archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/inetcore/outlookexpress/msoeacct/crypt16.c

394 lines
9.3 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. // ------------------------------------------------------------------------
  2. // Crypt16.c
  3. // Copyright (c)1993-1995 Microsoft Corporation, All Rights Reserved
  4. //
  5. // ------------------------------------------------------------------------
  7. #include "crypt16.h"
  9. static int check_parity();
  11. int des_check_key=0;
  13. void des_set_odd_parity(key)
  14. des_cblock *key;
  15. {
  16. int i;
  18. for (i=0; i<DES_KEY_SZ; i++)
  19. (*key)[i]=odd_parity[(*key)[i]];
  20. }
  22. static int check_parity(key)
  23. des_cblock *key;
  24. {
  25. int i;
  27. for (i=0; i<DES_KEY_SZ; i++)
  28. {
  29. if ((*key)[i] != odd_parity[(*key)[i]])
  30. return(0);
  31. }
  32. return(1);
  33. }
  35. /* Weak and semi week keys as take from
  36. * %A D.W. Davies
  37. * %A W.L. Price
  38. * %T Security for Computer Networks
  39. * %I John Wiley & Sons
  40. * %D 1984
  41. * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
  42. * (and actual cblock values).
  43. */
  44. #define NUM_WEAK_KEY 16
  45. static des_cblock weak_keys[NUM_WEAK_KEY]={
  46. /* weak keys */
  47. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  48. 0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,
  49. 0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,
  50. 0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,
  51. /* semi-weak keys */
  52. 0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,
  53. 0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,
  54. 0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1,
  55. 0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E,
  56. 0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,
  57. 0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01,
  58. 0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE,
  59. 0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,
  60. 0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,
  61. 0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01,
  62. 0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
  63. 0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1};
  65. int des_is_weak_key(key)
  66. des_cblock *key;
  67. {
  68. ulong *lp;
  69. register ulong l,r;
  70. int i;
  72. c2l(key,l);
  73. c2l(key,r);
  74. /* the weak_keys bytes should be aligned */
  75. lp=(ulong *)weak_keys;
  76. for (i=0; i<NUM_WEAK_KEY; i++)
  77. {
  78. if ((l == lp[0]) && (r == lp[1]))
  79. return(1);
  80. lp+=2;
  81. }
  82. return(0);
  83. }
  85. /* See ecb_encrypt.c for a pseudo description of these macros. */
  86. #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
  87. (b)^=(t),\
  88. (a)^=((t)<<(n)))
  90. #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
  91. (a)=(a)^(t)^(t>>(16-(n))))\
  93. static char shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
  95. /* return 0 if key parity is odd (correct),
  96. * return -1 if key parity error,
  97. * return -2 if illegal weak key.
  98. */
  99. int des_set_key(key,schedule)
  100. des_cblock *key;
  101. des_key_schedule schedule;
  102. {
  103. register ulong c,d,t,s;
  104. register uchar *in;
  105. register ulong *k;
  106. register int i;
  108. if (des_check_key)
  109. {
  110. if (!check_parity(key))
  111. return(-1);
  113. if (des_is_weak_key(key))
  114. return(-2);
  115. }
  117. k=(ulong *)schedule;
  118. in=(uchar *)key;
  120. c2l(in,c);
  121. c2l(in,d);
  123. /* do PC1 in 60 simple operations */
  124. PERM_OP(d,c,t,4,0x0f0f0f0f);
  125. HPERM_OP(c,t,-2, 0xcccc0000);
  126. HPERM_OP(c,t,-1, 0xaaaa0000);
  127. HPERM_OP(c,t, 8, 0x00ff0000);
  128. HPERM_OP(c,t,-1, 0xaaaa0000);
  129. HPERM_OP(d,t,-8, 0xff000000);
  130. HPERM_OP(d,t, 8, 0x00ff0000);
  131. HPERM_OP(d,t, 2, 0x33330000);
  132. d=((d&0x00aa00aa)<<7)|((d&0x55005500)>>7)|(d&0xaa55aa55);
  133. d=(d>>8)|((c&0xf0000000)>>4);
  134. c&=0x0fffffff;
  136. for (i=0; i<ITERATIONS; i++)
  137. {
  138. if (shifts2[i])
  139. { c=((c>>2)|(c<<26)); d=((d>>2)|(d<<26)); }
  140. else
  141. { c=((c>>1)|(c<<27)); d=((d>>1)|(d<<27)); }
  142. c&=0x0fffffff;
  143. d&=0x0fffffff;
  144. /* could be a few less shifts but I am to lazy at this
  145. * point in time to investigate */
  146. s= des_skb[0][ (c )&0x3f ]|
  147. des_skb[1][((c>> 6)&0x03)|((c>> 7)&0x3c)]|
  148. des_skb[2][((c>>13)&0x0f)|((c>>14)&0x30)]|
  149. des_skb[3][((c>>20)&0x01)|((c>>21)&0x06) |
  150. ((c>>22)&0x38)];
  151. t= des_skb[4][ (d )&0x3f ]|
  152. des_skb[5][((d>> 7)&0x03)|((d>> 8)&0x3c)]|
  153. des_skb[6][ (d>>15)&0x3f ]|
  154. des_skb[7][((d>>21)&0x0f)|((d>>22)&0x30)];
  156. /* table contained 0213 4657 */
  157. *(k++)=((t<<16)|(s&0x0000ffff));
  158. s= ((s>>16)|(t&0xffff0000));
  160. s=(s<<4)|(s>>28);
  161. *(k++)=s;
  162. }
  163. return(0);
  164. }
  166. int des_key_sched(key,schedule)
  167. des_cblock *key;
  168. des_key_schedule schedule;
  169. {
  170. return(des_set_key(key,schedule));
  171. }
  174. /* The changes to this macro may help or hinder, depending on the
  175. * compiler and the achitecture. gcc2 always seems to do well :-).
  176. * Inspired by Dana How <how@isl.stanford.edu> */
  177. #ifdef ALT_ECB
  178. #define D_ENCRYPT(L,R,S) \
  179. u=((R^s[S ])<<2); \
  180. t= R^s[S+1]; \
  181. t=((t>>2)+(t<<30)); \
  182. L^= \
  183. *(ulong *)(des_SP+0x0100+((t )&0xfc))+ \
  184. *(ulong *)(des_SP+0x0300+((t>> 8)&0xfc))+ \
  185. *(ulong *)(des_SP+0x0500+((t>>16)&0xfc))+ \
  186. *(ulong *)(des_SP+0x0700+((t>>24)&0xfc))+ \
  187. *(ulong *)(des_SP+ ((u )&0xfc))+ \
  188. *(ulong *)(des_SP+0x0200+((u>> 8)&0xfc))+ \
  189. *(ulong *)(des_SP+0x0400+((u>>16)&0xfc))+ \
  190. *(ulong *)(des_SP+0x0600+((u>>24)&0xfc));
  191. #else /* original version */
  192. #define D_ENCRYPT(L,R,S) \
  193. u=(R^s[S ]); \
  194. t=R^s[S+1]; \
  195. t=((t>>4)+(t<<28)); \
  196. L^= des_SPtrans[1][(t )&0x3f]| \
  197. des_SPtrans[3][(t>> 8)&0x3f]| \
  198. des_SPtrans[5][(t>>16)&0x3f]| \
  199. des_SPtrans[7][(t>>24)&0x3f]| \
  200. des_SPtrans[0][(u )&0x3f]| \
  201. des_SPtrans[2][(u>> 8)&0x3f]| \
  202. des_SPtrans[4][(u>>16)&0x3f]| \
  203. des_SPtrans[6][(u>>24)&0x3f];
  204. #endif
  206. /* IP and FP
  207. * The problem is more of a geometric problem that random bit fiddling.
  208. 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
  209. 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
  210. 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
  211. 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
  213. 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
  214. 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
  215. 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
  216. 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
  218. The output has been subject to swaps of the form
  219. 0 1 -> 3 1 but the odd and even bits have been put into
  220. 2 3 2 0
  221. different words. The main trick is to remember that
  222. t=((l>>size)^r)&(mask);
  223. r^=t;
  224. l^=(t<<size);
  225. can be used to swap and move bits between words.
  227. So l = 0 1 2 3 r = 16 17 18 19
  228. 4 5 6 7 20 21 22 23
  229. 8 9 10 11 24 25 26 27
  230. 12 13 14 15 28 29 30 31
  231. becomes (for size == 2 and mask == 0x3333)
  232. t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
  233. 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
  234. 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
  235. 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
  237. Thanks for hints from Richard Outerbridge - he told me IP&FP
  238. could be done in 15 xor, 10 shifts and 5 ands.
  239. When I finally started to think of the problem in 2D
  240. I first got ~42 operations without xors. When I remembered
  241. how to use xors :-) I got it to its final state.
  242. */
  243. #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
  244. (b)^=(t),\
  245. (a)^=((t)<<(n)))
  247. int des_encrypt(input,output,ks,encrypt)
  248. ulong *input;
  249. ulong *output;
  250. des_key_schedule ks;
  251. int encrypt;
  252. {
  253. register ulong l,r,t,u;
  254. #ifdef ALT_ECB
  255. register uchar *des_SP=(uchar *)des_SPtrans;
  256. #endif
  257. register int i;
  258. register ulong *s;
  260. l=input[0];
  261. r=input[1];
  263. /* do IP */
  264. PERM_OP(r,l,t, 4,0x0f0f0f0f);
  265. PERM_OP(l,r,t,16,0x0000ffff);
  266. PERM_OP(r,l,t, 2,0x33333333);
  267. PERM_OP(l,r,t, 8,0x00ff00ff);
  268. PERM_OP(r,l,t, 1,0x55555555);
  269. /* r and l are reversed - remember that :-) - fix
  270. * it in the next step */
  272. /* Things have been modified so that the initial rotate is
  273. * done outside the loop. This required the
  274. * des_SPtrans values in sp.h to be rotated 1 bit to the right.
  275. * One perl script later and things have a 5% speed up on a sparc2.
  276. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
  277. * for pointing this out. */
  278. t=(r<<1)|(r>>31);
  279. r=(l<<1)|(l>>31);
  280. l=t;
  282. s=(ulong *)ks;
  283. /* I don't know if it is worth the effort of loop unrolling the
  284. * inner loop */
  285. if (encrypt)
  286. {
  287. for (i=0; i<32; i+=4)
  288. {
  289. D_ENCRYPT(l,r,i+0); /* 1 */
  290. D_ENCRYPT(r,l,i+2); /* 2 */
  291. }
  292. }
  293. else
  294. {
  295. for (i=30; i>0; i-=4)
  296. {
  297. D_ENCRYPT(l,r,i-0); /* 16 */
  298. D_ENCRYPT(r,l,i-2); /* 15 */
  299. }
  300. }
  301. l=(l>>1)|(l<<31);
  302. r=(r>>1)|(r<<31);
  304. /* swap l and r
  305. * we will not do the swap so just remember they are
  306. * reversed for the rest of the subroutine
  307. * luckily FP fixes this problem :-) */
  309. PERM_OP(r,l,t, 1,0x55555555);
  310. PERM_OP(l,r,t, 8,0x00ff00ff);
  311. PERM_OP(r,l,t, 2,0x33333333);
  312. PERM_OP(l,r,t,16,0x0000ffff);
  313. PERM_OP(r,l,t, 4,0x0f0f0f0f);
  315. output[0]=l;
  316. output[1]=r;
  317. return(0);
  318. }
  323. int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
  324. des_cblock *input;
  325. des_cblock *output;
  326. long length;
  327. des_key_schedule schedule;
  328. des_cblock *ivec;
  329. int encrypt;
  330. {
  331. register ulong tin0,tin1;
  332. register ulong tout0,tout1,xor0,xor1;
  333. register uchar *in,*out;
  334. register long l=length;
  335. ulong tout[2],tin[2];
  336. uchar *iv;
  338. in=(uchar *)input;
  339. out=(uchar *)output;
  340. iv=(uchar *)ivec;
  342. if (encrypt)
  343. {
  344. c2l(iv,tout0);
  345. c2l(iv,tout1);
  346. for (; l>0; l-=8)
  347. {
  348. if (l >= 8)
  349. {
  350. c2l(in,tin0);
  351. c2l(in,tin1);
  352. }
  353. else
  354. c2ln(in,tin0,tin1,l);
  355. tin0^=tout0;
  356. tin1^=tout1;
  357. tin[0]=tin0;
  358. tin[1]=tin1;
  359. des_encrypt((ulong *)tin,(ulong *)tout,
  360. schedule,encrypt);
  361. tout0=tout[0];
  362. tout1=tout[1];
  363. l2c(tout0,out);
  364. l2c(tout1,out);
  365. }
  366. }
  367. else
  368. {
  369. c2l(iv,xor0);
  370. c2l(iv,xor1);
  371. for (; l>0; l-=8)
  372. {
  373. c2l(in,tin0);
  374. c2l(in,tin1);
  375. tin[0]=tin0;
  376. tin[1]=tin1;
  377. des_encrypt((ulong *)tin,(ulong *)tout,
  378. schedule,encrypt);
  379. tout0=tout[0]^xor0;
  380. tout1=tout[1]^xor1;
  381. if (l >= 8)
  382. {
  383. l2c(tout0,out);
  384. l2c(tout1,out);
  385. }
  386. else
  387. l2cn(tout0,tout1,out,l);
  388. xor0=tin0;
  389. xor1=tin1;
  390. }
  391. }
  392. tin0=tin1=tout0=tout1=xor0=xor1=0;
  393. return(0);
  394. }