Print this page
first pass
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libnsl/des/des_soft.c
+++ new/usr/src/lib/libnsl/des/des_soft.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22
23 23 /*
24 24 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
25 25 * Use is subject to license terms.
26 26 */
27 27
28 28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
29 29 /* All Rights Reserved */
30 30
31 31 /*
32 32 * Portions of this source code were derived from Berkeley 4.3 BSD
33 33 * under license from the Regents of the University of California.
34 34 */
35 35
36 36 #pragma ident "%Z%%M% %I% %E% SMI"
37 37
38 38 /*
39 39 * Warning! Things are arranged very carefully in this file to
40 40 * allow read-only data to be moved to the text segment. The
41 41 * various DES tables must appear before any function definitions
42 42 * (this is arranged by including them immediately below) and partab
43 43 * must also appear before and function definitions
44 44 * This arrangement allows all data up through the first text to
45 45 * be moved to text.
46 46 */
47 47
48 48 #include "mt.h"
49 49 #include <sys/types.h>
50 50 #include <des/softdes.h>
51 51 #include <des/desdata.h>
52 52 #ifdef sun
53 53 #include <sys/ioctl.h>
54 54 #include <sys/des.h>
55 55 #else
56 56 #include <des/des.h>
57 57 #endif
58 58 #include <rpcsvc/nis_dhext.h>
59 59
60 60 /*
61 61 * Fast (?) software implementation of DES
62 62 * Has been seen going at 2000 bytes/sec on a Sun-2
63 63 * Works on a VAX too.
64 64 * Won't work without 8 bit chars and 32 bit longs
65 65 */
66 66
67 67 #define btst(k, b) (k[b >> 3] & (0x80 >> (b & 07)))
68 68 #define BIT28 (1<<28)
69 69
70 70 static int __des_encrypt(uchar_t *, struct deskeydata *);
71 71 static int __des_setkey(uchar_t[8], struct deskeydata *, unsigned);
72 72
73 73
74 74 /*
75 75 * Table giving odd parity in the low bit for ASCII characters
76 76 */
77 77 const char partab[128] = {
78 78 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07,
79 79 0x08, 0x08, 0x0b, 0x0b, 0x0d, 0x0d, 0x0e, 0x0e,
80 80 0x10, 0x10, 0x13, 0x13, 0x15, 0x15, 0x16, 0x16,
81 81 0x19, 0x19, 0x1a, 0x1a, 0x1c, 0x1c, 0x1f, 0x1f,
82 82 0x20, 0x20, 0x23, 0x23, 0x25, 0x25, 0x26, 0x26,
83 83 0x29, 0x29, 0x2a, 0x2a, 0x2c, 0x2c, 0x2f, 0x2f,
84 84 0x31, 0x31, 0x32, 0x32, 0x34, 0x34, 0x37, 0x37,
85 85 0x38, 0x38, 0x3b, 0x3b, 0x3d, 0x3d, 0x3e, 0x3e,
86 86 0x40, 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46,
87 87 0x49, 0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f,
88 88 0x51, 0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57,
89 89 0x58, 0x58, 0x5b, 0x5b, 0x5d, 0x5d, 0x5e, 0x5e,
90 90 0x61, 0x61, 0x62, 0x62, 0x64, 0x64, 0x67, 0x67,
91 91 0x68, 0x68, 0x6b, 0x6b, 0x6d, 0x6d, 0x6e, 0x6e,
92 92 0x70, 0x70, 0x73, 0x73, 0x75, 0x75, 0x76, 0x76,
93 93 0x79, 0x79, 0x7a, 0x7a, 0x7c, 0x7c, 0x7f, 0x7f,
94 94 };
95 95
96 96 /*
97 97 * Add odd parity to low bit of 8 byte key
98 98 */
99 99 void
100 100 des_setparity(char *p)
101 101 {
102 102 int i;
103 103
104 104 for (i = 0; i < 8; i++) {
105 105 *p = partab[*p & 0x7f];
106 106 p++;
107 107 }
108 108 }
109 109
110 110 static const unsigned char partab_g[256] = {
111 111 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07,
112 112 0x08, 0x08, 0x0b, 0x0b, 0x0d, 0x0d, 0x0e, 0x0e,
113 113 0x10, 0x10, 0x13, 0x13, 0x15, 0x15, 0x16, 0x16,
114 114 0x19, 0x19, 0x1a, 0x1a, 0x1c, 0x1c, 0x1f, 0x1f,
115 115 0x20, 0x20, 0x23, 0x23, 0x25, 0x25, 0x26, 0x26,
116 116 0x29, 0x29, 0x2a, 0x2a, 0x2c, 0x2c, 0x2f, 0x2f,
117 117 0x31, 0x31, 0x32, 0x32, 0x34, 0x34, 0x37, 0x37,
118 118 0x38, 0x38, 0x3b, 0x3b, 0x3d, 0x3d, 0x3e, 0x3e,
119 119 0x40, 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46,
120 120 0x49, 0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f,
121 121 0x51, 0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57,
122 122 0x58, 0x58, 0x5b, 0x5b, 0x5d, 0x5d, 0x5e, 0x5e,
123 123 0x61, 0x61, 0x62, 0x62, 0x64, 0x64, 0x67, 0x67,
124 124 0x68, 0x68, 0x6b, 0x6b, 0x6d, 0x6d, 0x6e, 0x6e,
125 125 0x70, 0x70, 0x73, 0x73, 0x75, 0x75, 0x76, 0x76,
126 126 0x79, 0x79, 0x7a, 0x7a, 0x7c, 0x7c, 0x7f, 0x7f,
127 127 0x80, 0x80, 0x83, 0x83, 0x85, 0x85, 0x86, 0x86,
128 128 0x89, 0x89, 0x8a, 0x8a, 0x8c, 0x8c, 0x8f, 0x8f,
129 129 0x91, 0x91, 0x92, 0x92, 0x94, 0x94, 0x97, 0x97,
130 130 0x98, 0x98, 0x9b, 0x9b, 0x9d, 0x9d, 0x9e, 0x9e,
131 131 0xa1, 0xa1, 0xa2, 0xa2, 0xa4, 0xa4, 0xa7, 0xa7,
132 132 0xa8, 0xa8, 0xab, 0xab, 0xad, 0xad, 0xae, 0xae,
133 133 0xb0, 0xb0, 0xb3, 0xb3, 0xb5, 0xb5, 0xb6, 0xb6,
134 134 0xb9, 0xb9, 0xba, 0xba, 0xbc, 0xbc, 0xbf, 0xbf,
135 135 0xc1, 0xc1, 0xc2, 0xc2, 0xc4, 0xc4, 0xc7, 0xc7,
136 136 0xc8, 0xc8, 0xcb, 0xcb, 0xcd, 0xcd, 0xce, 0xce,
137 137 0xd0, 0xd0, 0xd3, 0xd3, 0xd5, 0xd5, 0xd6, 0xd6,
138 138 0xd9, 0xd9, 0xda, 0xda, 0xdc, 0xdc, 0xdf, 0xdf,
139 139 0xe0, 0xe0, 0xe3, 0xe3, 0xe5, 0xe5, 0xe6, 0xe6,
140 140 0xe9, 0xe9, 0xea, 0xea, 0xec, 0xec, 0xef, 0xef,
141 141 0xf1, 0xf1, 0xf2, 0xf2, 0xf4, 0xf4, 0xf7, 0xf7,
142 142 0xf8, 0xf8, 0xfb, 0xfb, 0xfd, 0xfd, 0xfe, 0xfe
143 143 };
144 144
145 145 /*
146 146 * A corrected version of des_setparity (see bug 1149767).
147 147 */
148 148 void
149 149 des_setparity_g(des_block *p)
150 150 {
151 151 int i;
152 152
153 153 for (i = 0; i < 8; i++) {
154 154 (*p).c[i] = partab_g[(*p).c[i]];
|
↓ open down ↓ |
154 lines elided |
↑ open up ↑ |
155 155 }
156 156 }
157 157
158 158 /*
159 159 * Software encrypt or decrypt a block of data (multiple of 8 bytes)
160 160 * Do the CBC ourselves if needed.
161 161 */
162 162 int
163 163 __des_crypt(char *buf, unsigned len, struct desparams *desp)
164 164 {
165 -/* EXPORT DELETE START */
166 165 short i;
167 166 unsigned mode;
168 167 unsigned dir;
169 168 char nextiv[8];
170 169 struct deskeydata softkey;
171 170
172 171 mode = (unsigned)desp->des_mode;
173 172 dir = (unsigned)desp->des_dir;
174 173 (void) __des_setkey(desp->des_key, &softkey, dir);
175 174 while (len != 0) {
176 175 switch (mode) {
177 176 case CBC:
178 177 switch (dir) {
179 178 case ENCRYPT:
180 179 for (i = 0; i < 8; i++)
181 180 buf[i] ^= desp->des_ivec[i];
182 181 (void) __des_encrypt((uchar_t *)buf, &softkey);
183 182 for (i = 0; i < 8; i++)
184 183 desp->des_ivec[i] = buf[i];
185 184 break;
186 185 case DECRYPT:
187 186 for (i = 0; i < 8; i++)
188 187 nextiv[i] = buf[i];
189 188 (void) __des_encrypt((uchar_t *)buf, &softkey);
190 189 for (i = 0; i < 8; i++) {
191 190 buf[i] ^= desp->des_ivec[i];
192 191 desp->des_ivec[i] = nextiv[i];
193 192 }
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
194 193 break;
195 194 }
196 195 break;
197 196 case ECB:
198 197 (void) __des_encrypt((uchar_t *)buf, &softkey);
199 198 break;
200 199 }
201 200 buf += 8;
202 201 len -= 8;
203 202 }
204 -/* EXPORT DELETE END */
205 203 return (1);
206 204 }
207 205
208 206
209 207 /*
210 208 * Set the key and direction for an encryption operation
211 209 * We build the 16 key entries here
212 210 */
213 211 static int
214 212 __des_setkey(uchar_t userkey[8], struct deskeydata *kd, unsigned dir)
215 213 {
216 -/* EXPORT DELETE START */
217 214 int32_t C, D;
218 215 short i;
219 216
220 217 /*
221 218 * First, generate C and D by permuting
222 219 * the key. The low order bit of each
223 220 * 8-bit char is not used, so C and D are only 28
224 221 * bits apiece.
225 222 */
226 223 {
227 224 short bit;
228 225 const short *pcc = PC1_C, *pcd = PC1_D;
229 226
230 227 C = D = 0;
231 228 for (i = 0; i < 28; i++) {
232 229 C <<= 1;
233 230 D <<= 1;
234 231 bit = *pcc++;
235 232 if (btst(userkey, bit))
236 233 C |= 1;
237 234 bit = *pcd++;
238 235 if (btst(userkey, bit))
239 236 D |= 1;
240 237 }
241 238 }
242 239 /*
243 240 * To generate Ki, rotate C and D according
244 241 * to schedule and pick up a permutation
245 242 * using PC2.
246 243 */
247 244 for (i = 0; i < 16; i++) {
248 245 chunk_t *c;
249 246 short j, k, bit;
250 247 uint32_t bbit;
251 248
252 249 /*
253 250 * Do the "left shift" (rotate)
254 251 * We know we always rotate by either 1 or 2 bits
255 252 * the shifts table tells us if its 2
256 253 */
257 254 C <<= 1;
258 255 if (C & BIT28)
259 256 C |= 1;
260 257 D <<= 1;
261 258 if (D & BIT28)
262 259 D |= 1;
263 260 if (shifts[i]) {
264 261 C <<= 1;
265 262 if (C & BIT28)
266 263 C |= 1;
267 264 D <<= 1;
268 265 if (D & BIT28)
269 266 D |= 1;
270 267 }
271 268 /*
272 269 * get Ki. Note C and D are concatenated.
273 270 */
274 271 bit = 0;
275 272 switch (dir) {
276 273 case ENCRYPT:
277 274 c = &kd->keyval[i]; break;
278 275 case DECRYPT:
279 276 c = &kd->keyval[15 - i]; break;
280 277 }
281 278 c->long0 = 0;
282 279 c->long1 = 0;
283 280 bbit = (1 << 5) << 24;
284 281 for (j = 0; j < 4; j++) {
285 282 for (k = 0; k < 6; k++) {
|
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
286 283 if (C & (BIT28 >> PC2_C[bit]))
287 284 c->long0 |= bbit >> k;
288 285 if (D & (BIT28 >> PC2_D[bit]))
289 286 c->long1 |= bbit >> k;
290 287 bit++;
291 288 }
292 289 bbit >>= 8;
293 290 }
294 291
295 292 }
296 -/* EXPORT DELETE END */
297 293 return (1);
298 294 }
299 295
300 296
301 297
302 298 /*
303 299 * Do an encryption operation
304 300 * Much pain is taken (with preprocessor) to avoid loops so the compiler
305 301 * can do address arithmetic instead of doing it at runtime.
306 302 * Note that the byte-to-chunk conversion is necessary to guarantee
307 303 * processor byte-order independence.
308 304 */
309 305 static int
310 306 __des_encrypt(uchar_t *data, struct deskeydata *kd)
311 307 {
312 -/* EXPORT DELETE START */
313 308 chunk_t work1, work2;
314 309
315 310 /*
316 311 * Initial permutation
317 312 * and byte to chunk conversion
318 313 */
319 314 {
320 315 const uint32_t *lp;
321 316 uint32_t l0, l1, w;
322 317 short i, pbit;
323 318
324 319 work1.byte0 = data[0];
325 320 work1.byte1 = data[1];
326 321 work1.byte2 = data[2];
327 322 work1.byte3 = data[3];
328 323 work1.byte4 = data[4];
329 324 work1.byte5 = data[5];
330 325 work1.byte6 = data[6];
331 326 work1.byte7 = data[7];
332 327 l0 = l1 = 0;
333 328 w = work1.long0;
334 329 for (lp = (uint32_t *)&longtab[0], i = 0; i < 32; i++) {
335 330 if (w & *lp++) {
336 331 pbit = IPtab[i];
337 332 if (pbit < 32)
338 333 l0 |= longtab[pbit];
339 334 else
340 335 l1 |= longtab[pbit-32];
341 336 }
342 337 }
343 338 w = work1.long1;
344 339 for (lp = (uint32_t *)&longtab[0], i = 32; i < 64; i++) {
345 340 if (w & *lp++) {
346 341 pbit = IPtab[i];
347 342 if (pbit < 32)
348 343 l0 |= longtab[pbit];
349 344 else
350 345 l1 |= longtab[pbit-32];
351 346 }
352 347 }
353 348 work2.long0 = l0;
354 349 work2.long1 = l1;
355 350 }
356 351
357 352 /*
358 353 * Expand 8 bits of 32 bit R to 48 bit R
359 354 */
360 355 #define do_R_to_ER(op, b) { \
361 356 const struct R_to_ER *p = &R_to_ER_tab[b][R.byte##b]; \
362 357 e0 op p->l0; \
363 358 e1 op p->l1; \
364 359 }
365 360
366 361 /*
367 362 * Inner part of the algorithm:
368 363 * Expand R from 32 to 48 bits; xor key value;
369 364 * apply S boxes; permute 32 bits of output
370 365 */
371 366 /* BEGIN CSTYLED */
372 367 #define do_F(iter, inR, outR) { \
373 368 chunk_t R, ER; \
374 369 uint32_t e0, e1; \
375 370 R.long0 = inR; \
376 371 do_R_to_ER(=, 0); \
377 372 do_R_to_ER(|=, 1); \
378 373 do_R_to_ER(|=, 2); \
379 374 do_R_to_ER(|=, 3); \
380 375 ER.long0 = e0 ^ kd->keyval[iter].long0; \
381 376 ER.long1 = e1 ^ kd->keyval[iter].long1; \
382 377 R.long0 = \
383 378 S_tab[0][ER.byte0] + \
384 379 S_tab[1][ER.byte1] + \
385 380 S_tab[2][ER.byte2] + \
386 381 S_tab[3][ER.byte3] + \
387 382 S_tab[4][ER.byte4] + \
388 383 S_tab[5][ER.byte5] + \
389 384 S_tab[6][ER.byte6] + \
390 385 S_tab[7][ER.byte7]; \
391 386 outR = \
392 387 P_tab[0][R.byte0] + \
393 388 P_tab[1][R.byte1] + \
394 389 P_tab[2][R.byte2] + \
395 390 P_tab[3][R.byte3]; \
396 391 }
397 392 /* END CSTYLED */
398 393
399 394 /*
400 395 * Do a cipher step
401 396 * Apply inner part; do xor and exchange of 32 bit parts
402 397 */
403 398 #define cipher(iter, inR, inL, outR, outL) { \
404 399 do_F(iter, inR, outR); \
405 400 outR ^= inL; \
406 401 outL = inR; \
407 402 }
408 403
409 404 /*
410 405 * Apply the 16 ciphering steps
411 406 */
412 407 {
413 408 uint32_t r0, l0, r1, l1;
414 409
415 410 l0 = work2.long0;
416 411 r0 = work2.long1;
417 412 cipher(0, r0, l0, r1, l1);
418 413 cipher(1, r1, l1, r0, l0);
419 414 cipher(2, r0, l0, r1, l1);
420 415 cipher(3, r1, l1, r0, l0);
421 416 cipher(4, r0, l0, r1, l1);
422 417 cipher(5, r1, l1, r0, l0);
423 418 cipher(6, r0, l0, r1, l1);
424 419 cipher(7, r1, l1, r0, l0);
425 420 cipher(8, r0, l0, r1, l1);
426 421 cipher(9, r1, l1, r0, l0);
427 422 cipher(10, r0, l0, r1, l1);
428 423 cipher(11, r1, l1, r0, l0);
429 424 cipher(12, r0, l0, r1, l1);
430 425 cipher(13, r1, l1, r0, l0);
431 426 cipher(14, r0, l0, r1, l1);
432 427 cipher(15, r1, l1, r0, l0);
433 428 work1.long0 = r0;
434 429 work1.long1 = l0;
435 430 }
436 431
437 432 /*
438 433 * Final permutation
439 434 * and chunk to byte conversion
440 435 */
441 436 {
442 437 uint32_t *lp;
443 438 uint32_t l0, l1, w;
444 439 short i, pbit;
445 440
446 441 l0 = l1 = 0;
447 442 w = work1.long0;
448 443 for (lp = (uint32_t *)&longtab[0], i = 0; i < 32; i++) {
449 444 if (w & *lp++) {
450 445 pbit = FPtab[i];
451 446 if (pbit < 32)
452 447 l0 |= longtab[pbit];
453 448 else
454 449 l1 |= longtab[pbit-32];
455 450 }
456 451 }
457 452 w = work1.long1;
458 453 for (lp = (uint32_t *)&longtab[0], i = 32; i < 64; i++) {
459 454 if (w & *lp++) {
460 455 pbit = FPtab[i];
461 456 if (pbit < 32)
462 457 l0 |= longtab[pbit];
463 458 else
464 459 l1 |= longtab[pbit-32];
465 460 }
466 461 }
467 462 work2.long0 = l0;
468 463 work2.long1 = l1;
|
↓ open down ↓ |
146 lines elided |
↑ open up ↑ |
469 464 }
470 465 data[0] = work2.byte0;
471 466 data[1] = work2.byte1;
472 467 data[2] = work2.byte2;
473 468 data[3] = work2.byte3;
474 469 data[4] = work2.byte4;
475 470 data[5] = work2.byte5;
476 471 data[6] = work2.byte6;
477 472 data[7] = work2.byte7;
478 473
479 -/* EXPORT DELETE END */
480 474 return (1);
481 475 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX