Commit | Line | Data |
---|---|---|
442dbcf7 BJ |
1 | # include <stdio.h> |
2 | /* file nbs.c | |
3 | This file has the necessary procedures to use the NBS algorithm | |
4 | to encrypt and decrypt strings of arbitrary length. | |
5 | ||
6 | Basically | |
7 | ||
8 | ciphertext = nbsencrypt(cleartext,secretkey,ciphertext); | |
9 | ||
10 | yields a string ciphertext from string cleartext using | |
11 | the secret string secretkey. | |
12 | Then | |
13 | ||
14 | cleartext = nbsdecrypt(ciphertext,secretkey,cleartext); | |
15 | ||
16 | yields the original string cleartext IF the string secretkey | |
17 | is the same for both calls. | |
18 | The third parameter is filled with the result of the call- | |
19 | it must be (11/8)*size(firstarg). | |
20 | The first and third areguments must be different. | |
21 | The cleartext must be ASCII - the top eighth bit is ignored, | |
22 | so binary data won't work. | |
23 | The plaintext is broken into 8 character sections, | |
24 | encrypted, and concatenated separated by $'s to make the ciphertext. | |
25 | The first 8 letter section uses the secretkey, subsequent | |
26 | sections use the cleartext of the previous section as | |
27 | the key. | |
28 | Thus the ciphertext depends on itself, except for | |
29 | the first section, which depends on the key. | |
30 | This means that sections of the ciphertext, except the first, | |
31 | may not stand alone. | |
32 | Only the first 8 characters of the key matter. | |
33 | */ | |
34 | char *deblknot(), *deblkclr(); | |
35 | char *nbs8decrypt(), *nbs8encrypt(); | |
36 | static char E[48]; | |
37 | char e[]; | |
38 | char *nbsencrypt(str,key,result) | |
39 | char *result; | |
40 | register char *str, *key; { | |
41 | static char buf[20],oldbuf[20]; | |
42 | register int j; | |
43 | result[0] = 0; | |
44 | strcpy(oldbuf,key); | |
45 | while(*str){ | |
46 | for(j=0;j<10;j++)buf[j] = 0; | |
47 | for(j=0;j<8 && *str;j++)buf[j] = *str++; | |
48 | strcat(result,nbs8encrypt(buf,oldbuf)); | |
49 | strcat(result,"$"); | |
50 | strcpy(oldbuf,buf); | |
51 | } | |
52 | return(result); | |
53 | } | |
54 | char *nbsdecrypt(cpt,key,result) | |
55 | char *result; | |
56 | register char *cpt,*key; { | |
57 | register char *s; | |
58 | char c,oldbuf[20]; | |
59 | result[0] = 0; | |
60 | strcpy(oldbuf,key); | |
61 | while(*cpt){ | |
62 | for(s = cpt;*s && *s != '$';s++); | |
63 | c = *s; | |
64 | *s = 0; | |
65 | strcpy(oldbuf,nbs8decrypt(cpt,oldbuf)); | |
66 | strcat(result,oldbuf); | |
67 | if(c == 0)break; | |
68 | cpt = s + 1; | |
69 | } | |
70 | return(result); | |
71 | } | |
72 | /* make key to be sent across the network */ | |
73 | makeuukey(skey,sn,mch) | |
74 | char *skey, *sn, mch; | |
75 | { | |
76 | skey[0] = mch; | |
77 | skey[1] = 0; | |
78 | strcat(skey,sn); | |
79 | } | |
80 | ||
81 | /* all other calls are private */ | |
82 | /* | |
83 | char _sobuf[BUFSIZ]; | |
84 | testing(){ | |
85 | static char res[BUFSIZ]; | |
86 | register char *s; | |
87 | char str[BUFSIZ]; | |
88 | setbuf(stdout,_sobuf); | |
89 | while(!feof(stdin)){ | |
90 | fprintf(stderr,"String:\n"); | |
91 | fgets(str,BUFSIZ,stdin); | |
92 | if(feof(stdin))break; | |
93 | strcat(str,"\n"); | |
94 | s = nbsencrypt(str,"hellothere",res); | |
95 | fprintf(stderr,"encrypted:\n%s\n",s); | |
96 | fprintf(stderr,"decrypted:\n"); | |
97 | printf("%s",nbsdecrypt(s,"hellothere",str)); | |
98 | fprintf(stderr,"\n"); | |
99 | } | |
100 | } | |
101 | */ | |
102 | /* | |
103 | To encrypt: | |
104 | The first level of call splits the input strings into strings | |
105 | no longer than 8 characters, for encryption. | |
106 | Then the encryption of 8 characters breaks all but the top bit | |
107 | of each character into a 64-character block, each character | |
108 | with 1 or 0 corresponding to binary. | |
109 | The key is set likewise. | |
110 | The encrypted form is then converted, 6 bits at a time, | |
111 | into an ASCII string. | |
112 | ||
113 | To decrypt: | |
114 | We take the result of the encryption, 6 significant bits | |
115 | per character, and convert it to the block(64-char) fmt. | |
116 | This is decrypted by running the nbs algorithm in reverse, | |
117 | and transformed back into 7bit ASCII. | |
118 | ||
119 | The subroutines to do ASCII blocking and deblocking | |
120 | are .....clr and the funny 6-bit code are .....not. | |
121 | ||
122 | */ | |
123 | ||
124 | char *nbs8encrypt(str,key) | |
125 | register char *str, *key; { | |
126 | static char keyblk[100], blk[100]; | |
127 | register int i; | |
128 | ||
129 | enblkclr(keyblk,key); | |
130 | nbssetkey(keyblk); | |
131 | ||
132 | for(i=0;i<48;i++) E[i] = e[i]; | |
133 | enblkclr(blk,str); | |
134 | blkencrypt(blk,0); /* forward dir */ | |
135 | ||
136 | return(deblknot(blk)); | |
137 | } | |
138 | char *nbs8decrypt(crp,key) | |
139 | register char *crp, *key; { | |
140 | static char keyblk[100], blk[100]; | |
141 | register int i; | |
142 | ||
143 | enblkclr(keyblk,key); | |
144 | nbssetkey(keyblk); | |
145 | ||
146 | for(i=0;i<48;i++) E[i] = e[i]; | |
147 | enblknot(blk,crp); | |
148 | blkencrypt(blk,1); /* backward dir */ | |
149 | ||
150 | return(deblkclr(blk)); | |
151 | } | |
152 | enblkclr(blk,str) /* ignores top bit of chars in string str */ | |
153 | char *blk,*str; { | |
154 | register int i,j; | |
155 | register char c; | |
156 | for(i=0;i<70;i++)blk[i] = 0; | |
157 | for(i=0; (c= *str) && i<64; str++){ | |
158 | for(j=0; j<7; j++, i++) | |
159 | blk[i] = (c>>(6-j)) & 01; | |
160 | i++; | |
161 | } | |
162 | } | |
163 | char *deblkclr(blk) | |
164 | char *blk; { | |
165 | register int i,j; | |
166 | register char c; | |
167 | static char iobuf[30]; | |
168 | for(i=0; i<10; i++){ | |
169 | c = 0; | |
170 | for(j=0; j<7; j++){ | |
171 | c <<= 1; | |
172 | c |= blk[8*i+j]; | |
173 | } | |
174 | iobuf[i] = c; | |
175 | } | |
176 | iobuf[i] = 0; | |
177 | return(iobuf); | |
178 | } | |
179 | enblknot(blk,crp) | |
180 | char *blk; | |
181 | char *crp; { | |
182 | register int i,j; | |
183 | register char c; | |
184 | for(i=0;i<70;i++)blk[i] = 0; | |
185 | for(i=0; (c= *crp) && i<64; crp++){ | |
186 | if(c>'Z') c -= 6; | |
187 | if(c>'9') c -= 7; | |
188 | c -= '.'; | |
189 | for(j=0; j<6; j++, i++) | |
190 | blk[i] = (c>>(5-j)) & 01; | |
191 | } | |
192 | } | |
193 | char *deblknot(blk) | |
194 | char *blk; { | |
195 | register int i,j; | |
196 | register char c; | |
197 | static char iobuf[30]; | |
198 | for(i=0; i<11; i++){ | |
199 | c = 0; | |
200 | for(j=0; j<6; j++){ | |
201 | c <<= 1; | |
202 | c |= blk[6*i+j]; | |
203 | } | |
204 | c += '.'; | |
205 | if(c > '9')c += 7; | |
206 | if(c > 'Z')c += 6; | |
207 | iobuf[i] = c; | |
208 | } | |
209 | iobuf[i] = 0; | |
210 | return(iobuf); | |
211 | } | |
212 | /* | |
213 | * This program implements the | |
214 | * Proposed Federal Information Processing | |
215 | * Data Encryption Standard. | |
216 | * See Federal Register, March 17, 1975 (40FR12134) | |
217 | */ | |
218 | ||
219 | /* | |
220 | * Initial permutation, | |
221 | */ | |
222 | static char IP[] = { | |
223 | 58,50,42,34,26,18,10, 2, | |
224 | 60,52,44,36,28,20,12, 4, | |
225 | 62,54,46,38,30,22,14, 6, | |
226 | 64,56,48,40,32,24,16, 8, | |
227 | 57,49,41,33,25,17, 9, 1, | |
228 | 59,51,43,35,27,19,11, 3, | |
229 | 61,53,45,37,29,21,13, 5, | |
230 | 63,55,47,39,31,23,15, 7, | |
231 | }; | |
232 | ||
233 | /* | |
234 | * Final permutation, FP = IP^(-1) | |
235 | */ | |
236 | static char FP[] = { | |
237 | 40, 8,48,16,56,24,64,32, | |
238 | 39, 7,47,15,55,23,63,31, | |
239 | 38, 6,46,14,54,22,62,30, | |
240 | 37, 5,45,13,53,21,61,29, | |
241 | 36, 4,44,12,52,20,60,28, | |
242 | 35, 3,43,11,51,19,59,27, | |
243 | 34, 2,42,10,50,18,58,26, | |
244 | 33, 1,41, 9,49,17,57,25, | |
245 | }; | |
246 | ||
247 | /* | |
248 | * Permuted-choice 1 from the key bits | |
249 | * to yield C and D. | |
250 | * Note that bits 8,16... are left out: | |
251 | * They are intended for a parity check. | |
252 | */ | |
253 | static char PC1_C[] = { | |
254 | 57,49,41,33,25,17, 9, | |
255 | 1,58,50,42,34,26,18, | |
256 | 10, 2,59,51,43,35,27, | |
257 | 19,11, 3,60,52,44,36, | |
258 | }; | |
259 | ||
260 | static char PC1_D[] = { | |
261 | 63,55,47,39,31,23,15, | |
262 | 7,62,54,46,38,30,22, | |
263 | 14, 6,61,53,45,37,29, | |
264 | 21,13, 5,28,20,12, 4, | |
265 | }; | |
266 | ||
267 | /* | |
268 | * Sequence of shifts used for the key schedule. | |
269 | */ | |
270 | static char shifts[] = { | |
271 | 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, | |
272 | }; | |
273 | ||
274 | /* | |
275 | * Permuted-choice 2, to pick out the bits from | |
276 | * the CD array that generate the key schedule. | |
277 | */ | |
278 | static char PC2_C[] = { | |
279 | 14,17,11,24, 1, 5, | |
280 | 3,28,15, 6,21,10, | |
281 | 23,19,12, 4,26, 8, | |
282 | 16, 7,27,20,13, 2, | |
283 | }; | |
284 | ||
285 | static char PC2_D[] = { | |
286 | 41,52,31,37,47,55, | |
287 | 30,40,51,45,33,48, | |
288 | 44,49,39,56,34,53, | |
289 | 46,42,50,36,29,32, | |
290 | }; | |
291 | ||
292 | /* | |
293 | * The C and D arrays used to calculate the key schedule. | |
294 | */ | |
295 | ||
296 | static char C[28]; | |
297 | static char D[28]; | |
298 | /* | |
299 | * The key schedule. | |
300 | * Generated from the key. | |
301 | */ | |
302 | static char KS[16][48]; | |
303 | ||
304 | /* | |
305 | * Set up the key schedule from the key. | |
306 | */ | |
307 | ||
308 | nbssetkey(key) | |
309 | char *key; | |
310 | { | |
311 | register i, j, k; | |
312 | int t; | |
313 | ||
314 | /* | |
315 | * First, generate C and D by permuting | |
316 | * the key. The low order bit of each | |
317 | * 8-bit char is not used, so C and D are only 28 | |
318 | * bits apiece. | |
319 | */ | |
320 | for (i=0; i<28; i++) { | |
321 | C[i] = key[PC1_C[i]-1]; | |
322 | D[i] = key[PC1_D[i]-1]; | |
323 | } | |
324 | /* | |
325 | * To generate Ki, rotate C and D according | |
326 | * to schedule and pick up a permutation | |
327 | * using PC2. | |
328 | */ | |
329 | for (i=0; i<16; i++) { | |
330 | /* | |
331 | * rotate. | |
332 | */ | |
333 | for (k=0; k<shifts[i]; k++) { | |
334 | t = C[0]; | |
335 | for (j=0; j<28-1; j++) | |
336 | C[j] = C[j+1]; | |
337 | C[27] = t; | |
338 | t = D[0]; | |
339 | for (j=0; j<28-1; j++) | |
340 | D[j] = D[j+1]; | |
341 | D[27] = t; | |
342 | } | |
343 | /* | |
344 | * get Ki. Note C and D are concatenated. | |
345 | */ | |
346 | for (j=0; j<24; j++) { | |
347 | KS[i][j] = C[PC2_C[j]-1]; | |
348 | KS[i][j+24] = D[PC2_D[j]-28-1]; | |
349 | } | |
350 | } | |
351 | } | |
352 | ||
353 | /* | |
354 | * The E bit-selection table. | |
355 | */ | |
356 | static char e[] = { | |
357 | 32, 1, 2, 3, 4, 5, | |
358 | 4, 5, 6, 7, 8, 9, | |
359 | 8, 9,10,11,12,13, | |
360 | 12,13,14,15,16,17, | |
361 | 16,17,18,19,20,21, | |
362 | 20,21,22,23,24,25, | |
363 | 24,25,26,27,28,29, | |
364 | 28,29,30,31,32, 1, | |
365 | }; | |
366 | ||
367 | /* | |
368 | * The 8 selection functions. | |
369 | * For some reason, they give a 0-origin | |
370 | * index, unlike everything else. | |
371 | */ | |
372 | static char S[8][64] = { | |
373 | 14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7, | |
374 | 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8, | |
375 | 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0, | |
376 | 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13, | |
377 | ||
378 | 15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10, | |
379 | 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5, | |
380 | 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15, | |
381 | 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9, | |
382 | ||
383 | 10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8, | |
384 | 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1, | |
385 | 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7, | |
386 | 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12, | |
387 | ||
388 | 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15, | |
389 | 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9, | |
390 | 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4, | |
391 | 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14, | |
392 | ||
393 | 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9, | |
394 | 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6, | |
395 | 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14, | |
396 | 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3, | |
397 | ||
398 | 12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11, | |
399 | 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8, | |
400 | 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6, | |
401 | 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13, | |
402 | ||
403 | 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1, | |
404 | 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6, | |
405 | 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2, | |
406 | 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12, | |
407 | ||
408 | 13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7, | |
409 | 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2, | |
410 | 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8, | |
411 | 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11, | |
412 | }; | |
413 | ||
414 | /* | |
415 | * P is a permutation on the selected combination | |
416 | * of the current L and key. | |
417 | */ | |
418 | static char P[] = { | |
419 | 16, 7,20,21, | |
420 | 29,12,28,17, | |
421 | 1,15,23,26, | |
422 | 5,18,31,10, | |
423 | 2, 8,24,14, | |
424 | 32,27, 3, 9, | |
425 | 19,13,30, 6, | |
426 | 22,11, 4,25, | |
427 | }; | |
428 | ||
429 | /* | |
430 | * The current block, divided into 2 halves. | |
431 | */ | |
432 | static char L[32], R[32]; | |
433 | static char tempL[32]; | |
434 | static char f[32]; | |
435 | ||
436 | /* | |
437 | * The combination of the key and the input, before selection. | |
438 | */ | |
439 | static char preS[48]; | |
440 | ||
441 | /* | |
442 | * The payoff: encrypt a block. | |
443 | */ | |
444 | ||
445 | blkencrypt(block, edflag) | |
446 | char *block; | |
447 | { | |
448 | int i, ii; | |
449 | register t, j, k; | |
450 | ||
451 | /* | |
452 | * First, permute the bits in the input | |
453 | */ | |
454 | for (j=0; j<64; j++) | |
455 | L[j] = block[IP[j]-1]; | |
456 | /* | |
457 | * Perform an encryption operation 16 times. | |
458 | */ | |
459 | for (ii=0; ii<16; ii++) { | |
460 | /* | |
461 | * Set direction | |
462 | */ | |
463 | if (edflag) | |
464 | i = 15-ii; | |
465 | else | |
466 | i = ii; | |
467 | /* | |
468 | * Save the R array, | |
469 | * which will be the new L. | |
470 | */ | |
471 | for (j=0; j<32; j++) | |
472 | tempL[j] = R[j]; | |
473 | /* | |
474 | * Expand R to 48 bits using the E selector; | |
475 | * exclusive-or with the current key bits. | |
476 | */ | |
477 | for (j=0; j<48; j++) | |
478 | preS[j] = R[E[j]-1] ^ KS[i][j]; | |
479 | /* | |
480 | * The pre-select bits are now considered | |
481 | * in 8 groups of 6 bits each. | |
482 | * The 8 selection functions map these | |
483 | * 6-bit quantities into 4-bit quantities | |
484 | * and the results permuted | |
485 | * to make an f(R, K). | |
486 | * The indexing into the selection functions | |
487 | * is peculiar; it could be simplified by | |
488 | * rewriting the tables. | |
489 | */ | |
490 | for (j=0; j<8; j++) { | |
491 | t = 6*j; | |
492 | k = S[j][(preS[t+0]<<5)+ | |
493 | (preS[t+1]<<3)+ | |
494 | (preS[t+2]<<2)+ | |
495 | (preS[t+3]<<1)+ | |
496 | (preS[t+4]<<0)+ | |
497 | (preS[t+5]<<4)]; | |
498 | t = 4*j; | |
499 | f[t+0] = (k>>3)&01; | |
500 | f[t+1] = (k>>2)&01; | |
501 | f[t+2] = (k>>1)&01; | |
502 | f[t+3] = (k>>0)&01; | |
503 | } | |
504 | /* | |
505 | * The new R is L ^ f(R, K). | |
506 | * The f here has to be permuted first, though. | |
507 | */ | |
508 | for (j=0; j<32; j++) | |
509 | R[j] = L[j] ^ f[P[j]-1]; | |
510 | /* | |
511 | * Finally, the new L (the original R) | |
512 | * is copied back. | |
513 | */ | |
514 | for (j=0; j<32; j++) | |
515 | L[j] = tempL[j]; | |
516 | } | |
517 | /* | |
518 | * The output L and R are reversed. | |
519 | */ | |
520 | for (j=0; j<32; j++) { | |
521 | t = L[j]; | |
522 | L[j] = R[j]; | |
523 | R[j] = t; | |
524 | } | |
525 | /* | |
526 | * The final output | |
527 | * gets the inverse permutation of the very original. | |
528 | */ | |
529 | for (j=0; j<64; j++) | |
530 | block[j] = L[FP[j]-1]; | |
531 | } |