xref: /illumos-gate/usr/src/uts/common/des/des_soft.c (revision e4d060fb4c00d44cd578713eb9a921f594b733b8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  *
22  * Copyright 1989 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*
30  * Portions of this source code were derived from Berkeley 4.3 BSD
31  * under license from the Regents of the University of California.
32  */
33 
34 #ident	"%Z%%M%	%I%	%E% SMI"
35 
36 /*
37  * Warning!  Things are arranged very carefully in this file to
38  * allow read-only data to be moved to the text segment.  The
39  * various DES tables must appear before any function definitions
40  * (this is arranged by including them immediately below) and partab
41  * must also appear before and function definitions
42  * This arrangement allows all data up through the first text to
43  * be moved to text.
44  */
45 
46 /*
47  * Fast (?) software implementation of DES
48  * Has been seen going at 2000 bytes/sec on a Sun-2
49  * Works on a VAX too.
50  * Won't work without 8 bit chars and 32 bit longs
51  */
52 
53 #include <sys/types.h>
54 #include <des/des.h>
55 #include <des/softdes.h>
56 #include <des/desdata.h>
57 #include <sys/debug.h>
58 
59 static void des_setkey(u_char userkey[8], struct deskeydata *kd,
60     unsigned int dir);
61 static void des_encrypt(u_char *data, struct deskeydata *kd);
62 
63 /* EXPORT DELETE START */
64 #define	btst(k, b)	(k[b >> 3] & (0x80 >> (b & 07)))
65 #define	BIT28	(1<<28)
66 /* EXPORT DELETE END */
67 
68 /*
69  * Software encrypt or decrypt a block of data (multiple of 8 bytes)
70  * Do the CBC ourselves if needed.
71  */
72 /* ARGSUSED */
73 int
74 _des_crypt(char *buf, size_t len, struct desparams *desp)
75 {
76 /* EXPORT DELETE START */
77 	short i;
78 	uint_t mode;
79 	uint_t dir;
80 	char nextiv[8];
81 	struct deskeydata softkey;
82 
83 	mode = desp->des_mode;
84 	dir = desp->des_dir;
85 	des_setkey(desp->des_key, &softkey, dir);
86 	while (len != 0) {
87 		switch (mode) {
88 		case CBC:
89 			switch (dir) {
90 			case ENCRYPT:
91 				for (i = 0; i < 8; i++)
92 					buf[i] ^= desp->des_ivec[i];
93 				des_encrypt((u_char *)buf, &softkey);
94 				for (i = 0; i < 8; i++)
95 					desp->des_ivec[i] = buf[i];
96 				break;
97 			case DECRYPT:
98 				for (i = 0; i < 8; i++)
99 					nextiv[i] = buf[i];
100 				des_encrypt((u_char *)buf, &softkey);
101 				for (i = 0; i < 8; i++) {
102 					buf[i] ^= desp->des_ivec[i];
103 					desp->des_ivec[i] = nextiv[i];
104 				}
105 				break;
106 			}
107 			break;
108 		case ECB:
109 			des_encrypt((u_char *)buf, &softkey);
110 			break;
111 		}
112 		buf += 8;
113 		len -= 8;
114 	}
115 /* EXPORT DELETE END */
116 	return (1);
117 }
118 
119 
120 /*
121  * Set the key and direction for an encryption operation
122  * We build the 16 key entries here
123  */
124 /* ARGSUSED */
125 static void
126 des_setkey(u_char userkey[8], struct deskeydata *kd, unsigned int dir)
127 {
128 /* EXPORT DELETE START */
129 	int32_t C, D;
130 	short i;
131 
132 	/*
133 	 * First, generate C and D by permuting
134 	 * the key. The low order bit of each
135 	 * 8-bit char is not used, so C and D are only 28
136 	 * bits apiece.
137 	 */
138 	{
139 		short bit;
140 		short *pcc = (short *)PC1_C, *pcd = (short *)PC1_D;
141 
142 		C = D = 0;
143 		for (i = 0; i < 28; i++) {
144 			C <<= 1;
145 			D <<= 1;
146 			bit = *pcc++;
147 			if (btst(userkey, bit))
148 				C |= 1;
149 			bit = *pcd++;
150 			if (btst(userkey, bit))
151 				D |= 1;
152 		}
153 	}
154 	/*
155 	 * To generate Ki, rotate C and D according
156 	 * to schedule and pick up a permutation
157 	 * using PC2.
158 	 */
159 	for (i = 0; i < 16; i++) {
160 		chunk_t *c;
161 		short j, k, bit;
162 		int bbit;
163 
164 		/*
165 		 * Do the "left shift" (rotate)
166 		 * We know we always rotate by either 1 or 2 bits
167 		 * the shifts table tells us if its 2
168 		 */
169 		C <<= 1;
170 		if (C & BIT28)
171 			C |= 1;
172 		D <<= 1;
173 		if (D & BIT28)
174 			D |= 1;
175 		if (shifts[i]) {
176 			C <<= 1;
177 			if (C & BIT28)
178 				C |= 1;
179 			D <<= 1;
180 			if (D & BIT28)
181 				D |= 1;
182 		}
183 		/*
184 		 * get Ki. Note C and D are concatenated.
185 		 */
186 		bit = 0;
187 		switch (dir) {
188 		case ENCRYPT:
189 			c = &kd->keyval[i];
190 			break;
191 		case DECRYPT:
192 			c = &kd->keyval[15 - i];
193 			break;
194 		}
195 		c->long0 = 0;
196 		c->long1 = 0;
197 		bbit = (1 << 5) << 24;
198 		for (j = 0; j < 4; j++) {
199 			for (k = 0; k < 6; k++) {
200 				if (C & (BIT28 >> PC2_C[bit]))
201 					c->long0 |= bbit >> k;
202 				if (D & (BIT28 >> PC2_D[bit]))
203 					c->long1 |= bbit >> k;
204 				bit++;
205 			}
206 			bbit >>= 8;
207 		}
208 	}
209 /* EXPORT DELETE END */
210 }
211 
212 
213 
214 /*
215  * Do an encryption operation
216  * Much pain is taken (with preprocessor) to avoid loops so the compiler
217  * can do address arithmetic instead of doing it at runtime.
218  * Note that the byte-to-chunk conversion is necessary to guarantee
219  * processor byte-order independence.
220  */
221 /* ARGSUSED */
222 static void
223 des_encrypt(u_char *data, struct deskeydata *kd)
224 {
225 /* EXPORT DELETE START */
226 	chunk_t work1, work2;
227 
228 	/*
229 	 * Initial permutation
230 	 * and byte to chunk conversion
231 	 */
232 	{
233 		const uint32_t *lp;
234 		uint32_t l0, l1, w;
235 		short i, pbit;
236 
237 		work1.byte0 = data[0];
238 		work1.byte1 = data[1];
239 		work1.byte2 = data[2];
240 		work1.byte3 = data[3];
241 		work1.byte4 = data[4];
242 		work1.byte5 = data[5];
243 		work1.byte6 = data[6];
244 		work1.byte7 = data[7];
245 		l0 = l1 = 0;
246 		w = work1.long0;
247 		for (lp = &longtab[0], i = 0; i < 32; i++) {
248 			if (w & *lp++) {
249 				pbit = IPtab[i];
250 				if (pbit < 32)
251 					l0 |= longtab[pbit];
252 				else
253 					l1 |= longtab[pbit-32];
254 			}
255 		}
256 		w = work1.long1;
257 		for (lp = &longtab[0], i = 32; i < 64; i++) {
258 			if (w & *lp++) {
259 				pbit = IPtab[i];
260 				if (pbit < 32)
261 					l0 |= longtab[pbit];
262 				else
263 					l1 |= longtab[pbit-32];
264 			}
265 		}
266 		work2.long0 = l0;
267 		work2.long1 = l1;
268 	}
269 
270 /*
271  * Expand 8 bits of 32 bit R to 48 bit R
272  */
273 #ifdef __STDC__
274 #define	do_R_to_ER(op, b) {					\
275 	struct R_to_ER *p =					\
276 	    (struct R_to_ER *)&R_to_ER_tab[b][R.byte##b];	\
277 	e0 op p->l0;						\
278 	e1 op p->l1;						\
279 }
280 #else
281 #define	do_R_to_ER(op, b)	{				\
282 	/*CSTYLED*/						\
283 	struct R_to_ER *p = &R_to_ER_tab[b][R.byte/**/b];	\
284 	e0 op p->l0;						\
285 	e1 op p->l1;						\
286 }
287 #endif
288 
289 /*
290  * Inner part of the algorithm:
291  * Expand R from 32 to 48 bits; xor key value;
292  * apply S boxes; permute 32 bits of output
293  */
294 #define	do_F(iter, inR, outR) 	{			\
295 	chunk_t R, ER;					\
296 	u_int e0, e1;					\
297 	R.long0 = inR;					\
298 	/*CSTYLED*/					\
299 	do_R_to_ER(=,0);				\
300 	/*CSTYLED*/					\
301 	do_R_to_ER(|=,1);				\
302 	/*CSTYLED*/					\
303 	do_R_to_ER(|=,2);				\
304 	/*CSTYLED*/					\
305 	do_R_to_ER(|=,3);				\
306 	ER.long0 = e0 ^ kd->keyval[iter].long0;		\
307 	ER.long1 = e1 ^ kd->keyval[iter].long1;		\
308 	R.long0 =					\
309 		S_tab[0][ER.byte0] +			\
310 		S_tab[1][ER.byte1] +			\
311 		S_tab[2][ER.byte2] +			\
312 		S_tab[3][ER.byte3] +			\
313 		S_tab[4][ER.byte4] +			\
314 		S_tab[5][ER.byte5] +			\
315 		S_tab[6][ER.byte6] +			\
316 		S_tab[7][ER.byte7]; 			\
317 	outR =						\
318 		P_tab[0][R.byte0] +			\
319 		P_tab[1][R.byte1] +			\
320 		P_tab[2][R.byte2] +			\
321 		P_tab[3][R.byte3]; 			\
322 }
323 
324 /*
325  * Do a cipher step
326  * Apply inner part; do xor and exchange of 32 bit parts
327  */
328 #define	cipher(iter, inR, inL, outR, outL)	{	\
329 	do_F(iter, inR, outR);				\
330 	outR ^= inL;					\
331 	outL = inR;					\
332 }
333 
334 	/*
335 	 * Apply the 16 ciphering steps
336 	 */
337 	{
338 		u_int r0, l0, r1, l1;
339 
340 		l0 = work2.long0;
341 		r0 = work2.long1;
342 		cipher(0, r0, l0, r1, l1);
343 		cipher(1, r1, l1, r0, l0);
344 		cipher(2, r0, l0, r1, l1);
345 		cipher(3, r1, l1, r0, l0);
346 		cipher(4, r0, l0, r1, l1);
347 		cipher(5, r1, l1, r0, l0);
348 		cipher(6, r0, l0, r1, l1);
349 		cipher(7, r1, l1, r0, l0);
350 		cipher(8, r0, l0, r1, l1);
351 		cipher(9, r1, l1, r0, l0);
352 		cipher(10, r0, l0, r1, l1);
353 		cipher(11, r1, l1, r0, l0);
354 		cipher(12, r0, l0, r1, l1);
355 		cipher(13, r1, l1, r0, l0);
356 		cipher(14, r0, l0, r1, l1);
357 		cipher(15, r1, l1, r0, l0);
358 		work1.long0 = r0;
359 		work1.long1 = l0;
360 	}
361 
362 	/*
363 	 * Final permutation
364 	 * and chunk to byte conversion
365 	 */
366 	{
367 		const uint32_t *lp;
368 		uint32_t l0, l1, w;
369 		short i, pbit;
370 
371 		l0 = l1 = 0;
372 		w = work1.long0;
373 		for (lp = &longtab[0], i = 0; i < 32; i++) {
374 			if (w & *lp++) {
375 				pbit = FPtab[i];
376 				if (pbit < 32)
377 					l0 |= longtab[pbit];
378 				else
379 					l1 |= longtab[pbit-32];
380 			}
381 		}
382 		w = work1.long1;
383 		for (lp = &longtab[0], i = 32; i < 64; i++) {
384 			if (w & *lp++) {
385 				pbit = FPtab[i];
386 				if (pbit < 32)
387 					l0 |= longtab[pbit];
388 				else
389 					l1 |= longtab[pbit-32];
390 			}
391 		}
392 		work2.long0 = l0;
393 		work2.long1 = l1;
394 	}
395 	data[0] = work2.byte0;
396 	data[1] = work2.byte1;
397 	data[2] = work2.byte2;
398 	data[3] = work2.byte3;
399 	data[4] = work2.byte4;
400 	data[5] = work2.byte5;
401 	data[6] = work2.byte6;
402 	data[7] = work2.byte7;
403 /* EXPORT DELETE END */
404 }
405