Mercurial > dropbear
comparison safer.c @ 3:7faae8f46238 libtomcrypt-orig
Branch renaming
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 31 May 2004 18:25:41 +0000 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 3:7faae8f46238 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 * | |
9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
10 */ | |
11 | |
12 /******************************************************************************* | |
13 * | |
14 * FILE: safer.c | |
15 * | |
16 * DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption | |
17 * Routine) in its four versions: SAFER K-64, SAFER K-128, | |
18 * SAFER SK-64 and SAFER SK-128. | |
19 * | |
20 * AUTHOR: Richard De Moliner ([email protected]) | |
21 * Signal and Information Processing Laboratory | |
22 * Swiss Federal Institute of Technology | |
23 * CH-8092 Zuerich, Switzerland | |
24 * | |
25 * DATE: September 9, 1995 | |
26 * | |
27 * CHANGE HISTORY: | |
28 * | |
29 *******************************************************************************/ | |
30 | |
31 #include <mycrypt.h> | |
32 | |
33 #ifdef SAFER | |
34 | |
35 const struct _cipher_descriptor | |
36 safer_k64_desc = { | |
37 "safer-k64", | |
38 8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS, | |
39 &safer_k64_setup, | |
40 &safer_ecb_encrypt, | |
41 &safer_ecb_decrypt, | |
42 &safer_k64_test, | |
43 &safer_64_keysize | |
44 }, | |
45 | |
46 safer_sk64_desc = { | |
47 "safer-sk64", | |
48 9, 8, 8, 8, SAFER_SK64_DEFAULT_NOF_ROUNDS, | |
49 &safer_sk64_setup, | |
50 &safer_ecb_encrypt, | |
51 &safer_ecb_decrypt, | |
52 &safer_sk64_test, | |
53 &safer_64_keysize | |
54 }, | |
55 | |
56 safer_k128_desc = { | |
57 "safer-k128", | |
58 10, 16, 16, 8, SAFER_K128_DEFAULT_NOF_ROUNDS, | |
59 &safer_k128_setup, | |
60 &safer_ecb_encrypt, | |
61 &safer_ecb_decrypt, | |
62 &safer_sk128_test, | |
63 &safer_128_keysize | |
64 }, | |
65 | |
66 safer_sk128_desc = { | |
67 "safer-sk128", | |
68 11, 16, 16, 8, SAFER_SK128_DEFAULT_NOF_ROUNDS, | |
69 &safer_sk128_setup, | |
70 &safer_ecb_encrypt, | |
71 &safer_ecb_decrypt, | |
72 &safer_sk128_test, | |
73 &safer_128_keysize | |
74 }; | |
75 | |
76 /******************* Constants ************************************************/ | |
77 // #define TAB_LEN 256 | |
78 | |
79 /******************* Assertions ***********************************************/ | |
80 | |
81 /******************* Macros ***************************************************/ | |
82 #define ROL8(x, n) ((unsigned char)((unsigned int)(x) << (n)\ | |
83 |(unsigned int)((x) & 0xFF) >> (8 - (n)))) | |
84 #define EXP(x) safer_ebox[(x) & 0xFF] | |
85 #define LOG(x) safer_lbox[(x) & 0xFF] | |
86 #define PHT(x, y) { y += x; x += y; } | |
87 #define IPHT(x, y) { x -= y; y -= x; } | |
88 | |
89 /******************* Types ****************************************************/ | |
90 extern const unsigned char safer_ebox[], safer_lbox[]; | |
91 | |
92 #ifdef CLEAN_STACK | |
93 static void _Safer_Expand_Userkey(const unsigned char *userkey_1, | |
94 const unsigned char *userkey_2, | |
95 unsigned int nof_rounds, | |
96 int strengthened, | |
97 safer_key_t key) | |
98 #else | |
99 static void Safer_Expand_Userkey(const unsigned char *userkey_1, | |
100 const unsigned char *userkey_2, | |
101 unsigned int nof_rounds, | |
102 int strengthened, | |
103 safer_key_t key) | |
104 #endif | |
105 { unsigned int i, j, k; | |
106 unsigned char ka[SAFER_BLOCK_LEN + 1]; | |
107 unsigned char kb[SAFER_BLOCK_LEN + 1]; | |
108 | |
109 if (SAFER_MAX_NOF_ROUNDS < nof_rounds) | |
110 nof_rounds = SAFER_MAX_NOF_ROUNDS; | |
111 *key++ = (unsigned char)nof_rounds; | |
112 ka[SAFER_BLOCK_LEN] = (unsigned char)0; | |
113 kb[SAFER_BLOCK_LEN] = (unsigned char)0; | |
114 k = 0; | |
115 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | |
116 ka[j] = ROL8(userkey_1[j], 5); | |
117 ka[SAFER_BLOCK_LEN] ^= ka[j]; | |
118 kb[j] = *key++ = userkey_2[j]; | |
119 kb[SAFER_BLOCK_LEN] ^= kb[j]; | |
120 } | |
121 for (i = 1; i <= nof_rounds; i++) { | |
122 for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) { | |
123 ka[j] = ROL8(ka[j], 6); | |
124 kb[j] = ROL8(kb[j], 6); | |
125 } | |
126 if (strengthened) { | |
127 k = 2 * i - 1; | |
128 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } | |
129 } | |
130 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | |
131 if (strengthened) { | |
132 *key++ = (ka[k] | |
133 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; | |
134 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } | |
135 } else { | |
136 *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; | |
137 } | |
138 } | |
139 if (strengthened) { | |
140 k = 2 * i; | |
141 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } | |
142 } | |
143 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | |
144 if (strengthened) { | |
145 *key++ = (kb[k] | |
146 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; | |
147 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } | |
148 } else { | |
149 *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; | |
150 } | |
151 } | |
152 } | |
153 | |
154 #ifdef CLEAN_STACK | |
155 zeromem(ka, sizeof(ka)); | |
156 zeromem(kb, sizeof(kb)); | |
157 #endif | |
158 } | |
159 | |
160 #ifdef CLEAN_STACK | |
161 static void Safer_Expand_Userkey(const unsigned char *userkey_1, | |
162 const unsigned char *userkey_2, | |
163 unsigned int nof_rounds, | |
164 int strengthened, | |
165 safer_key_t key) | |
166 { | |
167 _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); | |
168 burn_stack(sizeof(unsigned char) * (2 * (SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2); | |
169 } | |
170 #endif | |
171 | |
172 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | |
173 { | |
174 _ARGCHK(key != NULL); | |
175 _ARGCHK(skey != NULL); | |
176 | |
177 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | |
178 return CRYPT_INVALID_ROUNDS; | |
179 } | |
180 | |
181 if (keylen != 8) { | |
182 return CRYPT_INVALID_KEYSIZE; | |
183 } | |
184 | |
185 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
186 return CRYPT_OK; | |
187 } | |
188 | |
189 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | |
190 { | |
191 _ARGCHK(key != NULL); | |
192 _ARGCHK(skey != NULL); | |
193 | |
194 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | |
195 return CRYPT_INVALID_ROUNDS; | |
196 } | |
197 | |
198 if (keylen != 8) { | |
199 return CRYPT_INVALID_KEYSIZE; | |
200 } | |
201 | |
202 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
203 return CRYPT_OK; | |
204 } | |
205 | |
206 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | |
207 { | |
208 _ARGCHK(key != NULL); | |
209 _ARGCHK(skey != NULL); | |
210 | |
211 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | |
212 return CRYPT_INVALID_ROUNDS; | |
213 } | |
214 | |
215 if (keylen != 16) { | |
216 return CRYPT_INVALID_KEYSIZE; | |
217 } | |
218 | |
219 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | |
220 return CRYPT_OK; | |
221 } | |
222 | |
223 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | |
224 { | |
225 _ARGCHK(key != NULL); | |
226 _ARGCHK(skey != NULL); | |
227 | |
228 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | |
229 return CRYPT_INVALID_ROUNDS; | |
230 } | |
231 | |
232 if (keylen != 16) { | |
233 return CRYPT_INVALID_KEYSIZE; | |
234 } | |
235 | |
236 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | |
237 return CRYPT_OK; | |
238 } | |
239 | |
240 #ifdef CLEAN_STACK | |
241 static void _safer_ecb_encrypt(const unsigned char *block_in, | |
242 unsigned char *block_out, | |
243 symmetric_key *skey) | |
244 #else | |
245 void safer_ecb_encrypt(const unsigned char *block_in, | |
246 unsigned char *block_out, | |
247 symmetric_key *skey) | |
248 #endif | |
249 { unsigned char a, b, c, d, e, f, g, h, t; | |
250 unsigned int round; | |
251 unsigned char *key; | |
252 | |
253 _ARGCHK(block_in != NULL); | |
254 _ARGCHK(block_out != NULL); | |
255 _ARGCHK(skey != NULL); | |
256 | |
257 key = skey->safer.key; | |
258 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; | |
259 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; | |
260 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; | |
261 while(round-- > 0) | |
262 { | |
263 a ^= *++key; b += *++key; c += *++key; d ^= *++key; | |
264 e ^= *++key; f += *++key; g += *++key; h ^= *++key; | |
265 a = EXP(a) + *++key; b = LOG(b) ^ *++key; | |
266 c = LOG(c) ^ *++key; d = EXP(d) + *++key; | |
267 e = EXP(e) + *++key; f = LOG(f) ^ *++key; | |
268 g = LOG(g) ^ *++key; h = EXP(h) + *++key; | |
269 PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h); | |
270 PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h); | |
271 PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h); | |
272 t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t; | |
273 } | |
274 a ^= *++key; b += *++key; c += *++key; d ^= *++key; | |
275 e ^= *++key; f += *++key; g += *++key; h ^= *++key; | |
276 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF; | |
277 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF; | |
278 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF; | |
279 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF; | |
280 } | |
281 | |
282 #ifdef CLEAN_STACK | |
283 void safer_ecb_encrypt(const unsigned char *block_in, | |
284 unsigned char *block_out, | |
285 symmetric_key *skey) | |
286 { | |
287 _safer_ecb_encrypt(block_in, block_out, skey); | |
288 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); | |
289 } | |
290 #endif | |
291 | |
292 #ifdef CLEAN_STACK | |
293 static void _safer_ecb_decrypt(const unsigned char *block_in, | |
294 unsigned char *block_out, | |
295 symmetric_key *skey) | |
296 #else | |
297 void safer_ecb_decrypt(const unsigned char *block_in, | |
298 unsigned char *block_out, | |
299 symmetric_key *skey) | |
300 #endif | |
301 { unsigned char a, b, c, d, e, f, g, h, t; | |
302 unsigned int round; | |
303 unsigned char *key; | |
304 | |
305 _ARGCHK(block_in != NULL); | |
306 _ARGCHK(block_out != NULL); | |
307 _ARGCHK(skey != NULL); | |
308 | |
309 key = skey->safer.key; | |
310 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; | |
311 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; | |
312 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; | |
313 key += SAFER_BLOCK_LEN * (1 + 2 * round); | |
314 h ^= *key; g -= *--key; f -= *--key; e ^= *--key; | |
315 d ^= *--key; c -= *--key; b -= *--key; a ^= *--key; | |
316 while (round--) | |
317 { | |
318 t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; | |
319 IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h); | |
320 IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h); | |
321 IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h); | |
322 h -= *--key; g ^= *--key; f ^= *--key; e -= *--key; | |
323 d -= *--key; c ^= *--key; b ^= *--key; a -= *--key; | |
324 h = LOG(h) ^ *--key; g = EXP(g) - *--key; | |
325 f = EXP(f) - *--key; e = LOG(e) ^ *--key; | |
326 d = LOG(d) ^ *--key; c = EXP(c) - *--key; | |
327 b = EXP(b) - *--key; a = LOG(a) ^ *--key; | |
328 } | |
329 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF; | |
330 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF; | |
331 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF; | |
332 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF; | |
333 } | |
334 | |
335 #ifdef CLEAN_STACK | |
336 void safer_ecb_decrypt(const unsigned char *block_in, | |
337 unsigned char *block_out, | |
338 symmetric_key *skey) | |
339 { | |
340 _safer_ecb_decrypt(block_in, block_out, skey); | |
341 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *)); | |
342 } | |
343 #endif | |
344 | |
345 int safer_64_keysize(int *keysize) | |
346 { | |
347 _ARGCHK(keysize != NULL); | |
348 if (*keysize < 8) { | |
349 return CRYPT_INVALID_KEYSIZE; | |
350 } else { | |
351 *keysize = 8; | |
352 return CRYPT_OK; | |
353 } | |
354 } | |
355 | |
356 int safer_128_keysize(int *keysize) | |
357 { | |
358 _ARGCHK(keysize != NULL); | |
359 if (*keysize < 16) { | |
360 return CRYPT_INVALID_KEYSIZE; | |
361 } else { | |
362 *keysize = 16; | |
363 return CRYPT_OK; | |
364 } | |
365 } | |
366 | |
367 int safer_k64_test(void) | |
368 { | |
369 #ifndef LTC_TEST | |
370 return CRYPT_NOP; | |
371 #else | |
372 static const unsigned char k64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, | |
373 k64_key[] = { 8, 7, 6, 5, 4, 3, 2, 1 }, | |
374 k64_ct[] = { 200, 242, 156, 221, 135, 120, 62, 217 }; | |
375 | |
376 symmetric_key skey; | |
377 unsigned char buf[2][8]; | |
378 int err; | |
379 | |
380 /* test K64 */ | |
381 if ((err = safer_k64_setup(k64_key, 8, 6, &skey)) != CRYPT_OK) { | |
382 return err; | |
383 } | |
384 safer_ecb_encrypt(k64_pt, buf[0], &skey); | |
385 safer_ecb_decrypt(buf[0], buf[1], &skey); | |
386 | |
387 if (memcmp(buf[0], k64_ct, 8) != 0 || memcmp(buf[1], k64_pt, 8) != 0) { | |
388 return CRYPT_FAIL_TESTVECTOR; | |
389 } | |
390 | |
391 return CRYPT_OK; | |
392 #endif | |
393 } | |
394 | |
395 | |
396 int safer_sk64_test(void) | |
397 { | |
398 #ifndef LTC_TEST | |
399 return CRYPT_NOP; | |
400 #else | |
401 static const unsigned char sk64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, | |
402 sk64_key[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, | |
403 sk64_ct[] = { 95, 206, 155, 162, 5, 132, 56, 199 }; | |
404 | |
405 symmetric_key skey; | |
406 unsigned char buf[2][8]; | |
407 int err, y; | |
408 | |
409 /* test SK64 */ | |
410 if ((err = safer_sk64_setup(sk64_key, 8, 6, &skey)) != CRYPT_OK) { | |
411 return err; | |
412 } | |
413 | |
414 safer_ecb_encrypt(sk64_pt, buf[0], &skey); | |
415 safer_ecb_decrypt(buf[0], buf[1], &skey); | |
416 | |
417 if (memcmp(buf[0], sk64_ct, 8) != 0 || memcmp(buf[1], sk64_pt, 8) != 0) { | |
418 return CRYPT_FAIL_TESTVECTOR; | |
419 } | |
420 | |
421 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ | |
422 for (y = 0; y < 8; y++) buf[0][y] = 0; | |
423 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey); | |
424 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey); | |
425 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; | |
426 | |
427 return CRYPT_OK; | |
428 #endif | |
429 } | |
430 | |
431 int safer_sk128_test(void) | |
432 { | |
433 #ifndef LTC_TEST | |
434 return CRYPT_NOP; | |
435 #else | |
436 static const unsigned char sk128_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, | |
437 sk128_key[] = { 1, 2, 3, 4, 5, 6, 7, 8, | |
438 0, 0, 0, 0, 0, 0, 0, 0 }, | |
439 sk128_ct[] = { 255, 120, 17, 228, 179, 167, 46, 113 }; | |
440 | |
441 symmetric_key skey; | |
442 unsigned char buf[2][8]; | |
443 int err, y; | |
444 | |
445 /* test SK128 */ | |
446 if ((err = safer_sk128_setup(sk128_key, 16, 0, &skey)) != CRYPT_OK) { | |
447 return err; | |
448 } | |
449 safer_ecb_encrypt(sk128_pt, buf[0], &skey); | |
450 safer_ecb_decrypt(buf[0], buf[1], &skey); | |
451 | |
452 if (memcmp(buf[0], sk128_ct, 8) != 0 || memcmp(buf[1], sk128_pt, 8) != 0) { | |
453 return CRYPT_FAIL_TESTVECTOR; | |
454 } | |
455 | |
456 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ | |
457 for (y = 0; y < 8; y++) buf[0][y] = 0; | |
458 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey); | |
459 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey); | |
460 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; | |
461 return CRYPT_OK; | |
462 #endif | |
463 } | |
464 | |
465 #endif | |
466 | |
467 | |
468 |