Mercurial > dropbear

comparison rc6.c @ 0:d7da3b1e1540 libtomcrypt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
put back the 0.95 makefile which was inadvertently merged over
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:21:40 +0000
parents
children 5d99163f7e32
comparison
equal deleted inserted replaced
-1:000000000000 0:d7da3b1e1540
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /* RC6 code by Tom St Denis */
13 #include "mycrypt.h"
14
15 #ifdef RC6
16
17 const struct _cipher_descriptor rc6_desc =
18 {
19 "rc6",
20 3,
21 8, 128, 16, 20,
22 &rc6_setup,
23 &rc6_ecb_encrypt,
24 &rc6_ecb_decrypt,
25 &rc6_test,
26 &rc6_keysize
27 };
28
29 static const ulong32 stab[44] = {
30 0xb7e15163UL, 0x5618cb1cUL, 0xf45044d5UL, 0x9287be8eUL, 0x30bf3847UL, 0xcef6b200UL, 0x6d2e2bb9UL, 0x0b65a572UL,
31 0xa99d1f2bUL, 0x47d498e4UL, 0xe60c129dUL, 0x84438c56UL, 0x227b060fUL, 0xc0b27fc8UL, 0x5ee9f981UL, 0xfd21733aUL,
32 0x9b58ecf3UL, 0x399066acUL, 0xd7c7e065UL, 0x75ff5a1eUL, 0x1436d3d7UL, 0xb26e4d90UL, 0x50a5c749UL, 0xeedd4102UL,
33 0x8d14babbUL, 0x2b4c3474UL, 0xc983ae2dUL, 0x67bb27e6UL, 0x05f2a19fUL, 0xa42a1b58UL, 0x42619511UL, 0xe0990ecaUL,
34 0x7ed08883UL, 0x1d08023cUL, 0xbb3f7bf5UL, 0x5976f5aeUL, 0xf7ae6f67UL, 0x95e5e920UL, 0x341d62d9UL, 0xd254dc92UL,
35 0x708c564bUL, 0x0ec3d004UL, 0xacfb49bdUL, 0x4b32c376UL };
36
37 #ifdef CLEAN_STACK
38 static int _rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
39 #else
40 int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
41 #endif
42 {
43 ulong32 L[64], S[50], A, B, i, j, v, s, l;
44
45 _ARGCHK(key != NULL);
46 _ARGCHK(skey != NULL);
47
48 /* test parameters */
49 if (num_rounds != 0 && num_rounds != 20) {
50 return CRYPT_INVALID_ROUNDS;
51 }
52
53 /* key must be between 64 and 1024 bits */
54 if (keylen < 8 || keylen > 128) {
55 return CRYPT_INVALID_KEYSIZE;
56 }
57
58 /* copy the key into the L array */
59 for (A = i = j = 0; i < (ulong32)keylen; ) {
60 A = (A << 8) | ((ulong32)(key[i++] & 255));
61 if (!(i & 3)) {
62 L[j++] = BSWAP(A);
63 A = 0;
64 }
65 }
66
67 /* handle odd sized keys */
68 if (keylen & 3) {
69 A <<= (8 * (4 - (keylen&3)));
70 L[j++] = BSWAP(A);
71 }
72
73 /* setup the S array */
74 memcpy(S, stab, 44 * sizeof(stab[0]));
75
76 /* mix buffer */
77 s = 3 * MAX(44, j);
78 l = j;
79 for (A = B = i = j = v = 0; v < s; v++) {
80 A = S[i] = ROL(S[i] + A + B, 3);
81 B = L[j] = ROL(L[j] + A + B, (A+B));
82 if (++i == 44) { i = 0; }
83 if (++j == l) { j = 0; }
84 }
85
86 /* copy to key */
87 for (i = 0; i < 44; i++) {
88 skey->rc6.K[i] = S[i];
89 }
90 return CRYPT_OK;
91 }
92
93 #ifdef CLEAN_STACK
94 int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
95 {
96 int x;
97 x = _rc6_setup(key, keylen, num_rounds, skey);
98 burn_stack(sizeof(ulong32) * 122);
99 return x;
100 }
101 #endif
102
103 #ifdef CLEAN_STACK
104 static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
105 #else
106 void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
107 #endif
108 {
109 ulong32 a,b,c,d,t,u, *K;
110 int r;
111
112 _ARGCHK(key != NULL);
113 _ARGCHK(pt != NULL);
114 _ARGCHK(ct != NULL);
115 LOAD32L(a,&pt[0]);LOAD32L(b,&pt[4]);LOAD32L(c,&pt[8]);LOAD32L(d,&pt[12]);
116
117 b += key->rc6.K[0];
118 d += key->rc6.K[1];
119
120 #define RND(a,b,c,d) \
121 t = (b * (b + b + 1)); t = ROL(t, 5); \
122 u = (d * (d + d + 1)); u = ROL(u, 5); \
123 a = ROL(a^t,u) + K[0]; \
124 c = ROL(c^u,t) + K[1]; K += 2;
125
126 K = key->rc6.K + 2;
127 for (r = 0; r < 20; r += 4) {
128 RND(a,b,c,d);
129 RND(b,c,d,a);
130 RND(c,d,a,b);
131 RND(d,a,b,c);
132 }
133
134 #undef RND
135
136 a += key->rc6.K[42];
137 c += key->rc6.K[43];
138 STORE32L(a,&ct[0]);STORE32L(b,&ct[4]);STORE32L(c,&ct[8]);STORE32L(d,&ct[12]);
139 }
140
141 #ifdef CLEAN_STACK
142 void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
143 {
144 _rc6_ecb_encrypt(pt, ct, key);
145 burn_stack(sizeof(ulong32) * 6 + sizeof(int));
146 }
147 #endif
148
149 #ifdef CLEAN_STACK
150 static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
151 #else
152 void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
153 #endif
154 {
155 ulong32 a,b,c,d,t,u, *K;
156 int r;
157
158 _ARGCHK(key != NULL);
159 _ARGCHK(pt != NULL);
160 _ARGCHK(ct != NULL);
161
162 LOAD32L(a,&ct[0]);LOAD32L(b,&ct[4]);LOAD32L(c,&ct[8]);LOAD32L(d,&ct[12]);
163 a -= key->rc6.K[42];
164 c -= key->rc6.K[43];
165
166 #define RND(a,b,c,d) \
167 t = (b * (b + b + 1)); t = ROL(t, 5); \
168 u = (d * (d + d + 1)); u = ROL(u, 5); \
169 c = ROR(c - K[1], t) ^ u; \
170 a = ROR(a - K[0], u) ^ t; K -= 2;
171
172 K = key->rc6.K + 40;
173
174 for (r = 0; r < 20; r += 4) {
175 RND(d,a,b,c);
176 RND(c,d,a,b);
177 RND(b,c,d,a);
178 RND(a,b,c,d);
179 }
180
181 #undef RND
182
183 b -= key->rc6.K[0];
184 d -= key->rc6.K[1];
185 STORE32L(a,&pt[0]);STORE32L(b,&pt[4]);STORE32L(c,&pt[8]);STORE32L(d,&pt[12]);
186 }
187
188 #ifdef CLEAN_STACK
189 void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
190 {
191 _rc6_ecb_decrypt(ct, pt, key);
192 burn_stack(sizeof(ulong32) * 6 + sizeof(int));
193 }
194 #endif
195
196 int rc6_test(void)
197 {
198 #ifndef LTC_TEST
199 return CRYPT_NOP;
200 #else
201 static const struct {
202 int keylen;
203 unsigned char key[32], pt[16], ct[16];
204 } tests[] = {
205 {
206 16,
207 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
208 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67, 0x78,
209 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
211 { 0x02, 0x13, 0x24, 0x35, 0x46, 0x57, 0x68, 0x79,
212 0x8a, 0x9b, 0xac, 0xbd, 0xce, 0xdf, 0xe0, 0xf1 },
213 { 0x52, 0x4e, 0x19, 0x2f, 0x47, 0x15, 0xc6, 0x23,
214 0x1f, 0x51, 0xf6, 0x36, 0x7e, 0xa4, 0x3f, 0x18 }
215 },
216 {
217 24,
218 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
219 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67, 0x78,
220 0x89, 0x9a, 0xab, 0xbc, 0xcd, 0xde, 0xef, 0xf0,
221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
222 { 0x02, 0x13, 0x24, 0x35, 0x46, 0x57, 0x68, 0x79,
223 0x8a, 0x9b, 0xac, 0xbd, 0xce, 0xdf, 0xe0, 0xf1 },
224 { 0x68, 0x83, 0x29, 0xd0, 0x19, 0xe5, 0x05, 0x04,
225 0x1e, 0x52, 0xe9, 0x2a, 0xf9, 0x52, 0x91, 0xd4 }
226 },
227 {
228 32,
229 { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
230 0x01, 0x12, 0x23, 0x34, 0x45, 0x56, 0x67, 0x78,
231 0x89, 0x9a, 0xab, 0xbc, 0xcd, 0xde, 0xef, 0xf0,
232 0x10, 0x32, 0x54, 0x76, 0x98, 0xba, 0xdc, 0xfe },
233 { 0x02, 0x13, 0x24, 0x35, 0x46, 0x57, 0x68, 0x79,
234 0x8a, 0x9b, 0xac, 0xbd, 0xce, 0xdf, 0xe0, 0xf1 },
235 { 0xc8, 0x24, 0x18, 0x16, 0xf0, 0xd7, 0xe4, 0x89,
236 0x20, 0xad, 0x16, 0xa1, 0x67, 0x4e, 0x5d, 0x48 }
237 }
238 };
239 unsigned char tmp[2][16];
240 int x, y, err;
241 symmetric_key key;
242
243 for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) {
244 /* setup key */
245 if ((err = rc6_setup(tests[x].key, tests[x].keylen, 0, &key)) != CRYPT_OK) {
246 return err;
247 }
248
249 /* encrypt and decrypt */
250 rc6_ecb_encrypt(tests[x].pt, tmp[0], &key);
251 rc6_ecb_decrypt(tmp[0], tmp[1], &key);
252
253 /* compare */
254 if (memcmp(tmp[0], tests[x].ct, 16) || memcmp(tmp[1], tests[x].pt, 16)) {
255 #if 0
256 printf("\n\nFailed test %d\n", x);
257 if (memcmp(tmp[0], tests[x].ct, 16)) {
258 printf("Ciphertext: ");
259 for (y = 0; y < 16; y++) printf("%02x ", tmp[0][y]);
260 printf("\nExpected : ");
261 for (y = 0; y < 16; y++) printf("%02x ", tests[x].ct[y]);
262 printf("\n");
263 }
264 if (memcmp(tmp[1], tests[x].pt, 16)) {
265 printf("Plaintext: ");
266 for (y = 0; y < 16; y++) printf("%02x ", tmp[0][y]);
267 printf("\nExpected : ");
268 for (y = 0; y < 16; y++) printf("%02x ", tests[x].pt[y]);
269 printf("\n");
270 }
271 #endif
272 return CRYPT_FAIL_TESTVECTOR;
273 }
274
275 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
276 for (y = 0; y < 16; y++) tmp[0][y] = 0;
277 for (y = 0; y < 1000; y++) rc6_ecb_encrypt(tmp[0], tmp[0], &key);
278 for (y = 0; y < 1000; y++) rc6_ecb_decrypt(tmp[0], tmp[0], &key);
279 for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
280 }
281 return CRYPT_OK;
282 #endif
283 }
284
285 int rc6_keysize(int *desired_keysize)
286 {
287 _ARGCHK(desired_keysize != NULL);
288 if (*desired_keysize < 8) {
289 return CRYPT_INVALID_KEYSIZE;
290 } else if (*desired_keysize > 128) {
291 *desired_keysize = 128;
292 }
293 return CRYPT_OK;
294 }
295
296 #endif /*RC6*/
297
298