Fix major cockup with short keys in CAST-128.
This commit is contained in:
Ben Laurie
parent
fdd3b64215
commit
649cdb7be9
7 changed files with 224 additions and 194 deletions
10
CHANGES
10
CHANGES
|
|
@ -5,6 +5,16 @@
|
|||
|
||||
Changes between 0.9.1c and 0.9.2
|
||||
|
||||
*) CAST-128 was incorrectly implemented for short keys. The C version has
|
||||
been fixed, but is untested. The assembler versions are also fixed, but
|
||||
new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
|
||||
to regenerate it if needed.
|
||||
[Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
|
||||
Hagino <itojun@kame.net>]
|
||||
|
||||
*) File was opened incorrectly in randfile.c.
|
||||
[Ulf Möller <ulf@fitug.de>]
|
||||
|
||||
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
|
||||
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
|
||||
GeneralizedTime. ASN1_TIME is the proper type used in certificates et
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ asm/cx86-out.o: asm/cx86unix.cpp
|
|||
asm/cx86bsdi.o: asm/cx86unix.cpp
|
||||
$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
|
||||
|
||||
asm/cx86unix.cpp:
|
||||
asm/cx86unix.cpp: asm/cast-586.pl
|
||||
(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
|
||||
|
||||
files:
|
||||
|
|
|
|||
|
|
@ -32,8 +32,7 @@ $S4="CAST_S_table3";
|
|||
|
||||
&asm_finish();
|
||||
|
||||
sub CAST_encrypt
|
||||
{
|
||||
sub CAST_encrypt {
|
||||
local($name,$enc)=@_;
|
||||
|
||||
local($win_ex)=<<"EOF";
|
||||
|
|
@ -42,7 +41,7 @@ EXTERN _CAST_S_table1:DWORD
|
|||
EXTERN _CAST_S_table2:DWORD
|
||||
EXTERN _CAST_S_table3:DWORD
|
||||
EOF
|
||||
&main'external_label(
|
||||
&main::external_label(
|
||||
"CAST_S_table0",
|
||||
"CAST_S_table1",
|
||||
"CAST_S_table2",
|
||||
|
|
@ -64,12 +63,20 @@ EOF
|
|||
&mov($L,&DWP(0,$tmp2,"",0));
|
||||
&mov($R,&DWP(4,$tmp2,"",0));
|
||||
|
||||
&xor( $tmp3, $tmp3);
|
||||
&comment('Get short key flag');
|
||||
&mov($tmp3,&DWP(128,$K,"",0));
|
||||
if($enc) {
|
||||
&push($tmp3);
|
||||
} else {
|
||||
&or($tmp3,$tmp3);
|
||||
&jnz(&label('cast_dec_skip'));
|
||||
}
|
||||
|
||||
&xor($tmp3, $tmp3);
|
||||
|
||||
# encrypting part
|
||||
|
||||
if ($enc)
|
||||
{
|
||||
if ($enc) {
|
||||
&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
|
|
@ -82,17 +89,20 @@ EOF
|
|||
&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&comment('test short key flag');
|
||||
&pop($tmp4);
|
||||
&or($tmp4,$tmp4);
|
||||
&jnz(&label('cast_enc_done'));
|
||||
&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
|
||||
}
|
||||
else
|
||||
{
|
||||
&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
} else {
|
||||
&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&set_label('cast_dec_skip');
|
||||
&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
|
|
@ -104,30 +114,31 @@ EOF
|
|||
&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
|
||||
&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
|
||||
}
|
||||
|
||||
&set_label('cast_enc_done') if $enc;
|
||||
# Why the nop? - Ben 17/1/99
|
||||
&nop();
|
||||
&mov($tmp3,&wparam(0));
|
||||
&mov(&DWP(4,$tmp3,"",0),$L);
|
||||
&mov(&DWP(0,$tmp3,"",0),$R);
|
||||
&function_end($name);
|
||||
}
|
||||
}
|
||||
|
||||
sub E_CAST
|
||||
{
|
||||
local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_;
|
||||
sub E_CAST {
|
||||
local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
|
||||
# Ri needs to have 16 pre added.
|
||||
|
||||
&comment("round $i");
|
||||
&mov( $tmp4, &DWP($i*8,$K,"",1));
|
||||
|
||||
&mov( $tmp1, &DWP($i*8+4,$K,"",1));# must be word
|
||||
&mov( $tmp1, &DWP($i*8+4,$K,"",1));
|
||||
&$OP1( $tmp4, $R);
|
||||
|
||||
&rotl( $tmp4, &LB($tmp1));
|
||||
|
||||
if ($ppro)
|
||||
{
|
||||
if ($ppro) {
|
||||
&mov( $tmp2, $tmp4); # B
|
||||
&xor( $tmp1, $tmp1);
|
||||
|
||||
|
|
@ -136,9 +147,7 @@ sub E_CAST
|
|||
|
||||
&shr( $tmp4, 16); #
|
||||
&xor( $tmp3, $tmp3);
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
&mov( $tmp2, $tmp4); # B
|
||||
&movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD
|
||||
|
||||
|
|
@ -159,9 +168,8 @@ sub E_CAST
|
|||
&mov( $tmp2, &DWP($S4,"",$tmp4,4));
|
||||
|
||||
&$OP1( $tmp1, $tmp2);
|
||||
&mov($tmp3,&wparam(0)) if $lst;
|
||||
# XXX
|
||||
|
||||
&xor( $L, $tmp1);
|
||||
# XXX
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,10 +81,13 @@ CAST_KEY *key;
|
|||
E_CAST( 9,k,r,l,+,^,-);
|
||||
E_CAST(10,k,l,r,^,-,+);
|
||||
E_CAST(11,k,r,l,-,+,^);
|
||||
if(!k->short_key)
|
||||
{
|
||||
E_CAST(12,k,l,r,+,^,-);
|
||||
E_CAST(13,k,r,l,^,-,+);
|
||||
E_CAST(14,k,l,r,-,+,^);
|
||||
E_CAST(15,k,r,l,+,^,-);
|
||||
}
|
||||
|
||||
data[1]=l&0xffffffffL;
|
||||
data[0]=r&0xffffffffL;
|
||||
|
|
@ -100,10 +103,13 @@ CAST_KEY *key;
|
|||
l=data[0];
|
||||
r=data[1];
|
||||
|
||||
if(!k->short_key)
|
||||
{
|
||||
E_CAST(15,k,l,r,+,^,-);
|
||||
E_CAST(14,k,r,l,-,+,^);
|
||||
E_CAST(13,k,l,r,^,-,+);
|
||||
E_CAST(12,k,r,l,+,^,-);
|
||||
}
|
||||
E_CAST(11,k,l,r,-,+,^);
|
||||
E_CAST(10,k,r,l,^,-,+);
|
||||
E_CAST( 9,k,l,r,+,^,-);
|
||||
|
|
|
|||
|
|
@ -88,6 +88,10 @@ unsigned char *data;
|
|||
if (len > 16) len=16;
|
||||
for (i=0; i<len; i++)
|
||||
x[i]=data[i];
|
||||
if(len <= 10)
|
||||
key->short_key=1;
|
||||
else
|
||||
key->short_key=0;
|
||||
|
||||
K= &k[0];
|
||||
X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
|
||||
|
|
|
|||
|
|
@ -74,6 +74,7 @@ extern "C" {
|
|||
typedef struct cast_key_st
|
||||
{
|
||||
CAST_LONG data[32];
|
||||
int short_key; /* Use reduced rounds for short key */
|
||||
} CAST_KEY;
|
||||
|
||||
#ifndef NOPROTO
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
#include <stdlib.h>
|
||||
#include "cast.h"
|
||||
|
||||
/* #define FULL_TEST */
|
||||
#define FULL_TEST
|
||||
|
||||
unsigned char k[16]={
|
||||
0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
|
||||
|
|
@ -70,7 +70,7 @@ unsigned char k[16]={
|
|||
|
||||
unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
|
||||
|
||||
int k_len[3]={16,10};
|
||||
int k_len[3]={16,10,5};
|
||||
unsigned char c[3][8]={
|
||||
{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
|
||||
{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
|
||||
|
|
@ -131,14 +131,14 @@ char *argv[];
|
|||
int i,z,err=0;
|
||||
CAST_KEY key;
|
||||
|
||||
for (z=0; z<1; z++)
|
||||
for (z=0; z<3; z++)
|
||||
{
|
||||
CAST_set_key(&key,k_len[z],k);
|
||||
|
||||
CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
|
||||
if (memcmp(out,&(c[z][0]),8) != 0)
|
||||
{
|
||||
printf("ecb cast error encrypting\n");
|
||||
printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
|
||||
printf("got :");
|
||||
for (i=0; i<8; i++)
|
||||
printf("%02X ",out[i]);
|
||||
|
|
@ -153,7 +153,7 @@ char *argv[];
|
|||
CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
|
||||
if (memcmp(out,in,8) != 0)
|
||||
{
|
||||
printf("ecb cast error decrypting\n");
|
||||
printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
|
||||
printf("got :");
|
||||
for (i=0; i<8; i++)
|
||||
printf("%02X ",out[i]);
|
||||
|
|
@ -165,7 +165,8 @@ char *argv[];
|
|||
err=3;
|
||||
}
|
||||
}
|
||||
if (err == 0) printf("ecb cast5 ok\n");
|
||||
if (err == 0)
|
||||
printf("ecb cast5 ok\n");
|
||||
|
||||
#ifdef FULL_TEST
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue