.h>
60 #include "rc2_local.h"
61 
62 void
63 RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
64     RC2_KEY *ks, unsigned char *iv, int encrypt)
65 {
66 	unsigned long tin0, tin1;
67 	unsigned long tout0, tout1, xor0, xor1;
68 	long l = length;
69 	unsigned long tin[2];
70 
71 	if (encrypt) {
72 		c2l(iv, tout0);
73 		c2l(iv, tout1);
74 		iv -= 8;
75 		for (l -= 8; l >= 0; l -= 8)
76 		{
77 			c2l(in, tin0);
78 			c2l(in, tin1);
79 			tin0 ^= tout0;
80 			tin1 ^= tout1;
81 			tin[0] = tin0;
82 			tin[1] = tin1;
83 			RC2_encrypt(tin, ks);
84 			tout0 = tin[0];
85 			l2c(tout0, out);
86 			tout1 = tin[1];
87 			l2c(tout1, out);
88 		}
89 		if (l != -8) {
90 			c2ln(in, tin0, tin1, l + 8);
91 			tin0 ^= tout0;
92 			tin1 ^= tout1;
93 			tin[0] = tin0;
94 			tin[1] = tin1;
95 			RC2_encrypt(tin, ks);
96 			tout0 = tin[0];
97 			l2c(tout0, out);
98 			tout1 = tin[1];
99 			l2c(tout1, out);
100 		}
101 		l2c(tout0, iv);
102 		l2c(tout1, iv);
103 	} else {
104 		c2l(iv, xor0);
105 		c2l(iv, xor1);
106 		iv -= 8;
107 		for (l -= 8; l >= 0; l -= 8)
108 		{
109 			c2l(in, tin0);
110 			tin[0] = tin0;
111 			c2l(in, tin1);
112 			tin[1] = tin1;
113 			RC2_decrypt(tin, ks);
114 			tout0 = tin[0] ^ xor0;
115 			tout1 = tin[1] ^ xor1;
116 			l2c(tout0, out);
117 			l2c(tout1, out);
118 			xor0 = tin0;
119 			xor1 = tin1;
120 		}
121 		if (l != -8) {
122 			c2l(in, tin0);
123 			tin[0] = tin0;
124 			c2l(in, tin1);
125 			tin[1] = tin1;
126 			RC2_decrypt(tin, ks);
127 			tout0 = tin[0] ^ xor0;
128 			tout1 = tin[1] ^ xor1;
129 			l2cn(tout0, tout1, out, l + 8);
130 			xor0 = tin0;
131 			xor1 = tin1;
132 		}
133 		l2c(xor0, iv);
134 		l2c(xor1, iv);
135 	}
136 	tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
137 	tin[0] = tin[1] = 0;
138 }
139 LCRYPTO_ALIAS(RC2_cbc_encrypt);
140 
141 void
142 RC2_encrypt(unsigned long *d, RC2_KEY *key)
143 {
144 	int i, n;
145 	RC2_INT *p0, *p1;
146 	RC2_INT x0, x1, x2, x3, t;
147 	unsigned long l;
148 
149 	l = d[0];
150 	x0 = (RC2_INT)l & 0xffff;
151 	x1 = (RC2_INT)(l >> 16L);
152 	l = d[1];
153 	x2 = (RC2_INT)l & 0xffff;
154 	x3 = (RC2_INT)(l >> 16L);
155 
156 	n = 3;
157 	i = 5;
158 
159 	p0 = p1 = &(key->data[0]);
160 	for (;;) {
161 		t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
162 		x0 = (t << 1)|(t >> 15);
163 		t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
164 		x1 = (t << 2)|(t >> 14);
165 		t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
166 		x2 = (t << 3)|(t >> 13);
167 		t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
168 		x3 = (t << 5)|(t >> 11);
169 
170 		if (--i == 0) {
171 			if (--n == 0)
172 				break;
173 			i = (n == 2) ? 6 : 5;
174 
175 			x0 += p1[x3 & 0x3f];
176 			x1 += p1[x0 & 0x3f];
177 			x2 += p1[x1 & 0x3f];
178 			x3 += p1[x2 & 0x3f];
179 		}
180 	}
181 
182 	d[0] = (unsigned long)(x0 & 0xffff)|((unsigned long)(x1 & 0xffff) <<
183 	    16L);
184 	d[1] = (unsigned long)(x2 & 0xffff)|((unsigned long)(x3 & 0xffff) <<
185 	    16L);
186 }
187 LCRYPTO_ALIAS(RC2_encrypt);
188 
189 void
190 RC2_decrypt(unsigned long *d, RC2_KEY *key)
191 {
192 	int i, n;
193 	RC2_INT *p0, *p1;
194 	RC2_INT x0, x1, x2, x3, t;
195 	unsigned long l;
196 
197 	l = d[0];
198 	x0 = (RC2_INT)l & 0xffff;
199 	x1 = (RC2_INT)(l >> 16L);
200 	l = d[1];
201 	x2 = (RC2_INT)l & 0xffff;
202 	x3 = (RC2_INT)(l >> 16L);
203 
204 	n = 3;
205 	i = 5;
206 
207 	p0 = &(key->data[63]);
208 	p1 = &(key->data[0]);
209 	for (;;) {
210 		t = ((x3 << 11)|(x3 >> 5)) & 0xffff;
211 		x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
212 		t = ((x2 << 13)|(x2 >> 3)) & 0xffff;
213 		x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
214 		t = ((x1 << 14)|(x1 >> 2)) & 0xffff;
215 		x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
216 		t = ((x0 << 15)|(x0 >> 1)) & 0xffff;
217 		x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
218 
219 		if (--i == 0) {
220 			if (--n == 0)
221 				break;
222 			i = (n == 2) ? 6 : 5;
223 
224 			x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
225 			x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
226 			x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
227 			x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
228 		}
229 	}
230 
231 	d[0] = (unsigned long)(x0 & 0xffff)|((unsigned long)(x1 & 0xffff) <<
232 	    16L);
233 	d[1] = (unsigned long)(x2 & 0xffff)|((unsigned long)(x3 & 0xffff) <<
234 	    16L);
235 }
236 LCRYPTO_ALIAS(RC2_decrypt);
237