|
3
|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
|
|
2 * |
|
|
3 * LibTomCrypt is a library that provides various cryptographic |
|
|
4 * algorithms in a highly modular and flexible manner. |
|
|
5 * |
|
|
6 * The library is free for all purposes without any express |
|
|
7 * guarantee it works. |
|
|
8 * |
|
|
9 * Tom St Denis, [email protected], http://libtomcrypt.org |
|
|
10 */ |
|
|
11 |
|
|
12 /******************************************************************************* |
|
|
13 * |
|
|
14 * FILE: safer.c |
|
|
15 * |
|
|
16 * DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption |
|
|
17 * Routine) in its four versions: SAFER K-64, SAFER K-128, |
|
|
18 * SAFER SK-64 and SAFER SK-128. |
|
|
19 * |
|
|
20 * AUTHOR: Richard De Moliner ([email protected]) |
|
|
21 * Signal and Information Processing Laboratory |
|
|
22 * Swiss Federal Institute of Technology |
|
|
23 * CH-8092 Zuerich, Switzerland |
|
|
24 * |
|
|
25 * DATE: September 9, 1995 |
|
|
26 * |
|
|
27 * CHANGE HISTORY: |
|
|
28 * |
|
|
29 *******************************************************************************/ |
|
|
30 |
|
|
31 #include <mycrypt.h> |
|
|
32 |
|
|
33 #ifdef SAFER |
|
|
34 |
|
|
35 const struct _cipher_descriptor |
|
|
36 safer_k64_desc = { |
|
|
37 "safer-k64", |
|
|
38 8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS, |
|
|
39 &safer_k64_setup, |
|
|
40 &safer_ecb_encrypt, |
|
|
41 &safer_ecb_decrypt, |
|
|
42 &safer_k64_test, |
|
|
43 &safer_64_keysize |
|
|
44 }, |
|
|
45 |
|
|
46 safer_sk64_desc = { |
|
|
47 "safer-sk64", |
|
|
48 9, 8, 8, 8, SAFER_SK64_DEFAULT_NOF_ROUNDS, |
|
|
49 &safer_sk64_setup, |
|
|
50 &safer_ecb_encrypt, |
|
|
51 &safer_ecb_decrypt, |
|
|
52 &safer_sk64_test, |
|
|
53 &safer_64_keysize |
|
|
54 }, |
|
|
55 |
|
|
56 safer_k128_desc = { |
|
|
57 "safer-k128", |
|
|
58 10, 16, 16, 8, SAFER_K128_DEFAULT_NOF_ROUNDS, |
|
|
59 &safer_k128_setup, |
|
|
60 &safer_ecb_encrypt, |
|
|
61 &safer_ecb_decrypt, |
|
|
62 &safer_sk128_test, |
|
|
63 &safer_128_keysize |
|
|
64 }, |
|
|
65 |
|
|
66 safer_sk128_desc = { |
|
|
67 "safer-sk128", |
|
|
68 11, 16, 16, 8, SAFER_SK128_DEFAULT_NOF_ROUNDS, |
|
|
69 &safer_sk128_setup, |
|
|
70 &safer_ecb_encrypt, |
|
|
71 &safer_ecb_decrypt, |
|
|
72 &safer_sk128_test, |
|
|
73 &safer_128_keysize |
|
|
74 }; |
|
|
75 |
|
|
76 /******************* Constants ************************************************/ |
|
|
77 // #define TAB_LEN 256 |
|
|
78 |
|
|
79 /******************* Assertions ***********************************************/ |
|
|
80 |
|
|
81 /******************* Macros ***************************************************/ |
|
|
82 #define ROL8(x, n) ((unsigned char)((unsigned int)(x) << (n)\ |
|
|
83 |(unsigned int)((x) & 0xFF) >> (8 - (n)))) |
|
|
84 #define EXP(x) safer_ebox[(x) & 0xFF] |
|
|
85 #define LOG(x) safer_lbox[(x) & 0xFF] |
|
|
86 #define PHT(x, y) { y += x; x += y; } |
|
|
87 #define IPHT(x, y) { x -= y; y -= x; } |
|
|
88 |
|
|
89 /******************* Types ****************************************************/ |
|
|
90 extern const unsigned char safer_ebox[], safer_lbox[]; |
|
|
91 |
|
|
92 #ifdef CLEAN_STACK |
|
|
93 static void _Safer_Expand_Userkey(const unsigned char *userkey_1, |
|
|
94 const unsigned char *userkey_2, |
|
|
95 unsigned int nof_rounds, |
|
|
96 int strengthened, |
|
|
97 safer_key_t key) |
|
|
98 #else |
|
|
99 static void Safer_Expand_Userkey(const unsigned char *userkey_1, |
|
|
100 const unsigned char *userkey_2, |
|
|
101 unsigned int nof_rounds, |
|
|
102 int strengthened, |
|
|
103 safer_key_t key) |
|
|
104 #endif |
|
|
105 { unsigned int i, j, k; |
|
|
106 unsigned char ka[SAFER_BLOCK_LEN + 1]; |
|
|
107 unsigned char kb[SAFER_BLOCK_LEN + 1]; |
|
|
108 |
|
|
109 if (SAFER_MAX_NOF_ROUNDS < nof_rounds) |
|
|
110 nof_rounds = SAFER_MAX_NOF_ROUNDS; |
|
|
111 *key++ = (unsigned char)nof_rounds; |
|
|
112 ka[SAFER_BLOCK_LEN] = (unsigned char)0; |
|
|
113 kb[SAFER_BLOCK_LEN] = (unsigned char)0; |
|
|
114 k = 0; |
|
|
115 for (j = 0; j < SAFER_BLOCK_LEN; j++) { |
|
|
116 ka[j] = ROL8(userkey_1[j], 5); |
|
|
117 ka[SAFER_BLOCK_LEN] ^= ka[j]; |
|
|
118 kb[j] = *key++ = userkey_2[j]; |
|
|
119 kb[SAFER_BLOCK_LEN] ^= kb[j]; |
|
|
120 } |
|
|
121 for (i = 1; i <= nof_rounds; i++) { |
|
|
122 for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) { |
|
|
123 ka[j] = ROL8(ka[j], 6); |
|
|
124 kb[j] = ROL8(kb[j], 6); |
|
|
125 } |
|
|
126 if (strengthened) { |
|
|
127 k = 2 * i - 1; |
|
|
128 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } |
|
|
129 } |
|
|
130 for (j = 0; j < SAFER_BLOCK_LEN; j++) { |
|
|
131 if (strengthened) { |
|
|
132 *key++ = (ka[k] |
|
|
133 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; |
|
|
134 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } |
|
|
135 } else { |
|
|
136 *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; |
|
|
137 } |
|
|
138 } |
|
|
139 if (strengthened) { |
|
|
140 k = 2 * i; |
|
|
141 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } |
|
|
142 } |
|
|
143 for (j = 0; j < SAFER_BLOCK_LEN; j++) { |
|
|
144 if (strengthened) { |
|
|
145 *key++ = (kb[k] |
|
|
146 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; |
|
|
147 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } |
|
|
148 } else { |
|
|
149 *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; |
|
|
150 } |
|
|
151 } |
|
|
152 } |
|
|
153 |
|
|
154 #ifdef CLEAN_STACK |
|
|
155 zeromem(ka, sizeof(ka)); |
|
|
156 zeromem(kb, sizeof(kb)); |
|
|
157 #endif |
|
|
158 } |
|
|
159 |
|
|
160 #ifdef CLEAN_STACK |
|
|
161 static void Safer_Expand_Userkey(const unsigned char *userkey_1, |
|
|
162 const unsigned char *userkey_2, |
|
|
163 unsigned int nof_rounds, |
|
|
164 int strengthened, |
|
|
165 safer_key_t key) |
|
|
166 { |
|
|
167 _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); |
|
|
168 burn_stack(sizeof(unsigned char) * (2 * (SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2); |
|
|
169 } |
|
|
170 #endif |
|
|
171 |
|
|
172 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
|
|
173 { |
|
|
174 _ARGCHK(key != NULL); |
|
|
175 _ARGCHK(skey != NULL); |
|
|
176 |
|
|
177 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { |
|
|
178 return CRYPT_INVALID_ROUNDS; |
|
|
179 } |
|
|
180 |
|
|
181 if (keylen != 8) { |
|
|
182 return CRYPT_INVALID_KEYSIZE; |
|
|
183 } |
|
|
184 |
|
|
185 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); |
|
|
186 return CRYPT_OK; |
|
|
187 } |
|
|
188 |
|
|
189 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
|
|
190 { |
|
|
191 _ARGCHK(key != NULL); |
|
|
192 _ARGCHK(skey != NULL); |
|
|
193 |
|
|
194 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { |
|
|
195 return CRYPT_INVALID_ROUNDS; |
|
|
196 } |
|
|
197 |
|
|
198 if (keylen != 8) { |
|
|
199 return CRYPT_INVALID_KEYSIZE; |
|
|
200 } |
|
|
201 |
|
|
202 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); |
|
|
203 return CRYPT_OK; |
|
|
204 } |
|
|
205 |
|
|
206 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
|
|
207 { |
|
|
208 _ARGCHK(key != NULL); |
|
|
209 _ARGCHK(skey != NULL); |
|
|
210 |
|
|
211 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { |
|
|
212 return CRYPT_INVALID_ROUNDS; |
|
|
213 } |
|
|
214 |
|
|
215 if (keylen != 16) { |
|
|
216 return CRYPT_INVALID_KEYSIZE; |
|
|
217 } |
|
|
218 |
|
|
219 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); |
|
|
220 return CRYPT_OK; |
|
|
221 } |
|
|
222 |
|
|
223 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
|
|
224 { |
|
|
225 _ARGCHK(key != NULL); |
|
|
226 _ARGCHK(skey != NULL); |
|
|
227 |
|
|
228 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { |
|
|
229 return CRYPT_INVALID_ROUNDS; |
|
|
230 } |
|
|
231 |
|
|
232 if (keylen != 16) { |
|
|
233 return CRYPT_INVALID_KEYSIZE; |
|
|
234 } |
|
|
235 |
|
|
236 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); |
|
|
237 return CRYPT_OK; |
|
|
238 } |
|
|
239 |
|
|
240 #ifdef CLEAN_STACK |
|
|
241 static void _safer_ecb_encrypt(const unsigned char *block_in, |
|
|
242 unsigned char *block_out, |
|
|
243 symmetric_key *skey) |
|
|
244 #else |
|
|
245 void safer_ecb_encrypt(const unsigned char *block_in, |
|
|
246 unsigned char *block_out, |
|
|
247 symmetric_key *skey) |
|
|
248 #endif |
|
|
249 { unsigned char a, b, c, d, e, f, g, h, t; |
|
|
250 unsigned int round; |
|
|
251 unsigned char *key; |
|
|
252 |
|
|
253 _ARGCHK(block_in != NULL); |
|
|
254 _ARGCHK(block_out != NULL); |
|
|
255 _ARGCHK(skey != NULL); |
|
|
256 |
|
|
257 key = skey->safer.key; |
|
|
258 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; |
|
|
259 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; |
|
|
260 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; |
|
|
261 while(round-- > 0) |
|
|
262 { |
|
|
263 a ^= *++key; b += *++key; c += *++key; d ^= *++key; |
|
|
264 e ^= *++key; f += *++key; g += *++key; h ^= *++key; |
|
|
265 a = EXP(a) + *++key; b = LOG(b) ^ *++key; |
|
|
266 c = LOG(c) ^ *++key; d = EXP(d) + *++key; |
|
|
267 e = EXP(e) + *++key; f = LOG(f) ^ *++key; |
|
|
268 g = LOG(g) ^ *++key; h = EXP(h) + *++key; |
|
|
269 PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h); |
|
|
270 PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h); |
|
|
271 PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h); |
|
|
272 t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t; |
|
|
273 } |
|
|
274 a ^= *++key; b += *++key; c += *++key; d ^= *++key; |
|
|
275 e ^= *++key; f += *++key; g += *++key; h ^= *++key; |
|
|
276 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF; |
|
|
277 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF; |
|
|
278 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF; |
|
|
279 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF; |
|
|
280 } |
|
|
281 |
|
|
282 #ifdef CLEAN_STACK |
|
|
283 void safer_ecb_encrypt(const unsigned char *block_in, |
|
|
284 unsigned char *block_out, |
|
|
285 symmetric_key *skey) |
|
|
286 { |
|
|
287 _safer_ecb_encrypt(block_in, block_out, skey); |
|
|
288 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); |
|
|
289 } |
|
|
290 #endif |
|
|
291 |
|
|
292 #ifdef CLEAN_STACK |
|
|
293 static void _safer_ecb_decrypt(const unsigned char *block_in, |
|
|
294 unsigned char *block_out, |
|
|
295 symmetric_key *skey) |
|
|
296 #else |
|
|
297 void safer_ecb_decrypt(const unsigned char *block_in, |
|
|
298 unsigned char *block_out, |
|
|
299 symmetric_key *skey) |
|
|
300 #endif |
|
|
301 { unsigned char a, b, c, d, e, f, g, h, t; |
|
|
302 unsigned int round; |
|
|
303 unsigned char *key; |
|
|
304 |
|
|
305 _ARGCHK(block_in != NULL); |
|
|
306 _ARGCHK(block_out != NULL); |
|
|
307 _ARGCHK(skey != NULL); |
|
|
308 |
|
|
309 key = skey->safer.key; |
|
|
310 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; |
|
|
311 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; |
|
|
312 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; |
|
|
313 key += SAFER_BLOCK_LEN * (1 + 2 * round); |
|
|
314 h ^= *key; g -= *--key; f -= *--key; e ^= *--key; |
|
|
315 d ^= *--key; c -= *--key; b -= *--key; a ^= *--key; |
|
|
316 while (round--) |
|
|
317 { |
|
|
318 t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; |
|
|
319 IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h); |
|
|
320 IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h); |
|
|
321 IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h); |
|
|
322 h -= *--key; g ^= *--key; f ^= *--key; e -= *--key; |
|
|
323 d -= *--key; c ^= *--key; b ^= *--key; a -= *--key; |
|
|
324 h = LOG(h) ^ *--key; g = EXP(g) - *--key; |
|
|
325 f = EXP(f) - *--key; e = LOG(e) ^ *--key; |
|
|
326 d = LOG(d) ^ *--key; c = EXP(c) - *--key; |
|
|
327 b = EXP(b) - *--key; a = LOG(a) ^ *--key; |
|
|
328 } |
|
|
329 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF; |
|
|
330 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF; |
|
|
331 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF; |
|
|
332 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF; |
|
|
333 } |
|
|
334 |
|
|
335 #ifdef CLEAN_STACK |
|
|
336 void safer_ecb_decrypt(const unsigned char *block_in, |
|
|
337 unsigned char *block_out, |
|
|
338 symmetric_key *skey) |
|
|
339 { |
|
|
340 _safer_ecb_decrypt(block_in, block_out, skey); |
|
|
341 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); |
|
|
342 } |
|
|
343 #endif |
|
|
344 |
|
|
345 int safer_64_keysize(int *keysize) |
|
|
346 { |
|
|
347 _ARGCHK(keysize != NULL); |
|
|
348 if (*keysize < 8) { |
|
|
349 return CRYPT_INVALID_KEYSIZE; |
|
|
350 } else { |
|
|
351 *keysize = 8; |
|
|
352 return CRYPT_OK; |
|
|
353 } |
|
|
354 } |
|
|
355 |
|
|
356 int safer_128_keysize(int *keysize) |
|
|
357 { |
|
|
358 _ARGCHK(keysize != NULL); |
|
|
359 if (*keysize < 16) { |
|
|
360 return CRYPT_INVALID_KEYSIZE; |
|
|
361 } else { |
|
|
362 *keysize = 16; |
|
|
363 return CRYPT_OK; |
|
|
364 } |
|
|
365 } |
|
|
366 |
|
|
367 int safer_k64_test(void) |
|
|
368 { |
|
|
369 #ifndef LTC_TEST |
|
|
370 return CRYPT_NOP; |
|
|
371 #else |
|
|
372 static const unsigned char k64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, |
|
|
373 k64_key[] = { 8, 7, 6, 5, 4, 3, 2, 1 }, |
|
|
374 k64_ct[] = { 200, 242, 156, 221, 135, 120, 62, 217 }; |
|
|
375 |
|
|
376 symmetric_key skey; |
|
|
377 unsigned char buf[2][8]; |
|
|
378 int err; |
|
|
379 |
|
|
380 /* test K64 */ |
|
|
381 if ((err = safer_k64_setup(k64_key, 8, 6, &skey)) != CRYPT_OK) { |
|
|
382 return err; |
|
|
383 } |
|
|
384 safer_ecb_encrypt(k64_pt, buf[0], &skey); |
|
|
385 safer_ecb_decrypt(buf[0], buf[1], &skey); |
|
|
386 |
|
|
387 if (memcmp(buf[0], k64_ct, 8) != 0 || memcmp(buf[1], k64_pt, 8) != 0) { |
|
|
388 return CRYPT_FAIL_TESTVECTOR; |
|
|
389 } |
|
|
390 |
|
|
391 return CRYPT_OK; |
|
|
392 #endif |
|
|
393 } |
|
|
394 |
|
|
395 |
|
|
396 int safer_sk64_test(void) |
|
|
397 { |
|
|
398 #ifndef LTC_TEST |
|
|
399 return CRYPT_NOP; |
|
|
400 #else |
|
|
401 static const unsigned char sk64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, |
|
|
402 sk64_key[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, |
|
|
403 sk64_ct[] = { 95, 206, 155, 162, 5, 132, 56, 199 }; |
|
|
404 |
|
|
405 symmetric_key skey; |
|
|
406 unsigned char buf[2][8]; |
|
|
407 int err, y; |
|
|
408 |
|
|
409 /* test SK64 */ |
|
|
410 if ((err = safer_sk64_setup(sk64_key, 8, 6, &skey)) != CRYPT_OK) { |
|
|
411 return err; |
|
|
412 } |
|
|
413 |
|
|
414 safer_ecb_encrypt(sk64_pt, buf[0], &skey); |
|
|
415 safer_ecb_decrypt(buf[0], buf[1], &skey); |
|
|
416 |
|
|
417 if (memcmp(buf[0], sk64_ct, 8) != 0 || memcmp(buf[1], sk64_pt, 8) != 0) { |
|
|
418 return CRYPT_FAIL_TESTVECTOR; |
|
|
419 } |
|
|
420 |
|
|
421 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ |
|
|
422 for (y = 0; y < 8; y++) buf[0][y] = 0; |
|
|
423 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey); |
|
|
424 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey); |
|
|
425 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; |
|
|
426 |
|
|
427 return CRYPT_OK; |
|
|
428 #endif |
|
|
429 } |
|
|
430 |
|
|
431 int safer_sk128_test(void) |
|
|
432 { |
|
|
433 #ifndef LTC_TEST |
|
|
434 return CRYPT_NOP; |
|
|
435 #else |
|
|
436 static const unsigned char sk128_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, |
|
|
437 sk128_key[] = { 1, 2, 3, 4, 5, 6, 7, 8, |
|
|
438 0, 0, 0, 0, 0, 0, 0, 0 }, |
|
|
439 sk128_ct[] = { 255, 120, 17, 228, 179, 167, 46, 113 }; |
|
|
440 |
|
|
441 symmetric_key skey; |
|
|
442 unsigned char buf[2][8]; |
|
|
443 int err, y; |
|
|
444 |
|
|
445 /* test SK128 */ |
|
|
446 if ((err = safer_sk128_setup(sk128_key, 16, 0, &skey)) != CRYPT_OK) { |
|
|
447 return err; |
|
|
448 } |
|
|
449 safer_ecb_encrypt(sk128_pt, buf[0], &skey); |
|
|
450 safer_ecb_decrypt(buf[0], buf[1], &skey); |
|
|
451 |
|
|
452 if (memcmp(buf[0], sk128_ct, 8) != 0 || memcmp(buf[1], sk128_pt, 8) != 0) { |
|
|
453 return CRYPT_FAIL_TESTVECTOR; |
|
|
454 } |
|
|
455 |
|
|
456 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ |
|
|
457 for (y = 0; y < 8; y++) buf[0][y] = 0; |
|
|
458 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey); |
|
|
459 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey); |
|
|
460 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; |
|
|
461 return CRYPT_OK; |
|
|
462 #endif |
|
|
463 } |
|
|
464 |
|
|
465 #endif |
|
|
466 |
|
|
467 |
|
|
468 |
