--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: noekeon.c,v 1.1 2001/05/08 22:17:41 mdw Exp $
+ *
+ * The Noekeon block cipher
+ *
+ * (c) 2001 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: noekeon.c,v $
+ * Revision 1.1 2001/05/08 22:17:41 mdw
+ * New cipher Noekeon added.
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <assert.h>
+#include <stdio.h>
+
+#include <mLib/bits.h>
+
+#include "blkc.h"
+#include "gcipher.h"
+#include "noekeon.h"
+
+/*----- Global variables --------------------------------------------------*/
+
+const octet noekeon_keysz[] = { KSZ_SET, NOEKEON_KEYSZ, 0 };
+
+/*----- Magic constants ---------------------------------------------------*/
+
+/* --- To generate the magic --- *
+ *
+ * perl -e'@r=();$x=0x80;for(0..16){push(@r,$x);$x<<=1;$x^=0x11b if$x&0x100;}
+ * i;print join(", ",map{sprintf"0x%02x",$_}@r),"\n";'
+ */
+
+static const octet rcon[17] = {
+ 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
+ 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a,
+ 0xd4
+};
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @noekeon_init@--- *
+ *
+ * Arguments: @noekeon_ctx *k@ = pointer to key block to fill in
+ * @const void *buf@ = pointer to buffer of key material
+ * @size_t sz@ = size of key material
+ *
+ * Returns: ---
+ *
+ * Use: Initializes a Noekeon key buffer. Noekeon accepts a 128-bit
+ * key.
+ */
+
+void noekeon_init(noekeon_ctx *k, const void *buf, size_t sz)
+{
+ const octet *p = buf;
+ static const noekeon_ctx nullkey = { { 0, 0, 0, 0 } };
+
+ KSZ_ASSERT(noekeon, sz);
+ k->k[0] = LOAD32(p + 0);
+ k->k[1] = LOAD32(p + 4);
+ k->k[2] = LOAD32(p + 8);
+ k->k[3] = LOAD32(p + 12);
+ noekeon_eblk(&nullkey, k->k, k->k);
+}
+
+/* --- @noekeon_eblk@, @noekeon_dblk@ --- *
+ *
+ * Arguments: @const noekeon_ctx *k@ = pointer to key block
+ * @const uint32 s[2]@ = pointer to source block
+ * @uint32 d[2]@ = pointer to destination block
+ *
+ * Returns: ---
+ *
+ * Use: Low-level block encryption and decryption.
+ */
+
+#define GAMMA(a, b, c, d) do { \
+ uint32 _x; \
+ b ^= ~(c | d); a ^= b & c; \
+ _x = d; d = a; a = _x; \
+ c ^= a ^ b ^ d; \
+ b ^= ~(c | d); a ^= b & c; \
+} while (0)
+
+#define THETA(ka, kb, kc, kd, a, b, c, d) do { \
+ uint32 _x; \
+ _x = a ^ c; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); b ^= _x; d ^= _x; \
+ a ^= ka; b ^= kb; c ^= kc; d ^= kd; \
+ _x = b ^ d; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); a ^= _x; c ^= _x; \
+} while (0)
+
+#define ITHETA(ka, kb, kc, kd, a, b, c, d) do { \
+ uint32 _x; \
+ _x = b ^ d; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); a ^= _x; c ^= _x; \
+ a ^= ka; b ^= kb; c ^= kc; d ^= kd; \
+ _x = a ^ c; _x ^= ROR32(_x, 8) ^ ROL32(_x, 8); b ^= _x; d ^= _x; \
+} while (0)
+
+#define PI1(a, b, c, d) do { \
+ b = ROL32(b, 1); c = ROL32(c, 5); d = ROL32(d, 2); \
+} while (0)
+
+#define PI2(a, b, c, d) do { \
+ b = ROR32(b, 1); c = ROR32(c, 5); d = ROR32(d, 2); \
+} while (0)
+
+#define ROUND(r, ka, kb, kc, kd, a, b, c, d) do { \
+ a ^= *r++; THETA(ka, kb, kc, kd, a, b, c, d); \
+ PI1(a, b, c, d); GAMMA(a, b, c, d); PI2(a, b, c, d); \
+} while (0)
+
+#define IROUND(r, ka, kb, kc, kd, a, b, c, d) do { \
+ ITHETA(ka, kb, kc, kd, a, b, c, d); a ^= *--r; \
+ PI1(a, b, c, d); GAMMA(a, b, c, d); PI2(a, b, c, d); \
+} while (0)
+
+void noekeon_eblk(const noekeon_ctx *k, const uint32 *src, uint32 *dst)
+{
+ uint32 ka = k->k[0], kb = k->k[1], kc = k->k[2], kd = k->k[3];
+ uint32 a = src[0], b = src[1], c = src[2], d = src[3];
+ const octet *r = rcon;
+
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+ ROUND(r, ka, kb, kc, kd, a, b, c, d);
+
+ a ^= *r++; THETA(ka, kb, kc, kd, a, b, c, d);
+
+ dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
+}
+
+void noekeon_dblk(const noekeon_ctx *k, const uint32 *src, uint32 *dst)
+{
+ uint32 ka = k->k[0], kb = k->k[1], kc = k->k[2], kd = k->k[3];
+ uint32 a = src[0], b = src[1], c = src[2], d = src[3];
+ const octet *r = rcon + sizeof(rcon);
+
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+ IROUND(r, ka, kb, kc, kd, a, b, c, d);
+
+ ITHETA(ka, kb, kc, kd, a, b, c, d); a ^= *--r;
+
+ dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
+}
+
+BLKC_TEST(NOEKEON, noekeon)
+
+/*----- That's all, folks -------------------------------------------------*/
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: noekeon.h,v 1.1 2001/05/08 22:17:41 mdw Exp $
+ *
+ * The Noekeon block cipher
+ *
+ * (c) 2000 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: noekeon.h,v $
+ * Revision 1.1 2001/05/08 22:17:41 mdw
+ * New cipher Noekeon added.
+ *
+ * Revision 1.3 2001/05/07 17:31:53 mdw
+ * Separate out key scheduling.
+ *
+ * Revision 1.2 2000/10/08 15:48:58 mdw
+ * Update comments now that AES has been chosen.
+ *
+ * Revision 1.1 2000/06/17 11:56:07 mdw
+ * New cipher.
+ *
+ */
+
+/*----- Notes on the Noekeon block cipher --------------------------------*
+ *
+ * A Nessie entry, by Joan Daemen, Michael Peeters, Gilles Van Assche and
+ * Vincent Rijmen, two of whom were the designers of the AES winner
+ * Rijndael. It's a simple cipher, based on Serpent-style bit-slicing.
+ * Speed is about middle-of-the-road -- about as fast as SAFER, faster than
+ * MARS.
+ */
+
+#ifndef CATACOMB_NOEKEON_H
+#define CATACOMB_NOEKEON_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <stddef.h>
+
+#include <mLib/bits.h>
+
+/*----- Magical numbers ---------------------------------------------------*/
+
+#define NOEKEON_BLKSZ 16
+#define NOEKEON_KEYSZ 16
+#define NOEKEON_CLASS (N, B, 128)
+
+extern const octet noekeon_keysz[];
+
+/*----- Data structures ---------------------------------------------------*/
+
+typedef struct noekeon_ctx {
+ uint32 k[4];
+} noekeon_ctx;
+
+/*----- Functions provided ------------------------------------------------*/
+
+/* --- @noekeon_init@ --- *
+ *
+ * Arguments: @noekeon_ctx *k@ = pointer to context to initialize
+ * @const void *buf@ = pointer to buffer of key material
+ * @size_t sz@ = size of the key material
+ *
+ * Returns: ---
+ *
+ * Use: Initializes a Noekeon context with a particular key. This
+ * uses indirect keying. The key must be 128 bits long.
+ */
+
+extern void noekeon_init(noekeon_ctx */*k*/,
+ const void */*buf*/, size_t /*sz*/);
+
+/* --- @noekeon_eblk@, @noekeon_dblk@ --- *
+ *
+ * Arguments: @const noekeon_ctx *k@ = pointer to Noekeon context
+ * @const uint32 s[4]@ = pointer to source block
+ * @uint32 d[4]@ = pointer to destination block
+ *
+ * Returns: ---
+ *
+ * Use: Low-level block encryption and decryption.
+ */
+
+extern void noekeon_eblk(const noekeon_ctx */*k*/,
+ const uint32 */*s*/, uint32 */*dst*/);
+extern void noekeon_dblk(const noekeon_ctx */*k*/,
+ const uint32 */*s*/, uint32 */*dst*/);
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif