#include "lib9.h"
#include "libcrypt.h"

/*
 * integrated sbox & p perm
 */
static ulong spbox[] = {

0x00808200,0x00000000,0x00008000,0x00808202,0x00808002,0x00008202,0x00000002,0x00008000,
0x00000200,0x00808200,0x00808202,0x00000200,0x00800202,0x00808002,0x00800000,0x00000002,
0x00000202,0x00800200,0x00800200,0x00008200,0x00008200,0x00808000,0x00808000,0x00800202,
0x00008002,0x00800002,0x00800002,0x00008002,0x00000000,0x00000202,0x00008202,0x00800000,
0x00008000,0x00808202,0x00000002,0x00808000,0x00808200,0x00800000,0x00800000,0x00000200,
0x00808002,0x00008000,0x00008200,0x00800002,0x00000200,0x00000002,0x00800202,0x00008202,
0x00808202,0x00008002,0x00808000,0x00800202,0x00800002,0x00000202,0x00008202,0x00808200,
0x00000202,0x00800200,0x00800200,0x00000000,0x00008002,0x00008200,0x00000000,0x00808002,

0x40084010,0x40004000,0x00004000,0x00084010,0x00080000,0x00000010,0x40080010,0x40004010,
0x40000010,0x40084010,0x40084000,0x40000000,0x40004000,0x00080000,0x00000010,0x40080010,
0x00084000,0x00080010,0x40004010,0x00000000,0x40000000,0x00004000,0x00084010,0x40080000,
0x00080010,0x40000010,0x00000000,0x00084000,0x00004010,0x40084000,0x40080000,0x00004010,
0x00000000,0x00084010,0x40080010,0x00080000,0x40004010,0x40080000,0x40084000,0x00004000,
0x40080000,0x40004000,0x00000010,0x40084010,0x00084010,0x00000010,0x00004000,0x40000000,
0x00004010,0x40084000,0x00080000,0x40000010,0x00080010,0x40004010,0x40000010,0x00080010,
0x00084000,0x00000000,0x40004000,0x00004010,0x40000000,0x40080010,0x40084010,0x00084000,

0x00000104,0x04010100,0x00000000,0x04010004,0x04000100,0x00000000,0x00010104,0x04000100,
0x00010004,0x04000004,0x04000004,0x00010000,0x04010104,0x00010004,0x04010000,0x00000104,
0x04000000,0x00000004,0x04010100,0x00000100,0x00010100,0x04010000,0x04010004,0x00010104,
0x04000104,0x00010100,0x00010000,0x04000104,0x00000004,0x04010104,0x00000100,0x04000000,
0x04010100,0x04000000,0x00010004,0x00000104,0x00010000,0x04010100,0x04000100,0x00000000,
0x00000100,0x00010004,0x04010104,0x04000100,0x04000004,0x00000100,0x00000000,0x04010004,
0x04000104,0x00010000,0x04000000,0x04010104,0x00000004,0x00010104,0x00010100,0x04000004,
0x04010000,0x04000104,0x00000104,0x04010000,0x00010104,0x00000004,0x04010004,0x00010100,

0x80401000,0x80001040,0x80001040,0x00000040,0x00401040,0x80400040,0x80400000,0x80001000,
0x00000000,0x00401000,0x00401000,0x80401040,0x80000040,0x00000000,0x00400040,0x80400000,
0x80000000,0x00001000,0x00400000,0x80401000,0x00000040,0x00400000,0x80001000,0x00001040,
0x80400040,0x80000000,0x00001040,0x00400040,0x00001000,0x00401040,0x80401040,0x80000040,
0x00400040,0x80400000,0x00401000,0x80401040,0x80000040,0x00000000,0x00000000,0x00401000,
0x00001040,0x00400040,0x80400040,0x80000000,0x80401000,0x80001040,0x80001040,0x00000040,
0x80401040,0x80000040,0x80000000,0x00001000,0x80400000,0x80001000,0x00401040,0x80400040,
0x80001000,0x00001040,0x00400000,0x80401000,0x00000040,0x00400000,0x00001000,0x00401040,

0x00000080,0x01040080,0x01040000,0x21000080,0x00040000,0x00000080,0x20000000,0x01040000,
0x20040080,0x00040000,0x01000080,0x20040080,0x21000080,0x21040000,0x00040080,0x20000000,
0x01000000,0x20040000,0x20040000,0x00000000,0x20000080,0x21040080,0x21040080,0x01000080,
0x21040000,0x20000080,0x00000000,0x21000000,0x01040080,0x01000000,0x21000000,0x00040080,
0x00040000,0x21000080,0x00000080,0x01000000,0x20000000,0x01040000,0x21000080,0x20040080,
0x01000080,0x20000000,0x21040000,0x01040080,0x20040080,0x00000080,0x01000000,0x21040000,
0x21040080,0x00040080,0x21000000,0x21040080,0x01040000,0x00000000,0x20040000,0x21000000,
0x00040080,0x01000080,0x20000080,0x00040000,0x00000000,0x20040000,0x01040080,0x20000080,

0x10000008,0x10200000,0x00002000,0x10202008,0x10200000,0x00000008,0x10202008,0x00200000,
0x10002000,0x00202008,0x00200000,0x10000008,0x00200008,0x10002000,0x10000000,0x00002008,
0x00000000,0x00200008,0x10002008,0x00002000,0x00202000,0x10002008,0x00000008,0x10200008,
0x10200008,0x00000000,0x00202008,0x10202000,0x00002008,0x00202000,0x10202000,0x10000000,
0x10002000,0x00000008,0x10200008,0x00202000,0x10202008,0x00200000,0x00002008,0x10000008,
0x00200000,0x10002000,0x10000000,0x00002008,0x10000008,0x10202008,0x00202000,0x10200000,
0x00202008,0x10202000,0x00000000,0x10200008,0x00000008,0x00002000,0x10200000,0x00202008,
0x00002000,0x00200008,0x10002008,0x00000000,0x10202000,0x10000000,0x00200008,0x10002008,

0x00100000,0x02100001,0x02000401,0x00000000,0x00000400,0x02000401,0x00100401,0x02100400,
0x02100401,0x00100000,0x00000000,0x02000001,0x00000001,0x02000000,0x02100001,0x00000401,
0x02000400,0x00100401,0x00100001,0x02000400,0x02000001,0x02100000,0x02100400,0x00100001,
0x02100000,0x00000400,0x00000401,0x02100401,0x00100400,0x00000001,0x02000000,0x00100400,
0x02000000,0x00100400,0x00100000,0x02000401,0x02000401,0x02100001,0x02100001,0x00000001,
0x00100001,0x02000000,0x02000400,0x00100000,0x02100400,0x00000401,0x00100401,0x02100400,
0x00000401,0x02000001,0x02100401,0x02100000,0x00100400,0x00000000,0x00000001,0x02100401,
0x00000000,0x00100401,0x02100000,0x00000400,0x02000001,0x02000400,0x00000400,0x00100001,

0x08000820,0x00000800,0x00020000,0x08020820,0x08000000,0x08000820,0x00000020,0x08000000,
0x00020020,0x08020000,0x08020820,0x00020800,0x08020800,0x00020820,0x00000800,0x00000020,
0x08020000,0x08000020,0x08000800,0x00000820,0x00020800,0x00020020,0x08020020,0x08020800,
0x00000820,0x00000000,0x00000000,0x08020020,0x08000020,0x08000800,0x00020820,0x00020000,
0x00020820,0x00020000,0x08020800,0x00000800,0x00000020,0x08020020,0x00000800,0x00020820,
0x08000800,0x00000020,0x08000020,0x08020000,0x08020020,0x08000000,0x00020000,0x08000820,
0x00000000,0x08020820,0x00020020,0x08000020,0x08020000,0x08000800,0x08000820,0x00000000,
0x08020820,0x00020800,0x00020800,0x00000820,0x00000820,0x00020020,0x08000000,0x08020800,
};

/*
 * for manual index calculation
 * #define fetch(box, i, sh) (*((ulong*)((uchar*)spbox + (box << 8) + ((i >> (sh)) & 0xfc))))
 */
#define fetch(box, i, sh) ((spbox+(box << 6))[((i >> (sh + 2)) & 0x3f)])

/*
 * DES electronic codebook encryption of one block
 */
void
block_cipher(ulong key[32], uchar text[8], int decrypting)
{
	ulong right, left, v0, v1;
	int i, keystep;

	/*
	 * initial permutation
	 */
	v0 = text[0] | (text[2]<<8) | (text[4]<<16) | (text[6]<<24);
	left = text[1] | (text[3]<<8) | (text[5]<<16) | (text[7]<<24);
	right = (left & 0xaaaaaaaa) | ((v0 >> 1) & 0x55555555);
	left = ((left << 1) & 0xaaaaaaaa) | (v0 & 0x55555555);
	left = ((left << 6) & 0x33003300)
		| (left & 0xcc33cc33)
		| ((left >> 6) & 0x00cc00cc);
	left = ((left << 12) & 0x0f0f0000)
		| (left & 0xf0f00f0f)
		| ((left >> 12) & 0x0000f0f0);
	right = ((right << 6) & 0x33003300)
		| (right & 0xcc33cc33)
		| ((right >> 6) & 0x00cc00cc);
	right = ((right << 12) & 0x0f0f0000)
		| (right & 0xf0f00f0f)
		| ((right >> 12) & 0x0000f0f0);

	if (decrypting) {
		keystep = -2;
		key = key + 32 - 2;
	} else
		keystep = 2;
	for (i = 0; i < 8; i++) {
		v0 = key[0];
		v0 ^= (right >> 1) | (right << 31);
		left ^= fetch(0, v0, 24)
			^ fetch(2, v0, 16)
			^ fetch(4, v0, 8)
			^ fetch(6, v0, 0);
		v1 = key[1];
		v1 ^= (right << 3) | (right >> 29);
		left ^= fetch(1, v1, 24)
			^ fetch(3, v1, 16)
			^ fetch(5, v1, 8)
			^ fetch(7, v1, 0);
		key += keystep;
		
		v0 = key[0];
		v0 ^= (left >> 1) | (left << 31);
		right ^= fetch(0, v0, 24)
			^ fetch(2, v0, 16)
			^ fetch(4, v0, 8)
			^ fetch(6, v0, 0);
		v1 = key[1];
		v1 ^= (left << 3) | (left >> 29);
		right ^= fetch(1, v1, 24)
			^ fetch(3, v1, 16)
			^ fetch(5, v1, 8)
			^ fetch(7, v1, 0);
		key += keystep;
	}

	/*
	 * final permutation, inverse initial permutation
	 */
	v0 = ((left << 1) & 0xaaaaaaaa) | (right & 0x55555555);
	v1 = (left & 0xaaaaaaaa) | ((right >> 1) & 0x55555555);
	v1 = ((v1 << 6) & 0x33003300)
		| (v1 & 0xcc33cc33)
		| ((v1 >> 6) & 0x00cc00cc);
	v1 = ((v1 << 12) & 0x0f0f0000)
		| (v1 & 0xf0f00f0f)
		| ((v1 >> 12) & 0x0000f0f0);
	v0 = ((v0 << 6) & 0x33003300)
		| (v0 & 0xcc33cc33)
		| ((v0 >> 6) & 0x00cc00cc);
	v0 = ((v0 << 12) & 0x0f0f0000)
		| (v0 & 0xf0f00f0f)
		| ((v0 >> 12) & 0x0000f0f0);
	text[0] = v0;
	text[2] = v0 >> 8;
	text[4] = v0 >> 16;
	text[6] = v0 >> 24;
	text[1] = v1;
	text[3] = v1 >> 8;
	text[5] = v1 >> 16;
	text[7] = v1 >> 24;
}

/*
 * triple DES electronic codebook encryption of one block
 */
 
void
triple_block_cipher(ulong expanded_key[3][32], uchar text[8], int ende)
{
	ulong *key;
	ulong right, left, v0, v1;
	int i, j, keystep;

	/*
	 * initial permutation
	 */
	v0 = text[0] | (text[2]<<8) | (text[4]<<16) | (text[6]<<24);
	left = text[1] | (text[3]<<8) | (text[5]<<16) | (text[7]<<24);
	right = (left & 0xaaaaaaaa) | ((v0 >> 1) & 0x55555555);
	left = ((left << 1) & 0xaaaaaaaa) | (v0 & 0x55555555);
	left = ((left << 6) & 0x33003300)
		| (left & 0xcc33cc33)
		| ((left >> 6) & 0x00cc00cc);
	left = ((left << 12) & 0x0f0f0000)
		| (left & 0xf0f00f0f)
		| ((left >> 12) & 0x0000f0f0);
	right = ((right << 6) & 0x33003300)
		| (right & 0xcc33cc33)
		| ((right >> 6) & 0x00cc00cc);
	right = ((right << 12) & 0x0f0f0000)
		| (right & 0xf0f00f0f)
		| ((right >> 12) & 0x0000f0f0);

	for(j = 0; j < 3; j++){
		if((ende & 1) == DES3D) {
			key = &expanded_key[2-j][32-2];
			keystep = -2;
		} else {
			key = &expanded_key[j][0];
			keystep = 2;
		}
		ende >>= 1;
		for (i = 0; i < 8; i++) {
			v0 = key[0];
			v0 ^= (right >> 1) | (right << 31);
			left ^= fetch(0, v0, 24)
				^ fetch(2, v0, 16)
				^ fetch(4, v0, 8)
				^ fetch(6, v0, 0);
			v1 = key[1];
			v1 ^= (right << 3) | (right >> 29);
			left ^= fetch(1, v1, 24)
				^ fetch(3, v1, 16)
				^ fetch(5, v1, 8)
				^ fetch(7, v1, 0);
			key += keystep;
			
			v0 = key[0];
			v0 ^= (left >> 1) | (left << 31);
			right ^= fetch(0, v0, 24)
				^ fetch(2, v0, 16)
				^ fetch(4, v0, 8)
				^ fetch(6, v0, 0);
			v1 = key[1];
			v1 ^= (left << 3) | (left >> 29);
			right ^= fetch(1, v1, 24)
				^ fetch(3, v1, 16)
				^ fetch(5, v1, 8)
				^ fetch(7, v1, 0);
			key += keystep;
		}

		v0 = left;
		left = right;
		right = v0;
	}

	/*
	 * final permutation, inverse initial permutation
	 * left and right are swapped here
	 */
	v0 = ((right << 1) & 0xaaaaaaaa) | (left & 0x55555555);
	v1 = (right & 0xaaaaaaaa) | ((left >> 1) & 0x55555555);
	v1 = ((v1 << 6) & 0x33003300)
		| (v1 & 0xcc33cc33)
		| ((v1 >> 6) & 0x00cc00cc);
	v1 = ((v1 << 12) & 0x0f0f0000)
		| (v1 & 0xf0f00f0f)
		| ((v1 >> 12) & 0x0000f0f0);
	v0 = ((v0 << 6) & 0x33003300)
		| (v0 & 0xcc33cc33)
		| ((v0 >> 6) & 0x00cc00cc);
	v0 = ((v0 << 12) & 0x0f0f0000)
		| (v0 & 0xf0f00f0f)
		| ((v0 >> 12) & 0x0000f0f0);
	text[0] = v0;
	text[2] = v0 >> 8;
	text[4] = v0 >> 16;
	text[6] = v0 >> 24;
	text[1] = v1;
	text[3] = v1 >> 8;
	text[5] = v1 >> 16;
	text[7] = v1 >> 24;
}

/*
 * key compression permutation, 4 bits at a time
 */
static ulong comptab[] = {

0x000000,0x010000,0x000008,0x010008,0x000080,0x010080,0x000088,0x010088,
0x000000,0x010000,0x000008,0x010008,0x000080,0x010080,0x000088,0x010088,

0x000000,0x100000,0x000800,0x100800,0x000000,0x100000,0x000800,0x100800,
0x002000,0x102000,0x002800,0x102800,0x002000,0x102000,0x002800,0x102800,

0x000000,0x000004,0x000400,0x000404,0x000000,0x000004,0x000400,0x000404,
0x400000,0x400004,0x400400,0x400404,0x400000,0x400004,0x400400,0x400404,

0x000000,0x000020,0x008000,0x008020,0x800000,0x800020,0x808000,0x808020,
0x000002,0x000022,0x008002,0x008022,0x800002,0x800022,0x808002,0x808022,

0x000000,0x000200,0x200000,0x200200,0x001000,0x001200,0x201000,0x201200,
0x000000,0x000200,0x200000,0x200200,0x001000,0x001200,0x201000,0x201200,

0x000000,0x000040,0x000010,0x000050,0x004000,0x004040,0x004010,0x004050,
0x040000,0x040040,0x040010,0x040050,0x044000,0x044040,0x044010,0x044050,

0x000000,0x000100,0x020000,0x020100,0x000001,0x000101,0x020001,0x020101,
0x080000,0x080100,0x0a0000,0x0a0100,0x080001,0x080101,0x0a0001,0x0a0101,

0x000000,0x000100,0x040000,0x040100,0x000000,0x000100,0x040000,0x040100,
0x000040,0x000140,0x040040,0x040140,0x000040,0x000140,0x040040,0x040140,

0x000000,0x400000,0x008000,0x408000,0x000008,0x400008,0x008008,0x408008,
0x000400,0x400400,0x008400,0x408400,0x000408,0x400408,0x008408,0x408408,

0x000000,0x001000,0x080000,0x081000,0x000020,0x001020,0x080020,0x081020,
0x004000,0x005000,0x084000,0x085000,0x004020,0x005020,0x084020,0x085020,

0x000000,0x000800,0x000000,0x000800,0x000010,0x000810,0x000010,0x000810,
0x800000,0x800800,0x800000,0x800800,0x800010,0x800810,0x800010,0x800810,

0x000000,0x010000,0x000200,0x010200,0x000000,0x010000,0x000200,0x010200,
0x100000,0x110000,0x100200,0x110200,0x100000,0x110000,0x100200,0x110200,

0x000000,0x000004,0x000000,0x000004,0x000080,0x000084,0x000080,0x000084,
0x002000,0x002004,0x002000,0x002004,0x002080,0x002084,0x002080,0x002084,

0x000000,0x000001,0x200000,0x200001,0x020000,0x020001,0x220000,0x220001,
0x000002,0x000003,0x200002,0x200003,0x020002,0x020003,0x220002,0x220003,
};

static int keysh[] =
{
	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
};

static void
keycompperm(ulong left, ulong right, ulong *ek)
{
	ulong v0, v1;
	int i;

	for(i = 0; i < 16; i++){
		left = (left << keysh[i]) | (left >> (28 - keysh[i]));
		left &= 0xfffffff0;
		right = (right << keysh[i]) | (right >> (28 - keysh[i]));
		right &= 0xfffffff0;
		v0 = comptab[6 * (1 << 4) + ((left >> (32-4)) & 0xf)]
			| comptab[5 * (1 << 4) + ((left >> (32-8)) & 0xf)]
			| comptab[4 * (1 << 4) + ((left >> (32-12)) & 0xf)]
			| comptab[3 * (1 << 4) + ((left >> (32-16)) & 0xf)]
			| comptab[2 * (1 << 4) + ((left >> (32-20)) & 0xf)]
			| comptab[1 * (1 << 4) + ((left >> (32-24)) & 0xf)]
			| comptab[0 * (1 << 4) + ((left >> (32-28)) & 0xf)];
		v1 = comptab[13 * (1 << 4) + ((right >> (32-4)) & 0xf)]
			| comptab[12 * (1 << 4) + ((right >> (32-8)) & 0xf)]
			| comptab[11 * (1 << 4) + ((right >> (32-12)) & 0xf)]
			| comptab[10 * (1 << 4) + ((right >> (32-16)) & 0xf)]
			| comptab[9 * (1 << 4) + ((right >> (32-20)) & 0xf)]
			| comptab[8 * (1 << 4) + ((right >> (32-24)) & 0xf)]
			| comptab[7 * (1 << 4) + ((right >> (32-28)) & 0xf)];
		ek[0] = (((v0 >> (24-6)) & 0x3f) << 26)
			| (((v0 >> (24-18)) & 0x3f) << 18)
			| (((v1 >> (24-6)) & 0x3f) << 10)
			| (((v1 >> (24-18)) & 0x3f) << 2);
		ek[1] = (((v0 >> (24-12)) & 0x3f) << 26)
			| (((v0 >> (24-24)) & 0x3f) << 18)
			| (((v1 >> (24-12)) & 0x3f) << 10)
			| (((v1 >> (24-24)) & 0x3f) << 2);
		ek += 2;
	}
}

void
des_key_setup(uchar key[8], ulong *ek)
{
	ulong left, right, v0, v1;

	v0 = key[0] | (key[2] << 8) | (key[4] << 16) | (key[6] << 24);
	v1 = key[1] | (key[3] << 8) | (key[5] << 16) | (key[7] << 24);
	left = ((v0 >> 1) & 0x40404040)
		| ((v0 >> 2) & 0x10101010)
		| ((v0 >> 3) & 0x04040404)
		| ((v0 >> 4) & 0x01010101)
		| ((v1 >> 0) & 0x80808080)
		| ((v1 >> 1) & 0x20202020)
		| ((v1 >> 2) & 0x08080808)
		| ((v1 >> 3) & 0x02020202);
	right = ((v0 >> 1) & 0x04040404)
		| ((v0 << 2) & 0x10101010)
		| ((v0 << 5) & 0x40404040)
		| ((v1 << 0) & 0x08080808)
		| ((v1 << 3) & 0x20202020)
		| ((v1 << 6) & 0x80808080);
	left = ((left << 6) & 0x33003300)
		| (left & 0xcc33cc33)
		| ((left >> 6) & 0x00cc00cc);
	v0 = ((left << 12) & 0x0f0f0000)
		| (left & 0xf0f00f0f)
		| ((left >> 12) & 0x0000f0f0);
	right = ((right << 6) & 0x33003300)
		| (right & 0xcc33cc33)
		| ((right >> 6) & 0x00cc00cc);
	v1 = ((right << 12) & 0x0f0f0000)
		| (right & 0xf0f00f0f)
		| ((right >> 12) & 0x0000f0f0);
	left = v0 & 0xfffffff0;
	right = (v1 & 0xffffff00) | ((v0 << 4) & 0xf0);

	keycompperm(left, right, ek);
}

void
setupDESstate(DESstate *s, uchar key[8], uchar *ivec)
{
	memset(s, 0, sizeof(*s));
	memmove(s->key, key, sizeof(s->key));
	des_key_setup(key, s->expanded);
	if(ivec)
		memmove(s->ivec, ivec, 8);
	s->setup = 0xdeadbeef;
}

void
setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec)
{
	memset(s, 0, sizeof(*s));
	memmove(s->key, key, sizeof(s->key));
	des_key_setup(key[0], s->expanded[0]);
	des_key_setup(key[1], s->expanded[1]);
	des_key_setup(key[2], s->expanded[2]);
	if(ivec)
		memmove(s->ivec, ivec, 8);
	s->setup = 0xdeadbeef;
}