diff --git a/.gitattributes b/.gitattributes
index cfdec4acecc6afa5e40e9a3b34d8bfe8b175a99c..c9f2feb1bfe85c5f87f73a111b3eaf1a8892a663 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,6 @@
[attr]binary -text -crlf -diff -ident
* text ident
+*.gz binary
testfont binary
# Handling of foreign (ie CVS) identifiers.
@@ -27,6 +28,16 @@ testfont binary
/src/modules/_Crypto/idea.c foreign_ident
/src/modules/_Crypto/idea.pike foreign_ident
/src/modules/_Crypto/invert.c foreign_ident
+/src/modules/_Crypto/lib/descore/Makefile foreign_ident
+/src/modules/_Crypto/lib/descore/README foreign_ident
+/src/modules/_Crypto/lib/descore/desCode.h foreign_ident
+/src/modules/_Crypto/lib/descore/desCore.h foreign_ident
+/src/modules/_Crypto/lib/descore/desKerb.c foreign_ident
+/src/modules/_Crypto/lib/descore/desQuick.c foreign_ident
+/src/modules/_Crypto/lib/descore/desTest.c foreign_ident
+/src/modules/_Crypto/lib/descore/desUtil.c foreign_ident
+/src/modules/_Crypto/lib/descore/desdata.c foreign_ident
+/src/modules/_Crypto/lib/descore/desinfo.h foreign_ident
/src/modules/_Crypto/md2.c foreign_ident
/src/modules/_Crypto/md5.c foreign_ident
/src/modules/_Crypto/md5.pike foreign_ident
diff --git a/src/modules/_Crypto/Makefile b/src/modules/_Crypto/Makefile
index 120934db01092de51908e44b806ecd7af4dbe363..df444b0d60d145a0a6b125419b8aea3e732f870a 100644
--- a/src/modules/_Crypto/Makefile
+++ b/src/modules/_Crypto/Makefile
@@ -19,21 +19,21 @@ CPPFLAGS=
# The flags to generate a shared library
CFLAGS=-Wall -O -shared -fpic $(IFLAGS) $(CPPFLAGS) -pedantic -Wall
-LDFLAGS=-shared -fpic -Llib -R$(SSLROOT)/lib -L$(SSLROOT)/lib
-LOADLIBES=-lcrypto -lssl
+LDFLAGS=-shared -fpic -Llib # -R$(SSLROOT)/lib -L$(SSLROOT)/lib
+#LOADLIBES=-lcrypto -lssl
OBJS=crypto.o md5.o md2.o idea.o des.o invert.o cbc.o pipe.o sha.o
# The actual rules
crypto.so: $(OBJS) lib/libib.a
- $(CC) $(LDFLAGS) $(OBJS) -Llib -lib -o crypto.so
+ $(CC) $(LDFLAGS) $(OBJS) -lib -o crypto.so
idea.so: idea.o lib/libib.a
- $(CC) $(LDFLAGS) idea.o -Llib -lib -o idea.so
+ $(CC) $(LDFLAGS) idea.o -lib -o idea.so
sha.so: sha.o lib/libib.a
- $(CC) $(LDFLAGS) sha.o -Llib -lib -o sha.so
+ $(CC) $(LDFLAGS) sha.o -lib -o sha.so
lib/libib.a:
cd lib; $(MAKE) libib.a
diff --git a/src/modules/_Crypto/lib/descore/Makefile b/src/modules/_Crypto/lib/descore/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..4a93c237c565a87fab4e3a4788c63da78e2b1482
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/Makefile
@@ -0,0 +1,146 @@
+#
+# des - fast & portable DES encryption & decryption.
+# Copyright (C) 1992 Dana L. How
+# Please see the file `README' for the complete copyright notice.
+#
+
+# $Id: Makefile,v 1.1 1997/01/10 02:51:59 nisse Exp $
+
+CFLAGS= -g # debug
+CFLAGS= -O4 # max opt
+CFLAGS= -O4
+CPPFLAGS= -Dsparc # use 6+8 general regs
+CPPFLAGS= -Dmc68000 # use 3+4 addr (1+4 live), and 3+3 data regs
+CPPFLAGS= -Dvax # use 6+0 general regs
+CPPFLAGS= -Di386 # use 3+0 regs, and 3+0 normal variables
+CPPFLAGS= -Dsparc
+LDFLAGS=
+CC= gcc
+CPP= $(CC) -E $(CPPFLAGS)
+CODEGEN.c= $(CC) $(CFLAGS) $(CPPFLAGS) -S
+COMPILE.c= $(CC) $(CFLAGS) $(CPPFLAGS) -c
+LINK.c= $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)
+
+# hand-entered files that go into the library
+SC= desKerb.c desUtil.c desQuick.c
+SO= desKerb.o desUtil.o desQuick.o
+
+# special generated files
+GH= parity.h rotors.h keymap.h
+GC= desSmallFips.c desSmallCore.c desQuickFips.c desQuickCore.c
+GI= desSmallFips.i desSmallCore.i desQuickFips.i desQuickCore.i
+GO= desSmallFips.o desSmallCore.o desQuickFips.o desQuickCore.o
+
+# what to distribute
+RCS= Makefile README \
+ desCore.h desinfo.h desCode.h \
+ desTest.c $(SC) desdata.c
+FILES= $(RCS)
+
+O= $(SO) $(GO)
+
+# prefer compilation from .i if .i exists
+.SUFFIXES:
+.SUFFIXES: .i .o .c $(SUFFIXES)
+
+.PRECIOUS: $(RCS) test
+
+test: desCore.a desTest.o
+ $(LINK.c) -o $@ desTest.o desCore.a
+ ./test
+
+# get stuff from RCS
+$(RCS):
+ co $@
+
+# test all performance enhancement flags
+sure:
+ rm *.i; make 'CPPFLAGS=-Di386 -Umc68000 -Usparc'
+ rm *.i; make 'CPPFLAGS=-Dvax -Umc68000 -Usparc'
+ rm *.i; make 'CPPFLAGS=-Dmc68000 -Usparc'
+ rm *.i; make 'CPPFLAGS=-Dsparc -Umc68000'
+
+desCore.a: $O
+ ar cru $@ $O
+ ranlib $@
+
+desdata.o: desinfo.h desCore.h
+desUtil.o: $(GH)
+$(SO): desCore.h
+$(GI): desCode.h desCore.h Makefile
+desTest.o: desCore.h
+
+$(GH): desdata
+ ./desdata $@ > $@
+
+desdata: desdata.o
+ $(LINK.c) -o $@ desdata.o
+
+tar: $(FILES)
+ tar cf des.tar $(FILES)
+
+shar: $(FILES)
+ makekit -ndes.shar -s53k '-tnow run make' $(FILES)
+
+lint: desTest.c $(SC) $(GC)
+ lint $(CPPFLAGS) \
+ desTest.c $(SC) $(GC) | \
+ sed '/possible pointer alignment problem/d'
+
+warn: desTest.c $(SC) $(GC)
+ gcc2 -Wall -ansi -pedantic $(CPPFLAGS) -O2 \
+ desTest.c $(SC) $(GC)
+
+# new rules (note: tr|sed|tr is NOT necessary, just there so .i is readable)
+.c.i:
+ $(CPP) $< > $*.x
+ @tr ';'\\012 \\012';' < $*.x | \
+ sed -e 's/[ ][ ]*/ /g' \
+ -e 's/^ //' \
+ -e 's/ $$//' \
+ -e '/^$$/d' \
+ -e '/^[^;]/s/^/;/' \
+ -e 's/#[^;]*;//g' \
+ -e 's/\([){]\) *\(register\)/\1;\2/g' \
+ -e 's/\([[(]\) /\1/g' \
+ -e 's/ \([])]\)/\1/g' \
+ -e 's/\([^]+0123 ]\) =/\1 =/g' \
+ -e 's/}/};;/g' \
+ -e 's/ *; */;/g' \
+ -e 's/;;;*/;;/g' \
+ -e '1s/^;*//' | \
+ tr ';'\\012 \\012';' > $@
+ @echo "" >> $@
+# @echo "}" >> $@ # last definition must be a procedure
+
+# -e 's/\(;[kmxyz][0-9]*\)\([^;]*=\)/\1 \2/g'
+
+.i.o:
+ $(CODEGEN.c) $<
+ $(COMPILE.c) $*.s
+
+# slowest to quickest
+desSmallFips.c:
+ @echo '#include "desCode.h"' > $@
+ @echo \
+'ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL,LOADFIPS,KEYMAPSMALL,SAVEFIPS)' >> $@
+ @echo \
+'DECRYPT(DesSmallFipsDecrypt,TEMPSMALL,LOADFIPS,KEYMAPSMALL,SAVEFIPS)' >> $@
+desSmallCore.c:
+ @echo '#include "desCode.h"' > $@
+ @echo \
+'ENCRYPT(DesSmallCoreEncrypt,TEMPSMALL,LOADCORE,KEYMAPSMALL,SAVECORE)' >> $@
+ @echo \
+'DECRYPT(DesSmallCoreDecrypt,TEMPSMALL,LOADCORE,KEYMAPSMALL,SAVECORE)' >> $@
+desQuickFips.c:
+ @echo '#include "desCode.h"' > $@
+ @echo \
+'ENCRYPT(DesQuickFipsEncrypt,TEMPQUICK,LOADFIPS,KEYMAPQUICK,SAVEFIPS)' >> $@
+ @echo \
+'DECRYPT(DesQuickFipsDecrypt,TEMPQUICK,LOADFIPS,KEYMAPQUICK,SAVEFIPS)' >> $@
+desQuickCore.c:
+ @echo '#include "desCode.h"' > $@
+ @echo \
+'ENCRYPT(DesQuickCoreEncrypt,TEMPQUICK,LOADCORE,KEYMAPQUICK,SAVECORE)' >> $@
+ @echo \
+'DECRYPT(DesQuickCoreDecrypt,TEMPQUICK,LOADCORE,KEYMAPQUICK,SAVECORE)' >> $@
diff --git a/src/modules/_Crypto/lib/descore/README b/src/modules/_Crypto/lib/descore/README
new file mode 100644
index 0000000000000000000000000000000000000000..a1d7aeb66b26878239aa34eccc52fc6ab74beb9c
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/README
@@ -0,0 +1,313 @@
+des - fast & portable DES encryption & decryption.
+Copyright (C) 1992 Dana L. How
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU Library General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Library General Public License for more details.
+
+You should have received a copy of the GNU Library General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Author's address: how@isl.stanford.edu
+
+$Id: README,v 1.1 1997/01/10 02:52:13 nisse Exp $
+
+
+==>> To compile after untarring/unsharring, just `make' <<==
+
+
+This package was designed with the following goals:
+1. Highest possible encryption/decryption PERFORMANCE.
+2. PORTABILITY to any byte-addressable machine with a 32bit unsigned C type
+3. Plug-compatible replacement for KERBEROS's low-level routines.
+
+
+performance comparison to other available des code which i could
+compile on a SPARCStation 1 (cc -O4):
+
+this code (byte-order independent):
+ 30us per encryption (options: 64k tables, no IP/FP)
+ 33us per encryption (options: 64k tables, FIPS standard bit ordering)
+ 45us per encryption (options: 2k tables, no IP/FP)
+ 49us per encryption (options: 2k tables, FIPS standard bit ordering)
+ 275us to set a new key (uses 1k of key tables)
+ this has the quickest encryption/decryption routines i've seen.
+ since i was interested in fast des filters rather than crypt(3)
+ and password cracking, i haven't really bothered yet to speed up
+ the key setting routine. also, i have no interest in re-implementing
+ all the other junk in the mit kerberos des library, so i've just
+ provided my routines with little stub interfaces so they can be
+ used as drop-in replacements with mit's code or any of the mit-
+ compatible packages below. (note that the first two timings above
+ are highly variable because of cache effects).
+
+kerberos des replacement from australia:
+ 68us per encryption (uses 2k of tables)
+ 96us to set a new key (uses 2.25k of key tables)
+ this is a very nice package which implements the most important
+ of the optimizations which i did in my encryption routines.
+ it's a bit weak on common low-level optimizations which is why
+ it's 39%-106% slower. because he was interested in fast crypt(3) and
+ password-cracking applications, he also used the same ideas to
+ speed up the key-setting routines with impressive results.
+ (at some point i may do the same in my package). he also implements
+ the rest of the mit des library.
+ (code from eay@psych.psy.uq.oz.au via comp.sources.misc)
+
+fast crypt(3) package from denmark:
+ the des routine here is buried inside a loop to do the
+ crypt function and i didn't feel like ripping it out and measuring
+ performance. his code takes 26 sparc instructions to compute one
+ des iteration; above, Quick (64k) takes 21 and Small (2k) takes 37.
+ he claims to use 280k of tables but the iteration calculation seems
+ to use only 128k. his tables and code are machine independent.
+ (code from glad@daimi.aau.dk via alt.sources or comp.sources.misc)
+
+swedish reimplementation of Kerberos des library
+ 108us per encryption (uses 34k worth of tables)
+ 134us to set a new key (uses 32k of key tables to get this speed!)
+ the tables used seem to be machine-independent;
+ he seems to have included a lot of special case code
+ so that, e.g., `long' loads can be used instead of 4 `char' loads
+ when the machine's architecture allows it.
+ (code obtained from chalmers.se:pub/des)
+
+crack 3.3c package from england:
+ as in crypt above, the des routine is buried in a loop. it's
+ also very modified for crypt. his iteration code uses 16k
+ of tables and appears to be slow.
+ (code obtained from aem@aber.ac.uk via alt.sources or comp.sources.misc)
+
+``highly optimized'' and tweaked Kerberos/Athena code (byte-order dependent):
+ 165us per encryption (uses 6k worth of tables)
+ 478us to set a new key (uses <1k of key tables)
+ so despite the comments in this code, it was possible to get
+ faster code AND smaller tables, as well as making the tables
+ machine-independent.
+ (code obtained from prep.ai.mit.edu)
+
+UC Berkeley code (depends on machine-endedness):
+ 226us per encryption
+10848us to set a new key
+ table sizes are unclear, but they don't look very small
+ (code obtained from wuarchive.wustl.edu)
+
+
+motivation and history
+
+a while ago i wanted some des routines and the routines documented on sun's
+man pages either didn't exist or dumped core. i had heard of kerberos,
+and knew that it used des, so i figured i'd use its routines. but once
+i got it and looked at the code, it really set off a lot of pet peeves -
+it was too convoluted, the code had been written without taking
+advantage of the regular structure of operations such as IP, E, and FP
+(i.e. the author didn't sit down and think before coding),
+it was excessively slow, the author had attempted to clarify the code
+by adding MORE statements to make the data movement more `consistent'
+instead of simplifying his implementation and cutting down on all data
+movement (in particular, his use of L1, R1, L2, R2), and it was full of
+idiotic `tweaks' for particular machines which failed to deliver significant
+speedups but which did obfuscate everything. so i took the test data
+from his verification program and rewrote everything else.
+
+a while later i ran across the great crypt(3) package mentioned above.
+the fact that this guy was computing 2 sboxes per table lookup rather
+than one (and using a MUCH larger table in the process) emboldened me to
+do the same - it was a trivial change from which i had been scared away
+by the larger table size. in his case he didn't realize you don't need to keep
+the working data in TWO forms, one for easy use of half the sboxes in
+indexing, the other for easy use of the other half; instead you can keep
+it in the form for the first half and use a simple rotate to get the other
+half. this means i have (almost) half the data manipulation and half
+the table size. in fairness though he might be encoding something particular
+to crypt(3) in his tables - i didn't check.
+
+i'm glad that i implemented it the way i did, because this C version is
+portable (the ifdef's are performance enhancements) and it is faster
+than versions hand-written in assembly for the sparc!
+
+
+porting notes
+
+one thing i did not want to do was write an enormous mess
+which depended on endedness and other machine quirks,
+and which necessarily produced different code and different lookup tables
+for different machines. see the kerberos code for an example
+of what i didn't want to do; all their endedness-specific `optimizations'
+obfuscate the code and in the end were slower than a simpler machine
+independent approach. however, there are always some portability
+considerations of some kind, and i have included some options
+for varying numbers of register variables.
+perhaps some will still regard the result as a mess!
+
+1) i assume everything is byte addressable, although i don't actually
+ depend on the byte order, and that bytes are 8 bits.
+ i assume word pointers can be freely cast to and from char pointers.
+ note that 99% of C programs make these assumptions.
+ i always use unsigned char's if the high bit could be set.
+2) the typedef `word' means a 32 bit unsigned integral type.
+ if `unsigned long' is not 32 bits, change the typedef in desCore.h.
+ i assume sizeof(word) == 4 EVERYWHERE.
+
+the (worst-case) cost of my NOT doing endedness-specific optimizations
+in the data loading and storing code surrounding the key iterations
+is less than 12%. also, there is the added benefit that
+the input and output work areas do not need to be word-aligned.
+
+
+OPTIONAL performance optimizations
+
+1) you should define one of `i386,' `vax,' `mc68000,' or `sparc,'
+ whichever one is closest to the capabilities of your machine.
+ see the start of desCode.h to see exactly what this selection implies.
+ note that if you select the wrong one, the des code will still work;
+ these are just performance tweaks.
+2) for those with functional `asm' keywords: you should change the
+ ROR and ROL macros to use machine rotate instructions if you have them.
+ this will save 2 instructions and a temporary per use,
+ or about 32 to 40 instructions per en/decryption.
+
+these optimizations are all rather persnickety, yet with them you should
+be able to get performance equal to assembly-coding, except that:
+1) with the lack of a bit rotate operator in C, rotates have to be synthesized
+ from shifts. so access to `asm' will speed things up if your machine
+ has rotates, as explained above in (3).
+2) if your machine has less than 12 32-bit registers i doubt your compiler will
+ generate good code.
+ `i386' tries to configure the code for a 386 by only declaring 3 registers
+ (it appears that gcc can use ebx, esi and edi to hold register variables).
+ however, if you like assembly coding, the 386 does have 7 32-bit registers,
+ and if you use ALL of them, use `scaled by 8' address modes with displacement
+ and other tricks, you can get reasonable routines for DesQuickCore... with
+ about 250 instructions apiece. For DesSmall... it will help to rearrange
+ des_keymap, i.e., now the sbox # is the high part of the index and
+ the 6 bits of data is the low part; it helps to exchange these.
+ since i have no way to conveniently test it i have not provided my
+ shoehorned 386 version.
+
+coding notes
+
+the en/decryption routines each use 6 necessary register variables,
+with 4 being actively used at once during the inner iterations.
+if you don't have 4 register variables get a new machine.
+up to 8 more registers are used to hold constants in some configurations.
+
+i assume that the use of a constant is more expensive than using a register:
+a) additionally, i have tried to put the larger constants in registers.
+ registering priority was by the following:
+ anything more than 12 bits (bad for RISC and CISC)
+ greater than 127 in value (can't use movq or byte immediate on CISC)
+ 9-127 (may not be able to use CISC shift immediate or add/sub quick),
+ 1-8 were never registered, being the cheapest constants.
+b) the compiler may be too stupid to realize table and table+256 should
+ be assigned to different constant registers and instead repetitively
+ do the arithmetic, so i assign these to explicit `m' register variables
+ when possible and helpful.
+
+i assume that indexing is cheaper or equivalent to auto increment/decrement,
+where the index is 7 bits unsigned or smaller.
+this assumption is reversed for 68k and vax.
+
+i assume that addresses can be cheaply formed from two registers,
+or from a register and a small constant. i never use the `two registers
+and offset' form you see in some CISC machines.
+all index scaling is done explicitly - no hidden shifts by log2(sizeof).
+
+the code is written so that even a dumb compiler
+should never need more than one hidden temporary,
+increasing the chance that everything will fit in the registers.
+KEEP THIS MORE SUBTLE POINT IN MIND IF YOU REWRITE ANYTHING.
+
+
+special efficient data format
+
+bits are manipulated in this arrangement most of the time (S7 S5 S3 S1):
+ 003130292827xxxx242322212019xxxx161514131211xxxx080706050403xxxx
+(the x bits are still there, i'm just emphasizing where the S boxes are).
+bits are rotated left 4 when computing S6 S4 S2 S0:
+ 282726252423xxxx201918171615xxxx121110090807xxxx040302010031xxxx
+the rightmost two bits are usually cleared so the lower byte can be used
+as an index into an sbox mapping table. the next two x'd bits are set
+to various values to access different parts of the tables.
+
+
+how to use the routines
+
+datatypes:
+ pointer to 8 byte area of type DesData
+ used to hold keys and input/output blocks to des.
+
+ pointer to 128 byte area of type DesKeys
+ used to hold full 768-bit key.
+ must be long-aligned.
+
+DesQuickInit()
+ call this before using any other routine with `Quick' in its name.
+ it generates the special 64k table these routines need.
+DesQuickDone()
+ frees this table
+
+DesMethod(m, k)
+ m points to a 128byte block, k points to an 8 byte des key
+ which must have odd parity (or -1 is returned) and which must
+ not be a (semi-)weak key (or -2 is returned).
+ normally DesMethod() returns 0.
+ m is filled in from k so that when one of the routines below
+ is called with m, the routine will act like standard des
+ en/decryption with the key k. if you use DesMethod,
+ you supply a standard 56bit key; however, if you fill in
+ m yourself, you will get a 768bit key - but then it won't
+ be standard. it's 768bits not 1024 because the least significant
+ two bits of each byte are not used. and yes, each byte controls
+ a specific sbox during a specific iteration.
+ NOTE: actually, every other word has been rotated right 4 bits
+ to reduce the number of temporaries needed when the key is used.
+ you really shouldn't use the 768bit format directly; i should
+ provide a routine that converts 128 6-bit bytes (specified in
+ S-box mapping order or something) into the right format for you.
+ this would entail some byte concatenation and rotation.
+
+Des{Small|Quick}{Fips|Core}{Encrypt|Decrypt}(d, m, s)
+ performs des on the 8 bytes at s into the 8 bytes at d. (d,s: char *).
+ uses m as a 768bit key as explained above.
+ the Encrypt|Decrypt choice is obvious.
+ Fips|Core determines whether a completely standard FIPS initial
+ and final permutation is done; if not, then the data is loaded
+ and stored in a nonstandard bit order (FIPS w/o IP/FP).
+ Fips slows down Quick by 10%, Small by 9%.
+ Small|Quick determines whether you use the normal routine
+ or the crazy quick one which gobbles up 64k more of memory.
+ Small is 50% slower then Quick, but Quick needs 32 times as much
+ memory. Quick is included for programs that do nothing but DES,
+ e.g., encryption filters, etc.
+
+
+Getting it to compile on your machine
+
+there are no machine-dependencies in the code (see porting),
+except perhaps the `now()' macro in desTest.c.
+ALL generated tables are machine independent.
+you should edit the Makefile with the appropriate optimization flags
+for your compiler (MAX optimization).
+
+
+Speeding up kerberos (and/or its des library)
+
+note that i have included a kerberos-compatible interface in desUtil.c
+through the functions des_key_sched() and des_ecb_encrypt().
+to use these with kerberos or kerberos-compatible code put desCore.a
+ahead of the kerberos-compatible library on your linker's command line.
+you should not need to #include desCore.h; just include the header
+file provided with the kerberos library.
+
+Other uses
+
+the macros in desCode.h would be very useful for putting inline des
+functions in more complicated encryption routines.
diff --git a/src/modules/_Crypto/lib/descore/desCode.h b/src/modules/_Crypto/lib/descore/desCode.h
new file mode 100644
index 0000000000000000000000000000000000000000..221b31965e9d63690c12b5ce8d1970bd964d4c4e
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desCode.h
@@ -0,0 +1,410 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ */
+
+#ifndef lint
+static char desCode_hRcs[] = "$Id: desCode.h,v 1.1 1997/01/10 02:52:19 nisse Exp $";
+#endif
+
+#include "desCore.h"
+extern word des_keymap[], des_bigmap[];
+
+
+/* optional customization:
+ * the idea here is to alter the code so it will still run correctly
+ * on any machine, but the quickest on the specific machine in mind.
+ * note that these silly tweaks can give you a 15%-20% speed improvement
+ * on the sparc -- it's probably even more significant on the 68000. */
+
+/* take care of machines with incredibly few registers */
+#if defined(i386)
+#define REGISTER /* only x, y, z will be declared register */
+#else
+#define REGISTER register
+#endif /* i386 */
+
+/* is auto inc/dec faster than 7bit unsigned indexing? */
+#if defined(vax) || defined(mc68000)
+#define FIXR r += 32;
+#define FIXS s += 8;
+#define PREV(v,o) *--v
+#define NEXT(v,o) *v++
+#else
+#define FIXR
+#define FIXS
+#define PREV(v,o) v[o]
+#define NEXT(v,o) v[o]
+#endif
+
+/* if no machine type, default is indexing, 6 registers and cheap literals */
+#if !defined(i386) && !defined(vax) && !defined(mc68000) && !defined(sparc)
+#define vax
+#endif
+
+/* handle a compiler which can't reallocate registers */
+#if defined(strange) /* didn't feel like deleting */
+#define SREGFREE ; s = (byte *) D
+#define DEST s
+#define D m0
+#define BYTE word
+#else
+#define SREGFREE
+#define DEST d
+#define D d
+#define BYTE byte
+#endif
+
+/* handle constants in the optimal way for 386 & vax */
+/* 386: we declare 3 register variables (see above) and use 3 more variables;
+ * vax: we use 6 variables, all declared register;
+ * we assume address literals are cheap & unrestricted;
+ * we assume immediate constants are cheap & unrestricted. */
+#if defined(i386) || defined(vax)
+#define MQ0 des_bigmap
+#define MQ1 (des_bigmap + 64)
+#define MQ2 (des_bigmap + 128)
+#define MQ3 (des_bigmap + 192)
+#define HQ0(z) /* z |= 0X01000000L; */
+#define HQ2(z) /* z |= 0X03000200L; */
+#define LQ0(z) 0XFCFC & z
+#define LQ1(z) 0XFCFC & z
+#define LQ2(z) 0XFCFC & z
+#define LQ3(z) 0XFCFC & z
+#define SQ 16
+#define MS0 des_keymap
+#define MS1 (des_keymap + 64)
+#define MS2 (des_keymap + 128)
+#define MS3 (des_keymap + 192)
+#define MS4 (des_keymap + 256)
+#define MS5 (des_keymap + 320)
+#define MS6 (des_keymap + 384)
+#define MS7 (des_keymap + 448)
+#define HS(z)
+#define LS0(z) 0XFC & z
+#define LS1(z) 0XFC & z
+#define LS2(z) 0XFC & z
+#define LS3(z) 0XFC & z
+#define REGQUICK
+#define SETQUICK
+#define REGSMALL
+#define SETSMALL
+#endif /* defined(i386) || defined(vax) */
+
+/* handle constants in the optimal way for mc68000 */
+/* in addition to the core 6 variables, we declare 3 registers holding constants
+ * and 4 registers holding address literals.
+ * at most 6 data values and 5 address values are actively used at once.
+ * we assume address literals are so expensive we never use them;
+ * we assume constant index offsets > 127 are expensive, so they are not used.
+ * we assume all constants are expensive and put them in registers,
+ * including shift counts greater than 8. */
+#if defined(mc68000)
+#define MQ0 m0
+#define MQ1 m1
+#define MQ2 m2
+#define MQ3 m3
+#define HQ0(z)
+#define HQ2(z)
+#define LQ0(z) k0 & z
+#define LQ1(z) k0 & z
+#define LQ2(z) k0 & z
+#define LQ3(z) k0 & z
+#define SQ k1
+#define MS0 m0
+#define MS1 m0
+#define MS2 m1
+#define MS3 m1
+#define MS4 m2
+#define MS5 m2
+#define MS6 m3
+#define MS7 m3
+#define HS(z) z |= k0;
+#define LS0(z) k1 & z
+#define LS1(z) k2 & z
+#define LS2(z) k1 & z
+#define LS3(z) k2 & z
+#define REGQUICK \
+ register word k0, k1; \
+ register word *m0, *m1, *m2, *m3;
+#define SETQUICK \
+ ; k0 = 0XFCFC \
+ ; k1 = 16 \
+ /*k2 = 28 to speed up ROL */ \
+ ; m0 = des_bigmap \
+ ; m1 = m0 + 64 \
+ ; m2 = m1 + 64 \
+ ; m3 = m2 + 64
+#define REGSMALL \
+ register word k0, k1, k2; \
+ register word *m0, *m1, *m2, *m3;
+#define SETSMALL \
+ ; k0 = 0X01000100L \
+ ; k1 = 0X0FC \
+ ; k2 = 0X1FC \
+ ; m0 = des_keymap \
+ ; m1 = m0 + 128 \
+ ; m2 = m1 + 128 \
+ ; m3 = m2 + 128
+#endif /* defined(mc68000) */
+
+/* handle constants in the optimal way for sparc */
+/* in addition to the core 6 variables, we either declare:
+ * 4 registers holding address literals and 1 register holding a constant, or
+ * 8 registers holding address literals.
+ * up to 14 register variables are declared (sparc has %i0-%i5, %l0-%l7).
+ * we assume address literals are so expensive we never use them;
+ * we assume any constant with >10 bits is expensive and put it in a register,
+ * and any other is cheap and is coded in-line. */
+#if defined(sparc)
+#define MQ0 m0
+#define MQ1 m1
+#define MQ2 m2
+#define MQ3 m3
+#define HQ0(z)
+#define HQ2(z)
+#define LQ0(z) k0 & z
+#define LQ1(z) k0 & z
+#define LQ2(z) k0 & z
+#define LQ3(z) k0 & z
+#define SQ 16
+#define MS0 m0
+#define MS1 m1
+#define MS2 m2
+#define MS3 m3
+#define MS4 m4
+#define MS5 m5
+#define MS6 m6
+#define MS7 m7
+#define HS(z)
+#define LS0(z) 0XFC & z
+#define LS1(z) 0XFC & z
+#define LS2(z) 0XFC & z
+#define LS3(z) 0XFC & z
+#define REGQUICK \
+ register word k0; \
+ register word *m0, *m1, *m2, *m3;
+#define SETQUICK \
+ ; k0 = 0XFCFC \
+ ; m0 = des_bigmap \
+ ; m1 = m0 + 64 \
+ ; m2 = m1 + 64 \
+ ; m3 = m2 + 64
+#define REGSMALL \
+ register word *m0, *m1, *m2, *m3, *m4, *m5, *m6, *m7;
+#define SETSMALL \
+ ; m0 = des_keymap \
+ ; m1 = m0 + 64 \
+ ; m2 = m1 + 64 \
+ ; m3 = m2 + 64 \
+ ; m4 = m3 + 64 \
+ ; m5 = m4 + 64 \
+ ; m6 = m5 + 64 \
+ ; m7 = m6 + 64
+#endif /* defined(sparc) */
+
+
+/* some basic stuff */
+
+/* generate addresses from a base and an index */
+#define ADD(b,x) (word *) ((byte *)b + (x))
+
+/* low level rotate operations */
+#define NOP(d,c,o)
+#define ROL(d,c,o) d = d << c | d >> o
+#define ROR(d,c,o) d = d >> c | d << o
+#define ROL1(d) ROL(d, 1, 31)
+#define ROR1(d) ROR(d, 1, 31)
+
+/* elementary swap for doing IP/FP */
+#define SWAP(x,y,m,b) \
+ z = ((x >> b) ^ y) & m; \
+ x ^= z << b; \
+ y ^= z
+
+
+/* the following macros contain all the important code fragments */
+
+/* load input data, then setup special registers holding constants */
+#define TEMPQUICK(LOAD) \
+ REGQUICK \
+ LOAD() \
+ SETQUICK
+#define TEMPSMALL(LOAD) \
+ REGSMALL \
+ LOAD() \
+ SETSMALL
+
+/* load data */
+#define LOADDATA(x,y) \
+ FIXS \
+ y = PREV(s, 7); y<<= 8; \
+ y |= PREV(s, 6); y<<= 8; \
+ y |= PREV(s, 5); y<<= 8; \
+ y |= PREV(s, 4); \
+ x = PREV(s, 3); x<<= 8; \
+ x |= PREV(s, 2); x<<= 8; \
+ x |= PREV(s, 1); x<<= 8; \
+ x |= PREV(s, 0) \
+ SREGFREE
+/* load data without initial permutation and put into efficient position */
+#define LOADCORE() \
+ LOADDATA(x, y); \
+ ROR1(x); \
+ ROR1(y)
+/* load data, do the initial permutation and put into efficient position */
+#define LOADFIPS() \
+ LOADDATA(y, x); \
+ SWAP(x, y, 0X0F0F0F0FL, 004); \
+ SWAP(y, x, 0X0000FFFFL, 020); \
+ SWAP(x, y, 0X33333333L, 002); \
+ SWAP(y, x, 0X00FF00FFL, 010); \
+ ROR1(x); \
+ z = (x ^ y) & 0X55555555L; \
+ y ^= z; \
+ x ^= z; \
+ ROR1(y)
+
+
+/* core encryption/decryption operations */
+/* S box mapping and P perm */
+#define KEYMAPSMALL(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
+ hs(z) \
+ x ^= *ADD(ms3, ls3(z)); \
+ z>>= 8; \
+ x ^= *ADD(ms2, ls2(z)); \
+ z>>= 8; \
+ x ^= *ADD(ms1, ls1(z)); \
+ z>>= 8; \
+ x ^= *ADD(ms0, ls0(z))
+/* alternate version: use 64k of tables */
+#define KEYMAPQUICK(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
+ hq(z) \
+ x ^= *ADD(mq0, lq0(z)); \
+ z>>= sq; \
+ x ^= *ADD(mq1, lq1(z))
+/* apply 24 key bits and do the odd s boxes */
+#define S7S1(x,y,z,r,m,KEYMAP,LOAD) \
+ z = LOAD(r, m); \
+ z ^= y; \
+ KEYMAP(x,z,MQ0,MQ1,HQ0,LQ0,LQ1,SQ,MS0,MS1,MS2,MS3,HS,LS0,LS1,LS2,LS3)
+/* apply 24 key bits and do the even s boxes */
+#define S6S0(x,y,z,r,m,KEYMAP,LOAD) \
+ z = LOAD(r, m); \
+ z ^= y; \
+ ROL(z, 4, 28); \
+ KEYMAP(x,z,MQ2,MQ3,HQ2,LQ2,LQ3,SQ,MS4,MS5,MS6,MS7,HS,LS0,LS1,LS2,LS3)
+/* actual iterations. equivalent except for UPDATE & swapping m and n */
+#define ENCR(x,y,z,r,m,n,KEYMAP) \
+ S7S1(x,y,z,r,m,KEYMAP,NEXT); \
+ S6S0(x,y,z,r,n,KEYMAP,NEXT)
+#define DECR(x,y,z,r,m,n,KEYMAP) \
+ S6S0(x,y,z,r,m,KEYMAP,PREV); \
+ S7S1(x,y,z,r,n,KEYMAP,PREV)
+
+/* write out result in correct byte order */
+#define SAVEDATA(x,y) \
+ NEXT(DEST, 0) = x; x>>= 8; \
+ NEXT(DEST, 1) = x; x>>= 8; \
+ NEXT(DEST, 2) = x; x>>= 8; \
+ NEXT(DEST, 3) = x; \
+ NEXT(DEST, 4) = y; y>>= 8; \
+ NEXT(DEST, 5) = y; y>>= 8; \
+ NEXT(DEST, 6) = y; y>>= 8; \
+ NEXT(DEST, 7) = y
+/* write out result */
+#define SAVECORE() \
+ ROL1(x); \
+ ROL1(y); \
+ SAVEDATA(y, x)
+/* do final permutation and write out result */
+#define SAVEFIPS() \
+ ROL1(x); \
+ z = (x ^ y) & 0X55555555L; \
+ y ^= z; \
+ x ^= z; \
+ ROL1(y); \
+ SWAP(x, y, 0X00FF00FFL, 010); \
+ SWAP(y, x, 0X33333333L, 002); \
+ SWAP(x, y, 0X0000FFFFL, 020); \
+ SWAP(y, x, 0X0F0F0F0FL, 004); \
+ SAVEDATA(x, y)
+
+
+/* the following macros contain the encryption/decryption skeletons */
+
+#define ENCRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
+ \
+void \
+NAME(D, r, s) \
+REGISTER BYTE * D; \
+REGISTER word * r; \
+REGISTER byte * s; \
+{ \
+ register word x, y, z; \
+ \
+ /* declare temps & load data */ \
+ TEMP(LOAD); \
+ \
+ /* do the 16 iterations */ \
+ ENCR(x,y,z,r, 0, 1,KEYMAP); \
+ ENCR(y,x,z,r, 2, 3,KEYMAP); \
+ ENCR(x,y,z,r, 4, 5,KEYMAP); \
+ ENCR(y,x,z,r, 6, 7,KEYMAP); \
+ ENCR(x,y,z,r, 8, 9,KEYMAP); \
+ ENCR(y,x,z,r,10,11,KEYMAP); \
+ ENCR(x,y,z,r,12,13,KEYMAP); \
+ ENCR(y,x,z,r,14,15,KEYMAP); \
+ ENCR(x,y,z,r,16,17,KEYMAP); \
+ ENCR(y,x,z,r,18,19,KEYMAP); \
+ ENCR(x,y,z,r,20,21,KEYMAP); \
+ ENCR(y,x,z,r,22,23,KEYMAP); \
+ ENCR(x,y,z,r,24,25,KEYMAP); \
+ ENCR(y,x,z,r,26,27,KEYMAP); \
+ ENCR(x,y,z,r,28,29,KEYMAP); \
+ ENCR(y,x,z,r,30,31,KEYMAP); \
+ \
+ /* save result */ \
+ SAVE(); \
+ \
+ return; \
+}
+
+#define DECRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
+ \
+void \
+NAME(D, r, s) \
+REGISTER BYTE * D; \
+REGISTER word * r; \
+REGISTER byte * s; \
+{ \
+ register word x, y, z; \
+ \
+ /* declare temps & load data */ \
+ TEMP(LOAD); \
+ \
+ /* do the 16 iterations */ \
+ FIXR \
+ DECR(x,y,z,r,31,30,KEYMAP); \
+ DECR(y,x,z,r,29,28,KEYMAP); \
+ DECR(x,y,z,r,27,26,KEYMAP); \
+ DECR(y,x,z,r,25,24,KEYMAP); \
+ DECR(x,y,z,r,23,22,KEYMAP); \
+ DECR(y,x,z,r,21,20,KEYMAP); \
+ DECR(x,y,z,r,19,18,KEYMAP); \
+ DECR(y,x,z,r,17,16,KEYMAP); \
+ DECR(x,y,z,r,15,14,KEYMAP); \
+ DECR(y,x,z,r,13,12,KEYMAP); \
+ DECR(x,y,z,r,11,10,KEYMAP); \
+ DECR(y,x,z,r, 9, 8,KEYMAP); \
+ DECR(x,y,z,r, 7, 6,KEYMAP); \
+ DECR(y,x,z,r, 5, 4,KEYMAP); \
+ DECR(x,y,z,r, 3, 2,KEYMAP); \
+ DECR(y,x,z,r, 1, 0,KEYMAP); \
+ \
+ /* save result */ \
+ SAVE(); \
+ \
+ return; \
+}
diff --git a/src/modules/_Crypto/lib/descore/desCore.h b/src/modules/_Crypto/lib/descore/desCore.h
new file mode 100644
index 0000000000000000000000000000000000000000..7b62af9107ee6febff4b160566c5ca5fd89ff6a0
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desCore.h
@@ -0,0 +1,21 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ */
+
+#ifndef lint
+static char desCore_hRcs[] = "$Id: desCore.h,v 1.1 1997/01/10 02:52:31 nisse Exp $";
+#endif
+
+typedef unsigned char byte, DesData[ 8];
+typedef unsigned long word, DesKeys[32];
+
+extern int DesMethod();
+extern void DesQuickInit(), DesQuickDone();
+extern void DesQuickCoreEncrypt(), DesQuickFipsEncrypt();
+extern void DesQuickCoreDecrypt(), DesQuickFipsDecrypt();
+extern void DesSmallCoreEncrypt(), DesSmallFipsEncrypt();
+extern void DesSmallCoreDecrypt(), DesSmallFipsDecrypt();
+extern void (*DesCryptFuncs[])();
+extern int des_key_sched(), des_ecb_encrypt();
diff --git a/src/modules/_Crypto/lib/descore/desKerb.c b/src/modules/_Crypto/lib/descore/desKerb.c
new file mode 100644
index 0000000000000000000000000000000000000000..8d4a0ce6e418669cfc2c73ca5c25f465ef2ff32c
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desKerb.c
@@ -0,0 +1,38 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ */
+
+#ifndef lint
+static char desKerb_cRcs[] = "$Id: desKerb.c,v 1.1 1997/01/10 02:52:38 nisse Exp $";
+#endif
+
+#include "desCore.h"
+
+
+/* permit the default style of des functions to be changed */
+
+void (*DesCryptFuncs[2])() = { DesSmallFipsDecrypt, DesSmallFipsEncrypt };
+
+/* kerberos-compatible key schedule function */
+
+int
+des_key_sched(k, s)
+byte * k;
+word * s;
+{
+ return DesMethod(s, k);
+}
+
+/* kerberos-compatible des coding function */
+
+int
+des_ecb_encrypt(s, d, r, e)
+byte * s, * d;
+word * r;
+int e;
+{
+ (*DesCryptFuncs[e])(d, r, s);
+ return 0;
+}
diff --git a/src/modules/_Crypto/lib/descore/desQuick.c b/src/modules/_Crypto/lib/descore/desQuick.c
new file mode 100644
index 0000000000000000000000000000000000000000..779fcb12bfb47723745a4af8dcf93f3710d503c8
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desQuick.c
@@ -0,0 +1,52 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ */
+
+#ifndef lint
+static char desQuick_cRcs[] = "$Id: desQuick.c,v 1.1 1997/01/10 02:52:44 nisse Exp $";
+#endif
+
+#include "desCore.h"
+extern word des_keymap[];
+
+
+/* static information */
+
+static depth = 0; /* keep track of the request depth */
+word des_bigmap[0x4000]; /* big lookup table */
+
+/* fill in the 64k table used by the `quick' option */
+
+void
+DesQuickInit()
+{
+ int s1, s3, x;
+ word * t0, * t1, * t2, * t3;
+
+ if ( depth++ )
+ return;
+
+ t0 = des_bigmap;
+ t1 = t0 + 64;
+ t2 = t1 + 64;
+ t3 = t2 + 64;
+
+ for ( s3 = 63; s3 >= 0; s3-- ) {
+ for ( s1 = 63; s1 >= 0; s1-- ) {
+ x = (s3 << 8) | s1;
+ t0[x] = des_keymap[s3+128] ^ des_keymap[s1+192];
+ t1[x] = des_keymap[s3 ] ^ des_keymap[s1+ 64];
+ t2[x] = des_keymap[s3+384] ^ des_keymap[s1+448];
+ t3[x] = des_keymap[s3+256] ^ des_keymap[s1+320];
+ }
+ }
+}
+
+/* free the 64k table, if necessary */
+
+void
+DesQuickDone()
+{
+}
diff --git a/src/modules/_Crypto/lib/descore/desTest.c b/src/modules/_Crypto/lib/descore/desTest.c
new file mode 100644
index 0000000000000000000000000000000000000000..a439911d8b20635f9c964cb2e3238f49eb0dab9c
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desTest.c
@@ -0,0 +1,177 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ *
+ * Exercise the DES routines and collect performance statistics.
+ */
+
+#ifndef lint
+static char desTest_cRcs[] = "$Id: desTest.c,v 1.1 1997/01/10 02:52:49 nisse Exp $";
+#endif
+
+extern printf();
+
+#include "desCore.h"
+
+/* define now(w) to be the elapsed time in hundredths of a second */
+
+#include <sys/time.h>
+#include <sys/resource.h>
+extern getrusage();
+static struct rusage usage;
+#define now(w) ( \
+ (void)getrusage(RUSAGE_SELF, &usage), \
+ usage.ru_utime.tv_sec * 100 + \
+ usage.ru_utime.tv_usec / 10000 \
+ )
+
+/* test data
+ * the tests (key0-3, text0-3) are cribbed from code which is (c) 1988 MIT
+ */
+
+byte keyt[8] = {0x5d, 0x85, 0x91, 0x73, 0xcb, 0x49, 0xdf, 0x2f};
+byte key0[8] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80};
+byte key1[8] = {0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
+byte key2[8] = {0x08, 0x19, 0x2a, 0x3b, 0x4c, 0x5d, 0x6e, 0x7f};
+byte key3[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
+byte textt[8] = {0x67, 0x1f, 0xc8, 0x93, 0x46, 0x5e, 0xab, 0x1e};
+byte text0[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+byte text1[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40};
+byte text2[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+byte text3[8] = {'N', 'o', 'w', ' ', 'i', 's', ' ', 't' };
+
+/* work areas */
+
+DesKeys keys;
+byte cipher[8], output[8];
+
+/* noisy interfaces to the routines under test */
+
+static void
+method(key)
+byte *key;
+{
+ int j;
+
+ (void)printf("\nkey:\t");
+ for ( j = 0; j < 8; j++ )
+ (void)printf("%02X ", key[j]);
+ if ( des_key_sched(key, keys) )
+ (void)printf("W");
+ (void)printf("\t");
+}
+
+static void
+encode(src, dst)
+byte *src, *dst;
+{
+ int j;
+
+ (void)printf("clear:\t");
+ for (j = 0; j < 8; j++)
+ (void)printf("%02X ", src[j]);
+
+ (void)des_ecb_encrypt(src, dst, keys, 1);
+
+ (void)printf("\tcipher:\t");
+ for (j = 0; j < 8; j++)
+ (void)printf("%02X ", dst[j]);
+ (void)printf("\n");
+}
+
+static void
+decode(src, dst)
+byte *src, *dst;
+{
+ int j;
+
+ (void)printf("cipher:\t");
+ for (j = 0; j < 8; j++)
+ (void)printf("%02X ", src[j]);
+
+ (void)des_ecb_encrypt(src, dst, keys, 0);
+
+ (void)printf("\tclear:\t");
+ for (j = 0; j < 8; j++)
+ (void)printf("%02X ", dst[j]);
+ (void)printf("\n");
+}
+
+/* run the tests */
+
+int
+main()
+{
+ int j, m, e, n;
+ void (*f)();
+ static char * expect[] = {
+ "57 99 F7 2A D2 3F AE 4C", "9C C6 2D F4 3B 6E ED 74",
+ "90 E6 96 A2 AD 56 50 0D", "A3 80 E0 2A 6B E5 46 96",
+ "43 5C FF C5 68 B3 70 1D", "25 DD AC 3E 96 17 64 67",
+ "80 B5 07 E1 E6 A7 47 3D", "3F A4 0E 8A 98 4D 48 15",
+ };
+ static void (*funcs[])() = {
+ DesQuickCoreEncrypt, DesQuickFipsEncrypt,
+ DesSmallCoreEncrypt, DesSmallFipsEncrypt,
+ DesQuickCoreDecrypt, DesQuickFipsDecrypt,
+ DesSmallCoreDecrypt, DesSmallFipsDecrypt };
+ static char * names[] = {
+ "QuickCore", "QuickFips",
+ "SmallCore", "SmallFips" };
+
+ n = 0;
+ DesQuickInit();
+
+ /* do timing info first */
+
+ f = (void (*)())DesMethod;
+ j = 10000;
+ m = now(0);
+ do
+ (*f)(keys, keyt);
+ while ( --j );
+ m = now(1) - m;
+
+ do {
+ DesCryptFuncs[0] = funcs[n+4];
+ f = DesCryptFuncs[1] = funcs[n ];
+ j = 100000;
+ e = now(0);
+ do
+ (*f)(cipher, keys, textt);
+ while ( --j );
+ e = now(1) - e;
+
+ (void)printf( "%s: setkey,%5duS; encode,%3d.%1duS.\n",
+ names[n], m, e/10, e%10);
+
+ /* now check functionality */
+
+ method(key0);
+ (void)printf("cipher?\t%s\n", expect[(n % 2) + 0]);
+ encode(text0, cipher);
+ decode(cipher, output);
+
+ method(key1);
+ (void)printf("cipher?\t%s\n", expect[(n % 2) + 2]);
+ encode(text1, cipher);
+ decode(cipher, output);
+
+ method(key2);
+ (void)printf("cipher?\t%s\n", expect[(n % 2) + 4]);
+ encode(text2, cipher);
+ decode(cipher, output);
+
+ method(key3);
+ (void)printf("cipher?\t%s\n", expect[(n % 2) + 6]);
+ encode(text3, cipher);
+ decode(cipher, output);
+
+ (void)printf("%c", "\n\f\n\0"[n]);
+
+ } while ( ++n < 4 );
+
+ DesQuickDone();
+ return 0;
+}
diff --git a/src/modules/_Crypto/lib/descore/desUtil.c b/src/modules/_Crypto/lib/descore/desUtil.c
new file mode 100644
index 0000000000000000000000000000000000000000..0153d76488b9953bdfdec467176809e0b570e984
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desUtil.c
@@ -0,0 +1,174 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ */
+
+#ifndef lint
+static char desUtil_cRcs[] = "$Id: desUtil.c,v 1.1 1997/01/10 02:52:55 nisse Exp $";
+#endif
+
+#include "desCode.h"
+
+
+/* various tables */
+
+word des_keymap[] = {
+#include "keymap.h"
+};
+
+static byte rotors[] = {
+#include "rotors.h"
+};
+static char parity[] = {
+#include "parity.h"
+};
+
+#ifndef lint
+static char ego[] = "\n\nFast DES Library Copyright (c) 1991 Dana L. How\n\n";
+#endif
+
+
+/* set up the method list from the key */
+
+int
+DesMethod(method, k)
+register word * method;
+register byte * k;
+{
+ register word n, w;
+ register char * b0, * b1;
+ char bits0[56], bits1[56];
+
+ /* check for bad parity and weak keys */
+ b0 = parity;
+ n = b0[k[0]]; n <<= 4;
+ n |= b0[k[1]]; n <<= 4;
+ n |= b0[k[2]]; n <<= 4;
+ n |= b0[k[3]]; n <<= 4;
+ n |= b0[k[4]]; n <<= 4;
+ n |= b0[k[5]]; n <<= 4;
+ n |= b0[k[6]]; n <<= 4;
+ n |= b0[k[7]];
+ w = 0X88888888L;
+ /* report bad parity in key */
+ if ( n & w )
+ return -1;
+ /* report a weak or semi-weak key */
+ if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
+ if ( n < 0X41415151 ) {
+ if ( n < 0X31312121 ) {
+ if ( n < 0X14141515 ) {
+ /* 01 01 01 01 01 01 01 01 */
+ if ( n == 0X11111111 ) return -2;
+ /* 01 1F 01 1F 01 0E 01 0E */
+ if ( n == 0X13131212 ) return -2;
+ } else {
+ /* 01 E0 01 E0 01 F1 01 F1 */
+ if ( n == 0X14141515 ) return -2;
+ /* 01 FE 01 FE 01 FE 01 FE */
+ if ( n == 0X16161616 ) return -2;
+ }
+ } else {
+ if ( n < 0X34342525 ) {
+ /* 1F 01 1F 01 0E 01 0E 01 */
+ if ( n == 0X31312121 ) return -2;
+ /* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
+ if ( n == 0X33332222 ) return -2;
+ } else {
+ /* 1F E0 1F E0 0E F1 0E F1 */
+ if ( n == 0X34342525 ) return -2;
+ /* 1F FE 1F FE 0E FE 0E FE */
+ if ( n == 0X36362626 ) return -2;
+ }
+ }
+ } else {
+ if ( n < 0X61616161 ) {
+ if ( n < 0X44445555 ) {
+ /* E0 01 E0 01 F1 01 F1 01 */
+ if ( n == 0X41415151 ) return -2;
+ /* E0 1F E0 1F F1 0E F1 0E */
+ if ( n == 0X43435252 ) return -2;
+ } else {
+ /* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
+ if ( n == 0X44445555 ) return -2;
+ /* E0 FE E0 FE F1 FE F1 FE */
+ if ( n == 0X46465656 ) return -2;
+ }
+ } else {
+ if ( n < 0X64646565 ) {
+ /* FE 01 FE 01 FE 01 FE 01 */
+ if ( n == 0X61616161 ) return -2;
+ /* FE 1F FE 1F FE 0E FE 0E */
+ if ( n == 0X63636262 ) return -2;
+ } else {
+ /* FE E0 FE E0 FE F1 FE F1 */
+ if ( n == 0X64646565 ) return -2;
+ /* FE FE FE FE FE FE FE FE */
+ if ( n == 0X66666666 ) return -2;
+ }
+ }
+ }
+ }
+
+ /* explode the bits */
+ n = 56;
+ b0 = bits0;
+ b1 = bits1;
+ do {
+ w = (256 | *k++) << 2;
+ do {
+ --n;
+ b1[n] = 8 & w;
+ w >>= 1;
+ b0[n] = 4 & w;
+ } while ( w >= 16 );
+ } while ( n );
+
+ /* put the bits in the correct places */
+ n = 16;
+ k = rotors;
+ do {
+ w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
+ w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
+ w |= b1[k[ 4 ]] | b0[k[ 5 ]];
+ w <<= 8;
+ w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
+ w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
+ w |= b1[k[10 ]] | b0[k[11 ]];
+ w <<= 8;
+ w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
+ w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
+ w |= b1[k[16 ]] | b0[k[17 ]];
+ w <<= 8;
+ w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
+ w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
+ w |= b1[k[22 ]] | b0[k[23 ]];
+
+ method[0] = w;
+
+ w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
+ w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
+ w |= b1[k[ 4+24]] | b0[k[ 5+24]];
+ w <<= 8;
+ w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
+ w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
+ w |= b1[k[10+24]] | b0[k[11+24]];
+ w <<= 8;
+ w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
+ w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
+ w |= b1[k[16+24]] | b0[k[17+24]];
+ w <<= 8;
+ w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
+ w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
+ w |= b1[k[22+24]] | b0[k[23+24]];
+
+ ROR(w, 4, 28); /* could be eliminated */
+ method[1] = w;
+
+ k += 48;
+ method += 2;
+ } while ( --n );
+
+ return 0;
+}
diff --git a/src/modules/_Crypto/lib/descore/descore.diffs b/src/modules/_Crypto/lib/descore/descore.diffs
new file mode 100644
index 0000000000000000000000000000000000000000..5993303ac05e87cfab10cd66cf3246b4ed3bab41
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/descore.diffs
@@ -0,0 +1,30 @@
+diff -u orig/Makefile ./Makefile
+--- orig/Makefile Fri Jan 10 02:23:08 1997
++++ ./Makefile Fri Jan 10 02:41:18 1997
+@@ -47,7 +47,7 @@
+
+ test: desCore.a desTest.o
+ $(LINK.c) -o $@ desTest.o desCore.a
+- test
++ ./test
+
+ # get stuff from RCS
+ $(RCS):
+@@ -71,7 +71,7 @@
+ desTest.o: desCore.h
+
+ $(GH): desdata
+- desdata $@ > $@
++ ./desdata $@ > $@
+
+ desdata: desdata.o
+ $(LINK.c) -o $@ desdata.o
+@@ -111,7 +111,7 @@
+ -e '1s/^;*//' | \
+ tr ';'\\012 \\012';' > $@
+ @echo "" >> $@
+- @echo "}" >> $@ # last definition must be a procedure
++# @echo "}" >> $@ # last definition must be a procedure
+
+ # -e 's/\(;[kmxyz][0-9]*\)\([^;]*=\)/\1 \2/g'
+
diff --git a/src/modules/_Crypto/lib/descore/descore.shar.gz b/src/modules/_Crypto/lib/descore/descore.shar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..f6e97a42fa4eb930ab3143f730bca2e23fef4aea
Binary files /dev/null and b/src/modules/_Crypto/lib/descore/descore.shar.gz differ
diff --git a/src/modules/_Crypto/lib/descore/desdata.c b/src/modules/_Crypto/lib/descore/desdata.c
new file mode 100644
index 0000000000000000000000000000000000000000..03776533f6c0b8886f4808dadfc7ae4a845874a8
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desdata.c
@@ -0,0 +1,193 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ *
+ * Generate tables used by desUtil.c and desCode.h.
+ */
+
+#ifndef lint
+static char desdata_cRcs[] = "$Id: desdata.c,v 1.1 1997/01/10 02:53:10 nisse Exp $";
+#endif
+
+#include "desinfo.h"
+
+#include "desCode.h"
+
+/* list of weak and semi-weak keys
+
+ +0 +1 +2 +3 +4 +5 +6 +7
+ 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
+ 0x01 0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e
+ 0x01 0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1
+ 0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe
+ 0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e 0x01
+ 0x1f 0x1f 0x1f 0x1f 0x0e 0x0e 0x0e 0x0e
+ 0x1f 0xe0 0x1f 0xe0 0x0e 0xf1 0x0e 0xf1
+ 0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e 0xfe
+ 0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1 0x01
+ 0xe0 0x1f 0xe0 0x1f 0xf1 0x0e 0xf1 0x0e
+ 0xe0 0xe0 0xe0 0xe0 0xf1 0xf1 0xf1 0xf1
+ 0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1 0xfe
+ 0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01
+ 0xfe 0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e
+ 0xfe 0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1
+ 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe
+ */
+
+/* key bit order in each method pair: bits 31->00 of 1st, bits 31->00 of 2nd */
+/* this does not reflect the rotate of the 2nd word */
+
+#define S(box,bit) (box*6+bit)
+int korder[] = {
+ S(7, 5), S(7, 4), S(7, 3), S(7, 2), S(7, 1), S(7, 0),
+ S(5, 5), S(5, 4), S(5, 3), S(5, 2), S(5, 1), S(5, 0),
+ S(3, 5), S(3, 4), S(3, 3), S(3, 2), S(3, 1), S(3, 0),
+ S(1, 5), S(1, 4), S(1, 3), S(1, 2), S(1, 1), S(1, 0),
+ S(6, 5), S(6, 4), S(6, 3), S(6, 2), S(6, 1), S(6, 0),
+ S(4, 5), S(4, 4), S(4, 3), S(4, 2), S(4, 1), S(4, 0),
+ S(2, 5), S(2, 4), S(2, 3), S(2, 2), S(2, 1), S(2, 0),
+ S(0, 5), S(0, 4), S(0, 3), S(0, 2), S(0, 1), S(0, 0),
+};
+
+/* the order in which the algorithm accesses the s boxes */
+
+int sorder[] = {
+ 7, 5, 3, 1, 6, 4, 2, 0,
+};
+
+int
+main(argc, argv)
+int argc;
+char *argv[];
+{
+ word d, i, j, k, l, m, n, s;
+ char b[256], ksr[56];
+ extern printf();
+
+ switch ( argv[1][0] ) {
+
+ /*
+ * <<< make the key parity table >>>
+ */
+
+case 'p':
+ (void)printf(
+"/* automagically produced - do not fuss with this information */\n\n");
+
+ /* store parity information */
+ for ( i = 0; i < 256; i++ ) {
+ j = i;
+ j ^= j >> 4; /* bits 3-0 have pairs */
+ j ^= j << 2; /* bits 3-2 have quads */
+ j ^= j << 1; /* bit 3 has the entire eight (no cox) */
+ b[i] = 8 & ~j; /* 0 is okay and 8 is bad parity */
+ }
+
+ /* only these characters can appear in a weak key */
+ b[0x01] = 1;
+ b[0x0e] = 2;
+ b[0x1f] = 3;
+ b[0xe0] = 4;
+ b[0xf1] = 5;
+ b[0xfe] = 6;
+
+ /* print it out */
+ for ( i = 0; i < 256; i++ ) {
+ (void)printf("%d,", b[i]);
+ if ( (i & 31) == 31 )
+ (void)printf("\n");
+ }
+
+ break;
+
+
+ /*
+ * <<< make the key usage table >>>
+ */
+
+case 'r':
+ (void)printf("/* automagically made - do not fuss with this */\n\n");
+
+ /* KL specifies the initial key bit positions */
+ for (i = 0; i < 56; i++)
+ ksr[i] = (KL[i] - 1) ^ 7;
+
+ for (i = 0; i < 16; i++) {
+
+ /* apply the appropriate number of left shifts */
+ for (j = 0; j < KS[i]; j++) {
+ m = ksr[ 0];
+ n = ksr[28];
+ for (k = 0; k < 27; k++)
+ ksr[k ] = ksr[k + 1],
+ ksr[k + 28] = ksr[k + 29];
+ ksr[27] = m;
+ ksr[55] = n;
+ }
+
+ /* output the key bit numbers */
+ for (j = 0; j < 48; j++) {
+ m = ksr[KC[korder[j]] - 1];
+ m = (m / 8) * 7 + (m % 8) - 1;
+ m = 55 - m;
+ (void)printf(" %2d,", m);
+ if ((j % 12) == 11)
+ (void)printf("\n");
+ }
+ (void)printf("\n");
+ }
+
+ break;
+
+
+ /*
+ * <<< make the keymap table >>>
+ */
+
+case 'k':
+ (void)printf("/* automagically made - do not fuss with this */\n\n");
+
+ for ( i = 0; i <= 7 ; i++ ) {
+ s = sorder[i];
+ for ( d = 0; d <= 63; d++ ) {
+ /* flip bits */
+ k = ((d << 5) & 32) |
+ ((d << 3) & 16) |
+ ((d << 1) & 8) |
+ ((d >> 1) & 4) |
+ ((d >> 3) & 2) |
+ ((d >> 5) & 1) ;
+ /* more bit twiddling */
+ l = ((k << 0) & 32) | /* overlap bit */
+ ((k << 4) & 16) | /* overlap bit */
+ ((k >> 1) & 15) ; /* unique bits */
+ /* look up s box value */
+ m = SB[s][l];
+ /* flip bits */
+ n = ((m << 3) & 8) |
+ ((m << 1) & 4) |
+ ((m >> 1) & 2) |
+ ((m >> 3) & 1) ;
+ /* put in correct nybble */
+ n <<= (s << 2);
+ /* perform p permutation */
+ for ( m = j = 0; j < 32; j++ )
+ if ( n & (1 << (SP[j] - 1)) )
+ m |= (1 << j);
+ /* rotate right (alg keeps everything rotated by 1) */
+ ROR(m, 1, 31);
+ /* print it out */
+ (void)printf(" 0x%08lx,", m);
+ if ( ( d & 3 ) == 3 )
+ (void)printf("\n");
+ }
+ (void)printf("\n");
+ }
+
+ break;
+
+ }
+
+ return 0;
+}
diff --git a/src/modules/_Crypto/lib/descore/desinfo.h b/src/modules/_Crypto/lib/descore/desinfo.h
new file mode 100644
index 0000000000000000000000000000000000000000..1b30c987bf15202c349070ba1d9c212646161afc
--- /dev/null
+++ b/src/modules/_Crypto/lib/descore/desinfo.h
@@ -0,0 +1,96 @@
+/*
+ * des - fast & portable DES encryption & decryption.
+ * Copyright (C) 1992 Dana L. How
+ * Please see the file `README' for the complete copyright notice.
+ *
+ * Tables describing DES rather than just this implementation.
+ * These are used in desdata but NOT in runtime code.
+ */
+
+#ifndef lint
+static char desinfo_hRcs[] = "$Id: desinfo.h,v 1.1 1997/01/10 02:53:16 nisse Exp $";
+#endif
+
+/* the initial permutation, E selection, and final permutation are hardwired */
+
+/* Key Load: how to load the shift register from the user key */
+
+char KL[] = {
+
+ 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
+ 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
+
+ 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
+ 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4,
+};
+
+/* Key Shift: how many times to shift the key shift register */
+
+char KS[] = {
+
+ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
+};
+
+/* Key Choose: which key bits from shift reg are used in the key schedule */
+
+char KC[] = {
+
+ 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
+ 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
+
+ 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+ 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32,
+};
+
+/* S Boxes */
+
+char SB[8][64] = {
+
+ 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
+ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
+ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
+ 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
+
+ 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
+ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
+ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
+ 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
+
+ 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
+ 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
+ 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
+ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
+
+ 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
+ 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
+ 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
+ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
+
+ 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
+ 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
+ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
+ 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
+
+ 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
+ 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
+ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
+ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
+
+ 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
+ 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
+ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
+ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
+
+ 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
+ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
+ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
+ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
+};
+
+/* Sbox Permutation */
+
+char SP[] = {
+
+ 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
+ 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
+};