From: Simon Wilkinson Date: Sun, 25 Apr 2010 21:07:04 +0000 (+0100) Subject: Move rxkad/domestic/* into rxkad/ directory proper X-Git-Tag: openafs-devel-1_5_75~379 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=fbbfb51e7d997a40bf7d57150f69bfb055831a07;p=packages%2Fo%2Fopenafs.git Move rxkad/domestic/* into rxkad/ directory proper Historically, the fcrypt code lived in its own directory, named 'domestic', so that ACLs could be used to prevent nasty foreigners from getting access to it. Now that those days are gone, having the domestic directory just complicates builds. Remove it, and reunite fcrypt with the rest of the tree. Change-Id: I2d1f66463121bbb391260b613913d76c27931429 Reviewed-on: http://gerrit.openafs.org/1836 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- diff --git a/src/NTObjdir b/src/NTObjdir index 238c9685c..51066e7f9 100755 --- a/src/NTObjdir +++ b/src/NTObjdir @@ -168,7 +168,6 @@ dirs="\ rxgen \ rxstat \ rxkad \ - rxkad/domestic \ rxkad/test \ fsint \ audit \ diff --git a/src/libafs/Makefile.common.in b/src/libafs/Makefile.common.in index b4f9dd3a3..c6efd5448 100644 --- a/src/libafs/Makefile.common.in +++ b/src/libafs/Makefile.common.in @@ -29,7 +29,6 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \ -I${TOP_SRCDIR}/config \ -I${TOP_SRCDIR}/rx/${MKAFS_OSTYPE} \ -I${TOP_SRCDIR}/rxkad \ - -I${TOP_SRCDIR}/rxkad/domestic \ -I${TOP_SRCDIR}/util \ -I${TOP_OBJDIR}/src \ -I${TOP_OBJDIR}/src/afs \ @@ -366,9 +365,9 @@ afs_stat.o: $(TOP_SRC_AFS)/afs_stat.c $(CRULE_NOOPT) afs_syscall.o: $(TOP_SRC_AFS)/afs_syscall.c $(CRULE_NOOPT) -fcrypt.o: $(TOP_SRC_RXKAD)/domestic/fcrypt.c +fcrypt.o: $(TOP_SRC_RXKAD)/fcrypt.c $(CRULE_NOOPT) -crypt_conn.o: $(TOP_SRC_RXKAD)/domestic/crypt_conn.c +crypt_conn.o: $(TOP_SRC_RXKAD)/crypt_conn.c $(CRULE_NOOPT) rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c $(CRULE_NOOPT) diff --git a/src/libafs/MakefileProto.OBSD.in b/src/libafs/MakefileProto.OBSD.in index 60419b430..7a1054a64 100644 --- a/src/libafs/MakefileProto.OBSD.in +++ b/src/libafs/MakefileProto.OBSD.in @@ -67,7 +67,6 @@ COMMON_INCLUDE = \ -I${TOP_SRCDIR}/rx \ -I${TOP_SRCDIR}/rx/${MKAFS_OSTYPE} \ -I${TOP_SRCDIR}/rxkad \ - -I${TOP_SRCDIR}/domestic \ -I${TOP_SRCDIR}/util \ -I${TOP_SRCDIR}/../include \ -I${TOP_SRCDIR}/../include/afs diff --git a/src/libafsrpc/Makefile.in b/src/libafsrpc/Makefile.in index 38d270fc9..f7a6fe89f 100644 --- a/src/libafsrpc/Makefile.in +++ b/src/libafsrpc/Makefile.in @@ -214,11 +214,11 @@ md4.o: ${RXKAD}/md4.c md5.o: ${RXKAD}/md5.c ${CCRULE} -I../rxkad ${RXKAD}/md5.c -fcrypt.o: ${RXKAD}/domestic/fcrypt.c - ${CCRULE} -I../rxkad ${RXKAD}/domestic/fcrypt.c +fcrypt.o: ${RXKAD}/fcrypt.c + ${CCRULE} -I../rxkad ${RXKAD}/fcrypt.c -crypt_conn.o: ${RXKAD}/domestic/crypt_conn.c - ${CCRULE} -I../rxkad ${RXKAD}/domestic/crypt_conn.c +crypt_conn.o: ${RXKAD}/crypt_conn.c + ${CCRULE} -I../rxkad ${RXKAD}/crypt_conn.c AFS_component_version_number.o: ${TOP_OBJDIR}/src/rx/AFS_component_version_number.c ${CCRULE} ${TOP_OBJDIR}/src/rx/AFS_component_version_number.c diff --git a/src/libuafs/Makefile.common.in b/src/libuafs/Makefile.common.in index 238ee0c4c..0f732ab3e 100644 --- a/src/libuafs/Makefile.common.in +++ b/src/libuafs/Makefile.common.in @@ -39,7 +39,6 @@ COMMON_INCLUDE = -I. -I.. -I../nfs \ -I${TOP_SRCDIR}/rx \ -I${TOP_SRCDIR}/rx/UKERNEL \ -I${TOP_SRCDIR}/rxkad \ - -I${TOP_SRCDIR}/rxkad/domestic \ -I${TOP_SRCDIR}/util \ -I${TOP_OBJDIR}/src \ -I${TOP_OBJDIR}/src/afs/UKERNEL \ @@ -723,9 +722,9 @@ $(UOBJ)/afs_fetchstore.o: $(TOP_SRC_AFS)/afs_fetchstore.c $(CRULE1) $(UOBJ)/afs_stat.o: $(TOP_SRC_AFS)/afs_stat.c $(CRULE1) -$(UOBJ)/fcrypt.o: $(TOP_SRC_RXKAD)/domestic/fcrypt.c +$(UOBJ)/fcrypt.o: $(TOP_SRC_RXKAD)/fcrypt.c $(CRULE1) -$(UOBJ)/crypt_conn.o: $(TOP_SRC_RXKAD)/domestic/crypt_conn.c +$(UOBJ)/crypt_conn.o: $(TOP_SRC_RXKAD)/crypt_conn.c $(CRULE1) $(UOBJ)/rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c $(CRULE1) @@ -1000,9 +999,9 @@ $(WEBOBJ)/afs_fetchstore.o: $(TOP_SRC_AFS)/afs_fetchstore.c $(CRULE2) $(WEBOBJ)/afs_stat.o: $(TOP_SRC_AFS)/afs_stat.c $(CRULE2) -$(WEBOBJ)/fcrypt.o: $(TOP_SRC_RXKAD)/domestic/fcrypt.c +$(WEBOBJ)/fcrypt.o: $(TOP_SRC_RXKAD)/fcrypt.c $(CRULE2) -$(WEBOBJ)/crypt_conn.o: $(TOP_SRC_RXKAD)/domestic/crypt_conn.c +$(WEBOBJ)/crypt_conn.o: $(TOP_SRC_RXKAD)/crypt_conn.c $(CRULE2) $(WEBOBJ)/rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c $(CRULE2) @@ -1281,9 +1280,9 @@ $(JUAFS)/afs_fetchstore.o: $(TOP_SRC_AFS)/afs_fetchstore.c $(CRULE1) $(JUAFS)/afs_stat.o: $(TOP_SRC_AFS)/afs_stat.c $(CRULE1) -$(JUAFS)/fcrypt.o: $(TOP_SRC_RXKAD)/domestic/fcrypt.c +$(JUAFS)/fcrypt.o: $(TOP_SRC_RXKAD)/fcrypt.c $(CRULE1) -$(JUAFS)/crypt_conn.o: $(TOP_SRC_RXKAD)/domestic/crypt_conn.c +$(JUAFS)/crypt_conn.o: $(TOP_SRC_RXKAD)/crypt_conn.c $(CRULE1) $(JUAFS)/rxkad_client.o: $(TOP_SRC_RXKAD)/rxkad_client.c $(CRULE1) diff --git a/src/rxkad/Makefile.in b/src/rxkad/Makefile.in index dc4207257..dc9ae2c60 100644 --- a/src/rxkad/Makefile.in +++ b/src/rxkad/Makefile.in @@ -85,14 +85,11 @@ md4.o: md4.c ${INCLS} md5.o: md5.c ${INCLS} -fcrypt.o: ${srcdir}/domestic/fcrypt.c fcrypt.h sboxes.h rxkad.h rxkad_prototypes.h - ${CCOBJ} ${CFLAGS} -c ${srcdir}/domestic/fcrypt.c +fcrypt.o: fcrypt.c fcrypt.h sboxes.h rxkad.h rxkad_prototypes.h -crypt_conn.o: ${srcdir}/domestic/crypt_conn.c fcrypt.h private_data.h ${INCLS} - ${CCOBJ} ${CFLAGS} -c ${srcdir}/domestic/crypt_conn.c +crypt_conn.o: crypt_conn.c fcrypt.h private_data.h ${INCLS} -tcrypt.o: ${srcdir}/domestic/tcrypt.c AFS_component_version_number.o - ${CCOBJ} ${CFLAGS} -c ${srcdir}/domestic/fcrypt.c +tcrypt.o: tcrypt.c AFS_component_version_number.o tcrypt: tcrypt.o librxkad.a ${CC} -o tcrypt tcrypt.o librxkad.a @@ -135,13 +132,4 @@ clean: test: cd test; $(MAKE) -# These sources are kept in a separate directory so that we can use an -# ACL to comply with source export restrictions. - -fcrypt.h: domestic/fcrypt.h - ${INSTALL_DATA} $? $@ - -sboxes.h: domestic/sboxes.h - ${INSTALL_DATA} $? $@ - include ../config/Makefile.version diff --git a/src/rxkad/NTMakefile b/src/rxkad/NTMakefile index 1797072f6..00e71f130 100644 --- a/src/rxkad/NTMakefile +++ b/src/rxkad/NTMakefile @@ -47,17 +47,17 @@ $(LIBFILE): $(LIBOBJS) $(INCFILES):$$(@F) $(COPY) $** $(INCFILEDIR)\. - $(COPY) domestic\fcrypt.h $(INCFILEDIR)\. + $(COPY) fcrypt.h $(INCFILEDIR)\. rxkad.h rxkad_errs.c : rxkad_errs.et rxkad.p.h $(DEL) rxkad_errs.c $(COMPILE_ET) rxkad_errs -h rxkad -$(OUT)\fcrypt.obj: DOMESTIC\fcrypt.c DOMESTIC\fcrypt.h DOMESTIC\sboxes.h DOMESTIC\rxkad.h DOMESTIC\rxkad_prototypes.h - $(C2OBJ) DOMESTIC\fcrypt.c +$(OUT)\fcrypt.obj: fcrypt.c fcrypt.h sboxes.h rxkad.h rxkad_prototypes.h + $(C2OBJ) fcrypt.c -$(OUT)\crypt_conn.obj: DOMESTIC\crypt_conn.c DOMESTIC\fcrypt.h private_data.h - $(C2OBJ) DOMESTIC\crypt_conn.c +$(OUT)\crypt_conn.obj: crypt_conn.c fcrypt.h private_data.h + $(C2OBJ) crypt_conn.c install: $(INCFILES) $(LIBFILE) diff --git a/src/rxkad/crypt_conn.c b/src/rxkad/crypt_conn.c new file mode 100644 index 000000000..cf570a7d9 --- /dev/null +++ b/src/rxkad/crypt_conn.c @@ -0,0 +1,119 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +/* The rxkad security object. This contains packet processing routines that + * are prohibited from being exported. */ + + +#include +#ifdef KERNEL +#include "afs/param.h" +#else +#include +#endif + + +#ifdef KERNEL +#include "afs/stds.h" +#ifndef UKERNEL +#include "h/types.h" +#if defined(AFS_AIX_ENV) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_XBSD_ENV) +#include "h/systm.h" +#endif +#include "rx/rx.h" +#include "netinet/in.h" +#else /* !UKERNEL */ +#include "afs/sysincludes.h" +#include "rx/rx.h" +#endif /* !UKERNEL */ +#else /* !KERNEL */ +#include +#include +#include +#include +#ifdef AFS_NT40_ENV +#include +#else +#include +#endif +#endif /* KERNEL */ + +#include +#include "private_data.h" +#define XPRT_RXKAD_CRYPT + +afs_int32 +rxkad_DecryptPacket(const struct rx_connection *conn, + const fc_KeySchedule * schedule, + const fc_InitializationVector * ivec, const int inlen, + struct rx_packet *packet) +{ + afs_uint32 xor[2]; + struct rx_securityClass *obj; + struct rxkad_cprivate *tp; /* s & c have type at same offset */ + char *data; + int i, tlen, len; + + len = inlen; + + obj = rx_SecurityObjectOf(conn); + tp = (struct rxkad_cprivate *)obj->privateData; + ADD_RXKAD_STATS(bytesDecrypted[rxkad_TypeIndex(tp->type)],len); + memcpy((void *)xor, (void *)ivec, sizeof(xor)); + for (i = 0; len; i++) { + data = rx_data(packet, i, tlen); + if (!data || !tlen) + break; + tlen = MIN(len, tlen); + fc_cbc_encrypt(data, data, tlen, *schedule, xor, DECRYPT); + len -= tlen; + } + /* Do this if packet checksums are ever enabled (below), but + * current version just passes zero + afs_int32 cksum; + cksum = ntohl(rx_GetInt32(packet, 1)); + */ + return 0; +} + +afs_int32 +rxkad_EncryptPacket(const struct rx_connection * conn, + const fc_KeySchedule * schedule, + const fc_InitializationVector * ivec, const int inlen, + struct rx_packet * packet) +{ + afs_uint32 xor[2]; + struct rx_securityClass *obj; + struct rxkad_cprivate *tp; /* s & c have type at same offset */ + char *data; + int i, tlen, len; + + len = inlen; + + obj = rx_SecurityObjectOf(conn); + tp = (struct rxkad_cprivate *)obj->privateData; + ADD_RXKAD_STATS(bytesEncrypted[rxkad_TypeIndex(tp->type)],len); + /* + * afs_int32 cksum; + * cksum = htonl(0); + * * Future option to add cksum here, but for now we just put 0 + */ + rx_PutInt32(packet, 1 * sizeof(afs_int32), 0); + + memcpy((void *)xor, (void *)ivec, sizeof(xor)); + for (i = 0; len; i++) { + data = rx_data(packet, i, tlen); + if (!data || !tlen) + break; + tlen = MIN(len, tlen); + fc_cbc_encrypt(data, data, tlen, *schedule, xor, ENCRYPT); + len -= tlen; + } + return 0; +} diff --git a/src/rxkad/domestic/crypt_conn.c b/src/rxkad/domestic/crypt_conn.c deleted file mode 100644 index ab2d44ba5..000000000 --- a/src/rxkad/domestic/crypt_conn.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -/* The rxkad security object. This contains packet processing routines that - * are prohibited from being exported. */ - - -#include -#ifdef KERNEL -#include "afs/param.h" -#else -#include -#endif - - -#ifdef KERNEL -#include "afs/stds.h" -#ifndef UKERNEL -#include "h/types.h" -#if defined(AFS_AIX_ENV) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_XBSD_ENV) -#include "h/systm.h" -#endif -#include "rx/rx.h" -#include "netinet/in.h" -#else /* !UKERNEL */ -#include "afs/sysincludes.h" -#include "rx/rx.h" -#endif /* !UKERNEL */ -#else /* !KERNEL */ -#include -#include -#include -#include -#ifdef AFS_NT40_ENV -#include -#else -#include -#endif -#endif /* KERNEL */ - -#include -#include "../private_data.h" -#define XPRT_RXKAD_CRYPT - -afs_int32 -rxkad_DecryptPacket(const struct rx_connection *conn, - const fc_KeySchedule * schedule, - const fc_InitializationVector * ivec, const int inlen, - struct rx_packet *packet) -{ - afs_uint32 xor[2]; - struct rx_securityClass *obj; - struct rxkad_cprivate *tp; /* s & c have type at same offset */ - char *data; - int i, tlen, len; - - len = inlen; - - obj = rx_SecurityObjectOf(conn); - tp = (struct rxkad_cprivate *)obj->privateData; - ADD_RXKAD_STATS(bytesDecrypted[rxkad_TypeIndex(tp->type)],len); - memcpy((void *)xor, (void *)ivec, sizeof(xor)); - for (i = 0; len; i++) { - data = rx_data(packet, i, tlen); - if (!data || !tlen) - break; - tlen = MIN(len, tlen); - fc_cbc_encrypt(data, data, tlen, *schedule, xor, DECRYPT); - len -= tlen; - } - /* Do this if packet checksums are ever enabled (below), but - * current version just passes zero - afs_int32 cksum; - cksum = ntohl(rx_GetInt32(packet, 1)); - */ - return 0; -} - -afs_int32 -rxkad_EncryptPacket(const struct rx_connection * conn, - const fc_KeySchedule * schedule, - const fc_InitializationVector * ivec, const int inlen, - struct rx_packet * packet) -{ - afs_uint32 xor[2]; - struct rx_securityClass *obj; - struct rxkad_cprivate *tp; /* s & c have type at same offset */ - char *data; - int i, tlen, len; - - len = inlen; - - obj = rx_SecurityObjectOf(conn); - tp = (struct rxkad_cprivate *)obj->privateData; - ADD_RXKAD_STATS(bytesEncrypted[rxkad_TypeIndex(tp->type)],len); - /* - * afs_int32 cksum; - * cksum = htonl(0); - * * Future option to add cksum here, but for now we just put 0 - */ - rx_PutInt32(packet, 1 * sizeof(afs_int32), 0); - - memcpy((void *)xor, (void *)ivec, sizeof(xor)); - for (i = 0; len; i++) { - data = rx_data(packet, i, tlen); - if (!data || !tlen) - break; - tlen = MIN(len, tlen); - fc_cbc_encrypt(data, data, tlen, *schedule, xor, ENCRYPT); - len -= tlen; - } - return 0; -} diff --git a/src/rxkad/domestic/fcrypt.c b/src/rxkad/domestic/fcrypt.c deleted file mode 100644 index 6b2f88b13..000000000 --- a/src/rxkad/domestic/fcrypt.c +++ /dev/null @@ -1,260 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -/* NOTE: fc_cbc_encrypt now modifies its 5th argument, to permit chaining over - * scatter/gather vectors. - */ - - -#include -#ifdef KERNEL -#include "afs/param.h" -#else -#include -#endif - - -#define DEBUG 0 -#ifdef KERNEL -#ifndef UKERNEL -#include "afs/stds.h" -#if defined(AFS_AIX_ENV) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV) -#include "h/systm.h" -#endif -#include "h/types.h" -#if !defined(AFS_LINUX20_ENV) && !defined(AFS_OBSD_ENV) -#include "netinet/in.h" -#endif -#else /* UKERNEL */ -#include "afs/sysincludes.h" -#include "afs/stds.h" -#endif /* UKERNEL */ -#ifdef AFS_LINUX22_ENV -#include -#endif - -#else /* KERNEL */ - -#include -#include -#include -#ifdef AFS_NT40_ENV -#include -#else -#include -#endif -#include -#endif /* KERNEL */ - -#include "sboxes.h" -#include "fcrypt.h" -#include -#include - -#ifdef TCRYPT -int ROUNDS = 16; -#else -#define ROUNDS 16 -#endif - -#define XPRT_FCRYPT - -int -fc_keysched(struct ktc_encryptionKey *key, fc_KeySchedule schedule) -{ - unsigned char *keychar = (unsigned char *)key; - afs_uint32 kword[2]; - - unsigned int temp; - int i; - - /* first, flush the losing key parity bits. */ - kword[0] = (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[1] = kword[0] >> 4; /* get top 24 bits for hi word */ - kword[0] &= 0xf; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar++) >> 1; - kword[0] <<= 7; - kword[0] += (*keychar) >> 1; - - schedule[0] = kword[0]; - for (i = 1; i < ROUNDS; i++) { - /* rotate right 3 */ - temp = kword[0] & ((1 << 11) - 1); /* get 11 lsb */ - kword[0] = - (kword[0] >> 11) | ((kword[1] & ((1 << 11) - 1)) << (32 - 11)); - kword[1] = (kword[1] >> 11) | (temp << (56 - 32 - 11)); - schedule[i] = kword[0]; - } - INC_RXKAD_STATS(fc_key_scheds); - return 0; -} - -/* IN int encrypt; * 0 ==> decrypt, else encrypt */ -afs_int32 -fc_ecb_encrypt(void * clear, void * cipher, - const fc_KeySchedule schedule, int encrypt) -{ - afs_uint32 L, R; - volatile afs_uint32 S, P; - volatile unsigned char *Pchar = (unsigned char *)&P; - volatile unsigned char *Schar = (unsigned char *)&S; - int i; - -#ifndef WORDS_BIGENDIAN -#define Byte0 3 -#define Byte1 2 -#define Byte2 1 -#define Byte3 0 -#else -#define Byte0 0 -#define Byte1 1 -#define Byte2 2 -#define Byte3 3 -#endif - -#if 0 - memcpy(&L, clear, sizeof(afs_int32)); - memcpy(&R, clear + 1, sizeof(afs_int32)); -#else - L = ntohl(*((afs_uint32 *)clear)); - R = ntohl(*((afs_uint32 *)clear + 1)); -#endif - - if (encrypt) { - INC_RXKAD_STATS(fc_encrypts[ENCRYPT]); - for (i = 0; i < (ROUNDS / 2); i++) { - S = *schedule++ ^ R; /* xor R with key bits from schedule */ - Pchar[Byte2] = sbox0[Schar[Byte0]]; /* do 8-bit S Box subst. */ - Pchar[Byte3] = sbox1[Schar[Byte1]]; /* and permute the result */ - Pchar[Byte1] = sbox2[Schar[Byte2]]; - Pchar[Byte0] = sbox3[Schar[Byte3]]; - P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ - L ^= P; /* we're done with L, so save there */ - S = *schedule++ ^ L; /* this time xor with L */ - Pchar[Byte2] = sbox0[Schar[Byte0]]; - Pchar[Byte3] = sbox1[Schar[Byte1]]; - Pchar[Byte1] = sbox2[Schar[Byte2]]; - Pchar[Byte0] = sbox3[Schar[Byte3]]; - P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ - R ^= P; - } - } else { - INC_RXKAD_STATS(fc_encrypts[DECRYPT]); - schedule = &schedule[ROUNDS - 1]; /* start at end of key schedule */ - for (i = 0; i < (ROUNDS / 2); i++) { - S = *schedule-- ^ L; /* xor R with key bits from schedule */ - Pchar[Byte2] = sbox0[Schar[Byte0]]; /* do 8-bit S Box subst. and */ - Pchar[Byte3] = sbox1[Schar[Byte1]]; /* permute the result */ - Pchar[Byte1] = sbox2[Schar[Byte2]]; - Pchar[Byte0] = sbox3[Schar[Byte3]]; - P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ - R ^= P; /* we're done with L, so save there */ - S = *schedule-- ^ R; /* this time xor with L */ - Pchar[Byte2] = sbox0[Schar[Byte0]]; - Pchar[Byte3] = sbox1[Schar[Byte1]]; - Pchar[Byte1] = sbox2[Schar[Byte2]]; - Pchar[Byte0] = sbox3[Schar[Byte3]]; - P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ - L ^= P; - } - } -#if 0 - memcpy(cipher, &L, sizeof(afs_int32)); - memcpy(cipher + 1, &R, sizeof(afs_int32)); -#else - *((afs_int32 *)cipher) = htonl(L); - *((afs_int32 *)cipher + 1) = htonl(R); -#endif - return 0; -} - -/* Crypting can be done in segments by recycling xor. All but the final segment must - * be multiples of 8 bytes. - * NOTE: fc_cbc_encrypt now modifies its 5th argument, to permit chaining over - * scatter/gather vectors. - */ -/* - afs_int32 length; * in bytes * - int encrypt; * 0 ==> decrypt, else encrypt * - fc_KeySchedule key; * precomputed key schedule * - afs_uint32 *xor; * 8 bytes of initialization vector * -*/ -afs_int32 -fc_cbc_encrypt(void *input, void *output, afs_int32 length, - const fc_KeySchedule key, afs_uint32 * xor, int encrypt) -{ - afs_uint32 i, j; - afs_uint32 t_input[2]; - afs_uint32 t_output[2]; - unsigned char *t_in_p = (unsigned char *)t_input; - - if (encrypt) { - for (i = 0; length > 0; i++, length -= 8) { - /* get input */ - memcpy(t_input, input, sizeof(t_input)); - input=((char *)input) + sizeof(t_input); - - /* zero pad */ - for (j = length; j <= 7; j++) - *(t_in_p + j) = 0; - - /* do the xor for cbc into the temp */ - xor[0] ^= t_input[0]; - xor[1] ^= t_input[1]; - /* encrypt */ - fc_ecb_encrypt(xor, t_output, key, encrypt); - - /* copy temp output and save it for cbc */ - memcpy(output, t_output, sizeof(t_output)); - output=(char *)output + sizeof(t_output); - - /* calculate xor value for next round from plain & cipher text */ - xor[0] = t_input[0] ^ t_output[0]; - xor[1] = t_input[1] ^ t_output[1]; - - - } - t_output[0] = 0; - t_output[1] = 0; - } else { - /* decrypt */ - for (i = 0; length > 0; i++, length -= 8) { - /* get input */ - memcpy(t_input, input, sizeof(t_input)); - input=((char *)input) + sizeof(t_input); - - /* no padding for decrypt */ - fc_ecb_encrypt(t_input, t_output, key, encrypt); - - /* do the xor for cbc into the output */ - t_output[0] ^= xor[0]; - t_output[1] ^= xor[1]; - - /* copy temp output */ - memcpy(output, t_output, sizeof(t_output)); - output=((char *)output) + sizeof(t_output); - - /* calculate xor value for next round from plain & cipher text */ - xor[0] = t_input[0] ^ t_output[0]; - xor[1] = t_input[1] ^ t_output[1]; - } - } - return 0; -} diff --git a/src/rxkad/domestic/fcrypt.h b/src/rxkad/domestic/fcrypt.h deleted file mode 100644 index 5d0180881..000000000 --- a/src/rxkad/domestic/fcrypt.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -/* - * Revision 2.1 90/08/07 19:33:16 - * Start with clean version to sync test and dev trees. - * - */ - -#ifndef OPENAFS_RXKAD_FCRYPT_H -#define OPENAFS_RXKAD_FCRYPT_H - -#ifdef ENCRYPTIONBLOCKSIZE -#undef ENCRYPTIONBLOCKSIZE -#endif -#define ENCRYPTIONBLOCKSIZE 8 - -typedef afs_int32 fc_InitializationVector[ENCRYPTIONBLOCKSIZE / 4]; - -#ifdef MAXROUNDS -#undef MAXROUNDS -#endif -#define MAXROUNDS 16 -typedef afs_int32 fc_KeySchedule[MAXROUNDS]; - -#ifndef ENCRYPT -#define ENCRYPT 1 -#define DECRYPT 0 -#endif - -#endif diff --git a/src/rxkad/domestic/sboxes.h b/src/rxkad/domestic/sboxes.h deleted file mode 100644 index 427f634c4..000000000 --- a/src/rxkad/domestic/sboxes.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -/* - * Revision 1.2 88/11/18 15:13:00 - * remove spurious rcsid dcl - * - * Revision 1.1 88/11/18 10:43:25 - * Initial revision - * */ - -static const unsigned char sbox0[256] = { - 0xea, 0x7f, 0xb2, 0x64, 0x9d, 0xb0, 0xd9, 0x11, 0xcd, 0x86, 0x86, - 0x91, 0x0a, 0xb2, 0x93, 0x06, 0x0e, 0x06, 0xd2, 0x65, 0x73, 0xc5, - 0x28, 0x60, 0xf2, 0x20, 0xb5, 0x38, 0x7e, 0xda, 0x9f, 0xe3, 0xd2, - 0xcf, 0xc4, 0x3c, 0x61, 0xff, 0x4a, 0x4a, 0x35, 0xac, 0xaa, 0x5f, - 0x2b, 0xbb, 0xbc, 0x53, 0x4e, 0x9d, 0x78, 0xa3, 0xdc, 0x09, 0x32, - 0x10, 0xc6, 0x6f, 0x66, 0xd6, 0xab, 0xa9, 0xaf, 0xfd, 0x3b, 0x95, - 0xe8, 0x34, 0x9a, 0x81, 0x72, 0x80, 0x9c, 0xf3, 0xec, 0xda, 0x9f, - 0x26, 0x76, 0x15, 0x3e, 0x55, 0x4d, 0xde, 0x84, 0xee, 0xad, 0xc7, - 0xf1, 0x6b, 0x3d, 0xd3, 0x04, 0x49, 0xaa, 0x24, 0x0b, 0x8a, 0x83, - 0xba, 0xfa, 0x85, 0xa0, 0xa8, 0xb1, 0xd4, 0x01, 0xd8, 0x70, 0x64, - 0xf0, 0x51, 0xd2, 0xc3, 0xa7, 0x75, 0x8c, 0xa5, 0x64, 0xef, 0x10, - 0x4e, 0xb7, 0xc6, 0x61, 0x03, 0xeb, 0x44, 0x3d, 0xe5, 0xb3, 0x5b, - 0xae, 0xd5, 0xad, 0x1d, 0xfa, 0x5a, 0x1e, 0x33, 0xab, 0x93, 0xa2, - 0xb7, 0xe7, 0xa8, 0x45, 0xa4, 0xcd, 0x29, 0x63, 0x44, 0xb6, 0x69, - 0x7e, 0x2e, 0x62, 0x03, 0xc8, 0xe0, 0x17, 0xbb, 0xc7, 0xf3, 0x3f, - 0x36, 0xba, 0x71, 0x8e, 0x97, 0x65, 0x60, 0x69, 0xb6, 0xf6, 0xe6, - 0x6e, 0xe0, 0x81, 0x59, 0xe8, 0xaf, 0xdd, 0x95, 0x22, 0x99, 0xfd, - 0x63, 0x19, 0x74, 0x61, 0xb1, 0xb6, 0x5b, 0xae, 0x54, 0xb3, 0x70, - 0xff, 0xc6, 0x3b, 0x3e, 0xc1, 0xd7, 0xe1, 0x0e, 0x76, 0xe5, 0x36, - 0x4f, 0x59, 0xc7, 0x08, 0x6e, 0x82, 0xa6, 0x93, 0xc4, 0xaa, 0x26, - 0x49, 0xe0, 0x21, 0x64, 0x07, 0x9f, 0x64, 0x81, 0x9c, 0xbf, 0xf9, - 0xd1, 0x43, 0xf8, 0xb6, 0xb9, 0xf1, 0x24, 0x75, 0x03, 0xe4, 0xb0, - 0x99, 0x46, 0x3d, 0xf5, 0xd1, 0x39, 0x72, 0x12, 0xf6, 0xba, 0x0c, - 0x0d, 0x42, 0x2e -}; -static const unsigned char sbox1[256] = { - 0x77, 0x14, 0xa6, 0xfe, 0xb2, 0x5e, 0x8c, 0x3e, 0x67, 0x6c, 0xa1, - 0x0d, 0xc2, 0xa2, 0xc1, 0x85, 0x6c, 0x7b, 0x67, 0xc6, 0x23, 0xe3, - 0xf2, 0x89, 0x50, 0x9c, 0x03, 0xb7, 0x73, 0xe6, 0xe1, 0x39, 0x31, - 0x2c, 0x27, 0x9f, 0xa5, 0x69, 0x44, 0xd6, 0x23, 0x83, 0x98, 0x7d, - 0x3c, 0xb4, 0x2d, 0x99, 0x1c, 0x1f, 0x8c, 0x20, 0x03, 0x7c, 0x5f, - 0xad, 0xf4, 0xfa, 0x95, 0xca, 0x76, 0x44, 0xcd, 0xb6, 0xb8, 0xa1, - 0xa1, 0xbe, 0x9e, 0x54, 0x8f, 0x0b, 0x16, 0x74, 0x31, 0x8a, 0x23, - 0x17, 0x04, 0xfa, 0x79, 0x84, 0xb1, 0xf5, 0x13, 0xab, 0xb5, 0x2e, - 0xaa, 0x0c, 0x60, 0x6b, 0x5b, 0xc4, 0x4b, 0xbc, 0xe2, 0xaf, 0x45, - 0x73, 0xfa, 0xc9, 0x49, 0xcd, 0000, 0x92, 0x7d, 0x97, 0x7a, 0x18, - 0x60, 0x3d, 0xcf, 0x5b, 0xde, 0xc6, 0xe2, 0xe6, 0xbb, 0x8b, 0x06, - 0xda, 0x08, 0x15, 0x1b, 0x88, 0x6a, 0x17, 0x89, 0xd0, 0xa9, 0xc1, - 0xc9, 0x70, 0x6b, 0xe5, 0x43, 0xf4, 0x68, 0xc8, 0xd3, 0x84, 0x28, - 0x0a, 0x52, 0x66, 0xa3, 0xca, 0xf2, 0xe3, 0x7f, 0x7a, 0x31, 0xf7, - 0x88, 0x94, 0x5e, 0x9c, 0x63, 0xd5, 0x24, 0x66, 0xfc, 0xb3, 0x57, - 0x25, 0xbe, 0x89, 0x44, 0xc4, 0xe0, 0x8f, 0x23, 0x3c, 0x12, 0x52, - 0xf5, 0x1e, 0xf4, 0xcb, 0x18, 0x33, 0x1f, 0xf8, 0x69, 0x10, 0x9d, - 0xd3, 0xf7, 0x28, 0xf8, 0x30, 0x05, 0x5e, 0x32, 0xc0, 0xd5, 0x19, - 0xbd, 0x45, 0x8b, 0x5b, 0xfd, 0xbc, 0xe2, 0x5c, 0xa9, 0x96, 0xef, - 0x70, 0xcf, 0xc2, 0x2a, 0xb3, 0x61, 0xad, 0x80, 0x48, 0x81, 0xb7, - 0x1d, 0x43, 0xd9, 0xd7, 0x45, 0xf0, 0xd8, 0x8a, 0x59, 0x7c, 0x57, - 0xc1, 0x79, 0xc7, 0x34, 0xd6, 0x43, 0xdf, 0xe4, 0x78, 0x16, 0x06, - 0xda, 0x92, 0x76, 0x51, 0xe1, 0xd4, 0x70, 0x03, 0xe0, 0x2f, 0x96, - 0x91, 0x82, 0x80 -}; -static const unsigned char sbox2[256] = { - 0xf0, 0x37, 0x24, 0x53, 0x2a, 0x03, 0x83, 0x86, 0xd1, 0xec, 0x50, - 0xf0, 0x42, 0x78, 0x2f, 0x6d, 0xbf, 0x80, 0x87, 0x27, 0x95, 0xe2, - 0xc5, 0x5d, 0xf9, 0x6f, 0xdb, 0xb4, 0x65, 0x6e, 0xe7, 0x24, 0xc8, - 0x1a, 0xbb, 0x49, 0xb5, 0x0a, 0x7d, 0xb9, 0xe8, 0xdc, 0xb7, 0xd9, - 0x45, 0x20, 0x1b, 0xce, 0x59, 0x9d, 0x6b, 0xbd, 0x0e, 0x8f, 0xa3, - 0xa9, 0xbc, 0x74, 0xa6, 0xf6, 0x7f, 0x5f, 0xb1, 0x68, 0x84, 0xbc, - 0xa9, 0xfd, 0x55, 0x50, 0xe9, 0xb6, 0x13, 0x5e, 0x07, 0xb8, 0x95, - 0x02, 0xc0, 0xd0, 0x6a, 0x1a, 0x85, 0xbd, 0xb6, 0xfd, 0xfe, 0x17, - 0x3f, 0x09, 0xa3, 0x8d, 0xfb, 0xed, 0xda, 0x1d, 0x6d, 0x1c, 0x6c, - 0x01, 0x5a, 0xe5, 0x71, 0x3e, 0x8b, 0x6b, 0xbe, 0x29, 0xeb, 0x12, - 0x19, 0x34, 0xcd, 0xb3, 0xbd, 0x35, 0xea, 0x4b, 0xd5, 0xae, 0x2a, - 0x79, 0x5a, 0xa5, 0x32, 0x12, 0x7b, 0xdc, 0x2c, 0xd0, 0x22, 0x4b, - 0xb1, 0x85, 0x59, 0x80, 0xc0, 0x30, 0x9f, 0x73, 0xd3, 0x14, 0x48, - 0x40, 0x07, 0x2d, 0x8f, 0x80, 0x0f, 0xce, 0x0b, 0x5e, 0xb7, 0x5e, - 0xac, 0x24, 0x94, 0x4a, 0x18, 0x15, 0x05, 0xe8, 0x02, 0x77, 0xa9, - 0xc7, 0x40, 0x45, 0x89, 0xd1, 0xea, 0xde, 0x0c, 0x79, 0x2a, 0x99, - 0x6c, 0x3e, 0x95, 0xdd, 0x8c, 0x7d, 0xad, 0x6f, 0xdc, 0xff, 0xfd, - 0x62, 0x47, 0xb3, 0x21, 0x8a, 0xec, 0x8e, 0x19, 0x18, 0xb4, 0x6e, - 0x3d, 0xfd, 0x74, 0x54, 0x1e, 0x04, 0x85, 0xd8, 0xbc, 0x1f, 0x56, - 0xe7, 0x3a, 0x56, 0x67, 0xd6, 0xc8, 0xa5, 0xf3, 0x8e, 0xde, 0xae, - 0x37, 0x49, 0xb7, 0xfa, 0xc8, 0xf4, 0x1f, 0xe0, 0x2a, 0x9b, 0x15, - 0xd1, 0x34, 0x0e, 0xb5, 0xe0, 0x44, 0x78, 0x84, 0x59, 0x56, 0x68, - 0x77, 0xa5, 0x14, 0x06, 0xf5, 0x2f, 0x8c, 0x8a, 0x73, 0x80, 0x76, - 0xb4, 0x10, 0x86 -}; -static const unsigned char sbox3[256] = { - 0xa9, 0x2a, 0x48, 0x51, 0x84, 0x7e, 0x49, 0xe2, 0xb5, 0xb7, 0x42, - 0x33, 0x7d, 0x5d, 0xa6, 0x12, 0x44, 0x48, 0x6d, 0x28, 0xaa, 0x20, - 0x6d, 0x57, 0xd6, 0x6b, 0x5d, 0x72, 0xf0, 0x92, 0x5a, 0x1b, 0x53, - 0x80, 0x24, 0x70, 0x9a, 0xcc, 0xa7, 0x66, 0xa1, 0x01, 0xa5, 0x41, - 0x97, 0x41, 0x31, 0x82, 0xf1, 0x14, 0xcf, 0x53, 0x0d, 0xa0, 0x10, - 0xcc, 0x2a, 0x7d, 0xd2, 0xbf, 0x4b, 0x1a, 0xdb, 0x16, 0x47, 0xf6, - 0x51, 0x36, 0xed, 0xf3, 0xb9, 0x1a, 0xa7, 0xdf, 0x29, 0x43, 0x01, - 0x54, 0x70, 0xa4, 0xbf, 0xd4, 0x0b, 0x53, 0x44, 0x60, 0x9e, 0x23, - 0xa1, 0x18, 0x68, 0x4f, 0xf0, 0x2f, 0x82, 0xc2, 0x2a, 0x41, 0xb2, - 0x42, 0x0c, 0xed, 0x0c, 0x1d, 0x13, 0x3a, 0x3c, 0x6e, 0x35, 0xdc, - 0x60, 0x65, 0x85, 0xe9, 0x64, 0x02, 0x9a, 0x3f, 0x9f, 0x87, 0x96, - 0xdf, 0xbe, 0xf2, 0xcb, 0xe5, 0x6c, 0xd4, 0x5a, 0x83, 0xbf, 0x92, - 0x1b, 0x94, 0000, 0x42, 0xcf, 0x4b, 0000, 0x75, 0xba, 0x8f, 0x76, - 0x5f, 0x5d, 0x3a, 0x4d, 0x09, 0x12, 0x08, 0x38, 0x95, 0x17, 0xe4, - 0x01, 0x1d, 0x4c, 0xa9, 0xcc, 0x85, 0x82, 0x4c, 0x9d, 0x2f, 0x3b, - 0x66, 0xa1, 0x34, 0x10, 0xcd, 0x59, 0x89, 0xa5, 0x31, 0xcf, 0x05, - 0xc8, 0x84, 0xfa, 0xc7, 0xba, 0x4e, 0x8b, 0x1a, 0x19, 0xf1, 0xa1, - 0x3b, 0x18, 0x12, 0x17, 0xb0, 0x98, 0x8d, 0x0b, 0x23, 0xc3, 0x3a, - 0x2d, 0x20, 0xdf, 0x13, 0xa0, 0xa8, 0x4c, 0x0d, 0x6c, 0x2f, 0x47, - 0x13, 0x13, 0x52, 0x1f, 0x2d, 0xf5, 0x79, 0x3d, 0xa2, 0x54, 0xbd, - 0x69, 0xc8, 0x6b, 0xf3, 0x05, 0x28, 0xf1, 0x16, 0x46, 0x40, 0xb0, - 0x11, 0xd3, 0xb7, 0x95, 0x49, 0xcf, 0xc3, 0x1d, 0x8f, 0xd8, 0xe1, - 0x73, 0xdb, 0xad, 0xc8, 0xc9, 0xa9, 0xa1, 0xc2, 0xc5, 0xe3, 0xba, - 0xfc, 0x0e, 0x25 -}; diff --git a/src/rxkad/domestic/tcrypt.c b/src/rxkad/domestic/tcrypt.c deleted file mode 100644 index 712e599e2..000000000 --- a/src/rxkad/domestic/tcrypt.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -#include -#include - - -#include -#include -#include -#include "fcrypt.h" - - -#ifdef TCRYPT -extern int ROUNDS; -#else -#define ROUNDS 16 -#endif - -struct ktc_encryptionKey { - char data[8]; -}; - -void -print_msg(text, msg, length) - char *text; - afs_int32 msg[]; - int length; -{ - int i; - unsigned char *msgtext = (unsigned char *)msg; - int cksum; - - if (length % 8 != 0) { - printf("Length of message (%d) incorrect\n", length); - return; - } - printf("%s\n", text); - for (i = 0; i < length; i += 8) { - unsigned char *m = msgtext + i; - printf("%02x%02x%02x%02x %02x%02x%02x%02x", m[0], m[1], m[2], m[3], - m[4], m[5], m[6], m[7]); - printf(" "); - } - cksum = 0; - for (i = 0; i < length; i++) - cksum += *(i + msgtext); - printf(" (%4x)\n", cksum & 0xffff); -} - -static int total_diff, minimum_diff, number_diff; - -compare(orig, chgd) - afs_uint32 orig[2]; - afs_uint32 chgd[2]; -{ - afs_uint32 temp; - int diff = 0; - - for (temp = orig[0] ^ chgd[0]; temp; temp >>= 1) - diff += temp & 1; - for (temp = orig[1] ^ chgd[1]; temp; temp >>= 1) - diff += temp & 1; - printf("%.8x %.8x (%d)\n", chgd[0], chgd[1], diff); - number_diff++; - total_diff += diff; - minimum_diff = (diff < minimum_diff) ? diff : minimum_diff; -} - -#include "AFS_component_version_number.c" - -int -main(argc, argv) - int argc; - char *argv[]; -{ - struct ktc_encryptionKey key; - fc_KeySchedule schedule; - afs_int32 e[2]; - afs_int32 d[2]; - afs_int32 c[2]; - int i; - int iterations; - int for_time = (argc > 1) && (strcmp(argv[1], "time") == 0); - int for_time_key = (argc > 1) && (strcmp(argv[1], "time_key") == 0); - int for_cbc = (argc > 1) && (strcmp(argv[1], "cbc") == 0); - - if (for_time || for_time_key) { - if (argc == 3) - iterations = atoi(argv[2]); - else - iterations = 10000; - } - - if (for_time) - for (i = 0; i < iterations; i++) - fc_ecb_encrypt(e, d, schedule, 1); - else if (for_time_key) - for (i = 0; i < iterations; i++) - fc_keysched(&key, schedule); - else if (for_cbc) { - afs_int32 msg[10]; - afs_int32 out[10]; - afs_int32 dec[10]; - afs_uint32 xor[2]; - - for (i = 0; i < 10; i++) - msg[i] = htonl(i); - memcpy(&key, "abcdefgh", sizeof(struct ktc_encryptionKey)); - fc_keysched(&key, schedule); - print_msg("Starting msg is:", msg, sizeof(msg)); - memcpy(xor, &key, 2 * sizeof(afs_int32)); - fc_cbc_encrypt(msg, out, sizeof(msg), schedule, &key, ENCRYPT); - memcpy(xor, &key, 2 * sizeof(afs_int32)); - fc_cbc_encrypt(out, dec, sizeof(msg), schedule, &key, DECRYPT); - if (memcmp(msg, dec, sizeof(msg)) != 0) - printf("Encryption FAILED!\n"); - print_msg("Encrypted is:", out, sizeof(out)); - print_msg("Decrypted is:", dec, sizeof(dec)); - } else { - int rounds; -#ifndef TCRYPT - printf - ("Number of rounds is fixed at %d; try recompiling w/ -DTCRYPT=1\n", - ROUNDS); -#endif - e[0] = 0x11111111; - e[1] = 0xaaaaaaaa; - memcpy(&key, "abcdefgh", sizeof(struct ktc_encryptionKey)); - for (rounds = 2; rounds <= MAXROUNDS; rounds += 2) { -#ifdef TCRYPT - ROUNDS = rounds; -#endif - printf("\n ROUNDS = %d\n", ROUNDS); - total_diff = 0; - minimum_diff = 64; - number_diff = 0; - - fc_keysched(&key, schedule); - fc_ecb_encrypt(e, d, schedule, 1); - - printf("Checking data bits\n"); - for (i = 1; i; i <<= 1) { - e[0] ^= i; - fc_ecb_encrypt(e, c, schedule, 1); - compare(d, c); - e[0] ^= i; - e[1] ^= i; - fc_ecb_encrypt(e, c, schedule, 1); - compare(d, c); - e[1] ^= i; - } - printf("Checking key bits\n"); - for (i = 0; i < 56; i++) { - unsigned char *keyByte; - keyByte = ((unsigned char *)(&key)) + i / 7; - *keyByte ^= (2 << (i % 7)); - fc_keysched(&key, schedule); - fc_ecb_encrypt(e, c, schedule, 1); - compare(d, c); - *keyByte ^= (2 << (i % 7)); - } - print_msg("clear: ", e, sizeof(e)); - - print_msg("Encrypted: ", d, sizeof(d)); - - fc_keysched(&key, schedule); - fc_ecb_encrypt(d, e, schedule, 0); - print_msg("De-encrypted: ", e, sizeof(e)); - printf("Rounds=%d, average diff = %d bits, minimum diff = %d\n", - ROUNDS, total_diff / number_diff, minimum_diff); - } - } -} diff --git a/src/rxkad/fcrypt.c b/src/rxkad/fcrypt.c new file mode 100644 index 000000000..6b2f88b13 --- /dev/null +++ b/src/rxkad/fcrypt.c @@ -0,0 +1,260 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +/* NOTE: fc_cbc_encrypt now modifies its 5th argument, to permit chaining over + * scatter/gather vectors. + */ + + +#include +#ifdef KERNEL +#include "afs/param.h" +#else +#include +#endif + + +#define DEBUG 0 +#ifdef KERNEL +#ifndef UKERNEL +#include "afs/stds.h" +#if defined(AFS_AIX_ENV) || defined(AFS_AUX_ENV) || defined(AFS_SUN5_ENV) +#include "h/systm.h" +#endif +#include "h/types.h" +#if !defined(AFS_LINUX20_ENV) && !defined(AFS_OBSD_ENV) +#include "netinet/in.h" +#endif +#else /* UKERNEL */ +#include "afs/sysincludes.h" +#include "afs/stds.h" +#endif /* UKERNEL */ +#ifdef AFS_LINUX22_ENV +#include +#endif + +#else /* KERNEL */ + +#include +#include +#include +#ifdef AFS_NT40_ENV +#include +#else +#include +#endif +#include +#endif /* KERNEL */ + +#include "sboxes.h" +#include "fcrypt.h" +#include +#include + +#ifdef TCRYPT +int ROUNDS = 16; +#else +#define ROUNDS 16 +#endif + +#define XPRT_FCRYPT + +int +fc_keysched(struct ktc_encryptionKey *key, fc_KeySchedule schedule) +{ + unsigned char *keychar = (unsigned char *)key; + afs_uint32 kword[2]; + + unsigned int temp; + int i; + + /* first, flush the losing key parity bits. */ + kword[0] = (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[1] = kword[0] >> 4; /* get top 24 bits for hi word */ + kword[0] &= 0xf; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar++) >> 1; + kword[0] <<= 7; + kword[0] += (*keychar) >> 1; + + schedule[0] = kword[0]; + for (i = 1; i < ROUNDS; i++) { + /* rotate right 3 */ + temp = kword[0] & ((1 << 11) - 1); /* get 11 lsb */ + kword[0] = + (kword[0] >> 11) | ((kword[1] & ((1 << 11) - 1)) << (32 - 11)); + kword[1] = (kword[1] >> 11) | (temp << (56 - 32 - 11)); + schedule[i] = kword[0]; + } + INC_RXKAD_STATS(fc_key_scheds); + return 0; +} + +/* IN int encrypt; * 0 ==> decrypt, else encrypt */ +afs_int32 +fc_ecb_encrypt(void * clear, void * cipher, + const fc_KeySchedule schedule, int encrypt) +{ + afs_uint32 L, R; + volatile afs_uint32 S, P; + volatile unsigned char *Pchar = (unsigned char *)&P; + volatile unsigned char *Schar = (unsigned char *)&S; + int i; + +#ifndef WORDS_BIGENDIAN +#define Byte0 3 +#define Byte1 2 +#define Byte2 1 +#define Byte3 0 +#else +#define Byte0 0 +#define Byte1 1 +#define Byte2 2 +#define Byte3 3 +#endif + +#if 0 + memcpy(&L, clear, sizeof(afs_int32)); + memcpy(&R, clear + 1, sizeof(afs_int32)); +#else + L = ntohl(*((afs_uint32 *)clear)); + R = ntohl(*((afs_uint32 *)clear + 1)); +#endif + + if (encrypt) { + INC_RXKAD_STATS(fc_encrypts[ENCRYPT]); + for (i = 0; i < (ROUNDS / 2); i++) { + S = *schedule++ ^ R; /* xor R with key bits from schedule */ + Pchar[Byte2] = sbox0[Schar[Byte0]]; /* do 8-bit S Box subst. */ + Pchar[Byte3] = sbox1[Schar[Byte1]]; /* and permute the result */ + Pchar[Byte1] = sbox2[Schar[Byte2]]; + Pchar[Byte0] = sbox3[Schar[Byte3]]; + P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ + L ^= P; /* we're done with L, so save there */ + S = *schedule++ ^ L; /* this time xor with L */ + Pchar[Byte2] = sbox0[Schar[Byte0]]; + Pchar[Byte3] = sbox1[Schar[Byte1]]; + Pchar[Byte1] = sbox2[Schar[Byte2]]; + Pchar[Byte0] = sbox3[Schar[Byte3]]; + P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ + R ^= P; + } + } else { + INC_RXKAD_STATS(fc_encrypts[DECRYPT]); + schedule = &schedule[ROUNDS - 1]; /* start at end of key schedule */ + for (i = 0; i < (ROUNDS / 2); i++) { + S = *schedule-- ^ L; /* xor R with key bits from schedule */ + Pchar[Byte2] = sbox0[Schar[Byte0]]; /* do 8-bit S Box subst. and */ + Pchar[Byte3] = sbox1[Schar[Byte1]]; /* permute the result */ + Pchar[Byte1] = sbox2[Schar[Byte2]]; + Pchar[Byte0] = sbox3[Schar[Byte3]]; + P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ + R ^= P; /* we're done with L, so save there */ + S = *schedule-- ^ R; /* this time xor with L */ + Pchar[Byte2] = sbox0[Schar[Byte0]]; + Pchar[Byte3] = sbox1[Schar[Byte1]]; + Pchar[Byte1] = sbox2[Schar[Byte2]]; + Pchar[Byte0] = sbox3[Schar[Byte3]]; + P = (P >> 5) | ((P & ((1 << 5) - 1)) << (32 - 5)); /* right rot 5 bits */ + L ^= P; + } + } +#if 0 + memcpy(cipher, &L, sizeof(afs_int32)); + memcpy(cipher + 1, &R, sizeof(afs_int32)); +#else + *((afs_int32 *)cipher) = htonl(L); + *((afs_int32 *)cipher + 1) = htonl(R); +#endif + return 0; +} + +/* Crypting can be done in segments by recycling xor. All but the final segment must + * be multiples of 8 bytes. + * NOTE: fc_cbc_encrypt now modifies its 5th argument, to permit chaining over + * scatter/gather vectors. + */ +/* + afs_int32 length; * in bytes * + int encrypt; * 0 ==> decrypt, else encrypt * + fc_KeySchedule key; * precomputed key schedule * + afs_uint32 *xor; * 8 bytes of initialization vector * +*/ +afs_int32 +fc_cbc_encrypt(void *input, void *output, afs_int32 length, + const fc_KeySchedule key, afs_uint32 * xor, int encrypt) +{ + afs_uint32 i, j; + afs_uint32 t_input[2]; + afs_uint32 t_output[2]; + unsigned char *t_in_p = (unsigned char *)t_input; + + if (encrypt) { + for (i = 0; length > 0; i++, length -= 8) { + /* get input */ + memcpy(t_input, input, sizeof(t_input)); + input=((char *)input) + sizeof(t_input); + + /* zero pad */ + for (j = length; j <= 7; j++) + *(t_in_p + j) = 0; + + /* do the xor for cbc into the temp */ + xor[0] ^= t_input[0]; + xor[1] ^= t_input[1]; + /* encrypt */ + fc_ecb_encrypt(xor, t_output, key, encrypt); + + /* copy temp output and save it for cbc */ + memcpy(output, t_output, sizeof(t_output)); + output=(char *)output + sizeof(t_output); + + /* calculate xor value for next round from plain & cipher text */ + xor[0] = t_input[0] ^ t_output[0]; + xor[1] = t_input[1] ^ t_output[1]; + + + } + t_output[0] = 0; + t_output[1] = 0; + } else { + /* decrypt */ + for (i = 0; length > 0; i++, length -= 8) { + /* get input */ + memcpy(t_input, input, sizeof(t_input)); + input=((char *)input) + sizeof(t_input); + + /* no padding for decrypt */ + fc_ecb_encrypt(t_input, t_output, key, encrypt); + + /* do the xor for cbc into the output */ + t_output[0] ^= xor[0]; + t_output[1] ^= xor[1]; + + /* copy temp output */ + memcpy(output, t_output, sizeof(t_output)); + output=((char *)output) + sizeof(t_output); + + /* calculate xor value for next round from plain & cipher text */ + xor[0] = t_input[0] ^ t_output[0]; + xor[1] = t_input[1] ^ t_output[1]; + } + } + return 0; +} diff --git a/src/rxkad/fcrypt.h b/src/rxkad/fcrypt.h new file mode 100644 index 000000000..5d0180881 --- /dev/null +++ b/src/rxkad/fcrypt.h @@ -0,0 +1,37 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +/* + * Revision 2.1 90/08/07 19:33:16 + * Start with clean version to sync test and dev trees. + * + */ + +#ifndef OPENAFS_RXKAD_FCRYPT_H +#define OPENAFS_RXKAD_FCRYPT_H + +#ifdef ENCRYPTIONBLOCKSIZE +#undef ENCRYPTIONBLOCKSIZE +#endif +#define ENCRYPTIONBLOCKSIZE 8 + +typedef afs_int32 fc_InitializationVector[ENCRYPTIONBLOCKSIZE / 4]; + +#ifdef MAXROUNDS +#undef MAXROUNDS +#endif +#define MAXROUNDS 16 +typedef afs_int32 fc_KeySchedule[MAXROUNDS]; + +#ifndef ENCRYPT +#define ENCRYPT 1 +#define DECRYPT 0 +#endif + +#endif diff --git a/src/rxkad/libafsdep b/src/rxkad/libafsdep index e2254c576..ddf830fa5 100644 --- a/src/rxkad/libafsdep +++ b/src/rxkad/libafsdep @@ -3,4 +3,8 @@ rxkad_prototypes.h rxkad_client.[ch] rxkad_common.c private_data.h -domestic/*.[ch] +crypt_conn.c +fcrypt.c +fcrypt.h +sboxes.h +tcrypt.c diff --git a/src/rxkad/rxkad_prototypes.h b/src/rxkad/rxkad_prototypes.h index 505a65e8f..36b8938aa 100644 --- a/src/rxkad/rxkad_prototypes.h +++ b/src/rxkad/rxkad_prototypes.h @@ -19,7 +19,7 @@ #include #endif -/* domestic/crypt_conn.c */ +/* crypt_conn.c */ extern afs_int32 rxkad_DecryptPacket(const struct rx_connection *conn, const fc_KeySchedule * schedule, const fc_InitializationVector * ivec, @@ -30,7 +30,7 @@ extern afs_int32 rxkad_EncryptPacket(const struct rx_connection *conn, const int len, struct rx_packet *packet); -/* domestic/fcrypt.c */ +/* fcrypt.c */ extern int fc_keysched(struct ktc_encryptionKey *key, fc_KeySchedule schedule); extern afs_int32 fc_ecb_encrypt(void * clear, void * cipher, diff --git a/src/rxkad/sboxes.h b/src/rxkad/sboxes.h new file mode 100644 index 000000000..427f634c4 --- /dev/null +++ b/src/rxkad/sboxes.h @@ -0,0 +1,121 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +/* + * Revision 1.2 88/11/18 15:13:00 + * remove spurious rcsid dcl + * + * Revision 1.1 88/11/18 10:43:25 + * Initial revision + * */ + +static const unsigned char sbox0[256] = { + 0xea, 0x7f, 0xb2, 0x64, 0x9d, 0xb0, 0xd9, 0x11, 0xcd, 0x86, 0x86, + 0x91, 0x0a, 0xb2, 0x93, 0x06, 0x0e, 0x06, 0xd2, 0x65, 0x73, 0xc5, + 0x28, 0x60, 0xf2, 0x20, 0xb5, 0x38, 0x7e, 0xda, 0x9f, 0xe3, 0xd2, + 0xcf, 0xc4, 0x3c, 0x61, 0xff, 0x4a, 0x4a, 0x35, 0xac, 0xaa, 0x5f, + 0x2b, 0xbb, 0xbc, 0x53, 0x4e, 0x9d, 0x78, 0xa3, 0xdc, 0x09, 0x32, + 0x10, 0xc6, 0x6f, 0x66, 0xd6, 0xab, 0xa9, 0xaf, 0xfd, 0x3b, 0x95, + 0xe8, 0x34, 0x9a, 0x81, 0x72, 0x80, 0x9c, 0xf3, 0xec, 0xda, 0x9f, + 0x26, 0x76, 0x15, 0x3e, 0x55, 0x4d, 0xde, 0x84, 0xee, 0xad, 0xc7, + 0xf1, 0x6b, 0x3d, 0xd3, 0x04, 0x49, 0xaa, 0x24, 0x0b, 0x8a, 0x83, + 0xba, 0xfa, 0x85, 0xa0, 0xa8, 0xb1, 0xd4, 0x01, 0xd8, 0x70, 0x64, + 0xf0, 0x51, 0xd2, 0xc3, 0xa7, 0x75, 0x8c, 0xa5, 0x64, 0xef, 0x10, + 0x4e, 0xb7, 0xc6, 0x61, 0x03, 0xeb, 0x44, 0x3d, 0xe5, 0xb3, 0x5b, + 0xae, 0xd5, 0xad, 0x1d, 0xfa, 0x5a, 0x1e, 0x33, 0xab, 0x93, 0xa2, + 0xb7, 0xe7, 0xa8, 0x45, 0xa4, 0xcd, 0x29, 0x63, 0x44, 0xb6, 0x69, + 0x7e, 0x2e, 0x62, 0x03, 0xc8, 0xe0, 0x17, 0xbb, 0xc7, 0xf3, 0x3f, + 0x36, 0xba, 0x71, 0x8e, 0x97, 0x65, 0x60, 0x69, 0xb6, 0xf6, 0xe6, + 0x6e, 0xe0, 0x81, 0x59, 0xe8, 0xaf, 0xdd, 0x95, 0x22, 0x99, 0xfd, + 0x63, 0x19, 0x74, 0x61, 0xb1, 0xb6, 0x5b, 0xae, 0x54, 0xb3, 0x70, + 0xff, 0xc6, 0x3b, 0x3e, 0xc1, 0xd7, 0xe1, 0x0e, 0x76, 0xe5, 0x36, + 0x4f, 0x59, 0xc7, 0x08, 0x6e, 0x82, 0xa6, 0x93, 0xc4, 0xaa, 0x26, + 0x49, 0xe0, 0x21, 0x64, 0x07, 0x9f, 0x64, 0x81, 0x9c, 0xbf, 0xf9, + 0xd1, 0x43, 0xf8, 0xb6, 0xb9, 0xf1, 0x24, 0x75, 0x03, 0xe4, 0xb0, + 0x99, 0x46, 0x3d, 0xf5, 0xd1, 0x39, 0x72, 0x12, 0xf6, 0xba, 0x0c, + 0x0d, 0x42, 0x2e +}; +static const unsigned char sbox1[256] = { + 0x77, 0x14, 0xa6, 0xfe, 0xb2, 0x5e, 0x8c, 0x3e, 0x67, 0x6c, 0xa1, + 0x0d, 0xc2, 0xa2, 0xc1, 0x85, 0x6c, 0x7b, 0x67, 0xc6, 0x23, 0xe3, + 0xf2, 0x89, 0x50, 0x9c, 0x03, 0xb7, 0x73, 0xe6, 0xe1, 0x39, 0x31, + 0x2c, 0x27, 0x9f, 0xa5, 0x69, 0x44, 0xd6, 0x23, 0x83, 0x98, 0x7d, + 0x3c, 0xb4, 0x2d, 0x99, 0x1c, 0x1f, 0x8c, 0x20, 0x03, 0x7c, 0x5f, + 0xad, 0xf4, 0xfa, 0x95, 0xca, 0x76, 0x44, 0xcd, 0xb6, 0xb8, 0xa1, + 0xa1, 0xbe, 0x9e, 0x54, 0x8f, 0x0b, 0x16, 0x74, 0x31, 0x8a, 0x23, + 0x17, 0x04, 0xfa, 0x79, 0x84, 0xb1, 0xf5, 0x13, 0xab, 0xb5, 0x2e, + 0xaa, 0x0c, 0x60, 0x6b, 0x5b, 0xc4, 0x4b, 0xbc, 0xe2, 0xaf, 0x45, + 0x73, 0xfa, 0xc9, 0x49, 0xcd, 0000, 0x92, 0x7d, 0x97, 0x7a, 0x18, + 0x60, 0x3d, 0xcf, 0x5b, 0xde, 0xc6, 0xe2, 0xe6, 0xbb, 0x8b, 0x06, + 0xda, 0x08, 0x15, 0x1b, 0x88, 0x6a, 0x17, 0x89, 0xd0, 0xa9, 0xc1, + 0xc9, 0x70, 0x6b, 0xe5, 0x43, 0xf4, 0x68, 0xc8, 0xd3, 0x84, 0x28, + 0x0a, 0x52, 0x66, 0xa3, 0xca, 0xf2, 0xe3, 0x7f, 0x7a, 0x31, 0xf7, + 0x88, 0x94, 0x5e, 0x9c, 0x63, 0xd5, 0x24, 0x66, 0xfc, 0xb3, 0x57, + 0x25, 0xbe, 0x89, 0x44, 0xc4, 0xe0, 0x8f, 0x23, 0x3c, 0x12, 0x52, + 0xf5, 0x1e, 0xf4, 0xcb, 0x18, 0x33, 0x1f, 0xf8, 0x69, 0x10, 0x9d, + 0xd3, 0xf7, 0x28, 0xf8, 0x30, 0x05, 0x5e, 0x32, 0xc0, 0xd5, 0x19, + 0xbd, 0x45, 0x8b, 0x5b, 0xfd, 0xbc, 0xe2, 0x5c, 0xa9, 0x96, 0xef, + 0x70, 0xcf, 0xc2, 0x2a, 0xb3, 0x61, 0xad, 0x80, 0x48, 0x81, 0xb7, + 0x1d, 0x43, 0xd9, 0xd7, 0x45, 0xf0, 0xd8, 0x8a, 0x59, 0x7c, 0x57, + 0xc1, 0x79, 0xc7, 0x34, 0xd6, 0x43, 0xdf, 0xe4, 0x78, 0x16, 0x06, + 0xda, 0x92, 0x76, 0x51, 0xe1, 0xd4, 0x70, 0x03, 0xe0, 0x2f, 0x96, + 0x91, 0x82, 0x80 +}; +static const unsigned char sbox2[256] = { + 0xf0, 0x37, 0x24, 0x53, 0x2a, 0x03, 0x83, 0x86, 0xd1, 0xec, 0x50, + 0xf0, 0x42, 0x78, 0x2f, 0x6d, 0xbf, 0x80, 0x87, 0x27, 0x95, 0xe2, + 0xc5, 0x5d, 0xf9, 0x6f, 0xdb, 0xb4, 0x65, 0x6e, 0xe7, 0x24, 0xc8, + 0x1a, 0xbb, 0x49, 0xb5, 0x0a, 0x7d, 0xb9, 0xe8, 0xdc, 0xb7, 0xd9, + 0x45, 0x20, 0x1b, 0xce, 0x59, 0x9d, 0x6b, 0xbd, 0x0e, 0x8f, 0xa3, + 0xa9, 0xbc, 0x74, 0xa6, 0xf6, 0x7f, 0x5f, 0xb1, 0x68, 0x84, 0xbc, + 0xa9, 0xfd, 0x55, 0x50, 0xe9, 0xb6, 0x13, 0x5e, 0x07, 0xb8, 0x95, + 0x02, 0xc0, 0xd0, 0x6a, 0x1a, 0x85, 0xbd, 0xb6, 0xfd, 0xfe, 0x17, + 0x3f, 0x09, 0xa3, 0x8d, 0xfb, 0xed, 0xda, 0x1d, 0x6d, 0x1c, 0x6c, + 0x01, 0x5a, 0xe5, 0x71, 0x3e, 0x8b, 0x6b, 0xbe, 0x29, 0xeb, 0x12, + 0x19, 0x34, 0xcd, 0xb3, 0xbd, 0x35, 0xea, 0x4b, 0xd5, 0xae, 0x2a, + 0x79, 0x5a, 0xa5, 0x32, 0x12, 0x7b, 0xdc, 0x2c, 0xd0, 0x22, 0x4b, + 0xb1, 0x85, 0x59, 0x80, 0xc0, 0x30, 0x9f, 0x73, 0xd3, 0x14, 0x48, + 0x40, 0x07, 0x2d, 0x8f, 0x80, 0x0f, 0xce, 0x0b, 0x5e, 0xb7, 0x5e, + 0xac, 0x24, 0x94, 0x4a, 0x18, 0x15, 0x05, 0xe8, 0x02, 0x77, 0xa9, + 0xc7, 0x40, 0x45, 0x89, 0xd1, 0xea, 0xde, 0x0c, 0x79, 0x2a, 0x99, + 0x6c, 0x3e, 0x95, 0xdd, 0x8c, 0x7d, 0xad, 0x6f, 0xdc, 0xff, 0xfd, + 0x62, 0x47, 0xb3, 0x21, 0x8a, 0xec, 0x8e, 0x19, 0x18, 0xb4, 0x6e, + 0x3d, 0xfd, 0x74, 0x54, 0x1e, 0x04, 0x85, 0xd8, 0xbc, 0x1f, 0x56, + 0xe7, 0x3a, 0x56, 0x67, 0xd6, 0xc8, 0xa5, 0xf3, 0x8e, 0xde, 0xae, + 0x37, 0x49, 0xb7, 0xfa, 0xc8, 0xf4, 0x1f, 0xe0, 0x2a, 0x9b, 0x15, + 0xd1, 0x34, 0x0e, 0xb5, 0xe0, 0x44, 0x78, 0x84, 0x59, 0x56, 0x68, + 0x77, 0xa5, 0x14, 0x06, 0xf5, 0x2f, 0x8c, 0x8a, 0x73, 0x80, 0x76, + 0xb4, 0x10, 0x86 +}; +static const unsigned char sbox3[256] = { + 0xa9, 0x2a, 0x48, 0x51, 0x84, 0x7e, 0x49, 0xe2, 0xb5, 0xb7, 0x42, + 0x33, 0x7d, 0x5d, 0xa6, 0x12, 0x44, 0x48, 0x6d, 0x28, 0xaa, 0x20, + 0x6d, 0x57, 0xd6, 0x6b, 0x5d, 0x72, 0xf0, 0x92, 0x5a, 0x1b, 0x53, + 0x80, 0x24, 0x70, 0x9a, 0xcc, 0xa7, 0x66, 0xa1, 0x01, 0xa5, 0x41, + 0x97, 0x41, 0x31, 0x82, 0xf1, 0x14, 0xcf, 0x53, 0x0d, 0xa0, 0x10, + 0xcc, 0x2a, 0x7d, 0xd2, 0xbf, 0x4b, 0x1a, 0xdb, 0x16, 0x47, 0xf6, + 0x51, 0x36, 0xed, 0xf3, 0xb9, 0x1a, 0xa7, 0xdf, 0x29, 0x43, 0x01, + 0x54, 0x70, 0xa4, 0xbf, 0xd4, 0x0b, 0x53, 0x44, 0x60, 0x9e, 0x23, + 0xa1, 0x18, 0x68, 0x4f, 0xf0, 0x2f, 0x82, 0xc2, 0x2a, 0x41, 0xb2, + 0x42, 0x0c, 0xed, 0x0c, 0x1d, 0x13, 0x3a, 0x3c, 0x6e, 0x35, 0xdc, + 0x60, 0x65, 0x85, 0xe9, 0x64, 0x02, 0x9a, 0x3f, 0x9f, 0x87, 0x96, + 0xdf, 0xbe, 0xf2, 0xcb, 0xe5, 0x6c, 0xd4, 0x5a, 0x83, 0xbf, 0x92, + 0x1b, 0x94, 0000, 0x42, 0xcf, 0x4b, 0000, 0x75, 0xba, 0x8f, 0x76, + 0x5f, 0x5d, 0x3a, 0x4d, 0x09, 0x12, 0x08, 0x38, 0x95, 0x17, 0xe4, + 0x01, 0x1d, 0x4c, 0xa9, 0xcc, 0x85, 0x82, 0x4c, 0x9d, 0x2f, 0x3b, + 0x66, 0xa1, 0x34, 0x10, 0xcd, 0x59, 0x89, 0xa5, 0x31, 0xcf, 0x05, + 0xc8, 0x84, 0xfa, 0xc7, 0xba, 0x4e, 0x8b, 0x1a, 0x19, 0xf1, 0xa1, + 0x3b, 0x18, 0x12, 0x17, 0xb0, 0x98, 0x8d, 0x0b, 0x23, 0xc3, 0x3a, + 0x2d, 0x20, 0xdf, 0x13, 0xa0, 0xa8, 0x4c, 0x0d, 0x6c, 0x2f, 0x47, + 0x13, 0x13, 0x52, 0x1f, 0x2d, 0xf5, 0x79, 0x3d, 0xa2, 0x54, 0xbd, + 0x69, 0xc8, 0x6b, 0xf3, 0x05, 0x28, 0xf1, 0x16, 0x46, 0x40, 0xb0, + 0x11, 0xd3, 0xb7, 0x95, 0x49, 0xcf, 0xc3, 0x1d, 0x8f, 0xd8, 0xe1, + 0x73, 0xdb, 0xad, 0xc8, 0xc9, 0xa9, 0xa1, 0xc2, 0xc5, 0xe3, 0xba, + 0xfc, 0x0e, 0x25 +}; diff --git a/src/rxkad/tcrypt.c b/src/rxkad/tcrypt.c new file mode 100644 index 000000000..712e599e2 --- /dev/null +++ b/src/rxkad/tcrypt.c @@ -0,0 +1,180 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +#include +#include + + +#include +#include +#include +#include "fcrypt.h" + + +#ifdef TCRYPT +extern int ROUNDS; +#else +#define ROUNDS 16 +#endif + +struct ktc_encryptionKey { + char data[8]; +}; + +void +print_msg(text, msg, length) + char *text; + afs_int32 msg[]; + int length; +{ + int i; + unsigned char *msgtext = (unsigned char *)msg; + int cksum; + + if (length % 8 != 0) { + printf("Length of message (%d) incorrect\n", length); + return; + } + printf("%s\n", text); + for (i = 0; i < length; i += 8) { + unsigned char *m = msgtext + i; + printf("%02x%02x%02x%02x %02x%02x%02x%02x", m[0], m[1], m[2], m[3], + m[4], m[5], m[6], m[7]); + printf(" "); + } + cksum = 0; + for (i = 0; i < length; i++) + cksum += *(i + msgtext); + printf(" (%4x)\n", cksum & 0xffff); +} + +static int total_diff, minimum_diff, number_diff; + +compare(orig, chgd) + afs_uint32 orig[2]; + afs_uint32 chgd[2]; +{ + afs_uint32 temp; + int diff = 0; + + for (temp = orig[0] ^ chgd[0]; temp; temp >>= 1) + diff += temp & 1; + for (temp = orig[1] ^ chgd[1]; temp; temp >>= 1) + diff += temp & 1; + printf("%.8x %.8x (%d)\n", chgd[0], chgd[1], diff); + number_diff++; + total_diff += diff; + minimum_diff = (diff < minimum_diff) ? diff : minimum_diff; +} + +#include "AFS_component_version_number.c" + +int +main(argc, argv) + int argc; + char *argv[]; +{ + struct ktc_encryptionKey key; + fc_KeySchedule schedule; + afs_int32 e[2]; + afs_int32 d[2]; + afs_int32 c[2]; + int i; + int iterations; + int for_time = (argc > 1) && (strcmp(argv[1], "time") == 0); + int for_time_key = (argc > 1) && (strcmp(argv[1], "time_key") == 0); + int for_cbc = (argc > 1) && (strcmp(argv[1], "cbc") == 0); + + if (for_time || for_time_key) { + if (argc == 3) + iterations = atoi(argv[2]); + else + iterations = 10000; + } + + if (for_time) + for (i = 0; i < iterations; i++) + fc_ecb_encrypt(e, d, schedule, 1); + else if (for_time_key) + for (i = 0; i < iterations; i++) + fc_keysched(&key, schedule); + else if (for_cbc) { + afs_int32 msg[10]; + afs_int32 out[10]; + afs_int32 dec[10]; + afs_uint32 xor[2]; + + for (i = 0; i < 10; i++) + msg[i] = htonl(i); + memcpy(&key, "abcdefgh", sizeof(struct ktc_encryptionKey)); + fc_keysched(&key, schedule); + print_msg("Starting msg is:", msg, sizeof(msg)); + memcpy(xor, &key, 2 * sizeof(afs_int32)); + fc_cbc_encrypt(msg, out, sizeof(msg), schedule, &key, ENCRYPT); + memcpy(xor, &key, 2 * sizeof(afs_int32)); + fc_cbc_encrypt(out, dec, sizeof(msg), schedule, &key, DECRYPT); + if (memcmp(msg, dec, sizeof(msg)) != 0) + printf("Encryption FAILED!\n"); + print_msg("Encrypted is:", out, sizeof(out)); + print_msg("Decrypted is:", dec, sizeof(dec)); + } else { + int rounds; +#ifndef TCRYPT + printf + ("Number of rounds is fixed at %d; try recompiling w/ -DTCRYPT=1\n", + ROUNDS); +#endif + e[0] = 0x11111111; + e[1] = 0xaaaaaaaa; + memcpy(&key, "abcdefgh", sizeof(struct ktc_encryptionKey)); + for (rounds = 2; rounds <= MAXROUNDS; rounds += 2) { +#ifdef TCRYPT + ROUNDS = rounds; +#endif + printf("\n ROUNDS = %d\n", ROUNDS); + total_diff = 0; + minimum_diff = 64; + number_diff = 0; + + fc_keysched(&key, schedule); + fc_ecb_encrypt(e, d, schedule, 1); + + printf("Checking data bits\n"); + for (i = 1; i; i <<= 1) { + e[0] ^= i; + fc_ecb_encrypt(e, c, schedule, 1); + compare(d, c); + e[0] ^= i; + e[1] ^= i; + fc_ecb_encrypt(e, c, schedule, 1); + compare(d, c); + e[1] ^= i; + } + printf("Checking key bits\n"); + for (i = 0; i < 56; i++) { + unsigned char *keyByte; + keyByte = ((unsigned char *)(&key)) + i / 7; + *keyByte ^= (2 << (i % 7)); + fc_keysched(&key, schedule); + fc_ecb_encrypt(e, c, schedule, 1); + compare(d, c); + *keyByte ^= (2 << (i % 7)); + } + print_msg("clear: ", e, sizeof(e)); + + print_msg("Encrypted: ", d, sizeof(d)); + + fc_keysched(&key, schedule); + fc_ecb_encrypt(d, e, schedule, 0); + print_msg("De-encrypted: ", e, sizeof(e)); + printf("Rounds=%d, average diff = %d bits, minimum diff = %d\n", + ROUNDS, total_diff / number_diff, minimum_diff); + } + } +} diff --git a/src/shlibafsrpc/Makefile.in b/src/shlibafsrpc/Makefile.in index dddb5e723..1a1e8d5b1 100644 --- a/src/shlibafsrpc/Makefile.in +++ b/src/shlibafsrpc/Makefile.in @@ -232,10 +232,10 @@ md4.o: ${RXKAD}/md4.c md5.o: ${RXKAD}/md5.c ${CCRULE} -fcrypt.o: ${RXKAD}/domestic/fcrypt.c +fcrypt.o: ${RXKAD}/fcrypt.c ${CCRULE} -I../rxkad -I${RXKAD} -crypt_conn.o: ${RXKAD}/domestic/crypt_conn.c +crypt_conn.o: ${RXKAD}/crypt_conn.c ${CCRULE} -I../rxkad -I${RXKAD} AFS_component_version_number.o: ${RX}/AFS_component_version_number.c