Back to index

lightning-sunbird  0.9+nobinonly
alg2268.c
Go to the documentation of this file.
00001 /*
00002  * alg2268.c - implementation of the algorithm in RFC 2268
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is the Netscape security libraries.
00018  *
00019  * The Initial Developer of the Original Code is
00020  * Netscape Communications Corporation.
00021  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *
00026  * Alternatively, the contents of this file may be used under the terms of
00027  * either the GNU General Public License Version 2 or later (the "GPL"), or
00028  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00029  * in which case the provisions of the GPL or the LGPL are applicable instead
00030  * of those above. If you wish to allow use of your version of this file only
00031  * under the terms of either the GPL or the LGPL, and not to allow others to
00032  * use your version of this file under the terms of the MPL, indicate your
00033  * decision by deleting the provisions above and replace them with the notice
00034  * and other provisions required by the GPL or the LGPL. If you do not delete
00035  * the provisions above, a recipient may use your version of this file under
00036  * the terms of any one of the MPL, the GPL or the LGPL.
00037  *
00038  * ***** END LICENSE BLOCK ***** */
00039 
00040 /* $Id: alg2268.c,v 1.7 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
00041 
00042 #include "blapi.h"
00043 #include "secerr.h"
00044 #ifdef XP_UNIX_XXX
00045 #include <stddef.h>  /* for ptrdiff_t */
00046 #endif
00047 
00048 /*
00049 ** RC2 symmetric block cypher
00050 */
00051 
00052 typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output,
00053                          const unsigned char *input, unsigned int inputLen);
00054 
00055 /* forward declarations */
00056 static rc2Func rc2_EncryptECB;
00057 static rc2Func rc2_DecryptECB;
00058 static rc2Func rc2_EncryptCBC;
00059 static rc2Func rc2_DecryptCBC;
00060 
00061 typedef union {
00062     PRUint32  l[2];
00063     PRUint16  s[4];
00064     PRUint8   b[8];
00065 } RC2Block;
00066 
00067 struct RC2ContextStr {
00068     union {
00069        PRUint8  Kb[128];
00070        PRUint16 Kw[64];
00071     } u;
00072     RC2Block     iv;
00073     rc2Func      *enc;
00074     rc2Func      *dec;
00075 };
00076 
00077 #define B u.Kb
00078 #define K u.Kw
00079 #define BYTESWAP(x) ((x) << 8 | (x) >> 8)
00080 #define SWAPK(i)  cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
00081 #define RC2_BLOCK_SIZE 8
00082 
00083 #define LOAD_HARD(R) \
00084     R[0] = (PRUint16)input[1] << 8 | input[0]; \
00085     R[1] = (PRUint16)input[3] << 8 | input[2]; \
00086     R[2] = (PRUint16)input[5] << 8 | input[4]; \
00087     R[3] = (PRUint16)input[7] << 8 | input[6];
00088 #define LOAD_EASY(R) \
00089     R[0] = ((PRUint16 *)input)[0]; \
00090     R[1] = ((PRUint16 *)input)[1]; \
00091     R[2] = ((PRUint16 *)input)[2]; \
00092     R[3] = ((PRUint16 *)input)[3];
00093 #define STORE_HARD(R) \
00094     output[0] =  (PRUint8)(R[0]);   output[1] = (PRUint8)(R[0] >> 8); \
00095     output[2] =  (PRUint8)(R[1]);   output[3] = (PRUint8)(R[1] >> 8); \
00096     output[4] =  (PRUint8)(R[2]);   output[5] = (PRUint8)(R[2] >> 8); \
00097     output[6] =  (PRUint8)(R[3]);   output[7] = (PRUint8)(R[3] >> 8);
00098 #define STORE_EASY(R) \
00099     ((PRUint16 *)output)[0] =  R[0]; \
00100     ((PRUint16 *)output)[1] =  R[1]; \
00101     ((PRUint16 *)output)[2] =  R[2]; \
00102     ((PRUint16 *)output)[3] =  R[3];   
00103 
00104 #if defined (_X86_)
00105 #define LOAD(R)  LOAD_EASY(R)
00106 #define STORE(R) STORE_EASY(R)
00107 #elif !defined(IS_LITTLE_ENDIAN)
00108 #define LOAD(R)  LOAD_HARD(R)
00109 #define STORE(R) STORE_HARD(R)
00110 #else
00111 #define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) }
00112 #define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) }
00113 #endif
00114 
00115 static const PRUint8 S[256] = {
00116 0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235,
00117 0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242,
00118 0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062,
00119 0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202,
00120 0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334,
00121 0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046,
00122 0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003,
00123 0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327,
00124 0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052,
00125 0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354,
00126 0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071,
00127 0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061,
00128 0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311,
00129 0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251,
00130 0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056,
00131 0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255
00132 };
00133 
00134 RC2Context * RC2_AllocateContext(void)
00135 {
00136     return PORT_ZNew(RC2Context);
00137 }
00138 SECStatus   
00139 RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
00140                const unsigned char *input, int mode, unsigned int efLen8, 
00141               unsigned int unused)
00142 {
00143     PRUint8    *L,*L2;
00144     int         i;
00145 #if !defined(IS_LITTLE_ENDIAN)
00146     PRUint16    tmpS;
00147 #endif
00148     PRUint8     tmpB;
00149 
00150     if (!key || !cx || !len || len > (sizeof cx->B) || 
00151        efLen8 > (sizeof cx->B)) {
00152        PORT_SetError(SEC_ERROR_INVALID_ARGS);
00153        return SECFailure;
00154     }
00155     if (mode == NSS_RC2) {
00156        /* groovy */
00157     } else if (mode == NSS_RC2_CBC) {
00158        if (!input) {
00159            PORT_SetError(SEC_ERROR_INVALID_ARGS);
00160            return SECFailure;
00161        }
00162     } else {
00163        PORT_SetError(SEC_ERROR_INVALID_ARGS);
00164        return SECFailure;
00165     }
00166 
00167     if (mode == NSS_RC2_CBC) {
00168        cx->enc = & rc2_EncryptCBC;
00169        cx->dec = & rc2_DecryptCBC;
00170        LOAD(cx->iv.s);
00171     } else {
00172        cx->enc = & rc2_EncryptECB;
00173        cx->dec = & rc2_DecryptECB;
00174     }
00175 
00176     /* Step 0. Copy key into table. */
00177     memcpy(cx->B, key, len);
00178 
00179     /* Step 1. Compute all values to the right of the key. */
00180     L2 = cx->B;
00181     L = L2 + len;
00182     tmpB = L[-1];
00183     for (i = (sizeof cx->B) - len; i > 0; --i) {
00184        *L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ];
00185     }
00186 
00187     /* step 2. Adjust left most byte of effective key. */
00188     i = (sizeof cx->B) - efLen8;
00189     L = cx->B + i;
00190     *L = tmpB = S[*L];                           /* mask is always 0xff */
00191 
00192     /* step 3. Recompute all values to the left of effective key. */
00193     L2 = --L + efLen8;
00194     while(L >= cx->B) {
00195        *L-- = tmpB = S[ tmpB ^ *L2-- ];
00196     }
00197 
00198 #if !defined(IS_LITTLE_ENDIAN)
00199     for (i = 63; i >= 0; --i) {
00200         SWAPK(i);           /* candidate for unrolling */
00201     }
00202 #endif
00203     return SECSuccess;
00204 }
00205 
00206 /*
00207 ** Create a new RC2 context suitable for RC2 encryption/decryption.
00208 **     "key" raw key data
00209 **     "len" the number of bytes of key data
00210 **     "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
00211 **     "mode" one of NSS_RC2 or NSS_RC2_CBC
00212 **     "effectiveKeyLen" in bytes, not bits.
00213 **
00214 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
00215 ** chaining" mode.
00216 */
00217 RC2Context *
00218 RC2_CreateContext(const unsigned char *key, unsigned int len,
00219                 const unsigned char *iv, int mode, unsigned efLen8)
00220 {
00221     RC2Context *cx = PORT_ZNew(RC2Context);
00222     if (cx) {
00223        SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
00224        if (rv != SECSuccess) {
00225            RC2_DestroyContext(cx, PR_TRUE);
00226            cx = NULL;
00227        }
00228     }
00229     return cx;
00230 }
00231 
00232 /*
00233 ** Destroy an RC2 encryption/decryption context.
00234 **     "cx" the context
00235 **     "freeit" if PR_TRUE then free the object as well as its sub-objects
00236 */
00237 void 
00238 RC2_DestroyContext(RC2Context *cx, PRBool freeit)
00239 {
00240     if (cx) {
00241        memset(cx, 0, sizeof *cx);
00242        if (freeit) {
00243            PORT_Free(cx);
00244        }
00245     }
00246 }
00247 
00248 #define ROL(x,k) (x << k | x >> (16-k))
00249 #define MIX(j) \
00250     R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1);  R0 = ROL(R0,1);\
00251     R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2);  R1 = ROL(R1,2);\
00252     R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3);  R2 = ROL(R2,3);\
00253     R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0);  R3 = ROL(R3,5)
00254 #define MASH \
00255     R0 = R0 + cx->K[R3 & 63];\
00256     R1 = R1 + cx->K[R0 & 63];\
00257     R2 = R2 + cx->K[R1 & 63];\
00258     R3 = R3 + cx->K[R2 & 63]
00259 
00260 /* Encrypt one block */
00261 static void 
00262 rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
00263 {
00264     register PRUint16 R0, R1, R2, R3;
00265 
00266     /* step 1. Initialize input. */
00267     R0 = input->s[0];
00268     R1 = input->s[1];
00269     R2 = input->s[2];
00270     R3 = input->s[3];
00271 
00272     /* step 2.  Expand Key (already done, in context) */
00273     /* step 3.  j = 0 */
00274     /* step 4.  Perform 5 mixing rounds. */
00275 
00276     MIX(0);
00277     MIX(1);
00278     MIX(2);
00279     MIX(3);
00280     MIX(4);
00281 
00282     /* step 5. Perform 1 mashing round. */
00283     MASH;
00284 
00285     /* step 6. Perform 6 mixing rounds. */
00286 
00287     MIX(5);
00288     MIX(6);
00289     MIX(7);
00290     MIX(8);
00291     MIX(9);
00292     MIX(10);
00293 
00294     /* step 7. Perform 1 mashing round. */
00295     MASH;
00296 
00297     /* step 8. Perform 5 mixing rounds. */
00298 
00299     MIX(11);
00300     MIX(12);
00301     MIX(13);
00302     MIX(14);
00303     MIX(15);
00304 
00305     /* output results */
00306     output->s[0] = R0;
00307     output->s[1] = R1;
00308     output->s[2] = R2;
00309     output->s[3] = R3;
00310 }
00311 
00312 #define ROR(x,k) (x >> k | x << (16-k))
00313 #define R_MIX(j) \
00314     R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0);  \
00315     R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3);  \
00316     R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2);  \
00317     R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1)
00318 #define R_MASH \
00319     R3 = R3 - cx->K[R2 & 63];\
00320     R2 = R2 - cx->K[R1 & 63];\
00321     R1 = R1 - cx->K[R0 & 63];\
00322     R0 = R0 - cx->K[R3 & 63]
00323 
00324 /* Encrypt one block */
00325 static void 
00326 rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
00327 {
00328     register PRUint16 R0, R1, R2, R3;
00329 
00330     /* step 1. Initialize input. */
00331     R0 = input->s[0];
00332     R1 = input->s[1];
00333     R2 = input->s[2];
00334     R3 = input->s[3];
00335 
00336     /* step 2.  Expand Key (already done, in context) */
00337     /* step 3.  j = 63 */
00338     /* step 4.  Perform 5 r_mixing rounds. */
00339     R_MIX(15);
00340     R_MIX(14);
00341     R_MIX(13);
00342     R_MIX(12);
00343     R_MIX(11);
00344 
00345     /* step 5.  Perform 1 r_mashing round. */
00346     R_MASH;
00347 
00348     /* step 6.  Perform 6 r_mixing rounds. */
00349     R_MIX(10);
00350     R_MIX(9);
00351     R_MIX(8);
00352     R_MIX(7);
00353     R_MIX(6);
00354     R_MIX(5);
00355 
00356     /* step 7.  Perform 1 r_mashing round. */
00357     R_MASH;
00358 
00359     /* step 8.  Perform 5 r_mixing rounds. */
00360     R_MIX(4);
00361     R_MIX(3);
00362     R_MIX(2);
00363     R_MIX(1);
00364     R_MIX(0);
00365 
00366     /* output results */
00367     output->s[0] = R0;
00368     output->s[1] = R1;
00369     output->s[2] = R2;
00370     output->s[3] = R3;
00371 }
00372 
00373 static SECStatus
00374 rc2_EncryptECB(RC2Context *cx, unsigned char *output,
00375               const unsigned char *input, unsigned int inputLen)
00376 {
00377     RC2Block  iBlock;
00378 
00379     while (inputLen > 0) {
00380        LOAD(iBlock.s)
00381        rc2_Encrypt1Block(cx, &iBlock, &iBlock);
00382        STORE(iBlock.s)
00383        output   += RC2_BLOCK_SIZE;
00384        input    += RC2_BLOCK_SIZE;
00385        inputLen -= RC2_BLOCK_SIZE;
00386     }
00387     return SECSuccess;
00388 }
00389 
00390 static SECStatus
00391 rc2_DecryptECB(RC2Context *cx, unsigned char *output,
00392               const unsigned char *input, unsigned int inputLen)
00393 {
00394     RC2Block  iBlock;
00395 
00396     while (inputLen > 0) {
00397        LOAD(iBlock.s)
00398        rc2_Decrypt1Block(cx, &iBlock, &iBlock);
00399        STORE(iBlock.s)
00400        output   += RC2_BLOCK_SIZE;
00401        input    += RC2_BLOCK_SIZE;
00402        inputLen -= RC2_BLOCK_SIZE;
00403     }
00404     return SECSuccess;
00405 }
00406 
00407 static SECStatus
00408 rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
00409               const unsigned char *input, unsigned int inputLen)
00410 {
00411     RC2Block  iBlock;
00412 
00413     while (inputLen > 0) {
00414 
00415        LOAD(iBlock.s)
00416        iBlock.l[0] ^= cx->iv.l[0];
00417        iBlock.l[1] ^= cx->iv.l[1];
00418        rc2_Encrypt1Block(cx, &iBlock, &iBlock);
00419        cx->iv = iBlock;
00420        STORE(iBlock.s)
00421        output   += RC2_BLOCK_SIZE;
00422        input    += RC2_BLOCK_SIZE;
00423        inputLen -= RC2_BLOCK_SIZE;
00424     }
00425     return SECSuccess;
00426 }
00427 
00428 static SECStatus
00429 rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
00430               const unsigned char *input, unsigned int inputLen)
00431 {
00432     RC2Block  iBlock;
00433     RC2Block  oBlock;
00434 
00435     while (inputLen > 0) {
00436        LOAD(iBlock.s)
00437        rc2_Decrypt1Block(cx, &oBlock, &iBlock);
00438        oBlock.l[0] ^= cx->iv.l[0];
00439        oBlock.l[1] ^= cx->iv.l[1];
00440        cx->iv = iBlock;
00441        STORE(oBlock.s)
00442        output   += RC2_BLOCK_SIZE;
00443        input    += RC2_BLOCK_SIZE;
00444        inputLen -= RC2_BLOCK_SIZE;
00445     }
00446     return SECSuccess;
00447 }
00448 
00449 
00450 /*
00451 ** Perform RC2 encryption.
00452 **     "cx" the context
00453 **     "output" the output buffer to store the encrypted data.
00454 **     "outputLen" how much data is stored in "output". Set by the routine
00455 **        after some data is stored in output.
00456 **     "maxOutputLen" the maximum amount of data that can ever be
00457 **        stored in "output"
00458 **     "input" the input data
00459 **     "inputLen" the amount of input data
00460 */
00461 SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
00462                     unsigned int *outputLen, unsigned int maxOutputLen,
00463                     const unsigned char *input, unsigned int inputLen)
00464 {
00465     SECStatus rv = SECSuccess;
00466     if (inputLen) {
00467        if (inputLen % RC2_BLOCK_SIZE) {
00468            PORT_SetError(SEC_ERROR_INPUT_LEN);
00469            return SECFailure;
00470        }
00471        if (maxOutputLen < inputLen) {
00472            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
00473            return SECFailure;
00474        }
00475        rv = (*cx->enc)(cx, output, input, inputLen);
00476     }
00477     if (rv == SECSuccess) {
00478        *outputLen = inputLen;
00479     }
00480     return rv;
00481 }
00482 
00483 /*
00484 ** Perform RC2 decryption.
00485 **     "cx" the context
00486 **     "output" the output buffer to store the decrypted data.
00487 **     "outputLen" how much data is stored in "output". Set by the routine
00488 **        after some data is stored in output.
00489 **     "maxOutputLen" the maximum amount of data that can ever be
00490 **        stored in "output"
00491 **     "input" the input data
00492 **     "inputLen" the amount of input data
00493 */
00494 SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
00495                     unsigned int *outputLen, unsigned int maxOutputLen,
00496                     const unsigned char *input, unsigned int inputLen)
00497 {
00498     SECStatus rv = SECSuccess;
00499     if (inputLen) {
00500        if (inputLen % RC2_BLOCK_SIZE) {
00501            PORT_SetError(SEC_ERROR_INPUT_LEN);
00502            return SECFailure;
00503        }
00504        if (maxOutputLen < inputLen) {
00505            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
00506            return SECFailure;
00507        }
00508        rv = (*cx->dec)(cx, output, input, inputLen);
00509     }
00510     if (rv == SECSuccess) {
00511        *outputLen = inputLen;
00512     }
00513     return rv;
00514 }
00515