From 0ba18b905ee653e04e60d31a0253b8adcd9b723b Mon Sep 17 00:00:00 2001 From: mdw Date: Tue, 8 May 2001 22:17:42 +0000 Subject: [PATCH] New cipher Noekeon added. --- .cvsignore | 10 +++ Makefile.m4 | 7 +- noekeon.c | 203 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ noekeon.h | 122 +++++++++++++++++++++++++++++++++++ rspit.c | 8 ++- tests/noekeon | 12 ++++ 6 files changed, 359 insertions(+), 3 deletions(-) create mode 100644 noekeon.c create mode 100644 noekeon.h create mode 100644 tests/noekeon diff --git a/.cvsignore b/.cvsignore index 0aadaec..1018e70 100644 --- a/.cvsignore +++ b/.cvsignore @@ -102,6 +102,16 @@ md5-hmac.c md5-hmac.h md5-mgf.c md5-mgf.h +noekeon-cbc.c +noekeon-cbc.h +noekeon-cfb.c +noekeon-cfb.h +noekeon-counter.c +noekeon-counter.h +noekeon-ecb.c +noekeon-ecb.h +noekeon-ofb.c +noekeon-ofb.h rc2-cbc.c rc2-cbc.h rc2-cfb.c diff --git a/Makefile.m4 b/Makefile.m4 index cb60ae6..89ab222 100644 --- a/Makefile.m4 +++ b/Makefile.m4 @@ -1,6 +1,6 @@ ## -*-makefile-*- ## -## $Id: Makefile.m4,v 1.54 2001/05/07 17:32:52 mdw Exp $ +## $Id: Makefile.m4,v 1.55 2001/05/08 22:17:41 mdw Exp $ ## ## Makefile for Catacomb ## @@ -29,6 +29,9 @@ ##----- Revision history ---------------------------------------------------- ## ## $Log: Makefile.m4,v $ +## Revision 1.55 2001/05/08 22:17:41 mdw +## New cipher Noekeon added. +## ## Revision 1.54 2001/05/07 17:32:52 mdw ## New Rijndael block sizes. ## @@ -231,7 +234,7 @@ _(rc2) _(rc5) dnl _(skipjack) dnl _(cast128) _(cast256) dnl _(square) _(rijndael) _(rijndael192) _(rijndael256) dnl -_(serpent)') +_(serpent) _(noekeon)') define(`cipher_modes', `_(ecb) _(cbc) _(cfb) _(ofb) _(counter)') define(`hashes', `dnl diff --git a/noekeon.c b/noekeon.c new file mode 100644 index 0000000..3d0bcba --- /dev/null +++ b/noekeon.c @@ -0,0 +1,203 @@ +/* -*-c-*- + * + * $Id: noekeon.c,v 1.1 2001/05/08 22:17:41 mdw Exp $ + * + * The Noekeon block cipher + * + * (c) 2001 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: noekeon.c,v $ + * Revision 1.1 2001/05/08 22:17:41 mdw + * New cipher Noekeon added. + * + */ + +/*----- Header files ------------------------------------------------------*/ + +#include +#include + +#include + +#include "blkc.h" +#include "gcipher.h" +#include "noekeon.h" + +/*----- Global variables --------------------------------------------------*/ + +const octet noekeon_keysz[] = { KSZ_SET, NOEKEON_KEYSZ, 0 }; + +/*----- Magic constants ---------------------------------------------------*/ + +/* --- To generate the magic --- * + * + * perl -e'@r=();$x=0x80;for(0..16){push(@r,$x);$x<<=1;$x^=0x11b if$x&0x100;} + * i;print join(", ",map{sprintf"0x%02x",$_}@r),"\n";' + */ + +static const octet rcon[17] = { + 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, + 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, + 0xd4 +}; + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @noekeon_init@--- * + * + * Arguments: @noekeon_ctx *k@ = pointer to key block to fill in + * @const void *buf@ = pointer to buffer of key material + * @size_t sz@ = size of key material + * + * Returns: --- + * + * Use: Initializes a Noekeon key buffer. Noekeon accepts a 128-bit + * key. + */ + +void noekeon_init(noekeon_ctx *k, const void *buf, size_t sz) +{ + const octet *p = buf; + static const noekeon_ctx nullkey = { { 0, 0, 0, 0 } }; + + KSZ_ASSERT(noekeon, sz); + k->k[0] = LOAD32(p + 0); + k->k[1] = LOAD32(p + 4); + k->k[2] = LOAD32(p + 8); + k->k[3] = LOAD32(p + 12); + noekeon_eblk(&nullkey, k->k, k->k); +} + +/* --- @noekeon_eblk@, @noekeon_dblk@ --- * + * + * Arguments: @const noekeon_ctx *k@ = pointer to key block + * @const uint32 s[2]@ = pointer to source block + * @uint32 d[2]@ = pointer to destination block + * + * Returns: --- + * + * Use: Low-level block encryption and decryption. + */ + +#define GAMMA(a, b, c, d) do { \ + uint32 _x; \ + b ^= ~(c | d); a ^= b & c; \ + _x = d; d = a; a = _x; \ + c ^= a ^ b ^ d; \ + b ^= ~(c | d); a ^= b & c; \ +} while (0) + +#define THETA(ka, kb, kc, kd, a, b, c, d) do { \ + uint32 _x; \ + _x = a ^ c; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); b ^= _x; d ^= _x; \ + a ^= ka; b ^= kb; c ^= kc; d ^= kd; \ + _x = b ^ d; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); a ^= _x; c ^= _x; \ +} while (0) + +#define ITHETA(ka, kb, kc, kd, a, b, c, d) do { \ + uint32 _x; \ + _x = b ^ d; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); a ^= _x; c ^= _x; \ + a ^= ka; b ^= kb; c ^= kc; d ^= kd; \ + _x = a ^ c; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); b ^= _x; d ^= _x; \ +} while (0) + +#define PI1(a, b, c, d) do { \ + b = ROL32(b, 1); c = ROL32(c, 5); d = ROL32(d, 2); \ +} while (0) + +#define PI2(a, b, c, d) do { \ + b = ROR32(b, 1); c = ROR32(c, 5); d = ROR32(d, 2); \ +} while (0) + +#define ROUND(r, ka, kb, kc, kd, a, b, c, d) do { \ + a ^= *r++; THETA(ka, kb, kc, kd, a, b, c, d); \ + PI1(a, b, c, d); GAMMA(a, b, c, d); PI2(a, b, c, d); \ +} while (0) + +#define IROUND(r, ka, kb, kc, kd, a, b, c, d) do { \ + ITHETA(ka, kb, kc, kd, a, b, c, d); a ^= *--r; \ + PI1(a, b, c, d); GAMMA(a, b, c, d); PI2(a, b, c, d); \ +} while (0) + +void noekeon_eblk(const noekeon_ctx *k, const uint32 *src, uint32 *dst) +{ + uint32 ka = k->k[0], kb = k->k[1], kc = k->k[2], kd = k->k[3]; + uint32 a = src[0], b = src[1], c = src[2], d = src[3]; + const octet *r = rcon; + + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + ROUND(r, ka, kb, kc, kd, a, b, c, d); + + a ^= *r++; THETA(ka, kb, kc, kd, a, b, c, d); + + dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d; +} + +void noekeon_dblk(const noekeon_ctx *k, const uint32 *src, uint32 *dst) +{ + uint32 ka = k->k[0], kb = k->k[1], kc = k->k[2], kd = k->k[3]; + uint32 a = src[0], b = src[1], c = src[2], d = src[3]; + const octet *r = rcon + sizeof(rcon); + + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + IROUND(r, ka, kb, kc, kd, a, b, c, d); + + ITHETA(ka, kb, kc, kd, a, b, c, d); a ^= *--r; + + dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d; +} + +BLKC_TEST(NOEKEON, noekeon) + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/noekeon.h b/noekeon.h new file mode 100644 index 0000000..9a5a43c --- /dev/null +++ b/noekeon.h @@ -0,0 +1,122 @@ +/* -*-c-*- + * + * $Id: noekeon.h,v 1.1 2001/05/08 22:17:41 mdw Exp $ + * + * The Noekeon block cipher + * + * (c) 2000 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: noekeon.h,v $ + * Revision 1.1 2001/05/08 22:17:41 mdw + * New cipher Noekeon added. + * + * Revision 1.3 2001/05/07 17:31:53 mdw + * Separate out key scheduling. + * + * Revision 1.2 2000/10/08 15:48:58 mdw + * Update comments now that AES has been chosen. + * + * Revision 1.1 2000/06/17 11:56:07 mdw + * New cipher. + * + */ + +/*----- Notes on the Noekeon block cipher --------------------------------* + * + * A Nessie entry, by Joan Daemen, Michael Peeters, Gilles Van Assche and + * Vincent Rijmen, two of whom were the designers of the AES winner + * Rijndael. It's a simple cipher, based on Serpent-style bit-slicing. + * Speed is about middle-of-the-road -- about as fast as SAFER, faster than + * MARS. + */ + +#ifndef CATACOMB_NOEKEON_H +#define CATACOMB_NOEKEON_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include + +/*----- Magical numbers ---------------------------------------------------*/ + +#define NOEKEON_BLKSZ 16 +#define NOEKEON_KEYSZ 16 +#define NOEKEON_CLASS (N, B, 128) + +extern const octet noekeon_keysz[]; + +/*----- Data structures ---------------------------------------------------*/ + +typedef struct noekeon_ctx { + uint32 k[4]; +} noekeon_ctx; + +/*----- Functions provided ------------------------------------------------*/ + +/* --- @noekeon_init@ --- * + * + * Arguments: @noekeon_ctx *k@ = pointer to context to initialize + * @const void *buf@ = pointer to buffer of key material + * @size_t sz@ = size of the key material + * + * Returns: --- + * + * Use: Initializes a Noekeon context with a particular key. This + * uses indirect keying. The key must be 128 bits long. + */ + +extern void noekeon_init(noekeon_ctx */*k*/, + const void */*buf*/, size_t /*sz*/); + +/* --- @noekeon_eblk@, @noekeon_dblk@ --- * + * + * Arguments: @const noekeon_ctx *k@ = pointer to Noekeon context + * @const uint32 s[4]@ = pointer to source block + * @uint32 d[4]@ = pointer to destination block + * + * Returns: --- + * + * Use: Low-level block encryption and decryption. + */ + +extern void noekeon_eblk(const noekeon_ctx */*k*/, + const uint32 */*s*/, uint32 */*dst*/); +extern void noekeon_dblk(const noekeon_ctx */*k*/, + const uint32 */*s*/, uint32 */*dst*/); + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif diff --git a/rspit.c b/rspit.c index cce4543..d1c1fcb 100644 --- a/rspit.c +++ b/rspit.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rspit.c,v 1.17 2001/05/07 17:33:19 mdw Exp $ + * $Id: rspit.c,v 1.18 2001/05/08 22:17:41 mdw Exp $ * * Spit out random numbers * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: rspit.c,v $ + * Revision 1.18 2001/05/08 22:17:41 mdw + * New cipher Noekeon added. + * * Revision 1.17 2001/05/07 17:33:19 mdw * New Rijndael block sizes. * @@ -143,6 +146,7 @@ #include "idea-ofb.h" #include "cast128-ofb.h" #include "cast256-ofb.h" +#include "noekeon-ofb.h" #include "rijndael-ofb.h" #include "rijndael192-ofb.h" #include "rijndael256-ofb.h" @@ -164,6 +168,7 @@ #include "idea-counter.h" #include "cast128-counter.h" #include "cast256-counter.h" +#include "noekeon-counter.h" #include "rijndael-counter.h" #include "rijndael192-counter.h" #include "rijndael256-counter.h" @@ -212,6 +217,7 @@ extern gen generators[]; E(SQUARE, square) \ E(SAFER, safer) \ E(SAFERSK, safersk) \ + E(NOEKEON, noekeon) \ E(RIJNDAEL, rijndael) \ E(RIJNDAEL192, rijndael192) \ E(RIJNDAEL256, rijndael256) \ diff --git a/tests/noekeon b/tests/noekeon new file mode 100644 index 0000000..c9ae935 --- /dev/null +++ b/tests/noekeon @@ -0,0 +1,12 @@ +# $Id: noekeon,v 1.1 2001/05/08 22:17:42 mdw Exp $ +# +# Test vectors for Noekeon + +noekeon { + 00000000000000000000000000000000 + 00000000000000000000000000000000 ba6933819299c71699a99f08f678178b; + ffffffffffffffffffffffffffffffff + ffffffffffffffffffffffffffffffff 52f88a7b283c1f7bdf7b6faa5011c7d8; + ba6933819299c71699a99f08f678178b + 52f88a7b283c1f7bdf7b6faa5011c7d8 5096f2bfc82ae6e2d9495515c277fa70; +} -- 2.11.0