Mercurial > dropbear

comparison libtomcrypt/src/ciphers/rc2.c @ 285:1b9e69c058d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents
children 0cbe8f6dbf9e
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 /**********************************************************************\
12 * To commemorate the 1996 RSA Data Security Conference, the following *
13 * code is released into the public domain by its author. Prost! *
14 * *
15 * This cipher uses 16-bit words and little-endian byte ordering. *
16 * I wonder which processor it was optimized for? *
17 * *
18 * Thanks to CodeView, SoftIce, and D86 for helping bring this code to *
19 * the public. *
20 \**********************************************************************/
21 #include <tomcrypt.h>
22
23 /**
24 @file rc2.c
25 Implementation of RC2
26 */
27
28 #ifdef RC2
29
30 const struct ltc_cipher_descriptor rc2_desc = {
31 "rc2",
32 12, 8, 128, 8, 16,
33 &rc2_setup,
34 &rc2_ecb_encrypt,
35 &rc2_ecb_decrypt,
36 &rc2_test,
37 &rc2_done,
38 &rc2_keysize,
39 NULL, NULL, NULL, NULL, NULL, NULL, NULL
40 };
41
42 /* 256-entry permutation table, probably derived somehow from pi */
43 static const unsigned char permute[256] = {
44 217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
45 198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
46 23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50,
47 189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
48 84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
49 18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
50 111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3,
51 248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215,
52 8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
53 150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236,
54 194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
55 153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49,
56 45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201,
57 211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169,
58 13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
59 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
60 };
61
62 /**
63 Initialize the RC2 block cipher
64 @param key The symmetric key you wish to pass
65 @param keylen The key length in bytes
66 @param num_rounds The number of rounds desired (0 for default)
67 @param skey The key in as scheduled by this function.
68 @return CRYPT_OK if successful
69 */
70 int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
71 {
72 unsigned *xkey = skey->rc2.xkey;
73 unsigned char tmp[128];
74 unsigned T8, TM;
75 int i, bits;
76
77 LTC_ARGCHK(key != NULL);
78 LTC_ARGCHK(skey != NULL);
79
80 if (keylen < 8 || keylen > 128) {
81 return CRYPT_INVALID_KEYSIZE;
82 }
83
84 if (num_rounds != 0 && num_rounds != 16) {
85 return CRYPT_INVALID_ROUNDS;
86 }
87
88 for (i = 0; i < keylen; i++) {
89 tmp[i] = key[i] & 255;
90 }
91
92 /* Phase 1: Expand input key to 128 bytes */
93 if (keylen < 128) {
94 for (i = keylen; i < 128; i++) {
95 tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255];
96 }
97 }
98
99 /* Phase 2 - reduce effective key size to "bits" */
100 bits = keylen<<3;
101 T8 = (unsigned)(bits+7)>>3;
102 TM = (255 >> (unsigned)(7 & -bits));
103 tmp[128 - T8] = permute[tmp[128 - T8] & TM];
104 for (i = 127 - T8; i >= 0; i--) {
105 tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]];
106 }
107
108 /* Phase 3 - copy to xkey in little-endian order */
109 for (i = 0; i < 64; i++) {
110 xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
111 }
112
113 #ifdef LTC_CLEAN_STACK
114 zeromem(tmp, sizeof(tmp));
115 #endif
116
117 return CRYPT_OK;
118 }
119
120 /**********************************************************************\
121 * Encrypt an 8-byte block of plaintext using the given key. *
122 \**********************************************************************/
123 /**
124 Encrypts a block of text with RC2
125 @param pt The input plaintext (8 bytes)
126 @param ct The output ciphertext (8 bytes)
127 @param skey The key as scheduled
128 */
129 #ifdef LTC_CLEAN_STACK
130 static void _rc2_ecb_encrypt( const unsigned char *pt,
131 unsigned char *ct,
132 symmetric_key *skey)
133 #else
134 void rc2_ecb_encrypt( const unsigned char *pt,
135 unsigned char *ct,
136 symmetric_key *skey)
137 #endif
138 {
139 unsigned *xkey;
140 unsigned x76, x54, x32, x10, i;
141
142 LTC_ARGCHK(pt != NULL);
143 LTC_ARGCHK(ct != NULL);
144 LTC_ARGCHK(skey != NULL);
145
146 xkey = skey->rc2.xkey;
147
148 x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6];
149 x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4];
150 x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2];
151 x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0];
152
153 for (i = 0; i < 16; i++) {
154 x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
155 x10 = ((x10 << 1) | (x10 >> 15));
156
157 x32 = (x32 + (x54 & ~x10) + (x76 & x10) + xkey[4*i+1]) & 0xFFFF;
158 x32 = ((x32 << 2) | (x32 >> 14));
159
160 x54 = (x54 + (x76 & ~x32) + (x10 & x32) + xkey[4*i+2]) & 0xFFFF;
161 x54 = ((x54 << 3) | (x54 >> 13));
162
163 x76 = (x76 + (x10 & ~x54) + (x32 & x54) + xkey[4*i+3]) & 0xFFFF;
164 x76 = ((x76 << 5) | (x76 >> 11));
165
166 if (i == 4 || i == 10) {
167 x10 = (x10 + xkey[x76 & 63]) & 0xFFFF;
168 x32 = (x32 + xkey[x10 & 63]) & 0xFFFF;
169 x54 = (x54 + xkey[x32 & 63]) & 0xFFFF;
170 x76 = (x76 + xkey[x54 & 63]) & 0xFFFF;
171 }
172 }
173
174 ct[0] = (unsigned char)x10;
175 ct[1] = (unsigned char)(x10 >> 8);
176 ct[2] = (unsigned char)x32;
177 ct[3] = (unsigned char)(x32 >> 8);
178 ct[4] = (unsigned char)x54;
179 ct[5] = (unsigned char)(x54 >> 8);
180 ct[6] = (unsigned char)x76;
181 ct[7] = (unsigned char)(x76 >> 8);
182 }
183
184 #ifdef LTC_CLEAN_STACK
185 void rc2_ecb_encrypt( const unsigned char *pt,
186 unsigned char *ct,
187 symmetric_key *skey)
188 {
189 _rc2_ecb_encrypt(pt, ct, skey);
190 burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);
191 }
192 #endif
193
194 /**********************************************************************\
195 * Decrypt an 8-byte block of ciphertext using the given key. *
196 \**********************************************************************/
197 /**
198 Decrypts a block of text with RC2
199 @param ct The input ciphertext (8 bytes)
200 @param pt The output plaintext (8 bytes)
201 @param skey The key as scheduled
202 */
203 #ifdef LTC_CLEAN_STACK
204 static void _rc2_ecb_decrypt( const unsigned char *ct,
205 unsigned char *pt,
206 symmetric_key *skey)
207 #else
208 void rc2_ecb_decrypt( const unsigned char *ct,
209 unsigned char *pt,
210 symmetric_key *skey)
211 #endif
212 {
213 unsigned x76, x54, x32, x10;
214 unsigned *xkey;
215 int i;
216
217 LTC_ARGCHK(pt != NULL);
218 LTC_ARGCHK(ct != NULL);
219 LTC_ARGCHK(skey != NULL);
220
221 xkey = skey->rc2.xkey;
222
223 x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6];
224 x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4];
225 x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2];
226 x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0];
227
228 for (i = 15; i >= 0; i--) {
229 if (i == 4 || i == 10) {
230 x76 = (x76 - xkey[x54 & 63]) & 0xFFFF;
231 x54 = (x54 - xkey[x32 & 63]) & 0xFFFF;
232 x32 = (x32 - xkey[x10 & 63]) & 0xFFFF;
233 x10 = (x10 - xkey[x76 & 63]) & 0xFFFF;
234 }
235
236 x76 = ((x76 << 11) | (x76 >> 5));
237 x76 = (x76 - ((x10 & ~x54) + (x32 & x54) + xkey[4*i+3])) & 0xFFFF;
238
239 x54 = ((x54 << 13) | (x54 >> 3));
240 x54 = (x54 - ((x76 & ~x32) + (x10 & x32) + xkey[4*i+2])) & 0xFFFF;
241
242 x32 = ((x32 << 14) | (x32 >> 2));
243 x32 = (x32 - ((x54 & ~x10) + (x76 & x10) + xkey[4*i+1])) & 0xFFFF;
244
245 x10 = ((x10 << 15) | (x10 >> 1));
246 x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
247 }
248
249 pt[0] = (unsigned char)x10;
250 pt[1] = (unsigned char)(x10 >> 8);
251 pt[2] = (unsigned char)x32;
252 pt[3] = (unsigned char)(x32 >> 8);
253 pt[4] = (unsigned char)x54;
254 pt[5] = (unsigned char)(x54 >> 8);
255 pt[6] = (unsigned char)x76;
256 pt[7] = (unsigned char)(x76 >> 8);
257 }
258
259 #ifdef LTC_CLEAN_STACK
260 void rc2_ecb_decrypt( const unsigned char *ct,
261 unsigned char *pt,
262 symmetric_key *skey)
263 {
264 _rc2_ecb_decrypt(ct, pt, skey);
265 burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));
266 }
267 #endif
268
269 /**
270 Performs a self-test of the RC2 block cipher
271 @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
272 */
273 int rc2_test(void)
274 {
275 #ifndef LTC_TEST
276 return CRYPT_NOP;
277 #else
278 static const struct {
279 int keylen;
280 unsigned char key[16], pt[8], ct[8];
281 } tests[] = {
282
283 { 8,
284 { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
285 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
286 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
287 { 0x30, 0x64, 0x9e, 0xdf, 0x9b, 0xe7, 0xd2, 0xc2 }
288
289 },
290 { 16,
291 { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f,
292 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2 },
293 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
294 { 0x22, 0x69, 0x55, 0x2a, 0xb0, 0xf8, 0x5c, 0xa6 }
295 }
296 };
297 int x, y, err;
298 symmetric_key skey;
299 unsigned char tmp[2][8];
300
301 for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) {
302 zeromem(tmp, sizeof(tmp));
303 if ((err = rc2_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) {
304 return err;
305 }
306
307 rc2_ecb_encrypt(tests[x].pt, tmp[0], &skey);
308 rc2_ecb_decrypt(tmp[0], tmp[1], &skey);
309
310 if (memcmp(tmp[0], tests[x].ct, 8) != 0 || memcmp(tmp[1], tests[x].pt, 8) != 0) {
311 return CRYPT_FAIL_TESTVECTOR;
312 }
313
314 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
315 for (y = 0; y < 8; y++) tmp[0][y] = 0;
316 for (y = 0; y < 1000; y++) rc2_ecb_encrypt(tmp[0], tmp[0], &skey);
317 for (y = 0; y < 1000; y++) rc2_ecb_decrypt(tmp[0], tmp[0], &skey);
318 for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
319 }
320 return CRYPT_OK;
321 #endif
322 }
323
324 /** Terminate the context
325 @param skey The scheduled key
326 */
327 void rc2_done(symmetric_key *skey)
328 {
329 }
330
331 /**
332 Gets suitable key size
333 @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
334 @return CRYPT_OK if the input key size is acceptable.
335 */
336 int rc2_keysize(int *keysize)
337 {
338 LTC_ARGCHK(keysize != NULL);
339 if (*keysize < 8) {
340 return CRYPT_INVALID_KEYSIZE;
341 } else if (*keysize > 128) {
342 *keysize = 128;
343 }
344 return CRYPT_OK;
345 }
346
347 #endif
348
349
350
351
352 /* $Source: /cvs/libtom/libtomcrypt/src/ciphers/rc2.c,v $ */
353 /* $Revision: 1.7 $ */
354 /* $Date: 2005/05/05 14:35:58 $ */