Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/des/des_soft.c
+++ new/usr/src/uts/common/des/des_soft.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 *
22 22 * Copyright 1989 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
27 27 /* All Rights Reserved */
28 28
29 29 /*
30 30 * Portions of this source code were derived from Berkeley 4.3 BSD
31 31 * under license from the Regents of the University of California.
32 32 */
33 33
34 34 #ident "%Z%%M% %I% %E% SMI"
35 35
36 36 /*
37 37 * Warning! Things are arranged very carefully in this file to
38 38 * allow read-only data to be moved to the text segment. The
39 39 * various DES tables must appear before any function definitions
40 40 * (this is arranged by including them immediately below) and partab
41 41 * must also appear before and function definitions
42 42 * This arrangement allows all data up through the first text to
43 43 * be moved to text.
44 44 */
45 45
46 46 /*
47 47 * Fast (?) software implementation of DES
48 48 * Has been seen going at 2000 bytes/sec on a Sun-2
49 49 * Works on a VAX too.
50 50 * Won't work without 8 bit chars and 32 bit longs
51 51 */
52 52
↓ open down ↓ |
52 lines elided |
↑ open up ↑ |
53 53 #include <sys/types.h>
54 54 #include <des/des.h>
55 55 #include <des/softdes.h>
56 56 #include <des/desdata.h>
57 57 #include <sys/debug.h>
58 58
59 59 static void des_setkey(u_char userkey[8], struct deskeydata *kd,
60 60 unsigned int dir);
61 61 static void des_encrypt(u_char *data, struct deskeydata *kd);
62 62
63 -/* EXPORT DELETE START */
64 63 #define btst(k, b) (k[b >> 3] & (0x80 >> (b & 07)))
65 64 #define BIT28 (1<<28)
66 -/* EXPORT DELETE END */
67 65
68 66 /*
69 67 * Software encrypt or decrypt a block of data (multiple of 8 bytes)
70 68 * Do the CBC ourselves if needed.
71 69 */
72 70 /* ARGSUSED */
73 71 int
74 72 _des_crypt(char *buf, size_t len, struct desparams *desp)
75 73 {
76 -/* EXPORT DELETE START */
77 74 short i;
78 75 uint_t mode;
79 76 uint_t dir;
80 77 char nextiv[8];
81 78 struct deskeydata softkey;
82 79
83 80 mode = desp->des_mode;
84 81 dir = desp->des_dir;
85 82 des_setkey(desp->des_key, &softkey, dir);
86 83 while (len != 0) {
87 84 switch (mode) {
88 85 case CBC:
89 86 switch (dir) {
90 87 case ENCRYPT:
91 88 for (i = 0; i < 8; i++)
92 89 buf[i] ^= desp->des_ivec[i];
93 90 des_encrypt((u_char *)buf, &softkey);
94 91 for (i = 0; i < 8; i++)
95 92 desp->des_ivec[i] = buf[i];
96 93 break;
97 94 case DECRYPT:
98 95 for (i = 0; i < 8; i++)
99 96 nextiv[i] = buf[i];
100 97 des_encrypt((u_char *)buf, &softkey);
101 98 for (i = 0; i < 8; i++) {
102 99 buf[i] ^= desp->des_ivec[i];
103 100 desp->des_ivec[i] = nextiv[i];
104 101 }
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
105 102 break;
106 103 }
107 104 break;
108 105 case ECB:
109 106 des_encrypt((u_char *)buf, &softkey);
110 107 break;
111 108 }
112 109 buf += 8;
113 110 len -= 8;
114 111 }
115 -/* EXPORT DELETE END */
116 112 return (1);
117 113 }
118 114
119 115
120 116 /*
121 117 * Set the key and direction for an encryption operation
122 118 * We build the 16 key entries here
123 119 */
124 120 /* ARGSUSED */
125 121 static void
126 122 des_setkey(u_char userkey[8], struct deskeydata *kd, unsigned int dir)
127 123 {
128 -/* EXPORT DELETE START */
129 124 int32_t C, D;
130 125 short i;
131 126
132 127 /*
133 128 * First, generate C and D by permuting
134 129 * the key. The low order bit of each
135 130 * 8-bit char is not used, so C and D are only 28
136 131 * bits apiece.
137 132 */
138 133 {
139 134 short bit;
140 135 short *pcc = (short *)PC1_C, *pcd = (short *)PC1_D;
141 136
142 137 C = D = 0;
143 138 for (i = 0; i < 28; i++) {
144 139 C <<= 1;
145 140 D <<= 1;
146 141 bit = *pcc++;
147 142 if (btst(userkey, bit))
148 143 C |= 1;
149 144 bit = *pcd++;
150 145 if (btst(userkey, bit))
151 146 D |= 1;
152 147 }
153 148 }
154 149 /*
155 150 * To generate Ki, rotate C and D according
156 151 * to schedule and pick up a permutation
157 152 * using PC2.
158 153 */
159 154 for (i = 0; i < 16; i++) {
160 155 chunk_t *c;
161 156 short j, k, bit;
162 157 int bbit;
163 158
164 159 /*
165 160 * Do the "left shift" (rotate)
166 161 * We know we always rotate by either 1 or 2 bits
167 162 * the shifts table tells us if its 2
168 163 */
169 164 C <<= 1;
170 165 if (C & BIT28)
171 166 C |= 1;
172 167 D <<= 1;
173 168 if (D & BIT28)
174 169 D |= 1;
175 170 if (shifts[i]) {
176 171 C <<= 1;
177 172 if (C & BIT28)
178 173 C |= 1;
179 174 D <<= 1;
180 175 if (D & BIT28)
181 176 D |= 1;
182 177 }
183 178 /*
184 179 * get Ki. Note C and D are concatenated.
185 180 */
186 181 bit = 0;
187 182 switch (dir) {
188 183 case ENCRYPT:
189 184 c = &kd->keyval[i];
190 185 break;
191 186 case DECRYPT:
192 187 c = &kd->keyval[15 - i];
193 188 break;
194 189 }
195 190 c->long0 = 0;
196 191 c->long1 = 0;
197 192 bbit = (1 << 5) << 24;
198 193 for (j = 0; j < 4; j++) {
↓ open down ↓ |
60 lines elided |
↑ open up ↑ |
199 194 for (k = 0; k < 6; k++) {
200 195 if (C & (BIT28 >> PC2_C[bit]))
201 196 c->long0 |= bbit >> k;
202 197 if (D & (BIT28 >> PC2_D[bit]))
203 198 c->long1 |= bbit >> k;
204 199 bit++;
205 200 }
206 201 bbit >>= 8;
207 202 }
208 203 }
209 -/* EXPORT DELETE END */
210 204 }
211 205
212 206
213 207
214 208 /*
215 209 * Do an encryption operation
216 210 * Much pain is taken (with preprocessor) to avoid loops so the compiler
217 211 * can do address arithmetic instead of doing it at runtime.
218 212 * Note that the byte-to-chunk conversion is necessary to guarantee
219 213 * processor byte-order independence.
220 214 */
221 215 /* ARGSUSED */
222 216 static void
223 217 des_encrypt(u_char *data, struct deskeydata *kd)
224 218 {
225 -/* EXPORT DELETE START */
226 219 chunk_t work1, work2;
227 220
228 221 /*
229 222 * Initial permutation
230 223 * and byte to chunk conversion
231 224 */
232 225 {
233 226 const uint32_t *lp;
234 227 uint32_t l0, l1, w;
235 228 short i, pbit;
236 229
237 230 work1.byte0 = data[0];
238 231 work1.byte1 = data[1];
239 232 work1.byte2 = data[2];
240 233 work1.byte3 = data[3];
241 234 work1.byte4 = data[4];
242 235 work1.byte5 = data[5];
243 236 work1.byte6 = data[6];
244 237 work1.byte7 = data[7];
245 238 l0 = l1 = 0;
246 239 w = work1.long0;
247 240 for (lp = &longtab[0], i = 0; i < 32; i++) {
248 241 if (w & *lp++) {
249 242 pbit = IPtab[i];
250 243 if (pbit < 32)
251 244 l0 |= longtab[pbit];
252 245 else
253 246 l1 |= longtab[pbit-32];
254 247 }
255 248 }
256 249 w = work1.long1;
257 250 for (lp = &longtab[0], i = 32; i < 64; i++) {
258 251 if (w & *lp++) {
259 252 pbit = IPtab[i];
260 253 if (pbit < 32)
261 254 l0 |= longtab[pbit];
262 255 else
263 256 l1 |= longtab[pbit-32];
264 257 }
265 258 }
266 259 work2.long0 = l0;
267 260 work2.long1 = l1;
268 261 }
269 262
270 263 /*
271 264 * Expand 8 bits of 32 bit R to 48 bit R
272 265 */
273 266 #ifdef __STDC__
274 267 #define do_R_to_ER(op, b) { \
275 268 struct R_to_ER *p = \
276 269 (struct R_to_ER *)&R_to_ER_tab[b][R.byte##b]; \
277 270 e0 op p->l0; \
278 271 e1 op p->l1; \
279 272 }
280 273 #else
281 274 #define do_R_to_ER(op, b) { \
282 275 /*CSTYLED*/ \
283 276 struct R_to_ER *p = &R_to_ER_tab[b][R.byte/**/b]; \
284 277 e0 op p->l0; \
285 278 e1 op p->l1; \
286 279 }
287 280 #endif
288 281
289 282 /*
290 283 * Inner part of the algorithm:
291 284 * Expand R from 32 to 48 bits; xor key value;
292 285 * apply S boxes; permute 32 bits of output
293 286 */
294 287 #define do_F(iter, inR, outR) { \
295 288 chunk_t R, ER; \
296 289 u_int e0, e1; \
297 290 R.long0 = inR; \
298 291 /*CSTYLED*/ \
299 292 do_R_to_ER(=,0); \
300 293 /*CSTYLED*/ \
301 294 do_R_to_ER(|=,1); \
302 295 /*CSTYLED*/ \
303 296 do_R_to_ER(|=,2); \
304 297 /*CSTYLED*/ \
305 298 do_R_to_ER(|=,3); \
306 299 ER.long0 = e0 ^ kd->keyval[iter].long0; \
307 300 ER.long1 = e1 ^ kd->keyval[iter].long1; \
308 301 R.long0 = \
309 302 S_tab[0][ER.byte0] + \
310 303 S_tab[1][ER.byte1] + \
311 304 S_tab[2][ER.byte2] + \
312 305 S_tab[3][ER.byte3] + \
313 306 S_tab[4][ER.byte4] + \
314 307 S_tab[5][ER.byte5] + \
315 308 S_tab[6][ER.byte6] + \
316 309 S_tab[7][ER.byte7]; \
317 310 outR = \
318 311 P_tab[0][R.byte0] + \
319 312 P_tab[1][R.byte1] + \
320 313 P_tab[2][R.byte2] + \
321 314 P_tab[3][R.byte3]; \
322 315 }
323 316
324 317 /*
325 318 * Do a cipher step
326 319 * Apply inner part; do xor and exchange of 32 bit parts
327 320 */
328 321 #define cipher(iter, inR, inL, outR, outL) { \
329 322 do_F(iter, inR, outR); \
330 323 outR ^= inL; \
331 324 outL = inR; \
332 325 }
333 326
334 327 /*
335 328 * Apply the 16 ciphering steps
336 329 */
337 330 {
338 331 u_int r0, l0, r1, l1;
339 332
340 333 l0 = work2.long0;
341 334 r0 = work2.long1;
342 335 cipher(0, r0, l0, r1, l1);
343 336 cipher(1, r1, l1, r0, l0);
344 337 cipher(2, r0, l0, r1, l1);
345 338 cipher(3, r1, l1, r0, l0);
346 339 cipher(4, r0, l0, r1, l1);
347 340 cipher(5, r1, l1, r0, l0);
348 341 cipher(6, r0, l0, r1, l1);
349 342 cipher(7, r1, l1, r0, l0);
350 343 cipher(8, r0, l0, r1, l1);
351 344 cipher(9, r1, l1, r0, l0);
352 345 cipher(10, r0, l0, r1, l1);
353 346 cipher(11, r1, l1, r0, l0);
354 347 cipher(12, r0, l0, r1, l1);
355 348 cipher(13, r1, l1, r0, l0);
356 349 cipher(14, r0, l0, r1, l1);
357 350 cipher(15, r1, l1, r0, l0);
358 351 work1.long0 = r0;
359 352 work1.long1 = l0;
360 353 }
361 354
362 355 /*
363 356 * Final permutation
364 357 * and chunk to byte conversion
365 358 */
366 359 {
367 360 const uint32_t *lp;
368 361 uint32_t l0, l1, w;
369 362 short i, pbit;
370 363
371 364 l0 = l1 = 0;
372 365 w = work1.long0;
373 366 for (lp = &longtab[0], i = 0; i < 32; i++) {
374 367 if (w & *lp++) {
375 368 pbit = FPtab[i];
376 369 if (pbit < 32)
377 370 l0 |= longtab[pbit];
378 371 else
379 372 l1 |= longtab[pbit-32];
380 373 }
381 374 }
382 375 w = work1.long1;
383 376 for (lp = &longtab[0], i = 32; i < 64; i++) {
384 377 if (w & *lp++) {
385 378 pbit = FPtab[i];
386 379 if (pbit < 32)
387 380 l0 |= longtab[pbit];
388 381 else
389 382 l1 |= longtab[pbit-32];
390 383 }
391 384 }
392 385 work2.long0 = l0;
↓ open down ↓ |
157 lines elided |
↑ open up ↑ |
393 386 work2.long1 = l1;
394 387 }
395 388 data[0] = work2.byte0;
396 389 data[1] = work2.byte1;
397 390 data[2] = work2.byte2;
398 391 data[3] = work2.byte3;
399 392 data[4] = work2.byte4;
400 393 data[5] = work2.byte5;
401 394 data[6] = work2.byte6;
402 395 data[7] = work2.byte7;
403 -/* EXPORT DELETE END */
404 396 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX