2 * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
5 * For copying and distribution information, please see the file
8 * These routines perform encryption and decryption using the DES
9 * private key algorithm, or else a subset of it-- fewer inner loops.
10 * ( AUTH_DES_ITER defaults to 16, may be less)
12 * Under U.S. law, this software may not be exported outside the US
13 * without license from the U.S. Commerce department.
15 * The key schedule is passed as an arg, as well as the cleartext or
16 * ciphertext. The cleartext and ciphertext should be in host order.
18 * These routines form the library interface to the des facilities.
20 * spm 8/85 MIT project athena
23 #include <mit-cpyright.h>
26 #include <afs/param.h>
27 #include "des_internal.h"
29 #define XPRT_PCBC_ENCRYPT
32 extern int des_debug_print();
33 extern int des_ecb_encrypt();
36 * pcbc_encrypt is an "error propagation chaining" encrypt operation
37 * for DES, similar to CBC, but that, on encryption, "xor"s the
38 * plaintext of block N with the ciphertext resulting from block N,
39 * then "xor"s that result with the plaintext of block N+1 prior to
40 * encrypting block N+1. (decryption the appropriate inverse. This
41 * "pcbc" mode propagates a single bit error anywhere in either the
42 * cleartext or ciphertext chain all the way through to the end. In
43 * contrast, CBC mode limits a single bit error in the ciphertext to
44 * affect only the current (8byte) block and the subsequent block.
46 * performs pcbc error-propagation chaining operation by xor-ing block
47 * N+1 with both the plaintext (block N) and the ciphertext from block
48 * N. Either encrypts from cleartext to ciphertext, if encrypt != 0
49 * or decrypts from ciphertext to cleartext, if encrypt == 0
51 * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not
52 * enough space was provided, your program will get trashed.
54 * For encryption, the cleartext string is null padded, at the end, to
55 * an integral multiple of eight bytes.
57 * For decryption, the ciphertext will be used in integral multiples
58 * of 8 bytes, but only the first "length" bytes returned into the
61 * This is NOT a standard mode of operation.
66 des_pcbc_encrypt(in,out,length,key,iv,encrypt)
67 des_cblock *in; /* >= length bytes of inputtext */
68 des_cblock *out; /* >= length bytes of outputtext */
69 register afs_int32 length; /* in bytes */
70 int encrypt; /* 0 ==> decrypt, else encrypt */
71 des_key_schedule key; /* precomputed key schedule */
72 des_cblock *iv; /* 8 bytes of ivec */
74 register afs_uint32 *input = (afs_uint32 *) in;
75 register afs_uint32 *output = (afs_uint32 *) out;
76 register afs_uint32 *ivec = (afs_uint32 *) iv;
79 afs_uint32 t_input[2];
80 afs_uint32 t_output[2];
81 unsigned char *t_in_p = (unsigned char *) t_input;
82 afs_uint32 xor_0, xor_1;
86 if ((afs_int32) ivec & 3) {
87 bcopy((char *)ivec++,(char *)&xor_0,sizeof(xor_0));
88 bcopy((char *)ivec,(char *)&xor_1,sizeof(xor_1));
97 for (i = 0; length > 0; i++, length -= 8) {
100 if ((afs_int32) input & 3) {
101 bcopy((char *)input,(char *)&t_input[0],sizeof(t_input[0]));
102 bcopy((char *)(input+1),(char *)&t_input[1],sizeof(t_input[1]));
108 t_input[1] = *(input+1);
113 for (j = length; j <= 7; j++)
119 des_debug_print("clear",length,t_input[0],t_input[1]);
121 /* do the xor for cbc into the temp */
122 t_input[0] ^= xor_0 ;
123 t_input[1] ^= xor_1 ;
125 (void) des_ecb_encrypt(t_input,t_output,key,encrypt);
128 * We want to XOR with both the plaintext and ciphertext
129 * of the previous block, before we write the output, in
130 * case both input and output are the same space.
133 if ((afs_int32) input & 3) {
134 bcopy((char *)input++,(char *)&xor_0,sizeof(xor_0));
135 xor_0 ^= t_output[0];
136 bcopy((char *)input++,(char *)&xor_1,sizeof(xor_1));
137 xor_1 ^= t_output[1];
142 xor_0 = *input++ ^ t_output[0];
143 xor_1 = *input++ ^ t_output[1];
147 /* copy temp output and save it for cbc */
149 if ((afs_int32) output & 3) {
150 bcopy((char *)&t_output[0],(char *)output++,
151 sizeof(t_output[0]));
152 bcopy((char *)&t_output[1],(char *)output++,
153 sizeof(t_output[1]));
158 *output++ = t_output[0];
159 *output++ = t_output[1];
164 des_debug_print("xor'ed",i,t_input[0],t_input[1]);
165 des_debug_print("cipher",i,t_output[0],t_output[1]);
179 if ((afs_int32) ivec & 3) {
180 bcopy((char *)ivec++,(char *)&xor_0,sizeof(xor_0));
181 bcopy((char *)ivec,(char *)&xor_1,sizeof(xor_1));
190 for (i = 0; length > 0; i++, length -= 8) {
193 if ((afs_int32) input & 3) {
194 bcopy((char *)input++,(char *)&t_input[0],sizeof(t_input[0]));
195 bcopy((char *)input++,(char *)&t_input[1],sizeof(t_input[1]));
200 t_input[0] = *input++;
201 t_input[1] = *input++;
204 /* no padding for decrypt */
207 des_debug_print("cipher",i,t_input[0],t_input[1]);
214 (void) des_ecb_encrypt(t_input,t_output,key,encrypt);
217 des_debug_print("out pre xor",i,t_output[0],t_output[1]);
219 /* do the xor for cbc into the output */
220 t_output[0] ^= xor_0 ;
221 t_output[1] ^= xor_1 ;
222 /* copy temp output */
224 if ((afs_int32) output & 3) {
225 bcopy((char *)&t_output[0],(char *)output++,
226 sizeof(t_output[0]));
227 bcopy((char *)&t_output[1],(char *)output++,
228 sizeof(t_output[1]));
233 *output++ = t_output[0];
234 *output++ = t_output[1];
237 /* save xor value for next round */
238 xor_0 = t_output[0] ^ t_input[0];
239 xor_1 = t_output[1] ^ t_input[1];
243 des_debug_print("clear",i,t_output[0],t_output[1]);