dropbear: libtomcrypt/src/stream/sober128/sober128

comparison libtomcrypt/src/stream/sober128/sober128_stream.c @ 1471:6dba84798cd5

Update to libtomcrypt 1.18.1, merged with Dropbear changes

author	Matt Johnston <matt@ucc.asn.au>
date	Fri, 09 Feb 2018 21:44:05 +0800
parents
children

comparison

equal deleted inserted replaced

-:8bba51a55704
+:6dba84798cd5
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+*
+* LibTomCrypt is a library that provides various cryptographic
+* algorithms in a highly modular and flexible manner.
+*
+* The library is free for all purposes without any express
+* guarantee it works.
+*/
+#include "tomcrypt.h"
+/**
+@file sober128_stream.c
+Implementation of SOBER-128 by Tom St Denis.
+Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
+*/
+#ifdef LTC_SOBER128
+#define __LTC_SOBER128TAB_C__
+#include "sober128tab.c"
+/* don't change these... */
+#define N                        17
+#define FOLD                      N /* how many iterations of folding to do */
+#define INITKONST        0x6996c53a /* value of KONST to use during key loading */
+#define KEYP                     15 /* where to insert key words */
+#define FOLDP                     4 /* where to insert non-linear feedback */
+#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
+static ulong32 BYTE2WORD(unsigned char *b)
+{
+ulong32 t;
+LOAD32L(t, b);
+return t;
+}
+static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out)
+{
+ulong32 t;
+LOAD32L(t, in);
+t ^= w;
+STORE32L(t, out);
+}
+/* give correct offset for the current position of the register,
+* where logically R[0] is at position "zero".
+*/
+#define OFF(zero, i) (((zero)+(i)) % N)
+/* step the LFSR */
+/* After stepping, "zero" moves right one place */
+#define STEP(R,z) \
+R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
+static void cycle(ulong32 *R)
+{
+ulong32 t;
+int     i;
+STEP(R,0);
+t = R[0];
+for (i = 1; i < N; ++i) {
+R[i-1] = R[i];
+}
+R[N-1] = t;
+}
+/* Return a non-linear function of some parts of the register.
+*/
+#define NLFUNC(c,z) \
+{ \
+t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
+t ^= Sbox[(t >> 24) & 0xFF]; \
+t = RORc(t, 8); \
+t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
+t ^= Sbox[(t >> 24) & 0xFF]; \
+t = t + c->R[OFF(z,13)]; \
+}
+static ulong32 nltap(sober128_state *c)
+{
+ulong32 t;
+NLFUNC(c, 0);
+return t;
+}
+/* Save the current register state
+*/
+static void s128_savestate(sober128_state *c)
+{
+int i;
+for (i = 0; i < N; ++i) {
+c->initR[i] = c->R[i];
+}
+}
+/* initialise to previously saved register state
+*/
+static void s128_reloadstate(sober128_state *c)
+{
+int i;
+for (i = 0; i < N; ++i) {
+c->R[i] = c->initR[i];
+}
+}
+/* Initialise "konst"
+*/
+static void s128_genkonst(sober128_state *c)
+{
+ulong32 newkonst;
+do {
+cycle(c->R);
+newkonst = nltap(c);
+} while ((newkonst & 0xFF000000) == 0);
+c->konst = newkonst;
+}
+/* Load key material into the register
+*/
+#define ADDKEY(k) \
+c->R[KEYP] += (k);
+#define XORNL(nl) \
+c->R[FOLDP] ^= (nl);
+/* nonlinear diffusion of register for key */
+#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
+static void s128_diffuse(sober128_state *c)
+{
+ulong32 t;
+/* relies on FOLD == N == 17! */
+DROUND(0);
+DROUND(1);
+DROUND(2);
+DROUND(3);
+DROUND(4);
+DROUND(5);
+DROUND(6);
+DROUND(7);
+DROUND(8);
+DROUND(9);
+DROUND(10);
+DROUND(11);
+DROUND(12);
+DROUND(13);
+DROUND(14);
+DROUND(15);
+DROUND(16);
+}
+/**
+Initialize an Sober128 context (only the key)
+@param c         [out] The destination of the Sober128 state
+@param key       The secret key
+@param keylen    The length of the secret key (octets)
+@return CRYPT_OK if successful
+*/
+int sober128_stream_setup(sober128_state *c, const unsigned char *key, unsigned long keylen)
+{
+ulong32 i, k;
+LTC_ARGCHK(c   != NULL);
+LTC_ARGCHK(key != NULL);
+LTC_ARGCHK(keylen > 0);
+/* keylen must be multiple of 4 bytes */
+if ((keylen & 3) != 0) {
+return CRYPT_INVALID_KEYSIZE;
+}
+/* Register initialised to Fibonacci numbers */
+c->R[0] = 1;
+c->R[1] = 1;
+for (i = 2; i < N; ++i) {
+c->R[i] = c->R[i-1] + c->R[i-2];
+}
+c->konst = INITKONST;
+for (i = 0; i < keylen; i += 4) {
+k = BYTE2WORD((unsigned char *)&key[i]);
+ADDKEY(k);
+cycle(c->R);
+XORNL(nltap(c));
+}
+/* also fold in the length of the key */
+ADDKEY(keylen);
+/* now diffuse */
+s128_diffuse(c);
+s128_genkonst(c);
+s128_savestate(c);
+c->nbuf = 0;
+return CRYPT_OK;
+}
+/**
+Set IV to the Sober128 state
+@param c       The Sober12820 state
+@param iv      The IV data to add
+@param ivlen   The length of the IV (must be 12)
+@return CRYPT_OK on success
+*/
+int sober128_stream_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen)
+{
+ulong32 i, k;
+LTC_ARGCHK(c  != NULL);
+LTC_ARGCHK(iv != NULL);
+LTC_ARGCHK(ivlen > 0);
+/* ok we are adding an IV then... */
+s128_reloadstate(c);
+/* ivlen must be multiple of 4 bytes */
+if ((ivlen & 3) != 0) {
+return CRYPT_INVALID_KEYSIZE;
+}
+for (i = 0; i < ivlen; i += 4) {
+k = BYTE2WORD((unsigned char *)&iv[i]);
+ADDKEY(k);
+cycle(c->R);
+XORNL(nltap(c));
+}
+/* also fold in the length of the key */
+ADDKEY(ivlen);
+/* now diffuse */
+s128_diffuse(c);
+c->nbuf = 0;
+return CRYPT_OK;
+}
+/* XOR pseudo-random bytes into buffer
+*/
+#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4));
+/**
+Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128
+@param c       The Sober128 state
+@param in      The plaintext (or ciphertext)
+@param inlen   The length of the input (octets)
+@param out     [out] The ciphertext (or plaintext), length inlen
+@return CRYPT_OK if successful
+*/
+int sober128_stream_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out)
+{
+ulong32 t;
+if (inlen == 0) return CRYPT_OK; /* nothing to do */
+LTC_ARGCHK(out != NULL);
+LTC_ARGCHK(c   != NULL);
+/* handle any previously buffered bytes */
+while (c->nbuf != 0 && inlen != 0) {
+*out++ = *in++ ^ (unsigned char)(c->sbuf & 0xFF);
+c->sbuf >>= 8;
+c->nbuf -= 8;
+--inlen;
+}
+#ifndef LTC_SMALL_CODE
+/* do lots at a time, if there's enough to do */
+while (inlen >= N*4) {
+SROUND(0);
+SROUND(1);
+SROUND(2);
+SROUND(3);
+SROUND(4);
+SROUND(5);
+SROUND(6);
+SROUND(7);
+SROUND(8);
+SROUND(9);
+SROUND(10);
+SROUND(11);
+SROUND(12);
+SROUND(13);
+SROUND(14);
+SROUND(15);
+SROUND(16);
+out    += 4*N;
+in     += 4*N;
+inlen  -= 4*N;
+}
+#endif
+/* do small or odd size buffers the slow way */
+while (4 <= inlen) {
+cycle(c->R);
+t = nltap(c);
+XORWORD(t, in, out);
+out    += 4;
+in     += 4;
+inlen  -= 4;
+}
+/* handle any trailing bytes */
+if (inlen != 0) {
+cycle(c->R);
+c->sbuf = nltap(c);
+c->nbuf = 32;
+while (c->nbuf != 0 && inlen != 0) {
+*out++ = *in++ ^ (unsigned char)(c->sbuf & 0xFF);
+c->sbuf >>= 8;
+c->nbuf -= 8;
+--inlen;
+}
+}
+return CRYPT_OK;
+}
+int sober128_stream_keystream(sober128_state *c, unsigned char *out, unsigned long outlen)
+{
+if (outlen == 0) return CRYPT_OK; /* nothing to do */
+LTC_ARGCHK(out != NULL);
+XMEMSET(out, 0, outlen);
+return sober128_stream_crypt(c, out, outlen, out);
+}
+/**
+Terminate and clear Sober128 state
+@param c       The Sober128 state
+@return CRYPT_OK on success
+*/
+int sober128_stream_done(sober128_state *c)
+{
+LTC_ARGCHK(c != NULL);
+XMEMSET(c, 0, sizeof(sober128_state));
+return CRYPT_OK;
+}
+#endif
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */

Mercurial > dropbear

comparison libtomcrypt/src/stream/sober128/sober128_stream.c @ 1471:6dba84798cd5