3 * $Id: square.c,v 1.1 2000/07/15 20:51:58 mdw Exp $
5 * The Square block cipher
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2000/07/15 20:51:58 mdw
38 /*----- Header files ------------------------------------------------------*/
43 #include <mLib/bits.h>
49 #include "square-tab.h"
51 /*----- Global variables --------------------------------------------------*/
53 const octet square_keysz
[] = { KSZ_RANGE
, SQUARE_KEYSZ
, 4, 16, 4 };
55 /*----- Constant tables ---------------------------------------------------*/
57 static const octet S
[256] = SQUARE_S
, SI
[256] = SQUARE_SI
;
58 static const uint32 T
[4][256] = SQUARE_T
, TI
[4][256] = SQUARE_TI
;
59 static const uint32 U
[4][256] = SQUARE_U
;
60 static const octet rcon
[] = SQUARE_RCON
;
62 /*----- Main code ---------------------------------------------------------*/
64 #define BYTESUB(x, s) \
65 (s[U8((x) >> 24)] << 24 | s[U8((x) >> 16)] << 16 | \
66 s[U8((x) >> 8)] << 8 | s[U8((x) >> 0)] << 0)
68 /* --- @square_init@ --- *
70 * Arguments: @square_ctx *k@ = pointer to context to initialize
71 * @const void *buf@ = pointer to buffer of key material
72 * @size_t sz@ = size of the key material
76 * Use: Initializes a Square context with a particular key. Square
77 * keys must be a multiple of 32 bits long, and may be at most
81 void square_init(square_ctx
*k
, const void *buf
, size_t sz
)
87 uint32 kk
[SQUARE_KWORDS
];
89 /* --- Sort out the key size --- */
91 KSZ_ASSERT(square
, sz
);
94 /* --- Fetch the first key words out --- */
97 for (i
= 0; i
< nk
; i
++) {
103 /* --- Expand this material to fill the rest of the table --- */
108 for (; i
< nw
; i
++) {
109 uint32 w
= kk
[i
- nk
];
118 /* --- Make the encryption and decryption keys --- */
120 for (i
= 0; i
< nr
* 4; i
++) {
122 k
->w
[i
] = (U
[0][U8(w
>> 0)] ^ U
[1][U8(w
>> 8)] ^
123 U
[2][U8(w
>> 16)] ^ U
[3][U8(w
>> 24)]);
129 for (i
= 0; i
< nr
* 4; i
+= 4) {
131 for (j
= 0; j
< 4; j
++)
132 k
->wi
[i
+ j
] = kk
[jj
+ j
];
134 for (j
= 0; j
< 4; j
++)
135 k
->wi
[i
+ j
] = k
->w
[j
];
140 /* --- @square_eblk@, @square_dblk@ --- *
142 * Arguments: @const square_ctx *k@ = pointer to Square context
143 * @const uint32 s[4]@ = pointer to source block
144 * @uint32 d[4]@ = pointer to destination block
148 * Use: Low-level block encryption and decryption.
151 #define EROUND(aa, bb, cc, dd, a, b, c, d, w) do { \
152 aa = (T[0][U8(a >> 0)] ^ T[1][U8(b >> 0)] ^ \
153 T[2][U8(c >> 0)] ^ T[3][U8(d >> 0)]) ^ *w++; \
154 bb = (T[0][U8(a >> 8)] ^ T[1][U8(b >> 8)] ^ \
155 T[2][U8(c >> 8)] ^ T[3][U8(d >> 8)]) ^ *w++; \
156 cc = (T[0][U8(a >> 16)] ^ T[1][U8(b >> 16)] ^ \
157 T[2][U8(c >> 16)] ^ T[3][U8(d >> 16)]) ^ *w++; \
158 dd = (T[0][U8(a >> 24)] ^ T[1][U8(b >> 24)] ^ \
159 T[2][U8(c >> 24)] ^ T[3][U8(d >> 24)]) ^ *w++; \
162 #define DROUND(aa, bb, cc, dd, a, b, c, d, w) do { \
163 aa = (TI[0][U8(a >> 0)] ^ TI[1][U8(b >> 0)] ^ \
164 TI[2][U8(c >> 0)] ^ TI[3][U8(d >> 0)]) ^ *w++; \
165 bb = (TI[0][U8(a >> 8)] ^ TI[1][U8(b >> 8)] ^ \
166 TI[2][U8(c >> 8)] ^ TI[3][U8(d >> 8)]) ^ *w++; \
167 cc = (TI[0][U8(a >> 16)] ^ TI[1][U8(b >> 16)] ^ \
168 TI[2][U8(c >> 16)] ^ TI[3][U8(d >> 16)]) ^ *w++; \
169 dd = (TI[0][U8(a >> 24)] ^ TI[1][U8(b >> 24)] ^ \
170 TI[2][U8(c >> 24)] ^ TI[3][U8(d >> 24)]) ^ *w++; \
173 void square_eblk(const square_ctx
*k
, const uint32
*s
, uint32
*dst
)
175 uint32 a
= s
[0], b
= s
[1], c
= s
[2], d
= s
[3];
176 uint32 aa
, bb
, cc
, dd
;
179 a
^= *w
++; b
^= *w
++; c
^= *w
++; d
^= *w
++;
181 EROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
182 EROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
183 EROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
184 EROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
185 EROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
186 EROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
187 EROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
189 a
= ((S
[U8(aa
>> 0)] << 0) ^ (S
[U8(bb
>> 0)] << 8) ^
190 (S
[U8(cc
>> 0)] << 16) ^ (S
[U8(dd
>> 0)] << 24)) ^ *w
++;
191 b
= ((S
[U8(aa
>> 8)] << 0) ^ (S
[U8(bb
>> 8)] << 8) ^
192 (S
[U8(cc
>> 8)] << 16) ^ (S
[U8(dd
>> 8)] << 24)) ^ *w
++;
193 c
= ((S
[U8(aa
>> 16)] << 0) ^ (S
[U8(bb
>> 16)] << 8) ^
194 (S
[U8(cc
>> 16)] << 16) ^ (S
[U8(dd
>> 16)] << 24)) ^ *w
++;
195 d
= ((S
[U8(aa
>> 24)] << 0) ^ (S
[U8(bb
>> 24)] << 8) ^
196 (S
[U8(cc
>> 24)] << 16) ^ (S
[U8(dd
>> 24)] << 24)) ^ *w
++;
198 dst
[0] = a
; dst
[1] = b
; dst
[2] = c
; dst
[3] = d
;
201 void square_dblk(const square_ctx
*k
, const uint32
*s
, uint32
*dst
)
203 uint32 a
= s
[0], b
= s
[1], c
= s
[2], d
= s
[3];
204 uint32 aa
, bb
, cc
, dd
;
207 a
^= *w
++; b
^= *w
++; c
^= *w
++; d
^= *w
++;
209 DROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
210 DROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
211 DROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
212 DROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
213 DROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
214 DROUND(a
, b
, c
, d
, aa
, bb
, cc
, dd
, w
);
215 DROUND(aa
, bb
, cc
, dd
, a
, b
, c
, d
, w
);
217 a
= ((SI
[U8(aa
>> 0)] << 0) ^ (SI
[U8(bb
>> 0)] << 8) ^
218 (SI
[U8(cc
>> 0)] << 16) ^ (SI
[U8(dd
>> 0)] << 24)) ^ *w
++;
219 b
= ((SI
[U8(aa
>> 8)] << 0) ^ (SI
[U8(bb
>> 8)] << 8) ^
220 (SI
[U8(cc
>> 8)] << 16) ^ (SI
[U8(dd
>> 8)] << 24)) ^ *w
++;
221 c
= ((SI
[U8(aa
>> 16)] << 0) ^ (SI
[U8(bb
>> 16)] << 8) ^
222 (SI
[U8(cc
>> 16)] << 16) ^ (SI
[U8(dd
>> 16)] << 24)) ^ *w
++;
223 d
= ((SI
[U8(aa
>> 24)] << 0) ^ (SI
[U8(bb
>> 24)] << 8) ^
224 (SI
[U8(cc
>> 24)] << 16) ^ (SI
[U8(dd
>> 24)] << 24)) ^ *w
++;
226 dst
[0] = a
; dst
[1] = b
; dst
[2] = c
; dst
[3] = d
;
229 BLKC_TEST(SQUARE
, square
)
231 /*----- That's all, folks -------------------------------------------------*/