[u/mdw/catacomb] / symm / skipjack.c

/* -*-c-*-
 *
 * The Skipjack block cipher
 *
 * (c) 2000 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <mLib/bits.h>

#include "blkc.h"
#include "gcipher.h"
#include "skipjack.h"

/*----- Global variables --------------------------------------------------*/

const octet skipjack_keysz[] = { KSZ_SET, 10, 0 };

/*----- The Skipjack S-box ------------------------------------------------*/

extern const octet skipjack_s[256];

/*----- Main code ---------------------------------------------------------*/

/* --- @skipjack_init@ --- *
 *
 * Arguments:	@skipjack_ctx *k@ = pointer to key block
 *		@const void *buf@ = pointer to key buffer
 *		@size_t sz@ = size of key material
 *
 * Returns:	---
 *
 * Use:		Initializes a Skipjack key buffer.  The key buffer must be
 *		exactly 10 bytes long.
 */

void skipjack_init(skipjack_ctx *k, const void *buf, size_t sz)
{
  const octet *b = buf;
  uint32 crud;
  KSZ_ASSERT(skipjack, sz);
  k->ka = LOAD32(b);
  k->kb = LOAD32(b + 4);
  crud = LOAD16(b + 8);
  k->kc = U32((crud << 16) | (k->ka >> 16));
  k->kd = U32((k->ka << 16) | (k->kb >> 16));
  k->ke = U32((k->kb << 16) | crud);
  crud = 0;
}

/* --- @skipjack_eblk@, @skipjack_dblk@ --- *
 *
 * Arguments:	@const skipjack_ctx *k@ = pointer to key block
 *		@const uint32 s[2]@ = pointer to source block
 *		@uint32 d[2]@ = pointer to skipjacktination block
 *
 * Returns:	---
 *
 * Use:		Low-level block encryption and decryption.
 */

#define G(x, k) do {							\
  octet _x = U8(x >> 8), _y = U8(x);					\
  _x ^= skipjack_s[_y ^ U8(k >> 24)];					\
  _y ^= skipjack_s[_x ^ U8(k >> 16)];					\
  _x ^= skipjack_s[_y ^ U8(k >>	 8)];					\
  _y ^= skipjack_s[_x ^ U8(k >>	 0)];					\
  x = (_x << 8) | _y;							\
} while (0)

#define RULE_A(w, x, y, z, n, k) do {					\
  G(w, k); z ^= w ^ n++;						\
} while (0)

#define RULE_B(w, x, y, z, n, k) do {					\
  x ^= w ^ n++; G(w, k);						\
} while (0)

void skipjack_eblk(const skipjack_ctx *k, const uint32 *s, uint32 *d)
{
  unsigned n = 1;
  uint16 w = U16(s[0] >> 16), x = U16(s[0]);
  uint16 y = U16(s[1] >> 16), z = U16(s[1]);
  uint32 ka = k->ka, kb = k->kb, kc = k->kc, kd = k->kd, ke = k->ke;

  RULE_A(w, x, y, z, n, ka); RULE_A(z, w, x, y, n, kb);
  RULE_A(y, z, w, x, n, kc); RULE_A(x, y, z, w, n, kd);
  RULE_A(w, x, y, z, n, ke); RULE_A(z, w, x, y, n, ka);
  RULE_A(y, z, w, x, n, kb); RULE_A(x, y, z, w, n, kc);
  RULE_B(w, x, y, z, n, kd); RULE_B(z, w, x, y, n, ke);
  RULE_B(y, z, w, x, n, ka); RULE_B(x, y, z, w, n, kb);
  RULE_B(w, x, y, z, n, kc); RULE_B(z, w, x, y, n, kd);
  RULE_B(y, z, w, x, n, ke); RULE_B(x, y, z, w, n, ka);
  RULE_A(w, x, y, z, n, kb); RULE_A(z, w, x, y, n, kc);
  RULE_A(y, z, w, x, n, kd); RULE_A(x, y, z, w, n, ke);
  RULE_A(w, x, y, z, n, ka); RULE_A(z, w, x, y, n, kb);
  RULE_A(y, z, w, x, n, kc); RULE_A(x, y, z, w, n, kd);
  RULE_B(w, x, y, z, n, ke); RULE_B(z, w, x, y, n, ka);
  RULE_B(y, z, w, x, n, kb); RULE_B(x, y, z, w, n, kc);
  RULE_B(w, x, y, z, n, kd); RULE_B(z, w, x, y, n, ke);
  RULE_B(y, z, w, x, n, ka); RULE_B(x, y, z, w, n, kb);

  d[0] = ((uint32)w << 16) | (uint32)x;
  d[1] = ((uint32)y << 16) | (uint32)z;
}

#define G_INV(x, k) do {						\
  octet _x = U8(x >> 8), _y = U8(x);					\
  _y ^= skipjack_s[_x ^ U8(k >>	 0)];					\
  _x ^= skipjack_s[_y ^ U8(k >>	 8)];					\
  _y ^= skipjack_s[_x ^ U8(k >> 16)];					\
  _x ^= skipjack_s[_y ^ U8(k >> 24)];					\
  x = (_x << 8) | _y;							\
} while (0)

#define RULE_A_INV(w, x, y, z, n, i) do {				\
  w ^= x ^ --n; G_INV(x, i);						\
} while (0)

#define RULE_B_INV(w, x, y, z, n, i) do {				\
  G_INV(x, i); y ^= x ^ --n;						\
} while (0)

void skipjack_dblk(const skipjack_ctx *k, const uint32 *s, uint32 *d)
{
  unsigned n = 33;
  uint16 w = U16(s[0] >> 16), x = U16(s[0]);
  uint16 y = U16(s[1] >> 16), z = U16(s[1]);
  uint32 ka = k->ka, kb = k->kb, kc = k->kc, kd = k->kd, ke = k->ke;

  RULE_B_INV(w, x, y, z, n, kb); RULE_B_INV(x, y, z, w, n, ka);
  RULE_B_INV(y, z, w, x, n, ke); RULE_B_INV(z, w, x, y, n, kd);
  RULE_B_INV(w, x, y, z, n, kc); RULE_B_INV(x, y, z, w, n, kb);
  RULE_B_INV(y, z, w, x, n, ka); RULE_B_INV(z, w, x, y, n, ke);
  RULE_A_INV(w, x, y, z, n, kd); RULE_A_INV(x, y, z, w, n, kc);
  RULE_A_INV(y, z, w, x, n, kb); RULE_A_INV(z, w, x, y, n, ka);
  RULE_A_INV(w, x, y, z, n, ke); RULE_A_INV(x, y, z, w, n, kd);
  RULE_A_INV(y, z, w, x, n, kc); RULE_A_INV(z, w, x, y, n, kb);
  RULE_B_INV(w, x, y, z, n, ka); RULE_B_INV(x, y, z, w, n, ke);
  RULE_B_INV(y, z, w, x, n, kd); RULE_B_INV(z, w, x, y, n, kc);
  RULE_B_INV(w, x, y, z, n, kb); RULE_B_INV(x, y, z, w, n, ka);
  RULE_B_INV(y, z, w, x, n, ke); RULE_B_INV(z, w, x, y, n, kd);
  RULE_A_INV(w, x, y, z, n, kc); RULE_A_INV(x, y, z, w, n, kb);
  RULE_A_INV(y, z, w, x, n, ka); RULE_A_INV(z, w, x, y, n, ke);
  RULE_A_INV(w, x, y, z, n, kd); RULE_A_INV(x, y, z, w, n, kc);
  RULE_A_INV(y, z, w, x, n, kb); RULE_A_INV(z, w, x, y, n, ka);

  d[0] = ((uint32)w << 16) | (uint32)x;
  d[1] = ((uint32)y << 16) | (uint32)z;
}

BLKC_TEST(SKIPJACK, skipjack)

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
6a0a5bdc	1	/* --c--
6a0a5bdc	2	*
6a0a5bdc	3	* The Skipjack block cipher
	4	*
	5	* (c) 2000 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
6a0a5bdc	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
6a0a5bdc	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
6a0a5bdc	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
6a0a5bdc	27
	28	/----- Header files ------------------------------------------------------/
	29
	30	#include <mLib/bits.h>
	31
	32	#include "blkc.h"
	33	#include "gcipher.h"
	34	#include "skipjack.h"
6a0a5bdc	35
	36	/----- Global variables --------------------------------------------------/
	37
	38	const octet skipjack_keysz[] = { KSZ_SET, 10, 0 };
	39
	40	/----- The Skipjack S-box ------------------------------------------------/
	41
e5b61a8d	42	extern const octet skipjack_s[256];
6a0a5bdc	43
	44	/----- Main code ---------------------------------------------------------/
	45
	46	/* --- @skipjack_init@ --- *
	47	*
45c0fd36 MW	48	* Arguments: @skipjack_ctx *k@ = pointer to key block
	49	* @const void *buf@ = pointer to key buffer
	50	* @size_t sz@ = size of key material
6a0a5bdc	51	*
45c0fd36	52	* Returns: ---
6a0a5bdc	53	*
45c0fd36	54	* Use: Initializes a Skipjack key buffer. The key buffer must be
6a0a5bdc	55	* exactly 10 bytes long.
	56	*/
	57
	58	void skipjack_init(skipjack_ctx k, const void buf, size_t sz)
	59	{
fe371977	60	const octet *b = buf;
fe371977	61	uint32 crud;
6a0a5bdc	62	KSZ_ASSERT(skipjack, sz);
fe371977	63	k->ka = LOAD32(b);
	64	k->kb = LOAD32(b + 4);
	65	crud = LOAD16(b + 8);
	66	k->kc = U32((crud << 16) \| (k->ka >> 16));
	67	k->kd = U32((k->ka << 16) \| (k->kb >> 16));
	68	k->ke = U32((k->kb << 16) \| crud);
	69	crud = 0;
6a0a5bdc	70	}
	71
	72	/* --- @skipjack_eblk@, @skipjack_dblk@ --- *
	73	*
45c0fd36 MW	74	* Arguments: @const skipjack_ctx *k@ = pointer to key block
	75	* @const uint32 s[2]@ = pointer to source block
	76	* @uint32 d[2]@ = pointer to skipjacktination block
6a0a5bdc	77	*
45c0fd36	78	* Returns: ---
6a0a5bdc	79	*
45c0fd36	80	* Use: Low-level block encryption and decryption.
6a0a5bdc	81	*/
6a0a5bdc	82
fe371977	83	#define G(x, k) do { \
6a0a5bdc	84	octet _x = U8(x >> 8), _y = U8(x); \
e5b61a8d MW	85	_x ^= skipjack_s[_y ^ U8(k >> 24)]; \
	86	_y ^= skipjack_s[_x ^ U8(k >> 16)]; \
	87	_x ^= skipjack_s[_y ^ U8(k >> 8)]; \
	88	_y ^= skipjack_s[_x ^ U8(k >> 0)]; \
fe371977	89	x = (_x << 8) \| _y; \
6a0a5bdc	90	} while (0)
6a0a5bdc	91
fe371977	92	#define RULE_A(w, x, y, z, n, k) do { \
fe371977	93	G(w, k); z ^= w ^ n++; \
6a0a5bdc	94	} while (0)
6a0a5bdc	95
fe371977	96	#define RULE_B(w, x, y, z, n, k) do { \
fe371977	97	x ^= w ^ n++; G(w, k); \
6a0a5bdc	98	} while (0)
	99
	100	void skipjack_eblk(const skipjack_ctx k, const uint32 s, uint32 *d)
	101	{
6a0a5bdc	102	unsigned n = 1;
	103	uint16 w = U16(s[0] >> 16), x = U16(s[0]);
	104	uint16 y = U16(s[1] >> 16), z = U16(s[1]);
fe371977	105	uint32 ka = k->ka, kb = k->kb, kc = k->kc, kd = k->kd, ke = k->ke;
	106
	107	RULE_A(w, x, y, z, n, ka); RULE_A(z, w, x, y, n, kb);
	108	RULE_A(y, z, w, x, n, kc); RULE_A(x, y, z, w, n, kd);
	109	RULE_A(w, x, y, z, n, ke); RULE_A(z, w, x, y, n, ka);
	110	RULE_A(y, z, w, x, n, kb); RULE_A(x, y, z, w, n, kc);
	111	RULE_B(w, x, y, z, n, kd); RULE_B(z, w, x, y, n, ke);
	112	RULE_B(y, z, w, x, n, ka); RULE_B(x, y, z, w, n, kb);
	113	RULE_B(w, x, y, z, n, kc); RULE_B(z, w, x, y, n, kd);
	114	RULE_B(y, z, w, x, n, ke); RULE_B(x, y, z, w, n, ka);
	115	RULE_A(w, x, y, z, n, kb); RULE_A(z, w, x, y, n, kc);
	116	RULE_A(y, z, w, x, n, kd); RULE_A(x, y, z, w, n, ke);
	117	RULE_A(w, x, y, z, n, ka); RULE_A(z, w, x, y, n, kb);
	118	RULE_A(y, z, w, x, n, kc); RULE_A(x, y, z, w, n, kd);
	119	RULE_B(w, x, y, z, n, ke); RULE_B(z, w, x, y, n, ka);
	120	RULE_B(y, z, w, x, n, kb); RULE_B(x, y, z, w, n, kc);
	121	RULE_B(w, x, y, z, n, kd); RULE_B(z, w, x, y, n, ke);
	122	RULE_B(y, z, w, x, n, ka); RULE_B(x, y, z, w, n, kb);
6a0a5bdc	123
	124	d[0] = ((uint32)w << 16) \| (uint32)x;
	125	d[1] = ((uint32)y << 16) \| (uint32)z;
	126	}
	127
fe371977	128	#define G_INV(x, k) do { \
6a0a5bdc	129	octet _x = U8(x >> 8), _y = U8(x); \
e5b61a8d MW	130	_y ^= skipjack_s[_x ^ U8(k >> 0)]; \
	131	_x ^= skipjack_s[_y ^ U8(k >> 8)]; \
	132	_y ^= skipjack_s[_x ^ U8(k >> 16)]; \
	133	_x ^= skipjack_s[_y ^ U8(k >> 24)]; \
fe371977	134	x = (_x << 8) \| _y; \
6a0a5bdc	135	} while (0)
	136
	137	#define RULE_A_INV(w, x, y, z, n, i) do { \
	138	w ^= x ^ --n; G_INV(x, i); \
	139	} while (0)
	140
	141	#define RULE_B_INV(w, x, y, z, n, i) do { \
	142	G_INV(x, i); y ^= x ^ --n; \
	143	} while (0)
	144
	145	void skipjack_dblk(const skipjack_ctx k, const uint32 s, uint32 *d)
	146	{
6a0a5bdc	147	unsigned n = 33;
	148	uint16 w = U16(s[0] >> 16), x = U16(s[0]);
	149	uint16 y = U16(s[1] >> 16), z = U16(s[1]);
fe371977	150	uint32 ka = k->ka, kb = k->kb, kc = k->kc, kd = k->kd, ke = k->ke;
	151
	152	RULE_B_INV(w, x, y, z, n, kb); RULE_B_INV(x, y, z, w, n, ka);
	153	RULE_B_INV(y, z, w, x, n, ke); RULE_B_INV(z, w, x, y, n, kd);
	154	RULE_B_INV(w, x, y, z, n, kc); RULE_B_INV(x, y, z, w, n, kb);
	155	RULE_B_INV(y, z, w, x, n, ka); RULE_B_INV(z, w, x, y, n, ke);
	156	RULE_A_INV(w, x, y, z, n, kd); RULE_A_INV(x, y, z, w, n, kc);
	157	RULE_A_INV(y, z, w, x, n, kb); RULE_A_INV(z, w, x, y, n, ka);
	158	RULE_A_INV(w, x, y, z, n, ke); RULE_A_INV(x, y, z, w, n, kd);
	159	RULE_A_INV(y, z, w, x, n, kc); RULE_A_INV(z, w, x, y, n, kb);
	160	RULE_B_INV(w, x, y, z, n, ka); RULE_B_INV(x, y, z, w, n, ke);
	161	RULE_B_INV(y, z, w, x, n, kd); RULE_B_INV(z, w, x, y, n, kc);
	162	RULE_B_INV(w, x, y, z, n, kb); RULE_B_INV(x, y, z, w, n, ka);
	163	RULE_B_INV(y, z, w, x, n, ke); RULE_B_INV(z, w, x, y, n, kd);
	164	RULE_A_INV(w, x, y, z, n, kc); RULE_A_INV(x, y, z, w, n, kb);
	165	RULE_A_INV(y, z, w, x, n, ka); RULE_A_INV(z, w, x, y, n, ke);
	166	RULE_A_INV(w, x, y, z, n, kd); RULE_A_INV(x, y, z, w, n, kc);
	167	RULE_A_INV(y, z, w, x, n, kb); RULE_A_INV(z, w, x, y, n, ka);
6a0a5bdc	168
	169	d[0] = ((uint32)w << 16) \| (uint32)x;
	170	d[1] = ((uint32)y << 16) \| (uint32)z;
	171	}
	172
	173	BLKC_TEST(SKIPJACK, skipjack)
	174
	175	/----- That's all, folks -------------------------------------------------/