"Fossies" - the Fresh Open Source Software Archive

Member "libmcrypt-2.5.8/modules/algorithms/loki97.c" (19 Jan 2003, 12392 Bytes) of package /linux/privat/old/libmcrypt-2.5.8.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "loki97.c" see the Fossies "Dox" file reference documentation.

    1 /* This is an independent implementation of the encryption algorithm:   */
    2 /*                                                                      */
    3 /*         LOKI97 by Brown and Pieprzyk                                 */
    4 /*                                                                      */
    5 /* which is a candidate algorithm in the Advanced Encryption Standard   */
    6 /* programme of the US National Institute of Standards and Technology.  */
    7 /*                                                                      */
    8 /* Copyright in this implementation is held by Dr B R Gladman but I     */
    9 /* hereby give permission for its free direct or derivative use subject */
   10 /* to acknowledgment of its origin and compliance with any conditions   */
   11 /* that the originators of the algorithm place on its exploitation.     */
   12 /*                                                                      */
   13 /* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999     */
   14 
   15 /* $Id: loki97.c,v 1.14 2003/01/19 17:48:27 nmav Exp $ */
   16 
   17 /* modified in order to use the libmcrypt API by Nikos Mavroyanopoulos 
   18  * All modifications are placed under the license of libmcrypt.
   19  */
   20 
   21 /* Timing data for LOKI97 (loki.c)
   22 
   23 Core timing without I/O endian conversion:
   24 
   25 128 bit key:
   26 Key Setup:    7430 cycles
   27 Encrypt:      2134 cycles =    12.0 mbits/sec
   28 Decrypt:      2192 cycles =    11.7 mbits/sec
   29 Mean:         2163 cycles =    11.8 mbits/sec
   30 
   31 192 bit key:
   32 Key Setup:    7303 cycles
   33 Encrypt:      2138 cycles =    12.0 mbits/sec
   34 Decrypt:      2189 cycles =    11.7 mbits/sec
   35 Mean:         2164 cycles =    11.8 mbits/sec
   36 
   37 256 bit key:
   38 Key Setup:    7166 cycles
   39 Encrypt:      2131 cycles =    12.0 mbits/sec
   40 Decrypt:      2184 cycles =    11.7 mbits/sec
   41 Mean:         2158 cycles =    11.9 mbits/sec
   42 
   43 Full timing with I/O endian conversion:
   44 
   45 128 bit key:
   46 Key Setup:    7582 cycles
   47 Encrypt:      2174 cycles =    11.8 mbits/sec
   48 Decrypt:      2235 cycles =    11.5 mbits/sec
   49 Mean:         2205 cycles =    11.6 mbits/sec
   50 
   51 192 bit key:
   52 Key Setup:    7477 cycles
   53 Encrypt:      2167 cycles =    11.8 mbits/sec
   54 Decrypt:      2223 cycles =    11.5 mbits/sec
   55 Mean:         2195 cycles =    11.7 mbits/sec
   56 
   57 256 bit key:
   58 Key Setup:    7365 cycles
   59 Encrypt:      2177 cycles =    11.8 mbits/sec
   60 Decrypt:      2194 cycles =    11.7 mbits/sec
   61 Mean:         2186 cycles =    11.7 mbits/sec
   62 
   63 */
   64 
   65 
   66 #include <libdefs.h>
   67 
   68 #include <mcrypt_modules.h>
   69 
   70 #define _mcrypt_set_key loki97_LTX__mcrypt_set_key
   71 #define _mcrypt_encrypt loki97_LTX__mcrypt_encrypt
   72 #define _mcrypt_decrypt loki97_LTX__mcrypt_decrypt
   73 #define _mcrypt_get_size loki97_LTX__mcrypt_get_size
   74 #define _mcrypt_get_block_size loki97_LTX__mcrypt_get_block_size
   75 #define _is_block_algorithm loki97_LTX__is_block_algorithm
   76 #define _mcrypt_get_key_size loki97_LTX__mcrypt_get_key_size
   77 #define _mcrypt_get_supported_key_sizes loki97_LTX__mcrypt_get_supported_key_sizes
   78 #define _mcrypt_get_algorithms_name loki97_LTX__mcrypt_get_algorithms_name
   79 #define _mcrypt_self_test loki97_LTX__mcrypt_self_test
   80 #define _mcrypt_algorithm_version loki97_LTX__mcrypt_algorithm_version
   81 
   82 #define byte(x,n)   ((byte)((x) >> (8 * n)))
   83 
   84 #define S1_SIZE     13
   85 #define S1_LEN      (1 << S1_SIZE)
   86 #define S1_MASK     (S1_LEN - 1)
   87 #define S1_HMASK    (S1_MASK & ~0xff)
   88 #define S1_POLY     0x2911
   89 
   90 #define S2_SIZE     11
   91 #define S2_LEN      (1 << S2_SIZE)
   92 #define S2_MASK     (S2_LEN - 1)
   93 #define S2_HMASK    (S2_MASK & ~0xff)
   94 #define S2_POLY     0x0aa7
   95 
   96 word32 delta[2] = { 0x7f4a7c15, 0x9e3779b9 };
   97 
   98 byte sb1[S1_LEN];       /* GF(2^11) S box */
   99 byte sb2[S2_LEN];       /* GF(2^11) S box */
  100 word32 prm[256][2];
  101 word32 init_done = 0;
  102 
  103 /* word32  l_key[96]; */
  104 
  105 #define add_eq(x,y)     (x)[1] += (y)[1] + (((x)[0] += (y)[0]) < (y)[0] ? 1 : 0)
  106 #define sub_eq(x,y)     xs = (x)[0]; (x)[1] -= (y)[1] + (((x)[0] -= (y)[0]) > xs ? 1 : 0)
  107 
  108 word32 ff_mult(word32 a, word32 b, word32 tpow, word32 mpol)
  109 {
  110     word32 r, s, m;
  111 
  112     r = s = 0;
  113     m = (1 << tpow);
  114 
  115     while (b) {
  116         if (b & 1)
  117 
  118             s ^= a;
  119 
  120         b >>= 1;
  121         a <<= 1;
  122 
  123         if (a & m)
  124 
  125             a ^= mpol;
  126     }
  127 
  128     return s;
  129 }
  130 
  131 void init_tables(void)
  132 {
  133     word32 i, j, v;
  134 
  135     /* initialise S box 1 */
  136 
  137     for (i = 0; i < S1_LEN; ++i) {
  138         j = v = i ^ S1_MASK;
  139         v = ff_mult(v, j, S1_SIZE, S1_POLY);
  140         sb1[i] = (byte) ff_mult(v, j, S1_SIZE, S1_POLY);
  141     }
  142     /* initialise S box 2 */
  143 
  144     for (i = 0; i < S2_LEN; ++i) {
  145         j = v = i ^ S2_MASK;
  146         v = ff_mult(v, j, S2_SIZE, S2_POLY);
  147         sb2[i] = (byte) ff_mult(v, j, S2_SIZE, S2_POLY);
  148     }
  149 
  150     /* initialise permutation table */
  151 
  152     for (i = 0; i < 256; ++i) {
  153         prm[i][0] =
  154             ((i & 1) << 7) | ((i & 2) << 14) | ((i & 4) << 21) |
  155             ((i & 8) << 28);
  156         prm[i][1] =
  157             ((i & 16) << 3) | ((i & 32) << 10) | ((i & 64) << 17) |
  158             ((i & 128) << 24);
  159     }
  160 }
  161 
  162 void f_fun(word32 res[2], const word32 in[2], const word32 key[2])
  163 {
  164     word32 i, tt[2], pp[2];
  165 
  166 /*    tt[0] = in[0] & ~key[0] | in[1] & key[0];
  167  *    tt[1] = in[1] & ~key[0] | in[0] & key[0]; 
  168  */
  169     tt[0] = (in[0] & ~key[0]) | (in[1] & key[0]);
  170     tt[1] = (in[1] & ~key[0]) | (in[0] & key[0]);
  171 
  172     i = sb1[((tt[1] >> 24) | (tt[0] << 8)) & S1_MASK];
  173     pp[0] = prm[i][0] >> 7;
  174     pp[1] = prm[i][1] >> 7;
  175     i = sb2[(tt[1] >> 16) & S2_MASK];
  176     pp[0] |= prm[i][0] >> 6;
  177     pp[1] |= prm[i][1] >> 6;
  178     i = sb1[(tt[1] >> 8) & S1_MASK];
  179     pp[0] |= prm[i][0] >> 5;
  180     pp[1] |= prm[i][1] >> 5;
  181     i = sb2[tt[1] & S2_MASK];
  182     pp[0] |= prm[i][0] >> 4;
  183     pp[1] |= prm[i][1] >> 4;
  184     i = sb2[((tt[0] >> 24) | (tt[1] << 8)) & S2_MASK];
  185     pp[0] |= prm[i][0] >> 3;
  186     pp[1] |= prm[i][1] >> 3;
  187     i = sb1[(tt[0] >> 16) & S1_MASK];
  188     pp[0] |= prm[i][0] >> 2;
  189     pp[1] |= prm[i][1] >> 2;
  190     i = sb2[(tt[0] >> 8) & S2_MASK];
  191     pp[0] |= prm[i][0] >> 1;
  192     pp[1] |= prm[i][1] >> 1;
  193     i = sb1[tt[0] & S1_MASK];
  194     pp[0] |= prm[i][0];
  195     pp[1] |= prm[i][1];
  196 
  197 /*
  198     res[0] ^=  sb1[byte(pp[0], 0) | (key[1] <<  8) & S1_HMASK]
  199             | (sb1[byte(pp[0], 1) | (key[1] <<  3) & S1_HMASK] << 8)
  200             | (sb2[byte(pp[0], 2) | (key[1] >>  2) & S2_HMASK] << 16)
  201             | (sb2[byte(pp[0], 3) | (key[1] >>  5) & S2_HMASK] << 24);
  202     res[1] ^=  sb1[byte(pp[1], 0) | (key[1] >>  8) & S1_HMASK]
  203             | (sb1[byte(pp[1], 1) | (key[1] >> 13) & S1_HMASK] << 8)
  204             | (sb2[byte(pp[1], 2) | (key[1] >> 18) & S2_HMASK] << 16)
  205             | (sb2[byte(pp[1], 3) | (key[1] >> 21) & S2_HMASK] << 24);
  206 */
  207     res[0] ^= sb1[byte(pp[0], 0) | ((key[1] << 8) & S1_HMASK)]
  208         | ((sb1[byte(pp[0], 1) | ((key[1] << 3) & S1_HMASK)] << 8))
  209         | ((sb2[byte(pp[0], 2) | ((key[1] >> 2) & S2_HMASK)] << 16))
  210         | ((sb2[byte(pp[0], 3) | ((key[1] >> 5) & S2_HMASK)] << 24));
  211     res[1] ^= sb1[byte(pp[1], 0) | ((key[1] >> 8) & S1_HMASK)]
  212         | ((sb1[byte(pp[1], 1) | ((key[1] >> 13) & S1_HMASK)] << 8))
  213         | ((sb2[byte(pp[1], 2) | ((key[1] >> 18) & S2_HMASK)] << 16))
  214         | ((sb2[byte(pp[1], 3) | ((key[1] >> 21) & S2_HMASK)] << 24));
  215 
  216 }
  217 
  218 /* 256 bit version only */
  219 WIN32DLL_DEFINE
  220     int _mcrypt_set_key(word32 * l_key, const word32 in_key[],
  221             const word32 key_len)
  222 {
  223     word32 i, k1[2], k2[2], k3[2], k4[2], del[2], tt[2], sk[2];
  224 
  225     if (!init_done) {
  226         init_tables();
  227         init_done = 1;
  228     }
  229 #ifdef WORDS_BIGENDIAN
  230     k4[0] = byteswap32(in_key[1]);
  231     k4[1] = byteswap32(in_key[0]);
  232     k3[0] = byteswap32(in_key[3]);
  233     k3[1] = byteswap32(in_key[2]);
  234 #else
  235     k4[0] = (in_key[1]);
  236     k4[1] = (in_key[0]);
  237     k3[0] = (in_key[3]);
  238     k3[1] = (in_key[2]);
  239 #endif
  240 
  241 
  242 #ifdef WORDS_BIGENDIAN
  243     k2[0] = byteswap32(in_key[5]);
  244     k2[1] = byteswap32(in_key[4]);
  245     k1[0] = byteswap32(in_key[7]);
  246     k1[1] = byteswap32(in_key[6]);
  247 #else
  248     k2[0] = (in_key[5]);
  249     k2[1] = (in_key[4]);
  250     k1[0] = (in_key[7]);
  251     k1[1] = (in_key[6]);
  252 #endif
  253 
  254     del[0] = delta[0];
  255     del[1] = delta[1];
  256 
  257     for (i = 0; i < 48; ++i) {
  258         tt[0] = k1[0];
  259         tt[1] = k1[1];
  260         add_eq(tt, k3);
  261         add_eq(tt, del);
  262         add_eq(del, delta);
  263         sk[0] = k4[0];
  264         sk[1] = k4[1];
  265         k4[0] = k3[0];
  266         k4[1] = k3[1];
  267         k3[0] = k2[0];
  268         k3[1] = k2[1];
  269         k2[0] = k1[0];
  270         k2[1] = k1[1];
  271         k1[0] = sk[0];
  272         k1[1] = sk[1];
  273         f_fun(k1, tt, k3);
  274         l_key[i + i] = k1[0];
  275         l_key[i + i + 1] = k1[1];
  276     }
  277 
  278     return 0;
  279 }
  280 
  281 #define r_fun(l,r,k)        \
  282     add_eq((l),(k));        \
  283     f_fun((r),(l),(k) + 2); \
  284     add_eq((l), (k) + 4)
  285 
  286 WIN32DLL_DEFINE void _mcrypt_encrypt(word32 * l_key, word32 * _blk)
  287 {
  288     word32 blk[4];
  289 
  290 #ifdef WORDS_BIGENDIAN
  291     blk[3] = byteswap32(_blk[0]);
  292     blk[2] = byteswap32(_blk[1]);
  293     blk[1] = byteswap32(_blk[2]);
  294     blk[0] = byteswap32(_blk[3]);
  295 #else
  296     blk[3] = (_blk[0]);
  297     blk[2] = (_blk[1]);
  298     blk[1] = (_blk[2]);
  299     blk[0] = (_blk[3]);
  300 #endif
  301 
  302     r_fun(blk, blk + 2, l_key + 0);
  303     r_fun(blk + 2, blk, l_key + 6);
  304     r_fun(blk, blk + 2, l_key + 12);
  305     r_fun(blk + 2, blk, l_key + 18);
  306     r_fun(blk, blk + 2, l_key + 24);
  307     r_fun(blk + 2, blk, l_key + 30);
  308     r_fun(blk, blk + 2, l_key + 36);
  309     r_fun(blk + 2, blk, l_key + 42);
  310     r_fun(blk, blk + 2, l_key + 48);
  311     r_fun(blk + 2, blk, l_key + 54);
  312     r_fun(blk, blk + 2, l_key + 60);
  313     r_fun(blk + 2, blk, l_key + 66);
  314     r_fun(blk, blk + 2, l_key + 72);
  315     r_fun(blk + 2, blk, l_key + 78);
  316     r_fun(blk, blk + 2, l_key + 84);
  317     r_fun(blk + 2, blk, l_key + 90);
  318 
  319 #ifdef WORDS_BIGENDIAN
  320     _blk[3] = byteswap32(blk[2]);
  321     _blk[2] = byteswap32(blk[3]);
  322     _blk[1] = byteswap32(blk[0]);
  323     _blk[0] = byteswap32(blk[1]);
  324 #else
  325     _blk[3] = (blk[2]);
  326     _blk[2] = (blk[3]);
  327     _blk[1] = (blk[0]);
  328     _blk[0] = (blk[1]);
  329 #endif
  330 }
  331 
  332 #define ir_fun(l,r,k)       \
  333     sub_eq((l),(k) + 4);    \
  334     f_fun((r),(l),(k) + 2); \
  335     sub_eq((l),(k))
  336 
  337 WIN32DLL_DEFINE void _mcrypt_decrypt(word32 * l_key, word32 * _blk)
  338 {
  339     word32 xs, blk[4];
  340 
  341 #ifdef WORDS_BIGENDIAN
  342     blk[3] = byteswap32(_blk[0]);
  343     blk[2] = byteswap32(_blk[1]);
  344     blk[1] = byteswap32(_blk[2]);
  345     blk[0] = byteswap32(_blk[3]);
  346 #else
  347     blk[3] = (_blk[0]);
  348     blk[2] = (_blk[1]);
  349     blk[1] = (_blk[2]);
  350     blk[0] = (_blk[3]);
  351 #endif
  352 
  353     ir_fun(blk, blk + 2, l_key + 90);
  354     ir_fun(blk + 2, blk, l_key + 84);
  355     ir_fun(blk, blk + 2, l_key + 78);
  356     ir_fun(blk + 2, blk, l_key + 72);
  357     ir_fun(blk, blk + 2, l_key + 66);
  358     ir_fun(blk + 2, blk, l_key + 60);
  359     ir_fun(blk, blk + 2, l_key + 54);
  360     ir_fun(blk + 2, blk, l_key + 48);
  361     ir_fun(blk, blk + 2, l_key + 42);
  362     ir_fun(blk + 2, blk, l_key + 36);
  363     ir_fun(blk, blk + 2, l_key + 30);
  364     ir_fun(blk + 2, blk, l_key + 24);
  365     ir_fun(blk, blk + 2, l_key + 18);
  366     ir_fun(blk + 2, blk, l_key + 12);
  367     ir_fun(blk, blk + 2, l_key + 6);
  368     ir_fun(blk + 2, blk, l_key);
  369 
  370 #ifdef WORDS_BIGENDIAN
  371     _blk[3] = byteswap32(blk[2]);
  372     _blk[2] = byteswap32(blk[3]);
  373     _blk[1] = byteswap32(blk[0]);
  374     _blk[0] = byteswap32(blk[1]);
  375 #else
  376     _blk[3] = (blk[2]);
  377     _blk[2] = (blk[3]);
  378     _blk[1] = (blk[0]);
  379     _blk[0] = (blk[1]);
  380 #endif
  381 }
  382 
  383 
  384 WIN32DLL_DEFINE int _mcrypt_get_size()
  385 {
  386     return 96 * sizeof(word32);
  387 }
  388 WIN32DLL_DEFINE int _mcrypt_get_block_size()
  389 {
  390     return 16;
  391 }
  392 WIN32DLL_DEFINE int _is_block_algorithm()
  393 {
  394     return 1;
  395 }
  396 WIN32DLL_DEFINE int _mcrypt_get_key_size()
  397 {
  398     return 32;
  399 }
  400 
  401 static const int key_sizes[] = { 16, 24, 32 };
  402 WIN32DLL_DEFINE const int *_mcrypt_get_supported_key_sizes(int *len)
  403 {
  404     *len = sizeof(key_sizes)/sizeof(int);
  405     return key_sizes;
  406 
  407 }
  408 
  409 WIN32DLL_DEFINE char *_mcrypt_get_algorithms_name()
  410 {
  411 return "LOKI97";
  412 }
  413 
  414 #define CIPHER "8cb28c958024bae27a94c698f96f12a9"
  415 
  416 WIN32DLL_DEFINE int _mcrypt_self_test()
  417 {
  418     char *keyword;
  419     unsigned char plaintext[16];
  420     unsigned char ciphertext[16];
  421     int blocksize = _mcrypt_get_block_size(), j;
  422     void *key;
  423     unsigned char cipher_tmp[200];
  424 
  425     keyword = calloc(1, _mcrypt_get_key_size());
  426     if (keyword == NULL)
  427         return -1;
  428 
  429     for (j = 0; j < _mcrypt_get_key_size(); j++) {
  430         keyword[j] = ((j * 2 + 10) % 256);
  431     }
  432 
  433     for (j = 0; j < blocksize; j++) {
  434         plaintext[j] = j % 256;
  435     }
  436     key = malloc(_mcrypt_get_size());
  437     if (key == NULL) {
  438         free(keyword);
  439         return -1;
  440     }
  441 
  442     memcpy(ciphertext, plaintext, blocksize);
  443 
  444     _mcrypt_set_key(key, (void *) keyword, _mcrypt_get_key_size());
  445     free(keyword);
  446     
  447     _mcrypt_encrypt(key, (void *) ciphertext);
  448 
  449     for (j = 0; j < blocksize; j++) {
  450         sprintf(&((char *) cipher_tmp)[2 * j], "%.2x",
  451             ciphertext[j]);
  452     }
  453 
  454     if (strcmp((char *) cipher_tmp, CIPHER) != 0) {
  455         printf("failed compatibility\n");
  456         printf("Expected: %s\nGot: %s\n", CIPHER,
  457                (char *) cipher_tmp);
  458         free(key);
  459         return -1;
  460     }
  461     _mcrypt_decrypt(key, (void *) ciphertext);
  462     free(key);
  463 
  464     if (strcmp(ciphertext, plaintext) != 0) {
  465         printf("failed internally\n");
  466         return -1;
  467     }
  468 
  469     return 0;
  470 }
  471 
  472 WIN32DLL_DEFINE word32 _mcrypt_algorithm_version()
  473 {
  474     return 20010801;
  475 }
  476 
  477 #ifdef WIN32
  478 # ifdef USE_LTDL
  479 WIN32DLL_DEFINE int main (void)
  480 {
  481        /* empty main function to avoid linker error (see cygwin FAQ) */
  482 }
  483 # endif
  484 #endif