wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix major cockup with short keys in CAST-128.

Browse source
This commit is contained in:
Ben Laurie 1999-01-17 16:26:24 +00:00
parent fdd3b64215
commit 649cdb7be9
7 changed files with 224 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
CHANGES
View file

@ -5,6 +5,16 @@
Changes between 0.9.1c and 0.9.2
*) CAST-128 was incorrectly implemented for short keys. The C version has
been fixed, but is untested. The assembler versions are also fixed, but
new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
to regenerate it if needed.
[Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
Hagino <itojun@kame.net>]
*) File was opened incorrectly in randfile.c.
[Ulf Möller <ulf@fitug.de>]
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
GeneralizedTime. ASN1_TIME is the proper type used in certificates et

2
crypto/cast/Makefile.ssl
View file

@ -66,7 +66,7 @@ asm/cx86-out.o: asm/cx86unix.cpp
asm/cx86bsdi.o: asm/cx86unix.cpp
$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
asm/cx86unix.cpp:
asm/cx86unix.cpp: asm/cast-586.pl
(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
files:

220
crypto/cast/asm/cast-586.pl
View file

@ -32,136 +32,144 @@ $S4="CAST_S_table3";
&asm_finish();
sub CAST_encrypt
{
local($name,$enc)=@_;
sub CAST_encrypt {
local($name,$enc)=@_;
local($win_ex)=<<"EOF";
local($win_ex)=<<"EOF";
EXTERN _CAST_S_table0:DWORD
EXTERN _CAST_S_table1:DWORD
EXTERN _CAST_S_table2:DWORD
EXTERN _CAST_S_table3:DWORD
EOF
&main'external_label(
"CAST_S_table0",
"CAST_S_table1",
"CAST_S_table2",
"CAST_S_table3",
);
&main::external_label(
"CAST_S_table0",
"CAST_S_table1",
"CAST_S_table2",
"CAST_S_table3",
);
&function_begin_B($name,$win_ex);
&function_begin_B($name,$win_ex);
&comment("");
&comment("");
&push("ebp");
&push("ebx");
&mov($tmp2,&wparam(0));
&mov($K,&wparam(1));
&push("esi");
&push("edi");
&push("ebp");
&push("ebx");
&mov($tmp2,&wparam(0));
&mov($K,&wparam(1));
&push("esi");
&push("edi");
&comment("Load the 2 words");
&mov($L,&DWP(0,$tmp2,"",0));
&mov($R,&DWP(4,$tmp2,"",0));
&comment("Load the 2 words");
&mov($L,&DWP(0,$tmp2,"",0));
&mov($R,&DWP(4,$tmp2,"",0));
&xor( $tmp3, $tmp3);
&comment('Get short key flag');
&mov($tmp3,&DWP(128,$K,"",0));
if($enc) {
&push($tmp3);
} else {
&or($tmp3,$tmp3);
&jnz(&label('cast_dec_skip'));
}
# encrypting part
&xor($tmp3, $tmp3);
if ($enc)
{
&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
}
else
{
&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
}
# encrypting part
&nop();
&mov(&DWP(4,$tmp3,"",0),$L);
&mov(&DWP(0,$tmp3,"",0),$R);
&function_end($name);
}
if ($enc) {
&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&comment('test short key flag');
&pop($tmp4);
&or($tmp4,$tmp4);
&jnz(&label('cast_enc_done'));
&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
} else {
&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&set_label('cast_dec_skip');
&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
}
sub E_CAST
{
local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_;
# Ri needs to have 16 pre added.
&set_label('cast_enc_done') if $enc;
# Why the nop? - Ben 17/1/99
&nop();
&mov($tmp3,&wparam(0));
&mov(&DWP(4,$tmp3,"",0),$L);
&mov(&DWP(0,$tmp3,"",0),$R);
&function_end($name);
}
&comment("round $i");
&mov( $tmp4, &DWP($i*8,$K,"",1));
sub E_CAST {
local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
# Ri needs to have 16 pre added.
&mov( $tmp1, &DWP($i*8+4,$K,"",1));# must be word
&$OP1( $tmp4, $R);
&comment("round $i");
&mov( $tmp4, &DWP($i*8,$K,"",1));
&rotl( $tmp4, &LB($tmp1));
&mov( $tmp1, &DWP($i*8+4,$K,"",1));
&$OP1( $tmp4, $R);
if ($ppro)
{
&mov( $tmp2, $tmp4); # B
&xor( $tmp1, $tmp1);
&rotl( $tmp4, &LB($tmp1));
&movb( &LB($tmp1), &HB($tmp4)); # A
&and( $tmp2, 0xff);
if ($ppro) {
&mov( $tmp2, $tmp4); # B
&xor( $tmp1, $tmp1);
&movb( &LB($tmp1), &HB($tmp4)); # A
&and( $tmp2, 0xff);
&shr( $tmp4, 16); #
&xor( $tmp3, $tmp3);
}
else
{
&mov( $tmp2, $tmp4); # B
&movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD
&shr( $tmp4, 16); #
&xor( $tmp3, $tmp3);
} else {
&mov( $tmp2, $tmp4); # B
&movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD
&shr( $tmp4, 16); #
&and( $tmp2, 0xff);
}
&shr( $tmp4, 16); #
&and( $tmp2, 0xff);
}
&movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD
&and( $tmp4, 0xff); # D
&movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD
&and( $tmp4, 0xff); # D
&mov( $tmp1, &DWP($S1,"",$tmp1,4));
&mov( $tmp2, &DWP($S2,"",$tmp2,4));
&mov( $tmp1, &DWP($S1,"",$tmp1,4));
&mov( $tmp2, &DWP($S2,"",$tmp2,4));
&$OP2( $tmp1, $tmp2);
&mov( $tmp2, &DWP($S3,"",$tmp3,4));
&$OP2( $tmp1, $tmp2);
&mov( $tmp2, &DWP($S3,"",$tmp3,4));
&$OP3( $tmp1, $tmp2);
&mov( $tmp2, &DWP($S4,"",$tmp4,4));
&$OP3( $tmp1, $tmp2);
&mov( $tmp2, &DWP($S4,"",$tmp4,4));
&$OP1( $tmp1, $tmp2);
# XXX
&$OP1( $tmp1, $tmp2);
&mov($tmp3,&wparam(0)) if $lst;
# XXX
&xor( $L, $tmp1);
# XXX
}
&xor( $L, $tmp1);
# XXX
}

22
crypto/cast/c_enc.c
View file

@ -81,10 +81,13 @@ CAST_KEY *key;
E_CAST( 9,k,r,l,+,^,-);
E_CAST(10,k,l,r,^,-,+);
E_CAST(11,k,r,l,-,+,^);
E_CAST(12,k,l,r,+,^,-);
E_CAST(13,k,r,l,^,-,+);
E_CAST(14,k,l,r,-,+,^);
E_CAST(15,k,r,l,+,^,-);
if(!k->short_key)
{
E_CAST(12,k,l,r,+,^,-);
E_CAST(13,k,r,l,^,-,+);
E_CAST(14,k,l,r,-,+,^);
E_CAST(15,k,r,l,+,^,-);
}
data[1]=l&0xffffffffL;
data[0]=r&0xffffffffL;
@ -100,10 +103,13 @@ CAST_KEY *key;
l=data[0];
r=data[1];
E_CAST(15,k,l,r,+,^,-);
E_CAST(14,k,r,l,-,+,^);
E_CAST(13,k,l,r,^,-,+);
E_CAST(12,k,r,l,+,^,-);
if(!k->short_key)
{
E_CAST(15,k,l,r,+,^,-);
E_CAST(14,k,r,l,-,+,^);
E_CAST(13,k,l,r,^,-,+);
E_CAST(12,k,r,l,+,^,-);
}
E_CAST(11,k,l,r,-,+,^);
E_CAST(10,k,r,l,^,-,+);
E_CAST( 9,k,l,r,+,^,-);

4
crypto/cast/c_skey.c
View file

@ -88,6 +88,10 @@ unsigned char *data;
if (len > 16) len=16;
for (i=0; i<len; i++)
x[i]=data[i];
if(len <= 10)
key->short_key=1;
else
key->short_key=0;
K= &k[0];
X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;

1
crypto/cast/cast.h
View file

@ -74,6 +74,7 @@ extern "C" {
typedef struct cast_key_st
{
CAST_LONG data[32];
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
#ifndef NOPROTO

159
crypto/cast/casttest.c
View file

@ -61,7 +61,7 @@
#include <stdlib.h>
#include "cast.h"
/* #define FULL_TEST */
#define FULL_TEST
unsigned char k[16]={
0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
@ -70,7 +70,7 @@ unsigned char k[16]={
unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
int k_len[3]={16,10};
int k_len[3]={16,10,5};
unsigned char c[3][8]={
{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
@ -123,101 +123,102 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
int main(argc,argv)
int argc;
char *argv[];
{
{
#ifdef FULL_TEST
long l;
CAST_KEY key_b;
long l;
CAST_KEY key_b;
#endif
int i,z,err=0;
CAST_KEY key;
int i,z,err=0;
CAST_KEY key;
for (z=0; z<1; z++)
{
for (z=0; z<3; z++)
{
CAST_set_key(&key,k_len[z],k);
CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
if (memcmp(out,&(c[z][0]),8) != 0)
{
printf("ecb cast error encrypting\n");
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",c[z][i]);
err=20;
printf("\n");
}
{
printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",c[z][i]);
err=20;
printf("\n");
}
CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
if (memcmp(out,in,8) != 0)
{
printf("ecb cast error decrypting\n");
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",in[i]);
printf("\n");
err=3;
}
{
printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",in[i]);
printf("\n");
err=3;
}
}
if (err == 0) printf("ecb cast5 ok\n");
if (err == 0)
printf("ecb cast5 ok\n");
#ifdef FULL_TEST
{
unsigned char out_a[16],out_b[16];
static char *hex="0123456789ABCDEF";
{
unsigned char out_a[16],out_b[16];
static char *hex="0123456789ABCDEF";
printf("This test will take some time....");
fflush(stdout);
memcpy(out_a,in_a,sizeof(in_a));
memcpy(out_b,in_b,sizeof(in_b));
i=1;
printf("This test will take some time....");
fflush(stdout);
memcpy(out_a,in_a,sizeof(in_a));
memcpy(out_b,in_b,sizeof(in_b));
i=1;
for (l=0; l<1000000L; l++)
{
CAST_set_key(&key_b,16,out_b);
CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
CAST_set_key(&key,16,out_a);
CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
if ((l & 0xffff) == 0xffff)
{
printf("%c",hex[i&0x0f]);
fflush(stdout);
i++;
}
}
for (l=0; l<1000000L; l++)
{
CAST_set_key(&key_b,16,out_b);
CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
CAST_set_key(&key,16,out_a);
CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
if ((l & 0xffff) == 0xffff)
{
printf("%c",hex[i&0x0f]);
fflush(stdout);
i++;
}
}
if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
(memcmp(out_b,c_b,sizeof(c_b)) != 0))
{
printf("\n");
printf("Error\n");
{
printf("\n");
printf("Error\n");
printf("A out =");
for (i=0; i<16; i++) printf("%02X ",out_a[i]);
printf("\nactual=");
for (i=0; i<16; i++) printf("%02X ",c_a[i]);
printf("\n");
printf("A out =");
for (i=0; i<16; i++) printf("%02X ",out_a[i]);
printf("\nactual=");
for (i=0; i<16; i++) printf("%02X ",c_a[i]);
printf("\n");
printf("B out =");
for (i=0; i<16; i++) printf("%02X ",out_b[i]);
printf("\nactual=");
for (i=0; i<16; i++) printf("%02X ",c_b[i]);
printf("\n");
}
else
printf(" ok\n");
}
printf("B out =");
for (i=0; i<16; i++) printf("%02X ",out_b[i]);
printf("\nactual=");
for (i=0; i<16; i++) printf("%02X ",c_b[i]);
printf("\n");
}
else
printf(" ok\n");
}
#endif
exit(err);
return(err);
}
exit(err);
return(err);
}