security/nss/lib/freebl/mknewpc2.c@b8a032363ba2 (annotated)
security/nss/lib/freebl/mknewpc2.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* |
| michael@0 | 2 | * mknewpc2.c |
| michael@0 | 3 | * |
| michael@0 | 4 | * Generate PC-2 tables for DES-150 library |
| michael@0 | 5 | * |
| michael@0 | 6 | * This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 7 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 8 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 9 | |
| michael@0 | 10 | typedef unsigned char BYTE; |
| michael@0 | 11 | typedef unsigned int HALF; |
| michael@0 | 12 | |
| michael@0 | 13 | #define DES_ENCRYPT 0 |
| michael@0 | 14 | #define DES_DECRYPT 1 |
| michael@0 | 15 | |
| michael@0 | 16 | /* two 28-bit registers defined in key schedule production process */ |
| michael@0 | 17 | static HALF C0, D0; |
| michael@0 | 18 | |
| michael@0 | 19 | static HALF L0, R0; |
| michael@0 | 20 | |
| michael@0 | 21 | /* key schedule, 16 internal keys, each with 8 6-bit parts */ |
| michael@0 | 22 | static BYTE KS [8] [16]; |
| michael@0 | 23 | |
| michael@0 | 24 | |
| michael@0 | 25 | /* |
| michael@0 | 26 | * This table takes the 56 bits in C0 and D0 and shows show they are |
| michael@0 | 27 | * permuted into the 8 6-bit parts of the key in the key schedule. |
| michael@0 | 28 | * The bits of C0 are numbered left to right, 1-28. |
| michael@0 | 29 | * The bits of D0 are numbered left to right, 29-56. |
| michael@0 | 30 | * Zeros in this table represent bits that are always zero. |
| michael@0 | 31 | * Note that all the bits in the first 4 rows come from C0, |
| michael@0 | 32 | * and all the bits in the second 4 rows come from D0. |
| michael@0 | 33 | */ |
| michael@0 | 34 | static const BYTE PC2[64] = { |
| michael@0 | 35 | 14, 17, 11, 24, 1, 5, 0, 0, /* S1 */ |
| michael@0 | 36 | 3, 28, 15, 6, 21, 10, 0, 0, /* S2 */ |
| michael@0 | 37 | 23, 19, 12, 4, 26, 8, 0, 0, /* S3 */ |
| michael@0 | 38 | 16, 7, 27, 20, 13, 2, 0, 0, /* S4 */ |
| michael@0 | 39 | |
| michael@0 | 40 | 41, 52, 31, 37, 47, 55, 0, 0, /* S5 */ |
| michael@0 | 41 | 30, 40, 51, 45, 33, 48, 0, 0, /* S6 */ |
| michael@0 | 42 | 44, 49, 39, 56, 34, 53, 0, 0, /* S7 */ |
| michael@0 | 43 | 46, 42, 50, 36, 29, 32, 0, 0 /* S8 */ |
| michael@0 | 44 | }; |
| michael@0 | 45 | |
| michael@0 | 46 | /* This table represents the same info as PC2, except that |
| michael@0 | 47 | * The bits of C0 and D0 are each numbered right to left, 0-27. |
| michael@0 | 48 | * -1 values indicate bits that are always zero. |
| michael@0 | 49 | * As before all the bits in the first 4 rows come from C0, |
| michael@0 | 50 | * and all the bits in the second 4 rows come from D0. |
| michael@0 | 51 | */ |
| michael@0 | 52 | static signed char PC2a[64] = { |
| michael@0 | 53 | /* bits of C0 */ |
| michael@0 | 54 | 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */ |
| michael@0 | 55 | 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */ |
| michael@0 | 56 | 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */ |
| michael@0 | 57 | 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */ |
| michael@0 | 58 | /* bits of D0 */ |
| michael@0 | 59 | 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */ |
| michael@0 | 60 | 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */ |
| michael@0 | 61 | 12, 7, 17, 0, 22, 3, -1, -1, /* S7 */ |
| michael@0 | 62 | 10, 14, 6, 20, 27, 24, -1, -1 /* S8 */ |
| michael@0 | 63 | }; |
| michael@0 | 64 | |
| michael@0 | 65 | /* This table represents the same info as PC2a, except that |
| michael@0 | 66 | * The order of of the rows has been changed to increase the efficiency |
| michael@0 | 67 | * with which the key sechedule is created. |
| michael@0 | 68 | * Fewer shifts and ANDs are required to make the KS from these. |
| michael@0 | 69 | */ |
| michael@0 | 70 | static const signed char PC2b[64] = { |
| michael@0 | 71 | /* bits of C0 */ |
| michael@0 | 72 | 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */ |
| michael@0 | 73 | 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */ |
| michael@0 | 74 | 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */ |
| michael@0 | 75 | 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */ |
| michael@0 | 76 | /* bits of D0 */ |
| michael@0 | 77 | 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */ |
| michael@0 | 78 | 10, 14, 6, 20, 27, 24, -1, -1, /* S8 */ |
| michael@0 | 79 | 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */ |
| michael@0 | 80 | 12, 7, 17, 0, 22, 3, -1, -1 /* S7 */ |
| michael@0 | 81 | }; |
| michael@0 | 82 | |
| michael@0 | 83 | /* Only 24 of the 28 bits in C0 and D0 are used in PC2. |
| michael@0 | 84 | * The used bits of C0 and D0 are grouped into 4 groups of 6, |
| michael@0 | 85 | * so that the PC2 permutation can be accomplished with 4 lookups |
| michael@0 | 86 | * in tables of 64 entries. |
| michael@0 | 87 | * The following table shows how the bits of C0 and D0 are grouped |
| michael@0 | 88 | * into indexes for the respective table lookups. |
| michael@0 | 89 | * Bits are numbered right-to-left, 0-27, as in PC2b. |
| michael@0 | 90 | */ |
| michael@0 | 91 | static BYTE NDX[48] = { |
| michael@0 | 92 | /* Bits of C0 */ |
| michael@0 | 93 | 27, 26, 25, 24, 23, 22, /* C0 table 0 */ |
| michael@0 | 94 | 18, 17, 16, 15, 14, 13, /* C0 table 1 */ |
| michael@0 | 95 | 9, 8, 7, 2, 1, 0, /* C0 table 2 */ |
| michael@0 | 96 | 5, 4, 21, 20, 12, 11, /* C0 table 3 */ |
| michael@0 | 97 | /* bits of D0 */ |
| michael@0 | 98 | 27, 26, 25, 24, 23, 22, /* D0 table 0 */ |
| michael@0 | 99 | 20, 19, 17, 16, 15, 14, /* D0 table 1 */ |
| michael@0 | 100 | 12, 11, 10, 9, 8, 7, /* D0 table 2 */ |
| michael@0 | 101 | 6, 5, 4, 3, 1, 0 /* D0 table 3 */ |
| michael@0 | 102 | }; |
| michael@0 | 103 | |
| michael@0 | 104 | /* Here's the code that does that grouping. |
| michael@0 | 105 | left = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) ); |
| michael@0 | 106 | left |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) ); |
| michael@0 | 107 | left |= PC2LOOKUP(0, 2, ((c0 >> 4) & 0x38) | (c0 & 0x7) ); |
| michael@0 | 108 | left |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30)); |
| michael@0 | 109 | |
| michael@0 | 110 | right = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) ); |
| michael@0 | 111 | right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) ); |
| michael@0 | 112 | right |= PC2LOOKUP(1, 2, ((d0 >> 7) & 0x3F) ); |
| michael@0 | 113 | right |= PC2LOOKUP(1, 3, ((d0 >> 1) & 0x3C) | (d0 & 0x3)); |
| michael@0 | 114 | */ |
| michael@0 | 115 | |
| michael@0 | 116 | void |
| michael@0 | 117 | make_pc2a( void ) |
| michael@0 | 118 | { |
| michael@0 | 119 | |
| michael@0 | 120 | int i, j; |
| michael@0 | 121 | |
| michael@0 | 122 | for ( i = 0; i < 64; ++i ) { |
| michael@0 | 123 | j = PC2[i]; |
| michael@0 | 124 | if (j == 0) |
| michael@0 | 125 | j = -1; |
| michael@0 | 126 | else if ( j < 29 ) |
| michael@0 | 127 | j = 28 - j ; |
| michael@0 | 128 | else |
| michael@0 | 129 | j = 56 - j; |
| michael@0 | 130 | PC2a[i] = j; |
| michael@0 | 131 | } |
| michael@0 | 132 | for ( i = 0; i < 64; i += 8 ) { |
| michael@0 | 133 | printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n", |
| michael@0 | 134 | PC2a[i+0],PC2a[i+1],PC2a[i+2],PC2a[i+3], |
| michael@0 | 135 | PC2a[i+4],PC2a[i+5],PC2a[i+6],PC2a[i+7] ); |
| michael@0 | 136 | } |
| michael@0 | 137 | } |
| michael@0 | 138 | |
| michael@0 | 139 | HALF PC2cd0[64]; |
| michael@0 | 140 | |
| michael@0 | 141 | HALF PC_2H[8][64]; |
| michael@0 | 142 | |
| michael@0 | 143 | void |
| michael@0 | 144 | mktable( ) |
| michael@0 | 145 | { |
| michael@0 | 146 | int i; |
| michael@0 | 147 | int table; |
| michael@0 | 148 | const BYTE * ndx = NDX; |
| michael@0 | 149 | HALF mask; |
| michael@0 | 150 | |
| michael@0 | 151 | mask = 0x80000000; |
| michael@0 | 152 | for (i = 0; i < 32; ++i, mask >>= 1) { |
| michael@0 | 153 | int bit = PC2b[i]; |
| michael@0 | 154 | if (bit < 0) |
| michael@0 | 155 | continue; |
| michael@0 | 156 | PC2cd0[bit + 32] = mask; |
| michael@0 | 157 | } |
| michael@0 | 158 | |
| michael@0 | 159 | mask = 0x80000000; |
| michael@0 | 160 | for (i = 32; i < 64; ++i, mask >>= 1) { |
| michael@0 | 161 | int bit = PC2b[i]; |
| michael@0 | 162 | if (bit < 0) |
| michael@0 | 163 | continue; |
| michael@0 | 164 | PC2cd0[bit] = mask; |
| michael@0 | 165 | } |
| michael@0 | 166 | |
| michael@0 | 167 | #if DEBUG |
| michael@0 | 168 | for (i = 0; i < 64; ++i) { |
| michael@0 | 169 | printf("0x%08x,\n", PC2cd0[i]); |
| michael@0 | 170 | } |
| michael@0 | 171 | #endif |
| michael@0 | 172 | for (i = 0; i < 24; ++i) { |
| michael@0 | 173 | NDX[i] += 32; /* because c0 is the upper half */ |
| michael@0 | 174 | } |
| michael@0 | 175 | |
| michael@0 | 176 | for (table = 0; table < 8; ++table) { |
| michael@0 | 177 | HALF bitvals[6]; |
| michael@0 | 178 | for (i = 0; i < 6; ++i) { |
| michael@0 | 179 | bitvals[5-i] = PC2cd0[*ndx++]; |
| michael@0 | 180 | } |
| michael@0 | 181 | for (i = 0; i < 64; ++i) { |
| michael@0 | 182 | int j; |
| michael@0 | 183 | int k = 0; |
| michael@0 | 184 | HALF value = 0; |
| michael@0 | 185 | |
| michael@0 | 186 | for (j = i; j; j >>= 1, ++k) { |
| michael@0 | 187 | if (j & 1) { |
| michael@0 | 188 | value |= bitvals[k]; |
| michael@0 | 189 | } |
| michael@0 | 190 | } |
| michael@0 | 191 | PC_2H[table][i] = value; |
| michael@0 | 192 | } |
| michael@0 | 193 | printf("/* table %d */ {\n", table ); |
| michael@0 | 194 | for (i = 0; i < 64; i += 4) { |
| michael@0 | 195 | printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x, \n", |
| michael@0 | 196 | PC_2H[table][i], PC_2H[table][i+1], |
| michael@0 | 197 | PC_2H[table][i+2], PC_2H[table][i+3]); |
| michael@0 | 198 | } |
| michael@0 | 199 | printf(" },\n"); |
| michael@0 | 200 | } |
| michael@0 | 201 | } |
| michael@0 | 202 | |
| michael@0 | 203 | |
| michael@0 | 204 | int |
| michael@0 | 205 | main(void) |
| michael@0 | 206 | { |
| michael@0 | 207 | /* make_pc2a(); */ |
| michael@0 | 208 | mktable(); |
| michael@0 | 209 | return 0; |
| michael@0 | 210 | } |
