X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/6ced98bd0eb9435f22e745b723e6ebb96e543032..2685767a6125c1620719c7de6234aedf41857b7e:/idea.c diff --git a/idea.c b/idea.c index 5f88948..c0a1d07 100644 --- a/idea.c +++ b/idea.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: idea.c,v 1.2 2000/06/17 11:24:08 mdw Exp $ + * $Id: idea.c,v 1.4 2000/07/15 17:47:58 mdw Exp $ * * Implementation of the IDEA cipher * @@ -30,6 +30,13 @@ /*----- Revision history --------------------------------------------------* * * $Log: idea.c,v $ + * Revision 1.4 2000/07/15 17:47:58 mdw + * Fix bug in decryption key scheduling. + * + * Revision 1.3 2000/07/02 18:24:39 mdw + * Use a new multiplication function from an Ascom white paper to resist + * timing attacks. + * * Revision 1.2 2000/06/17 11:24:08 mdw * New key size interface. * @@ -71,13 +78,16 @@ static uint16 inv(uint16 n) { uint32 m = 0x10001; uint32 a = 1, b = 0; + uint32 nn = n; + if (!nn) + nn = 0x10000; for (;;) { uint32 q, r, t; - if (!(r = m % n)) + if (!(r = m % nn)) break; - q = m / n; - m = n; n = r; + q = m / nn; + m = nn; nn = r; t = a; a = b - q * a; b = t; } if (a > MASK16) @@ -90,22 +100,21 @@ static uint16 inv(uint16 n) * Arguments @x@ and @y@ are two 32-bit values to multiply. On exit, @x@ is * the product of the two arguments. The result is not normalized back to 16 * bits; the arguments are not expected to be normalized. + * + * This code is from `Side Channel Attack Hardening of the IDEA Cipher', + * published by Ascom Tech. */ #define MUL(x, y) do { \ - uint32 _mx, _my = (y); \ - if ((_mx = U16(x)) == 0) \ - (x) = 1 - _my; \ - else if (_my == 0) \ - (x) = 1 - _mx; \ - else { \ - _my *= _mx; \ - _mx = U16(_my); _my >>= 16; \ - if (_mx < _my) \ - (x) = _mx - _my + 1; \ - else \ - (x) = _mx - _my; \ - } \ + unsigned _t; \ + uint32 _tt; \ + \ + x = U16(x - 1); \ + _t = U16(y - 1); \ + _tt = (uint32)x * (uint32)_t + (uint32)x + (uint32)_t + 1; \ + x = U16(_tt); \ + _t = U16(_tt >> 16); \ + x = x - _t + (x <= _t); \ } while (0) /* --- @idea_init@ --- * @@ -209,28 +218,28 @@ void idea_init(idea_ctx *k, const void *buf, size_t sz) /* --- @ROUND@ --- */ #define MIX(k, a, b, c, d) do { \ - MUL(a, (k)[0]); \ - (b) += (k)[1]; \ - (c) += (k)[2]; \ - MUL(d, (k)[3]); \ + MUL(a, k[0]); \ + b += k[1]; \ + c += k[2]; \ + MUL(d, k[3]); \ } while (0) #define MA(k, a, b, c, d) do { \ - unsigned _u = (a) ^ (c); \ - unsigned _v = (b) ^ (d); \ - MUL(_u, (k)[4]); \ + unsigned _u = a ^ c; \ + unsigned _v = b ^ d; \ + MUL(_u, k[4]); \ _v += _u; \ - MUL(_v, (k)[5]); \ + MUL(_v, k[5]); \ _u += _v; \ - (a) ^= _v; \ - (b) ^= _u; \ - (c) ^= _v; \ - (d) ^= _u; \ + a ^= _v; \ + b ^= _u; \ + c ^= _v; \ + d ^= _u; \ } while (0); #define ROUND(k, a, b, c, d) do { \ - MIX((k), (a), (b), (c), (d)); \ - MA((k), (a), (b), (c), (d)); \ + MIX(k, a, b, c, d); \ + MA(k, a, b, c, d); \ (k) += 6; \ } while (0) @@ -252,8 +261,8 @@ void idea_init(idea_ctx *k, const void *buf, size_t sz) ROUND(_k, _a, _b, _c, _d); \ ROUND(_k, _a, _c, _b, _d); \ MIX (_k, _a, _c, _b, _d); \ - (c) = (U16(_a) << 16) | U16(_c); \ - (d) = (U16(_b) << 16) | U16(_d); \ + c = ((uint32)U16(_a) << 16) | (uint32)U16(_c); \ + d = ((uint32)U16(_b) << 16) | (uint32)U16(_d); \ } while (0) #define DBLK(k, a, b) EBLK((k), (a), (b))