.TITLE CRYSUM NTP authentication routines .NLIST BEX .ENABL LC ; ; These routines construct and check the authenticator used in NTP ; messages. The authenticator consists of a 32-bit key identifier plus ; a 64-bit crypto-checksum computed using the cipher-chaining method ; and te DES encryption routine. For transmission, the authenticator ; immediately follows the data area, which is zero-padded to a 64-bit ; boundary. For reception, the authenticator is at the end of the ; packet, which must be on a 32-bit boundary, and there may be space ; between the end of the data area and the authenticator, which is ; ignored. ; ; External symbols ; .GLOBL KEYS ;key table pointer (16x8 octets)) .GLOBL KEYSKD ;schedule pointer (16x48 octets) .GLOBL KSKED,CRYPT ;des encryption routines ; ; Entry symbols ; .GLOBL CRYSET ;encode authenticator .GLOBL CRYTST ;test authenticator ; ; System definitions ; .ASECT .MCALL CALL ;netlib macros ; ; Module definitions ; .PSECT $BOSI,RO,I ; ; Note: Calling sequences are compatible with the ULP/C compilers. ; ; pktlng = cryset(pktptr, datlng, keyid) construct authenticator ; pktlng = total packet length ; pktptr = packet pointer ; datlng = data area length ; keyid = key identifier ; CRYSET: MOV R5,-(SP) ;standard entry MOV SP,R5 MOV R2,-(SP) MOV 10(R5),KEYID ;(keyid) save parameters MOV 4(R5),R2 ;(pktptr) MOV 6(R5),R0 ;(datlng) round up data length ADD R0,R2 ADD #7,R0 BIC #7,R0 MOV R0,DATLNG SUB 6(R5),R0 ;(datlng) is pad necessary BEQ 2$ ;branch if no 1$: CLRB (R2)+ ;yes. tamp in zeros SOB R0,1$ 2$: CLR (R2)+ ;construct key identifier MOV KEYID,@R2 SWAB (R2)+ JSR PC,CRYSUM ;compute crypto-checksum MOV TEMP,(R2)+ ;copy to authenticator MOV TEMP+2,(R2)+ MOV TEMP+4,(R2)+ MOV TEMP+6,(R2)+ MOV R2,R0 ;return total length SUB 4(R5),R0 ;(pktptr) MOV (SP)+,R2 ;standard exit MOV (SP)+,R5 RTS PC ; ; keyid = crytst(packet, datlng, pktlng) test authenticator ; keyid = key identifier (0 for error) ; pktptr = packet pointer ; datlng = data area length ; pktlng = total packet length ; CRYTST: MOV R5,-(SP) ;standard entry MOV SP,R5 MOV R2,-(SP) MOV 6(R5),R0 ;(datlng) round up data length ADD #7,R0 BIC #7,R0 MOV R0,DATLNG MOV 10(R5),R2 ;(pktlng) round down packet length BIC #3,R2 SUB #12.,R2 ;is there enough room for authenticator CMP R0,R2 BHI 1$ ;branch if no ADD 4(R5),R2 ;(pktptr) yes. fetch keyid TST (R2)+ MOV (R2)+,KEYID SWAB KEYID JSR PC,CRYSUM ;compute checksum CMP TEMP,(R2)+ BNE 1$ ;branch if bad CMP TEMP+2,(R2)+ BNE 1$ ;branch if bad CMP TEMP+4,(R2)+ BNE 1$ ;branch if bad CMP TEMP+6,(R2)+ BNE 1$ ;branch if bad MOV KEYID,R0 ;okay. normal exit BR 2$ ; 1$: CLR R0 ;error exit 2$: MOV (SP)+,R2 ;standard exit MOV (SP)+,R5 RTS PC ; ; Subroutine to compute crypto-checksum ; CRYSUM: MOV R1,-(SP) ;save MOV R2,-(SP) MOV KEYID,R0 ;build key schedule BIC #^C17,R0 ;(16 keys in vector) ASH #3,R0 ADD KEYS,R0 CALL KSKED,KEYSKD,R0 CLR TEMP ;initialize mac CLR TEMP+2 CLR TEMP+4 CLR TEMP+6 MOV 4(R5),R1 ;(pktptr) compute mac MOV DATLNG,R2 ;(datlng) ASH #-3,R2 1$: MOV (R1)+,R0 ;xor to mac XOR R0,TEMP MOV (R1)+,R0 XOR R0,TEMP+2 MOV (R1)+,R0 XOR R0,TEMP+4 MOV (R1)+,R0 XOR R0,TEMP+6 CALL CRYPT,#TEMP,KEYSKD,#0 ;encrypt mac SOB R2,1$ MOV (SP)+,R2 ;evas MOV (SP)+,R1 RTS PC ; ; Data segment ; .PSECT $BOSD,RO,D ; .PSECT $ERAS,RW,I ; ; Variables ; KEYID: .BLKW 1 ;key identifier DATLNG: .BLKW 1 ;data length TEMP: .BLKW 4 ;64-bit temporary; .EVEN ; .END