From 6a0a5bdca4ee09be70284f0f2c022c9f8faf45a9 Mon Sep 17 00:00:00 2001 From: mdw Date: Sat, 15 Jul 2000 15:39:48 +0000 Subject: [PATCH] The NSA's Skipjack block cipher. --- skipjack.c | 178 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ skipjack.h | 120 ++++++++++++++++++++++++++++++++++++++ tests/skipjack | 9 +++ 3 files changed, 307 insertions(+) create mode 100644 skipjack.c create mode 100644 skipjack.h create mode 100644 tests/skipjack diff --git a/skipjack.c b/skipjack.c new file mode 100644 index 0000000..d871ce9 --- /dev/null +++ b/skipjack.c @@ -0,0 +1,178 @@ +/* -*-c-*- + * + * $Id: skipjack.c,v 1.1 2000/07/15 15:39:33 mdw Exp $ + * + * The Skipjack block cipher + * + * (c) 2000 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: skipjack.c,v $ + * Revision 1.1 2000/07/15 15:39:33 mdw + * The NSA's Skipjack block cipher. + * + */ + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include "blkc.h" +#include "gcipher.h" +#include "skipjack.h" +#include "skipjack-tab.h" + +/*----- Global variables --------------------------------------------------*/ + +const octet skipjack_keysz[] = { KSZ_SET, 10, 0 }; + +/*----- The Skipjack S-box ------------------------------------------------*/ + +static octet f[256] = SKIPJACK_S; + +/*----- Main code ---------------------------------------------------------*/ + +/* --- @skipjack_init@ --- * + * + * Arguments: @skipjack_ctx *k@ = pointer to key block + * @const void *buf@ = pointer to key buffer + * @size_t sz@ = size of key material + * + * Returns: --- + * + * Use: Initializes a Skipjack key buffer. The key buffer must be + * exactly 10 bytes long. + */ + +void skipjack_init(skipjack_ctx *k, const void *buf, size_t sz) +{ + KSZ_ASSERT(skipjack, sz); + memcpy(k->k, buf, sz); +} + +/* --- @skipjack_eblk@, @skipjack_dblk@ --- * + * + * Arguments: @const skipjack_ctx *k@ = pointer to key block + * @const uint32 s[2]@ = pointer to source block + * @uint32 d[2]@ = pointer to skipjacktination block + * + * Returns: --- + * + * Use: Low-level block encryption and decryption. + */ + +#define G(x, i) do { \ + octet _x = U8(x >> 8), _y = U8(x); \ + _x ^= f[_y ^ k->k[i++]]; if (i >= 10) i = 0; \ + _y ^= f[_x ^ k->k[i++]]; if (i >= 10) i = 0; \ + _x ^= f[_y ^ k->k[i++]]; if (i >= 10) i = 0; \ + _y ^= f[_x ^ k->k[i++]]; if (i >= 10) i = 0; \ + x = U16((_x << 8) | _y); \ +} while (0) + +#define RULE_A(w, x, y, z, n, i) do { \ + G(w, i); z ^= w ^ n++; \ +} while (0) + +#define RULE_B(w, x, y, z, n, i) do { \ + x ^= w ^ n++; G(w, i); \ +} while (0) + +void skipjack_eblk(const skipjack_ctx *k, const uint32 *s, uint32 *d) +{ + unsigned i = 0; + unsigned n = 1; + uint16 w = U16(s[0] >> 16), x = U16(s[0]); + uint16 y = U16(s[1] >> 16), z = U16(s[1]); + + RULE_A(w, x, y, z, n, i); RULE_A(z, w, x, y, n, i); + RULE_A(y, z, w, x, n, i); RULE_A(x, y, z, w, n, i); + RULE_A(w, x, y, z, n, i); RULE_A(z, w, x, y, n, i); + RULE_A(y, z, w, x, n, i); RULE_A(x, y, z, w, n, i); + RULE_B(w, x, y, z, n, i); RULE_B(z, w, x, y, n, i); + RULE_B(y, z, w, x, n, i); RULE_B(x, y, z, w, n, i); + RULE_B(w, x, y, z, n, i); RULE_B(z, w, x, y, n, i); + RULE_B(y, z, w, x, n, i); RULE_B(x, y, z, w, n, i); + RULE_A(w, x, y, z, n, i); RULE_A(z, w, x, y, n, i); + RULE_A(y, z, w, x, n, i); RULE_A(x, y, z, w, n, i); + RULE_A(w, x, y, z, n, i); RULE_A(z, w, x, y, n, i); + RULE_A(y, z, w, x, n, i); RULE_A(x, y, z, w, n, i); + RULE_B(w, x, y, z, n, i); RULE_B(z, w, x, y, n, i); + RULE_B(y, z, w, x, n, i); RULE_B(x, y, z, w, n, i); + RULE_B(w, x, y, z, n, i); RULE_B(z, w, x, y, n, i); + RULE_B(y, z, w, x, n, i); RULE_B(x, y, z, w, n, i); + + d[0] = ((uint32)w << 16) | (uint32)x; + d[1] = ((uint32)y << 16) | (uint32)z; +} + +#define G_INV(x, i) do { \ + octet _x = U8(x >> 8), _y = U8(x); \ + _y ^= f[_x ^ k->k[--i]]; if (i == 0) i = 10; \ + _x ^= f[_y ^ k->k[--i]]; if (i == 0) i = 10; \ + _y ^= f[_x ^ k->k[--i]]; if (i == 0) i = 10; \ + _x ^= f[_y ^ k->k[--i]]; if (i == 0) i = 10; \ + x = U16((_x << 8) | _y); \ +} while (0) + +#define RULE_A_INV(w, x, y, z, n, i) do { \ + w ^= x ^ --n; G_INV(x, i); \ +} while (0) + +#define RULE_B_INV(w, x, y, z, n, i) do { \ + G_INV(x, i); y ^= x ^ --n; \ +} while (0) + +void skipjack_dblk(const skipjack_ctx *k, const uint32 *s, uint32 *d) +{ + unsigned i = 8; + unsigned n = 33; + uint16 w = U16(s[0] >> 16), x = U16(s[0]); + uint16 y = U16(s[1] >> 16), z = U16(s[1]); + + RULE_B_INV(w, x, y, z, n, i); RULE_B_INV(x, y, z, w, n, i); + RULE_B_INV(y, z, w, x, n, i); RULE_B_INV(z, w, x, y, n, i); + RULE_B_INV(w, x, y, z, n, i); RULE_B_INV(x, y, z, w, n, i); + RULE_B_INV(y, z, w, x, n, i); RULE_B_INV(z, w, x, y, n, i); + RULE_A_INV(w, x, y, z, n, i); RULE_A_INV(x, y, z, w, n, i); + RULE_A_INV(y, z, w, x, n, i); RULE_A_INV(z, w, x, y, n, i); + RULE_A_INV(w, x, y, z, n, i); RULE_A_INV(x, y, z, w, n, i); + RULE_A_INV(y, z, w, x, n, i); RULE_A_INV(z, w, x, y, n, i); + RULE_B_INV(w, x, y, z, n, i); RULE_B_INV(x, y, z, w, n, i); + RULE_B_INV(y, z, w, x, n, i); RULE_B_INV(z, w, x, y, n, i); + RULE_B_INV(w, x, y, z, n, i); RULE_B_INV(x, y, z, w, n, i); + RULE_B_INV(y, z, w, x, n, i); RULE_B_INV(z, w, x, y, n, i); + RULE_A_INV(w, x, y, z, n, i); RULE_A_INV(x, y, z, w, n, i); + RULE_A_INV(y, z, w, x, n, i); RULE_A_INV(z, w, x, y, n, i); + RULE_A_INV(w, x, y, z, n, i); RULE_A_INV(x, y, z, w, n, i); + RULE_A_INV(y, z, w, x, n, i); RULE_A_INV(z, w, x, y, n, i); + + d[0] = ((uint32)w << 16) | (uint32)x; + d[1] = ((uint32)y << 16) | (uint32)z; +} + +BLKC_TEST(SKIPJACK, skipjack) + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/skipjack.h b/skipjack.h new file mode 100644 index 0000000..9a0b3ca --- /dev/null +++ b/skipjack.h @@ -0,0 +1,120 @@ +/* -*-c-*- + * + * $Id: skipjack.h,v 1.1 2000/07/15 15:39:33 mdw Exp $ + * + * The Skipjack block cipher + * + * (c) 2000 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: skipjack.h,v $ + * Revision 1.1 2000/07/15 15:39:33 mdw + * The NSA's Skipjack block cipher. + * + */ + +/*----- Notes on the Skipjack block cipher --------------------------------* + * + * Skipjack was designed by the NSA, as a type II algorithm to be used in the + * Clipper system. It was initially classified, so that it couldn't be used + * without the key escrow feature, though a team of `respectable' + * cryptographers, including Dorothy Denning, had a quick look at it and + * pronounced it `good', as if this was meant to be convincing. It is + * apparently a particular parameterization of a family which includes type I + * algorithms. Since declassification, Biham has discovered a miss-in-the- + * middle attack which breaks Skipjack with 31 rounds faster than brute + * force. + * + * This implementation is provided for interest's sake, and possibly for + * interoperability, rather than as a good cipher to use. + */ + +#ifndef CATACOMB_SKIPJACK_H +#define CATACOMB_SKIPJACK_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include + +/*----- Magical numbers ---------------------------------------------------*/ + +#define SKIPJACK_BLKSZ 8 +#define SKIPJACK_KEYSZ 10 +#define SKIPJACK_CLASS (N, B, 64) + +extern const octet skipjack_keysz[]; + +/*----- Data structures ---------------------------------------------------*/ + +typedef struct skipjack_ctx { + octet k[10]; +} skipjack_ctx; + +/*----- Functions provided ------------------------------------------------*/ + +/* --- @skipjack_init@ --- * + * + * Arguments: @skipjack_ctx *k@ = pointer to key block + * @const void *buf@ = pointer to key buffer + * @size_t sz@ = size of key material + * + * Returns: --- + * + * Use: Initializes a Skipjack key buffer. The key buffer must be + * exactly 10 bytes long. + */ + +extern void skipjack_init(skipjack_ctx */*k*/, + const void */*buf*/, size_t /*sz*/); + +/* --- @skipjack_eblk@, @skipjack_dblk@ --- * + * + * Arguments: @const skipjack_ctx *k@ = pointer to key block + * @const uint32 s[2]@ = pointer to source block + * @uint32 d[2]@ = pointer to skipjacktination block + * + * Returns: --- + * + * Use: Low-level block encryption and decryption. + */ + +extern void skipjack_eblk(const skipjack_ctx */*k*/, + const uint32 */*s*/, uint32 */*d*/); +extern void skipjack_dblk(const skipjack_ctx */*k*/, + const uint32 */*s*/, uint32 */*d*/); + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif diff --git a/tests/skipjack b/tests/skipjack new file mode 100644 index 0000000..cfdb16f --- /dev/null +++ b/tests/skipjack @@ -0,0 +1,9 @@ +# $Id: skipjack,v 1.1 2000/07/15 15:39:48 mdw Exp $ +# +# Test vectors for Skipjack + +# --- From the Skipjack definition --- + +skipjack { + 00998877665544332211 33221100ddccbbaa 2587cae27a12d300; +} -- 2.11.0