3 * $Id: cast256.c,v 1.1 2000/06/17 10:49:14 mdw Exp $
5 * The CAST-256 block cipher
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2000/06/17 10:49:14 mdw
38 /*----- Header files ------------------------------------------------------*/
45 #include <mLib/bits.h>
48 #include "cast-base.h"
53 /*----- Global variables --------------------------------------------------*/
55 const octet cast256_keysz
[] = { KSZ_RANGE
, CAST256_KEYSZ
, 0, 32, 1 };
57 /*----- Main code ---------------------------------------------------------*/
59 /* --- @cast256_init@ --- *
61 * Arguments: @cast128_ctx *k@ = pointer to key block to fill in
62 * @const void *buf@ = pointer to buffer of key material
63 * @size_t sz@ = size of key material
67 * Use: Initializes a CAST-256 key buffer. CAST-256 accepts
68 * 256-bit keys or shorter.
71 void cast256_init(cast256_ctx
*k
, const void *buf
, size_t sz
)
78 uint32 a
, b
, c
, d
, e
, f
, g
, h
;
82 /* --- Fiddle with the key size --- */
84 KSZ_ASSERT(cast256
, sz
);
86 /* --- Read the key into the array --- */
94 a
|= ((uint32
)*p
++ << b
);
110 /* --- Read the key words out --- */
112 a
= kk
[0]; b
= kk
[1]; c
= kk
[2]; d
= kk
[3];
113 e
= kk
[4]; f
= kk
[5]; g
= kk
[6]; h
= kk
[7];
115 #define ROOT2 0x5a827999
116 #define ROOT3 0x6ed9eba1
123 for (i
= 0; i
< 12; i
++) {
124 for (j
= 0; j
< 2; j
++) {
125 CAST_R1(m
, r
, g
, h
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
126 CAST_R2(m
, r
, f
, g
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
127 CAST_R3(m
, r
, e
, f
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
128 CAST_R1(m
, r
, d
, e
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
129 CAST_R2(m
, r
, c
, d
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
130 CAST_R3(m
, r
, b
, c
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
131 CAST_R1(m
, r
, a
, b
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
132 CAST_R2(m
, r
, h
, a
); m
+= ROOT3
; r
= (r
+ 17) & 0x1f;
134 km
[0] = h
; km
[1] = f
; km
[2] = d
; km
[3] = b
;
135 kr
[0] = a
& 0x1f; kr
[1] = c
& 0x1f; kr
[2] = e
& 0x1f; kr
[3] = g
& 0x1f;
140 /* --- @cast256_eblk@, @cast256_dblk@ --- *
142 * Arguments: @const cast256_ctx *k@ = pointer to key block
143 * @const uint32 s[2]@ = pointer to source block
144 * @uint32 d[2]@ = pointer to destination block
148 * Use: Low-level block encryption and decryption.
151 #define Q0(k, r, a, b, c, d) do { \
152 CAST_R1(k[0], r[0], c, d); \
153 CAST_R2(k[1], r[1], b, c); \
154 CAST_R3(k[2], r[2], a, b); \
155 CAST_R1(k[3], r[3], d, a); \
158 #define Q1(k, r, a, b, c, d) do { \
159 CAST_R1(k[3], r[3], d, a); \
160 CAST_R3(k[2], r[2], a, b); \
161 CAST_R2(k[1], r[1], b, c); \
162 CAST_R1(k[0], r[0], c, d); \
165 void cast256_eblk(const cast256_ctx
*k
, const uint32
*s
, uint32
*d
)
167 uint32 aa
= s
[0], bb
= s
[1], cc
= s
[2], dd
= s
[3];
168 const uint32
*km
= k
->km
;
169 const octet
*kr
= k
->kr
;
171 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
172 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
173 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
174 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
175 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
176 Q0(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
178 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
179 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
180 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
181 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
182 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
183 Q1(km
, kr
, aa
, bb
, cc
, dd
); km
+= 4; kr
+= 4;
185 d
[0] = aa
; d
[1] = bb
; d
[2] = cc
; d
[3] = dd
;
188 void cast256_dblk(const cast256_ctx
*k
, const uint32
*s
, uint32
*d
)
190 uint32 aa
= s
[0], bb
= s
[1], cc
= s
[2], dd
= s
[3];
191 const uint32
*km
= k
->km
+ 48;
192 const octet
*kr
= k
->kr
+ 48;
194 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
195 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
196 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
197 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
198 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
199 km
-= 4; kr
-= 4; Q0(km
, kr
, aa
, bb
, cc
, dd
);
201 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
202 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
203 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
204 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
205 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
206 km
-= 4; kr
-= 4; Q1(km
, kr
, aa
, bb
, cc
, dd
);
208 d
[0] = aa
; d
[1] = bb
; d
[2] = cc
; d
[3] = dd
;
211 BLKC_TEST(CAST256
, cast256
)
213 /*----- That's all, folks -------------------------------------------------*/