3 * $Id: mars.c,v 1.1 2001/04/29 18:11:19 mdw Exp $
5 * The MARS block cipher
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2001/04/29 18:11:19 mdw
34 * New block cipher MARS.
38 /*----- Header files ------------------------------------------------------*/
43 #include <mLib/bits.h>
51 /*----- Global variables --------------------------------------------------*/
53 const octet mars_keysz
[] = { KSZ_RANGE
, MARS_KEYSZ
, 0, 56, 4 };
55 /*----- Useful tables -----------------------------------------------------*/
57 static const uint32 s
[512] = MARS_S
;
62 /*----- Main code ---------------------------------------------------------*/
64 /* --- @mars_init@ --- *
66 * Arguments: @mars_ctx *k@ = pointer to key block to fill in
67 * @const void *buf@ = pointer to buffer of key material
68 * @size_t sz@ = size of key material
72 * Use: Initializes a MARS key buffer. MARS accepts key sizes
73 * between 128 and 448 bits which are a multiple of 32 bits.
76 void mars_init(mars_ctx
*k
, const void *buf
, size_t sz
)
85 /* --- Copy the key into the temporary buffer --- */
88 for (i
= 0; i
< sz
/4; i
++) {
96 /* --- Now spit out the actual key material --- */
98 for (j
= 0; j
< 4; j
++) {
101 /* --- Do the linear mixing stage --- */
103 for (i
= 0; i
< 15; i
++) {
104 x
= t
[(i
+ 8)%15] ^ t
[(i
+ 13)%15];
105 t
[i
] ^= ROL32(x
, 3) ^ ((i
<< 2) | j
);
108 /* --- Now do the Feistel stirring stage --- */
111 for (ii
= 0; ii
< 4; ii
++) {
112 for (i
= 0; i
< 15; i
++) {
113 x
= t
[i
] + s
[x
& 511u];
114 t
[i
] = x
= ROL32(x
, 9);
118 /* --- And spit out the key material --- */
120 for (i
= 0; i
< 10; i
++)
121 *kk
++ = t
[(4 * i
)%15];
124 /* --- Finally, fix up the multiplicative entries --- */
126 for (i
= 5; i
< 37; i
+= 2) {
131 /* --- Compute the magic mask value --- */
134 for (ii
= 0; ii
<= 22; ii
++) {
136 if ((x
& 0x3ff) == 0x3ff || (x
& 0x3ff) == 0)
139 m
&= ~(((w
^ (w
<< 1)) | (w
^ (w
>> 1))) | 0x80000003);
141 /* --- Add in the bias entry to fix up the key --- */
143 x
= ROL32(bb
[j
], k
->k
[i
- 1]);
144 k
->k
[i
] = w
^ (x
& m
);
148 /* --- @mars_eblk@, @mars_dblk@ --- *
150 * Arguments: @const mars_ctx *k@ = pointer to key block
151 * @const uint32 s[4]@ = pointer to source block
152 * @uint32 d[4]@ = pointer to destination block
156 * Use: Low-level block encryption and decryption.
159 #define KADD(k, a, b, c, d) a += *k++, b += *k++, c += *k++, d += *k++
160 #define KSUB(k, a, b, c, d) a -= *k++, b -= *k++, c -= *k++, d -= *k++
161 #define IKADD(k, a, b, c, d) d += *--k, c += *--k, b += *--k, a += *--k
162 #define IKSUB(k, a, b, c, d) d -= *--k, c -= *--k, b -= *--k, a -= *--k
164 #define MIX(a, b, c, d) do { \
165 b ^= s0[(a >> 0) & 0xff]; \
166 b += s1[(a >> 8) & 0xff]; \
167 c += s0[(a >> 16) & 0xff]; \
168 d ^= s1[(a >> 24) & 0xff]; \
172 #define IMIX(a, b, c, d) do { \
174 d ^= s1[(a >> 24) & 0xff]; \
175 c -= s0[(a >> 16) & 0xff]; \
176 b -= s1[(a >> 8) & 0xff]; \
177 b ^= s0[(a >> 0) & 0xff]; \
180 #define E(x, y, z, k, a) do { \
181 uint32 kx = *k++, ky = *k++; \
183 a = ROL32(a, 13); z = a * ky; z = ROL32(z, 5); \
184 x = s[y & 511u] ^ z; y = ROL32(y, z); \
185 z = ROL32(z, 5); x ^= z; x = ROL32(x, z); \
188 #define IE(x, y, z, k, a) do { \
189 uint32 ky = *--k, kx = *--k; \
191 a = ROR32(a, 13); y = a + kx; z = ROL32(z, 5); \
192 x = s[y & 511u] ^ z; y = ROL32(y, z); \
193 z = ROL32(z, 5); x ^= z; x = ROL32(x, z); \
196 #define ROUND(k, a, b, c, d) do { \
199 b += x; c += y; d ^= z; \
202 #define IROUND(k, a, b, c, d) do { \
205 b -= x; c -= y; d ^= z; \
208 void mars_eblk(const mars_ctx
*k
, const uint32
*src
, uint32
*dst
)
211 const uint32
*kk
= k
->k
;
213 a
= src
[0], b
= src
[1], c
= src
[2], d
= src
[3];
214 KADD(kk
, a
, b
, c
, d
);
216 MIX(a
, b
, c
, d
); a
+= d
; MIX(b
, c
, d
, a
); b
+= c
;
217 MIX(c
, d
, a
, b
); MIX(d
, a
, b
, c
);
218 MIX(a
, b
, c
, d
); a
+= d
; MIX(b
, c
, d
, a
); b
+= c
;
219 MIX(c
, d
, a
, b
); MIX(d
, a
, b
, c
);
221 ROUND(kk
, a
, b
, c
, d
); ROUND(kk
, b
, c
, d
, a
);
222 ROUND(kk
, c
, d
, a
, b
); ROUND(kk
, d
, a
, b
, c
);
223 ROUND(kk
, a
, b
, c
, d
); ROUND(kk
, b
, c
, d
, a
);
224 ROUND(kk
, c
, d
, a
, b
); ROUND(kk
, d
, a
, b
, c
);
226 ROUND(kk
, a
, d
, c
, b
); ROUND(kk
, b
, a
, d
, c
);
227 ROUND(kk
, c
, b
, a
, d
); ROUND(kk
, d
, c
, b
, a
);
228 ROUND(kk
, a
, d
, c
, b
); ROUND(kk
, b
, a
, d
, c
);
229 ROUND(kk
, c
, b
, a
, d
); ROUND(kk
, d
, c
, b
, a
);
231 IMIX(a
, d
, c
, b
); IMIX(b
, a
, d
, c
);
232 c
-= b
; IMIX(c
, b
, a
, d
); d
-= a
; IMIX(d
, c
, b
, a
);
233 IMIX(a
, d
, c
, b
); IMIX(b
, a
, d
, c
);
234 c
-= b
; IMIX(c
, b
, a
, d
); d
-= a
; IMIX(d
, c
, b
, a
);
236 KSUB(kk
, a
, b
, c
, d
);
237 dst
[0] = a
; dst
[1] = b
; dst
[2] = c
; dst
[3] = d
;
240 void mars_dblk(const mars_ctx
*k
, const uint32
*src
, uint32
*dst
)
243 const uint32
*kk
= k
->k
+ 40;
245 a
= src
[0], b
= src
[1], c
= src
[2], d
= src
[3];
246 IKADD(kk
, a
, b
, c
, d
);
248 MIX(d
, c
, b
, a
); d
+= a
; MIX(c
, b
, a
, d
); c
+= b
;
249 MIX(b
, a
, d
, c
); MIX(a
, d
, c
, b
);
250 MIX(d
, c
, b
, a
); d
+= a
; MIX(c
, b
, a
, d
); c
+= b
;
251 MIX(b
, a
, d
, c
); MIX(a
, d
, c
, b
);
253 IROUND(kk
, d
, c
, b
, a
); IROUND(kk
, c
, b
, a
, d
);
254 IROUND(kk
, b
, a
, d
, c
); IROUND(kk
, a
, d
, c
, b
);
255 IROUND(kk
, d
, c
, b
, a
); IROUND(kk
, c
, b
, a
, d
);
256 IROUND(kk
, b
, a
, d
, c
); IROUND(kk
, a
, d
, c
, b
);
258 IROUND(kk
, d
, a
, b
, c
); IROUND(kk
, c
, d
, a
, b
);
259 IROUND(kk
, b
, c
, d
, a
); IROUND(kk
, a
, b
, c
, d
);
260 IROUND(kk
, d
, a
, b
, c
); IROUND(kk
, c
, d
, a
, b
);
261 IROUND(kk
, b
, c
, d
, a
); IROUND(kk
, a
, b
, c
, d
);
263 IMIX(d
, a
, b
, c
); IMIX(c
, d
, a
, b
);
264 b
-= c
; IMIX(b
, c
, d
, a
); a
-= d
; IMIX(a
, b
, c
, d
);
265 IMIX(d
, a
, b
, c
); IMIX(c
, d
, a
, b
);
266 b
-= c
; IMIX(b
, c
, d
, a
); a
-= d
; IMIX(a
, b
, c
, d
);
268 IKSUB(kk
, a
, b
, c
, d
);
269 dst
[0] = a
; dst
[1] = b
; dst
[2] = c
; dst
[3] = d
;
272 BLKC_TEST(MARS
, mars
)
274 /*----- That's all, folks -------------------------------------------------*/