comparison safer.c @ 3:7faae8f46238 libtomcrypt-orig

Branch renaming
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:25:41 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 3:7faae8f46238
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /*******************************************************************************
13 *
14 * FILE: safer.c
15 *
16 * DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption
17 * Routine) in its four versions: SAFER K-64, SAFER K-128,
18 * SAFER SK-64 and SAFER SK-128.
19 *
20 * AUTHOR: Richard De Moliner ([email protected])
21 * Signal and Information Processing Laboratory
22 * Swiss Federal Institute of Technology
23 * CH-8092 Zuerich, Switzerland
24 *
25 * DATE: September 9, 1995
26 *
27 * CHANGE HISTORY:
28 *
29 *******************************************************************************/
30
31 #include <mycrypt.h>
32
33 #ifdef SAFER
34
35 const struct _cipher_descriptor
36 safer_k64_desc = {
37 "safer-k64",
38 8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS,
39 &safer_k64_setup,
40 &safer_ecb_encrypt,
41 &safer_ecb_decrypt,
42 &safer_k64_test,
43 &safer_64_keysize
44 },
45
46 safer_sk64_desc = {
47 "safer-sk64",
48 9, 8, 8, 8, SAFER_SK64_DEFAULT_NOF_ROUNDS,
49 &safer_sk64_setup,
50 &safer_ecb_encrypt,
51 &safer_ecb_decrypt,
52 &safer_sk64_test,
53 &safer_64_keysize
54 },
55
56 safer_k128_desc = {
57 "safer-k128",
58 10, 16, 16, 8, SAFER_K128_DEFAULT_NOF_ROUNDS,
59 &safer_k128_setup,
60 &safer_ecb_encrypt,
61 &safer_ecb_decrypt,
62 &safer_sk128_test,
63 &safer_128_keysize
64 },
65
66 safer_sk128_desc = {
67 "safer-sk128",
68 11, 16, 16, 8, SAFER_SK128_DEFAULT_NOF_ROUNDS,
69 &safer_sk128_setup,
70 &safer_ecb_encrypt,
71 &safer_ecb_decrypt,
72 &safer_sk128_test,
73 &safer_128_keysize
74 };
75
76 /******************* Constants ************************************************/
77 // #define TAB_LEN 256
78
79 /******************* Assertions ***********************************************/
80
81 /******************* Macros ***************************************************/
82 #define ROL8(x, n) ((unsigned char)((unsigned int)(x) << (n)\
83 |(unsigned int)((x) & 0xFF) >> (8 - (n))))
84 #define EXP(x) safer_ebox[(x) & 0xFF]
85 #define LOG(x) safer_lbox[(x) & 0xFF]
86 #define PHT(x, y) { y += x; x += y; }
87 #define IPHT(x, y) { x -= y; y -= x; }
88
89 /******************* Types ****************************************************/
90 extern const unsigned char safer_ebox[], safer_lbox[];
91
92 #ifdef CLEAN_STACK
93 static void _Safer_Expand_Userkey(const unsigned char *userkey_1,
94 const unsigned char *userkey_2,
95 unsigned int nof_rounds,
96 int strengthened,
97 safer_key_t key)
98 #else
99 static void Safer_Expand_Userkey(const unsigned char *userkey_1,
100 const unsigned char *userkey_2,
101 unsigned int nof_rounds,
102 int strengthened,
103 safer_key_t key)
104 #endif
105 { unsigned int i, j, k;
106 unsigned char ka[SAFER_BLOCK_LEN + 1];
107 unsigned char kb[SAFER_BLOCK_LEN + 1];
108
109 if (SAFER_MAX_NOF_ROUNDS < nof_rounds)
110 nof_rounds = SAFER_MAX_NOF_ROUNDS;
111 *key++ = (unsigned char)nof_rounds;
112 ka[SAFER_BLOCK_LEN] = (unsigned char)0;
113 kb[SAFER_BLOCK_LEN] = (unsigned char)0;
114 k = 0;
115 for (j = 0; j < SAFER_BLOCK_LEN; j++) {
116 ka[j] = ROL8(userkey_1[j], 5);
117 ka[SAFER_BLOCK_LEN] ^= ka[j];
118 kb[j] = *key++ = userkey_2[j];
119 kb[SAFER_BLOCK_LEN] ^= kb[j];
120 }
121 for (i = 1; i <= nof_rounds; i++) {
122 for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) {
123 ka[j] = ROL8(ka[j], 6);
124 kb[j] = ROL8(kb[j], 6);
125 }
126 if (strengthened) {
127 k = 2 * i - 1;
128 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; }
129 }
130 for (j = 0; j < SAFER_BLOCK_LEN; j++) {
131 if (strengthened) {
132 *key++ = (ka[k]
133 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF;
134 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; }
135 } else {
136 *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF;
137 }
138 }
139 if (strengthened) {
140 k = 2 * i;
141 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; }
142 }
143 for (j = 0; j < SAFER_BLOCK_LEN; j++) {
144 if (strengthened) {
145 *key++ = (kb[k]
146 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF;
147 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; }
148 } else {
149 *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF;
150 }
151 }
152 }
153
154 #ifdef CLEAN_STACK
155 zeromem(ka, sizeof(ka));
156 zeromem(kb, sizeof(kb));
157 #endif
158 }
159
160 #ifdef CLEAN_STACK
161 static void Safer_Expand_Userkey(const unsigned char *userkey_1,
162 const unsigned char *userkey_2,
163 unsigned int nof_rounds,
164 int strengthened,
165 safer_key_t key)
166 {
167 _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key);
168 burn_stack(sizeof(unsigned char) * (2 * (SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2);
169 }
170 #endif
171
172 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
173 {
174 _ARGCHK(key != NULL);
175 _ARGCHK(skey != NULL);
176
177 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
178 return CRYPT_INVALID_ROUNDS;
179 }
180
181 if (keylen != 8) {
182 return CRYPT_INVALID_KEYSIZE;
183 }
184
185 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key);
186 return CRYPT_OK;
187 }
188
189 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
190 {
191 _ARGCHK(key != NULL);
192 _ARGCHK(skey != NULL);
193
194 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
195 return CRYPT_INVALID_ROUNDS;
196 }
197
198 if (keylen != 8) {
199 return CRYPT_INVALID_KEYSIZE;
200 }
201
202 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key);
203 return CRYPT_OK;
204 }
205
206 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
207 {
208 _ARGCHK(key != NULL);
209 _ARGCHK(skey != NULL);
210
211 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
212 return CRYPT_INVALID_ROUNDS;
213 }
214
215 if (keylen != 16) {
216 return CRYPT_INVALID_KEYSIZE;
217 }
218
219 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key);
220 return CRYPT_OK;
221 }
222
223 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
224 {
225 _ARGCHK(key != NULL);
226 _ARGCHK(skey != NULL);
227
228 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
229 return CRYPT_INVALID_ROUNDS;
230 }
231
232 if (keylen != 16) {
233 return CRYPT_INVALID_KEYSIZE;
234 }
235
236 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key);
237 return CRYPT_OK;
238 }
239
240 #ifdef CLEAN_STACK
241 static void _safer_ecb_encrypt(const unsigned char *block_in,
242 unsigned char *block_out,
243 symmetric_key *skey)
244 #else
245 void safer_ecb_encrypt(const unsigned char *block_in,
246 unsigned char *block_out,
247 symmetric_key *skey)
248 #endif
249 { unsigned char a, b, c, d, e, f, g, h, t;
250 unsigned int round;
251 unsigned char *key;
252
253 _ARGCHK(block_in != NULL);
254 _ARGCHK(block_out != NULL);
255 _ARGCHK(skey != NULL);
256
257 key = skey->safer.key;
258 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
259 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7];
260 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS;
261 while(round-- > 0)
262 {
263 a ^= *++key; b += *++key; c += *++key; d ^= *++key;
264 e ^= *++key; f += *++key; g += *++key; h ^= *++key;
265 a = EXP(a) + *++key; b = LOG(b) ^ *++key;
266 c = LOG(c) ^ *++key; d = EXP(d) + *++key;
267 e = EXP(e) + *++key; f = LOG(f) ^ *++key;
268 g = LOG(g) ^ *++key; h = EXP(h) + *++key;
269 PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h);
270 PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h);
271 PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h);
272 t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t;
273 }
274 a ^= *++key; b += *++key; c += *++key; d ^= *++key;
275 e ^= *++key; f += *++key; g += *++key; h ^= *++key;
276 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF;
277 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF;
278 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF;
279 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
280 }
281
282 #ifdef CLEAN_STACK
283 void safer_ecb_encrypt(const unsigned char *block_in,
284 unsigned char *block_out,
285 symmetric_key *skey)
286 {
287 _safer_ecb_encrypt(block_in, block_out, skey);
288 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *));
289 }
290 #endif
291
292 #ifdef CLEAN_STACK
293 static void _safer_ecb_decrypt(const unsigned char *block_in,
294 unsigned char *block_out,
295 symmetric_key *skey)
296 #else
297 void safer_ecb_decrypt(const unsigned char *block_in,
298 unsigned char *block_out,
299 symmetric_key *skey)
300 #endif
301 { unsigned char a, b, c, d, e, f, g, h, t;
302 unsigned int round;
303 unsigned char *key;
304
305 _ARGCHK(block_in != NULL);
306 _ARGCHK(block_out != NULL);
307 _ARGCHK(skey != NULL);
308
309 key = skey->safer.key;
310 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
311 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7];
312 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS;
313 key += SAFER_BLOCK_LEN * (1 + 2 * round);
314 h ^= *key; g -= *--key; f -= *--key; e ^= *--key;
315 d ^= *--key; c -= *--key; b -= *--key; a ^= *--key;
316 while (round--)
317 {
318 t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t;
319 IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h);
320 IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h);
321 IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h);
322 h -= *--key; g ^= *--key; f ^= *--key; e -= *--key;
323 d -= *--key; c ^= *--key; b ^= *--key; a -= *--key;
324 h = LOG(h) ^ *--key; g = EXP(g) - *--key;
325 f = EXP(f) - *--key; e = LOG(e) ^ *--key;
326 d = LOG(d) ^ *--key; c = EXP(c) - *--key;
327 b = EXP(b) - *--key; a = LOG(a) ^ *--key;
328 }
329 block_out[0] = a & 0xFF; block_out[1] = b & 0xFF;
330 block_out[2] = c & 0xFF; block_out[3] = d & 0xFF;
331 block_out[4] = e & 0xFF; block_out[5] = f & 0xFF;
332 block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
333 }
334
335 #ifdef CLEAN_STACK
336 void safer_ecb_decrypt(const unsigned char *block_in,
337 unsigned char *block_out,
338 symmetric_key *skey)
339 {
340 _safer_ecb_decrypt(block_in, block_out, skey);
341 burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *));
342 }
343 #endif
344
345 int safer_64_keysize(int *keysize)
346 {
347 _ARGCHK(keysize != NULL);
348 if (*keysize < 8) {
349 return CRYPT_INVALID_KEYSIZE;
350 } else {
351 *keysize = 8;
352 return CRYPT_OK;
353 }
354 }
355
356 int safer_128_keysize(int *keysize)
357 {
358 _ARGCHK(keysize != NULL);
359 if (*keysize < 16) {
360 return CRYPT_INVALID_KEYSIZE;
361 } else {
362 *keysize = 16;
363 return CRYPT_OK;
364 }
365 }
366
367 int safer_k64_test(void)
368 {
369 #ifndef LTC_TEST
370 return CRYPT_NOP;
371 #else
372 static const unsigned char k64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 },
373 k64_key[] = { 8, 7, 6, 5, 4, 3, 2, 1 },
374 k64_ct[] = { 200, 242, 156, 221, 135, 120, 62, 217 };
375
376 symmetric_key skey;
377 unsigned char buf[2][8];
378 int err;
379
380 /* test K64 */
381 if ((err = safer_k64_setup(k64_key, 8, 6, &skey)) != CRYPT_OK) {
382 return err;
383 }
384 safer_ecb_encrypt(k64_pt, buf[0], &skey);
385 safer_ecb_decrypt(buf[0], buf[1], &skey);
386
387 if (memcmp(buf[0], k64_ct, 8) != 0 || memcmp(buf[1], k64_pt, 8) != 0) {
388 return CRYPT_FAIL_TESTVECTOR;
389 }
390
391 return CRYPT_OK;
392 #endif
393 }
394
395
396 int safer_sk64_test(void)
397 {
398 #ifndef LTC_TEST
399 return CRYPT_NOP;
400 #else
401 static const unsigned char sk64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 },
402 sk64_key[] = { 1, 2, 3, 4, 5, 6, 7, 8 },
403 sk64_ct[] = { 95, 206, 155, 162, 5, 132, 56, 199 };
404
405 symmetric_key skey;
406 unsigned char buf[2][8];
407 int err, y;
408
409 /* test SK64 */
410 if ((err = safer_sk64_setup(sk64_key, 8, 6, &skey)) != CRYPT_OK) {
411 return err;
412 }
413
414 safer_ecb_encrypt(sk64_pt, buf[0], &skey);
415 safer_ecb_decrypt(buf[0], buf[1], &skey);
416
417 if (memcmp(buf[0], sk64_ct, 8) != 0 || memcmp(buf[1], sk64_pt, 8) != 0) {
418 return CRYPT_FAIL_TESTVECTOR;
419 }
420
421 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
422 for (y = 0; y < 8; y++) buf[0][y] = 0;
423 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey);
424 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey);
425 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
426
427 return CRYPT_OK;
428 #endif
429 }
430
431 int safer_sk128_test(void)
432 {
433 #ifndef LTC_TEST
434 return CRYPT_NOP;
435 #else
436 static const unsigned char sk128_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 },
437 sk128_key[] = { 1, 2, 3, 4, 5, 6, 7, 8,
438 0, 0, 0, 0, 0, 0, 0, 0 },
439 sk128_ct[] = { 255, 120, 17, 228, 179, 167, 46, 113 };
440
441 symmetric_key skey;
442 unsigned char buf[2][8];
443 int err, y;
444
445 /* test SK128 */
446 if ((err = safer_sk128_setup(sk128_key, 16, 0, &skey)) != CRYPT_OK) {
447 return err;
448 }
449 safer_ecb_encrypt(sk128_pt, buf[0], &skey);
450 safer_ecb_decrypt(buf[0], buf[1], &skey);
451
452 if (memcmp(buf[0], sk128_ct, 8) != 0 || memcmp(buf[1], sk128_pt, 8) != 0) {
453 return CRYPT_FAIL_TESTVECTOR;
454 }
455
456 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
457 for (y = 0; y < 8; y++) buf[0][y] = 0;
458 for (y = 0; y < 1000; y++) safer_ecb_encrypt(buf[0], buf[0], &skey);
459 for (y = 0; y < 1000; y++) safer_ecb_decrypt(buf[0], buf[0], &skey);
460 for (y = 0; y < 8; y++) if (buf[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
461 return CRYPT_OK;
462 #endif
463 }
464
465 #endif
466
467
468