From: Love Hörnquist-Åstrand Date: Tue, 29 Oct 2002 00:05:06 +0000 (+0000) Subject: rxkad-new-fcrypt-20021028 X-Git-Tag: openafs-devel-1_3_50~539 X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=ea57d1062c8f48a4217b220a169a1072488ff953;hp=7da7434842cdaab7efb482023774a378cedd42ae rxkad-new-fcrypt-20021028 rxkad fcrypt from bg@pdc.kth.se. we should also add autoconf test for what to use for EFF_NTOHL --- diff --git a/src/rxkad/Makefile.in b/src/rxkad/Makefile.in index 21bb102..b854296 100644 --- a/src/rxkad/Makefile.in +++ b/src/rxkad/Makefile.in @@ -14,7 +14,7 @@ INCLS=${TOP_INCDIR}/rx/rx.h ${TOP_INCDIR}/rx/xdr.h \ rxkad.h rxkad_prototypes.h fcrypt.h v5gen.h OBJS=rxkad_client.o rxkad_server.o rxkad_common.o rxkad_errs.o \ - fcrypt.o crypt_conn.o ticket.o ticket5.o crc.o + bg-fcrypt.o ticket.o ticket5.o crc.o fc_test_OBJS=fc_test.o @@ -61,8 +61,6 @@ librxkad.a: ${OBJS} AFS_component_version_number.o $(AR) crv $@ ${OBJS} AFS_component_version_number.o $(RANLIB) $@ -crypt_conn.o: fcrypt.h private_data.h crypt_conn.c ${INCLS} - rxkad_client.o: fcrypt.h private_data.h rxkad_client.c ${INCLS} rxkad_server.o: fcrypt.h private_data.h rxkad_server.c ${INCLS} @@ -81,8 +79,8 @@ ticket5.o: ticket5.c v5gen.c v5der.c v5gen-rewrite.h ${INCLS} crc.o: crc.c ${INCLS} -fcrypt.o: fcrypt.c fcrypt.h sboxes.h rxkad.h rxkad_prototypes.h - ${CC} ${CFLAGS} -c fcrypt.c +bg-fcrypt.o: bg-fcrypt.c fcrypt.h rxkad.h rxkad_prototypes.h + ${CC} ${CFLAGS} -c bg-fcrypt.c tcrypt: tcrypt.o librxkad.a ${CC} -o tcrypt tcrypt.o librxkad.a @@ -101,7 +99,7 @@ fc_test.o: ${INCLS} clean: $(RM) -f *.o *.a tcrypt core rxkad_errs.c rxkad.h \ AFS_component_version_number.c \ - crypt_conn.c fcrypt.c fcrypt.h sboxes.h \ + fcrypt.h sboxes.h \ fc_test test: @@ -110,18 +108,9 @@ test: # These sources are kept in a separate directory so that we can use an # ACL to comply with source export restrictions. -crypt_conn.c: domestic/crypt_conn.c - ${INSTALL} $? $@ - -fcrypt.c: domestic/fcrypt.c - ${INSTALL} $? $@ - fcrypt.h: domestic/fcrypt.h ${INSTALL} $? $@ -sboxes.h: domestic/sboxes.h - ${INSTALL} $? $@ - tcrypt.c: domestic/tcrypt.c ${INSTALL} $? $@ diff --git a/src/rxkad/bg-fcrypt.c b/src/rxkad/bg-fcrypt.c new file mode 100644 index 0000000..c968b0d --- /dev/null +++ b/src/rxkad/bg-fcrypt.c @@ -0,0 +1,793 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include +#ifdef KERNEL +#include "afs/param.h" +#else +#include +#endif + +RCSID("$Header$"); + +#define DEBUG 0 +#ifdef KERNEL +#ifndef UKERNEL +#include "afs/stds.h" +#include "h/types.h" +#if !defined(AFS_LINUX20_ENV) && !defined(AFS_OBSD_ENV) +#include "netinet/in.h" +#endif +#else /* UKERNEL */ +#include "afs/sysincludes.h" +#include "afs/stds.h" +#endif /* UKERNEL */ +#ifdef AFS_LINUX22_ENV +#include +#endif + +#include "afs/longc_procs.h" + +#else /* KERNEL */ + +#include +#include +#ifdef AFS_NT40_ENV +#include +#else +#include +#endif +#include +#endif /* KERNEL */ + +#include "fcrypt.h" +#include "rxkad.h" +#include "fcrypt.h" + +#undef WORDS_BIGENDIAN +#ifdef AFSBIG_ENDIAN +#define WORDS_BIGENDIAN 1 +#endif + +/* + * Unrolling of the inner loops helps the most on pentium chips + * (ca 18%). On risc machines only expect a modest improvement (ca 5%). + * The cost for this is rougly 4k bytes. + */ +#define UNROLL_LOOPS 1 +/* + * Inline assembler gives a boost only to fc_keysched. + * On the pentium expect ca 28%. + */ +/*#define GNU_ASM 1 (now autoconfed) */ + +#if !defined(inline) && !defined(__GNUC__) +#define inline +#endif + +/* + * There is usually no memcpy in kernels but gcc will inline all + * calls to memcpy in this code anyway. + */ +#if defined(KERNEL) && !defined(__GNUC__) +#define memcpy(to, from, n) bcopy((from), (to), (n)) +#endif + +/* Rotate 32 bit word left */ +#define ROT32L(x, n) ((((afs_uint32) x) << (n)) | (((afs_uint32) x) >> (32-(n)))) +#define bswap32(x) (((ROT32L(x, 16) & 0x00ff00ff)<<8) | ((ROT32L(x, 16)>>8) & 0x00ff00ff)) + +#if WORDS_BIGENDIAN +#define NTOH(x) (x) +#else +#define NTOH(x) bswap32(x) +#endif + +/* + * Try to use a good function for ntohl-ing. + * + * The choice is done by autoconf setting EFF_NTOHL to one of: + * CPU function + * i386 ntohl + * i[4-9]86 bswap + * alpha bswap32 + * all else ntohl + */ + +#define EFF_NTOHL(x) ntohl(x) + +#if 0 +#if defined(__GNUC__) && (defined(i386) || defined(__i386__)) +static inline afs_uint32 +bswap(afs_uint32 x) +{ + asm("bswap %0" : "=r" (x) : "0" (x)); + return x; +} +#endif +#endif + +/* + * Sboxes for Feistel network derived from + * /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad/sboxes.h + */ + +#undef Z +#define Z(x) NTOH(x << 3) +static const afs_uint32 sbox0[256] = { + Z(0xea), Z(0x7f), Z(0xb2), Z(0x64), Z(0x9d), Z(0xb0), Z(0xd9), Z(0x11), Z(0xcd), Z(0x86), Z(0x86), + Z(0x91), Z(0x0a), Z(0xb2), Z(0x93), Z(0x06), Z(0x0e), Z(0x06), Z(0xd2), Z(0x65), Z(0x73), Z(0xc5), + Z(0x28), Z(0x60), Z(0xf2), Z(0x20), Z(0xb5), Z(0x38), Z(0x7e), Z(0xda), Z(0x9f), Z(0xe3), Z(0xd2), + Z(0xcf), Z(0xc4), Z(0x3c), Z(0x61), Z(0xff), Z(0x4a), Z(0x4a), Z(0x35), Z(0xac), Z(0xaa), Z(0x5f), + Z(0x2b), Z(0xbb), Z(0xbc), Z(0x53), Z(0x4e), Z(0x9d), Z(0x78), Z(0xa3), Z(0xdc), Z(0x09), Z(0x32), + Z(0x10), Z(0xc6), Z(0x6f), Z(0x66), Z(0xd6), Z(0xab), Z(0xa9), Z(0xaf), Z(0xfd), Z(0x3b), Z(0x95), + Z(0xe8), Z(0x34), Z(0x9a), Z(0x81), Z(0x72), Z(0x80), Z(0x9c), Z(0xf3), Z(0xec), Z(0xda), Z(0x9f), + Z(0x26), Z(0x76), Z(0x15), Z(0x3e), Z(0x55), Z(0x4d), Z(0xde), Z(0x84), Z(0xee), Z(0xad), Z(0xc7), + Z(0xf1), Z(0x6b), Z(0x3d), Z(0xd3), Z(0x04), Z(0x49), Z(0xaa), Z(0x24), Z(0x0b), Z(0x8a), Z(0x83), + Z(0xba), Z(0xfa), Z(0x85), Z(0xa0), Z(0xa8), Z(0xb1), Z(0xd4), Z(0x01), Z(0xd8), Z(0x70), Z(0x64), + Z(0xf0), Z(0x51), Z(0xd2), Z(0xc3), Z(0xa7), Z(0x75), Z(0x8c), Z(0xa5), Z(0x64), Z(0xef), Z(0x10), + Z(0x4e), Z(0xb7), Z(0xc6), Z(0x61), Z(0x03), Z(0xeb), Z(0x44), Z(0x3d), Z(0xe5), Z(0xb3), Z(0x5b), + Z(0xae), Z(0xd5), Z(0xad), Z(0x1d), Z(0xfa), Z(0x5a), Z(0x1e), Z(0x33), Z(0xab), Z(0x93), Z(0xa2), + Z(0xb7), Z(0xe7), Z(0xa8), Z(0x45), Z(0xa4), Z(0xcd), Z(0x29), Z(0x63), Z(0x44), Z(0xb6), Z(0x69), + Z(0x7e), Z(0x2e), Z(0x62), Z(0x03), Z(0xc8), Z(0xe0), Z(0x17), Z(0xbb), Z(0xc7), Z(0xf3), Z(0x3f), + Z(0x36), Z(0xba), Z(0x71), Z(0x8e), Z(0x97), Z(0x65), Z(0x60), Z(0x69), Z(0xb6), Z(0xf6), Z(0xe6), + Z(0x6e), Z(0xe0), Z(0x81), Z(0x59), Z(0xe8), Z(0xaf), Z(0xdd), Z(0x95), Z(0x22), Z(0x99), Z(0xfd), + Z(0x63), Z(0x19), Z(0x74), Z(0x61), Z(0xb1), Z(0xb6), Z(0x5b), Z(0xae), Z(0x54), Z(0xb3), Z(0x70), + Z(0xff), Z(0xc6), Z(0x3b), Z(0x3e), Z(0xc1), Z(0xd7), Z(0xe1), Z(0x0e), Z(0x76), Z(0xe5), Z(0x36), + Z(0x4f), Z(0x59), Z(0xc7), Z(0x08), Z(0x6e), Z(0x82), Z(0xa6), Z(0x93), Z(0xc4), Z(0xaa), Z(0x26), + Z(0x49), Z(0xe0), Z(0x21), Z(0x64), Z(0x07), Z(0x9f), Z(0x64), Z(0x81), Z(0x9c), Z(0xbf), Z(0xf9), + Z(0xd1), Z(0x43), Z(0xf8), Z(0xb6), Z(0xb9), Z(0xf1), Z(0x24), Z(0x75), Z(0x03), Z(0xe4), Z(0xb0), + Z(0x99), Z(0x46), Z(0x3d), Z(0xf5), Z(0xd1), Z(0x39), Z(0x72), Z(0x12), Z(0xf6), Z(0xba), Z(0x0c), + Z(0x0d), Z(0x42), Z(0x2e)}; + +#undef Z +#define Z(x) NTOH((x << 27) | (x >> 5)) +static const afs_uint32 sbox1[256] = { + Z(0x77), Z(0x14), Z(0xa6), Z(0xfe), Z(0xb2), Z(0x5e), Z(0x8c), Z(0x3e), Z(0x67), Z(0x6c), Z(0xa1), + Z(0x0d), Z(0xc2), Z(0xa2), Z(0xc1), Z(0x85), Z(0x6c), Z(0x7b), Z(0x67), Z(0xc6), Z(0x23), Z(0xe3), + Z(0xf2), Z(0x89), Z(0x50), Z(0x9c), Z(0x03), Z(0xb7), Z(0x73), Z(0xe6), Z(0xe1), Z(0x39), Z(0x31), + Z(0x2c), Z(0x27), Z(0x9f), Z(0xa5), Z(0x69), Z(0x44), Z(0xd6), Z(0x23), Z(0x83), Z(0x98), Z(0x7d), + Z(0x3c), Z(0xb4), Z(0x2d), Z(0x99), Z(0x1c), Z(0x1f), Z(0x8c), Z(0x20), Z(0x03), Z(0x7c), Z(0x5f), + Z(0xad), Z(0xf4), Z(0xfa), Z(0x95), Z(0xca), Z(0x76), Z(0x44), Z(0xcd), Z(0xb6), Z(0xb8), Z(0xa1), + Z(0xa1), Z(0xbe), Z(0x9e), Z(0x54), Z(0x8f), Z(0x0b), Z(0x16), Z(0x74), Z(0x31), Z(0x8a), Z(0x23), + Z(0x17), Z(0x04), Z(0xfa), Z(0x79), Z(0x84), Z(0xb1), Z(0xf5), Z(0x13), Z(0xab), Z(0xb5), Z(0x2e), + Z(0xaa), Z(0x0c), Z(0x60), Z(0x6b), Z(0x5b), Z(0xc4), Z(0x4b), Z(0xbc), Z(0xe2), Z(0xaf), Z(0x45), + Z(0x73), Z(0xfa), Z(0xc9), Z(0x49), Z(0xcd), Z(0x00), Z(0x92), Z(0x7d), Z(0x97), Z(0x7a), Z(0x18), + Z(0x60), Z(0x3d), Z(0xcf), Z(0x5b), Z(0xde), Z(0xc6), Z(0xe2), Z(0xe6), Z(0xbb), Z(0x8b), Z(0x06), + Z(0xda), Z(0x08), Z(0x15), Z(0x1b), Z(0x88), Z(0x6a), Z(0x17), Z(0x89), Z(0xd0), Z(0xa9), Z(0xc1), + Z(0xc9), Z(0x70), Z(0x6b), Z(0xe5), Z(0x43), Z(0xf4), Z(0x68), Z(0xc8), Z(0xd3), Z(0x84), Z(0x28), + Z(0x0a), Z(0x52), Z(0x66), Z(0xa3), Z(0xca), Z(0xf2), Z(0xe3), Z(0x7f), Z(0x7a), Z(0x31), Z(0xf7), + Z(0x88), Z(0x94), Z(0x5e), Z(0x9c), Z(0x63), Z(0xd5), Z(0x24), Z(0x66), Z(0xfc), Z(0xb3), Z(0x57), + Z(0x25), Z(0xbe), Z(0x89), Z(0x44), Z(0xc4), Z(0xe0), Z(0x8f), Z(0x23), Z(0x3c), Z(0x12), Z(0x52), + Z(0xf5), Z(0x1e), Z(0xf4), Z(0xcb), Z(0x18), Z(0x33), Z(0x1f), Z(0xf8), Z(0x69), Z(0x10), Z(0x9d), + Z(0xd3), Z(0xf7), Z(0x28), Z(0xf8), Z(0x30), Z(0x05), Z(0x5e), Z(0x32), Z(0xc0), Z(0xd5), Z(0x19), + Z(0xbd), Z(0x45), Z(0x8b), Z(0x5b), Z(0xfd), Z(0xbc), Z(0xe2), Z(0x5c), Z(0xa9), Z(0x96), Z(0xef), + Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61), Z(0xad), Z(0x80), Z(0x48), Z(0x81), Z(0xb7), + Z(0x1d), Z(0x43), Z(0xd9), Z(0xd7), Z(0x45), Z(0xf0), Z(0xd8), Z(0x8a), Z(0x59), Z(0x7c), Z(0x57), + Z(0xc1), Z(0x79), Z(0xc7), Z(0x34), Z(0xd6), Z(0x43), Z(0xdf), Z(0xe4), Z(0x78), Z(0x16), Z(0x06), + Z(0xda), Z(0x92), Z(0x76), Z(0x51), Z(0xe1), Z(0xd4), Z(0x70), Z(0x03), Z(0xe0), Z(0x2f), Z(0x96), + Z(0x91), Z(0x82), Z(0x80)}; + +#undef Z +#define Z(x) NTOH(x << 11) +static const afs_uint32 sbox2[256] = { + Z(0xf0), Z(0x37), Z(0x24), Z(0x53), Z(0x2a), Z(0x03), Z(0x83), Z(0x86), Z(0xd1), Z(0xec), Z(0x50), + Z(0xf0), Z(0x42), Z(0x78), Z(0x2f), Z(0x6d), Z(0xbf), Z(0x80), Z(0x87), Z(0x27), Z(0x95), Z(0xe2), + Z(0xc5), Z(0x5d), Z(0xf9), Z(0x6f), Z(0xdb), Z(0xb4), Z(0x65), Z(0x6e), Z(0xe7), Z(0x24), Z(0xc8), + Z(0x1a), Z(0xbb), Z(0x49), Z(0xb5), Z(0x0a), Z(0x7d), Z(0xb9), Z(0xe8), Z(0xdc), Z(0xb7), Z(0xd9), + Z(0x45), Z(0x20), Z(0x1b), Z(0xce), Z(0x59), Z(0x9d), Z(0x6b), Z(0xbd), Z(0x0e), Z(0x8f), Z(0xa3), + Z(0xa9), Z(0xbc), Z(0x74), Z(0xa6), Z(0xf6), Z(0x7f), Z(0x5f), Z(0xb1), Z(0x68), Z(0x84), Z(0xbc), + Z(0xa9), Z(0xfd), Z(0x55), Z(0x50), Z(0xe9), Z(0xb6), Z(0x13), Z(0x5e), Z(0x07), Z(0xb8), Z(0x95), + Z(0x02), Z(0xc0), Z(0xd0), Z(0x6a), Z(0x1a), Z(0x85), Z(0xbd), Z(0xb6), Z(0xfd), Z(0xfe), Z(0x17), + Z(0x3f), Z(0x09), Z(0xa3), Z(0x8d), Z(0xfb), Z(0xed), Z(0xda), Z(0x1d), Z(0x6d), Z(0x1c), Z(0x6c), + Z(0x01), Z(0x5a), Z(0xe5), Z(0x71), Z(0x3e), Z(0x8b), Z(0x6b), Z(0xbe), Z(0x29), Z(0xeb), Z(0x12), + Z(0x19), Z(0x34), Z(0xcd), Z(0xb3), Z(0xbd), Z(0x35), Z(0xea), Z(0x4b), Z(0xd5), Z(0xae), Z(0x2a), + Z(0x79), Z(0x5a), Z(0xa5), Z(0x32), Z(0x12), Z(0x7b), Z(0xdc), Z(0x2c), Z(0xd0), Z(0x22), Z(0x4b), + Z(0xb1), Z(0x85), Z(0x59), Z(0x80), Z(0xc0), Z(0x30), Z(0x9f), Z(0x73), Z(0xd3), Z(0x14), Z(0x48), + Z(0x40), Z(0x07), Z(0x2d), Z(0x8f), Z(0x80), Z(0x0f), Z(0xce), Z(0x0b), Z(0x5e), Z(0xb7), Z(0x5e), + Z(0xac), Z(0x24), Z(0x94), Z(0x4a), Z(0x18), Z(0x15), Z(0x05), Z(0xe8), Z(0x02), Z(0x77), Z(0xa9), + Z(0xc7), Z(0x40), Z(0x45), Z(0x89), Z(0xd1), Z(0xea), Z(0xde), Z(0x0c), Z(0x79), Z(0x2a), Z(0x99), + Z(0x6c), Z(0x3e), Z(0x95), Z(0xdd), Z(0x8c), Z(0x7d), Z(0xad), Z(0x6f), Z(0xdc), Z(0xff), Z(0xfd), + Z(0x62), Z(0x47), Z(0xb3), Z(0x21), Z(0x8a), Z(0xec), Z(0x8e), Z(0x19), Z(0x18), Z(0xb4), Z(0x6e), + Z(0x3d), Z(0xfd), Z(0x74), Z(0x54), Z(0x1e), Z(0x04), Z(0x85), Z(0xd8), Z(0xbc), Z(0x1f), Z(0x56), + Z(0xe7), Z(0x3a), Z(0x56), Z(0x67), Z(0xd6), Z(0xc8), Z(0xa5), Z(0xf3), Z(0x8e), Z(0xde), Z(0xae), + Z(0x37), Z(0x49), Z(0xb7), Z(0xfa), Z(0xc8), Z(0xf4), Z(0x1f), Z(0xe0), Z(0x2a), Z(0x9b), Z(0x15), + Z(0xd1), Z(0x34), Z(0x0e), Z(0xb5), Z(0xe0), Z(0x44), Z(0x78), Z(0x84), Z(0x59), Z(0x56), Z(0x68), + Z(0x77), Z(0xa5), Z(0x14), Z(0x06), Z(0xf5), Z(0x2f), Z(0x8c), Z(0x8a), Z(0x73), Z(0x80), Z(0x76), + Z(0xb4), Z(0x10), Z(0x86)}; + +#undef Z +#define Z(x) NTOH(x << 19) +static const afs_uint32 sbox3[256] = { + Z(0xa9), Z(0x2a), Z(0x48), Z(0x51), Z(0x84), Z(0x7e), Z(0x49), Z(0xe2), Z(0xb5), Z(0xb7), Z(0x42), + Z(0x33), Z(0x7d), Z(0x5d), Z(0xa6), Z(0x12), Z(0x44), Z(0x48), Z(0x6d), Z(0x28), Z(0xaa), Z(0x20), + Z(0x6d), Z(0x57), Z(0xd6), Z(0x6b), Z(0x5d), Z(0x72), Z(0xf0), Z(0x92), Z(0x5a), Z(0x1b), Z(0x53), + Z(0x80), Z(0x24), Z(0x70), Z(0x9a), Z(0xcc), Z(0xa7), Z(0x66), Z(0xa1), Z(0x01), Z(0xa5), Z(0x41), + Z(0x97), Z(0x41), Z(0x31), Z(0x82), Z(0xf1), Z(0x14), Z(0xcf), Z(0x53), Z(0x0d), Z(0xa0), Z(0x10), + Z(0xcc), Z(0x2a), Z(0x7d), Z(0xd2), Z(0xbf), Z(0x4b), Z(0x1a), Z(0xdb), Z(0x16), Z(0x47), Z(0xf6), + Z(0x51), Z(0x36), Z(0xed), Z(0xf3), Z(0xb9), Z(0x1a), Z(0xa7), Z(0xdf), Z(0x29), Z(0x43), Z(0x01), + Z(0x54), Z(0x70), Z(0xa4), Z(0xbf), Z(0xd4), Z(0x0b), Z(0x53), Z(0x44), Z(0x60), Z(0x9e), Z(0x23), + Z(0xa1), Z(0x18), Z(0x68), Z(0x4f), Z(0xf0), Z(0x2f), Z(0x82), Z(0xc2), Z(0x2a), Z(0x41), Z(0xb2), + Z(0x42), Z(0x0c), Z(0xed), Z(0x0c), Z(0x1d), Z(0x13), Z(0x3a), Z(0x3c), Z(0x6e), Z(0x35), Z(0xdc), + Z(0x60), Z(0x65), Z(0x85), Z(0xe9), Z(0x64), Z(0x02), Z(0x9a), Z(0x3f), Z(0x9f), Z(0x87), Z(0x96), + Z(0xdf), Z(0xbe), Z(0xf2), Z(0xcb), Z(0xe5), Z(0x6c), Z(0xd4), Z(0x5a), Z(0x83), Z(0xbf), Z(0x92), + Z(0x1b), Z(0x94), Z(0x00), Z(0x42), Z(0xcf), Z(0x4b), Z(0x00), Z(0x75), Z(0xba), Z(0x8f), Z(0x76), + Z(0x5f), Z(0x5d), Z(0x3a), Z(0x4d), Z(0x09), Z(0x12), Z(0x08), Z(0x38), Z(0x95), Z(0x17), Z(0xe4), + Z(0x01), Z(0x1d), Z(0x4c), Z(0xa9), Z(0xcc), Z(0x85), Z(0x82), Z(0x4c), Z(0x9d), Z(0x2f), Z(0x3b), + Z(0x66), Z(0xa1), Z(0x34), Z(0x10), Z(0xcd), Z(0x59), Z(0x89), Z(0xa5), Z(0x31), Z(0xcf), Z(0x05), + Z(0xc8), Z(0x84), Z(0xfa), Z(0xc7), Z(0xba), Z(0x4e), Z(0x8b), Z(0x1a), Z(0x19), Z(0xf1), Z(0xa1), + Z(0x3b), Z(0x18), Z(0x12), Z(0x17), Z(0xb0), Z(0x98), Z(0x8d), Z(0x0b), Z(0x23), Z(0xc3), Z(0x3a), + Z(0x2d), Z(0x20), Z(0xdf), Z(0x13), Z(0xa0), Z(0xa8), Z(0x4c), Z(0x0d), Z(0x6c), Z(0x2f), Z(0x47), + Z(0x13), Z(0x13), Z(0x52), Z(0x1f), Z(0x2d), Z(0xf5), Z(0x79), Z(0x3d), Z(0xa2), Z(0x54), Z(0xbd), + Z(0x69), Z(0xc8), Z(0x6b), Z(0xf3), Z(0x05), Z(0x28), Z(0xf1), Z(0x16), Z(0x46), Z(0x40), Z(0xb0), + Z(0x11), Z(0xd3), Z(0xb7), Z(0x95), Z(0x49), Z(0xcf), Z(0xc3), Z(0x1d), Z(0x8f), Z(0xd8), Z(0xe1), + Z(0x73), Z(0xdb), Z(0xad), Z(0xc8), Z(0xc9), Z(0xa9), Z(0xa1), Z(0xc2), Z(0xc5), Z(0xe3), Z(0xba), + Z(0xfc), Z(0x0e), Z(0x25)}; + +/* + * This is a 16 round Feistel network with permutation F_ENCRYPT + */ + +#define F_ENCRYPT(R, L, sched) { \ + union lc4 { afs_uint32 l; unsigned char c[4]; } u; \ + u.l = sched ^ R; \ + L ^= sbox0[u.c[0]] ^ sbox1[u.c[1]] ^ sbox2[u.c[2]] ^ sbox3[u.c[3]]; } + +#ifndef WORDS_BIGENDIAN +/* BEWARE: this code is endian dependent. + * This should really be inline assembler on the x86. + */ +#undef F_ENCRYPT +#define FF(y, shiftN) (((y) >> shiftN) & 0xFF) +#define F_ENCRYPT(R, L, sched) { \ + afs_uint32 u; \ + u = sched ^ R; \ + L ^= sbox0[FF(u, 0)] ^ sbox1[FF(u, 8)] ^ sbox2[FF(u, 16)] ^ sbox3[FF(u, 24)];} +#endif + +static inline +void +fc_ecb_enc(afs_uint32 l, + afs_uint32 r, + afs_uint32 out[2], + const afs_int32 sched[MAXROUNDS]) +{ +#if !defined(UNROLL_LOOPS) + { + int i; + for (i = 0; i < (MAXROUNDS/4); i++) + { + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + } + } +#else + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); + F_ENCRYPT(r, l, *sched++); + F_ENCRYPT(l, r, *sched++); +#endif /* UNROLL_LOOPS */ + + out[0] = l; + out[1] = r; +} + +static inline +void +fc_ecb_dec(afs_uint32 l, + afs_uint32 r, + afs_uint32 out[2], + const afs_int32 sched[MAXROUNDS]) +{ + sched = &sched[MAXROUNDS-1]; + +#if !defined(UNROLL_LOOPS) + { + int i; + for (i = 0; i < (MAXROUNDS/4); i++) + { + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + } + } +#else + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); + F_ENCRYPT(l, r, *sched--); + F_ENCRYPT(r, l, *sched--); +#endif /* UNROLL_LOOPS */ + + out[0] = l; + out[1] = r; +} + +static inline +void +fc_cbc_enc(const afs_uint32 *in, + afs_uint32 *out, + afs_int32 length, + const afs_int32 sched[MAXROUNDS], + afs_uint32 *iv) +{ + afs_int32 xor0 = iv[0], xor1 = iv[1]; + + for (; length > 0; length -= 8) + { + afs_uint32 b8[2]; + /* If length < 8 we read to much, usally ok */ + xor0 ^= in[0]; + xor1 ^= in[1]; + fc_ecb_enc(xor0, xor1, b8, sched); + xor0 = in[0] ^ b8[0]; + xor1 = in[1] ^ b8[1]; + + /* Out is always a multiple of 8 */ + memcpy(out, b8, 8); + out += 2; + in += 2; + } + iv[0] = xor0; + iv[1] = xor1; +} + +static inline +void +fc_cbc_dec(const afs_uint32 *in, + afs_uint32 *out, + afs_int32 length, + const afs_int32 sched[MAXROUNDS], + afs_uint32 *iv) +{ + afs_int32 xor0 = iv[0], xor1 = iv[1]; + + for (; length > 0; length -= 8) + { + afs_uint32 b8[2]; + /* In is always a multiple of 8 */ + fc_ecb_dec(in[0], in[1], b8, sched); + b8[0] ^= xor0; + b8[1] ^= xor1; + xor0 = in[0] ^ b8[0]; + xor1 = in[1] ^ b8[1]; + +#if 0 + if (length >= 8) + memcpy(out, b8, 8); + else + memcpy(out, b8, length); /* Don't write to much when length < 8 */ +#else + /* If length < 8 we write to much, this is not always ok */ + memcpy(out, b8, 8); +#endif + out += 2; + in += 2; + } + iv[0] = xor0; + iv[1] = xor1; +} + +afs_int32 +fc_ecb_encrypt(afs_uint32 *in, afs_uint32 *out, + fc_KeySchedule sched, + int encrypt) +{ + if (encrypt) + fc_ecb_enc(in[0], in[1], out, sched); + else + fc_ecb_dec(in[0], in[1], out, sched); + return 0; +} + +afs_int32 +fc_cbc_encrypt(afs_uint32 *in, afs_uint32 *out, + afs_int32 length, + fc_KeySchedule sched, + afs_uint32 *iv, + int encrypt) +{ + if (encrypt) + fc_cbc_enc(in, out, length, sched, iv); + else + fc_cbc_dec(in, out, length, sched, iv); + return 0; +} + +/* Rotate two 32 bit numbers as a 56 bit number */ +#define ROT56R(hi, lo, n) { \ + afs_uint32 t = lo & ((1<> n) | ((hi & ((1<> n) | (t << (24-n)); } + +/* Rotate one 64 bit number as a 56 bit number */ +#define ROT56R64(k, n) { \ + k = (k >> n) | ((k & ((1<> 55) != 0) && ((1ul << 55) != 0) + unsigned long k; /* k holds all 56 non parity bits */ + + /* Compress out parity bits */ + k = (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key++) >> 1; + k <<= 7; + k |= (*key) >> 1; + + /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */ + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + ROT56R64(k, 11); + *sched++ = EFF_NTOHL((afs_uint32)k); + return 0; +#else + afs_uint32 hi, lo; /* hi is upper 24 bits and lo lower 32, total 56 */ + + /* Compress out parity bits */ + lo = (*key++) >> 1; + lo <<= 7; + lo |= (*key++) >> 1; + lo <<= 7; + lo |= (*key++) >> 1; + lo <<= 7; + lo |= (*key++) >> 1; + hi = lo >> 4; + lo &= 0xf; + lo <<= 7; + lo |= (*key++) >> 1; + lo <<= 7; + lo |= (*key++) >> 1; + lo <<= 7; + lo |= (*key++) >> 1; + lo <<= 7; + lo |= (*key) >> 1; + + /* Use lower 32 bits for schedule, rotate by 11 each round (16 times) */ + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + ROT56R(hi, lo, 11); + *sched++ = EFF_NTOHL(lo); + return 0; +#endif +} + +/* + * Encryption/decryption of Rx packets is pretty straight forward. Run + * fc_cbc_encrypt over the packet fragments until len bytes have been + * processed. Skip the Rx packet header but not the security header. + */ +afs_int32 +rxkad_EncryptPacket(const struct rx_connection *rx_connection_not_used, + const fc_KeySchedule *sched, + const afs_uint32 *iv, + int len, + struct rx_packet *packet) +{ + afs_uint32 ivec[2]; + struct iovec *frag; + + { + /* What is this good for? + * It turns out that the security header for auth_enc is of + * size 8 bytes and the last 4 bytes are defined to be 0! + */ + afs_uint32 *t = (afs_uint32 *)packet->wirevec[1].iov_base; + t[1] = 0; + } + + memcpy(ivec, iv, sizeof(ivec)); /* Must use copy of iv */ + for (frag = &packet->wirevec[1]; len; frag++) + { + int iov_len = frag->iov_len; + afs_uint32 *iov_bas = (afs_uint32 *) frag->iov_base; + if (iov_len == 0) + return RXKADDATALEN; /* Length mismatch */ + if (len < iov_len) + iov_len = len; /* Don't process to much data */ + fc_cbc_enc(iov_bas, iov_bas, iov_len, sched, ivec); + len -= iov_len; + } + return 0; +} + +afs_int32 +rxkad_DecryptPacket(const struct rx_connection *rx_connection_not_used, + const fc_KeySchedule *sched, + const afs_uint32 *iv, + int len, + struct rx_packet *packet) +{ + afs_uint32 ivec[2]; + struct iovec *frag; + + memcpy(ivec, iv, sizeof(ivec)); /* Must use copy of iv */ + for (frag = &packet->wirevec[1]; len > 0; frag++) + { + int iov_len = frag->iov_len; + afs_uint32 *iov_bas = (afs_uint32 *) frag->iov_base; + if (iov_len == 0) + return RXKADDATALEN; /* Length mismatch */ + if (len < iov_len) + iov_len = len; /* Don't process to much data */ + fc_cbc_dec(iov_bas, iov_bas, iov_len, sched, ivec); + len -= iov_len; + } + return 0; +} + +#if defined(TEST) || defined(TEST_KERNEL) +/* + * It is possible to link with the client kernel libafs.a to verify + * the test case. Use TEST_KERNEL to get the mangled names. + */ + +#include +#include + +#include + +const char the_quick[] = "The quick brown fox jumps over the lazy dogs.\0\0"; + +const unsigned char key1[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; +const char ciph1[] = { + 0x00, 0xf0, 0xe, 0x11, 0x75, 0xe6, 0x23, 0x82, 0xee, 0xac, 0x98, 0x62, + 0x44, 0x51, 0xe4, 0x84, 0xc3, 0x59, 0xd8, 0xaa, 0x64, 0x60, 0xae, 0xf7, + 0xd2, 0xd9, 0x13, 0x79, 0x72, 0xa3, 0x45, 0x03, 0x23, 0xb5, 0x62, 0xd7, + 0xc, 0xf5, 0x27, 0xd1, 0xf8, 0x91, 0x3c, 0xac, 0x44, 0x22, 0x92, 0xef }; + +const unsigned char key2[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; +const char ciph2[] = { + 0xca, 0x90, 0xf5, 0x9d, 0xcb, 0xd4, 0xd2, 0x3c, 0x01, 0x88, 0x7f, 0x3e, + 0x31, 0x6e, 0x62, 0x9d, 0xd8, 0xe0, 0x57, 0xa3, 0x06, 0x3a, 0x42, 0x58, + 0x2a, 0x28, 0xfe, 0x72, 0x52, 0x2f, 0xdd, 0xe0, 0x19, 0x89, 0x09, 0x1c, + 0x2a, 0x8e, 0x8c, 0x94, 0xfc, 0xc7, 0x68, 0xe4, 0x88, 0xaa, 0xde, 0x0f }; + +#ifdef TEST_KERNEL +#define fc_keysched _afs_QTKrFdpoFL +#define fc_ecb_encrypt _afs_sDLThwNLok +#define fc_cbc_encrypt _afs_fkyCWTvfRS +#define rxkad_DecryptPacket _afs_SRWEeqTXrS +#define rxkad_EncryptPacket _afs_bpwQbdoghO +#endif + +int rx_SlowPutInt32() { abort(); } + +int +main() +{ + afs_int32 sched[MAXROUNDS]; + char ciph[100], clear[100], tmp[100]; + afs_uint32 data[2]; + afs_uint32 iv[2]; + struct rx_packet packet; + + if (sizeof(afs_int32) != 4) + fprintf(stderr, "error: sizeof(afs_int32) != 4\n"); + if (sizeof(afs_uint32) != 4) + fprintf(stderr, "error: sizeof(afs_uint32) != 4\n"); + + /* + * Use key1 and key2 as iv */ + fc_keysched(key1, sched); + memcpy(iv, key2, sizeof(iv)); + fc_cbc_encrypt(the_quick, ciph, sizeof(the_quick), sched, iv, ENCRYPT); + if (memcmp(ciph1, ciph, sizeof(ciph1)) != 0) + fprintf(stderr, "encrypt FAILED\n"); + memcpy(iv, key2, sizeof(iv)); + fc_cbc_encrypt(ciph, clear, sizeof(the_quick), sched, iv, DECRYPT); + if (strcmp(the_quick, clear) != 0) + fprintf(stderr, "crypt decrypt FAILED\n"); + + /* + * Use key2 and key1 as iv + */ + fc_keysched(key2, sched); + memcpy(iv, key1, sizeof(iv)); + fc_cbc_encrypt(the_quick, ciph, sizeof(the_quick), sched, iv, ENCRYPT); + if (memcmp(ciph2, ciph, sizeof(ciph2)) != 0) + fprintf(stderr, "encrypt FAILED\n"); + memcpy(iv, key1, sizeof(iv)); + fc_cbc_encrypt(ciph, clear, sizeof(the_quick), sched, iv, DECRYPT); + if (strcmp(the_quick, clear) != 0) + fprintf(stderr, "crypt decrypt FAILED\n"); + + /* + * Test Encrypt- and Decrypt-Packet, use key1 and key2 as iv + */ + fc_keysched(key1, sched); + memcpy(iv, key2, sizeof(iv)); + strcpy(clear, the_quick); + packet.wirevec[1].iov_base = clear; + packet.wirevec[1].iov_len = sizeof(the_quick); + packet.wirevec[2].iov_len = 0; + + /* For unknown reasons bytes 4-7 are zeroed in rxkad_EncryptPacket */ + rxkad_EncryptPacket(tmp, sched, iv, sizeof(the_quick), &packet); + rxkad_DecryptPacket(tmp, sched, iv, sizeof(the_quick), &packet); + clear[4] ^= 'q'; + clear[5] ^= 'u'; + clear[6] ^= 'i'; + clear[7] ^= 'c'; + if (strcmp(the_quick, clear) != 0) + fprintf(stderr, "rxkad_EncryptPacket/rxkad_DecryptPacket FAILED\n"); + + { + struct timeval start, stop; + int i; + + fc_keysched(key1, sched); + gettimeofday(&start, 0); + for (i = 0; i < 1000000; i++) + fc_keysched(key1, sched); + gettimeofday(&stop, 0); + printf("fc_keysched = %2.2f us\n", + (stop.tv_sec - start.tv_sec + + (stop.tv_usec - start.tv_usec)/1e6)*1); + + fc_ecb_encrypt(data, data, sched, ENCRYPT); + gettimeofday(&start, 0); + for (i = 0; i < 1000000; i++) + fc_ecb_encrypt(data, data, sched, ENCRYPT); + gettimeofday(&stop, 0); + printf("fc_ecb_encrypt = %2.2f us\n", + (stop.tv_sec - start.tv_sec + + (stop.tv_usec - start.tv_usec)/1e6)*1); + + fc_cbc_encrypt(the_quick, ciph, sizeof(the_quick), sched, iv, ENCRYPT); + gettimeofday(&start, 0); + for (i = 0; i < 100000; i++) + fc_cbc_encrypt(the_quick, ciph, sizeof(the_quick), sched, iv, ENCRYPT); + gettimeofday(&stop, 0); + printf("fc_cbc_encrypt = %2.2f us\n", + (stop.tv_sec - start.tv_sec + + (stop.tv_usec - start.tv_usec)/1e6)*10); + + } + + exit(0); +} +#endif /* TEST */ diff --git a/src/rxkad/rxkad_prototypes.h b/src/rxkad/rxkad_prototypes.h index 408ed50..4247e0d 100644 --- a/src/rxkad/rxkad_prototypes.h +++ b/src/rxkad/rxkad_prototypes.h @@ -16,19 +16,20 @@ /* domestic/crypt_conn.c */ extern afs_int32 rxkad_DecryptPacket (const struct rx_connection *conn, - const fc_KeySchedule *schedule, const fc_InitializationVector *ivec, - const int len, struct rx_packet *packet); + const fc_KeySchedule *schedule, const afs_uint32 *ivec, + int len, struct rx_packet *packet); extern afs_int32 rxkad_EncryptPacket (const struct rx_connection *conn, - const fc_KeySchedule *schedule, const fc_InitializationVector *ivec, - const int len, struct rx_packet *packet); + const fc_KeySchedule *schedule, const afs_uint32 *iv, + int len, struct rx_packet *packet); /* domestic/fcrypt.c */ -extern int fc_keysched (struct ktc_encryptionKey *key, +extern int fc_keysched (void *key, fc_KeySchedule schedule); extern afs_int32 fc_ecb_encrypt(afs_uint32 *clear, afs_uint32 *cipher, fc_KeySchedule schedule, int encrypt); -extern afs_int32 fc_cbc_encrypt (char *input, char *output, afs_int32 length, +extern afs_int32 fc_cbc_encrypt (afs_uint32 *input, afs_uint32 *output, + afs_int32 length, fc_KeySchedule key, afs_uint32 *xor, int encrypt); /* rxkad_client.c */