Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/lib/libcrypt/common/des_soft.c
+++ new/usr/src/lib/libcrypt/common/des_soft.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 28 /* All Rights Reserved */
29 29
30 30 /*
31 31 * Portions of this source code were derived from Berkeley 4.3 BSD
32 32 * under license from the Regents of the University of California.
33 33 */
34 34
35 35 #pragma ident "%Z%%M% %I% %E% SMI"
36 36
37 37 /*
38 38 * Warning! Things are arranged very carefully in this file to
39 39 * allow read-only data to be moved to the text segment. The
40 40 * various DES tables must appear before any function definitions
41 41 * (this is arranged by including them immediately below) and partab
42 42 * must also appear before and function definitions
43 43 * This arrangement allows all data up through the first text to
44 44 * be moved to text.
45 45 */
46 46
47 47 #ifndef _KERNEL
48 48 #define CRYPT /* cannot configure out of user-level code */
49 49 #endif
50 50
51 51 #ifdef CRYPT
52 52 #include <sys/types.h>
53 53 #include <des/softdes.h>
54 54 #include <des/desdata.h>
55 55
56 56 #ifdef sun
57 57 #include <sys/ioctl.h>
58 58 #include <sys/des.h>
59 59 #else
60 60 #include <des/des.h>
61 61 #endif
62 62
63 63 #include "des_soft.h"
64 64
65 65 /*
66 66 * Fast (?) software implementation of DES
67 67 * Has been seen going at 2000 bytes/sec on a Sun-2
68 68 * Works on a VAX too.
69 69 * Won't work without 8 bit chars and 32 bit longs
70 70 */
71 71
72 72 #define btst(k, b) (k[b >> 3] & (0x80 >> (b & 07)))
73 73 #define BIT28 (1<<28)
74 74
75 75
76 76 #endif /* def CRYPT */
77 77
78 78 static void des_setkey(uchar_t [8], struct deskeydata *, unsigned);
79 79 static void des_encrypt(uchar_t *, struct deskeydata *);
80 80
81 81 #ifndef _KERNEL
82 82 /*
83 83 * Table giving odd parity in the low bit for ASCII characters
84 84 */
85 85 static char partab[128] = {
86 86 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07,
87 87 0x08, 0x08, 0x0b, 0x0b, 0x0d, 0x0d, 0x0e, 0x0e,
88 88 0x10, 0x10, 0x13, 0x13, 0x15, 0x15, 0x16, 0x16,
89 89 0x19, 0x19, 0x1a, 0x1a, 0x1c, 0x1c, 0x1f, 0x1f,
90 90 0x20, 0x20, 0x23, 0x23, 0x25, 0x25, 0x26, 0x26,
91 91 0x29, 0x29, 0x2a, 0x2a, 0x2c, 0x2c, 0x2f, 0x2f,
92 92 0x31, 0x31, 0x32, 0x32, 0x34, 0x34, 0x37, 0x37,
93 93 0x38, 0x38, 0x3b, 0x3b, 0x3d, 0x3d, 0x3e, 0x3e,
94 94 0x40, 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46,
95 95 0x49, 0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f,
96 96 0x51, 0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57,
97 97 0x58, 0x58, 0x5b, 0x5b, 0x5d, 0x5d, 0x5e, 0x5e,
98 98 0x61, 0x61, 0x62, 0x62, 0x64, 0x64, 0x67, 0x67,
99 99 0x68, 0x68, 0x6b, 0x6b, 0x6d, 0x6d, 0x6e, 0x6e,
100 100 0x70, 0x70, 0x73, 0x73, 0x75, 0x75, 0x76, 0x76,
101 101 0x79, 0x79, 0x7a, 0x7a, 0x7c, 0x7c, 0x7f, 0x7f,
102 102 };
103 103
104 104
105 105
106 106 /*
107 107 * Add odd parity to low bit of 8 byte key
108 108 */
109 109 void
110 110 des_setparity(char *p)
111 111 {
112 112 int i;
113 113
114 114 for (i = 0; i < 8; i++) {
115 115 *p = partab[*p & 0x7f];
116 116 p++;
117 117 }
118 118 }
↓ open down ↓ |
118 lines elided |
↑ open up ↑ |
119 119 #endif /* def _KERNEL */
120 120
121 121 #ifdef CRYPT
122 122 /*
123 123 * Software encrypt or decrypt a block of data (multiple of 8 bytes)
124 124 * Do the CBC ourselves if needed.
125 125 */
126 126 int
127 127 __des_crypt(char *buf, unsigned int len, struct desparams *desp)
128 128 {
129 -/* EXPORT DELETE START */
130 129 short i;
131 130 unsigned mode;
132 131 unsigned dir;
133 132 char nextiv[8];
134 133 struct deskeydata softkey;
135 134
136 135 mode = (unsigned)desp->des_mode;
137 136 dir = (unsigned)desp->des_dir;
138 137 des_setkey(desp->des_key, &softkey, dir);
139 138 while (len != 0) {
140 139 switch (mode) {
141 140 case CBC:
142 141 switch (dir) {
143 142 case ENCRYPT:
144 143 for (i = 0; i < 8; i++)
145 144 buf[i] ^= desp->des_ivec[i];
146 145 des_encrypt((uchar_t *)buf, &softkey);
147 146 for (i = 0; i < 8; i++)
148 147 desp->des_ivec[i] = buf[i];
149 148 break;
150 149 case DECRYPT:
151 150 for (i = 0; i < 8; i++)
152 151 nextiv[i] = buf[i];
153 152 des_encrypt((uchar_t *)buf, &softkey);
154 153 for (i = 0; i < 8; i++) {
155 154 buf[i] ^= desp->des_ivec[i];
156 155 desp->des_ivec[i] = nextiv[i];
157 156 }
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
158 157 break;
159 158 }
160 159 break;
161 160 case ECB:
162 161 des_encrypt((uchar_t *)buf, &softkey);
163 162 break;
164 163 }
165 164 buf += 8;
166 165 len -= 8;
167 166 }
168 -/* EXPORT DELETE END */
169 167 return (1);
170 168 }
171 169
172 170
173 171 /*
174 172 * Set the key and direction for an encryption operation
175 173 * We build the 16 key entries here
176 174 */
177 175 static void
178 176 des_setkey(uchar_t userkey[8], struct deskeydata *kd, unsigned int dir)
179 177 {
180 -/* EXPORT DELETE START */
181 178 long C, D;
182 179 short i;
183 180
184 181 /*
185 182 * First, generate C and D by permuting
186 183 * the key. The low order bit of each
187 184 * 8-bit char is not used, so C and D are only 28
188 185 * bits apiece.
189 186 */
190 187 {
191 188 short bit;
192 189 const short *pcc = PC1_C, *pcd = PC1_D;
193 190
194 191 C = D = 0;
195 192 for (i = 0; i < 28; i++) {
196 193 C <<= 1;
197 194 D <<= 1;
198 195 bit = *pcc++;
199 196 if (btst(userkey, bit))
200 197 C |= 1;
201 198 bit = *pcd++;
202 199 if (btst(userkey, bit))
203 200 D |= 1;
204 201 }
205 202 }
206 203 /*
207 204 * To generate Ki, rotate C and D according
208 205 * to schedule and pick up a permutation
209 206 * using PC2.
210 207 */
211 208 for (i = 0; i < 16; i++) {
212 209 chunk_t *c;
213 210 short j, k, bit;
214 211 long bbit;
215 212
216 213 /*
217 214 * Do the "left shift" (rotate)
218 215 * We know we always rotate by either 1 or 2 bits
219 216 * the shifts table tells us if its 2
220 217 */
221 218 C <<= 1;
222 219 if (C & BIT28)
223 220 C |= 1;
224 221 D <<= 1;
225 222 if (D & BIT28)
226 223 D |= 1;
227 224 if (shifts[i]) {
228 225 C <<= 1;
229 226 if (C & BIT28)
230 227 C |= 1;
231 228 D <<= 1;
232 229 if (D & BIT28)
233 230 D |= 1;
234 231 }
235 232 /*
236 233 * get Ki. Note C and D are concatenated.
237 234 */
238 235 bit = 0;
239 236 switch (dir) {
240 237 case ENCRYPT:
241 238 c = &kd->keyval[i]; break;
242 239 case DECRYPT:
243 240 c = &kd->keyval[15 - i]; break;
244 241 }
245 242 c->long0 = 0;
246 243 c->long1 = 0;
247 244 bbit = (1 << 5) << 24;
248 245 for (j = 0; j < 4; j++) {
249 246 for (k = 0; k < 6; k++) {
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
250 247 if (C & (BIT28 >> PC2_C[bit]))
251 248 c->long0 |= bbit >> k;
252 249 if (D & (BIT28 >> PC2_D[bit]))
253 250 c->long1 |= bbit >> k;
254 251 bit++;
255 252 }
256 253 bbit >>= 8;
257 254 }
258 255
259 256 }
260 -/* EXPORT DELETE END */
261 257 }
262 258
263 259
264 260
265 261 /*
266 262 * Do an encryption operation
267 263 * Much pain is taken (with preprocessor) to avoid loops so the compiler
268 264 * can do address arithmetic instead of doing it at runtime.
269 265 * Note that the byte-to-chunk conversion is necessary to guarantee
270 266 * processor byte-order independence.
271 267 */
272 268 static void
273 269 des_encrypt(uchar_t *data, struct deskeydata *kd)
274 270 {
275 -/* EXPORT DELETE START */
276 271 chunk_t work1, work2;
277 272
278 273 /*
279 274 * Initial permutation
280 275 * and byte to chunk conversion
281 276 */
282 277 {
283 278 const uint32_t *lp;
284 279 uint32_t l0, l1, w;
285 280 short i, pbit;
286 281
287 282 work1.byte0 = data[0];
288 283 work1.byte1 = data[1];
289 284 work1.byte2 = data[2];
290 285 work1.byte3 = data[3];
291 286 work1.byte4 = data[4];
292 287 work1.byte5 = data[5];
293 288 work1.byte6 = data[6];
294 289 work1.byte7 = data[7];
295 290 l0 = l1 = 0;
296 291 w = work1.long0;
297 292 for (lp = &longtab[0], i = 0; i < 32; i++) {
298 293 if (w & *lp++) {
299 294 pbit = IPtab[i];
300 295 if (pbit < 32)
301 296 l0 |= longtab[pbit];
302 297 else
303 298 l1 |= longtab[pbit-32];
304 299 }
305 300 }
306 301 w = work1.long1;
307 302 for (lp = &longtab[0], i = 32; i < 64; i++) {
308 303 if (w & *lp++) {
309 304 pbit = IPtab[i];
310 305 if (pbit < 32)
311 306 l0 |= longtab[pbit];
312 307 else
313 308 l1 |= longtab[pbit-32];
314 309 }
315 310 }
316 311 work2.long0 = l0;
317 312 work2.long1 = l1;
318 313 }
319 314
320 315 /*
321 316 * Expand 8 bits of 32 bit R to 48 bit R
322 317 */
323 318 #define do_R_to_ER(op, b) { \
324 319 const struct R_to_ER *p = &R_to_ER_tab[b][R.byte##b]; \
325 320 e0 op p->l0; \
326 321 e1 op p->l1; \
327 322 }
328 323
329 324 /*
330 325 * Inner part of the algorithm:
331 326 * Expand R from 32 to 48 bits; xor key value;
332 327 * apply S boxes; permute 32 bits of output
333 328 */
334 329 #define do_F(iter, inR, outR) { \
335 330 chunk_t R, ER; \
336 331 uint32_t e0, e1; \
337 332 R.long0 = inR; \
338 333 /* CSTYLED */ \
339 334 do_R_to_ER(=, 0); \
340 335 /* CSTYLED */ \
341 336 do_R_to_ER(|=, 1); \
342 337 /* CSTYLED */ \
343 338 do_R_to_ER(|=, 2); \
344 339 /* CSTYLED */ \
345 340 do_R_to_ER(|=, 3); \
346 341 ER.long0 = e0 ^ kd->keyval[iter].long0; \
347 342 ER.long1 = e1 ^ kd->keyval[iter].long1; \
348 343 R.long0 = \
349 344 S_tab[0][ER.byte0] + \
350 345 S_tab[1][ER.byte1] + \
351 346 S_tab[2][ER.byte2] + \
352 347 S_tab[3][ER.byte3] + \
353 348 S_tab[4][ER.byte4] + \
354 349 S_tab[5][ER.byte5] + \
355 350 S_tab[6][ER.byte6] + \
356 351 S_tab[7][ER.byte7]; \
357 352 outR = \
358 353 P_tab[0][R.byte0] + \
359 354 P_tab[1][R.byte1] + \
360 355 P_tab[2][R.byte2] + \
361 356 P_tab[3][R.byte3]; \
362 357 }
363 358
364 359 /*
365 360 * Do a cipher step
366 361 * Apply inner part; do xor and exchange of 32 bit parts
367 362 */
368 363 #define cipher(iter, inR, inL, outR, outL) { \
369 364 do_F(iter, inR, outR); \
370 365 outR ^= inL; \
371 366 outL = inR; \
372 367 }
373 368
374 369 /*
375 370 * Apply the 16 ciphering steps
376 371 */
377 372 {
378 373 uint32_t r0, l0, r1, l1;
379 374
380 375 l0 = work2.long0;
381 376 r0 = work2.long1;
382 377 cipher(0, r0, l0, r1, l1);
383 378 cipher(1, r1, l1, r0, l0);
384 379 cipher(2, r0, l0, r1, l1);
385 380 cipher(3, r1, l1, r0, l0);
386 381 cipher(4, r0, l0, r1, l1);
387 382 cipher(5, r1, l1, r0, l0);
388 383 cipher(6, r0, l0, r1, l1);
389 384 cipher(7, r1, l1, r0, l0);
390 385 cipher(8, r0, l0, r1, l1);
391 386 cipher(9, r1, l1, r0, l0);
392 387 cipher(10, r0, l0, r1, l1);
393 388 cipher(11, r1, l1, r0, l0);
394 389 cipher(12, r0, l0, r1, l1);
395 390 cipher(13, r1, l1, r0, l0);
396 391 cipher(14, r0, l0, r1, l1);
397 392 cipher(15, r1, l1, r0, l0);
398 393 work1.long0 = r0;
399 394 work1.long1 = l0;
400 395 }
401 396
402 397 /*
403 398 * Final permutation
404 399 * and chunk to byte conversion
405 400 */
406 401 {
407 402 const uint32_t *lp;
408 403 uint32_t l0, l1, w;
409 404 short i, pbit;
410 405
411 406 l0 = l1 = 0;
412 407 w = work1.long0;
413 408 for (lp = &longtab[0], i = 0; i < 32; i++) {
414 409 if (w & *lp++) {
415 410 pbit = FPtab[i];
416 411 if (pbit < 32)
417 412 l0 |= longtab[pbit];
418 413 else
419 414 l1 |= longtab[pbit-32];
420 415 }
421 416 }
422 417 w = work1.long1;
423 418 for (lp = &longtab[0], i = 32; i < 64; i++) {
424 419 if (w & *lp++) {
425 420 pbit = FPtab[i];
426 421 if (pbit < 32)
427 422 l0 |= longtab[pbit];
428 423 else
429 424 l1 |= longtab[pbit-32];
430 425 }
431 426 }
432 427 work2.long0 = l0;
↓ open down ↓ |
147 lines elided |
↑ open up ↑ |
433 428 work2.long1 = l1;
434 429 }
435 430 data[0] = work2.byte0;
436 431 data[1] = work2.byte1;
437 432 data[2] = work2.byte2;
438 433 data[3] = work2.byte3;
439 434 data[4] = work2.byte4;
440 435 data[5] = work2.byte5;
441 436 data[6] = work2.byte6;
442 437 data[7] = work2.byte7;
443 -
444 -/* EXPORT DELETE END */
445 438 }
446 439 #endif /* def CRYPT */
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX