Mercurial > dropbear
comparison libtomcrypt/src/ciphers/safer/safer.c @ 1435:f849a5ca2efc
update to libtomcrypt 1.17 (with Dropbear changes)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 24 Jun 2017 17:50:50 +0800 |
parents | 0cbe8f6dbf9e |
children | 6dba84798cd5 |
comparison
equal
deleted
inserted
replaced
1434:27b9ddb06b09 | 1435:f849a5ca2efc |
---|---|
4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
5 * | 5 * |
6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
7 * guarantee it works. | 7 * guarantee it works. |
8 * | 8 * |
9 * Tom St Denis, [email protected], http://libtomcrypt.com | 9 * Tom St Denis, [email protected], http://libtom.org |
10 */ | 10 */ |
11 | 11 |
12 /******************************************************************************* | 12 /******************************************************************************* |
13 * | 13 * |
14 * FILE: safer.c | 14 * FILE: safer.c |
15 * | 15 * |
16 * DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption | 16 * LTC_DESCRIPTION: block-cipher algorithm LTC_SAFER (Secure And Fast Encryption |
17 * Routine) in its four versions: SAFER K-64, SAFER K-128, | 17 * Routine) in its four versions: LTC_SAFER K-64, LTC_SAFER K-128, |
18 * SAFER SK-64 and SAFER SK-128. | 18 * LTC_SAFER SK-64 and LTC_SAFER SK-128. |
19 * | 19 * |
20 * AUTHOR: Richard De Moliner ([email protected]) | 20 * AUTHOR: Richard De Moliner ([email protected]) |
21 * Signal and Information Processing Laboratory | 21 * Signal and Information Processing Laboratory |
22 * Swiss Federal Institute of Technology | 22 * Swiss Federal Institute of Technology |
23 * CH-8092 Zuerich, Switzerland | 23 * CH-8092 Zuerich, Switzerland |
28 * | 28 * |
29 *******************************************************************************/ | 29 *******************************************************************************/ |
30 | 30 |
31 #include <tomcrypt.h> | 31 #include <tomcrypt.h> |
32 | 32 |
33 #ifdef SAFER | 33 #ifdef LTC_SAFER |
34 | 34 |
35 const struct ltc_cipher_descriptor | 35 const struct ltc_cipher_descriptor |
36 safer_k64_desc = { | 36 safer_k64_desc = { |
37 "safer-k64", | 37 "safer-k64", |
38 8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS, | 38 8, 8, 8, 8, LTC_SAFER_K64_DEFAULT_NOF_ROUNDS, |
39 &safer_k64_setup, | 39 &safer_k64_setup, |
40 &safer_ecb_encrypt, | 40 &safer_ecb_encrypt, |
41 &safer_ecb_decrypt, | 41 &safer_ecb_decrypt, |
42 &safer_k64_test, | 42 &safer_k64_test, |
43 &safer_done, | 43 &safer_done, |
45 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | 45 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
46 }, | 46 }, |
47 | 47 |
48 safer_sk64_desc = { | 48 safer_sk64_desc = { |
49 "safer-sk64", | 49 "safer-sk64", |
50 9, 8, 8, 8, SAFER_SK64_DEFAULT_NOF_ROUNDS, | 50 9, 8, 8, 8, LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS, |
51 &safer_sk64_setup, | 51 &safer_sk64_setup, |
52 &safer_ecb_encrypt, | 52 &safer_ecb_encrypt, |
53 &safer_ecb_decrypt, | 53 &safer_ecb_decrypt, |
54 &safer_sk64_test, | 54 &safer_sk64_test, |
55 &safer_done, | 55 &safer_done, |
57 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | 57 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
58 }, | 58 }, |
59 | 59 |
60 safer_k128_desc = { | 60 safer_k128_desc = { |
61 "safer-k128", | 61 "safer-k128", |
62 10, 16, 16, 8, SAFER_K128_DEFAULT_NOF_ROUNDS, | 62 10, 16, 16, 8, LTC_SAFER_K128_DEFAULT_NOF_ROUNDS, |
63 &safer_k128_setup, | 63 &safer_k128_setup, |
64 &safer_ecb_encrypt, | 64 &safer_ecb_encrypt, |
65 &safer_ecb_decrypt, | 65 &safer_ecb_decrypt, |
66 &safer_sk128_test, | 66 &safer_sk128_test, |
67 &safer_done, | 67 &safer_done, |
69 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | 69 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
70 }, | 70 }, |
71 | 71 |
72 safer_sk128_desc = { | 72 safer_sk128_desc = { |
73 "safer-sk128", | 73 "safer-sk128", |
74 11, 16, 16, 8, SAFER_SK128_DEFAULT_NOF_ROUNDS, | 74 11, 16, 16, 8, LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS, |
75 &safer_sk128_setup, | 75 &safer_sk128_setup, |
76 &safer_ecb_encrypt, | 76 &safer_ecb_encrypt, |
77 &safer_ecb_decrypt, | 77 &safer_ecb_decrypt, |
78 &safer_sk128_test, | 78 &safer_sk128_test, |
79 &safer_done, | 79 &safer_done, |
109 unsigned int nof_rounds, | 109 unsigned int nof_rounds, |
110 int strengthened, | 110 int strengthened, |
111 safer_key_t key) | 111 safer_key_t key) |
112 #endif | 112 #endif |
113 { unsigned int i, j, k; | 113 { unsigned int i, j, k; |
114 unsigned char ka[SAFER_BLOCK_LEN + 1]; | 114 unsigned char ka[LTC_SAFER_BLOCK_LEN + 1]; |
115 unsigned char kb[SAFER_BLOCK_LEN + 1]; | 115 unsigned char kb[LTC_SAFER_BLOCK_LEN + 1]; |
116 | 116 |
117 if (SAFER_MAX_NOF_ROUNDS < nof_rounds) | 117 if (LTC_SAFER_MAX_NOF_ROUNDS < nof_rounds) |
118 nof_rounds = SAFER_MAX_NOF_ROUNDS; | 118 nof_rounds = LTC_SAFER_MAX_NOF_ROUNDS; |
119 *key++ = (unsigned char)nof_rounds; | 119 *key++ = (unsigned char)nof_rounds; |
120 ka[SAFER_BLOCK_LEN] = (unsigned char)0; | 120 ka[LTC_SAFER_BLOCK_LEN] = (unsigned char)0; |
121 kb[SAFER_BLOCK_LEN] = (unsigned char)0; | 121 kb[LTC_SAFER_BLOCK_LEN] = (unsigned char)0; |
122 k = 0; | 122 k = 0; |
123 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | 123 for (j = 0; j < LTC_SAFER_BLOCK_LEN; j++) { |
124 ka[j] = ROL8(userkey_1[j], 5); | 124 ka[j] = ROL8(userkey_1[j], 5); |
125 ka[SAFER_BLOCK_LEN] ^= ka[j]; | 125 ka[LTC_SAFER_BLOCK_LEN] ^= ka[j]; |
126 kb[j] = *key++ = userkey_2[j]; | 126 kb[j] = *key++ = userkey_2[j]; |
127 kb[SAFER_BLOCK_LEN] ^= kb[j]; | 127 kb[LTC_SAFER_BLOCK_LEN] ^= kb[j]; |
128 } | 128 } |
129 for (i = 1; i <= nof_rounds; i++) { | 129 for (i = 1; i <= nof_rounds; i++) { |
130 for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) { | 130 for (j = 0; j < LTC_SAFER_BLOCK_LEN + 1; j++) { |
131 ka[j] = ROL8(ka[j], 6); | 131 ka[j] = ROL8(ka[j], 6); |
132 kb[j] = ROL8(kb[j], 6); | 132 kb[j] = ROL8(kb[j], 6); |
133 } | 133 } |
134 if (strengthened) { | 134 if (strengthened) { |
135 k = 2 * i - 1; | 135 k = 2 * i - 1; |
136 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } | 136 while (k >= (LTC_SAFER_BLOCK_LEN + 1)) { k -= LTC_SAFER_BLOCK_LEN + 1; } |
137 } | 137 } |
138 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | 138 for (j = 0; j < LTC_SAFER_BLOCK_LEN; j++) { |
139 if (strengthened) { | 139 if (strengthened) { |
140 *key++ = (ka[k] | 140 *key++ = (ka[k] |
141 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; | 141 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; |
142 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } | 142 if (++k == (LTC_SAFER_BLOCK_LEN + 1)) { k = 0; } |
143 } else { | 143 } else { |
144 *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; | 144 *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; |
145 } | 145 } |
146 } | 146 } |
147 if (strengthened) { | 147 if (strengthened) { |
148 k = 2 * i; | 148 k = 2 * i; |
149 while (k >= (SAFER_BLOCK_LEN + 1)) { k -= SAFER_BLOCK_LEN + 1; } | 149 while (k >= (LTC_SAFER_BLOCK_LEN + 1)) { k -= LTC_SAFER_BLOCK_LEN + 1; } |
150 } | 150 } |
151 for (j = 0; j < SAFER_BLOCK_LEN; j++) { | 151 for (j = 0; j < LTC_SAFER_BLOCK_LEN; j++) { |
152 if (strengthened) { | 152 if (strengthened) { |
153 *key++ = (kb[k] | 153 *key++ = (kb[k] |
154 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; | 154 + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; |
155 if (++k == (SAFER_BLOCK_LEN + 1)) { k = 0; } | 155 if (++k == (LTC_SAFER_BLOCK_LEN + 1)) { k = 0; } |
156 } else { | 156 } else { |
157 *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; | 157 *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; |
158 } | 158 } |
159 } | 159 } |
160 } | 160 } |
171 unsigned int nof_rounds, | 171 unsigned int nof_rounds, |
172 int strengthened, | 172 int strengthened, |
173 safer_key_t key) | 173 safer_key_t key) |
174 { | 174 { |
175 _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); | 175 _Safer_Expand_Userkey(userkey_1, userkey_2, nof_rounds, strengthened, key); |
176 burn_stack(sizeof(unsigned char) * (2 * (SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2); | 176 burn_stack(sizeof(unsigned char) * (2 * (LTC_SAFER_BLOCK_LEN + 1)) + sizeof(unsigned int)*2); |
177 } | 177 } |
178 #endif | 178 #endif |
179 | 179 |
180 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | 180 int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
181 { | 181 { |
182 LTC_ARGCHK(key != NULL); | 182 LTC_ARGCHK(key != NULL); |
183 LTC_ARGCHK(skey != NULL); | 183 LTC_ARGCHK(skey != NULL); |
184 | 184 |
185 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | 185 if (numrounds != 0 && (numrounds < 6 || numrounds > LTC_SAFER_MAX_NOF_ROUNDS)) { |
186 return CRYPT_INVALID_ROUNDS; | 186 return CRYPT_INVALID_ROUNDS; |
187 } | 187 } |
188 | 188 |
189 if (keylen != 8) { | 189 if (keylen != 8) { |
190 return CRYPT_INVALID_KEYSIZE; | 190 return CRYPT_INVALID_KEYSIZE; |
191 } | 191 } |
192 | 192 |
193 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | 193 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:LTC_SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); |
194 return CRYPT_OK; | 194 return CRYPT_OK; |
195 } | 195 } |
196 | 196 |
197 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | 197 int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
198 { | 198 { |
199 LTC_ARGCHK(key != NULL); | 199 LTC_ARGCHK(key != NULL); |
200 LTC_ARGCHK(skey != NULL); | 200 LTC_ARGCHK(skey != NULL); |
201 | 201 |
202 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | 202 if (numrounds != 0 && (numrounds < 6 || numrounds > LTC_SAFER_MAX_NOF_ROUNDS)) { |
203 return CRYPT_INVALID_ROUNDS; | 203 return CRYPT_INVALID_ROUNDS; |
204 } | 204 } |
205 | 205 |
206 if (keylen != 8) { | 206 if (keylen != 8) { |
207 return CRYPT_INVALID_KEYSIZE; | 207 return CRYPT_INVALID_KEYSIZE; |
208 } | 208 } |
209 | 209 |
210 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | 210 Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); |
211 return CRYPT_OK; | 211 return CRYPT_OK; |
212 } | 212 } |
213 | 213 |
214 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | 214 int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
215 { | 215 { |
216 LTC_ARGCHK(key != NULL); | 216 LTC_ARGCHK(key != NULL); |
217 LTC_ARGCHK(skey != NULL); | 217 LTC_ARGCHK(skey != NULL); |
218 | 218 |
219 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | 219 if (numrounds != 0 && (numrounds < 6 || numrounds > LTC_SAFER_MAX_NOF_ROUNDS)) { |
220 return CRYPT_INVALID_ROUNDS; | 220 return CRYPT_INVALID_ROUNDS; |
221 } | 221 } |
222 | 222 |
223 if (keylen != 16) { | 223 if (keylen != 16) { |
224 return CRYPT_INVALID_KEYSIZE; | 224 return CRYPT_INVALID_KEYSIZE; |
225 } | 225 } |
226 | 226 |
227 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); | 227 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:LTC_SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); |
228 return CRYPT_OK; | 228 return CRYPT_OK; |
229 } | 229 } |
230 | 230 |
231 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) | 231 int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) |
232 { | 232 { |
233 LTC_ARGCHK(key != NULL); | 233 LTC_ARGCHK(key != NULL); |
234 LTC_ARGCHK(skey != NULL); | 234 LTC_ARGCHK(skey != NULL); |
235 | 235 |
236 if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { | 236 if (numrounds != 0 && (numrounds < 6 || numrounds > LTC_SAFER_MAX_NOF_ROUNDS)) { |
237 return CRYPT_INVALID_ROUNDS; | 237 return CRYPT_INVALID_ROUNDS; |
238 } | 238 } |
239 | 239 |
240 if (keylen != 16) { | 240 if (keylen != 16) { |
241 return CRYPT_INVALID_KEYSIZE; | 241 return CRYPT_INVALID_KEYSIZE; |
242 } | 242 } |
243 | 243 |
244 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); | 244 Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); |
245 return CRYPT_OK; | 245 return CRYPT_OK; |
246 } | 246 } |
247 | 247 |
248 #ifdef LTC_CLEAN_STACK | 248 #ifdef LTC_CLEAN_STACK |
249 static int _safer_ecb_encrypt(const unsigned char *block_in, | 249 static int _safer_ecb_encrypt(const unsigned char *block_in, |
263 LTC_ARGCHK(skey != NULL); | 263 LTC_ARGCHK(skey != NULL); |
264 | 264 |
265 key = skey->safer.key; | 265 key = skey->safer.key; |
266 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; | 266 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; |
267 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; | 267 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; |
268 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; | 268 if (LTC_SAFER_MAX_NOF_ROUNDS < (round = *key)) round = LTC_SAFER_MAX_NOF_ROUNDS; |
269 while(round-- > 0) | 269 while(round-- > 0) |
270 { | 270 { |
271 a ^= *++key; b += *++key; c += *++key; d ^= *++key; | 271 a ^= *++key; b += *++key; c += *++key; d ^= *++key; |
272 e ^= *++key; f += *++key; g += *++key; h ^= *++key; | 272 e ^= *++key; f += *++key; g += *++key; h ^= *++key; |
273 a = EXP(a) + *++key; b = LOG(b) ^ *++key; | 273 a = EXP(a) + *++key; b = LOG(b) ^ *++key; |
317 LTC_ARGCHK(skey != NULL); | 317 LTC_ARGCHK(skey != NULL); |
318 | 318 |
319 key = skey->safer.key; | 319 key = skey->safer.key; |
320 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; | 320 a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; |
321 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; | 321 e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; |
322 if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; | 322 if (LTC_SAFER_MAX_NOF_ROUNDS < (round = *key)) round = LTC_SAFER_MAX_NOF_ROUNDS; |
323 key += SAFER_BLOCK_LEN * (1 + 2 * round); | 323 key += LTC_SAFER_BLOCK_LEN * (1 + 2 * round); |
324 h ^= *key; g -= *--key; f -= *--key; e ^= *--key; | 324 h ^= *key; g -= *--key; f -= *--key; e ^= *--key; |
325 d ^= *--key; c -= *--key; b -= *--key; a ^= *--key; | 325 d ^= *--key; c -= *--key; b -= *--key; a ^= *--key; |
326 while (round--) | 326 while (round--) |
327 { | 327 { |
328 t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; | 328 t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; |
484 #endif | 484 #endif |
485 | 485 |
486 | 486 |
487 | 487 |
488 | 488 |
489 /* $Source: /cvs/libtom/libtomcrypt/src/ciphers/safer/safer.c,v $ */ | 489 /* $Source$ */ |
490 /* $Revision: 1.13 $ */ | 490 /* $Revision$ */ |
491 /* $Date: 2006/11/08 23:01:06 $ */ | 491 /* $Date$ */ |