git.distorted.org.uk Git - u/mdw/catacomb/blob - symm/cast256.c

   1 /* -*-c-*-
   2  *
   3  * The CAST-256 block cipher
   4  *
   5  * (c) 2000 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Catacomb.
  11  *
  12  * Catacomb is free software; you can redistribute it and/or modify
  13  * it under the terms of the GNU Library General Public License as
  14  * published by the Free Software Foundation; either version 2 of the
  15  * License, or (at your option) any later version.
  16  *
  17  * Catacomb is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU Library General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU Library General Public
  23  * License along with Catacomb; if not, write to the Free
  24  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
  25  * MA 02111-1307, USA.
  26  */
  27
  28 /*----- Header files ------------------------------------------------------*/
  29
  30 #include <assert.h>
  31 #include <stdio.h>
  32 #include <stdlib.h>
  33 #include <string.h>
  34
  35 #include <mLib/bits.h>
  36
  37 #include "blkc.h"
  38 #include "cast-base.h"
  39 #include "cast256.h"
  40 #include "gcipher.h"
  41 #include "paranoia.h"
  42
  43 /*----- Global variables --------------------------------------------------*/
  44
  45 const octet cast256_keysz[] = { KSZ_RANGE, CAST256_KEYSZ, 0, 32, 1 };
  46
  47 /*----- Main code ---------------------------------------------------------*/
  48
  49 /* --- @cast256_init@ --- *
  50  *
  51  * Arguments:   @cast128_ctx *k@ = pointer to key block to fill in
  52  *              @const void *buf@ = pointer to buffer of key material
  53  *              @size_t sz@ = size of key material
  54  *
  55  * Returns:     ---
  56  *
  57  * Use:         Initializes a CAST-256 key buffer.  CAST-256 accepts
  58  *              256-bit keys or shorter.
  59  */
  60
  61 void cast256_init(cast256_ctx *k, const void *buf, size_t sz)
  62 {
  63   const octet *p = buf;
  64   uint32 kk[8];
  65   uint32 *km;
  66   octet *kr;
  67   unsigned i, j;
  68   uint32 a, b, c, d, e, f, g, h;
  69   uint32 m;
  70   unsigned r;
  71
  72   /* --- Fiddle with the key size --- */
  73
  74   KSZ_ASSERT(cast256, sz);
  75
  76   /* --- Read the key into the array --- */
  77
  78   i = 0;
  79   b = 32; a = 0;
  80   for (;;) {
  81     if (!sz)
  82       break;
  83     b -= 8;
  84     a |= ((uint32)*p++ << b);
  85     sz--;
  86     if (b == 0) {
  87       kk[i++] = a;
  88       if (i == 8)
  89         break;
  90       a = 0;
  91       b = 32;
  92     }
  93   }
  94
  95   for (; i < 8; i++) {
  96     kk[i] = a;
  97     a = 0;
  98   }
  99
 100   /* --- Read the key words out --- */
 101
 102   a = kk[0]; b = kk[1]; c = kk[2]; d = kk[3];
 103   e = kk[4]; f = kk[5]; g = kk[6]; h = kk[7];
 104
 105 #define ROOT2 0x5a827999
 106 #define ROOT3 0x6ed9eba1
 107
 108   m = ROOT2;
 109   r = 19;
 110
 111   km = k->km;
 112   kr = k->kr;
 113   for (i = 0; i < 12; i++) {
 114     for (j = 0; j < 2; j++) {
 115       CAST_R1(m, r, g, h); m += ROOT3; r = (r + 17) & 0x1f;
 116       CAST_R2(m, r, f, g); m += ROOT3; r = (r + 17) & 0x1f;
 117       CAST_R3(m, r, e, f); m += ROOT3; r = (r + 17) & 0x1f;
 118       CAST_R1(m, r, d, e); m += ROOT3; r = (r + 17) & 0x1f;
 119       CAST_R2(m, r, c, d); m += ROOT3; r = (r + 17) & 0x1f;
 120       CAST_R3(m, r, b, c); m += ROOT3; r = (r + 17) & 0x1f;
 121       CAST_R1(m, r, a, b); m += ROOT3; r = (r + 17) & 0x1f;
 122       CAST_R2(m, r, h, a); m += ROOT3; r = (r + 17) & 0x1f;
 123     }
 124     km[0] = h; km[1] = f; km[2] = d; km[3] = b;
 125     kr[0] = a & 0x1f; kr[1] = c & 0x1f; kr[2] = e & 0x1f; kr[3] = g & 0x1f;
 126     km += 4; kr += 4;
 127   }
 128 }
 129
 130 /* --- @cast256_eblk@, @cast256_dblk@ --- *
 131  *
 132  * Arguments:   @const cast256_ctx *k@ = pointer to key block
 133  *              @const uint32 s[2]@ = pointer to source block
 134  *              @uint32 d[2]@ = pointer to destination block
 135  *
 136  * Returns:     ---
 137  *
 138  * Use:         Low-level block encryption and decryption.
 139  */
 140
 141 #define Q0(k, r, a, b, c, d) do {                                       \
 142   CAST_R1(k[0], r[0], c, d);                                            \
 143   CAST_R2(k[1], r[1], b, c);                                            \
 144   CAST_R3(k[2], r[2], a, b);                                            \
 145   CAST_R1(k[3], r[3], d, a);                                            \
 146 } while (0)
 147
 148 #define Q1(k, r, a, b, c, d) do {                                       \
 149   CAST_R1(k[3], r[3], d, a);                                            \
 150   CAST_R3(k[2], r[2], a, b);                                            \
 151   CAST_R2(k[1], r[1], b, c);                                            \
 152   CAST_R1(k[0], r[0], c, d);                                            \
 153 } while (0)
 154
 155 void cast256_eblk(const cast256_ctx *k, const uint32 *s, uint32 *d)
 156 {
 157   uint32 aa = s[0], bb = s[1], cc = s[2], dd = s[3];
 158   const uint32 *km = k->km;
 159   const octet *kr = k->kr;
 160
 161   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 162   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 163   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 164   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 165   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 166   Q0(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 167
 168   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 169   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 170   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 171   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 172   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 173   Q1(km, kr, aa, bb, cc, dd); km += 4; kr += 4;
 174
 175   d[0] = aa; d[1] = bb; d[2] = cc; d[3] = dd;
 176 }
 177
 178 void cast256_dblk(const cast256_ctx *k, const uint32 *s, uint32 *d)
 179 {
 180   uint32 aa = s[0], bb = s[1], cc = s[2], dd = s[3];
 181   const uint32 *km = k->km + 48;
 182   const octet *kr = k->kr + 48;
 183
 184   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 185   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 186   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 187   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 188   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 189   km -= 4; kr -= 4; Q0(km, kr, aa, bb, cc, dd);
 190
 191   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 192   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 193   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 194   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 195   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 196   km -= 4; kr -= 4; Q1(km, kr, aa, bb, cc, dd);
 197
 198   d[0] = aa; d[1] = bb; d[2] = cc; d[3] = dd;
 199 }
 200
 201 BLKC_TEST(CAST256, cast256)
 202
 203 /*----- That's all, folks -------------------------------------------------*/