dropbear: libtomcrypt/src/ciphers/safer/saferp.c comparison

comparison libtomcrypt/src/ciphers/safer/saferp.c @ 1471:6dba84798cd5

Update to libtomcrypt 1.18.1, merged with Dropbear changes

author	Matt Johnston <matt@ucc.asn.au>
date	Fri, 09 Feb 2018 21:44:05 +0800
parents	f849a5ca2efc
children

comparison

equal deleted inserted replaced

-:8bba51a55704
+:6dba84798cd5
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
-*
-* Tom St Denis, [email protected], http://libtom.org
 */
 /**
 @file saferp.c
 LTC_SAFER+ Implementation by Tom St Denis
 */
 #include "tomcrypt.h"
 #ifdef LTC_SAFERP
+#define __LTC_SAFER_TAB_C__
+#include "safer_tab.c"
 const struct ltc_cipher_descriptor saferp_desc =
 {
 "safer+",
 4,
 &saferp_ecb_encrypt,
 &saferp_ecb_decrypt,
 &saferp_test,
 &saferp_done,
 &saferp_keysize,
-NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 /* ROUND(b,i)
 *
 * This is one forward key application.  Note the basic form is
 * key addition, substitution, key addition.  The safer_ebox and safer_lbox
 * are the exponentiation box and logarithm boxes respectively.
 * The value of 'i' is the current round number which allows this
 * function to be unrolled massively.  Most of LTC_SAFER+'s speed
 * comes from not having to compute indirect accesses into the
 * array of 16 bytes b[0..15] which is the block of data
 */
-extern const unsigned char safer_ebox[], safer_lbox[];
+#define ROUND(b, i) do {                                                                         \
-#define ROUND(b, i)                                                                        \
 b[0]  = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255;    \
 b[1]  = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1];            \
 b[2]  = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2];            \
 b[3]  = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255;    \
 b[4]  = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255;    \
 b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10];         \
 b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
 b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
 b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13];         \
 b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14];         \
-b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;
+b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255; \
+} while (0)
 /* This is one inverse key application */
-#define iROUND(b, i)                                                                       \
+#define iROUND(b, i) do {                                                                        \
 b[0]  = safer_lbox[(b[0] - skey->saferp.K[i+1][0]) & 255] ^ skey->saferp.K[i][0];            \
 b[1]  = (safer_ebox[(b[1] ^ skey->saferp.K[i+1][1]) & 255] - skey->saferp.K[i][1]) & 255;    \
 b[2]  = (safer_ebox[(b[2] ^ skey->saferp.K[i+1][2]) & 255] - skey->saferp.K[i][2]) & 255;    \
 b[3]  = safer_lbox[(b[3] - skey->saferp.K[i+1][3]) & 255] ^ skey->saferp.K[i][3];            \
 b[4]  = safer_lbox[(b[4] - skey->saferp.K[i+1][4]) & 255] ^ skey->saferp.K[i][4];            \
 b[10] = (safer_ebox[(b[10] ^ skey->saferp.K[i+1][10]) & 255] - skey->saferp.K[i][10]) & 255; \
 b[11] = safer_lbox[(b[11] - skey->saferp.K[i+1][11]) & 255] ^ skey->saferp.K[i][11];         \
 b[12] = safer_lbox[(b[12] - skey->saferp.K[i+1][12]) & 255] ^ skey->saferp.K[i][12];         \
 b[13] = (safer_ebox[(b[13] ^ skey->saferp.K[i+1][13]) & 255] - skey->saferp.K[i][13]) & 255; \
 b[14] = (safer_ebox[(b[14] ^ skey->saferp.K[i+1][14]) & 255] - skey->saferp.K[i][14]) & 255; \
-b[15] = safer_lbox[(b[15] - skey->saferp.K[i+1][15]) & 255] ^ skey->saferp.K[i][15];
+b[15] = safer_lbox[(b[15] - skey->saferp.K[i+1][15]) & 255] ^ skey->saferp.K[i][15];         \
+} while (0)
 /* This is a forward single layer PHT transform.  */
-#define PHT(b)                                               \
+#define PHT(b) do {                                          \
 b[0]  = (b[0] + (b[1] = (b[0] + b[1]) & 255)) & 255;     \
 b[2]  = (b[2] + (b[3] = (b[3] + b[2]) & 255)) & 255;     \
 b[4]  = (b[4] + (b[5] = (b[5] + b[4]) & 255)) & 255;     \
 b[6]  = (b[6] + (b[7] = (b[7] + b[6]) & 255)) & 255;     \
 b[8]  = (b[8] + (b[9] = (b[9] + b[8]) & 255)) & 255;     \
 b[10] = (b[10] + (b[11] = (b[11] + b[10]) & 255)) & 255; \
 b[12] = (b[12] + (b[13] = (b[13] + b[12]) & 255)) & 255; \
-b[14] = (b[14] + (b[15] = (b[15] + b[14]) & 255)) & 255;
+b[14] = (b[14] + (b[15] = (b[15] + b[14]) & 255)) & 255; \
+} while (0)
 /* This is an inverse single layer PHT transform */
-#define iPHT(b)                                               \
+#define iPHT(b) do {                                          \
 b[15] = (b[15] - (b[14] = (b[14] - b[15]) & 255)) & 255;  \
 b[13] = (b[13] - (b[12] = (b[12] - b[13]) & 255)) & 255;  \
 b[11] = (b[11] - (b[10] = (b[10] - b[11]) & 255)) & 255;  \
 b[9]  = (b[9] - (b[8] = (b[8] - b[9]) & 255)) & 255;      \
 b[7]  = (b[7] - (b[6] = (b[6] - b[7]) & 255)) & 255;      \
 b[5]  = (b[5] - (b[4] = (b[4] - b[5]) & 255)) & 255;      \
 b[3]  = (b[3] - (b[2] = (b[2] - b[3]) & 255)) & 255;      \
 b[1]  = (b[1] - (b[0] = (b[0] - b[1]) & 255)) & 255;      \
+} while (0)
 /* This is the "Armenian" Shuffle.  It takes the input from b and stores it in b2 */
-#define SHUF(b, b2)                                              \
+#define SHUF(b, b2) do {                                         \
 b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15];   \
 b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5];      \
 b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
-b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3];
+b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3];  \
+} while (0)
 /* This is the inverse shuffle.  It takes from b and gives to b2 */
-#define iSHUF(b, b2)                                               \
+#define iSHUF(b, b2) do {                                          \
 b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15];      \
 b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13];      \
 b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1];      \
-b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3];
+b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3];  \
+} while (0)
-/* The complete forward Linear Transform layer.
-* Note that alternating usage of b and b2.
+/* The complete forward Linear Transform layer.
-* Each round of LT starts in 'b' and ends in 'b2'.
+* Note that alternating usage of b and b2.
+* Each round of LT starts in 'b' and ends in 'b2'.
 */
-#define LT(b, b2)             \
+#define LT(b, b2) do {        \
 PHT(b);  SHUF(b, b2);     \
 PHT(b2); SHUF(b2, b);     \
 PHT(b);  SHUF(b, b2);     \
-PHT(b2);
+PHT(b2);                  \
+} while (0)
 /* This is the inverse linear transform layer.  */
-#define iLT(b, b2)            \
+#define iLT(b, b2) do {       \
 iPHT(b);                  \
 iSHUF(b, b2); iPHT(b2);   \
 iSHUF(b2, b); iPHT(b);    \
-iSHUF(b, b2); iPHT(b2);
+iSHUF(b, b2); iPHT(b2);   \
+} while (0)
-#ifdef LTC_SMALL_CODE
+#ifdef LTC_SMALL_CODE
-static void _round(unsigned char *b, int i, symmetric_key *skey)
+static void _round(unsigned char *b, int i, symmetric_key *skey)
 {
 ROUND(b, i);
 }
 static void _iround(unsigned char *b, int i, symmetric_key *skey)
 }
 static void _ilt(unsigned char *b, unsigned char *b2)
 {
 iLT(b, b2);
 }
 #undef ROUND
 #define ROUND(b, i) _round(b, i, skey)
 #undef iROUND
 if (keylen != 16 && keylen != 24 && keylen != 32) {
 return CRYPT_INVALID_KEYSIZE;
 }
 /* Is the number of rounds valid?  Either use zero for default or
 * 8,12,16 rounds for 16,24,32 byte keys
 */
 if (num_rounds != 0 && num_rounds != rounds[(keylen/8)-2]) {
 return CRYPT_INVALID_ROUNDS;
 }
 /* 128 bit key version */
 if (keylen == 16) {
 /* copy key into t */
 for (x = y = 0; x < 16; x++) {
 t[x] = key[x];
 y ^= key[x];
 }
 t[16] = y;
 /* make round keys */
 for (x = 0; x < 16; x++) {
 }
 }
 skey->saferp.rounds = 8;
 } else if (keylen == 24) {
 /* copy key into t */
 for (x = y = 0; x < 24; x++) {
 t[x] = key[x];
 y ^= key[x];
 }
 t[24] = y;
 /* make round keys */
 for (x = 0; x < 16; x++) {
 t[y] = ((t[y]<<3)|(t[y]>>5)) & 255;
 }
 /* select and add */
 z = x;
 for (y = 0; y < 16; y++) {
 skey->saferp.K[x][y] = (t[z] + safer_bias[x-1][y]) & 255;
 if (++z == 25) { z = 0; }
 }
 }
 skey->saferp.rounds = 12;
 } else {
 /* copy key into t */
 for (x = y = 0; x < 32; x++) {
 t[x] = key[x];
 y ^= key[x];
 }
 t[32] = y;
 /* make round keys */
 for (x = 0; x < 16; x++) {
 skey->saferp.K[0][x] = t[x];
 }
 for (x = 1; x < 33; x++) {
 /* rotate 3 bits each */
 for (y = 0; y < 33; y++) {
 t[y] = ((t[y]<<3)|(t[y]>>5)) & 255;
 }
 /* select and add */
 z = x;
 for (y = 0; y < 16; y++) {
 skey->saferp.K[x][y] = (t[z] + safer_bias[x-1][y]) & 255;
 if (++z == 33) { z = 0; }
 /**
 Decrypts a block of text with LTC_SAFER+
 @param ct The input ciphertext (16 bytes)
 @param pt The output plaintext (16 bytes)
 @param skey The key as scheduled
 @return CRYPT_OK if successful
 */
 int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
 {
 unsigned char b[16];
 */
 int saferp_test(void)
 {
 #ifndef LTC_TEST
 return CRYPT_NOP;
 #else
 static const struct {
 int keylen;
 unsigned char key[32], pt[16], ct[16];
 } tests[] = {
 {
 16,
 { 41, 35, 190, 132, 225, 108, 214, 174,
 82, 144, 73, 241, 241, 187, 233, 235 },
 { 179, 166, 219, 60, 135, 12, 62, 153,
 36, 94, 13, 28, 6, 183, 71, 222 },
 { 224, 31, 182, 10, 12, 255, 84, 70,
 127, 13, 89, 249, 9, 57, 165, 220 }
 }, {
 24,
 { 72, 211, 143, 117, 230, 217, 29, 42,
 229, 192, 247, 43, 120, 129, 135, 68,
 14, 95, 80, 0, 212, 97, 141, 190 },
 { 123, 5, 21, 7, 59, 51, 130, 31,
 24, 112, 146, 218, 100, 84, 206, 177 },
 { 92, 136, 4, 63, 57, 95, 100, 0,
 150, 130, 130, 16, 193, 111, 219, 133 }
 }, {
 32,
 { 243, 168, 141, 254, 190, 242, 235, 113,
 255, 160, 208, 59, 117, 6, 140, 126,
 135, 120, 115, 77, 208, 190, 130, 190,
 219, 194, 70, 65, 43, 140, 250, 48 },
 { 127, 112, 240, 167, 84, 134, 50, 149,
 170, 91, 104, 19, 11, 230, 252, 245 },
 { 88, 11, 25, 36, 172, 229, 202, 213,
 170, 65, 105, 153, 220, 104, 153, 138 }
 }
 };
 unsigned char tmp[2][16];
 symmetric_key skey;
 int err, i, y;
 }
 saferp_ecb_encrypt(tests[i].pt, tmp[0], &skey);
 saferp_ecb_decrypt(tmp[0], tmp[1], &skey);
 /* compare */
-if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) {
+if (compare_testvector(tmp[0], 16, tests[i].ct, 16, "Safer+ Encrypt", i) ||
+compare_testvector(tmp[1], 16, tests[i].pt, 16, "Safer+ Decrypt", i)) {
 return CRYPT_FAIL_TESTVECTOR;
 }
 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
 for (y = 0; y < 16; y++) tmp[0][y] = 0;
 return CRYPT_OK;
 #endif
 }
 /** Terminate the context
 @param skey    The scheduled key
 */
 void saferp_done(symmetric_key *skey)
 {
+LTC_UNUSED_PARAM(skey);
 }
 /**
 Gets suitable key size
 @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
 @return CRYPT_OK if the input key size is acceptable.
 */
 int saferp_keysize(int *keysize)
 {
 LTC_ARGCHK(keysize != NULL);
 if (*keysize < 16)
 return CRYPT_INVALID_KEYSIZE;
 if (*keysize < 24) {
 *keysize = 16;
 } else if (*keysize < 32) {
 #endif
-/* $Source$ */
+/* ref:         $Format:%D$ */
-/* $Revision$ */
+/* git commit:  $Format:%H$ */
-/* $Date$ */
+/* commit time: $Format:%ai$ */

Mercurial > dropbear

comparison libtomcrypt/src/ciphers/safer/saferp.c @ 1471:6dba84798cd5