[FFmpeg-devel] [PATCH] DES en-/decryption

Michael Niedermayer michaelni
Sat Oct 13 23:59:31 CEST 2007 

Hi

On Sat, Oct 13, 2007 at 10:15:42PM +0200, Reimar D?ffinger wrote:
> Hello,
> some DES implementation is needed for asf decryption support.
> This version, compared to the one contained in the previous asf patch,
> should be quite a bit faster (not benchmarked though).
> If you think this is not optimized well enough to belong in libavutil I
> tend to suggest to leave it in libavformat unless someone else is
> interested in improving it.
> I am interested in hearing your comments either way.
> Btw.: this code would allow for the S_boxes_P_shuffle table to be
> generated at compile time, which is an approach I would greatly prefer,
> but I don't know how to implement this in a non-messy way.
> If any of the "Makefile-guys" have some time, maybe you could see if you
> can come up with something? I'd expect this could be used in some other
> code as well (I hope others agree this would be nice).

[...]
> +static uint32_t f_func(uint32_t r, uint64_t k) {
> +    int i;
> +    uint32_t out = 0;
> +    // expand 32 bit data to 8 * 6 bit blocks
> +    uint64_t tmp = shuffle(r, E_shuffle, sizeof(E_shuffle));
> +    tmp ^= k;
> +    // apply S-boxes, those compress the data again from 8 * 6 to 8 * 4 bits
> +#ifdef CONFIG_SMALL
> +    for (i = 0; i < 8; i++) {
> +        uint32_t v = S_boxes[i][(tmp >> 43) & 0x1f];
> +        if (tmp & ((uint64_t)1 << 42)) v >>= 4;
> +        else v &= 0x0f;
> +        tmp <<= 6;
> +        out = (out << 4) | v;
> +    }
> +    out = shuffle(out, P_shuffle, sizeof(P_shuffle));
> +#else
> +    for (i = 7; i >= 0; i--) {
> +        out |= S_boxes_P_shuffle[i][tmp & 0x3f];
> +        tmp >>= 6;
> +    }
> +#endif

cant something like

for(){
    out |= S_boxes_P_shuffle[i][(tmp ^ k) & 0x3f];
    k >>= 6;
    tmp >>= 4;
}

be used to get rid of the E_shuffle?
this might be both faster and smaller

also aligning the expanded data so that >>=8 and (uint8_t)tmp could be
used might be faster

and then i think the output could be kept in expanded format which would
simplify that further but require a bigger table, so maybe this is not
such a good idea i dunno



> +    return out;
> +}
> +

> +/**
> + * \brief rotate the two halves of the expanded 56 bit key each 1 bit left
> + *
> + * Note: the specification calls this "shift", so I kept it although
> + * it is confusing.
> + */
> +static uint64_t key_shift_left(uint64_t CDn) {
> +    uint64_t carries = (CDn >> 27) & 0x10000001;
> +    CDn <<= 1;
> +    CDn &= ~0x10000001;
> +    CDn |= carries;
> +    return CDn;
> +}
> +
> +/**
> + * \brief rotate the two halves of the expanded 56 bit key each 1 bit right
> + *
> + * Note: the specification calls this "shift", so I kept it although
> + * it is confusing.
> + */
> +static uint64_t key_shift_right(uint64_t CDn) {
> +    uint64_t carries = (CDn & 0x10000001) << 27;
> +    CDn >>= 1;
> +    CDn &= ~(0x10000001ULL << 27);
> +    CDn |= carries;
> +    return CDn;
> +}

static uint64_t key_rotate(uint64_t CDn, int s, uint64_t m){
    return ((CDn >> s) & m) | ((CDn << s) & ~m);
}

or does this lead to a larger object file?




> +
> +uint64_t ff_des_encdec(uint64_t in, uint64_t key, int decrypt) {
> +    int i;
> +    // discard parity bits from key and shuffle it into C and D parts
> +    uint64_t CDn = shuffle(key, PC1_shuffle, sizeof(PC1_shuffle));
> +    // shuffle irrelevant to security but to ease hardware implementations
> +    in = shuffle(in, IP_shuffle, sizeof(IP_shuffle));
> +    for (i = 0; i < 16; i++) {
> +        uint64_t Kn;
> +        uint32_t f_res;
> +        if (!decrypt) {
> +            CDn = key_shift_left(CDn);
> +            if (i > 1 && i != 8 && i != 15)
> +                CDn = key_shift_left(CDn);
> +        }
> +        Kn = shuffle(CDn, PC2_shuffle, sizeof(PC2_shuffle));
> +        f_res = f_func(in, Kn);
> +        in = (in << 32) | (in >> 32);
> +        in ^= f_res;
> +        if (decrypt) {
> +            CDn = key_shift_right(CDn);
> +            if (i != 0 && i != 7 && i < 14)
> +                CDn = key_shift_right(CDn);
> +        }
> +    }

key_shift_right() could be avoided by storing the keys in a table (this could
even just be on the stack and done each time if you dont want a context)
next the shift could be merged with the PC2_shuffle
removing the need for a key_shift*

PS: if any suggestion i made makes no sense, maybe it really doesnt make
sense, iam no DES expert and i might have missed some things ...

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20071013/203f0608/attachment.pgp>

More information about the ffmpeg-devel mailing list