2
This bit of code was derived from the UFC-crypt package which
3
carries the following copyright
5
Modified for use by Samba by Andrew Tridgell, October 1994
7
Note that this routine is only faster on some machines. Under Linux 1.1.51
8
libc 4.5.26 I actually found this routine to be slightly slower.
10
Under SunOS I found a huge speedup by using these routines
11
(a factor of 20 or so)
13
Warning: I've had a report from Steve Kennedy <steve@gbnet.org>
14
that this crypt routine may sometimes get the wrong answer. Only
15
use UFC_CRYT if you really need it.
24
* UFC-crypt: ultra fast crypt(3) implementation
26
* Copyright (C) 1991-1998, Free Software Foundation, Inc.
28
* This library is free software; you can redistribute it and/or
29
* modify it under the terms of the GNU Lesser General Public
30
* License as published by the Free Software Foundation; either
31
* version 3 of the License, or (at your option) any later version.
33
* This library is distributed in the hope that it will be useful,
34
* but WITHOUT ANY WARRANTY; without even the implied warranty of
35
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
36
* Library General Public License for more details.
38
* You should have received a copy of the GNU Lesser General Public
39
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
41
* @(#)crypt_util.c 2.31 02/08/92
57
#define ufc_long unsigned
65
* Permutation done once on the 56 bit
66
* key derived from the original 8 byte ASCII key.
68
static int pc1[56] = {
69
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
70
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
71
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
72
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
76
* How much to rotate each 28 bit half of the pc1 permutated
77
* 56 bit key before using pc2 to give the i' key
79
static int rots[16] = {
80
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
84
* Permutation giving the key
87
static int pc2[48] = {
88
14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
89
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
90
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
91
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
95
* The E expansion table which selects
96
* bits from the 32 bit intermediate result.
98
static int esel[48] = {
99
32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
100
8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
101
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
102
24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
104
static int e_inverse[64];
107
* Permutation done on the
108
* result of sbox lookups
110
static int perm32[32] = {
111
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
112
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
118
static int sbox[8][4][16]= {
119
{ { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
120
{ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
121
{ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
122
{ 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
125
{ { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
126
{ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
127
{ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
128
{ 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
131
{ { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
132
{ 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
133
{ 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
134
{ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
137
{ { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
138
{ 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
139
{ 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
140
{ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
143
{ { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
144
{ 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
145
{ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
146
{ 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
149
{ { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
150
{ 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
151
{ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
152
{ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
155
{ { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
156
{ 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
157
{ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
158
{ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
161
{ { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
162
{ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
163
{ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
164
{ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
172
static int final_perm[64] = {
173
40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
174
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
175
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
176
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
180
* The 16 DES keys in BITMASK format
183
long32 _ufc_keytab[16][2];
187
long64 _ufc_keytab[16];
191
#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
192
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
194
/* Macro to set a bit (0..23) */
195
#define BITMASK(i) ( (1<<(11-(i)%12+3)) << ((i)<12?16:0) )
200
* Workhorses of the inner loop of the DES implementation.
201
* They do sbox lookup, shifting of this value, 32 bit
202
* permutation and E permutation for the next round.
204
* Kept in 'BITMASK' format.
208
long32 _ufc_sb0[8192], _ufc_sb1[8192], _ufc_sb2[8192], _ufc_sb3[8192];
209
static long32 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3};
213
long64 _ufc_sb0[4096], _ufc_sb1[4096], _ufc_sb2[4096], _ufc_sb3[4096];
214
static long64 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3};
218
* eperm32tab: do 32 bit permutation and E selection
220
* The first index is the byte number in the 32 bit value to be permuted
221
* - second - is the value of this byte
222
* - third - selects the two 32 bit values
224
* The table is used and generated internally in init_des to speed it up
226
static ufc_long eperm32tab[4][256][2];
229
* do_pc1: permform pc1 permutation in the key schedule generation.
231
* The first index is the byte number in the 8 byte ASCII key
232
* - second - - the two 28 bits halfs of the result
233
* - third - selects the 7 bits actually used of each byte
235
* The result is kept with 28 bit per 32 bit with the 4 most significant
238
static ufc_long do_pc1[8][2][128];
241
* do_pc2: permform pc2 permutation in the key schedule generation.
243
* The first index is the septet number in the two 28 bit intermediate values
244
* - second - - - septet values
246
* Knowledge of the structure of the pc2 permutation is used.
248
* The result is kept with 28 bit per 32 bit with the 4 most significant
251
static ufc_long do_pc2[8][128];
254
* efp: undo an extra e selection and do final
255
* permutation giving the DES result.
257
* Invoked 6 bit a time on two 48 bit values
258
* giving two 32 bit longs.
260
static ufc_long efp[16][64][2];
262
static unsigned char bytemask[8] = {
263
0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
266
static ufc_long longmask[32] = {
267
0x80000000, 0x40000000, 0x20000000, 0x10000000,
268
0x08000000, 0x04000000, 0x02000000, 0x01000000,
269
0x00800000, 0x00400000, 0x00200000, 0x00100000,
270
0x00080000, 0x00040000, 0x00020000, 0x00010000,
271
0x00008000, 0x00004000, 0x00002000, 0x00001000,
272
0x00000800, 0x00000400, 0x00000200, 0x00000100,
273
0x00000080, 0x00000040, 0x00000020, 0x00000010,
274
0x00000008, 0x00000004, 0x00000002, 0x00000001
279
* Silly rewrite of 'bzero'. I do so
280
* because some machines don't have
281
* bzero and some don't have memset.
284
static void clearmem(char *start, int cnt)
289
static int initialized = 0;
291
/* lookup a 6 bit value in sbox */
293
#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
296
* Initialize unit - may be invoked directly
300
static void ufc_init_des(void)
301
{ int comes_from_bit;
304
ufc_long mask1, mask2;
307
* Create the do_pc1 table used
308
* to affect pc1 permutation
309
* when generating keys
311
for(bit = 0; bit < 56; bit++) {
312
comes_from_bit = pc1[bit] - 1;
313
mask1 = bytemask[comes_from_bit % 8 + 1];
314
mask2 = longmask[bit % 28 + 4];
315
for(j = 0; j < 128; j++) {
317
do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
322
* Create the do_pc2 table used
323
* to affect pc2 permutation when
326
for(bit = 0; bit < 48; bit++) {
327
comes_from_bit = pc2[bit] - 1;
328
mask1 = bytemask[comes_from_bit % 7 + 1];
329
mask2 = BITMASK(bit % 24);
330
for(j = 0; j < 128; j++) {
332
do_pc2[comes_from_bit / 7][j] |= mask2;
337
* Now generate the table used to do combined
338
* 32 bit permutation and e expansion
340
* We use it because we have to permute 16384 32 bit
341
* longs into 48 bit in order to initialize sb.
343
* Looping 48 rounds per permutation becomes
348
clearmem((char*)eperm32tab, sizeof(eperm32tab));
350
for(bit = 0; bit < 48; bit++) {
351
ufc_long inner_mask1,comes_from;
353
comes_from = perm32[esel[bit]-1]-1;
354
inner_mask1 = bytemask[comes_from % 8];
358
eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24);
363
* Create the sb tables:
365
* For each 12 bit segment of an 48 bit intermediate
366
* result, the sb table precomputes the two 4 bit
367
* values of the sbox lookups done with the two 6
368
* bit halves, shifts them to their proper place,
369
* sends them through perm32 and finally E expands
370
* them so that they are ready for the next
374
for(sg = 0; sg < 4; sg++) {
378
for(j1 = 0; j1 < 64; j1++) {
379
s1 = s_lookup(2 * sg, j1);
380
for(j2 = 0; j2 < 64; j2++) {
381
ufc_long to_permute, inx;
383
s2 = s_lookup(2 * sg + 1, j2);
384
to_permute = ((s1 << 4) | s2) << (24 - 8 * sg);
387
inx = ((j1 << 6) | j2) << 1;
388
sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
389
sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
390
sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
391
sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
392
sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
393
sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
394
sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
395
sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
398
inx = ((j1 << 6) | j2);
400
((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
401
(long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
403
((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
404
(long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
406
((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
407
(long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
409
((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
410
(long64)eperm32tab[3][(to_permute) & 0xff][1];
417
* Create an inverse matrix for esel telling
418
* where to plug out bits if undoing it
420
for(bit=48; bit--;) {
421
e_inverse[esel[bit] - 1 ] = bit;
422
e_inverse[esel[bit] - 1 + 32] = bit + 48;
426
* create efp: the matrix used to
427
* undo the E expansion and effect final permutation
429
clearmem((char*)efp, sizeof efp);
430
for(bit = 0; bit < 64; bit++) {
432
ufc_long word_value, inner_mask1, inner_mask2;
433
int comes_from_f_bit, comes_from_e_bit;
434
int comes_from_word, bit_within_word;
436
/* See where bit i belongs in the two 32 bit long's */
437
o_long = bit / 32; /* 0..1 */
438
o_bit = bit % 32; /* 0..31 */
441
* And find a bit in the e permutated value setting this bit.
443
* Note: the e selection may have selected the same bit several
444
* times. By the initialization of e_inverse, we only look
445
* for one specific instance.
447
comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
448
comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
449
comes_from_word = comes_from_e_bit / 6; /* 0..15 */
450
bit_within_word = comes_from_e_bit % 6; /* 0..5 */
452
inner_mask1 = longmask[bit_within_word + 26];
453
inner_mask2 = longmask[o_bit];
455
for(word_value = 64; word_value--;) {
456
if(word_value & inner_mask1)
457
efp[comes_from_word][word_value][o_long] |= inner_mask2;
464
* Process the elements of the sb table permuting the
465
* bits swapped in the expansion by the current salt.
469
static void shuffle_sb(long32 *k, ufc_long saltbits)
473
x = (k[0] ^ k[1]) & (long32)saltbits;
481
static void shuffle_sb(long64 *k, ufc_long saltbits)
485
x = ((*k >> 32) ^ *k) & (long64)saltbits;
486
*k++ ^= (x << 32) | x;
492
* Setup the unit for a new salt
493
* Hopefully we'll not see a new salt in each crypt call.
496
static unsigned char current_salt[3] = "&&"; /* invalid value */
497
static ufc_long current_saltbits = 0;
498
static int direction = 0;
500
static void setup_salt(const char *s1)
501
{ ufc_long i, j, saltbits;
502
const unsigned char *s2 = (const unsigned char *)s1;
507
if(s2[0] == current_salt[0] && s2[1] == current_salt[1])
509
current_salt[0] = s2[0]; current_salt[1] = s2[1];
512
* This is the only crypt change to DES:
513
* entries are swapped in the expansion table
514
* according to the bits set in the salt.
517
for(i = 0; i < 2; i++) {
518
long c=ascii_to_bin(s2[i]);
521
for(j = 0; j < 6; j++) {
523
saltbits |= BITMASK(6 * i + j);
528
* Permute the sb table values
529
* to reflect the changed e
532
shuffle_sb(_ufc_sb0, current_saltbits ^ saltbits);
533
shuffle_sb(_ufc_sb1, current_saltbits ^ saltbits);
534
shuffle_sb(_ufc_sb2, current_saltbits ^ saltbits);
535
shuffle_sb(_ufc_sb3, current_saltbits ^ saltbits);
537
current_saltbits = saltbits;
540
static void ufc_mk_keytab(char *key)
541
{ ufc_long v1, v2, *k1;
544
long32 v, *k2 = &_ufc_keytab[0][0];
547
long64 v, *k2 = &_ufc_keytab[0];
550
v1 = v2 = 0; k1 = &do_pc1[0][0][0];
552
v1 |= k1[*key & 0x7f]; k1 += 128;
553
v2 |= k1[*key++ & 0x7f]; k1 += 128;
556
for(i = 0; i < 16; i++) {
559
v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
560
v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
561
v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
562
v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
563
v |= k1[(v1 ) & 0x7f]; k1 += 128;
573
v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
574
v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
575
v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
576
v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
577
v |= k1[(v2 ) & 0x7f];
586
* Undo an extra E selection and do final permutations
589
ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2)
590
{ ufc_long v1, v2, x;
591
static ufc_long ary[2];
593
x = (l1 ^ l2) & current_saltbits; l1 ^= x; l2 ^= x;
594
x = (r1 ^ r2) & current_saltbits; r1 ^= x; r2 ^= x;
596
v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
598
v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
599
v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
600
v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
601
v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
603
v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
604
v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
605
v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
606
v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
608
v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
609
v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
610
v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
611
v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
613
v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
614
v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
615
v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
616
v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
618
ary[0] = v1; ary[1] = v2;
623
* crypt only: convert from 64 bit to 11 bit ASCII
624
* prefixing with the salt
627
static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt)
628
{ static char outbuf[14];
632
outbuf[1] = salt[1] ? salt[1] : salt[0];
634
for(i = 0; i < 5; i++)
635
outbuf[i + 2] = bin_to_ascii((v1 >> (26 - 6 * i)) & 0x3f);
638
v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
640
for(i = 5; i < 10; i++)
641
outbuf[i + 2] = bin_to_ascii((v2 >> (56 - 6 * i)) & 0x3f);
643
outbuf[12] = bin_to_ascii(s);
650
* UNIX crypt function
653
static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long);
655
char *ufc_crypt(const char *key,const char *salt)
660
* Hack DES tables according to salt
667
clearmem(ktab, sizeof ktab);
668
StrnCpy(ktab, key, 8);
672
* Go for the 25 DES encryptions
674
s = _ufc_doit((ufc_long)0, (ufc_long)0,
675
(ufc_long)0, (ufc_long)0, (ufc_long)25);
678
* And convert back to 6 bit ASCII
680
return output_conversion(s[0], s[1], salt);
690
extern long32 _ufc_keytab[16][2];
691
extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
693
#define SBA(sb, v) (*(long32*)((char*)(sb)+(v)))
695
static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
700
k = &_ufc_keytab[0][0];
703
l1 ^= SBA(_ufc_sb1, s & 0xffff); l2 ^= SBA(_ufc_sb1, (s & 0xffff)+4);
704
l1 ^= SBA(_ufc_sb0, s >>= 16); l2 ^= SBA(_ufc_sb0, (s) +4);
706
l1 ^= SBA(_ufc_sb3, s & 0xffff); l2 ^= SBA(_ufc_sb3, (s & 0xffff)+4);
707
l1 ^= SBA(_ufc_sb2, s >>= 16); l2 ^= SBA(_ufc_sb2, (s) +4);
710
r1 ^= SBA(_ufc_sb1, s & 0xffff); r2 ^= SBA(_ufc_sb1, (s & 0xffff)+4);
711
r1 ^= SBA(_ufc_sb0, s >>= 16); r2 ^= SBA(_ufc_sb0, (s) +4);
713
r1 ^= SBA(_ufc_sb3, s & 0xffff); r2 ^= SBA(_ufc_sb3, (s & 0xffff)+4);
714
r1 ^= SBA(_ufc_sb2, s >>= 16); r2 ^= SBA(_ufc_sb2, (s) +4);
716
s=l1; l1=r1; r1=s; s=l2; l2=r2; r2=s;
718
return _ufc_dofinalperm(l1, l2, r1, r2);
729
extern long64 _ufc_keytab[16];
730
extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
732
#define SBA(sb, v) (*(long64*)((char*)(sb)+(v)))
734
static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
738
l = (((long64)l1) << 32) | ((long64)l2);
739
r = (((long64)r1) << 32) | ((long64)r2);
745
l ^= SBA(_ufc_sb3, (s >> 0) & 0xffff);
746
l ^= SBA(_ufc_sb2, (s >> 16) & 0xffff);
747
l ^= SBA(_ufc_sb1, (s >> 32) & 0xffff);
748
l ^= SBA(_ufc_sb0, (s >> 48) & 0xffff);
751
r ^= SBA(_ufc_sb3, (s >> 0) & 0xffff);
752
r ^= SBA(_ufc_sb2, (s >> 16) & 0xffff);
753
r ^= SBA(_ufc_sb1, (s >> 32) & 0xffff);
754
r ^= SBA(_ufc_sb0, (s >> 48) & 0xffff);
759
l1 = l >> 32; l2 = l & 0xffffffff;
760
r1 = r >> 32; r2 = r & 0xffffffff;
761
return _ufc_dofinalperm(l1, l2, r1, r2);
768
int ufc_dummy_procedure(void);
769
int ufc_dummy_procedure(void) {return 0;}