2 * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
5 * For copying and distribution information, please see the file
8 * These routines perform encryption and decryption using the DES
9 * private key algorithm, or else a subset of it-- fewer inner loops.
10 * ( AUTH_DES_ITER defaults to 16, may be less)
12 * Under U.S. law, this software may not be exported outside the US
13 * without license from the U.S. Commerce department.
15 * The key schedule is passed as an arg, as well as the cleartext or
16 * ciphertext. The cleartext and ciphertext should be in host order.
18 * These routines form the library interface to the des facilities.
20 * spm 8/85 MIT project athena
23 #include "mit-cpyright.h"
28 #include <afsconfig.h>
29 #include <afs/param.h>
31 #include "des_prototypes.h"
34 #include "des_internal.h"
36 #define XPRT_PCBC_ENCRYPT
39 * pcbc_encrypt is an "error propagation chaining" encrypt operation
40 * for DES, similar to CBC, but that, on encryption, "xor"s the
41 * plaintext of block N with the ciphertext resulting from block N,
42 * then "xor"s that result with the plaintext of block N+1 prior to
43 * encrypting block N+1. (decryption the appropriate inverse. This
44 * "pcbc" mode propagates a single bit error anywhere in either the
45 * cleartext or ciphertext chain all the way through to the end. In
46 * contrast, CBC mode limits a single bit error in the ciphertext to
47 * affect only the current (8byte) block and the subsequent block.
49 * performs pcbc error-propagation chaining operation by xor-ing block
50 * N+1 with both the plaintext (block N) and the ciphertext from block
51 * N. Either encrypts from cleartext to ciphertext, if encrypt != 0
52 * or decrypts from ciphertext to cleartext, if encrypt == 0
54 * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not
55 * enough space was provided, your program will get trashed.
57 * For encryption, the cleartext string is null padded, at the end, to
58 * an integral multiple of eight bytes.
60 * For decryption, the ciphertext will be used in integral multiples
61 * of 8 bytes, but only the first "length" bytes returned into the
64 * This is NOT a standard mode of operation.
68 des_cblock *in; * >= length bytes of input text *
69 des_cblock *out; * >= length bytes of output text *
70 register afs_int32 length; * in bytes *
71 int encrypt; * 0 ==> decrypt, else encrypt *
72 des_key_schedule key; * precomputed key schedule *
73 des_cblock *iv; * 8 bytes of ivec *
76 des_pcbc_encrypt(void * in, void * out, register afs_int32 length,
77 des_key_schedule key, des_cblock * iv, int encrypt)
79 register afs_uint32 *input = (afs_uint32 *) in;
80 register afs_uint32 *output = (afs_uint32 *) out;
81 register afs_uint32 *ivec = (afs_uint32 *) iv;
84 afs_uint32 t_input[2];
85 afs_uint32 t_output[2];
86 unsigned char *t_in_p = (unsigned char *)t_input;
87 afs_uint32 xor_0, xor_1;
91 if (afs_pointer_to_int(ivec) & 3) {
92 memcpy((char *)&xor_0, (char *)ivec++, sizeof(xor_0));
93 memcpy((char *)&xor_1, (char *)ivec, sizeof(xor_1));
101 for (i = 0; length > 0; i++, length -= 8) {
104 if (afs_pointer_to_int(input) & 3) {
105 memcpy((char *)&t_input[0], (char *)input,
107 memcpy((char *)&t_input[1], (char *)(input + 1),
113 t_input[1] = *(input + 1);
118 for (j = length; j <= 7; j++)
123 des_debug_print("clear", length, t_input[0], t_input[1]);
125 /* do the xor for cbc into the temp */
129 (void)des_ecb_encrypt(t_input, t_output, key, encrypt);
132 * We want to XOR with both the plaintext and ciphertext
133 * of the previous block, before we write the output, in
134 * case both input and output are the same space.
137 if (afs_pointer_to_int(input) & 3) {
138 memcpy((char *)&xor_0, (char *)input++, sizeof(xor_0));
139 xor_0 ^= t_output[0];
140 memcpy((char *)&xor_1, (char *)input++, sizeof(xor_1));
141 xor_1 ^= t_output[1];
145 xor_0 = *input++ ^ t_output[0];
146 xor_1 = *input++ ^ t_output[1];
150 /* copy temp output and save it for cbc */
152 if (afs_pointer_to_int(output) & 3) {
153 memcpy((char *)output++, (char *)&t_output[0],
154 sizeof(t_output[0]));
155 memcpy((char *)output++, (char *)&t_output[1],
156 sizeof(t_output[1]));
160 *output++ = t_output[0];
161 *output++ = t_output[1];
166 des_debug_print("xor'ed", i, t_input[0], t_input[1]);
167 des_debug_print("cipher", i, t_output[0], t_output[1]);
181 if (afs_pointer_to_int(ivec) & 3) {
182 memcpy((char *)&xor_0, (char *)ivec++, sizeof(xor_0));
183 memcpy((char *)&xor_1, (char *)ivec, sizeof(xor_1));
191 for (i = 0; length > 0; i++, length -= 8) {
194 if (afs_pointer_to_int(input) & 3) {
195 memcpy((char *)&t_input[0], (char *)input++,
197 memcpy((char *)&t_input[1], (char *)input++,
202 t_input[0] = *input++;
203 t_input[1] = *input++;
206 /* no padding for decrypt */
209 des_debug_print("cipher", i, t_input[0], t_input[1]);
216 (void)des_ecb_encrypt(t_input, t_output, key, encrypt);
219 des_debug_print("out pre xor", i, t_output[0], t_output[1]);
221 /* do the xor for cbc into the output */
222 t_output[0] ^= xor_0;
223 t_output[1] ^= xor_1;
224 /* copy temp output */
226 if (afs_pointer_to_int(output) & 3) {
227 memcpy((char *)output++, (char *)&t_output[0],
228 sizeof(t_output[0]));
229 memcpy((char *)output++, (char *)&t_output[1],
230 sizeof(t_output[1]));
234 *output++ = t_output[0];
235 *output++ = t_output[1];
238 /* save xor value for next round */
239 xor_0 = t_output[0] ^ t_input[0];
240 xor_1 = t_output[1] ^ t_input[1];
244 des_debug_print("clear", i, t_output[0], t_output[1]);