X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/8875ece689377314063458b05e9d5ce3af99ab7f..1d6d3b01cb40e0cfaeb816c87c513695aea0816a:/square.c

diff --git a/square.c b/square.c
index 5111a3d..6ed8d86 100644
--- a/square.c
+++ b/square.c
@@ -1,13 +1,13 @@
 /* -*-c-*-
  *
- * $Id: square.c,v 1.1 2000/07/15 20:51:58 mdw Exp $
+ * $Id: square.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
  *
  * The Square block cipher
  *
  * (c) 2000 Straylight/Edgeware
  */
 
-/*----- Licensing notice --------------------------------------------------* 
+/*----- Licensing notice --------------------------------------------------*
  *
  * This file is part of Catacomb.
  *
@@ -15,26 +15,18 @@
  * it under the terms of the GNU Library General Public License as
  * published by the Free Software Foundation; either version 2 of the
  * License, or (at your option) any later version.
- * 
+ *
  * Catacomb is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU Library General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU Library General Public
  * License along with Catacomb; if not, write to the Free
  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
  * MA 02111-1307, USA.
  */
 
-/*----- Revision history --------------------------------------------------* 
- *
- * $Log: square.c,v $
- * Revision 1.1  2000/07/15 20:51:58  mdw
- * New block cipher.
- *
- */
-
 /*----- Header files ------------------------------------------------------*/
 
 #include <assert.h>
@@ -61,10 +53,6 @@ static const octet rcon[] = SQUARE_RCON;
 
 /*----- Main code ---------------------------------------------------------*/
 
-#define BYTESUB(x, s)							\
-  (s[U8((x) >> 24)] << 24 | s[U8((x) >> 16)] << 16 |			\
-   s[U8((x) >>  8)] <<  8 | s[U8((x) >>  0)] <<  0)
-
 /* --- @square_init@ --- *
  *
  * Arguments:	@square_ctx *k@ = pointer to context to initialize
@@ -119,7 +107,7 @@ void square_init(square_ctx *k, const void *buf, size_t sz)
 
   for (i = 0; i < nr * 4; i++) {
     uint32 w = kk[i];
-    k->w[i] = (U[0][U8(w >>  0)] ^ U[1][U8(w >>  8)] ^
+    k->w[i] = (U[0][U8(w >>  0)] ^ U[1][U8(w >>	 8)] ^
 	       U[2][U8(w >> 16)] ^ U[3][U8(w >> 24)]);
   }
   for (; i < nw; i++)
@@ -148,52 +136,37 @@ void square_init(square_ctx *k, const void *buf, size_t sz)
  * Use:		Low-level block encryption and decryption.
  */
 
-#define EROUND(aa, bb, cc, dd, a, b, c, d, w) do {			\
-  aa = (T[0][U8(a >>  0)] ^ T[1][U8(b >>  0)] ^				\
-	T[2][U8(c >>  0)] ^ T[3][U8(d >>  0)]) ^ *w++;			\
-  bb = (T[0][U8(a >>  8)] ^ T[1][U8(b >>  8)] ^				\
-	T[2][U8(c >>  8)] ^ T[3][U8(d >>  8)]) ^ *w++;			\
-  cc = (T[0][U8(a >> 16)] ^ T[1][U8(b >> 16)] ^				\
-	T[2][U8(c >> 16)] ^ T[3][U8(d >> 16)]) ^ *w++;			\
-  dd = (T[0][U8(a >> 24)] ^ T[1][U8(b >> 24)] ^				\
-	T[2][U8(c >> 24)] ^ T[3][U8(d >> 24)]) ^ *w++;			\
-} while (0)
+#define SUB(s, sh, a, b, c, d)						\
+  (s[U8((a) >> sh)] <<	0 | s[U8((b) >> sh)] <<	 8 |			\
+   s[U8((c) >> sh)] << 16 | s[U8((d) >> sh)] << 24)
+
+#define MIX(t, sh, a, b, c, d)						\
+  (t[0][U8((a) >> sh)] ^ t[1][U8((b) >> sh)] ^				\
+   t[2][U8((c) >> sh)] ^ t[3][U8((d) >> sh)])
 
-#define DROUND(aa, bb, cc, dd, a, b, c, d, w) do {			\
-  aa = (TI[0][U8(a >>  0)] ^ TI[1][U8(b >>  0)] ^			\
-	TI[2][U8(c >>  0)] ^ TI[3][U8(d >>  0)]) ^ *w++;		\
-  bb = (TI[0][U8(a >>  8)] ^ TI[1][U8(b >>  8)] ^			\
-	TI[2][U8(c >>  8)] ^ TI[3][U8(d >>  8)]) ^ *w++;		\
-  cc = (TI[0][U8(a >> 16)] ^ TI[1][U8(b >> 16)] ^			\
-	TI[2][U8(c >> 16)] ^ TI[3][U8(d >> 16)]) ^ *w++;		\
-  dd = (TI[0][U8(a >> 24)] ^ TI[1][U8(b >> 24)] ^			\
-	TI[2][U8(c >> 24)] ^ TI[3][U8(d >> 24)]) ^ *w++;		\
+#define DO(what, t, aa, bb, cc, dd, a, b, c, d, w) do {			\
+  aa = what(t,	0, a, b, c, d) ^ *w++;					\
+  bb = what(t,	8, a, b, c, d) ^ *w++;					\
+  cc = what(t, 16, a, b, c, d) ^ *w++;					\
+  dd = what(t, 24, a, b, c, d) ^ *w++;					\
 } while (0)
 
 void square_eblk(const square_ctx *k, const uint32 *s, uint32 *dst)
 {
   uint32 a = s[0], b = s[1], c = s[2], d = s[3];
   uint32 aa, bb, cc, dd;
-  uint32 *w = k->w;
+  const uint32 *w = k->w;
 
   a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;
 
-  EROUND(aa, bb, cc, dd, a, b, c, d, w);
-  EROUND(a, b, c, d, aa, bb, cc, dd, w);
-  EROUND(aa, bb, cc, dd, a, b, c, d, w);
-  EROUND(a, b, c, d, aa, bb, cc, dd, w);
-  EROUND(aa, bb, cc, dd, a, b, c, d, w);
-  EROUND(a, b, c, d, aa, bb, cc, dd, w);
-  EROUND(aa, bb, cc, dd, a, b, c, d, w);
-
-  a = ((S[U8(aa >>  0)] <<  0) ^ (S[U8(bb >>  0)] <<  8) ^
-       (S[U8(cc >>  0)] << 16) ^ (S[U8(dd >>  0)] << 24)) ^ *w++;
-  b = ((S[U8(aa >>  8)] <<  0) ^ (S[U8(bb >>  8)] <<  8) ^	
-       (S[U8(cc >>  8)] << 16) ^ (S[U8(dd >>  8)] << 24)) ^ *w++;
-  c = ((S[U8(aa >> 16)] <<  0) ^ (S[U8(bb >> 16)] <<  8) ^
-       (S[U8(cc >> 16)] << 16) ^ (S[U8(dd >> 16)] << 24)) ^ *w++;
-  d = ((S[U8(aa >> 24)] <<  0) ^ (S[U8(bb >> 24)] <<  8) ^
-       (S[U8(cc >> 24)] << 16) ^ (S[U8(dd >> 24)] << 24)) ^ *w++;
+  DO(MIX, T, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, T, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, T, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, T, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, T, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, T, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, T, aa, bb, cc, dd, a, b, c, d, w);
+  DO(SUB, S, a, b, c, d, aa, bb, cc, dd, w);
 
   dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
 }
@@ -202,26 +175,18 @@ void square_dblk(const square_ctx *k, const uint32 *s, uint32 *dst)
 {
   uint32 a = s[0], b = s[1], c = s[2], d = s[3];
   uint32 aa, bb, cc, dd;
-  uint32 *w = k->wi;
+  const uint32 *w = k->wi;
 
   a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;
 
-  DROUND(aa, bb, cc, dd, a, b, c, d, w);
-  DROUND(a, b, c, d, aa, bb, cc, dd, w);
-  DROUND(aa, bb, cc, dd, a, b, c, d, w);
-  DROUND(a, b, c, d, aa, bb, cc, dd, w);
-  DROUND(aa, bb, cc, dd, a, b, c, d, w);
-  DROUND(a, b, c, d, aa, bb, cc, dd, w);
-  DROUND(aa, bb, cc, dd, a, b, c, d, w);
-
-  a = ((SI[U8(aa >>  0)] <<  0) ^ (SI[U8(bb >>  0)] <<  8) ^
-       (SI[U8(cc >>  0)] << 16) ^ (SI[U8(dd >>  0)] << 24)) ^ *w++;
-  b = ((SI[U8(aa >>  8)] <<  0) ^ (SI[U8(bb >>  8)] <<  8) ^
-       (SI[U8(cc >>  8)] << 16) ^ (SI[U8(dd >>  8)] << 24)) ^ *w++;
-  c = ((SI[U8(aa >> 16)] <<  0) ^ (SI[U8(bb >> 16)] <<  8) ^
-       (SI[U8(cc >> 16)] << 16) ^ (SI[U8(dd >> 16)] << 24)) ^ *w++;
-  d = ((SI[U8(aa >> 24)] <<  0) ^ (SI[U8(bb >> 24)] <<  8) ^
-       (SI[U8(cc >> 24)] << 16) ^ (SI[U8(dd >> 24)] << 24)) ^ *w++;
+  DO(MIX, TI, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, TI, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, TI, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, TI, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, TI, aa, bb, cc, dd, a, b, c, d, w);
+  DO(MIX, TI, a, b, c, d, aa, bb, cc, dd, w);
+  DO(MIX, TI, aa, bb, cc, dd, a, b, c, d, w);
+  DO(SUB, SI, a, b, c, d, aa, bb, cc, dd, w);
 
   dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
 }