[apple/xnu.git] / bsd / crypto / des / des_locl.h

/*	$FreeBSD: src/sys/crypto/des/des_locl.h,v 1.2.2.3 2002/03/26 10:12:25 ume Exp $	*/
/*	$KAME: des_locl.h,v 1.7 2001/09/10 04:03:58 itojun Exp $	*/

/* crypto/des/des_locl.h */
/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
 *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    This product includes software developed by Eric Young (eay@mincom.oz.au)
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#ifndef HEADER_DES_LOCL_H
#define HEADER_DES_LOCL_H

#include <crypto/des/des.h>

#undef DES_PTR

#ifdef __STDC__
#undef NOPROTO
#endif

#define ITERATIONS 16
#define HALF_ITERATIONS 8

/* used in des_read and des_write */
#define MAXWRITE	(1024*16)
#define BSIZE		(MAXWRITE+4)

#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
			 l|=((DES_LONG)(*((c)++)))<< 8L, \
			 l|=((DES_LONG)(*((c)++)))<<16L, \
			 l|=((DES_LONG)(*((c)++)))<<24L)

/* NOTE - c is not incremented as per c2l */
#define c2ln(c,l1,l2,n)	{ \
			c+=n; \
			l1=l2=0; \
			switch (n) { \
			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
			case 5: l2|=((DES_LONG)(*(--(c))));     \
			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
			case 1: l1|=((DES_LONG)(*(--(c))));     \
				} \
			}

#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))

/* replacements for htonl and ntohl since I have no idea what to do
 * when faced with machines with 8 byte longs. */
#define HDRSIZE 4

#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
			 l|=((DES_LONG)(*((c)++)))<<16L, \
			 l|=((DES_LONG)(*((c)++)))<< 8L, \
			 l|=((DES_LONG)(*((c)++))))

#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
			 *((c)++)=(unsigned char)(((l)     )&0xff))

/* NOTE - c is not incremented as per l2c */
#define l2cn(l1,l2,c,n)	{ \
			c+=n; \
			switch (n) { \
			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
				} \
			}

#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))

#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
	u=R^s[S  ]; \
	t=R^s[S+1]

/* The changes to this macro may help or hinder, depending on the
 * compiler and the achitecture.  gcc2 always seems to do well :-).
 * Inspired by Dana How <how@isl.stanford.edu>
 * DO NOT use the alternative version on machines with 8 byte longs.
 * It does not seem to work on the Alpha, even when DES_LONG is 4
 * bytes, probably an issue of accessing non-word aligned objects :-( */
#ifdef DES_PTR

/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
 * is no reason to not xor all the sub items together.  This potentially
 * saves a register since things can be xored directly into L */

#if defined(DES_RISC1) || defined(DES_RISC2)
#ifdef DES_RISC1
#define D_ENCRYPT(LL,R,S) { \
        unsigned int u1,u2,u3; \
        LOAD_DATA(R,S,u,t,E0,E1,u1); \
        u2=(int)u>>8L; \
        u1=(int)u&0xfc; \
        u2&=0xfc; \
        t=ROTATE(t,4); \
        u>>=16L; \
        LL^= *(const DES_LONG *)(des_SP      +u1); \
        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
        u3=(int)(u>>8L); \
        u1=(int)u&0xfc; \
        u3&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
        LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
        u2=(int)t>>8L; \
        u1=(int)t&0xfc; \
        u2&=0xfc; \
        t>>=16L; \
        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
        u3=(int)t>>8L; \
        u1=(int)t&0xfc; \
        u3&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
        LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
#endif /* DES_RISC1 */
#ifdef DES_RISC2
#define D_ENCRYPT(LL,R,S) { \
        unsigned int u1,u2,s1,s2; \
        LOAD_DATA(R,S,u,t,E0,E1,u1); \
        u2=(int)u>>8L; \
        u1=(int)u&0xfc; \
        u2&=0xfc; \
        t=ROTATE(t,4); \
        LL^= *(const DES_LONG *)(des_SP      +u1); \
        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
        s1=(int)(u>>16L); \
        s2=(int)(u>>24L); \
        s1&=0xfc; \
        s2&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
        LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
        u2=(int)t>>8L; \
        u1=(int)t&0xfc; \
        u2&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
        s1=(int)(t>>16L); \
        s2=(int)(t>>24L); \
        s1&=0xfc; \
        s2&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
        LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
        u2=(int)t>>8L; \
        u1=(int)t&0xfc; \
        u2&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
        s1=(int)(t>>16L); \
        s2=(int)(t>>24L); \
        s1&=0xfc; \
        s2&=0xfc; \
        LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
        LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
#endif /* DES_RISC2 */
#else  /* DES_RISC1 || DES_RISC2 */
#define D_ENCRYPT(LL,R,S) { \
	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
	t=ROTATE(t,4); \
	LL^= \
	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
#endif /* DES_RISC1 || DES_RISC2 */
#else /* original version */

#if defined(DES_RISC1) || defined(DES_RISC2)
#ifdef DES_RISC1
#define D_ENCRYPT(LL,R,S) {\
	unsigned int u1,u2,u3; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u>>=2L; \
	t=ROTATE(t,6); \
	u2=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u2&=0x3f; \
	u>>=16L; \
	LL^=des_SPtrans[0][u1]; \
	LL^=des_SPtrans[2][u2]; \
	u3=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u3&=0x3f; \
	LL^=des_SPtrans[4][u1]; \
	LL^=des_SPtrans[6][u3]; \
	u2=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u2&=0x3f; \
	t>>=16L; \
	LL^=des_SPtrans[1][u1]; \
	LL^=des_SPtrans[3][u2]; \
	u3=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u3&=0x3f; \
	LL^=des_SPtrans[5][u1]; \
	LL^=des_SPtrans[7][u3]; }
#endif /* DES_RISC1 */
#ifdef DES_RISC2
#define D_ENCRYPT(LL,R,S) {\
	unsigned int u1,u2,s1,s2; \
	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	u>>=2L; \
	t=ROTATE(t,6); \
	u2=(int)u>>8L; \
	u1=(int)u&0x3f; \
	u2&=0x3f; \
	LL^=des_SPtrans[0][u1]; \
	LL^=des_SPtrans[2][u2]; \
	s1=(int)u>>16L; \
	s2=(int)u>>24L; \
	s1&=0x3f; \
	s2&=0x3f; \
	LL^=des_SPtrans[4][s1]; \
	LL^=des_SPtrans[6][s2]; \
	u2=(int)t>>8L; \
	u1=(int)t&0x3f; \
	u2&=0x3f; \
	LL^=des_SPtrans[1][u1]; \
	LL^=des_SPtrans[3][u2]; \
	s1=(int)t>>16; \
	s2=(int)t>>24L; \
	s1&=0x3f; \
	s2&=0x3f; \
	LL^=des_SPtrans[5][s1]; \
	LL^=des_SPtrans[7][s2]; }
#endif /* DES_RISC2 */

#else /* DES_RISC1 || DES_RISC2 */

#define D_ENCRYPT(LL,R,S) {\
	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
	t=ROTATE(t,4); \
	LL^=\
        	des_SPtrans[0][(u>> 2L)&0x3f]^ \
        	des_SPtrans[2][(u>>10L)&0x3f]^ \
        	des_SPtrans[4][(u>>18L)&0x3f]^ \
        	des_SPtrans[6][(u>>26L)&0x3f]^ \
        	des_SPtrans[1][(t>> 2L)&0x3f]^ \
        	des_SPtrans[3][(t>>10L)&0x3f]^ \
        	des_SPtrans[5][(t>>18L)&0x3f]^ \
        	des_SPtrans[7][(t>>26L)&0x3f]; }
#endif /* DES_RISC1 || DES_RISC2 */
#endif /* DES_PTR */

	/* IP and FP
	 * The problem is more of a geometric problem that random bit fiddling.
	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0

	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1

	The output has been subject to swaps of the form
	0 1 -> 3 1 but the odd and even bits have been put into
	2 3    2 0
	different words.  The main trick is to remember that
	t=((l>>size)^r)&(mask);
	r^=t;
	l^=(t<<size);
	can be used to swap and move bits between words.

	So l =  0  1  2  3  r = 16 17 18 19
	        4  5  6  7      20 21 22 23
	        8  9 10 11      24 25 26 27
	       12 13 14 15      28 29 30 31
	becomes (for size == 2 and mask == 0x3333)
	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
		10^24 11^25 -- --        8  9 24 25      10 11 24 25
		14^28 15^29 -- --       12 13 28 29      14 15 28 29

	Thanks for hints from Richard Outerbridge - he told me IP&FP
	could be done in 15 xor, 10 shifts and 5 ands.
	When I finally started to think of the problem in 2D
	I first got ~42 operations without xors.  When I remembered
	how to use xors :-) I got it to its final state.
	*/
#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
	(b)^=(t),\
	(a)^=((t)<<(n)))

#define IP(l,r) \
	{ \
	register DES_LONG tt; \
	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
	PERM_OP(l,r,tt,16,0x0000ffffL); \
	PERM_OP(r,l,tt, 2,0x33333333L); \
	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
	PERM_OP(r,l,tt, 1,0x55555555L); \
	}

#define FP(l,r) \
	{ \
	register DES_LONG tt; \
	PERM_OP(l,r,tt, 1,0x55555555L); \
	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
	PERM_OP(l,r,tt, 2,0x33333333L); \
	PERM_OP(r,l,tt,16,0x0000ffffL); \
	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
	}
#endif
Commit	Line	Data
55e303ae A	1	/* $FreeBSD: src/sys/crypto/des/des_locl.h,v 1.2.2.3 2002/03/26 10:12:25 ume Exp $ */
55e303ae A	2	/* $KAME: des_locl.h,v 1.7 2001/09/10 04:03:58 itojun Exp $ */
9bccf70c	3
55e303ae A	4	/* crypto/des/des_locl.h */
55e303ae A	5	/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
1c79356b A	6	* All rights reserved.
	7	*
	8	* This file is part of an SSL implementation written
	9	* by Eric Young (eay@mincom.oz.au).
	10	* The implementation was written so as to conform with Netscapes SSL
	11	* specification. This library and applications are
	12	* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
	13	* as long as the following conditions are aheared to.
	14	*
	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed. If this code is used in a product,
	17	* Eric Young should be given attribution as the author of the parts used.
	18	* This can be in the form of a textual message at program startup or
	19	* in documentation (online or textual) provided with the package.
	20	*
	21	* Redistribution and use in source and binary forms, with or without
	22	* modification, are permitted provided that the following conditions
	23	* are met:
	24	* 1. Redistributions of source code must retain the copyright
	25	* notice, this list of conditions and the following disclaimer.
	26	* 2. Redistributions in binary form must reproduce the above copyright
	27	* notice, this list of conditions and the following disclaimer in the
	28	* documentation and/or other materials provided with the distribution.
	29	* 3. All advertising materials mentioning features or use of this software
	30	* must display the following acknowledgement:
	31	* This product includes software developed by Eric Young (eay@mincom.oz.au)
	32	*
	33	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	34	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	35	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	36	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	37	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	38	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	39	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	40	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	41	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	42	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	43	* SUCH DAMAGE.
	44	*
	45	* The licence and distribution terms for any publically available version or
	46	* derivative of this code cannot be changed. i.e. this code cannot simply be
	47	* copied and put under another distribution licence
	48	* [including the GNU Public Licence.]
	49	*/
1c79356b	50
1c79356b A	51	#ifndef HEADER_DES_LOCL_H
	52	#define HEADER_DES_LOCL_H
	53
1c79356b A	54	#include <crypto/des/des.h>
1c79356b A	55
1c79356b	56	#undef DES_PTR
1c79356b A	57
	58	#ifdef __STDC__
	59	#undef NOPROTO
	60	#endif
	61
1c79356b A	62	#define ITERATIONS 16
	63	#define HALF_ITERATIONS 8
	64
	65	/* used in des_read and des_write */
	66	#define MAXWRITE (1024*16)
	67	#define BSIZE (MAXWRITE+4)
	68
	69	#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
	70	l\|=((DES_LONG)(*((c)++)))<< 8L, \
	71	l\|=((DES_LONG)(*((c)++)))<<16L, \
	72	l\|=((DES_LONG)(*((c)++)))<<24L)
	73
	74	/* NOTE - c is not incremented as per c2l */
	75	#define c2ln(c,l1,l2,n) { \
	76	c+=n; \
	77	l1=l2=0; \
	78	switch (n) { \
	79	case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
	80	case 7: l2\|=((DES_LONG)(*(--(c))))<<16L; \
	81	case 6: l2\|=((DES_LONG)(*(--(c))))<< 8L; \
	82	case 5: l2\|=((DES_LONG)(*(--(c)))); \
	83	case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
	84	case 3: l1\|=((DES_LONG)(*(--(c))))<<16L; \
	85	case 2: l1\|=((DES_LONG)(*(--(c))))<< 8L; \
	86	case 1: l1\|=((DES_LONG)(*(--(c)))); \
	87	} \
	88	}
	89
	90	#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
	91	*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
	92	*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
	93	*((c)++)=(unsigned char)(((l)>>24L)&0xff))
	94
	95	/* replacements for htonl and ntohl since I have no idea what to do
	96	* when faced with machines with 8 byte longs. */
	97	#define HDRSIZE 4
	98
	99	#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
	100	l\|=((DES_LONG)(*((c)++)))<<16L, \
	101	l\|=((DES_LONG)(*((c)++)))<< 8L, \
	102	l\|=((DES_LONG)(*((c)++))))
	103
	104	#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
	105	*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
	106	*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
	107	*((c)++)=(unsigned char)(((l) )&0xff))
	108
	109	/* NOTE - c is not incremented as per l2c */
	110	#define l2cn(l1,l2,c,n) { \
	111	c+=n; \
	112	switch (n) { \
	113	case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
	114	case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
	115	case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
	116	case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
	117	case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
	118	case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
	119	case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
	120	case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
	121	} \
	122	}
	123
1c79356b	124	#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
1c79356b	125
55e303ae A	126	#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
	127	#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
	128	u=R^s[S ]; \
	129	t=R^s[S+1]
	130
1c79356b A	131	/* The changes to this macro may help or hinder, depending on the
	132	* compiler and the achitecture. gcc2 always seems to do well :-).
	133	* Inspired by Dana How <how@isl.stanford.edu>
	134	* DO NOT use the alternative version on machines with 8 byte longs.
	135	* It does not seem to work on the Alpha, even when DES_LONG is 4
	136	* bytes, probably an issue of accessing non-word aligned objects :-( */
	137	#ifdef DES_PTR
	138
55e303ae A	139	/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
	140	* is no reason to not xor all the sub items together. This potentially
	141	* saves a register since things can be xored directly into L */
	142
	143	#if defined(DES_RISC1) \|\| defined(DES_RISC2)
	144	#ifdef DES_RISC1
	145	#define D_ENCRYPT(LL,R,S) { \
	146	unsigned int u1,u2,u3; \
	147	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	148	u2=(int)u>>8L; \
	149	u1=(int)u&0xfc; \
	150	u2&=0xfc; \
	151	t=ROTATE(t,4); \
	152	u>>=16L; \
	153	LL^= (const DES_LONG )(des_SP +u1); \
	154	LL^= (const DES_LONG )(des_SP+0x200+u2); \
	155	u3=(int)(u>>8L); \
	156	u1=(int)u&0xfc; \
	157	u3&=0xfc; \
	158	LL^= (const DES_LONG )(des_SP+0x400+u1); \
	159	LL^= (const DES_LONG )(des_SP+0x600+u3); \
	160	u2=(int)t>>8L; \
	161	u1=(int)t&0xfc; \
	162	u2&=0xfc; \
	163	t>>=16L; \
	164	LL^= (const DES_LONG )(des_SP+0x100+u1); \
	165	LL^= (const DES_LONG )(des_SP+0x300+u2); \
	166	u3=(int)t>>8L; \
	167	u1=(int)t&0xfc; \
	168	u3&=0xfc; \
	169	LL^= (const DES_LONG )(des_SP+0x500+u1); \
	170	LL^= (const DES_LONG )(des_SP+0x700+u3); }
	171	#endif /* DES_RISC1 */
	172	#ifdef DES_RISC2
	173	#define D_ENCRYPT(LL,R,S) { \
	174	unsigned int u1,u2,s1,s2; \
	175	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	176	u2=(int)u>>8L; \
	177	u1=(int)u&0xfc; \
	178	u2&=0xfc; \
	179	t=ROTATE(t,4); \
	180	LL^= (const DES_LONG )(des_SP +u1); \
	181	LL^= (const DES_LONG )(des_SP+0x200+u2); \
	182	s1=(int)(u>>16L); \
	183	s2=(int)(u>>24L); \
	184	s1&=0xfc; \
	185	s2&=0xfc; \
	186	LL^= (const DES_LONG )(des_SP+0x400+s1); \
	187	LL^= (const DES_LONG )(des_SP+0x600+s2); \
	188	u2=(int)t>>8L; \
	189	u1=(int)t&0xfc; \
	190	u2&=0xfc; \
	191	LL^= (const DES_LONG )(des_SP+0x100+u1); \
	192	LL^= (const DES_LONG )(des_SP+0x300+u2); \
	193	s1=(int)(t>>16L); \
	194	s2=(int)(t>>24L); \
	195	s1&=0xfc; \
	196	s2&=0xfc; \
	197	LL^= (const DES_LONG )(des_SP+0x400+s1); \
	198	LL^= (const DES_LONG )(des_SP+0x600+s2); \
	199	u2=(int)t>>8L; \
	200	u1=(int)t&0xfc; \
	201	u2&=0xfc; \
	202	LL^= (const DES_LONG )(des_SP+0x100+u1); \
203	LL^= (const DES_LONG )(des_SP+0x300+u2); \
204	s1=(int)(t>>16L); \
205	s2=(int)(t>>24L); \
206	s1&=0xfc; \
207	s2&=0xfc; \
208	LL^= (const DES_LONG )(des_SP+0x500+s1); \
209	LL^= (const DES_LONG )(des_SP+0x700+s2); }
210	#endif /* DES_RISC2 */
211	#else /* DES_RISC1 \|\| DES_RISC2 */
212	#define D_ENCRYPT(LL,R,S) { \
213	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
214	t=ROTATE(t,4); \
215	LL^= \
216	(const DES_LONG )(des_SP +((u )&0xfc))^ \
217	(const DES_LONG )(des_SP+0x200+((u>> 8L)&0xfc))^ \
218	(const DES_LONG )(des_SP+0x400+((u>>16L)&0xfc))^ \
219	(const DES_LONG )(des_SP+0x600+((u>>24L)&0xfc))^ \
220	(const DES_LONG )(des_SP+0x100+((t )&0xfc))^ \
221	(const DES_LONG )(des_SP+0x300+((t>> 8L)&0xfc))^ \
222	(const DES_LONG )(des_SP+0x500+((t>>16L)&0xfc))^ \
223	(const DES_LONG )(des_SP+0x700+((t>>24L)&0xfc)); }
224	#endif /* DES_RISC1 \|\| DES_RISC2 */
1c79356b	225	#else /* original version */
55e303ae A	226
	227	#if defined(DES_RISC1) \|\| defined(DES_RISC2)
	228	#ifdef DES_RISC1
	229	#define D_ENCRYPT(LL,R,S) {\
	230	unsigned int u1,u2,u3; \
	231	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	232	u>>=2L; \
	233	t=ROTATE(t,6); \
	234	u2=(int)u>>8L; \
	235	u1=(int)u&0x3f; \
	236	u2&=0x3f; \
	237	u>>=16L; \
	238	LL^=des_SPtrans[0][u1]; \
	239	LL^=des_SPtrans[2][u2]; \
	240	u3=(int)u>>8L; \
	241	u1=(int)u&0x3f; \
	242	u3&=0x3f; \
	243	LL^=des_SPtrans[4][u1]; \
	244	LL^=des_SPtrans[6][u3]; \
	245	u2=(int)t>>8L; \
	246	u1=(int)t&0x3f; \
	247	u2&=0x3f; \
	248	t>>=16L; \
	249	LL^=des_SPtrans[1][u1]; \
	250	LL^=des_SPtrans[3][u2]; \
	251	u3=(int)t>>8L; \
	252	u1=(int)t&0x3f; \
	253	u3&=0x3f; \
	254	LL^=des_SPtrans[5][u1]; \
	255	LL^=des_SPtrans[7][u3]; }
	256	#endif /* DES_RISC1 */
	257	#ifdef DES_RISC2
	258	#define D_ENCRYPT(LL,R,S) {\
	259	unsigned int u1,u2,s1,s2; \
	260	LOAD_DATA(R,S,u,t,E0,E1,u1); \
	261	u>>=2L; \
	262	t=ROTATE(t,6); \
	263	u2=(int)u>>8L; \
	264	u1=(int)u&0x3f; \
	265	u2&=0x3f; \
	266	LL^=des_SPtrans[0][u1]; \
	267	LL^=des_SPtrans[2][u2]; \
	268	s1=(int)u>>16L; \
	269	s2=(int)u>>24L; \
	270	s1&=0x3f; \
	271	s2&=0x3f; \
	272	LL^=des_SPtrans[4][s1]; \
	273	LL^=des_SPtrans[6][s2]; \
	274	u2=(int)t>>8L; \
	275	u1=(int)t&0x3f; \
	276	u2&=0x3f; \
	277	LL^=des_SPtrans[1][u1]; \
	278	LL^=des_SPtrans[3][u2]; \
	279	s1=(int)t>>16; \
	280	s2=(int)t>>24L; \
	281	s1&=0x3f; \
	282	s2&=0x3f; \
	283	LL^=des_SPtrans[5][s1]; \
	284	LL^=des_SPtrans[7][s2]; }
	285	#endif /* DES_RISC2 */
	286
	287	#else /* DES_RISC1 \|\| DES_RISC2 */
	288
	289	#define D_ENCRYPT(LL,R,S) {\
290	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
1c79356b	291	t=ROTATE(t,4); \
55e303ae A	292	LL^=\
	293	des_SPtrans[0][(u>> 2L)&0x3f]^ \
	294	des_SPtrans[2][(u>>10L)&0x3f]^ \
	295	des_SPtrans[4][(u>>18L)&0x3f]^ \
	296	des_SPtrans[6][(u>>26L)&0x3f]^ \
	297	des_SPtrans[1][(t>> 2L)&0x3f]^ \
	298	des_SPtrans[3][(t>>10L)&0x3f]^ \
	299	des_SPtrans[5][(t>>18L)&0x3f]^ \
	300	des_SPtrans[7][(t>>26L)&0x3f]; }
	301	#endif /* DES_RISC1 \|\| DES_RISC2 */
	302	#endif /* DES_PTR */
1c79356b A	303
	304	/* IP and FP
	305	* The problem is more of a geometric problem that random bit fiddling.
	306	0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
	307	8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
	308	16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
	309	24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
	310
	311	32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
	312	40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
	313	48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
	314	56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
	315
	316	The output has been subject to swaps of the form
	317	0 1 -> 3 1 but the odd and even bits have been put into
	318	2 3 2 0
	319	different words. The main trick is to remember that
	320	t=((l>>size)^r)&(mask);
	321	r^=t;
	322	l^=(t<<size);
	323	can be used to swap and move bits between words.
	324
	325	So l = 0 1 2 3 r = 16 17 18 19
	326	4 5 6 7 20 21 22 23
	327	8 9 10 11 24 25 26 27
	328	12 13 14 15 28 29 30 31
	329	becomes (for size == 2 and mask == 0x3333)
	330	t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
	331	6^20 7^21 -- -- 4 5 20 21 6 7 22 23
	332	10^24 11^25 -- -- 8 9 24 25 10 11 24 25
	333	14^28 15^29 -- -- 12 13 28 29 14 15 28 29
	334
	335	Thanks for hints from Richard Outerbridge - he told me IP&FP
	336	could be done in 15 xor, 10 shifts and 5 ands.
	337	When I finally started to think of the problem in 2D
	338	I first got ~42 operations without xors. When I remembered
	339	how to use xors :-) I got it to its final state.
	340	*/
	341	#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
	342	(b)^=(t),\
	343	(a)^=((t)<<(n)))
	344
	345	#define IP(l,r) \
	346	{ \
	347	register DES_LONG tt; \
	348	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
	349	PERM_OP(l,r,tt,16,0x0000ffffL); \
	350	PERM_OP(r,l,tt, 2,0x33333333L); \
	351	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
	352	PERM_OP(r,l,tt, 1,0x55555555L); \
	353	}
	354
	355	#define FP(l,r) \
	356	{ \
	357	register DES_LONG tt; \
	358	PERM_OP(l,r,tt, 1,0x55555555L); \
	359	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
	360	PERM_OP(l,r,tt, 2,0x33333333L); \
	361	PERM_OP(r,l,tt,16,0x0000ffffL); \
	362	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
	363	}
	364	#endif