lsh 1.3.4 update

This commit is contained in:
chombier 2001-09-19 08:40:04 +00:00
parent 6747addc5a
commit 272c5355cb
60 changed files with 304 additions and 8213 deletions

Binary file not shown.

File diff suppressed because it is too large Load Diff

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,124 +0,0 @@
/* arcfour.c
*
* This implements the Arcfour stream cipher with 128 bit keys.
*
* The Arcfour cipher is believed to be compatible with the RC4 cipher.
* RC4 is a registered trademark of RSA Data Security Inc.
*
*/
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 1998 Niels Möller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "arcfour.h"
#include <assert.h>
#ifdef RCSID
RCSID("$Id$");
#endif
#define SWAP(a,b) do { int _t = a; a = b; b = _t; } while(0)
void arcfour_init(struct arcfour_ctx *ctx)
{
unsigned i;
/* Initialize context */
for (i = 0; i<256; i++)
ctx->S[i] = i;
}
/* This mode of operation is non-standard and possibly insecure. */
#if 0
void arcfour_update_key(struct arcfour_ctx *ctx,
UINT32 length, const UINT8 *key)
{
register UINT8 i = ctx->i;
register UINT8 j = ctx->j;
unsigned k;
for (k = 0; k<length; k++)
{
i++; i &= 0xff;
j += ctx->S[i] + key[k]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
}
ctx->i = i; ctx->j = j;
}
#endif
void arcfour_stream(struct arcfour_ctx *ctx,
UINT32 length, UINT8 *dest)
{
register UINT8 i = ctx->i;
register UINT8 j = ctx->j;
unsigned k;
for (k = 0; k<length; k++)
{
i++; i &= 0xff;
j += ctx->S[i]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
dest[k] = ctx->S[ (ctx->S[i] + ctx->S[j]) & 0xff ];
}
ctx->i = i; ctx->j = j;
}
void arcfour_set_key(struct arcfour_ctx *ctx, UINT32 length, const UINT8 *key)
{
register UINT8 j; /* Depends on the eight-bitness of these variables. */
unsigned i;
UINT32 k;
/* Initialize context */
arcfour_init(ctx);
assert(length);
/* Expand key */
i = j = k = 0;
for ( ; i<256; i++)
{
j += ctx->S[i] + key[k]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
k = (k+1) % length; /* Repeat key if needed */
}
ctx->i = ctx->j = 0;
}
void arcfour_crypt(struct arcfour_ctx *ctx, UINT8 *dest,
UINT32 length, const UINT8 *src)
{
register UINT8 i, j;
i = ctx->i; j = ctx->j;
while(length--)
{
i++; i &= 0xff;
j += ctx->S[i]; j &= 0xff;
SWAP(ctx->S[i], ctx->S[j]);
*dest++ = *src++ ^ ctx->S[ (ctx->S[i] + ctx->S[j]) & 0xff ];
}
ctx->i = i; ctx->j = j;
}

View File

@ -1,24 +0,0 @@
/* bf_test.c
*
* $Id$
* Test the blow fish implementation. */
#include "blowfish.h"
#include <stdio.h>
#include <stdlib.h>
int main (int argc UNUSED, char **argv UNUSED)
{
if (bf_selftest())
{
fprintf(stderr, "Blowfish works.\n");
return EXIT_SUCCESS;
}
else
{
fprintf(stderr, "ERROR: Blowfish failed.\n");
return EXIT_FAILURE;
}
}

View File

@ -1,621 +0,0 @@
/* blowfish.c - Blowfish encryption
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9. Pages 336 ff.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/*
* Modified by Ray Dassen for use in lsh.
* * Moved BLOWFISH_context and BLOWFISH_ROUNDS to the header file.
* * const-ified it.
*/
/*
* Hacked further by Niels Möller.
*/
/* Test values:
* key "abcdefghijklmnopqrstuvwxyz";
* plain "BLOWFISH"
* cipher 32 4E D0 FE F4 13 A2 03
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "blowfish.h"
#if 0
#define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */
#define CIPHER_ALGO_BLOWFISH160 42 /* blowfish 160 bit key (not in OpenPGP)*/
#define FNCCAST_SETKEY(f) (int(*)(void*, const byte*, unsigned))(f)
#define FNCCAST_CRYPT(f) (void(*)(void*, byte*, const byte*))(f)
static int bf_setkey( BLOWFISH_context *c, const byte *key, unsigned keylen );
static void encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf );
static void decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf );
static void selftest(void);
#endif
/* precomputed S boxes */
static const u32 ks0[256] = {
0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
static const u32 ks1[256] = {
0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
static const u32 ks2[256] = {
0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
static const u32 ks3[256] = {
0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
static const u32 ps[BLOWFISH_ROUNDS+2] = {
0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
#if BLOWFISH_ROUNDS != 16
static inline u32
function_F( BLOWFISH_context *bc, u32 x )
{
unsigned a, b, c, d;
/* FIXME: I don't quite like this hack. It assumes that the byteorder
* is plain big or little endian (and for instance not PDP-ish), and
* that a u32 is exactly 32 bits (while the autoconf stuff only
* guarantees that it is *at least* 32 bits).
*
* On the other hand, taking the address of x makes it difficult to
* place it in a register, which make me wonder if it will really make
* the code run any faster. */
#if BIG_ENDIAN_HOST
#warning BIG_ENDIAN hack used
a = ((byte*)&x)[0];
b = ((byte*)&x)[1];
c = ((byte*)&x)[2];
d = ((byte*)&x)[3];
#elif LITTLE_ENDIAN_HOST
#warning LITTLE_ENDIAN hack used
a = ((byte*)&x)[3];
b = ((byte*)&x)[2];
c = ((byte*)&x)[1];
d = ((byte*)&x)[0];
#else
a = x >> 24;
b = (x >> 16) & 0xff;
c = (x >> 8) & 0xff;
d = x & 0xff;
#endif
return (((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d]) & 0xffffffff;
}
#endif
#if BIG_ENDIAN_HOST
#warning BIG_ENDIAN hack used
#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]]) \
^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
#elif LITTLE_ENDIAN_HOST
#warning LITTLE_ENDIAN hack used
#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]]) \
^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
#else
#define F(x) (((( s0[x>>24] + s1[(x>>16) & 0xff]) \
^ s2[(x>>8) & 0xff]) + s3[x & 0xff]) & 0xffffffff)
#endif
#define R(l,r,i) do { l ^= p[i]; r ^= F(l); } while(0)
static void
encrypt( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
{
#if BLOWFISH_ROUNDS == 16
u32 xl, xr, *s0, *s1, *s2, *s3, *p;
xl = *ret_xl;
xr = *ret_xr;
p = bc->p;
s0 = bc->s0;
s1 = bc->s1;
s2 = bc->s2;
s3 = bc->s3;
R( xl, xr, 0);
R( xr, xl, 1);
R( xl, xr, 2);
R( xr, xl, 3);
R( xl, xr, 4);
R( xr, xl, 5);
R( xl, xr, 6);
R( xr, xl, 7);
R( xl, xr, 8);
R( xr, xl, 9);
R( xl, xr, 10);
R( xr, xl, 11);
R( xl, xr, 12);
R( xr, xl, 13);
R( xl, xr, 14);
R( xr, xl, 15);
xl ^= p[BLOWFISH_ROUNDS];
xr ^= p[BLOWFISH_ROUNDS+1];
*ret_xl = xr;
*ret_xr = xl;
#else
u32 xl, xr, temp, *p;
int i;
xl = *ret_xl;
xr = *ret_xr;
p = bc->p;
for(i=0; i < BLOWFISH_ROUNDS; i++ ) {
xl ^= p[i];
xr ^= function_F(bc, xl);
temp = xl;
xl = xr;
xr = temp;
}
temp = xl;
xl = xr;
xr = temp;
xr ^= p[BLOWFISH_ROUNDS];
xl ^= p[BLOWFISH_ROUNDS+1];
*ret_xl = xl;
*ret_xr = xr;
#endif
}
static void
decrypt( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
{
#if BLOWFISH_ROUNDS == 16
u32 xl, xr, *s0, *s1, *s2, *s3, *p;
xl = *ret_xl;
xr = *ret_xr;
p = bc->p;
s0 = bc->s0;
s1 = bc->s1;
s2 = bc->s2;
s3 = bc->s3;
R( xl, xr, 17);
R( xr, xl, 16);
R( xl, xr, 15);
R( xr, xl, 14);
R( xl, xr, 13);
R( xr, xl, 12);
R( xl, xr, 11);
R( xr, xl, 10);
R( xl, xr, 9);
R( xr, xl, 8);
R( xl, xr, 7);
R( xr, xl, 6);
R( xl, xr, 5);
R( xr, xl, 4);
R( xl, xr, 3);
R( xr, xl, 2);
xl ^= p[1];
xr ^= p[0];
*ret_xl = xr;
*ret_xr = xl;
#else
u32 xl, xr, temp, *p;
int i;
xl = *ret_xl;
xr = *ret_xr;
p = bc->p;
for(i=BLOWFISH_ROUNDS+1; i > 1; i-- ) {
xl ^= p[i];
xr ^= function_F(bc, xl);
temp = xl;
xl = xr;
xr = temp;
}
temp = xl;
xl = xr;
xr = temp;
xr ^= p[1];
xl ^= p[0];
*ret_xl = xl;
*ret_xr = xr;
#endif
}
#undef F
#undef R
void
bf_encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
{
u32 d1, d2;
d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
encrypt( bc, &d1, &d2 );
outbuf[0] = (d1 >> 24) & 0xff;
outbuf[1] = (d1 >> 16) & 0xff;
outbuf[2] = (d1 >> 8) & 0xff;
outbuf[3] = d1 & 0xff;
outbuf[4] = (d2 >> 24) & 0xff;
outbuf[5] = (d2 >> 16) & 0xff;
outbuf[6] = (d2 >> 8) & 0xff;
outbuf[7] = d2 & 0xff;
}
void
bf_decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
{
u32 d1, d2;
d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
decrypt( bc, &d1, &d2 );
outbuf[0] = (d1 >> 24) & 0xff;
outbuf[1] = (d1 >> 16) & 0xff;
outbuf[2] = (d1 >> 8) & 0xff;
outbuf[3] = d1 & 0xff;
outbuf[4] = (d2 >> 24) & 0xff;
outbuf[5] = (d2 >> 16) & 0xff;
outbuf[6] = (d2 >> 8) & 0xff;
outbuf[7] = d2 & 0xff;
}
/* Returns 1 on success, 0 on failure */
int
bf_selftest(void)
{
BLOWFISH_context c;
byte plain[] = "BLOWFISH";
byte buffer[8];
byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
bf_set_key( &c, "abcdefghijklmnopqrstuvwxyz", 26 );
bf_encrypt_block( &c, buffer, plain );
if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
/* log_error("wrong blowfish encryption\n"); */
return 0;
bf_decrypt_block( &c, buffer, buffer );
if( memcmp( buffer, plain, 8 ) )
/* log_bug("blowfish failed\n"); */
return 0;
bf_set_key( &c, key3, 8 );
bf_encrypt_block( &c, buffer, plain3 );
if( memcmp( buffer, cipher3, 8 ) )
/* log_error("wrong blowfish encryption (3)\n"); */
return 0;
bf_decrypt_block( &c, buffer, buffer );
if( memcmp( buffer, plain3, 8 ) )
/* log_bug("blowfish failed (3)\n"); */
return 0;
return 1;
}
int
bf_set_key( BLOWFISH_context *c, const byte *key, unsigned keylen )
{
int i, j;
u32 data, datal, datar;
#if 0
static int initialized = 0;
if( !initialized ) {
initialized = 1;
assert(selftest());
}
#endif
for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
c->p[i] = ps[i];
for(i=0; i < 256; i++ ) {
c->s0[i] = ks0[i];
c->s1[i] = ks1[i];
c->s2[i] = ks2[i];
c->s3[i] = ks3[i];
}
for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) {
#if BIG_ENDIAN_HOST
#werror BIG_ENDIAN hack used
((byte*)&data)[0] = key[j];
((byte*)&data)[1] = key[(j+1)%keylen];
((byte*)&data)[2] = key[(j+2)%keylen];
((byte*)&data)[3] = key[(j+3)%keylen];
#elif LITTLE_ENDIAN_HOST
#werror LITTLE_ENDIAN hack used
((byte*)&data)[3] = key[j];
((byte*)&data)[2] = key[(j+1)%keylen];
((byte*)&data)[1] = key[(j+2)%keylen];
((byte*)&data)[0] = key[(j+3)%keylen];
#else
data = key[j] << 24 | key[(j+1) % keylen] <<16
| key[(j+2)%keylen] << 8 | key[(j+3)%keylen];
#endif
c->p[i] ^= data;
j = (j+4) % keylen;
}
datal = datar = 0;
for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 ) {
encrypt( c, &datal, &datar );
c->p[i] = datal;
c->p[i+1] = datar;
}
for(i=0; i < 256; i += 2 ) {
encrypt( c, &datal, &datar );
c->s0[i] = datal;
c->s0[i+1] = datar;
}
for(i=0; i < 256; i += 2 ) {
encrypt( c, &datal, &datar );
c->s1[i] = datal;
c->s1[i+1] = datar;
}
for(i=0; i < 256; i += 2 ) {
encrypt( c, &datal, &datar );
c->s2[i] = datal;
c->s2[i+1] = datar;
}
for(i=0; i < 256; i += 2 ) {
encrypt( c, &datal, &datar );
c->s3[i] = datal;
c->s3[i+1] = datar;
}
/* Check for weak key. A weak key is a key in which a value in */
/* the P-array (here c) occurs more than once per table. */
for(i=0; i < 255; i++ ) {
for( j=i+1; j < 256; j++) {
if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
(c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
return G10ERR_WEAK_KEY;
}
}
return 0;
}
#if 0
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
* Returns: A pointer to string describing the algorithm or NULL if
* the ALGO is invalid.
*/
const char *
blowfish_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
)
{
*keylen = algo == CIPHER_ALGO_BLOWFISH ? 128 : 160;
*blocksize = BLOWFISH_BLOCKSIZE;
*contextsize = sizeof(BLOWFISH_context);
*r_setkey = FNCCAST_SETKEY(bf_setkey);
*r_encrypt= FNCCAST_CRYPT(encrypt_block);
*r_decrypt= FNCCAST_CRYPT(decrypt_block);
if( algo == CIPHER_ALGO_BLOWFISH )
return "BLOWFISH";
if( algo == CIPHER_ALGO_BLOWFISH160 )
return "BLOWFISH160";
return NULL;
}
#endif

View File

@ -1,330 +0,0 @@
/*
* $Id$
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*
* CAST-128 is documented in
* C. Adams, "The CAST-128 Encryption Algorithm", RFC 2144.
*
*/
/* Adapted to the pike cryptographic toolkit by Niels Möller */
/* Selftest added by J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>.
* Released into the public domain. */
#include <assert.h>
#ifndef MACOS
#include <cast.h>
#else
#include "cast.h"
#endif
#define u8 UINT8
#define u32 UINT32
#include "cast_sboxes.h"
/* Macros to access 8-bit bytes out of a 32-bit word */
#define U8a(x) ( (u8) (x>>24) )
#define U8b(x) ( (u8) ((x>>16)&255) )
#define U8c(x) ( (u8) ((x>>8)&255) )
#define U8d(x) ( (u8) ((x)&255) )
/* Circular left shift */
#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
/* CAST-128 uses three different round functions */
#define F1(l, r, i) \
t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) \
- cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
#define F2(l, r, i) \
t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) \
+ cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
#define F3(l, r, i) \
t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) \
^ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
/***** Encryption Function *****/
void cast_encrypt(struct cast_key *key, const u8 * const inblock, u8 *outblock)
{
u32 t, l, r;
/* Get inblock into l,r */
l = ((u32)inblock[0] << 24) | ((u32)inblock[1] << 16)
| ((u32)inblock[2] << 8) | (u32)inblock[3];
r = ((u32)inblock[4] << 24) | ((u32)inblock[5] << 16)
| ((u32)inblock[6] << 8) | (u32)inblock[7];
/* Do the work */
F1(l, r, 0);
F2(r, l, 1);
F3(l, r, 2);
F1(r, l, 3);
F2(l, r, 4);
F3(r, l, 5);
F1(l, r, 6);
F2(r, l, 7);
F3(l, r, 8);
F1(r, l, 9);
F2(l, r, 10);
F3(r, l, 11);
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
F1(l, r, 12);
F2(r, l, 13);
F3(l, r, 14);
F1(r, l, 15);
}
/* Put l,r into outblock */
outblock[0] = U8a(r);
outblock[1] = U8b(r);
outblock[2] = U8c(r);
outblock[3] = U8d(r);
outblock[4] = U8a(l);
outblock[5] = U8b(l);
outblock[6] = U8c(l);
outblock[7] = U8d(l);
/* Wipe clean */
t = l = r = 0;
}
/***** Decryption Function *****/
void cast_decrypt(struct cast_key *key, const u8 * const inblock, u8 *outblock)
{
u32 t, l, r;
/* Get inblock into l,r */
r = ((u32)inblock[0] << 24) | ((u32)inblock[1] << 16)
| ((u32)inblock[2] << 8) | (u32)inblock[3];
l = ((u32)inblock[4] << 24) | ((u32)inblock[5] << 16)
| ((u32)inblock[6] << 8) | (u32)inblock[7];
/* Do the work */
/* Only do full 16 rounds if key length > 80 bits */
if (key->rounds > 12) {
F1(r, l, 15);
F3(l, r, 14);
F2(r, l, 13);
F1(l, r, 12);
}
F3(r, l, 11);
F2(l, r, 10);
F1(r, l, 9);
F3(l, r, 8);
F2(r, l, 7);
F1(l, r, 6);
F3(r, l, 5);
F2(l, r, 4);
F1(r, l, 3);
F3(l, r, 2);
F2(r, l, 1);
F1(l, r, 0);
/* Put l,r into outblock */
outblock[0] = U8a(l);
outblock[1] = U8b(l);
outblock[2] = U8c(l);
outblock[3] = U8d(l);
outblock[4] = U8a(r);
outblock[5] = U8b(r);
outblock[6] = U8c(r);
outblock[7] = U8d(r);
/* Wipe clean */
t = l = r = 0;
}
/* Sanity check using the test vectors from
* B.1. Single Plaintext-Key-Ciphertext Sets, RFC 2144
*/
int cast_selftest(void)
{
u8 testkey128[16] = {
0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
};
u8 plaintext128[8] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
};
u8 ciphertext128[8] = {
0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2
};
u8 testkey80[10] = {
0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
0x23, 0x45
};
u8 plaintext80[8] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
};
u8 ciphertext80[8] = {
0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B
};
u8 testkey40[5] = {
0x01, 0x23, 0x45, 0x67, 0x12
};
u8 plaintext40[8] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
};
u8 ciphertext40[8] = {
0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E
};
struct cast_key context;
u8 ciphertext[8];
cast_setkey(&context, testkey128, 16);
cast_encrypt(&context, plaintext128, ciphertext);
if (memcmp(ciphertext, ciphertext128, 8)) {
return 0;
}
cast_setkey(&context, testkey80, 10);
cast_encrypt(&context, plaintext80, ciphertext);
if (memcmp(ciphertext, ciphertext80, 8)) {
return 0;
}
cast_setkey(&context, testkey40, 5);
cast_encrypt(&context, plaintext40, ciphertext);
if (memcmp(ciphertext, ciphertext40, 8)) {
return 0;
}
return 1;
}
/***** Key Schedule *****/
void cast_setkey(struct cast_key *key, const u8 * const rawkey, unsigned keybytes)
{
u32 t[4], z[4], x[4];
unsigned i;
#ifndef NDEBUG
static int initialized = 0;
if (!initialized)
{
initialized = 1;
assert(cast_selftest());
}
#endif
/* Set number of rounds to 12 or 16, depending on key length */
key->rounds = (keybytes <= CAST_SMALL_KEY)
? CAST_SMALL_ROUNDS : CAST_FULL_ROUNDS;
/* Copy key to workspace x */
for (i = 0; i < 4; i++) {
x[i] = 0;
if ((i*4+0) < keybytes) x[i] = (u32)rawkey[i*4+0] << 24;
if ((i*4+1) < keybytes) x[i] |= (u32)rawkey[i*4+1] << 16;
if ((i*4+2) < keybytes) x[i] |= (u32)rawkey[i*4+2] << 8;
if ((i*4+3) < keybytes) x[i] |= (u32)rawkey[i*4+3];
}
/* Generate 32 subkeys, four at a time */
for (i = 0; i < 32; i+=4) {
switch (i & 4) {
case 0:
t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])]
^ cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])]
^ cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])];
t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])]
^ cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])]
^ cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])];
t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])]
^ cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])]
^ cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])];
t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^
cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])]
^ cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])];
break;
case 4:
t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])]
^ cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])]
^ cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])];
t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])]
^ cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])]
^ cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])];
t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])]
^ cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])]
^ cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])];
t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])]
^ cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])]
^ cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])];
break;
}
switch (i & 12) {
case 0:
case 12:
key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])]
^ cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])];
key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])]
^ cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])];
key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])]
^ cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])];
key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])]
^ cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])];
break;
case 4:
case 8:
key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])]
^ cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])];
key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])]
^ cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])];
key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])]
^ cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])];
key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])]
^ cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])];
break;
}
switch (i & 12) {
case 0:
key->xkey[i+0] ^= cast_sbox5[U8c(z[0])];
key->xkey[i+1] ^= cast_sbox6[U8c(z[1])];
key->xkey[i+2] ^= cast_sbox7[U8b(z[2])];
key->xkey[i+3] ^= cast_sbox8[U8a(z[3])];
break;
case 4:
key->xkey[i+0] ^= cast_sbox5[U8a(x[2])];
key->xkey[i+1] ^= cast_sbox6[U8b(x[3])];
key->xkey[i+2] ^= cast_sbox7[U8d(x[0])];
key->xkey[i+3] ^= cast_sbox8[U8d(x[1])];
break;
case 8:
key->xkey[i+0] ^= cast_sbox5[U8b(z[2])];
key->xkey[i+1] ^= cast_sbox6[U8a(z[3])];
key->xkey[i+2] ^= cast_sbox7[U8c(z[0])];
key->xkey[i+3] ^= cast_sbox8[U8c(z[1])];
break;
case 12:
key->xkey[i+0] ^= cast_sbox5[U8d(x[0])];
key->xkey[i+1] ^= cast_sbox6[U8d(x[1])];
key->xkey[i+2] ^= cast_sbox7[U8a(x[2])];
key->xkey[i+3] ^= cast_sbox8[U8b(x[3])];
break;
}
if (i >= 16) {
key->xkey[i+0] &= 31;
key->xkey[i+1] &= 31;
key->xkey[i+2] &= 31;
key->xkey[i+3] &= 31;
}
}
/* Wipe clean */
for (i = 0; i < 4; i++) {
t[i] = x[i] = z[i] = 0;
}
}
/* Made in Canada */

View File

@ -1,545 +0,0 @@
/*
* $Id$
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
static const u32 cast_sbox1[256] = {
0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
};
static const u32 cast_sbox2[256] = {
0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
};
static const u32 cast_sbox3[256] = {
0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
};
static const u32 cast_sbox4[256] = {
0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
};
static const u32 cast_sbox5[256] = {
0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
};
static const u32 cast_sbox6[256] = {
0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
};
static const u32 cast_sbox7[256] = {
0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
};
static const u32 cast_sbox8[256] = {
0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
};

View File

@ -1,415 +0,0 @@
/* desCode.h
*
* $Id$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
#include "RCSID.h"
RCSID2(desCode_hRcs, "$Id$");
extern UINT32 des_keymap[], des_bigmap[];
/* optional customization:
* the idea here is to alter the code so it will still run correctly
* on any machine, but the quickest on the specific machine in mind.
* note that these silly tweaks can give you a 15%-20% speed improvement
* on the sparc -- it's probably even more significant on the 68000. */
/* take care of machines with incredibly few registers */
#if defined(i386)
#define REGISTER /* only x, y, z will be declared register */
#else
#define REGISTER register
#endif /* i386 */
/* is auto inc/dec faster than 7bit unsigned indexing? */
#if defined(vax) || defined(mc68000)
#define FIXR r += 32;
#define FIXS s += 8;
#define PREV(v,o) *--v
#define NEXT(v,o) *v++
#else
#define FIXR
#define FIXS
#define PREV(v,o) v[o]
#define NEXT(v,o) v[o]
#endif
/* if no machine type, default is indexing, 6 registers and cheap literals */
#if !defined(i386) && !defined(vax) && !defined(mc68000) && !defined(sparc)
#define vax
#endif
/* handle a compiler which can't reallocate registers */
/* The BYTE type is used as parameter for the encrypt/decrypt functions.
* It's pretty bad to have the function prototypes depend on
* a macro definition that the users of the function doesn't
* know about. - Niels */
#if 0 /* didn't feel like deleting */
#define SREGFREE ; s = (UINT8 *) D
#define DEST s
#define D m0
#define BYTE UINT32
#else
#define SREGFREE
#define DEST d
#define D d
#define BYTE UINT8
#endif
/* handle constants in the optimal way for 386 & vax */
/* 386: we declare 3 register variables (see above) and use 3 more variables;
* vax: we use 6 variables, all declared register;
* we assume address literals are cheap & unrestricted;
* we assume immediate constants are cheap & unrestricted. */
#if defined(i386) || defined(vax)
#define MQ0 des_bigmap
#define MQ1 (des_bigmap + 64)
#define MQ2 (des_bigmap + 128)
#define MQ3 (des_bigmap + 192)
#define HQ0(z) /* z |= 0X01000000L; */
#define HQ2(z) /* z |= 0X03000200L; */
#define LQ0(z) 0XFCFC & z
#define LQ1(z) 0XFCFC & z
#define LQ2(z) 0XFCFC & z
#define LQ3(z) 0XFCFC & z
#define SQ 16
#define MS0 des_keymap
#define MS1 (des_keymap + 64)
#define MS2 (des_keymap + 128)
#define MS3 (des_keymap + 192)
#define MS4 (des_keymap + 256)
#define MS5 (des_keymap + 320)
#define MS6 (des_keymap + 384)
#define MS7 (des_keymap + 448)
#define HS(z)
#define LS0(z) 0XFC & z
#define LS1(z) 0XFC & z
#define LS2(z) 0XFC & z
#define LS3(z) 0XFC & z
#define REGQUICK
#define SETQUICK
#define REGSMALL
#define SETSMALL
#endif /* defined(i386) || defined(vax) */
/* handle constants in the optimal way for mc68000 */
/* in addition to the core 6 variables, we declare 3 registers holding constants
* and 4 registers holding address literals.
* at most 6 data values and 5 address values are actively used at once.
* we assume address literals are so expensive we never use them;
* we assume constant index offsets > 127 are expensive, so they are not used.
* we assume all constants are expensive and put them in registers,
* including shift counts greater than 8. */
#if defined(mc68000)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ k1
#define MS0 m0
#define MS1 m0
#define MS2 m1
#define MS3 m1
#define MS4 m2
#define MS5 m2
#define MS6 m3
#define MS7 m3
#define HS(z) z |= k0;
#define LS0(z) k1 & z
#define LS1(z) k2 & z
#define LS2(z) k1 & z
#define LS3(z) k2 & z
#define REGQUICK \
register UINT32 k0, k1; \
register UINT32 *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0XFCFC \
; k1 = 16 \
/*k2 = 28 to speed up ROL */ \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register UINT32 k0, k1, k2; \
register UINT32 *m0, *m1, *m2, *m3;
#define SETSMALL \
; k0 = 0X01000100L \
; k1 = 0X0FC \
; k2 = 0X1FC \
; m0 = des_keymap \
; m1 = m0 + 128 \
; m2 = m1 + 128 \
; m3 = m2 + 128
#endif /* defined(mc68000) */
/* handle constants in the optimal way for sparc */
/* in addition to the core 6 variables, we either declare:
* 4 registers holding address literals and 1 register holding a constant, or
* 8 registers holding address literals.
* up to 14 register variables are declared (sparc has %i0-%i5, %l0-%l7).
* we assume address literals are so expensive we never use them;
* we assume any constant with >10 bits is expensive and put it in a register,
* and any other is cheap and is coded in-line. */
#if defined(sparc)
#define MQ0 m0
#define MQ1 m1
#define MQ2 m2
#define MQ3 m3
#define HQ0(z)
#define HQ2(z)
#define LQ0(z) k0 & z
#define LQ1(z) k0 & z
#define LQ2(z) k0 & z
#define LQ3(z) k0 & z
#define SQ 16
#define MS0 m0
#define MS1 m1
#define MS2 m2
#define MS3 m3
#define MS4 m4
#define MS5 m5
#define MS6 m6
#define MS7 m7
#define HS(z)
#define LS0(z) 0XFC & z
#define LS1(z) 0XFC & z
#define LS2(z) 0XFC & z
#define LS3(z) 0XFC & z
#define REGQUICK \
register UINT32 k0; \
register UINT32 *m0, *m1, *m2, *m3;
#define SETQUICK \
; k0 = 0XFCFC \
; m0 = des_bigmap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64
#define REGSMALL \
register UINT32 *m0, *m1, *m2, *m3, *m4, *m5, *m6, *m7;
#define SETSMALL \
; m0 = des_keymap \
; m1 = m0 + 64 \
; m2 = m1 + 64 \
; m3 = m2 + 64 \
; m4 = m3 + 64 \
; m5 = m4 + 64 \
; m6 = m5 + 64 \
; m7 = m6 + 64
#endif /* defined(sparc) */
/* some basic stuff */
/* generate addresses from a base and an index */
#define ADD(b,x) (UINT32 *) ((UINT8 *)b + (x))
/* low level rotate operations */
#define NOP(d,c,o)
#define ROL(d,c,o) d = d << c | d >> o
#define ROR(d,c,o) d = d >> c | d << o
#define ROL1(d) ROL(d, 1, 31)
#define ROR1(d) ROR(d, 1, 31)
/* elementary swap for doing IP/FP */
#define SWAP(x,y,m,b) \
z = ((x >> b) ^ y) & m; \
x ^= z << b; \
y ^= z
/* the following macros contain all the important code fragments */
/* load input data, then setup special registers holding constants */
#define TEMPQUICK(LOAD) \
REGQUICK \
LOAD() \
SETQUICK
#define TEMPSMALL(LOAD) \
REGSMALL \
LOAD() \
SETSMALL
/* load data */
#define LOADDATA(x,y) \
FIXS \
y = PREV(s, 7); y<<= 8; \
y |= PREV(s, 6); y<<= 8; \
y |= PREV(s, 5); y<<= 8; \
y |= PREV(s, 4); \
x = PREV(s, 3); x<<= 8; \
x |= PREV(s, 2); x<<= 8; \
x |= PREV(s, 1); x<<= 8; \
x |= PREV(s, 0) \
SREGFREE
/* load data without initial permutation and put into efficient position */
#define LOADCORE() \
LOADDATA(x, y); \
ROR1(x); \
ROR1(y)
/* load data, do the initial permutation and put into efficient position */
#define LOADFIPS() \
LOADDATA(y, x); \
SWAP(x, y, 0X0F0F0F0FL, 004); \
SWAP(y, x, 0X0000FFFFL, 020); \
SWAP(x, y, 0X33333333L, 002); \
SWAP(y, x, 0X00FF00FFL, 010); \
ROR1(x); \
z = (x ^ y) & 0X55555555L; \
y ^= z; \
x ^= z; \
ROR1(y)
/* core encryption/decryption operations */
/* S box mapping and P perm */
#define KEYMAPSMALL(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
hs(z) \
x ^= *ADD(ms3, ls3(z)); \
z>>= 8; \
x ^= *ADD(ms2, ls2(z)); \
z>>= 8; \
x ^= *ADD(ms1, ls1(z)); \
z>>= 8; \
x ^= *ADD(ms0, ls0(z))
/* alternate version: use 64k of tables */
#define KEYMAPQUICK(x,z,mq0,mq1,hq,lq0,lq1,sq,ms0,ms1,ms2,ms3,hs,ls0,ls1,ls2,ls3)\
hq(z) \
x ^= *ADD(mq0, lq0(z)); \
z>>= sq; \
x ^= *ADD(mq1, lq1(z))
/* apply 24 key bits and do the odd s boxes */
#define S7S1(x,y,z,r,m,KEYMAP,LOAD) \
z = LOAD(r, m); \
z ^= y; \
KEYMAP(x,z,MQ0,MQ1,HQ0,LQ0,LQ1,SQ,MS0,MS1,MS2,MS3,HS,LS0,LS1,LS2,LS3)
/* apply 24 key bits and do the even s boxes */
#define S6S0(x,y,z,r,m,KEYMAP,LOAD) \
z = LOAD(r, m); \
z ^= y; \
ROL(z, 4, 28); \
KEYMAP(x,z,MQ2,MQ3,HQ2,LQ2,LQ3,SQ,MS4,MS5,MS6,MS7,HS,LS0,LS1,LS2,LS3)
/* actual iterations. equivalent except for UPDATE & swapping m and n */
#define ENCR(x,y,z,r,m,n,KEYMAP) \
S7S1(x,y,z,r,m,KEYMAP,NEXT); \
S6S0(x,y,z,r,n,KEYMAP,NEXT)
#define DECR(x,y,z,r,m,n,KEYMAP) \
S6S0(x,y,z,r,m,KEYMAP,PREV); \
S7S1(x,y,z,r,n,KEYMAP,PREV)
/* write out result in correct byte order */
#define SAVEDATA(x,y) \
NEXT(DEST, 0) = x; x>>= 8; \
NEXT(DEST, 1) = x; x>>= 8; \
NEXT(DEST, 2) = x; x>>= 8; \
NEXT(DEST, 3) = x; \
NEXT(DEST, 4) = y; y>>= 8; \
NEXT(DEST, 5) = y; y>>= 8; \
NEXT(DEST, 6) = y; y>>= 8; \
NEXT(DEST, 7) = y
/* write out result */
#define SAVECORE() \
ROL1(x); \
ROL1(y); \
SAVEDATA(y, x)
/* do final permutation and write out result */
#define SAVEFIPS() \
ROL1(x); \
z = (x ^ y) & 0X55555555L; \
y ^= z; \
x ^= z; \
ROL1(y); \
SWAP(x, y, 0X00FF00FFL, 010); \
SWAP(y, x, 0X33333333L, 002); \
SWAP(x, y, 0X0000FFFFL, 020); \
SWAP(y, x, 0X0F0F0F0FL, 004); \
SAVEDATA(x, y)
/* the following macros contain the encryption/decryption skeletons */
#define ENCRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
\
void \
NAME(REGISTER BYTE *D, \
REGISTER const UINT32 *r, \
REGISTER const UINT8 *s) \
{ \
register UINT32 x, y, z; \
\
/* declare temps & load data */ \
TEMP(LOAD); \
\
/* do the 16 iterations */ \
ENCR(x,y,z,r, 0, 1,KEYMAP); \
ENCR(y,x,z,r, 2, 3,KEYMAP); \
ENCR(x,y,z,r, 4, 5,KEYMAP); \
ENCR(y,x,z,r, 6, 7,KEYMAP); \
ENCR(x,y,z,r, 8, 9,KEYMAP); \
ENCR(y,x,z,r,10,11,KEYMAP); \
ENCR(x,y,z,r,12,13,KEYMAP); \
ENCR(y,x,z,r,14,15,KEYMAP); \
ENCR(x,y,z,r,16,17,KEYMAP); \
ENCR(y,x,z,r,18,19,KEYMAP); \
ENCR(x,y,z,r,20,21,KEYMAP); \
ENCR(y,x,z,r,22,23,KEYMAP); \
ENCR(x,y,z,r,24,25,KEYMAP); \
ENCR(y,x,z,r,26,27,KEYMAP); \
ENCR(x,y,z,r,28,29,KEYMAP); \
ENCR(y,x,z,r,30,31,KEYMAP); \
\
/* save result */ \
SAVE(); \
\
return; \
}
#define DECRYPT(NAME, TEMP, LOAD, KEYMAP, SAVE) \
\
void \
NAME(REGISTER BYTE *D, \
REGISTER const UINT32 *r, \
REGISTER const UINT8 *s) \
{ \
register UINT32 x, y, z; \
\
/* declare temps & load data */ \
TEMP(LOAD); \
\
/* do the 16 iterations */ \
FIXR \
DECR(x,y,z,r,31,30,KEYMAP); \
DECR(y,x,z,r,29,28,KEYMAP); \
DECR(x,y,z,r,27,26,KEYMAP); \
DECR(y,x,z,r,25,24,KEYMAP); \
DECR(x,y,z,r,23,22,KEYMAP); \
DECR(y,x,z,r,21,20,KEYMAP); \
DECR(x,y,z,r,19,18,KEYMAP); \
DECR(y,x,z,r,17,16,KEYMAP); \
DECR(x,y,z,r,15,14,KEYMAP); \
DECR(y,x,z,r,13,12,KEYMAP); \
DECR(x,y,z,r,11,10,KEYMAP); \
DECR(y,x,z,r, 9, 8,KEYMAP); \
DECR(x,y,z,r, 7, 6,KEYMAP); \
DECR(y,x,z,r, 5, 4,KEYMAP); \
DECR(x,y,z,r, 3, 2,KEYMAP); \
DECR(y,x,z,r, 1, 0,KEYMAP); \
\
/* save result */ \
SAVE(); \
\
return; \
}

View File

@ -1,31 +0,0 @@
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "des.h"
#include "RCSID.h"
RCSID2(desKerb_cRcs, "$Id$");
/* permit the default style of des functions to be changed */
DesFunc *DesCryptFuncs[2] = { DesSmallFipsDecrypt, DesSmallFipsEncrypt };
/* kerberos-compatible key schedule function */
int
des_key_sched(const UINT8 *k, UINT32 *s)
{
return DesMethod(s, k);
}
/* kerberos-compatible des coding function */
int
des_ecb_encrypt(const UINT8 *s, UINT8 *d, const UINT32 *r, int e)
{
(*DesCryptFuncs[e])(d, r, s);
return 0;
}

View File

@ -1,54 +0,0 @@
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*
* Slightly edited by Niels Möller, 1997
*/
#include "des.h"
#include "RCSID.h"
RCSID2(desQuick_cRcs, "$Id$");
extern UINT32 des_keymap[];
/* static information */
static int depth = 0; /* keep track of the request depth */
UINT32 des_bigmap[0x4000]; /* big lookup table */
/* fill in the 64k table used by the `quick' option */
void
DesQuickInit(void)
{
int s1, s3, x;
UINT32 * t0, * t1, * t2, * t3;
if ( depth++ )
return;
t0 = des_bigmap;
t1 = t0 + 64;
t2 = t1 + 64;
t3 = t2 + 64;
for ( s3 = 63; s3 >= 0; s3-- ) {
for ( s1 = 63; s1 >= 0; s1-- ) {
x = (s3 << 8) | s1;
t0[x] = des_keymap[s3+128] ^ des_keymap[s1+192];
t1[x] = des_keymap[s3 ] ^ des_keymap[s1+ 64];
t2[x] = des_keymap[s3+384] ^ des_keymap[s1+448];
t3[x] = des_keymap[s3+256] ^ des_keymap[s1+320];
}
}
}
/* free the 64k table, if necessary */
void
DesQuickDone(void)
{
}

View File

@ -1,3 +0,0 @@
#include "desCode.h"
ENCRYPT(DesQuickCoreEncrypt,TEMPQUICK, LOADCORE,KEYMAPQUICK,SAVECORE)
DECRYPT(DesQuickCoreDecrypt,TEMPQUICK, LOADCORE,KEYMAPQUICK,SAVECORE)

View File

@ -1,3 +0,0 @@
#include "desCode.h"
ENCRYPT(DesQuickFipsEncrypt,TEMPQUICK, LOADFIPS,KEYMAPQUICK,SAVEFIPS)
DECRYPT(DesQuickFipsDecrypt,TEMPQUICK, LOADFIPS,KEYMAPQUICK,SAVEFIPS)

View File

@ -1,3 +0,0 @@
#include "desCode.h"
ENCRYPT(DesSmallCoreEncrypt,TEMPSMALL, LOADCORE,KEYMAPSMALL,SAVECORE)
DECRYPT(DesSmallCoreDecrypt,TEMPSMALL, LOADCORE,KEYMAPSMALL,SAVECORE)

View File

@ -1,3 +0,0 @@
#include "desCode.h"
ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)

View File

@ -1,197 +0,0 @@
/* desTest.c
*
* Exercise the DES routines and collect performance statistics.
*
* $ID:$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#ifndef lint
char desTest_cRcs[] = "$Id$";
#endif
#include "des.h"
#include <stdio.h>
#if 0
/* define now(w) to be the elapsed time in hundredths of a second */
#ifndef __NT__
# include <sys/time.h>
# include <sys/resource.h>
# include <unistd.h>
/* extern getrusage(); */
static struct rusage usage;
# define now(w) ( \
getrusage(RUSAGE_SELF, &usage), \
usage.ru_utime.tv_sec * 100 + \
usage.ru_utime.tv_usec / 10000 \
)
#else
# include <windows.h>
# define now(w) 0
#endif
#endif /* 0 */
/* test data
* the tests (key0-3, text0-3) are cribbed from code which is (c) 1988 MIT
*/
UINT8 keyt[8] = {0x5d, 0x85, 0x91, 0x73, 0xcb, 0x49, 0xdf, 0x2f};
UINT8 key0[8] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80};
UINT8 key1[8] = {0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
UINT8 key2[8] = {0x08, 0x19, 0x2a, 0x3b, 0x4c, 0x5d, 0x6e, 0x7f};
UINT8 key3[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
UINT8 textt[8] = {0x67, 0x1f, 0xc8, 0x93, 0x46, 0x5e, 0xab, 0x1e};
UINT8 text0[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
UINT8 text1[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40};
UINT8 text2[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
UINT8 text3[8] = {'N', 'o', 'w', ' ', 'i', 's', ' ', 't' };
/* work areas */
DesKeys keys;
UINT8 cipher[8], output[8];
/* noisy interfaces to the routines under test */
static void method(const UINT8 *key)
{
int j;
printf("\nkey:\t");
for ( j = 0; j < 8; j++ )
printf("%02X ", key[j]);
if ( des_key_sched(key, keys) )
printf("W");
printf("\t");
}
static void
encode(const UINT8 *src, UINT8 *dst)
{
int j;
printf("clear:\t");
for (j = 0; j < 8; j++)
printf("%02X ", src[j]);
des_ecb_encrypt(src, dst, keys, 1);
printf("\tcipher:\t");
for (j = 0; j < 8; j++)
printf("%02X ", dst[j]);
printf("\n");
}
static void
decode(const UINT8 *src, UINT8 *dst, const UINT8 *check)
{
int j;
printf("cipher:\t");
for (j = 0; j < 8; j++)
printf("%02X ", src[j]);
des_ecb_encrypt(src, dst, keys, 0);
printf("\tclear:\t");
for (j = 0; j < 8; j++)
printf("%02X ", dst[j]);
if(!memcmp(dst,check,8))
printf("Ok\n");
else
printf("FAIL\n");
}
/* run the tests */
int
main(int argc UNUSED, char **argv UNUSED)
{
int j, n;
#if 0
int m, e;
#endif
DesFunc *f;
static char * expect[] = {
"57 99 F7 2A D2 3F AE 4C", "9C C6 2D F4 3B 6E ED 74",
"90 E6 96 A2 AD 56 50 0D", "A3 80 E0 2A 6B E5 46 96",
"43 5C FF C5 68 B3 70 1D", "25 DD AC 3E 96 17 64 67",
"80 B5 07 E1 E6 A7 47 3D", "3F A4 0E 8A 98 4D 48 15",
};
static DesFunc *funcs[] = {
DesQuickCoreEncrypt, DesQuickFipsEncrypt,
DesSmallCoreEncrypt, DesSmallFipsEncrypt,
DesQuickCoreDecrypt, DesQuickFipsDecrypt,
DesSmallCoreDecrypt, DesSmallFipsDecrypt };
#if 0
static char * names[] = {
"QuickCore", "QuickFips",
"SmallCore", "SmallFips" };
#endif
n = 0;
DesQuickInit();
/* do timing info first */
j = 10000;
#if 0
m = now(0);
#endif
do
DesMethod(keys, keyt);
while ( --j );
#if 0
m = now(1) - m;
#endif
do {
DesCryptFuncs[0] = funcs[n+4];
f = DesCryptFuncs[1] = funcs[n ];
j = 100000;
#if 0
e = now(0);
#endif
do
(*f)(cipher, keys, textt);
while ( --j );
#if 0
e = now(1) - e;
printf( "%s: setkey,%5duS; encode,%3d.%1duS.\n",
names[n], m , e/10, e%10);
#endif
/* now check functionality */
method(key0);
printf("cipher?\t%s\n", expect[(n % 2) + 0]);
encode(text0, cipher);
decode(cipher, output, text0);
method(key1);
printf("cipher?\t%s\n", expect[(n % 2) + 2]);
encode(text1, cipher);
decode(cipher, output, text1);
method(key2);
printf("cipher?\t%s\n", expect[(n % 2) + 4]);
encode(text2, cipher);
decode(cipher, output, text2);
method(key3);
printf("cipher?\t%s\n", expect[(n % 2) + 6]);
encode(text3, cipher);
decode(cipher, output, text3);
printf("%c", "\n\f\n\0"[n]);
} while ( ++n < 4 );
DesQuickDone();
return 0;
}

View File

@ -1,171 +0,0 @@
/* desUtil.c
*
* $id:$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "desCode.h"
#include "RCSID.h"
RCSID2(desUtil_cRcs, "$Id$");
/* various tables */
UINT32 des_keymap[] = {
#include "keymap.h"
};
static UINT8 rotors[] = {
#include "rotors.h"
};
static char parity[] = {
#include "parity.h"
};
RCSID2(ego, "\n\nFast DES Library Copyright (c) 1991 Dana L. How\n\n");
/* set up the method list from the key */
int
DesMethod(UINT32 *method, const UINT8 *k)
{
register UINT32 n, w;
register char * b0, * b1;
char bits0[56], bits1[56];
/* check for bad parity and weak keys */
b0 = parity;
n = b0[k[0]]; n <<= 4;
n |= b0[k[1]]; n <<= 4;
n |= b0[k[2]]; n <<= 4;
n |= b0[k[3]]; n <<= 4;
n |= b0[k[4]]; n <<= 4;
n |= b0[k[5]]; n <<= 4;
n |= b0[k[6]]; n <<= 4;
n |= b0[k[7]];
w = 0X88888888L;
/* report bad parity in key */
if ( n & w )
return -1;
/* report a weak or semi-weak key */
if ( !((n - (w >> 3)) & w) ) { /* 1 in 10^10 keys passes this test */
if ( n < 0X41415151 ) {
if ( n < 0X31312121 ) {
if ( n < 0X14141515 ) {
/* 01 01 01 01 01 01 01 01 */
if ( n == 0X11111111 ) return -2;
/* 01 1F 01 1F 01 0E 01 0E */
if ( n == 0X13131212 ) return -2;
} else {
/* 01 E0 01 E0 01 F1 01 F1 */
if ( n == 0X14141515 ) return -2;
/* 01 FE 01 FE 01 FE 01 FE */
if ( n == 0X16161616 ) return -2;
}
} else {
if ( n < 0X34342525 ) {
/* 1F 01 1F 01 0E 01 0E 01 */
if ( n == 0X31312121 ) return -2;
/* 1F 1F 1F 1F 0E 0E 0E 0E */ /* ? */
if ( n == 0X33332222 ) return -2;
} else {
/* 1F E0 1F E0 0E F1 0E F1 */
if ( n == 0X34342525 ) return -2;
/* 1F FE 1F FE 0E FE 0E FE */
if ( n == 0X36362626 ) return -2;
}
}
} else {
if ( n < 0X61616161 ) {
if ( n < 0X44445555 ) {
/* E0 01 E0 01 F1 01 F1 01 */
if ( n == 0X41415151 ) return -2;
/* E0 1F E0 1F F1 0E F1 0E */
if ( n == 0X43435252 ) return -2;
} else {
/* E0 E0 E0 E0 F1 F1 F1 F1 */ /* ? */
if ( n == 0X44445555 ) return -2;
/* E0 FE E0 FE F1 FE F1 FE */
if ( n == 0X46465656 ) return -2;
}
} else {
if ( n < 0X64646565 ) {
/* FE 01 FE 01 FE 01 FE 01 */
if ( n == 0X61616161 ) return -2;
/* FE 1F FE 1F FE 0E FE 0E */
if ( n == 0X63636262 ) return -2;
} else {
/* FE E0 FE E0 FE F1 FE F1 */
if ( n == 0X64646565 ) return -2;
/* FE FE FE FE FE FE FE FE */
if ( n == 0X66666666 ) return -2;
}
}
}
}
/* explode the bits */
n = 56;
b0 = bits0;
b1 = bits1;
do {
w = (256 | *k++) << 2;
do {
--n;
b1[n] = 8 & w;
w >>= 1;
b0[n] = 4 & w;
} while ( w >= 16 );
} while ( n );
/* put the bits in the correct places */
n = 16;
k = rotors;
do {
w = (b1[k[ 0 ]] | b0[k[ 1 ]]) << 4;
w |= (b1[k[ 2 ]] | b0[k[ 3 ]]) << 2;
w |= b1[k[ 4 ]] | b0[k[ 5 ]];
w <<= 8;
w |= (b1[k[ 6 ]] | b0[k[ 7 ]]) << 4;
w |= (b1[k[ 8 ]] | b0[k[ 9 ]]) << 2;
w |= b1[k[10 ]] | b0[k[11 ]];
w <<= 8;
w |= (b1[k[12 ]] | b0[k[13 ]]) << 4;
w |= (b1[k[14 ]] | b0[k[15 ]]) << 2;
w |= b1[k[16 ]] | b0[k[17 ]];
w <<= 8;
w |= (b1[k[18 ]] | b0[k[19 ]]) << 4;
w |= (b1[k[20 ]] | b0[k[21 ]]) << 2;
w |= b1[k[22 ]] | b0[k[23 ]];
method[0] = w;
w = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
w |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
w |= b1[k[ 4+24]] | b0[k[ 5+24]];
w <<= 8;
w |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
w |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
w |= b1[k[10+24]] | b0[k[11+24]];
w <<= 8;
w |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
w |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
w |= b1[k[16+24]] | b0[k[17+24]];
w <<= 8;
w |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
w |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
w |= b1[k[22+24]] | b0[k[23+24]];
ROR(w, 4, 28); /* could be eliminated */
method[1] = w;
k += 48;
method += 2;
} while ( --n );
return 0;
}

Binary file not shown.

View File

@ -1,196 +0,0 @@
/* desdata.c
*
* Generate tables used by desUtil.c and desCode.h.
*
* $Id$ */
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*
*/
#include "desinfo.h"
#include "desCode.h"
#include "RCSID.h"
RCSID2(desdata_cRcs, "$Id$");
/* list of weak and semi-weak keys
+0 +1 +2 +3 +4 +5 +6 +7
0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01
0x01 0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e
0x01 0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1
0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe
0x1f 0x01 0x1f 0x01 0x0e 0x01 0x0e 0x01
0x1f 0x1f 0x1f 0x1f 0x0e 0x0e 0x0e 0x0e
0x1f 0xe0 0x1f 0xe0 0x0e 0xf1 0x0e 0xf1
0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e 0xfe
0xe0 0x01 0xe0 0x01 0xf1 0x01 0xf1 0x01
0xe0 0x1f 0xe0 0x1f 0xf1 0x0e 0xf1 0x0e
0xe0 0xe0 0xe0 0xe0 0xf1 0xf1 0xf1 0xf1
0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1 0xfe
0xfe 0x01 0xfe 0x01 0xfe 0x01 0xfe 0x01
0xfe 0x1f 0xfe 0x1f 0xfe 0x0e 0xfe 0x0e
0xfe 0xe0 0xfe 0xe0 0xfe 0xf1 0xfe 0xf1
0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe 0xfe
*/
/* key bit order in each method pair: bits 31->00 of 1st, bits 31->00 of 2nd */
/* this does not reflect the rotate of the 2nd word */
#define S(box,bit) (box*6+bit)
int korder[] = {
S(7, 5), S(7, 4), S(7, 3), S(7, 2), S(7, 1), S(7, 0),
S(5, 5), S(5, 4), S(5, 3), S(5, 2), S(5, 1), S(5, 0),
S(3, 5), S(3, 4), S(3, 3), S(3, 2), S(3, 1), S(3, 0),
S(1, 5), S(1, 4), S(1, 3), S(1, 2), S(1, 1), S(1, 0),
S(6, 5), S(6, 4), S(6, 3), S(6, 2), S(6, 1), S(6, 0),
S(4, 5), S(4, 4), S(4, 3), S(4, 2), S(4, 1), S(4, 0),
S(2, 5), S(2, 4), S(2, 3), S(2, 2), S(2, 1), S(2, 0),
S(0, 5), S(0, 4), S(0, 3), S(0, 2), S(0, 1), S(0, 0),
};
/* the order in which the algorithm accesses the s boxes */
int sorder[] = {
7, 5, 3, 1, 6, 4, 2, 0,
};
int printf(const char *, ...);
int
main(int argc UNUSED, char **argv UNUSED)
{
UINT32 d, i, j, k, l, m, n, s;
char b[256], ksr[56];
switch ( argv[1][0] ) {
/*
* <<< make the key parity table >>>
*/
case 'p':
(void)printf(
"/* automagically produced - do not fuss with this information */\n\n");
/* store parity information */
for ( i = 0; i < 256; i++ ) {
j = i;
j ^= j >> 4; /* bits 3-0 have pairs */
j ^= j << 2; /* bits 3-2 have quads */
j ^= j << 1; /* bit 3 has the entire eight (no cox) */
b[i] = 8 & ~j; /* 0 is okay and 8 is bad parity */
}
/* only these characters can appear in a weak key */
b[0x01] = 1;
b[0x0e] = 2;
b[0x1f] = 3;
b[0xe0] = 4;
b[0xf1] = 5;
b[0xfe] = 6;
/* print it out */
for ( i = 0; i < 256; i++ ) {
(void)printf("%d,", b[i]);
if ( (i & 31) == 31 )
(void)printf("\n");
}
break;
/*
* <<< make the key usage table >>>
*/
case 'r':
(void)printf("/* automagically made - do not fuss with this */\n\n");
/* KL specifies the initial key bit positions */
for (i = 0; i < 56; i++)
ksr[i] = (KL[i] - 1) ^ 7;
for (i = 0; i < 16; i++) {
/* apply the appropriate number of left shifts */
for (j = 0; j < KS[i]; j++) {
m = ksr[ 0];
n = ksr[28];
for (k = 0; k < 27; k++)
ksr[k ] = ksr[k + 1],
ksr[k + 28] = ksr[k + 29];
ksr[27] = m;
ksr[55] = n;
}
/* output the key bit numbers */
for (j = 0; j < 48; j++) {
m = ksr[KC[korder[j]] - 1];
m = (m / 8) * 7 + (m % 8) - 1;
m = 55 - m;
(void)printf(" %2ld,", (long) m);
if ((j % 12) == 11)
(void)printf("\n");
}
(void)printf("\n");
}
break;
/*
* <<< make the keymap table >>>
*/
case 'k':
(void)printf("/* automagically made - do not fuss with this */\n\n");
for ( i = 0; i <= 7 ; i++ ) {
s = sorder[i];
for ( d = 0; d <= 63; d++ ) {
/* flip bits */
k = ((d << 5) & 32) |
((d << 3) & 16) |
((d << 1) & 8) |
((d >> 1) & 4) |
((d >> 3) & 2) |
((d >> 5) & 1) ;
/* more bit twiddling */
l = ((k << 0) & 32) | /* overlap bit */
((k << 4) & 16) | /* overlap bit */
((k >> 1) & 15) ; /* unique bits */
/* look up s box value */
m = SB[s][l];
/* flip bits */
n = ((m << 3) & 8) |
((m << 1) & 4) |
((m >> 1) & 2) |
((m >> 3) & 1) ;
/* put in correct nybble */
n <<= (s << 2);
/* perform p permutation */
for ( m = j = 0; j < 32; j++ )
if ( n & (1 << (SP[j] - 1)) )
m |= (1 << j);
/* rotate right (alg keeps everything rotated by 1) */
ROR(m, 1, 31);
/* print it out */
(void)printf(" 0x%08lx,", (long) m);
if ( ( d & 3 ) == 3 )
(void)printf("\n");
}
(void)printf("\n");
}
break;
}
return 0;
}

View File

@ -1,99 +0,0 @@
/* desinfo.h
*
* Tables describing DES rather than just this implementation.
* These are used in desdata but NOT in runtime code.
*
* $Id$ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `descore.README' for the complete copyright notice.
*/
#include "RCSID.h"
RCSID2(desinfo_hRcs, "$Id$");
/* the initial permutation, E selection, and final permutation are hardwired */
/* Key Load: how to load the shift register from the user key */
unsigned char KL[] = {
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4,
};
/* Key Shift: how many times to shift the key shift register */
unsigned char KS[] = {
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,
};
/* Key Choose: which key bits from shift reg are used in the key schedule */
unsigned char KC[] = {
14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32,
};
/* S Boxes */
unsigned char SB[8][64] = {
{
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13,
},{
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9,
},{
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12,
},{
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14,
},{
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3,
},{
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13,
},{
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12,
},{
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
}
};
/* Sbox Permutation */
char SP[] = {
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25,
};

View File

@ -1,115 +0,0 @@
/*
* generate_q - Generates the permutations q0 and q1 for twofish.
* Copyright (C) 1999 Ruud de Rooij <ruud@debian.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
typedef unsigned char byte;
#define ror4(x) (((x) >> 1) | (((x) & 1) << 3))
static byte q0(byte x)
{
static byte t0[16] = { 0x8, 0x1, 0x7, 0xD, 0x6, 0xF, 0x3, 0x2,
0x0, 0xB, 0x5, 0x9, 0xE, 0xC, 0xA, 0x4 };
static byte t1[16] = { 0xE, 0xC, 0xB, 0x8, 0x1, 0x2, 0x3, 0x5,
0xF, 0x4, 0xA, 0x6, 0x7, 0x0, 0x9, 0xD };
static byte t2[16] = { 0xB, 0xA, 0x5, 0xE, 0x6, 0xD, 0x9, 0x0,
0xC, 0x8, 0xF, 0x3, 0x2, 0x4, 0x7, 0x1 };
static byte t3[16] = { 0xD, 0x7, 0xF, 0x4, 0x1, 0x2, 0x6, 0xE,
0x9, 0xB, 0x3, 0x0, 0x8, 0x5, 0xC, 0xA };
byte a0 = x / 16;
byte b0 = x % 16;
byte a1 = a0 ^ b0;
byte b1 = a0 ^ ror4(b0) ^ ((8*a0) % 16);
byte a2 = t0[a1];
byte b2 = t1[b1];
byte a3 = a2 ^ b2;
byte b3 = a2 ^ ror4(b2) ^ ((8*a2) % 16);
byte a4 = t2[a3];
byte b4 = t3[b3];
byte y = 16*b4 + a4;
return y;
}
static byte q1(byte x)
{
static byte t0[16] = { 0x2, 0x8, 0xB, 0xD, 0xF, 0x7, 0x6, 0xE,
0x3, 0x1, 0x9, 0x4, 0x0, 0xA, 0xC, 0x5 };
static byte t1[16] = { 0x1, 0xE, 0x2, 0xB, 0x4, 0xC, 0x3, 0x7,
0x6, 0xD, 0xA, 0x5, 0xF, 0x9, 0x0, 0x8 };
static byte t2[16] = { 0x4, 0xC, 0x7, 0x5, 0x1, 0x6, 0x9, 0xA,
0x0, 0xE, 0xD, 0x8, 0x2, 0xB, 0x3, 0xF };
static byte t3[16] = { 0xB, 0x9, 0x5, 0x1, 0xC, 0x3, 0xD, 0xE,
0x6, 0x4, 0x7, 0xF, 0x2, 0x0, 0x8, 0xA };
byte a0 = x / 16;
byte b0 = x % 16;
byte a1 = a0 ^ b0;
byte b1 = a0 ^ ror4(b0) ^ ((8*a0) % 16);
byte a2 = t0[a1];
byte b2 = t1[b1];
byte a3 = a2 ^ b2;
byte b3 = a2 ^ ror4(b2) ^ ((8*a2) % 16);
byte a4 = t2[a3];
byte b4 = t3[b3];
byte y = 16*b4 + a4;
return y;
}
int
main(void)
{
int i, j;
printf("static byte q0[] = { ");
for (i = 0; i < 32; i++) {
for (j = 0; j < 8; j++)
printf("0x%02X, ", q0(i*8+j));
if (i == 31)
printf("};\n\n");
else
printf("\n ");
}
printf("static byte q1[] = { ");
for (i = 0; i < 32; i++) {
for (j = 0; j < 8; j++)
printf("0x%02X, ", q1(i*8+j));
if (i == 31)
printf("};\n");
else
printf("\n ");
}
return 0;
}

View File

@ -1,345 +0,0 @@
/* $Id$
*
* The basic IDEA transformation
*
* Please be aware that IDEA IS PATENT ENCUMBERED; see the note below.
* -------------------------
*
* This implementation is taken from pgp, see note below.
*
* Only primitive operations are done here, chaining modes etc
* are implemented in a higher level program.
*
**********************************************************************
*
* idea.c - C source code for IDEA block cipher.
* IDEA (International Data Encryption Algorithm), formerly known as
* IPES (Improved Proposed Encryption Standard).
* Algorithm developed by Xuejia Lai and James L. Massey, of ETH Zurich.
* This implementation modified and derived from original C code
* developed by Xuejia Lai.
* Zero-based indexing added, names changed from IPES to IDEA.
* CFB functions added. Random number routines added.
*
* Extensively optimized and restructured by Colin Plumb.
*
***********************************************************************
*
* Some changes including endianness cleanup done by Niels Möller.
*
*/
/*
IDEA is patent encumbered; the following information was copied from the
idea.c extension for the GNU Privacy Guard.
The IDEA algorithm is patented by Ascom Systec Ltd. of CH-5506 Maegenwil,
Switzerland, who allow it to be used on a royalty-free basis for certain
non-profit applications. Commercial users must obtain a license from the
company in order to use IDEA. IDEA may be used on a royalty-free basis under
the following conditions:
Free use for private purposes:
The free use of software containing the algorithm is strictly limited to non
revenue generating data transfer between private individuals, ie not serving
commercial purposes. Requests by freeware developers to obtain a
royalty-free license to spread an application program containing the
algorithm for non-commercial purposes must be directed to Ascom.
Special offer for shareware developers:
There is a special waiver for shareware developers. Such waiver eliminates
the upfront fees as well as royalties for the first US$10,000 gross sales of
a product containing the algorithm if and only if:
1. The product is being sold for a minimum of US$10 and a maximum of US$50.
2. The source code for the shareware is available to the public.
Special conditions for research projects:
The use of the algorithm in research projects is free provided that it serves
the purpose of such project and within the project duration. Any use of the
algorithm after the termination of a project including activities resulting
from a project and for purposes not directly related to the project requires
a license.
Ascom Tech requires the following notice to be included for freeware
products:
This software product contains the IDEA algorithm as described and claimed in
US patent 5,214,703, EPO patent 0482154 (covering Austria, France, Germany,
Italy, the Netherlands, Spain, Sweden, Switzerland, and the UK), and Japanese
patent application 508119/1991, "Device for the conversion of a digital block
and use of same" (hereinafter referred to as "the algorithm"). Any use of
the algorithm for commercial purposes is thus subject to a license from Ascom
Systec Ltd. of CH-5506 Maegenwil (Switzerland), being the patentee and sole
owner of all rights, including the trademark IDEA.
Commercial purposes shall mean any revenue generating purpose including but
not limited to:
i) Using the algorithm for company internal purposes (subject to a site
license).
ii) Incorporating the algorithm into any software and distributing such
software and/or providing services relating thereto to others (subject to
a product license).
iii) Using a product containing the algorithm not covered by an IDEA license
(subject to an end user license).
All such end user license agreements are available exclusively from Ascom
Systec Ltd and may be requested via the WWW at http://www.ascom.ch/systec or
by email to idea@ascom.ch.
Use other than for commercial purposes is strictly limited to non-revenue
generating data transfer between private individuals. The use by government
agencies, non-profit organizations, etc is considered as use for commercial
purposes but may be subject to special conditions. Any misuse will be
prosecuted.
*/
#include "crypto_types.h"
#ifndef MACOS
#include <idea.h>
#else
#include "idea.h"
#endif
#include <string.h>
/*-------------------------------------------------------------*/
#define low16(x) ((x) & 0xffff)
/*
* Multiplication, modulo (2**16)+1
* Note that this code is structured on the assumption that
* untaken branches are cheaper than taken branches, and the
* compiler doesn't schedule branches.
*/
#ifdef SMALL_CACHE
const static UINT16
mul(UINT16 a, UINT16 b)
{
register UINT32 p;
p = (UINT32)a * b;
if (p)
{
b = low16(p);
a = p>>16;
return (b - a) + (b < a);
}
else if (a)
{
return 1-b;
}
else
{
return 1-a;
}
} /* mul */
#endif /* SMALL_CACHE */
/*
* Compute the multiplicative inverse of x, modulo 65537, using Euclid's
* algorithm. It is unrolled twice to avoid swapping the registers each
* iteration, and some subtracts of t have been changed to adds.
*/
static const UINT16
inv(UINT16 x)
{
UINT16 t0, t1;
UINT16 q, y;
if (x <= 1)
return x; /* 0 and 1 are self-inverse */
t1 = 0x10001L / x; /* Since x >= 2, this fits into 16 bits */
y = 0x10001L % x;
if (y == 1)
return low16(1-t1);
t0 = 1;
do
{
q = x / y;
x = x % y;
t0 += q * t1;
if (x == 1)
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
}
while (y != 1);
return low16(1-t1);
} /* inv */
/*
* Expand a 128-bit user key to a working encryption key ctx
*/
void
idea_expand(UINT16 *ctx,
const UINT8 *userkey)
{
int i,j;
for (j=0; j<8; j++) {
ctx[j] = (userkey[0]<<8) + userkey[1];
userkey += 2;
}
for (i=0; j < IDEA_KEYLEN; j++) {
i++;
ctx[i+7] = ctx[i & 7] << 9 | ctx[(i+1) & 7] >> 7;
ctx += i & 8;
i &= 7;
}
} /* idea_expand */
/*
* Compute IDEA decryption key DK from an expanded IDEA encryption key EK
* Note that the input and output may be the same. Thus, the key is
* inverted into an internal buffer, and then copied to the output.
*/
void
idea_invert(UINT16 *d,
const UINT16 *e)
{
int i;
UINT16 t1, t2, t3;
UINT16 temp[IDEA_KEYLEN];
UINT16 *p = temp + IDEA_KEYLEN;
t1 = inv(*e++);
t2 = -*e++;
t3 = -*e++;
*--p = inv(*e++);
*--p = t3;
*--p = t2;
*--p = t1;
for (i = 0; i < IDEA_ROUNDS-1; i++) {
t1 = *e++;
*--p = *e++;
*--p = t1;
t1 = inv(*e++);
t2 = -*e++;
t3 = -*e++;
*--p = inv(*e++);
*--p = t2;
*--p = t3;
*--p = t1;
}
t1 = *e++;
*--p = *e++;
*--p = t1;
t1 = inv(*e++);
t2 = -*e++;
t3 = -*e++;
*--p = inv(*e++);
*--p = t3;
*--p = t2;
*--p = t1;
/* Copy and destroy temp copy */
memcpy(d, temp, sizeof(temp));
memset(temp, 0, sizeof(temp));
} /* idea_invert */
/*
* MUL(x,y) computes x = x*y, modulo 0x10001. Requires two temps,
* t16 and t32. x is modified, and must me a side-effect-free lvalue.
* y may be anything, but unlike x, must be strictly 16 bits even if
* low16() is #defined.
* All of these are equivalent - see which is faster on your machine
*/
#ifdef SMALL_CACHE
#define MUL(x,y) (x = mul(low16(x),y))
#else /* !SMALL_CACHE */
#ifdef AVOID_JUMPS
#define MUL(x,y) (x = low16(x-1), t16 = low16((y)-1), \
t32 = (UINT32)x*t16 + x + t16 + 1, x = low16(t32), \
t16 = t32>>16, x = (x-t16) + (x<t16) )
#else /* !AVOID_JUMPS (default) */
#define MUL(x,y) \
((t16 = (y)) ? \
(x=low16(x)) ? \
t32 = (UINT32)x*t16, \
x = low16(t32), \
t16 = t32>>16, \
x = (x-t16)+(x<t16) \
: \
(x = 1-t16) \
: \
(x = 1-x))
#endif
#endif
/* Endian independent conversions */
#define char2word(dest, p) \
do { \
(dest) = *(p)++ << 8; (dest) |= *(p)++; \
} while(0)
#define word2char(src, p) \
do { \
*(p)++ = (src) >> 8; *(p)++ = (src) & 0xff; \
} while(0)
/* IDEA encryption/decryption algorithm */
/* Note that in and out can be the same buffer */
void
idea_crypt(const UINT16 *key,
UINT8 *dest,
const UINT8 *src)
{
register UINT16 x1, x2, x3, x4, s2, s3;
/* Setup */
char2word(x1, src); char2word(x2, src);
char2word(x3, src); char2word(x4, src);
/* Encrypt */
{
#ifndef SMALL_CACHE
register UINT16 t16; /* Temporaries needed by MUL macro */
register UINT32 t32;
#endif
int r = IDEA_ROUNDS;
do
{
MUL(x1,*key++);
x2 += *key++;
x3 += *key++;
MUL(x4, *key++);
s3 = x3;
x3 ^= x1;
MUL(x3, *key++);
s2 = x2;
x2 ^= x4;
x2 += x3;
MUL(x2, *key++);
x3 += x2;
x1 ^= x2; x4 ^= x3;
x2 ^= s3; x3 ^= s2;
}
while (--r);
MUL(x1, *key++);
x3 += *key++;
x2 += *key++;
MUL(x4, *key);
}
word2char(x1, dest); word2char(x3, dest);
word2char(x2, dest); word2char(x4, dest);
} /* idea_crypt */
/*-------------------------------------------------------------*/

View File

@ -1,20 +0,0 @@
/* $Id$ */
#ifndef RCSID_H_INCLUDED
#define RCSID_H_INCLUDED
/* Taken from pike/src/global.h */
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
#define RCSID2(name, X) \
static char *name __attribute__ ((unused)) =X
#elif __GNUC__ == 2
/* No need for PIKE_CONCAT() here since gcc supports ## */
#define RCSID2(name, X) \
static char *name = X; \
static void *use_##name=(&use_##name, (void *)&name)
#else
#define RCSID2(name, X) \
static char *name = X
#endif
#endif /* RCSID_H_INCLUDED */

View File

@ -1,32 +0,0 @@
/*
* $Id$
*/
#ifndef ARCFOUR_H_INCLUDED
#define ARCFOUR_H_INCLUDED
#include "crypto_types.h"
struct arcfour_ctx {
UINT8 S[256];
UINT8 i, j;
};
#if 0
void arcfour_init(struct arcfour_ctx *ctx);
#endif
/* Encryption functions */
void arcfour_set_key(struct arcfour_ctx *ctx, UINT32 length, const UINT8 *key);
void arcfour_crypt(struct arcfour_ctx *ctx, UINT8 *dest,
UINT32 length, const UINT8 *src);
/* Using arcfour as a randomness generator. */
void arcfour_init(struct arcfour_ctx *ctx);
void arcfour_update_key(struct arcfour_ctx *ctx,
UINT32 length, const UINT8 *key);
void arcfour_stream(struct arcfour_ctx *ctx,
UINT32 length, UINT8 *dest);
#endif /* ARCFOUR_H_INCLUDED */

View File

@ -1,81 +0,0 @@
/* blowfish.h
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/*
* Modifications for lsh by Ray Dassen
*/
#ifndef G10_BLOWFISH_H
#define G10_BLOWFISH_H
#include "crypto_types.h"
/* Use lsh types */
typedef UINT8 byte;
typedef UINT16 u16;
typedef UINT32 u32;
/* FIXME: A search&replace on the type names would be better, but I
* keep GPG names for now to make it easier to get smaller diffs. */
#if 0
#define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */
#endif
#define BLOWFISH_BLOCKSIZE 8
#define BLOWFISH_ROUNDS 16
/* Other key lengths are possible, but 128 bits is the default. */
#define BLOWFISH_KEYSIZE 16
/* Allow keys of size 64 <= bits <= 448 */
#define BLOWFISH_MIN_KEYSIZE 8
#define BLOWFISH_MAX_KEYSIZE 56
#define G10ERR_WEAK_KEY 43
typedef struct {
u32 s0[256];
u32 s1[256];
u32 s2[256];
u32 s3[256];
u32 p[BLOWFISH_ROUNDS+2];
} BLOWFISH_context;
/* Returns 0 if the key is ok */
int bf_set_key( BLOWFISH_context *c, const byte *key, unsigned keylen );
void bf_encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf );
void bf_decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf );
int bf_selftest(void);
#if 0
const char *
blowfish_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
int (**setkey)( void *c, const byte *key, unsigned keylen ),
void (**encrypt)( void *c, byte *outbuf, const byte *inbuf ),
void (**decrypt)( void *c, byte *outbuf, const byte *inbuf )
);
#endif
#endif /*G10_BLOWFISH_H*/

View File

@ -1,37 +0,0 @@
/*
* $Id$
*
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
* Released 1997.10.11
*/
#ifndef _CAST_H_INCLUDED
#define _CAST_H_INCLUDED
#define CAST_MIN_KEYSIZE 5
#define CAST_MAX_KEYSIZE 16
#define CAST_BLOCKSIZE 8
#define CAST_SMALL_KEY 10
#define CAST_SMALL_ROUNDS 12
#define CAST_FULL_ROUNDS 16
#include "crypto_types.h"
struct cast_key {
UINT32 xkey[32]; /* Key, after expansion */
unsigned rounds; /* Number of rounds to use, 12 or 16 */
};
void cast_setkey(struct cast_key *key, const UINT8 * const rawkey,
unsigned keybytes);
void cast_encrypt(struct cast_key *key, const UINT8 * const inblock,
UINT8 *outblock);
void cast_decrypt(struct cast_key *key, const UINT8 * const inblock,
UINT8* outblock);
int cast_selftest(void);
#endif /* ifndef _CAST_H_INCLUDED */

View File

@ -1,26 +0,0 @@
/* $Id$
*
* Defines the types UINT32, UINT16 and UINT8 */
#ifndef CRYPTO_TYPES_H_INCLUDED
#define CRYPTO_TYPES_H_INCLUDED
#ifdef PIKE
# include "pike_types.h"
# include "global.h"
# define UINT32 unsigned INT32
# define UINT16 unsigned INT16
# define UINT8 unsigned INT8
#else /* !PIKE */
# ifdef LSH
# include "lsh_types.h"
# else /* !LSH */
# define UINT32 unsigned long
# define UINT16 unsigned short
# define UINT8 unsigned char
# endif /* !PIKE */
#endif
#endif /* CRYPTO_TYPES_H_INCLUDED */

View File

@ -1,44 +0,0 @@
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
* Slightly edited by Niels Möller, 1997
*/
#ifndef DES_H_INCLUDED
#define DES_H_INCLUDED
#include "crypto_types.h"
#include "RCSID.h"
RCSID2(desCore_hRcs, "$Id$");
#define DES_KEYSIZE 8
#define DES_BLOCKSIZE 8
#define DES_EXPANDED_KEYLEN 32
/* FIXME: typedef on arrays is ugly. */
typedef UINT8 DesData[DES_BLOCKSIZE];
typedef UINT32 DesKeys[DES_EXPANDED_KEYLEN];
typedef void DesFunc(UINT8 *d, const UINT32 *r, const UINT8 *s);
extern int DesMethod(UINT32 *method, const UINT8 *k);
extern void DesQuickInit(void);
extern void DesQuickDone(void);
extern DesFunc DesQuickCoreEncrypt;
extern DesFunc DesQuickFipsEncrypt;
extern DesFunc DesQuickCoreDecrypt;
extern DesFunc DesQuickFipsDecrypt;
extern DesFunc DesSmallCoreEncrypt;
extern DesFunc DesSmallFipsEncrypt;
extern DesFunc DesSmallCoreDecrypt;
extern DesFunc DesSmallFipsDecrypt;
extern DesFunc *DesCryptFuncs[2];
extern int des_key_sched(const UINT8 *k, UINT32 *s);
extern int des_ecb_encrypt(const UINT8 *s, UINT8 *d, const UINT32 *r, int e);
#endif /* DES_H_INCLUDED */

View File

@ -1,31 +0,0 @@
/*
* $Id$
*/
/*
* Please be aware that IDEA IS PATENT ENCUMBERED; see the note in idea.c.
* -------------------------
*/
#ifndef IDEA_H_INCLUDED
#define IDEA_H_INCLUDED
#define IDEA_KEYSIZE 16
#define IDEA_BLOCKSIZE 8
#define IDEA_ROUNDS 8
#define IDEA_KEYLEN (6*IDEA_ROUNDS+4)
#include "crypto_types.h"
void idea_expand(UINT16 *ctx,
const UINT8 *key);
void idea_invert(UINT16 *d,
const UINT16 *e);
void idea_crypt(const UINT16 *ctx,
UINT8 *dest,
const UINT8 *src);
#endif /* IDEA_H_INCLUDED */

View File

@ -1,23 +0,0 @@
/*
* $Id$
*/
#include "crypto_types.h"
#define MD5_DATASIZE 64
#define MD5_DATALEN 16
#define MD5_DIGESTSIZE 16
#define MD5_DIGESTLEN 4
struct md5_ctx {
UINT32 digest[MD5_DIGESTLEN]; /* Digest */
UINT32 count_l, count_h; /* Block count */
UINT8 block[MD5_DATASIZE]; /* One block buffer */
int index; /* index into buffer */
};
void md5_init(struct md5_ctx *ctx);
void md5_update(struct md5_ctx *ctx, const UINT8 *buffer, UINT32 len);
void md5_final(struct md5_ctx *ctx);
void md5_digest(struct md5_ctx *ctx, UINT8 *s);
void md5_copy(struct md5_ctx *dest, struct md5_ctx *src);

View File

@ -1,76 +0,0 @@
/*
*
* Rijndael is a 128/192/256-bit block cipher that accepts key sizes of
* 128, 192, or 256 bits, designed by Joan Daemen and Vincent Rijmen. See
* http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ for details.
*/
#if !defined(RIJNDAEL_H)
#define RIJNDAEL_H
#include <stdlib.h>
#include "crypto_types.h"
/* Other block sizes and key lengths are possible, but in the context of
* the ssh protocols, 256 bits is the default. */
#define RIJNDAEL_BLOCKSIZE 16
#define RIJNDAEL_KEYSIZE 32
/* Allow keys of size 128 <= bits <= 256 */
#define RIJNDAEL_MIN_KEYSIZE 16
#define RIJNDAEL_MAX_KEYSIZE 32
typedef struct {
UINT32 keys[60]; /* maximum size of key schedule */
UINT32 ikeys[60]; /* inverse key schedule */
int nrounds; /* number of rounds to use for our key size */
} RIJNDAEL_context;
/* This basically performs Rijndael's key scheduling algorithm, as it's the
* only initialization required anyhow. The key size is specified in bytes,
* but the only valid values are 16 (128 bits), 24 (192 bits), and 32 (256
* bits). If a value other than these three is specified, the key will be
* truncated to the closest value less than the key size specified, e.g.
* specifying 7 will use only the first 6 bytes of the key given. DO NOT
* PASS A VALUE LESS THAN 16 TO KEYSIZE! */
void
rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key);
/*
* rijndael_encrypt()
*
* Encrypt 16 bytes of data with the Rijndael algorithm. Before this
* function can be used, rijndael_setup must be used in order to initialize
* Rijndael's key schedule.
*
* This function always encrypts 16 bytes of plaintext to 16 bytes of
* ciphertext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
rijndael_encrypt(RIJNDAEL_context *context,
const UINT8 *plaintext,
UINT8 *ciphertext);
/*
* rijndael_decrypt()
*
* Decrypt 16 bytes of data with the Rijndael algorithm.
*
* Before this function can be used, rijndael_setup() must be used in order
* to set up the key schedule required for the decryption algorithm.
*
* This function always decrypts 16 bytes of ciphertext to 16 bytes of
* plaintext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
rijndael_decrypt(RIJNDAEL_context *context,
const UINT8 *ciphertext,
UINT8 *plaintext);
#endif /* RIJNDAEL_H */

View File

@ -1,71 +0,0 @@
/*
*
* Serpent is a 128-bit block cipher that accepts a key size of 256 bits,
* designed by Ross Anderson, Eli Biham, and Lars Knudsen. See
* http://www.cl.cam.ac.uk/~rja14/serpent.html for details.
*/
#if !defined(SERPENT_H)
#define SERPENT_H
#include <stdlib.h>
#include "crypto_types.h"
#define SERPENT_BLOCKSIZE 16
/* Other key lengths are possible, but we only use 256 bits. Besides, the
design of Serpent makes other key lengths useless; they cheated with the
AES requirements, using a 256-bit key length exclusively and just padding
it out if the desired key length was less, so there really is no advantage
to using key lengths less than 256 bits. */
#define SERPENT_KEYSIZE 32
/* Allow keys of size 128 <= bits <= 256 */
#define SERPENT_MIN_KEYSIZE 16
#define SERPENT_MAX_KEYSIZE 32
typedef struct {
UINT32 keys[33][4]; /* key schedule */
} SERPENT_context;
/* This performs Serpent's key scheduling algorithm. */
void
serpent_setup(SERPENT_context *ctx, UINT32 key_size, const UINT8 *key);
/*
* serpent_encrypt()
*
* Encrypt 16 bytes of data with the Serpent algorithm. Before this
* function can be used, serpent_setup must be used in order to initialize
* Serpent's key schedule.
*
* This function always encrypts 16 bytes of plaintext to 16 bytes of
* ciphertext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
serpent_encrypt(SERPENT_context *context,
const UINT8 *plaintext,
UINT8 *ciphertext);
/*
* serpent_decrypt()
*
* Decrypt 16 bytes of data with the Serpent algorithm.
*
* Before this function can be used, serpent_setup() must be used in order
* to set up the key schedule required for the decryption algorithm.
*
* This function always decrypts 16 bytes of ciphertext to 16 bytes of
* plaintext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
serpent_decrypt(SERPENT_context *context,
const UINT8 *ciphertext,
UINT8 *plaintext);
#endif /* SERPENT_H */

View File

@ -1,30 +0,0 @@
/*
* $Id$
*/
#include "crypto_types.h"
/* The SHA block size and message digest sizes, in bytes */
#define SHA_DATASIZE 64
#define SHA_DATALEN 16
#define SHA_DIGESTSIZE 20
#define SHA_DIGESTLEN 5
/* The structure for storing SHA info */
struct sha_ctx {
UINT32 digest[SHA_DIGESTLEN]; /* Message digest */
UINT32 count_l, count_h; /* 64-bit block count */
UINT8 block[SHA_DATASIZE]; /* SHA data buffer */
int index; /* index into buffer */
};
void sha_init(struct sha_ctx *ctx);
void sha_update(struct sha_ctx *ctx, const UINT8 *buffer, UINT32 len);
void sha_final(struct sha_ctx *ctx);
void sha_digest(struct sha_ctx *ctx, UINT8 *s);
void sha_copy(struct sha_ctx *dest, struct sha_ctx *src);
/* The core compression function, mapping 5 + 16 32-bit words to 5
* words. Destroys the data in the process. */
void sha_transform(UINT32 *state, UINT32 *data);

View File

@ -1,107 +0,0 @@
/* twofish.h
*
* $Id$
*/
/*
* twofish - An implementation of the twofish cipher.
* Copyright (C) 1999 Ruud de Rooij <ruud@debian.org>
*
* Modifications for lsh
* Copyright (C) 1999 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Twofish is a 128-bit block cipher that accepts a variable-length
* key up to 256 bits, designed by Bruce Schneier and others. See
* http://www.counterpane.com/twofish.html for details.
*/
#if !defined(TWOFISH_H)
#define TWOFISH_H
#include <stdlib.h> /* For size_t */
#include "crypto_types.h"
#define TWOFISH_BLOCKSIZE 16 /* bytes */
/* Other key lengths are possible, but in the context of the ssh protocols,
* 256 bits is the default. */
#define TWOFISH_KEYSIZE 32 /* bytes */
/* Allow keys of size 128 <= bits <= 256 */
#define TWOFISH_MIN_KEYSIZE 16 /* bytes */
#define TWOFISH_MAX_KEYSIZE 32 /* bytes */
typedef struct {
UINT32 keys[40];
UINT32 s_box[4][256];
} TWOFISH_context;
/* Set up internal tables required for twofish encryption and decryption.
*
* The key size is specified in bytes. Key sizes up to 32 bytes are
* supported. Larger key sizes are silently truncated. */
void
twofish_setup(TWOFISH_context *ctx, size_t keysize, const UINT8 *key);
/* void twofish_encrypt(TWOFISH_context *context,
* const UINT8 *plaintext,
* UINT8 *ciphertext);
*
* Encrypt 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_setup() must be used in order to
* set up various tables required for the encryption algorithm.
*
* This function always encrypts 16 bytes of plaintext to 16 bytes of
* ciphertext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_encrypt(TWOFISH_context *context,
const UINT8 *plaintext,
UINT8 *ciphertext);
/* void twofish_decrypt(TWOFISH_context *context,
* const UINT8 *ciphertext,
* UINT8 *plaintext);
*
* Decrypt 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_setup() must be used in order to
* set up various tables required for the decryption algorithm.
*
* This function always decrypts 16 bytes of ciphertext to 16 bytes of
* plaintext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_decrypt(TWOFISH_context *context,
const UINT8 *ciphertext,
UINT8 *plaintext);
int
twofish_selftest(void);
#endif /* TWOFISH_H */

View File

@ -1,14 +0,0 @@
#ifndef _TYPES_H
#define _TYPES_H
/* Define types for GPG code */
#warning Don't use include/types.h
#include "lsh_types.h"
typedef UINT8 byte;
typedef UINT32 u32;
#endif /* _TYPES_H */

Binary file not shown.

View File

@ -1,138 +0,0 @@
/* automagically made - do not fuss with this */
0x02080008, 0x02082000, 0x00002008, 0x00000000,
0x02002000, 0x00080008, 0x02080000, 0x02082008,
0x00000008, 0x02000000, 0x00082000, 0x00002008,
0x00082008, 0x02002008, 0x02000008, 0x02080000,
0x00002000, 0x00082008, 0x00080008, 0x02002000,
0x02082008, 0x02000008, 0x00000000, 0x00082000,
0x02000000, 0x00080000, 0x02002008, 0x02080008,
0x00080000, 0x00002000, 0x02082000, 0x00000008,
0x00080000, 0x00002000, 0x02000008, 0x02082008,
0x00002008, 0x02000000, 0x00000000, 0x00082000,
0x02080008, 0x02002008, 0x02002000, 0x00080008,
0x02082000, 0x00000008, 0x00080008, 0x02002000,
0x02082008, 0x00080000, 0x02080000, 0x02000008,
0x00082000, 0x00002008, 0x02002008, 0x02080000,
0x00000008, 0x02082000, 0x00082008, 0x00000000,
0x02000000, 0x02080008, 0x00002000, 0x00082008,
0x08000004, 0x00020004, 0x00000000, 0x08020200,
0x00020004, 0x00000200, 0x08000204, 0x00020000,
0x00000204, 0x08020204, 0x00020200, 0x08000000,
0x08000200, 0x08000004, 0x08020000, 0x00020204,
0x00020000, 0x08000204, 0x08020004, 0x00000000,
0x00000200, 0x00000004, 0x08020200, 0x08020004,
0x08020204, 0x08020000, 0x08000000, 0x00000204,
0x00000004, 0x00020200, 0x00020204, 0x08000200,
0x00000204, 0x08000000, 0x08000200, 0x00020204,
0x08020200, 0x00020004, 0x00000000, 0x08000200,
0x08000000, 0x00000200, 0x08020004, 0x00020000,
0x00020004, 0x08020204, 0x00020200, 0x00000004,
0x08020204, 0x00020200, 0x00020000, 0x08000204,
0x08000004, 0x08020000, 0x00020204, 0x00000000,
0x00000200, 0x08000004, 0x08000204, 0x08020200,
0x08020000, 0x00000204, 0x00000004, 0x08020004,
0x80040100, 0x01000100, 0x80000000, 0x81040100,
0x00000000, 0x01040000, 0x81000100, 0x80040000,
0x01040100, 0x81000000, 0x01000000, 0x80000100,
0x81000000, 0x80040100, 0x00040000, 0x01000000,
0x81040000, 0x00040100, 0x00000100, 0x80000000,
0x00040100, 0x81000100, 0x01040000, 0x00000100,
0x80000100, 0x00000000, 0x80040000, 0x01040100,
0x01000100, 0x81040000, 0x81040100, 0x00040000,
0x81040000, 0x80000100, 0x00040000, 0x81000000,
0x00040100, 0x01000100, 0x80000000, 0x01040000,
0x81000100, 0x00000000, 0x00000100, 0x80040000,
0x00000000, 0x81040000, 0x01040100, 0x00000100,
0x01000000, 0x81040100, 0x80040100, 0x00040000,
0x81040100, 0x80000000, 0x01000100, 0x80040100,
0x80040000, 0x00040100, 0x01040000, 0x81000100,
0x80000100, 0x01000000, 0x81000000, 0x01040100,
0x04010801, 0x00000000, 0x00010800, 0x04010000,
0x04000001, 0x00000801, 0x04000800, 0x00010800,
0x00000800, 0x04010001, 0x00000001, 0x04000800,
0x00010001, 0x04010800, 0x04010000, 0x00000001,
0x00010000, 0x04000801, 0x04010001, 0x00000800,
0x00010801, 0x04000000, 0x00000000, 0x00010001,
0x04000801, 0x00010801, 0x04010800, 0x04000001,
0x04000000, 0x00010000, 0x00000801, 0x04010801,
0x00010001, 0x04010800, 0x04000800, 0x00010801,
0x04010801, 0x00010001, 0x04000001, 0x00000000,
0x04000000, 0x00000801, 0x00010000, 0x04010001,
0x00000800, 0x04000000, 0x00010801, 0x04000801,
0x04010800, 0x00000800, 0x00000000, 0x04000001,
0x00000001, 0x04010801, 0x00010800, 0x04010000,
0x04010001, 0x00010000, 0x00000801, 0x04000800,
0x04000801, 0x00000001, 0x04010000, 0x00010800,
0x00000400, 0x00000020, 0x00100020, 0x40100000,
0x40100420, 0x40000400, 0x00000420, 0x00000000,
0x00100000, 0x40100020, 0x40000020, 0x00100400,
0x40000000, 0x00100420, 0x00100400, 0x40000020,
0x40100020, 0x00000400, 0x40000400, 0x40100420,
0x00000000, 0x00100020, 0x40100000, 0x00000420,
0x40100400, 0x40000420, 0x00100420, 0x40000000,
0x40000420, 0x40100400, 0x00000020, 0x00100000,
0x40000420, 0x00100400, 0x40100400, 0x40000020,
0x00000400, 0x00000020, 0x00100000, 0x40100400,
0x40100020, 0x40000420, 0x00000420, 0x00000000,
0x00000020, 0x40100000, 0x40000000, 0x00100020,
0x00000000, 0x40100020, 0x00100020, 0x00000420,
0x40000020, 0x00000400, 0x40100420, 0x00100000,
0x00100420, 0x40000000, 0x40000400, 0x40100420,
0x40100000, 0x00100420, 0x00100400, 0x40000400,
0x00800000, 0x00001000, 0x00000040, 0x00801042,
0x00801002, 0x00800040, 0x00001042, 0x00801000,
0x00001000, 0x00000002, 0x00800002, 0x00001040,
0x00800042, 0x00801002, 0x00801040, 0x00000000,
0x00001040, 0x00800000, 0x00001002, 0x00000042,
0x00800040, 0x00001042, 0x00000000, 0x00800002,
0x00000002, 0x00800042, 0x00801042, 0x00001002,
0x00801000, 0x00000040, 0x00000042, 0x00801040,
0x00801040, 0x00800042, 0x00001002, 0x00801000,
0x00001000, 0x00000002, 0x00800002, 0x00800040,
0x00800000, 0x00001040, 0x00801042, 0x00000000,
0x00001042, 0x00800000, 0x00000040, 0x00001002,
0x00800042, 0x00000040, 0x00000000, 0x00801042,
0x00801002, 0x00801040, 0x00000042, 0x00001000,
0x00001040, 0x00801002, 0x00800040, 0x00000042,
0x00000002, 0x00001042, 0x00801000, 0x00800002,
0x10400000, 0x00404010, 0x00000010, 0x10400010,
0x10004000, 0x00400000, 0x10400010, 0x00004010,
0x00400010, 0x00004000, 0x00404000, 0x10000000,
0x10404010, 0x10000010, 0x10000000, 0x10404000,
0x00000000, 0x10004000, 0x00404010, 0x00000010,
0x10000010, 0x10404010, 0x00004000, 0x10400000,
0x10404000, 0x00400010, 0x10004010, 0x00404000,
0x00004010, 0x00000000, 0x00400000, 0x10004010,
0x00404010, 0x00000010, 0x10000000, 0x00004000,
0x10000010, 0x10004000, 0x00404000, 0x10400010,
0x00000000, 0x00404010, 0x00004010, 0x10404000,
0x10004000, 0x00400000, 0x10404010, 0x10000000,
0x10004010, 0x10400000, 0x00400000, 0x10404010,
0x00004000, 0x00400010, 0x10400010, 0x00004010,
0x00400010, 0x00000000, 0x10404000, 0x10000010,
0x10400000, 0x10004010, 0x00000010, 0x00404000,
0x00208080, 0x00008000, 0x20200000, 0x20208080,
0x00200000, 0x20008080, 0x20008000, 0x20200000,
0x20008080, 0x00208080, 0x00208000, 0x20000080,
0x20200080, 0x00200000, 0x00000000, 0x20008000,
0x00008000, 0x20000000, 0x00200080, 0x00008080,
0x20208080, 0x00208000, 0x20000080, 0x00200080,
0x20000000, 0x00000080, 0x00008080, 0x20208000,
0x00000080, 0x20200080, 0x20208000, 0x00000000,
0x00000000, 0x20208080, 0x00200080, 0x20008000,
0x00208080, 0x00008000, 0x20000080, 0x00200080,
0x20208000, 0x00000080, 0x00008080, 0x20200000,
0x20008080, 0x20000000, 0x20200000, 0x00208000,
0x20208080, 0x00008080, 0x00208000, 0x20200080,
0x00200000, 0x20000080, 0x20008000, 0x00000000,
0x00008000, 0x00200000, 0x20200080, 0x00208080,
0x20000000, 0x20208000, 0x00000080, 0x20008080,

View File

@ -1,248 +0,0 @@
/*
* $Id$
*
* md5.c : Implementation of the MD5 hash function
*
* Part of the Python Cryptography Toolkit, version 1.0.1
* Colin Plumb's original code modified by A.M. Kuchling
*
* Further hacked and adapted to pike by Niels Möller
*/
#include "crypto_types.h"
#include "md5.h"
#include <string.h>
void md5_copy(struct md5_ctx *dest, struct md5_ctx *src)
{
int i;
dest->count_l=src->count_l;
dest->count_h=src->count_h;
for(i=0; i<MD5_DIGESTLEN; i++)
dest->digest[i]=src->digest[i];
for(i=0; i < src->index; i++)
dest->block[i] = src->block[i];
dest->index = src->index;
}
void md5_init(struct md5_ctx *ctx)
{
ctx->digest[0] = 0x67452301;
ctx->digest[1] = 0xefcdab89;
ctx->digest[2] = 0x98badcfe;
ctx->digest[3] = 0x10325476;
ctx->count_l = ctx->count_h = 0;
ctx->index = 0;
}
/* MD5 functions */
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
#define ROUND(f, w, x, y, z, data, s) \
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
/* Perform the MD5 transformation on one full block of 16 32-bit words. */
static void md5_transform(struct md5_ctx *ctx, UINT32 *data)
{
UINT32 a, b, c, d;
a = ctx->digest[0];
b = ctx->digest[1];
c = ctx->digest[2];
d = ctx->digest[3];
ROUND(F1, a, b, c, d, data[ 0] + 0xd76aa478, 7);
ROUND(F1, d, a, b, c, data[ 1] + 0xe8c7b756, 12);
ROUND(F1, c, d, a, b, data[ 2] + 0x242070db, 17);
ROUND(F1, b, c, d, a, data[ 3] + 0xc1bdceee, 22);
ROUND(F1, a, b, c, d, data[ 4] + 0xf57c0faf, 7);
ROUND(F1, d, a, b, c, data[ 5] + 0x4787c62a, 12);
ROUND(F1, c, d, a, b, data[ 6] + 0xa8304613, 17);
ROUND(F1, b, c, d, a, data[ 7] + 0xfd469501, 22);
ROUND(F1, a, b, c, d, data[ 8] + 0x698098d8, 7);
ROUND(F1, d, a, b, c, data[ 9] + 0x8b44f7af, 12);
ROUND(F1, c, d, a, b, data[10] + 0xffff5bb1, 17);
ROUND(F1, b, c, d, a, data[11] + 0x895cd7be, 22);
ROUND(F1, a, b, c, d, data[12] + 0x6b901122, 7);
ROUND(F1, d, a, b, c, data[13] + 0xfd987193, 12);
ROUND(F1, c, d, a, b, data[14] + 0xa679438e, 17);
ROUND(F1, b, c, d, a, data[15] + 0x49b40821, 22);
ROUND(F2, a, b, c, d, data[ 1] + 0xf61e2562, 5);
ROUND(F2, d, a, b, c, data[ 6] + 0xc040b340, 9);
ROUND(F2, c, d, a, b, data[11] + 0x265e5a51, 14);
ROUND(F2, b, c, d, a, data[ 0] + 0xe9b6c7aa, 20);
ROUND(F2, a, b, c, d, data[ 5] + 0xd62f105d, 5);
ROUND(F2, d, a, b, c, data[10] + 0x02441453, 9);
ROUND(F2, c, d, a, b, data[15] + 0xd8a1e681, 14);
ROUND(F2, b, c, d, a, data[ 4] + 0xe7d3fbc8, 20);
ROUND(F2, a, b, c, d, data[ 9] + 0x21e1cde6, 5);
ROUND(F2, d, a, b, c, data[14] + 0xc33707d6, 9);
ROUND(F2, c, d, a, b, data[ 3] + 0xf4d50d87, 14);
ROUND(F2, b, c, d, a, data[ 8] + 0x455a14ed, 20);
ROUND(F2, a, b, c, d, data[13] + 0xa9e3e905, 5);
ROUND(F2, d, a, b, c, data[ 2] + 0xfcefa3f8, 9);
ROUND(F2, c, d, a, b, data[ 7] + 0x676f02d9, 14);
ROUND(F2, b, c, d, a, data[12] + 0x8d2a4c8a, 20);
ROUND(F3, a, b, c, d, data[ 5] + 0xfffa3942, 4);
ROUND(F3, d, a, b, c, data[ 8] + 0x8771f681, 11);
ROUND(F3, c, d, a, b, data[11] + 0x6d9d6122, 16);
ROUND(F3, b, c, d, a, data[14] + 0xfde5380c, 23);
ROUND(F3, a, b, c, d, data[ 1] + 0xa4beea44, 4);
ROUND(F3, d, a, b, c, data[ 4] + 0x4bdecfa9, 11);
ROUND(F3, c, d, a, b, data[ 7] + 0xf6bb4b60, 16);
ROUND(F3, b, c, d, a, data[10] + 0xbebfbc70, 23);
ROUND(F3, a, b, c, d, data[13] + 0x289b7ec6, 4);
ROUND(F3, d, a, b, c, data[ 0] + 0xeaa127fa, 11);
ROUND(F3, c, d, a, b, data[ 3] + 0xd4ef3085, 16);
ROUND(F3, b, c, d, a, data[ 6] + 0x04881d05, 23);
ROUND(F3, a, b, c, d, data[ 9] + 0xd9d4d039, 4);
ROUND(F3, d, a, b, c, data[12] + 0xe6db99e5, 11);
ROUND(F3, c, d, a, b, data[15] + 0x1fa27cf8, 16);
ROUND(F3, b, c, d, a, data[ 2] + 0xc4ac5665, 23);
ROUND(F4, a, b, c, d, data[ 0] + 0xf4292244, 6);
ROUND(F4, d, a, b, c, data[ 7] + 0x432aff97, 10);
ROUND(F4, c, d, a, b, data[14] + 0xab9423a7, 15);
ROUND(F4, b, c, d, a, data[ 5] + 0xfc93a039, 21);
ROUND(F4, a, b, c, d, data[12] + 0x655b59c3, 6);
ROUND(F4, d, a, b, c, data[ 3] + 0x8f0ccc92, 10);
ROUND(F4, c, d, a, b, data[10] + 0xffeff47d, 15);
ROUND(F4, b, c, d, a, data[ 1] + 0x85845dd1, 21);
ROUND(F4, a, b, c, d, data[ 8] + 0x6fa87e4f, 6);
ROUND(F4, d, a, b, c, data[15] + 0xfe2ce6e0, 10);
ROUND(F4, c, d, a, b, data[ 6] + 0xa3014314, 15);
ROUND(F4, b, c, d, a, data[13] + 0x4e0811a1, 21);
ROUND(F4, a, b, c, d, data[ 4] + 0xf7537e82, 6);
ROUND(F4, d, a, b, c, data[11] + 0xbd3af235, 10);
ROUND(F4, c, d, a, b, data[ 2] + 0x2ad7d2bb, 15);
ROUND(F4, b, c, d, a, data[ 9] + 0xeb86d391, 21);
ctx->digest[0] += a;
ctx->digest[1] += b;
ctx->digest[2] += c;
ctx->digest[3] += d;
}
#ifndef EXTRACT_UCHAR
#define EXTRACT_UCHAR(p) (*(unsigned char *)(p))
#endif
/* Note that MD5 uses little endian byteorder */
#define STRING2INT(s) ((((((EXTRACT_UCHAR(s+3) << 8) \
| EXTRACT_UCHAR(s+2)) << 8) \
| EXTRACT_UCHAR(s+1)) << 8) \
| EXTRACT_UCHAR(s))
static void
md5_block(struct md5_ctx *ctx, const UINT8 *block)
{
UINT32 data[MD5_DATALEN];
int i;
/* Update block count */
if (!++ctx->count_l)
++ctx->count_h;
/* Endian independent conversion */
for (i = 0; i<16; i++, block += 4)
data[i] = STRING2INT(block);
md5_transform(ctx, data);
}
void
md5_update(struct md5_ctx *ctx,
const UINT8 *buffer,
UINT32 len)
{
if (ctx->index)
{ /* Try to fill partial block */
unsigned left = MD5_DATASIZE - ctx->index;
if (len < left)
{
memcpy(ctx->block + ctx->index, buffer, len);
ctx->index += len;
return; /* Finished */
}
else
{
memcpy(ctx->block + ctx->index, buffer, left);
md5_block(ctx, ctx->block);
buffer += left;
len -= left;
}
}
while (len >= MD5_DATASIZE)
{
md5_block(ctx, buffer);
buffer += MD5_DATASIZE;
len -= MD5_DATASIZE;
}
if ((ctx->index = len)) /* This assignment is intended */
/* Buffer leftovers */
memcpy(ctx->block, buffer, len);
}
/* Final wrapup - pad to MD5_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, LSB-first) */
void md5_final(struct md5_ctx *ctx)
{
UINT32 data[MD5_DATALEN];
int i;
int words;
i = ctx->index;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
ctx->block[i++] = 0x80;
/* Fill rest of word */
for( ; i & 3; i++)
ctx->block[i] = 0;
/* i is now a multiple of the word size 4 */
words = i >> 2;
for (i = 0; i < words; i++)
data[i] = STRING2INT(ctx->block + 4*i);
if (words > (MD5_DATALEN-2))
{ /* No room for length in this block. Process it and
* pad with another one */
for (i = words ; i < MD5_DATALEN; i++)
data[i] = 0;
md5_transform(ctx, data);
for (i = 0; i < (MD5_DATALEN-2); i++)
data[i] = 0;
}
else
for (i = words ; i < MD5_DATALEN - 2; i++)
data[i] = 0;
/* Theres 512 = 2^9 bits in one block
* Little-endian order => Least significant word first */
data[MD5_DATALEN-1] = (ctx->count_h << 9) | (ctx->count_l >> 23);
data[MD5_DATALEN-2] = (ctx->count_l << 9) | (ctx->index << 3);
md5_transform(ctx, data);
}
void
md5_digest(struct md5_ctx *ctx, UINT8 *s)
{
int i;
/* Little endian order */
for (i = 0; i < MD5_DIGESTLEN; i++)
{
*s++ = 0xff & ctx->digest[i];
*s++ = 0xff & (ctx->digest[i] >> 8);
*s++ = 0xff & (ctx->digest[i] >> 16);
*s++ = ctx->digest[i] >> 24;
}
}

View File

@ -1,10 +0,0 @@
/* automagically produced - do not fuss with this information */
8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,
4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8,

View File

@ -1,459 +0,0 @@
/* rijndael - An implementation of the Rijndael cipher.
*
* Copyright (C) 2000 Rafael R. Sevilla <dido@pacific.net.ph>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "rijndael.h"
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/* These tables combine both the S-boxes and the mixcolumn transformation, so
that we can perform a round's encryption or by means of four table lookups
and four XOR's per column of state. They were generated by the
makertbls.pl script. */
static const UINT32 dtbl[] = {
0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
};
static const UINT32 itbl[] = {
0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd,
0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060,
0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000,
0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b,
0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54,
0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83,
0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117,
0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff,
0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
};
/* Needed only for the key schedule and for final rounds */
static const UINT8 sbox[256] = {
99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171,
118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164,
114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113,
216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226,
235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214,
179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203,
190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69,
249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245,
188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68,
23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42,
144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73,
6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109,
141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37,
46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62,
181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225,
248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187,
22,
};
static const UINT8 isbox[256] = {
82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215,
251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222,
233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66,
250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73,
109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92,
204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21,
70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247,
228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2,
193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220,
234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173,
53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29,
41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75,
198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168,
51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81,
127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160,
224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12,
125,
};
/* Used only by the key schedule */
static const UINT8 Logtable[256] = {
0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28,
193, 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201,
9, 120, 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53,
147, 218, 142, 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241,
64, 70, 131, 56, 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226,
152, 34, 136, 145, 16, 126, 110, 72, 195, 163, 182, 30, 66, 58, 107,
40, 84, 250, 133, 61, 186, 43, 121, 10, 21, 155, 159, 94, 202, 78,
212, 172, 229, 243, 115, 167, 87, 175, 88, 168, 80, 244, 234, 214, 116,
79, 174, 233, 213, 231, 230, 173, 232, 44, 215, 117, 122, 235, 22, 11,
245, 89, 203, 95, 176, 156, 169, 81, 160, 127, 12, 246, 111, 23, 196,
73, 236, 216, 67, 31, 45, 164, 118, 123, 183, 204, 187, 62, 90, 251,
96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, 151, 178, 135, 144,
97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, 83, 57, 132,
60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, 68, 17,
146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, 103,
74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7,
};
static const UINT8 Alogtable[256] = {
1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19,
53, 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34,
102, 170, 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144,
171, 230, 49, 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184,
211, 110, 178, 205, 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241,
8, 24, 40, 120, 136, 131, 158, 185, 208, 107, 189, 220, 127, 129, 152,
179, 206, 73, 219, 118, 154, 181, 196, 87, 249, 16, 48, 80, 240, 11,
29, 39, 105, 187, 214, 97, 163, 254, 25, 43, 125, 135, 146, 173, 236,
47, 113, 147, 174, 233, 32, 96, 160, 251, 22, 58, 78, 210, 109, 183,
194, 93, 231, 50, 86, 250, 21, 63, 65, 195, 94, 226, 61, 71, 201,
64, 192, 91, 237, 44, 116, 156, 191, 218, 117, 159, 186, 213, 100, 172,
239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, 155, 182, 193, 88,
232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, 252, 31, 33,
99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, 69, 207,
74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, 18,
54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1,
};
#define ROTBYTE(x) (((x) >> 8) | (((x) & 0xff) << 24))
#define ROTRBYTE(x) (((x) << 8) | (((x) >> 24) & 0xff))
#define SUBBYTE(x, box) (((box)[((x) & 0xff)]) | \
((box)[(((x) >> 8) & 0xff)] << 8) | \
((box)[(((x) >> 16) & 0xff)] << 16) | \
((box)[(((x) >> 24) & 0xff)] << 24))
static UINT8
xtime(UINT8 a)
{
UINT8 b;
b = (a & 0x80) ? 0x1b : 0;
a<<=1;
a^=b;
return(a);
}
static UINT8
mul(UINT8 a, UINT8 b)
{
if (a && b) return Alogtable[(Logtable[a] + Logtable[b])%255];
else return 0;
}
static void
inv_mix_column(UINT32 *a, UINT32 *b)
{
UINT8 c[4][4];
int i, j;
for(j = 0; j < 4; j++) {
for(i = 0; i < 4; i++) {
c[j][i] = mul(0xe, (a[j] >> i*8) & 0xff)
^ mul(0xb, (a[j] >> ((i+1)%4)*8) & 0xff)
^ mul(0xd, (a[j] >> ((i+2)%4)*8) & 0xff)
^ mul(0x9, (a[j] >> ((i+3)%4)*8) & 0xff);
}
}
for(i = 0; i < 4; i++) {
b[i] = 0;
for(j = 0; j < 4; j++)
b[i] |= c[i][j] << (j*8);
}
}
void
rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key)
{
int nk, nr, i, lastkey;
UINT32 temp, rcon;
/* Truncate keysizes to the valid key sizes provided by Rijndael */
if (keysize >= 32) {
nk = 8;
nr = 14;
} else if (keysize >= 24) {
nk = 6;
nr = 12;
} else { /* must be 16 or more */
assert(keysize >= 16);
nk = 4;
nr = 10;
}
lastkey = (RIJNDAEL_BLOCKSIZE/4) * (nr + 1);
ctx->nrounds = nr;
rcon = 1;
for (i=0; i<nk; i++) {
ctx->keys[i] = key[i*4] + (key[i*4+1]<<8) + (key[i*4+2]<<16) +
(key[i*4+3]<<24);
}
for (i=nk; i<lastkey; i++) {
temp = ctx->keys[i-1];
if (i % nk == 0) {
temp = SUBBYTE(ROTBYTE(temp), sbox) ^ rcon;
rcon = (UINT32)xtime((UINT8)rcon&0xff);
} else if (nk > 6 && (i%nk) == 4) {
temp = SUBBYTE(temp, sbox);
}
ctx->keys[i] = ctx->keys[i-nk] ^ temp;
}
/* Generate the inverse keys */
for (i=0; i<4; i++) {
ctx->ikeys[i] = ctx->keys[i];
ctx->ikeys[lastkey-4 + i] = ctx->keys[lastkey-4 + i];
}
for (i=4; i<lastkey-4; i+=4)
inv_mix_column(&(ctx->keys[i]), &(ctx->ikeys[i]));
}
/* Key addition that also packs every byte in the key to a word rep. */
static void
key_addition_8to32(const UINT8 *txt, UINT32 *keys, UINT32 *out)
{
const UINT8 *ptr;
int i, j;
UINT32 val;
ptr = txt;
for (i=0; i<4; i++) {
val = 0;
for (j=0; j<4; j++)
val |= (*ptr++ << 8*j);
out[i] = keys[i]^val;
}
}
static void
key_addition32(const UINT32 *txt, UINT32 *keys, UINT32 *out)
{
int i;
for (i=0; i<4; i++)
out[i] = keys[i] ^ txt[i];
}
static void
key_addition32to8(const UINT32 *txt, UINT32 *keys, UINT8 *out)
{
UINT8 *ptr;
int i, j;
UINT32 val;
ptr = out;
for (i=0; i<4; i++) {
val = txt[i] ^ keys[i];
for (j=0; j<4; j++)
*ptr++ = (val >> 8*j) & 0xff;
}
}
static const int idx[4][4] = {
{ 0, 1, 2, 3 },
{ 1, 2, 3, 0 },
{ 2, 3, 0, 1 },
{ 3, 0, 1, 2 } };
void
rijndael_encrypt(RIJNDAEL_context *ctx,
const UINT8 *plaintext,
UINT8 *ciphertext)
{
int r, j;
UINT32 wtxt[4], t[4]; /* working ciphertext */
UINT32 e;
key_addition_8to32(plaintext, &(ctx->keys[0]), wtxt);
for (r=1; r<ctx->nrounds; r++) {
for (j=0; j<4; j++) {
t[j] = dtbl[wtxt[j] & 0xff] ^
ROTRBYTE(dtbl[(wtxt[idx[1][j]] >> 8) & 0xff]^
ROTRBYTE(dtbl[(wtxt[idx[2][j]] >> 16) & 0xff] ^
ROTRBYTE(dtbl[(wtxt[idx[3][j]] >> 24) & 0xff])));
}
key_addition32(t, &(ctx->keys[r*4]), wtxt);
}
/* last round is special: there is no mixcolumn, so we can't use the big
tables. */
for (j=0; j<4; j++) {
e = wtxt[j] & 0xff;
e |= (wtxt[idx[1][j]]) & (0xff << 8);
e |= (wtxt[idx[2][j]]) & (0xff << 16);
e |= (wtxt[idx[3][j]]) & (0xff << 24);
t[j] = e;
}
for (j=0; j<4; j++)
t[j] = SUBBYTE(t[j], sbox);
key_addition32to8(t, &(ctx->keys[4*ctx->nrounds]), ciphertext);
}
static const int iidx[4][4] = {
{ 0, 1, 2, 3 },
{ 3, 0, 1, 2 },
{ 2, 3, 0, 1 },
{ 1, 2, 3, 0 } };
void
rijndael_decrypt(RIJNDAEL_context *ctx,
const UINT8 *ciphertext,
UINT8 *plaintext)
{
int r, j;
UINT32 wtxt[4], t[4]; /* working ciphertext */
UINT32 e;
key_addition_8to32(ciphertext, &(ctx->ikeys[4*ctx->nrounds]), wtxt);
for (r=ctx->nrounds-1; r> 0; r--) {
for (j=0; j<4; j++) {
t[j] = itbl[wtxt[j] & 0xff] ^
ROTRBYTE(itbl[(wtxt[iidx[1][j]] >> 8) & 0xff]^
ROTRBYTE(itbl[(wtxt[iidx[2][j]] >> 16) & 0xff] ^
ROTRBYTE(itbl[(wtxt[iidx[3][j]] >> 24) & 0xff])));
}
key_addition32(t, &(ctx->ikeys[r*4]), wtxt);
}
/* last round is special: there is no mixcolumn, so we can't use the big
tables. */
for (j=0; j<4; j++) {
e = wtxt[j] & 0xff;
e |= (wtxt[iidx[1][j]]) & (0xff << 8);
e |= (wtxt[iidx[2][j]]) & (0xff << 16);
e |= (wtxt[iidx[3][j]]) & (0xff << 24);
t[j] = e;
}
for (j=0; j<4; j++)
t[j] = SUBBYTE(t[j], isbox);
key_addition32to8(t, &(ctx->ikeys[0]), plaintext);
}

View File

@ -1,37 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include "rijndael.h"
int main(void)
{
RIJNDAEL_context ctx;
UINT8 key[32];
UINT8 text[16];
int i, j;
for (i=0; i<16; i++)
text[i] = i;
for (i=0; i<32; i++)
key[i] = 0;
key[0] = 1;
for (j=16; j<=32; j+=8) {
rijndael_setup(&ctx, j, key);
printf("\nBlock Size = 128 bits, Key Size = %d bits\n", j*8);
printf("\nPlain= ");
for (i=0; i<16; i++)
printf("%2x", text[i]);
printf("\n");
rijndael_encrypt(&ctx, text, text);
printf("Encrypt= ");
for (i=0; i<16; i++)
printf("%02x", text[i]);
printf("\nDecrypt= ");
rijndael_decrypt(&ctx, text, text);
for (i=0; i<16; i++)
printf("%2x", text[i]);
printf("\n");
}
return(0);
}

View File

@ -1,82 +0,0 @@
/* automagically made - do not fuss with this */
34, 13, 5, 46, 47, 18, 32, 41, 11, 53, 33, 20,
14, 36, 30, 24, 49, 2, 15, 37, 42, 50, 0, 21,
38, 48, 6, 26, 39, 4, 52, 25, 12, 27, 31, 40,
1, 17, 28, 29, 23, 51, 35, 7, 3, 22, 9, 43,
41, 20, 12, 53, 54, 25, 39, 48, 18, 31, 40, 27,
21, 43, 37, 0, 1, 9, 22, 44, 49, 2, 7, 28,
45, 55, 13, 33, 46, 11, 6, 32, 19, 34, 38, 47,
8, 24, 35, 36, 30, 3, 42, 14, 10, 29, 16, 50,
55, 34, 26, 38, 11, 39, 53, 5, 32, 45, 54, 41,
35, 2, 51, 14, 15, 23, 36, 3, 8, 16, 21, 42,
6, 12, 27, 47, 31, 25, 20, 46, 33, 48, 52, 4,
22, 7, 49, 50, 44, 17, 1, 28, 24, 43, 30, 9,
12, 48, 40, 52, 25, 53, 38, 19, 46, 6, 11, 55,
49, 16, 10, 28, 29, 37, 50, 17, 22, 30, 35, 1,
20, 26, 41, 4, 45, 39, 34, 31, 47, 5, 13, 18,
36, 21, 8, 9, 3, 0, 15, 42, 7, 2, 44, 23,
26, 5, 54, 13, 39, 38, 52, 33, 31, 20, 25, 12,
8, 30, 24, 42, 43, 51, 9, 0, 36, 44, 49, 15,
34, 40, 55, 18, 6, 53, 48, 45, 4, 19, 27, 32,
50, 35, 22, 23, 17, 14, 29, 1, 21, 16, 3, 37,
40, 19, 11, 27, 53, 52, 13, 47, 45, 34, 39, 26,
22, 44, 7, 1, 2, 10, 23, 14, 50, 3, 8, 29,
48, 54, 12, 32, 20, 38, 5, 6, 18, 33, 41, 46,
9, 49, 36, 37, 0, 28, 43, 15, 35, 30, 17, 51,
54, 33, 25, 41, 38, 13, 27, 4, 6, 48, 53, 40,
36, 3, 21, 15, 16, 24, 37, 28, 9, 17, 22, 43,
5, 11, 26, 46, 34, 52, 19, 20, 32, 47, 55, 31,
23, 8, 50, 51, 14, 42, 2, 29, 49, 44, 0, 10,
11, 47, 39, 55, 52, 27, 41, 18, 20, 5, 38, 54,
50, 17, 35, 29, 30, 7, 51, 42, 23, 0, 36, 2,
19, 25, 40, 31, 48, 13, 33, 34, 46, 4, 12, 45,
37, 22, 9, 10, 28, 1, 16, 43, 8, 3, 14, 24,
18, 54, 46, 5, 6, 34, 48, 25, 27, 12, 45, 4,
2, 24, 42, 36, 37, 14, 3, 49, 30, 7, 43, 9,
26, 32, 47, 38, 55, 20, 40, 41, 53, 11, 19, 52,
44, 29, 16, 17, 35, 8, 23, 50, 15, 10, 21, 0,
32, 11, 31, 19, 20, 48, 5, 39, 41, 26, 6, 18,
16, 7, 1, 50, 51, 28, 17, 8, 44, 21, 2, 23,
40, 46, 4, 52, 12, 34, 54, 55, 38, 25, 33, 13,
3, 43, 30, 0, 49, 22, 37, 9, 29, 24, 35, 14,
46, 25, 45, 33, 34, 5, 19, 53, 55, 40, 20, 32,
30, 21, 15, 9, 10, 42, 0, 22, 3, 35, 16, 37,
54, 31, 18, 13, 26, 48, 11, 12, 52, 39, 47, 27,
17, 2, 44, 14, 8, 36, 51, 23, 43, 7, 49, 28,
31, 39, 6, 47, 48, 19, 33, 38, 12, 54, 34, 46,
44, 35, 29, 23, 24, 1, 14, 36, 17, 49, 30, 51,
11, 45, 32, 27, 40, 5, 25, 26, 13, 53, 4, 41,
0, 16, 3, 28, 22, 50, 10, 37, 2, 21, 8, 42,
45, 53, 20, 4, 5, 33, 47, 52, 26, 11, 48, 31,
3, 49, 43, 37, 7, 15, 28, 50, 0, 8, 44, 10,
25, 6, 46, 41, 54, 19, 39, 40, 27, 38, 18, 55,
14, 30, 17, 42, 36, 9, 24, 51, 16, 35, 22, 1,
6, 38, 34, 18, 19, 47, 4, 13, 40, 25, 5, 45,
17, 8, 2, 51, 21, 29, 42, 9, 14, 22, 3, 24,
39, 20, 31, 55, 11, 33, 53, 54, 41, 52, 32, 12,
28, 44, 0, 1, 50, 23, 7, 10, 30, 49, 36, 15,
20, 52, 48, 32, 33, 4, 18, 27, 54, 39, 19, 6,
0, 22, 16, 10, 35, 43, 1, 23, 28, 36, 17, 7,
53, 34, 45, 12, 25, 47, 38, 11, 55, 13, 46, 26,
42, 3, 14, 15, 9, 37, 21, 24, 44, 8, 50, 29,
27, 6, 55, 39, 40, 11, 25, 34, 4, 46, 26, 13,
7, 29, 23, 17, 42, 50, 8, 30, 35, 43, 24, 14,
31, 41, 52, 19, 32, 54, 45, 18, 5, 20, 53, 33,
49, 10, 21, 22, 16, 44, 28, 0, 51, 15, 2, 36,

View File

@ -1,407 +0,0 @@
/* serpent.c
*
* $Id$
*
* For more details on this algorithm, see the Serpent website at
* http://www.cl.cam.ac.uk/~rja14/serpent.html
*/
/* Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* I've modified this code a bit so that it interoperates with lsh
* properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
*/
/* NOTE: The copyright notice for the original version of this code
* said "All rights reserved. This code is freely distributed for AES
* selection process. No other use is allowed." However, the authors
* later decided to GPL the code. /nisse */
#include "serpent.h"
#include "serpentsboxes.h"
#include <assert.h>
/* The functions */
void
serpent_setup(SERPENT_context *ctx, UINT32 key_size, const UINT8 *key)
{
#if ALLOCA_68K_BUG
ALLOCA_START(alloca_ref);
#endif
unsigned i, j;
UINT32 w[132], k[132];
/* UINT32 kd[8]; */
/* const UINT8 *kptr; */
assert(key_size >= SERPENT_MIN_KEYSIZE);
assert(key_size <= SERPENT_MAX_KEYSIZE);
for (i = key_size, j = 0;
(i >= 4);
i-=4, key +=4, j++)
{
assert(j<8);
w[j] = key[0] | (key[1] << 8) | (key[2] << 16) | (key[3] << 24);
}
if (j < 8)
{
/* Pad key, "aabbcc" -> "aabbcc0100...00" */
UINT32 partial = 0x01;
while (i)
partial = (partial << 8 ) | key[--i];
w[j++] = partial;
while (j < 8)
w[j++] = 0;
}
#if 0
if (key_size == SERPENT_KEYSIZE)
kptr = key;
else
{
/* Expand key by appending bits 1000...00. */
UINT8 *ekey = alloca(SERPENT_KEYSIZE);
unsigned i = key_size;
memcpy(ekey, key, i);
ekey[i++] = 0x01;
while (i < SERPENT_KEYSIZE)
ekey[i++] = 0;
kptr = ekey;
}
for (i=0; i<8; i++) {
kd[i] = 0;
for (j=0; j<4; j++)
kd[i] |= (*kptr++) << j*8;
}
for(i=0; i<8; i++)
w[i]=kd[i];
for(i++; i<8; i++)
w[i]=0;
#endif
for(i=8; i<16; i++)
w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^(i-8),11);
for(i=0; i<8; i++)
w[i]=w[i+8];
for(i=8; i<132; i++)
w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^i,11);
RND03(w[ 0], w[ 1], w[ 2], w[ 3], k[ 0], k[ 1], k[ 2], k[ 3]);
RND02(w[ 4], w[ 5], w[ 6], w[ 7], k[ 4], k[ 5], k[ 6], k[ 7]);
RND01(w[ 8], w[ 9], w[ 10], w[ 11], k[ 8], k[ 9], k[ 10], k[ 11]);
RND00(w[ 12], w[ 13], w[ 14], w[ 15], k[ 12], k[ 13], k[ 14], k[ 15]);
RND31(w[ 16], w[ 17], w[ 18], w[ 19], k[ 16], k[ 17], k[ 18], k[ 19]);
RND30(w[ 20], w[ 21], w[ 22], w[ 23], k[ 20], k[ 21], k[ 22], k[ 23]);
RND29(w[ 24], w[ 25], w[ 26], w[ 27], k[ 24], k[ 25], k[ 26], k[ 27]);
RND28(w[ 28], w[ 29], w[ 30], w[ 31], k[ 28], k[ 29], k[ 30], k[ 31]);
RND27(w[ 32], w[ 33], w[ 34], w[ 35], k[ 32], k[ 33], k[ 34], k[ 35]);
RND26(w[ 36], w[ 37], w[ 38], w[ 39], k[ 36], k[ 37], k[ 38], k[ 39]);
RND25(w[ 40], w[ 41], w[ 42], w[ 43], k[ 40], k[ 41], k[ 42], k[ 43]);
RND24(w[ 44], w[ 45], w[ 46], w[ 47], k[ 44], k[ 45], k[ 46], k[ 47]);
RND23(w[ 48], w[ 49], w[ 50], w[ 51], k[ 48], k[ 49], k[ 50], k[ 51]);
RND22(w[ 52], w[ 53], w[ 54], w[ 55], k[ 52], k[ 53], k[ 54], k[ 55]);
RND21(w[ 56], w[ 57], w[ 58], w[ 59], k[ 56], k[ 57], k[ 58], k[ 59]);
RND20(w[ 60], w[ 61], w[ 62], w[ 63], k[ 60], k[ 61], k[ 62], k[ 63]);
RND19(w[ 64], w[ 65], w[ 66], w[ 67], k[ 64], k[ 65], k[ 66], k[ 67]);
RND18(w[ 68], w[ 69], w[ 70], w[ 71], k[ 68], k[ 69], k[ 70], k[ 71]);
RND17(w[ 72], w[ 73], w[ 74], w[ 75], k[ 72], k[ 73], k[ 74], k[ 75]);
RND16(w[ 76], w[ 77], w[ 78], w[ 79], k[ 76], k[ 77], k[ 78], k[ 79]);
RND15(w[ 80], w[ 81], w[ 82], w[ 83], k[ 80], k[ 81], k[ 82], k[ 83]);
RND14(w[ 84], w[ 85], w[ 86], w[ 87], k[ 84], k[ 85], k[ 86], k[ 87]);
RND13(w[ 88], w[ 89], w[ 90], w[ 91], k[ 88], k[ 89], k[ 90], k[ 91]);
RND12(w[ 92], w[ 93], w[ 94], w[ 95], k[ 92], k[ 93], k[ 94], k[ 95]);
RND11(w[ 96], w[ 97], w[ 98], w[ 99], k[ 96], k[ 97], k[ 98], k[ 99]);
RND10(w[100], w[101], w[102], w[103], k[100], k[101], k[102], k[103]);
RND09(w[104], w[105], w[106], w[107], k[104], k[105], k[106], k[107]);
RND08(w[108], w[109], w[110], w[111], k[108], k[109], k[110], k[111]);
RND07(w[112], w[113], w[114], w[115], k[112], k[113], k[114], k[115]);
RND06(w[116], w[117], w[118], w[119], k[116], k[117], k[118], k[119]);
RND05(w[120], w[121], w[122], w[123], k[120], k[121], k[122], k[123]);
RND04(w[124], w[125], w[126], w[127], k[124], k[125], k[126], k[127]);
RND03(w[128], w[129], w[130], w[131], k[128], k[129], k[130], k[131]);
for(i=0; i<=32; i++)
for(j=0; j<4; j++)
ctx->keys[i][j] = k[4*i+j];
#if ALLOCA_68K_BUG
ALLOCA_FREE(alloca_ref);
#endif
}
void
serpent_encrypt(SERPENT_context *ctx,
const UINT8 *plaintext,
UINT8 *ciphertext)
{
register UINT32 x0, x1, x2, x3;
register UINT32 y0, y1, y2, y3;
int i;
UINT8 *cptr;
x0=plaintext[0]|(plaintext[1]<<8)|(plaintext[2]<<16)|(plaintext[3]<<24);
x1=plaintext[4]|(plaintext[5]<<8)|(plaintext[6]<<16)|(plaintext[7]<<24);
x2=plaintext[8]|(plaintext[9]<<8)|(plaintext[10]<<16)|(plaintext[11]<<24);
x3=plaintext[12]|(plaintext[13]<<8)|(plaintext[14]<<16)|(plaintext[15]<<24);
/* Start to encrypt the plaintext x */
keying(x0, x1, x2, x3, ctx->keys[ 0]);
RND00(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 1]);
RND01(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 2]);
RND02(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 3]);
RND03(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 4]);
RND04(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 5]);
RND05(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 6]);
RND06(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 7]);
RND07(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 8]);
RND08(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[ 9]);
RND09(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[10]);
RND10(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[11]);
RND11(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[12]);
RND12(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[13]);
RND13(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[14]);
RND14(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[15]);
RND15(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[16]);
RND16(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[17]);
RND17(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[18]);
RND18(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[19]);
RND19(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[20]);
RND20(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[21]);
RND21(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[22]);
RND22(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[23]);
RND23(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[24]);
RND24(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[25]);
RND25(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[26]);
RND26(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[27]);
RND27(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[28]);
RND28(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[29]);
RND29(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[30]);
RND30(x0, x1, x2, x3, y0, y1, y2, y3);
transform(y0, y1, y2, y3, x0, x1, x2, x3);
keying(x0, x1, x2, x3, ctx->keys[31]);
RND31(x0, x1, x2, x3, y0, y1, y2, y3);
x0 = y0; x1 = y1; x2 = y2; x3 = y3;
keying(x0, x1, x2, x3, ctx->keys[32]);
/* The ciphertext is now in x */
cptr = ciphertext;
for (i=0; i<4; i++)
*cptr++ = (x0 >> i*8) & 0xff;
for (i=0; i<4; i++)
*cptr++ = (x1 >> i*8) & 0xff;
for (i=0; i<4; i++)
*cptr++ = (x2 >> i*8) & 0xff;
for (i=0; i<4; i++)
*cptr++ = (x3 >> i*8) & 0xff;
}
void
serpent_decrypt(SERPENT_context *ctx,
const UINT8 *ciphertext,
UINT8 *plaintext)
{
register UINT32 x0, x1, x2, x3;
register UINT32 y0, y1, y2, y3;
int i;
UINT8 *pptr;
x0=ciphertext[0]|(ciphertext[1]<<8)|(ciphertext[2]<<16)|(ciphertext[3]<<24);
x1=ciphertext[4]|(ciphertext[5]<<8)|(ciphertext[6]<<16)|(ciphertext[7]<<24);
x2=ciphertext[8]|(ciphertext[9]<<8)|(ciphertext[10]<<16)|(ciphertext[11]<<24);
x3=ciphertext[12]|(ciphertext[13]<<8)|(ciphertext[14]<<16)|(ciphertext[15]<<24);
/* Start to decrypt the ciphertext x */
keying(x0, x1, x2, x3, ctx->keys[32]);
InvRND31(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[31]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND30(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[30]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND29(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[29]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND28(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[28]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND27(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[27]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND26(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[26]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND25(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[25]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND24(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[24]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND23(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[23]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND22(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[22]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND21(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[21]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND20(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[20]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND19(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[19]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND18(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[18]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND17(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[17]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND16(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[16]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND15(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[15]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND14(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[14]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND13(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[13]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND12(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[12]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND11(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[11]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND10(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[10]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND09(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 9]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND08(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 8]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND07(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 7]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND06(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 6]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND05(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 5]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND04(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 4]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND03(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 3]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND02(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 2]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND01(x0, x1, x2, x3, y0, y1, y2, y3);
keying(y0, y1, y2, y3, ctx->keys[ 1]);
inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
InvRND00(x0, x1, x2, x3, y0, y1, y2, y3);
x0 = y0; x1 = y1; x2 = y2; x3 = y3;
keying(x0, x1, x2, x3, ctx->keys[ 0]);
/* The plaintext is now in x */
pptr = plaintext;
for (i=0; i<4; i++)
*pptr++ = (x0 >> i*8) & 0xff;
for (i=0; i<4; i++)
*pptr++ = (x1 >> i*8) & 0xff;
for (i=0; i<4; i++)
*pptr++ = (x2 >> i*8) & 0xff;
for (i=0; i<4; i++)
*pptr++ = (x3 >> i*8) & 0xff;
}

View File

@ -1,509 +0,0 @@
/* serpentsboxes.h
*
* $Id$
*
* For more details on this algorithm, see the Serpent website at
* http://www.cl.cam.ac.uk/~rja14/serpent.html
*/
/* Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* I've modified this code a bit so that it interoperates with lsh
* properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
*/
/* NOTE: The copyright notice for the original version of this code
* said "All rights reserved. This code is freely distributed for AES
* selection process. No other use is allowed." However, the authors
* later decided to GPL the code. /nisse */
#if !defined(SERPENTSBOXES_H)
#define SERPENTSBOXES_H
/* S0: 3 8 15 1 10 6 5 11 14 13 4 2 7 0 9 12 */
/* depth = 5,7,4,2, Total gates=18 */
#define RND00(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t05, t06, t07, t08, t09, t11, t12, t13, t14, t15, t17, t01;\
t01 = b ^ c ; \
t02 = a | d ; \
t03 = a ^ b ; \
z = t02 ^ t01; \
t05 = c | z ; \
t06 = a ^ d ; \
t07 = b | c ; \
t08 = d & t05; \
t09 = t03 & t07; \
y = t09 ^ t08; \
t11 = t09 & y ; \
t12 = c ^ d ; \
t13 = t07 ^ t11; \
t14 = b & t06; \
t15 = t06 ^ t13; \
w = ~ t15; \
t17 = w ^ t14; \
x = t12 ^ t17; }
/* InvS0: 13 3 11 0 10 6 5 12 1 14 4 7 15 9 8 2 */
/* depth = 8,4,3,6, Total gates=19 */
#define InvRND00(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t08, t09, t10, t12, t13, t14, t15, t17, t18, t01;\
t01 = c ^ d ; \
t02 = a | b ; \
t03 = b | c ; \
t04 = c & t01; \
t05 = t02 ^ t01; \
t06 = a | t04; \
y = ~ t05; \
t08 = b ^ d ; \
t09 = t03 & t08; \
t10 = d | y ; \
x = t09 ^ t06; \
t12 = a | t05; \
t13 = x ^ t12; \
t14 = t03 ^ t10; \
t15 = a ^ c ; \
z = t14 ^ t13; \
t17 = t05 & t13; \
t18 = t14 | t17; \
w = t15 ^ t18; }
/* S1: 15 12 2 7 9 0 5 10 1 11 14 8 6 13 3 4 */
/* depth = 10,7,3,5, Total gates=18 */
#define RND01(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t08, t10, t11, t12, t13, t16, t17, t01;\
t01 = a | d ; \
t02 = c ^ d ; \
t03 = ~ b ; \
t04 = a ^ c ; \
t05 = a | t03; \
t06 = d & t04; \
t07 = t01 & t02; \
t08 = b | t06; \
y = t02 ^ t05; \
t10 = t07 ^ t08; \
t11 = t01 ^ t10; \
t12 = y ^ t11; \
t13 = b & d ; \
z = ~ t10; \
x = t13 ^ t12; \
t16 = t10 | x ; \
t17 = t05 & t16; \
w = c ^ t17; }
/* InvS1: 5 8 2 14 15 6 12 3 11 4 7 9 1 13 10 0 */
/* depth = 7,4,5,3, Total gates=18 */
#define InvRND01(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t14, t15, t17, t01;\
t01 = a ^ b ; \
t02 = b | d ; \
t03 = a & c ; \
t04 = c ^ t02; \
t05 = a | t04; \
t06 = t01 & t05; \
t07 = d | t03; \
t08 = b ^ t06; \
t09 = t07 ^ t06; \
t10 = t04 | t03; \
t11 = d & t08; \
y = ~ t09; \
x = t10 ^ t11; \
t14 = a | y ; \
t15 = t06 ^ x ; \
z = t01 ^ t04; \
t17 = c ^ t15; \
w = t14 ^ t17; }
/* S2: 8 6 7 9 3 12 10 15 13 1 14 4 0 11 5 2 */
/* depth = 3,8,11,7, Total gates=16 */
#define RND02(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t05, t06, t07, t08, t09, t10, t12, t13, t14, t01;\
t01 = a | c ; \
t02 = a ^ b ; \
t03 = d ^ t01; \
w = t02 ^ t03; \
t05 = c ^ w ; \
t06 = b ^ t05; \
t07 = b | t05; \
t08 = t01 & t06; \
t09 = t03 ^ t07; \
t10 = t02 | t09; \
x = t10 ^ t08; \
t12 = a | d ; \
t13 = t09 ^ x ; \
t14 = b ^ t13; \
z = ~ t09; \
y = t12 ^ t14; }
/* InvS2: 12 9 15 4 11 14 1 2 0 3 6 13 5 8 10 7 */
/* depth = 3,6,8,3, Total gates=18 */
#define InvRND02(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t06, t07, t08, t09, t10, t11, t12, t15, t16, t17, t01;\
t01 = a ^ d ; \
t02 = c ^ d ; \
t03 = a & c ; \
t04 = b | t02; \
w = t01 ^ t04; \
t06 = a | c ; \
t07 = d | w ; \
t08 = ~ d ; \
t09 = b & t06; \
t10 = t08 | t03; \
t11 = b & t07; \
t12 = t06 & t02; \
z = t09 ^ t10; \
x = t12 ^ t11; \
t15 = c & z ; \
t16 = w ^ x ; \
t17 = t10 ^ t15; \
y = t16 ^ t17; }
/* S3: 0 15 11 8 12 9 6 3 13 1 2 4 10 7 5 14 */
/* depth = 8,3,5,5, Total gates=18 */
#define RND03(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t13, t14, t15, t01;\
t01 = a ^ c ; \
t02 = a | d ; \
t03 = a & d ; \
t04 = t01 & t02; \
t05 = b | t03; \
t06 = a & b ; \
t07 = d ^ t04; \
t08 = c | t06; \
t09 = b ^ t07; \
t10 = d & t05; \
t11 = t02 ^ t10; \
z = t08 ^ t09; \
t13 = d | z ; \
t14 = a | t07; \
t15 = b & t13; \
y = t08 ^ t11; \
w = t14 ^ t15; \
x = t05 ^ t04; }
/* InvS3: 0 9 10 7 11 14 6 13 3 5 12 2 4 8 15 1 */
/* depth = 3,6,4,4, Total gates=17 */
#define InvRND03(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t09, t11, t12, t13, t14, t16, t01;\
t01 = c | d ; \
t02 = a | d ; \
t03 = c ^ t02; \
t04 = b ^ t02; \
t05 = a ^ d ; \
t06 = t04 & t03; \
t07 = b & t01; \
y = t05 ^ t06; \
t09 = a ^ t03; \
w = t07 ^ t03; \
t11 = w | t05; \
t12 = t09 & t11; \
t13 = a & y ; \
t14 = t01 ^ t05; \
x = b ^ t12; \
t16 = b | t13; \
z = t14 ^ t16; }
/* S4: 1 15 8 3 12 0 11 6 2 5 4 10 9 14 7 13 */
/* depth = 6,7,5,3, Total gates=19 */
#define RND04(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t08, t09, t10, t11, t12, t13, t14, t15, t16, t01;\
t01 = a | b ; \
t02 = b | c ; \
t03 = a ^ t02; \
t04 = b ^ d ; \
t05 = d | t03; \
t06 = d & t01; \
z = t03 ^ t06; \
t08 = z & t04; \
t09 = t04 & t05; \
t10 = c ^ t06; \
t11 = b & c ; \
t12 = t04 ^ t08; \
t13 = t11 | t03; \
t14 = t10 ^ t09; \
t15 = a & t05; \
t16 = t11 | t12; \
y = t13 ^ t08; \
x = t15 ^ t16; \
w = ~ t14; }
/* InvS4: 5 0 8 3 10 9 7 14 2 12 11 6 4 15 13 1 */
/* depth = 6,4,7,3, Total gates=17 */
#define InvRND04(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t09, t10, t11, t12, t13, t15, t01;\
t01 = b | d ; \
t02 = c | d ; \
t03 = a & t01; \
t04 = b ^ t02; \
t05 = c ^ d ; \
t06 = ~ t03; \
t07 = a & t04; \
x = t05 ^ t07; \
t09 = x | t06; \
t10 = a ^ t07; \
t11 = t01 ^ t09; \
t12 = d ^ t04; \
t13 = c | t10; \
z = t03 ^ t12; \
t15 = a ^ t04; \
y = t11 ^ t13; \
w = t15 ^ t09; }
/* S5: 15 5 2 11 4 10 9 12 0 3 14 8 13 6 7 1 */
/* depth = 4,6,8,6, Total gates=17 */
#define RND05(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t14, t01;\
t01 = b ^ d ; \
t02 = b | d ; \
t03 = a & t01; \
t04 = c ^ t02; \
t05 = t03 ^ t04; \
w = ~ t05; \
t07 = a ^ t01; \
t08 = d | w ; \
t09 = b | t05; \
t10 = d ^ t08; \
t11 = b | t07; \
t12 = t03 | w ; \
t13 = t07 | t10; \
t14 = t01 ^ t11; \
y = t09 ^ t13; \
x = t07 ^ t08; \
z = t12 ^ t14; }
/* InvS5: 8 15 2 9 4 1 13 14 11 6 5 3 7 12 10 0 */
/* depth = 4,6,9,7, Total gates=17 */
#define InvRND05(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t07, t08, t09, t10, t12, t13, t15, t16, t01;\
t01 = a & d ; \
t02 = c ^ t01; \
t03 = a ^ d ; \
t04 = b & t02; \
t05 = a & c ; \
w = t03 ^ t04; \
t07 = a & w ; \
t08 = t01 ^ w ; \
t09 = b | t05; \
t10 = ~ b ; \
x = t08 ^ t09; \
t12 = t10 | t07; \
t13 = w | x ; \
z = t02 ^ t12; \
t15 = t02 ^ t13; \
t16 = b ^ d ; \
y = t16 ^ t15; }
/* S6: 7 2 12 5 8 4 6 11 14 9 1 15 13 3 10 0 */
/* depth = 8,3,6,3, Total gates=19 */
#define RND06(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t15, t17, t18, t01;\
t01 = a & d ; \
t02 = b ^ c ; \
t03 = a ^ d ; \
t04 = t01 ^ t02; \
t05 = b | c ; \
x = ~ t04; \
t07 = t03 & t05; \
t08 = b & x ; \
t09 = a | c ; \
t10 = t07 ^ t08; \
t11 = b | d ; \
t12 = c ^ t11; \
t13 = t09 ^ t10; \
y = ~ t13; \
t15 = x & t03; \
z = t12 ^ t07; \
t17 = a ^ b ; \
t18 = y ^ t15; \
w = t17 ^ t18; }
/* InvS6: 15 10 1 13 5 3 6 0 4 9 14 7 2 12 8 11 */
/* depth = 5,3,8,6, Total gates=19 */
#define InvRND06(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t07, t08, t09, t12, t13, t14, t15, t16, t17, t01;\
t01 = a ^ c ; \
t02 = ~ c ; \
t03 = b & t01; \
t04 = b | t02; \
t05 = d | t03; \
t06 = b ^ d ; \
t07 = a & t04; \
t08 = a | t02; \
t09 = t07 ^ t05; \
x = t06 ^ t08; \
w = ~ t09; \
t12 = b & w ; \
t13 = t01 & t05; \
t14 = t01 ^ t12; \
t15 = t07 ^ t13; \
t16 = d | t02; \
t17 = a ^ x ; \
z = t17 ^ t15; \
y = t16 ^ t14; }
/* S7: 1 13 15 0 14 8 2 11 7 4 12 10 9 3 5 6 */
/* depth = 10,7,10,4, Total gates=19 */
#define RND07(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t05, t06, t08, t09, t10, t11, t13, t14, t15, t16, t17, t01;\
t01 = a & c ; \
t02 = ~ d ; \
t03 = a & t02; \
t04 = b | t01; \
t05 = a & b ; \
t06 = c ^ t04; \
z = t03 ^ t06; \
t08 = c | z ; \
t09 = d | t05; \
t10 = a ^ t08; \
t11 = t04 & z ; \
x = t09 ^ t10; \
t13 = b ^ x ; \
t14 = t01 ^ x ; \
t15 = c ^ t05; \
t16 = t11 | t13; \
t17 = t02 | t14; \
w = t15 ^ t17; \
y = a ^ t16; }
/* InvS7: 3 0 6 13 9 14 15 8 5 12 11 7 10 1 4 2 */
/* depth = 9,7,3,3, Total gates=18 */
#define InvRND07(a,b,c,d,w,x,y,z) \
{ register UINT32 t02, t03, t04, t06, t07, t08, t09, t10, t11, t13, t14, t15, t16, t01;\
t01 = a & b ; \
t02 = a | b ; \
t03 = c | t01; \
t04 = d & t02; \
z = t03 ^ t04; \
t06 = b ^ t04; \
t07 = d ^ z ; \
t08 = ~ t07; \
t09 = t06 | t08; \
t10 = b ^ d ; \
t11 = a | d ; \
x = a ^ t09; \
t13 = c ^ t06; \
t14 = c & t11; \
t15 = d | x ; \
t16 = t01 | t10; \
w = t13 ^ t15; \
y = t14 ^ t16; }
#define RND08(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND09(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND10(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND11(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND12(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND13(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND14(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND15(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define RND16(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND17(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND18(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND19(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND20(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND21(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND22(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND23(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define RND24(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
#define RND25(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
#define RND26(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
#define RND27(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
#define RND28(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
#define RND29(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
#define RND30(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
#define RND31(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
#define InvRND08(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND09(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND10(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND11(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND12(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND13(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND14(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND15(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
#define InvRND16(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND17(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND18(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND19(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND20(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND21(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND22(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND23(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
#define InvRND24(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
#define InvRND25(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
#define InvRND26(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
#define InvRND27(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
#define InvRND28(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
#define InvRND29(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
#define InvRND30(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
#define InvRND31(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
/* Linear transformations and key mixing: */
#define ROL(x,n) ((((UINT32)(x))<<(n))| \
(((UINT32)(x))>>(32-(n))))
#define ROR(x,n) ((((UINT32)(x))<<(32-(n)))| \
(((UINT32)(x))>>(n)))
#define transform(x0, x1, x2, x3, y0, y1, y2, y3) \
y0 = ROL(x0, 13); \
y2 = ROL(x2, 3); \
y1 = x1 ^ y0 ^ y2; \
y3 = x3 ^ y2 ^ ((UINT32)y0)<<3; \
y1 = ROL(y1, 1); \
y3 = ROL(y3, 7); \
y0 = y0 ^ y1 ^ y3; \
y2 = y2 ^ y3 ^ ((UINT32)y1<<7); \
y0 = ROL(y0, 5); \
y2 = ROL(y2, 22)
#define inv_transform(x0, x1, x2, x3, y0, y1, y2, y3) \
y2 = ROR(x2, 22);\
y0 = ROR(x0, 5); \
y2 = y2 ^ x3 ^ ((UINT32)x1<<7); \
y0 = y0 ^ x1 ^ x3; \
y3 = ROR(x3, 7); \
y1 = ROR(x1, 1); \
y3 = y3 ^ y2 ^ ((UINT32)y0)<<3; \
y1 = y1 ^ y0 ^ y2; \
y2 = ROR(y2, 3); \
y0 = ROR(y0, 13)
#define keying(x0, x1, x2, x3, subkey) \
x0^=subkey[0];x1^=subkey[1]; \
x2^=subkey[2];x3^=subkey[3]
/* PHI: Constant used in the key schedule */
#define PHI 0x9e3779b9L
#endif /* SERPENTSBOXES_H */

View File

@ -1,366 +0,0 @@
/* sha.c - Implementation of the Secure Hash Algorithm
*
* Copyright (C) 1995, A.M. Kuchling
*
* Distribute and use freely; there are no restrictions on further
* dissemination and usage except those imposed by the laws of your
* country of residence.
*
* Adapted to pike and some cleanup by Niels Möller.
*/
/* $Id$ */
/* SHA: NIST's Secure Hash Algorithm */
/* Based on SHA code originally posted to sci.crypt by Peter Gutmann
in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
Modified to test for endianness on creation of SHA objects by AMK.
Also, the original specification of SHA was found to have a weakness
by NSA/NIST. This code implements the fixed version of SHA.
*/
/* Here's the first paragraph of Peter Gutmann's posting:
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
what's changed in the new version. The fix is a simple change which involves
adding a single rotate in the initial expansion function. It is unknown
whether this is an optimal solution to the problem which was discovered in the
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
effort (for example the reengineering of a great many Capstone chips).
*/
#include "crypto_types.h"
/* #include "port.h" */
#include "sha.h"
#include <string.h>
/* Also defined in lsh_types.h */
#ifndef READ_UINT32
/* Reads a 32-bit integer, in network byte order */
#define READ_UINT32(p) \
((((UINT32) (p)[0]) << 24) \
| (((UINT32) (p)[1]) << 16) \
| (((UINT32) (p)[2]) << 8) \
| ((UINT32) (p)[3]))
#endif
#ifndef WRITE_UINT32
#define WRITE_UINT32(p, i) \
do { \
(p)[0] = ((i) >> 24) & 0xff; \
(p)[1] = ((i) >> 16) & 0xff; \
(p)[2] = ((i) >> 8) & 0xff; \
(p)[3] = (i) & 0xff; \
} while(0)
#endif
void sha_copy(struct sha_ctx *dest, struct sha_ctx *src)
{
int i;
dest->count_l=src->count_l;
dest->count_h=src->count_h;
for(i=0; i<SHA_DIGESTLEN; i++)
dest->digest[i]=src->digest[i];
for(i=0; i < src->index; i++)
dest->block[i] = src->block[i];
dest->index = src->index;
}
/* The SHA f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
rcs@cs.arizona.edu for discovering this */
/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHA Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHA initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) )
/* The initial expanding function. The hash function is defined over an
80-word expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
optimization.
The updated SHA changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = \
ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHA sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHA values */
void sha_init(struct sha_ctx *ctx)
{
/* Set the h-vars to their initial values */
ctx->digest[ 0 ] = h0init;
ctx->digest[ 1 ] = h1init;
ctx->digest[ 2 ] = h2init;
ctx->digest[ 3 ] = h3init;
ctx->digest[ 4 ] = h4init;
/* Initialize bit count */
ctx->count_l = ctx->count_h = 0;
/* Initialize buffer */
ctx->index = 0;
}
/* Perform the SHA transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this function destroys the data area */
void sha_transform(UINT32 *state, UINT32 *data)
{
UINT32 A, B, C, D, E; /* Local vars */
/* Set up first buffer and local data buffer */
A = state[0];
B = state[1];
C = state[2];
D = state[3];
E = state[4];
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, data[ 0] );
subRound( E, A, B, C, D, f1, K1, data[ 1] );
subRound( D, E, A, B, C, f1, K1, data[ 2] );
subRound( C, D, E, A, B, f1, K1, data[ 3] );
subRound( B, C, D, E, A, f1, K1, data[ 4] );
subRound( A, B, C, D, E, f1, K1, data[ 5] );
subRound( E, A, B, C, D, f1, K1, data[ 6] );
subRound( D, E, A, B, C, f1, K1, data[ 7] );
subRound( C, D, E, A, B, f1, K1, data[ 8] );
subRound( B, C, D, E, A, f1, K1, data[ 9] );
subRound( A, B, C, D, E, f1, K1, data[10] );
subRound( E, A, B, C, D, f1, K1, data[11] );
subRound( D, E, A, B, C, f1, K1, data[12] );
subRound( C, D, E, A, B, f1, K1, data[13] );
subRound( B, C, D, E, A, f1, K1, data[14] );
subRound( A, B, C, D, E, f1, K1, data[15] );
subRound( E, A, B, C, D, f1, K1, expand( data, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( data, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( data, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( data, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( data, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( data, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( data, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( data, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( data, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( data, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( data, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( data, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( data, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( data, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( data, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( data, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( data, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( data, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( data, 79 ) );
/* Build message digest */
state[0] += A;
state[1] += B;
state[2] += C;
state[3] += D;
state[4] += E;
}
static void
sha_block(struct sha_ctx *ctx, const UINT8 *block)
{
UINT32 data[SHA_DATALEN];
int i;
/* Update block count */
if (!++ctx->count_l)
++ctx->count_h;
/* Endian independent conversion */
for (i = 0; i<SHA_DATALEN; i++, block += 4)
data[i] = READ_UINT32(block);
sha_transform(ctx->digest, data);
}
void
sha_update(struct sha_ctx *ctx,
const UINT8 *buffer, UINT32 len)
{
if (ctx->index)
{ /* Try to fill partial block */
unsigned left = SHA_DATASIZE - ctx->index;
if (len < left)
{
memcpy(ctx->block + ctx->index, buffer, len);
ctx->index += len;
return; /* Finished */
}
else
{
memcpy(ctx->block + ctx->index, buffer, left);
sha_block(ctx, ctx->block);
buffer += left;
len -= left;
}
}
while (len >= SHA_DATASIZE)
{
sha_block(ctx, buffer);
buffer += SHA_DATASIZE;
len -= SHA_DATASIZE;
}
if ((ctx->index = len)) /* This assignment is intended */
/* Buffer leftovers */
memcpy(ctx->block, buffer, len);
}
/* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void
sha_final(struct sha_ctx *ctx)
{
UINT32 data[SHA_DATALEN];
int i;
int words;
i = ctx->index;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
ctx->block[i++] = 0x80;
/* Fill rest of word */
for( ; i & 3; i++)
ctx->block[i] = 0;
/* i is now a multiple of the word size 4 */
words = i >> 2;
for (i = 0; i < words; i++)
data[i] = READ_UINT32(ctx->block + 4*i);
if (words > (SHA_DATALEN-2))
{ /* No room for length in this block. Process it and
* pad with another one */
for (i = words ; i < SHA_DATALEN; i++)
data[i] = 0;
sha_transform(ctx->digest, data);
for (i = 0; i < (SHA_DATALEN-2); i++)
data[i] = 0;
}
else
for (i = words ; i < SHA_DATALEN - 2; i++)
data[i] = 0;
/* Theres 512 = 2^9 bits in one block */
data[SHA_DATALEN-2] = (ctx->count_h << 9) | (ctx->count_l >> 23);
data[SHA_DATALEN-1] = (ctx->count_l << 9) | (ctx->index << 3);
sha_transform(ctx->digest, data);
}
void
sha_digest(struct sha_ctx *ctx, UINT8 *s)
{
int i;
for (i = 0; i < SHA_DIGESTLEN; i++, s+= 4)
WRITE_UINT32(s, ctx->digest[i]);
}

View File

@ -1,568 +0,0 @@
/* twofish.c
*
* $Id$
*/
/* twofish - An implementation of the twofish cipher.
* Copyright (C) 1999 Ruud de Rooij <ruud@debian.org>
*
* Modifications for lsh, integrated testing
* Copyright (C) 1999 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* ------------------------------------------------------------------------- */
#include "twofish.h"
#include <stdlib.h>
#include <string.h>
#include <assert.h>
static char cvs_id[] UNUSED =
"$Id$";
/* ------------------------------------------------------------------------- */
/* Type definitions for byte and word. word refers to a 32-bit unsigned
* value.
*/
typedef UINT8 byte;
typedef UINT32 word;
/* Bitwise rotations on 32-bit words. These are defined as macros that
* evaluate their argument twice, so do not apply to any expressions with
* side effects.
*/
#define rol1(x) (((x) << 1) | (((x) & 0x80000000) >> 31))
#define rol8(x) (((x) << 8) | (((x) & 0xFF000000) >> 24))
#define rol9(x) (((x) << 9) | (((x) & 0xFF800000) >> 23))
#define ror1(x) (((x) >> 1) | (((x) & 0x00000001) << 31))
/* void bytes_to_words(word * dest, const byte * src, int n);
* void words_to_bytes(byte * dest, const byte * src, int n);
*
* Copy n*4 bytes to n words and vice versa.
*/
#if defined(__i386__)
/* In the i386 case, these are simply memcpy's since the memory layout
* of an array of bytes and an array of words is identical.
*/
#define bytes_to_words(dest,src,n) memcpy(dest,src,(n)*4)
#define words_to_bytes(dest,src,n) memcpy(dest,src,(n)*4)
#else
/* These versions are independent of endianness and word size. */
static void
bytes_to_words(word *dest, const byte *src, int n)
{
while (n-- > 0)
{
*dest++ = src[0] | src[1] << 8 | src[2] << 16 | src[3] << 24;
src += 4;
}
}
static void
words_to_bytes(byte *dest, const word *src, int n)
{
while (n-- > 0)
{
*dest++ = *src;
*dest++ = *src >> 8;
*dest++ = *src >> 16;
*dest++ = *src >> 24;
src++;
}
}
#endif
/* ------------------------------------------------------------------------- */
/* The permutations q0 and q1. These are fixed permutations on 8-bit values.
* The permutations have been computed using the program generate_q
* which is distributed along with this file.
*/
static byte q0[] = { 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0, };
static byte q1[] = { 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91, };
/* ------------------------------------------------------------------------- */
/* byte gf_multiply(byte p, byte a, byte b)
*
* Multiplication in GF(2^8).
*
* This function multiplies a times b in the Galois Field GF(2^8) with
* primitive polynomial p.
* The representation of the polynomials a, b, and p uses bits with
* values 2^i to represent the terms x^i. The polynomial p contains an
* implicit term x^8.
*
* Note that addition and subtraction in GF(2^8) is simply the XOR
* operation.
*/
static byte
gf_multiply(byte p, byte a, byte b)
{
word shift = b;
byte result = 0;
while (a)
{
if (a & 1) result ^= shift;
a = a >> 1;
shift = shift << 1;
if (shift & 0x100) shift ^= p;
}
return result;
}
/* ------------------------------------------------------------------------- */
/* The matrix RS as specified in section 4.3 the twofish paper. */
static byte rs_matrix[4][8] = {
{ 0x01, 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E },
{ 0xA4, 0x56, 0x82, 0xF3, 0x1E, 0xC6, 0x68, 0xE5 },
{ 0x02, 0xA1, 0xFC, 0xC1, 0x47, 0xAE, 0x3D, 0x19 },
{ 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E, 0x03 } };
/* word compute_s(word m1, word m2);
*
* Computes the value RS * M, where M is a byte vector composed of the
* bytes of m1 and m2. Arithmetic is done in GF(2^8) with primitive
* polynomial x^8 + x^6 + x^3 + x^2 + 1.
*
* This function is used to compute the sub-keys S which are in turn used
* to generate the S-boxes.
*/
static word
compute_s(word m1, word m2)
{
word s = 0;
int i;
for (i = 0; i < 4; i++)
s |= (( gf_multiply(0x4D, m1, rs_matrix[i][0])
^ gf_multiply(0x4D, m1 >> 8, rs_matrix[i][1])
^ gf_multiply(0x4D, m1 >> 16, rs_matrix[i][2])
^ gf_multiply(0x4D, m1 >> 24, rs_matrix[i][3])
^ gf_multiply(0x4D, m2, rs_matrix[i][4])
^ gf_multiply(0x4D, m2 >> 8, rs_matrix[i][5])
^ gf_multiply(0x4D, m2 >> 16, rs_matrix[i][6])
^ gf_multiply(0x4D, m2 >> 24, rs_matrix[i][7])) << (i*8));
return s;
}
/* ------------------------------------------------------------------------- */
/* This table describes which q S-boxes are used for each byte in each stage
* of the function h, cf. figure 2 of the twofish paper.
*/
static byte * q_table[4][5] = { { q1, q1, q0, q0, q1 },
{ q0, q1, q1, q0, q0 },
{ q0, q0, q0, q1, q1 },
{ q1, q0, q1, q1, q0 } };
/* The matrix MDS as specified in section 4.3.2 of the twofish paper. */
static byte mds_matrix[4][4] = { { 0x01, 0xEF, 0x5B, 0x5B },
{ 0x5B, 0xEF, 0xEF, 0x01 },
{ 0xEF, 0x5B, 0x01, 0xEF },
{ 0xEF, 0x01, 0xEF, 0x5B } };
/* word h_byte(int k, int i, byte x, byte l0, byte l1, byte l2, byte l3);
*
* Perform the h function (section 4.3.2) on one byte. It consists of
* repeated applications of the q permutation, followed by a XOR with
* part of a sub-key. Finally, the value is multiplied by one column of
* the MDS matrix. To obtain the result for a full word, the results of
* h for the individual bytes are XORed.
*
* k is the key size (/ 64 bits), i is the byte number (0 = LSB), x is the
* actual byte to apply the function to; l0, l1, l2, and l3 are the
* appropriate bytes from the subkey. Note that only l0..l(k-1) are used.
*/
static word
h_byte(int k, int i, byte x, byte l0, byte l1, byte l2, byte l3)
{
byte y = q_table[i][4][l0 ^
q_table[i][3][l1 ^
q_table[i][2][k == 2 ? x : l2 ^
q_table[i][1][k == 3 ? x : l3 ^ q_table[i][0][x]]]]];
return ( ((word)gf_multiply(0x69, mds_matrix[0][i], y))
| ((word)gf_multiply(0x69, mds_matrix[1][i], y) << 8)
| ((word)gf_multiply(0x69, mds_matrix[2][i], y) << 16)
| ((word)gf_multiply(0x69, mds_matrix[3][i], y) << 24) );
}
/* word h(int k, byte x, word l0, word l1, word l2, word l3);
*
* Perform the function h on a word. See the description of h_byte() above.
*/
static word
h(int k, byte x, word l0, word l1, word l2, word l3)
{
return ( h_byte(k, 0, x, l0, l1, l2, l3)
^ h_byte(k, 1, x, l0 >> 8, l1 >> 8, l2 >> 8, l3 >> 8)
^ h_byte(k, 2, x, l0 >> 16, l1 >> 16, l2 >> 16, l3 >> 16)
^ h_byte(k, 3, x, l0 >> 24, l1 >> 24, l2 >> 24, l3 >> 24) );
}
/*
* Sanity check using the test vectors from appendix A.1 of the Twofish paper.
*/
int
twofish_selftest(void)
{
byte testkey128[16] =
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte ciphertext128[16] =
{
0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,
0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A };
byte testkey192[24] =
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
byte ciphertext192[16] =
{ 0xCF, 0xD1, 0xD2, 0xE5, 0xA9, 0xBE, 0x9C, 0xDF,
0x50, 0x1F, 0x13, 0xB8, 0x92, 0xBD, 0x22, 0x48 };
byte testkey256[32] =
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
byte ciphertext256[16] =
{ 0x37, 0x52, 0x7B, 0xE0, 0x05, 0x23, 0x34, 0xB8,
0x9F, 0x0C, 0xFC, 0xCA, 0xE8, 0x7C, 0xFA, 0x20 };
TWOFISH_context context;
byte plaintext[16], ciphertext[16];
twofish_setup(&context, 16, testkey128);
memset(plaintext, 0, 16);
twofish_encrypt(&context, plaintext, ciphertext);
if (memcmp(ciphertext, ciphertext128, 16)) {
return 0;
}
twofish_setup(&context, 24, testkey192);
memset(plaintext, 0, 16);
twofish_encrypt(&context, plaintext, ciphertext);
if (memcmp(ciphertext, ciphertext192, 16)) {
return 0;
}
twofish_setup(&context, 32, testkey256);
memset(plaintext, 0, 16);
twofish_encrypt(&context, plaintext, ciphertext);
if (memcmp(ciphertext, ciphertext256, 16)) {
return 0;
}
return 1;
}
/* ------------------------------------------------------------------------- */
/* API */
/* Structure which contains the tables containing the subkeys and the
* key-dependent s-boxes.
*/
/* void twofish_setup(TWOFISH_context *ctx, size_t keysize, const UINT8 * key);
*
* Set up internal tables required for twofish encryption and decryption.
*
* The key size is specified in bytes. Key sizes up to 32 bytes are
* supported. Larger key sizes are silently truncated.
*/
void
twofish_setup(TWOFISH_context * context, size_t keysize, const UINT8 *key)
{
byte key_copy[32];
word m[8], s[4], t;
int i, j, k;
#ifndef NDEBUG
static int initialized = 0;
if (!initialized)
{
initialized = 1;
assert(twofish_selftest());
}
#endif
/* Extend or truncate key as necessary */
memset(key_copy, 0, 32);
if (keysize > 32)
keysize = 32;
memcpy(key_copy, key, keysize);
bytes_to_words(m, key_copy, (keysize + 3)/4);
if (keysize <= 16)
k = 2;
else if (keysize <= 24)
k = 3;
else
k = 4;
/* Compute sub-keys */
for (i = 0; i < 20; i++)
{
t = h(k, 2*i+1, m[1], m[3], m[5], m[7]);
t = rol8(t);
t += (context->keys[2*i] =
t + h(k, 2*i, m[0], m[2], m[4], m[6]));
t = rol9(t);
context->keys[2*i+1] = t;
}
/* Compute key-dependent S-boxes */
for (i = 0; i < k; i++)
s[k-1-i] = compute_s(m[2*i], m[2*i+1]);
for (i = 0; i < 4; i++)
for (j = 0; j < 256; j++)
context->s_box[i][j] = h_byte(k, i, j,
s[0] >> (i*8),
s[1] >> (i*8),
s[2] >> (i*8),
s[3] >> (i*8));
}
/* void twofish_encrypt(TWOFISH_context *context,
* const UINT8 *plaintext,
* UINT8 *ciphertext);
*
* Encrypt 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_setup() must be used in order to
* set up various tables required for the encryption algorithm.
*
* This function always encrypts 16 bytes of plaintext to 16 bytes of
* ciphertext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_encrypt(TWOFISH_context *context,
const UINT8 *plaintext,
UINT8 *ciphertext)
{
word words[4];
word r0, r1, r2, r3, t0, t1;
int i;
word * keys = context->keys;
word (*s_box)[256] = context->s_box;
bytes_to_words(words, plaintext, 4);
r0 = words[0] ^ keys[0];
r1 = words[1] ^ keys[1];
r2 = words[2] ^ keys[2];
r3 = words[3] ^ keys[3];
for (i = 0; i < 8; i++) {
t1 = ( s_box[1][r1 & 0xFF]
^ s_box[2][(r1 >> 8) & 0xFF]
^ s_box[3][(r1 >> 16) & 0xFF]
^ s_box[0][(r1 >> 24) & 0xFF]);
t0 = ( s_box[0][r0 & 0xFF]
^ s_box[1][(r0 >> 8) & 0xFF]
^ s_box[2][(r0 >> 16) & 0xFF]
^ s_box[3][(r0 >> 24) & 0xFF]) + t1;
r3 = (t1 + t0 + keys[4*i+9]) ^ rol1(r3);
r2 = (t0 + keys[4*i+8]) ^ r2;
r2 = ror1(r2);
t1 = ( s_box[1][r3 & 0xFF]
^ s_box[2][(r3 >> 8) & 0xFF]
^ s_box[3][(r3 >> 16) & 0xFF]
^ s_box[0][(r3 >> 24) & 0xFF]);
t0 = ( s_box[0][r2 & 0xFF]
^ s_box[1][(r2 >> 8) & 0xFF]
^ s_box[2][(r2 >> 16) & 0xFF]
^ s_box[3][(r2 >> 24) & 0xFF]) + t1;
r1 = (t1 + t0 + keys[4*i+11]) ^ rol1(r1);
r0 = (t0 + keys[4*i+10]) ^ r0;
r0 = ror1(r0);
}
words[0] = r2 ^ keys[4];
words[1] = r3 ^ keys[5];
words[2] = r0 ^ keys[6];
words[3] = r1 ^ keys[7];
words_to_bytes(ciphertext, words, 4);
}
/* void twofish_decrypt(TWOFISH_context *context,
* const UINT8 *ciphertext,
* UINT8 *plaintext);
*
* Decrypt 16 bytes of data with the twofish algorithm.
*
* Before this function can be used, twofish_setup() must be used in order to
* set up various tables required for the decryption algorithm.
*
* This function always decrypts 16 bytes of ciphertext to 16 bytes of
* plaintext. The memory areas of the plaintext and the ciphertext can
* overlap.
*/
void
twofish_decrypt(TWOFISH_context *context,
const UINT8 *ciphertext,
UINT8 *plaintext)
{
word words[4];
word r0, r1, r2, r3, t0, t1;
int i;
word *keys = context->keys;
word (*s_box)[256] = context->s_box;
bytes_to_words(words, ciphertext, 4);
r0 = words[2] ^ keys[6];
r1 = words[3] ^ keys[7];
r2 = words[0] ^ keys[4];
r3 = words[1] ^ keys[5];
for (i = 0; i < 8; i++) {
t1 = ( s_box[1][r3 & 0xFF]
^ s_box[2][(r3 >> 8) & 0xFF]
^ s_box[3][(r3 >> 16) & 0xFF]
^ s_box[0][(r3 >> 24) & 0xFF]);
t0 = ( s_box[0][r2 & 0xFF]
^ s_box[1][(r2 >> 8) & 0xFF]
^ s_box[2][(r2 >> 16) & 0xFF]
^ s_box[3][(r2 >> 24) & 0xFF]) + t1;
r1 = (t1 + t0 + keys[39-4*i]) ^ r1;
r1 = ror1(r1);
r0 = (t0 + keys[38-4*i]) ^ rol1(r0);
t1 = ( s_box[1][r1 & 0xFF]
^ s_box[2][(r1 >> 8) & 0xFF]
^ s_box[3][(r1 >> 16) & 0xFF]
^ s_box[0][(r1 >> 24) & 0xFF]);
t0 = ( s_box[0][r0 & 0xFF]
^ s_box[1][(r0 >> 8) & 0xFF]
^ s_box[2][(r0 >> 16) & 0xFF]
^ s_box[3][(r0 >> 24) & 0xFF]) + t1;
r3 = (t1 + t0 + keys[37-4*i]) ^ r3;
r3 = ror1(r3);
r2 = (t0 + keys[36-4*i]) ^ rol1(r2);
}
words[0] = r0 ^ keys[0];
words[1] = r1 ^ keys[1];
words[2] = r2 ^ keys[2];
words[3] = r3 ^ keys[3];
words_to_bytes(plaintext, words, 4);
}

View File

@ -1,42 +0,0 @@
/* twofish_test.c
*
* $Id$
*/
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 1998 Niels Möller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "twofish.h"
#include <stdio.h>
#include <stdlib.h>
int main (int argc UNUSED, char **argv UNUSED)
{
if (twofish_selftest())
{
fprintf(stderr, "Twofish works.\n");
return EXIT_SUCCESS;
}
else
{
fprintf(stderr, "ERROR: Twofish failed.\n");
return EXIT_FAILURE;
}
}

Binary file not shown.

View File

@ -37,12 +37,8 @@ B2CTISEmV3KYx5NJpyKC3IBw/ckP6Q==
---- END SSH2 PUBLIC KEY ---- ---- END SSH2 PUBLIC KEY ----
*/ */
#if macintosh
#include "lshprefix.h" #include "lshprefix.h"
#include "lsh_context.h" #include "lsh_context.h"
#endif
#include "algorithms.h" #include "algorithms.h"
#include "alist.h" #include "alist.h"
@ -69,25 +65,11 @@ B2CTISEmV3KYx5NJpyKC3IBw/ckP6Q==
/* Global, for simplicity */ /* Global, for simplicity */
int exit_code = EXIT_SUCCESS; int exit_code = EXIT_SUCCESS;
/* (write out sexp) /* (print out sexp) */
*
* Prints the sexp to the abstract_write OUT. Returns the sexp. */
/* GABA:
(class
(name ssh2_print_to)
(super command)
(vars
(algorithms object alist)
(subject . "const char *")
(comment . "const char *")
(dest object abstract_write)))
*/
/* GABA: /* GABA:
(class (class
(name ssh2_print_command) (name ssh2_print_command)
(super command_simple) (super command_2)
(vars (vars
(algorithms object alist) (algorithms object alist)
(subject . "const char *") (subject . "const char *")
@ -123,13 +105,15 @@ insert_newlines(struct lsh_string *input, unsigned width, int free)
} }
static void static void
do_ssh2_print(struct command *s, do_ssh2_print_command(struct command_2 *s,
struct lsh_object *a, struct lsh_object *a1,
struct lsh_object *x,
struct command_continuation *c, struct command_continuation *c,
struct exception_handler *e UNUSED) struct exception_handler *e UNUSED)
{ {
CAST(ssh2_print_to, self, s); CAST(ssh2_print_command, self, s);
CAST_SUBTYPE(sexp, expr, a); CAST_SUBTYPE(abstract_write, dest, a1);
CAST_SUBTYPE(sexp, expr, x);
struct sexp_iterator *i; struct sexp_iterator *i;
struct verifier *v; struct verifier *v;
@ -163,55 +147,39 @@ do_ssh2_print(struct command *s,
"Unsupported algorithm.")); "Unsupported algorithm."));
} }
A_WRITE(self->dest, ssh_format("---- BEGIN SSH2 PUBLIC KEY ----\n" #if MACOS
A_WRITE(dest, ssh_format("---- BEGIN SSH2 PUBLIC KEY ----\n"
"%lfS" "%lfS"
"%lfS" "%lfS"
"%lfS" "%lfS"
"---- END SSH2 PUBLIC KEY ----\n", "---- END SSH2 PUBLIC KEY ----\n",
make_header("Subject", self->subject), make_header("Subject", self->subject),
make_header("Comment", self->comment), make_header("Comment", self->comment),
insert_newlines(encode_base64(PUBLIC_KEY(v), NULL, 0, 0, 1), 70, 1) insert_newlines(encode_base64(PUBLIC_KEY(v), NULL, 0, 0, 1), 70, 1)));
)); #else
COMMAND_RETURN(c, a); A_WRITE(dest, ssh_format("---- BEGIN SSH2 PUBLIC KEY ----\n"
"%lfS"
"%lfS"
"\n%lfS\n"
"---- END SSH2 PUBLIC KEY ----\n",
make_header("Subject", self->subject),
make_header("Comment", self->comment),
encode_base64(PUBLIC_KEY(v), NULL, 1, 0, 1)));
#endif
COMMAND_RETURN(c, x);
} }
static struct command * static struct command *
make_ssh2_print_to(struct alist *algorithms,
const char *s, const char *c,
struct abstract_write *dest)
{
NEW(ssh2_print_to, self);
self->super.call = do_ssh2_print;
self->algorithms = algorithms;
self->subject = s;
self->comment = c;
self->dest = dest;
return &self->super;
}
static struct lsh_object *
do_ssh2_print_simple(struct command_simple *s,
struct lsh_object *a)
{
CAST(ssh2_print_command, self, s);
CAST_SUBTYPE(abstract_write, dest, a);
return &make_ssh2_print_to(self->algorithms,
self->subject, self->comment, dest)->super;
}
static struct command_simple *
make_ssh2_print_command(struct alist *algorithms, make_ssh2_print_command(struct alist *algorithms,
const char *s, const char *c) const char *s, const char *c)
{ {
NEW(ssh2_print_command, self); NEW(ssh2_print_command, self);
self->super.super.call = do_call_simple_command; self->super.super.call = do_command_2;
self->super.call_simple = do_ssh2_print_simple; self->super.invoke = do_ssh2_print_command;
self->algorithms = algorithms; self->algorithms = algorithms;
self->subject = s; self->subject = s;
self->comment = c; self->comment = c;
return &self->super; return &self->super.super;
} }
@ -339,16 +307,16 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
state->child_inputs[1] = NULL; state->child_inputs[1] = NULL;
break; break;
case ARGP_KEY_END: case ARGP_KEY_END:
self->print = &(make_ssh2_print_command(self->algorithms, self->print = make_ssh2_print_command(self->algorithms,
self->subject, self->subject,
self->comment)->super); self->comment);
break; break;
case OPT_INFILE: case OPT_INFILE:
self->infile = arg; self->infile = arg;
#if MACOS #if MACOS
if ( access( arg, R_OK ) != 0 ) { if ( access( arg, R_OK ) != 0 ) {
tmp = ssh_cformat("%lz%lz", getenv("HOME"), arg); tmp = ssh_format("%lz%lz", getenv("HOME"), arg);
self->infile = (const char *)tmp->data; self->infile = lsh_get_cstring(tmp);
} }
#endif #endif
break; break;
@ -386,6 +354,8 @@ int ekappl_main(int argc, char **argv);
#define main ekappl_main #define main ekappl_main
#endif #endif
#define MAX_KEY_SIZE 10000
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
struct export_key_options *options = make_options(); struct export_key_options *options = make_options();
@ -412,7 +382,7 @@ int main(int argc, char **argv)
} }
} }
else else
in = make_lsh_fd(backend, STDIN_FILENO, e); in = make_lsh_fd(backend, STDIN_FILENO, "stdin", e);
if (options->outfile) if (options->outfile)
{ {
@ -421,13 +391,14 @@ int main(int argc, char **argv)
SEXP_BUFFER_SIZE, NULL, e); SEXP_BUFFER_SIZE, NULL, e);
} }
else else
out = io_write(make_lsh_fd(backend, STDOUT_FILENO, e), out = io_write(make_lsh_fd(backend, STDOUT_FILENO,
"stdout", e),
SEXP_BUFFER_SIZE, NULL); SEXP_BUFFER_SIZE, NULL);
{ {
CAST_SUBTYPE(command, work, CAST_SUBTYPE(command, work,
make_export_key( make_export_key(
make_read_sexp_command(options->input, 0), make_read_sexp_command(options->input, 0, MAX_KEY_SIZE),
options->print, options->print,
&(out->write_buffer->super))); &(out->write_buffer->super)));

View File

@ -52,31 +52,32 @@ extern void exit(int status);
#endif #endif
#define BLOCK_SIZE 2000 #define BLOCK_SIZE 2000
#define MAX_SEXP_SIZE 5000
static struct read_sexp_command read_sexp static struct read_sexp_command read_sexp
= STATIC_READ_SEXP(SEXP_TRANSPORT, 0); = STATIC_READ_SEXP(SEXP_TRANSPORT, 0, MAX_SEXP_SIZE);
#define READ_SEXP (&read_sexp.super.super) #define READ_SEXP (&read_sexp.super.super)
struct lsh_writekey_options; struct lsh_writekey_options;
extern struct command_simple lsh_writekey_print_public; extern struct command lsh_writekey_print_public;
#define PRINT_PUBLIC (&lsh_writekey_print_public.super.super) #define PRINT_PUBLIC (&lsh_writekey_print_public.super)
extern struct command_simple lsh_writekey_print_private; extern struct command lsh_writekey_print_private;
#define PRINT_PRIVATE (&lsh_writekey_print_private.super.super) #define PRINT_PRIVATE (&lsh_writekey_print_private.super)
extern struct command_simple lsh_writekey_options2algorithms; extern struct command lsh_writekey_options2algorithms;
#define OPTIONS2ALGORITHMS (&lsh_writekey_options2algorithms.super.super) #define OPTIONS2ALGORITHMS (&lsh_writekey_options2algorithms.super)
extern struct command_simple lsh_writekey_options2transform; extern struct command lsh_writekey_options2transform;
#define TRANSFORM (&lsh_writekey_options2transform.super.super) #define TRANSFORM (&lsh_writekey_options2transform.super)
extern struct command_simple lsh_writekey_options2public_file; extern struct command lsh_writekey_options2public_file;
#define OPTIONS2PUBLIC_FILE (&lsh_writekey_options2public_file.super.super) #define OPTIONS2PUBLIC_FILE (&lsh_writekey_options2public_file.super)
extern struct command_simple lsh_writekey_options2private_file; extern struct command lsh_writekey_options2private_file;
#define OPTIONS2PRIVATE_FILE (&lsh_writekey_options2private_file.super.super) #define OPTIONS2PRIVATE_FILE (&lsh_writekey_options2private_file.super)
#include "lsh-writekey.c.x" #include "lsh-writekey.c.x"
@ -196,16 +197,16 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
else else
{ {
#ifndef MACOS #ifndef MACOS
s = ssh_cformat("%lz/.lsh", home); s = ssh_format("%lz/.lsh", home);
if (mkdir(s->data, 0755) < 0) if (mkdir(lsh_get_cstring(s), 0755) < 0)
{ {
if (errno != EEXIST) if (errno != EEXIST)
argp_failure(state, EXIT_FAILURE, errno, "Creating directory %s failed.", s->data); argp_failure(state, EXIT_FAILURE, errno, "Creating directory %s failed.", s->data);
} }
lsh_string_free(s); lsh_string_free(s);
self->file = ssh_cformat("%lz/.lsh/identity", home); self->file = ssh_format("%lz/.lsh/identity", home);
#else #else
self->file = ssh_cformat("%lzidentity", home); self->file = ssh_format("%lzidentity", home);
#endif #endif
} }
} }
@ -259,7 +260,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
break; break;
case 'o': case 'o':
self->file = format_cstring(arg); self->file = make_string(arg);
break; break;
case 'i': case 'i':
@ -322,41 +323,61 @@ main_argp =
NULL, NULL NULL, NULL
}; };
DEFINE_COMMAND_SIMPLE(lsh_writekey_print_public, a) DEFINE_COMMAND(lsh_writekey_print_public)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
return &make_sexp_print_command COMMAND_RETURN(c,
((options->style > 0) ? options->style : SEXP_TRANSPORT)->super.super; make_sexp_print_command
((options->style > 0)
? options->style : SEXP_TRANSPORT));
} }
DEFINE_COMMAND_SIMPLE(lsh_writekey_print_private, a) DEFINE_COMMAND(lsh_writekey_print_private)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
return &make_sexp_print_command COMMAND_RETURN(c,
((options->style > 0) ? options->style : SEXP_CANONICAL)->super.super; make_sexp_print_command
((options->style > 0)
? options->style : SEXP_CANONICAL));
} }
DEFINE_COMMAND_SIMPLE(lsh_writekey_options2algorithms, a) DEFINE_COMMAND(lsh_writekey_options2algorithms)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
return &options->signature_algorithms->super; COMMAND_RETURN(c, options->signature_algorithms);
} }
DEFINE_COMMAND_SIMPLE(lsh_writekey_options2transform, a) DEFINE_COMMAND(lsh_writekey_options2transform)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
if (!options->crypto) if (!options->crypto)
return &command_I.super.super; COMMAND_RETURN(c, &command_I);
else else
{ {
CAST_SUBTYPE(mac_algorithm, hmac, CAST_SUBTYPE(mac_algorithm, hmac,
ALIST_GET(options->crypto_algorithms, ATOM_HMAC_SHA1)); ALIST_GET(options->crypto_algorithms, ATOM_HMAC_SHA1));
assert(hmac); assert(hmac);
return COMMAND_RETURN(c,
&make_pkcs5_encrypt(options->r, make_pkcs5_encrypt(options->r,
lsh_string_dup(options->label), lsh_string_dup(options->label),
ATOM_HMAC_SHA1, ATOM_HMAC_SHA1,
hmac, hmac,
@ -364,49 +385,59 @@ DEFINE_COMMAND_SIMPLE(lsh_writekey_options2transform, a)
options->crypto, options->crypto,
10, /* Salt length */ 10, /* Salt length */
lsh_string_dup(options->passphrase), lsh_string_dup(options->passphrase),
options->iterations)->super; options->iterations));
} }
} }
DEFINE_COMMAND_SIMPLE(lsh_writekey_options2public_file, a) DEFINE_COMMAND(lsh_writekey_options2public_file)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
struct lsh_string *public = ssh_cformat("%lS.pub", options->file); struct lsh_string *public = ssh_format("%lS.pub", options->file);
return COMMAND_RETURN(c,
&make_io_write_file_info(public->data, make_io_write_file_info(lsh_get_cstring(public),
O_CREAT | O_EXCL | O_WRONLY, O_CREAT | O_EXCL | O_WRONLY,
0644, 0644,
BLOCK_SIZE)->super; BLOCK_SIZE));
} }
DEFINE_COMMAND_SIMPLE(lsh_writekey_options2private_file, a) DEFINE_COMMAND(lsh_writekey_options2private_file)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_writekey_options, options, a); CAST(lsh_writekey_options, options, a);
return
&make_io_write_file_info(options->file->data, COMMAND_RETURN(c,
make_io_write_file_info(lsh_get_cstring(options->file),
O_CREAT | O_EXCL | O_WRONLY, O_CREAT | O_EXCL | O_WRONLY,
0600, 0600,
BLOCK_SIZE)->super; BLOCK_SIZE));
} }
/* GABA: /* GABA:
(expr (expr
(name make_writekey) (name make_writekey)
(globals
(open IO_WRITE_FILE)
(stdin IO_READ_STDIN))
(params (params
(options object lsh_writekey_options)) (options object lsh_writekey_options))
(expr (expr
(lambda (backend) (lambda (backend)
(let ((key (read_sexp (stdin backend)))) (let ((key (read_sexp (io_read_stdin backend))))
(prog1 (print_public options (open backend (options2public_file options)) (prog1 (print_public options
(io_write_file backend
(options2public_file options))
(verifier2public (verifier2public
(signer2verifier (signer2verifier
(sexp2signer (options2algorithms options) (sexp2signer (options2algorithms options)
key)))) key))))
(print_private options (open backend (options2private_file options)) (print_private options
(io_write_file backend
(options2private_file options))
(transform options key))))))) (transform options key)))))))
*/ */

View File

@ -71,17 +71,17 @@
#include "lsh_argp.h" #include "lsh_argp.h"
/* Forward declarations */ /* Forward declarations */
struct command_simple lsh_verifier_command; struct command_2 lsh_verifier_command;
#define OPTIONS2VERIFIER (&lsh_verifier_command.super.super) #define OPTIONS2VERIFIER (&lsh_verifier_command.super.super)
struct command_simple lsh_login_command; struct command_2 lsh_login_command;
#define LSH_LOGIN (&lsh_login_command.super.super) #define LSH_LOGIN (&lsh_login_command.super.super)
static struct command options2known_hosts; static struct command options2known_hosts;
#define OPTIONS2KNOWN_HOSTS (&options2known_hosts.super) #define OPTIONS2KNOWN_HOSTS (&options2known_hosts.super)
struct command_simple options2service; struct command options2service;
#define OPTIONS2SERVICE (&options2service.super.super) #define OPTIONS2SERVICE (&options2service.super)
static struct command options2identities; static struct command options2identities;
#define OPTIONS2IDENTITIES (&options2identities.super) #define OPTIONS2IDENTITIES (&options2identities.super)
@ -90,9 +90,6 @@ static struct request_service request_userauth_service =
STATIC_REQUEST_SERVICE(ATOM_SSH_USERAUTH); STATIC_REQUEST_SERVICE(ATOM_SSH_USERAUTH);
#define REQUEST_USERAUTH_SERVICE (&request_userauth_service.super.super) #define REQUEST_USERAUTH_SERVICE (&request_userauth_service.super.super)
static struct request_service request_connection_service =
STATIC_REQUEST_SERVICE(ATOM_SSH_CONNECTION);
#define REQUEST_CONNECTION_SERVICE (&request_connection_service.super.super)
#include "lsh.c.x" #include "lsh.c.x"
@ -111,8 +108,6 @@ STATIC_REQUEST_SERVICE(ATOM_SSH_CONNECTION);
(vars (vars
(algorithms object algorithms_options) (algorithms object algorithms_options)
(random object randomness_with_poll)
(signature_algorithms object alist) (signature_algorithms object alist)
(home . "const char *") (home . "const char *")
@ -122,9 +117,6 @@ STATIC_REQUEST_SERVICE(ATOM_SSH_CONNECTION);
(with_srp_keyexchange . int) (with_srp_keyexchange . int)
(with_dh_keyexchange . int) (with_dh_keyexchange . int)
; Ask for the userauth service
(with_userauth . int)
; Command to invoke to start ssh-connection service) ; Command to invoke to start ssh-connection service)
(service object command) (service object command)
@ -147,16 +139,16 @@ make_options(struct io_backend *backend,
int *exit_code) int *exit_code)
{ {
NEW(lsh_options, self); NEW(lsh_options, self);
init_client_options(&self->super, backend, handler, exit_code); init_client_options(&self->super, backend,
make_default_random(NULL, handler),
handler, exit_code);
self->algorithms self->algorithms
= make_algorithms_options(all_symmetric_algorithms()); = make_algorithms_options(all_symmetric_algorithms());
self->random = make_default_random(NULL, handler);
self->home = getenv("HOME"); self->home = getenv("HOME");
self->signature_algorithms = all_signature_algorithms(&self->random->super); self->signature_algorithms = all_signature_algorithms(&self->super.random->super);
self->sloppy = 0; self->sloppy = 0;
self->capture = NULL; self->capture = NULL;
@ -173,8 +165,6 @@ make_options(struct io_backend *backend,
/* By default, enable only one of dh and srp. */ /* By default, enable only one of dh and srp. */
self->with_dh_keyexchange = -1; self->with_dh_keyexchange = -1;
self->with_userauth = -1;
self->kex_algorithms = NULL; self->kex_algorithms = NULL;
return self; return self;
@ -183,10 +173,14 @@ make_options(struct io_backend *backend,
/* Request ssh-userauth or ssh-connection service, as appropriate, /* Request ssh-userauth or ssh-connection service, as appropriate,
* and pass the options as a first argument. */ * and pass the options as a first argument. */
DEFINE_COMMAND_SIMPLE(options2service, a) DEFINE_COMMAND(options2service)
(struct command *s UNUSED,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_options, options, a); CAST(lsh_options, options, a);
return &options->service->super; COMMAND_RETURN(c, options->service);
} }
/* Open hostkey database. By default, "~/.lsh/known_hosts". */ /* Open hostkey database. By default, "~/.lsh/known_hosts". */
@ -208,11 +202,11 @@ do_options2known_hosts(struct command *ignored UNUSED,
else else
{ {
#ifndef MACOS #ifndef MACOS
tmp = ssh_cformat("%lz/.lsh/known_hosts", options->home); tmp = ssh_format("%lz/.lsh/known_hosts", options->home);
#else #else
tmp = ssh_cformat("%lzknown_hosts", options->home); tmp = ssh_format("%lzknown_hosts", options->home);
#endif #endif
s = tmp->data; s = lsh_get_cstring(tmp);
} }
f = io_read_file(options->super.backend, s, e); f = io_read_file(options->super.backend, s, e);
@ -265,19 +259,19 @@ do_options2identities(struct command *ignored UNUSED,
s = options->identity; s = options->identity;
#if MACOS #if MACOS
if ( access( s, R_OK ) != 0 ) { if ( access( s, R_OK ) != 0 ) {
tmp = ssh_cformat("%lz%lz", options->home, s); tmp = ssh_format("%lz%lz", options->home, s);
s = tmp->data; s = lsh_get_cstring(tmp);
} }
#endif #endif
} }
else else
{ {
#ifndef MACOS #ifndef MACOS
tmp = ssh_cformat("%lz/.lsh/identity", options->home); tmp = ssh_format("%lz/.lsh/identity", options->home);
#else #else
tmp = ssh_cformat("%lzidentity", options->home); tmp = ssh_format("%lzidentity", options->home);
#endif #endif
s = tmp->data; s = lsh_get_cstring(tmp);
} }
f = io_read_file(options->super.backend, s, e); f = io_read_file(options->super.backend, s, e);
@ -307,27 +301,6 @@ do_options2identities(struct command *ignored UNUSED,
static struct command options2identities = static struct command options2identities =
STATIC_COMMAND(do_options2identities); STATIC_COMMAND(do_options2identities);
/* GABA:
(class
(name options_command)
(super command)
(vars
(options object lsh_options)))
*/
static struct command *
make_options_command(struct lsh_options *options,
void (*call)(struct command *s,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e))
{
NEW(options_command, self);
self->super.call = call;
self->options = options;
return &self->super;
}
/* Maps a host key to a (trusted) verifier object. */ /* Maps a host key to a (trusted) verifier object. */
@ -449,10 +422,11 @@ do_lsh_lookup(struct lookup_verifier *c,
else else
{ {
struct sexp *acl; struct sexp *acl;
verbose("SPKI authorization failed.\n"); verbose("SPKI authorization failed.\n");
if (!self->sloppy) if (!self->sloppy)
{ {
werror("lsh: Server's hostkey is not trusted. Disconnecting.\n"); werror("Server's hostkey is not trusted. Disconnecting.\n");
return NULL; return NULL;
} }
@ -460,15 +434,15 @@ do_lsh_lookup(struct lookup_verifier *c,
#if MACOS #if MACOS
if (!quiet_flag) if (!quiet_flag)
{ {
extern short save_once_cancel1(char *fingerprint); extern short save_once_cancel1(const char *fingerprint);
extern short save_once_cancel2(char *fingerprint); extern short save_once_cancel2(const char *fingerprint);
/* Check if this host was known */ /* Check if this host was known */
int found = 0; int found = 0;
int soc = 0; int soc = 0;
struct lsh_string *fingerprint; struct lsh_string *fingerprint;
{ {
struct lsh_string *tmp = ssh_cformat("%lzknown_hosts", getenv("HOME")); struct lsh_string *tmp = ssh_format("%lzknown_hosts", getenv("HOME"));
char *s = (char *)tmp->data; const char *s = lsh_get_cstring(tmp);
FILE *fd = fopen(s, "r"); FILE *fd = fopen(s, "r");
char buf[256]; char buf[256];
lsh_string_free(tmp); lsh_string_free(tmp);
@ -491,11 +465,11 @@ do_lsh_lookup(struct lookup_verifier *c,
= hash_string(self->hash, = hash_string(self->hash,
sexp_format(subject->key, SEXP_CANONICAL, 0), sexp_format(subject->key, SEXP_CANONICAL, 0),
1); 1);
fingerprint = ssh_cformat("%lfxS", fingerprint); fingerprint = ssh_format("%lfxS", fingerprint);
if ( !found ) { if ( !found ) {
soc = save_once_cancel1((char *)fingerprint->data); soc = save_once_cancel1(lsh_get_cstring(fingerprint));
} else { } else {
soc = save_once_cancel2((char *)fingerprint->data); soc = save_once_cancel2(lsh_get_cstring(fingerprint));
} }
lsh_string_free(fingerprint); lsh_string_free(fingerprint);
@ -590,70 +564,60 @@ make_lsh_host_db(struct spki_context *db,
return &res->super; return &res->super;
} }
/* Takes an spki_context as argument and returns a lookup_verifier */ /* Takes options and an spki_context as argument and returns a
static void * lookup_verifier */
do_lsh_verifier(struct command *s,
struct lsh_object *a, DEFINE_COMMAND2(lsh_verifier_command)
struct command_continuation *c, (struct command_2 *s UNUSED,
struct exception_handler *e UNUSED) struct lsh_object *a1,
struct lsh_object *a2,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(options_command, self, s); CAST(lsh_options, options, a1);
CAST_SUBTYPE(spki_context, db, a); CAST_SUBTYPE(spki_context, db, a2);
COMMAND_RETURN(c, make_lsh_host_db(db, COMMAND_RETURN(c, make_lsh_host_db(db,
self->options->super.tty, options->super.tty,
self->options->super.remote, options->super.remote,
self->options->sloppy, options->sloppy,
self->options->capture_file)); options->capture_file));
} }
/* Takes an options object as argument and returns a lookup_verifier */
DEFINE_COMMAND_SIMPLE(lsh_verifier_command, a) /* (login options public-keys connection) */
DEFINE_COMMAND2(lsh_login_command)
(struct command_2 *s UNUSED,
struct lsh_object *a1,
struct lsh_object *a2,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{ {
CAST(lsh_options, options, a); CAST(lsh_options, options, a1);
CAST_SUBTYPE(object_list, keys, a2);
return
& make_options_command(options,
do_lsh_verifier)->super;
}
/* list-of-public-keys -> login-command */
static void
do_lsh_login(struct command *s,
struct lsh_object *a,
struct command_continuation *c,
struct exception_handler *e UNUSED)
{
CAST(options_command, self, s);
CAST_SUBTYPE(object_list, keys, a);
struct client_userauth_method *password struct client_userauth_method *password
= make_client_password_auth(self->options->super.tty); = make_client_password_auth(options->super.tty);
/* FIXME: Perhaps we should try "none" only when using SRP. */
struct client_userauth_method *none
= make_client_none_auth();
COMMAND_RETURN(c, COMMAND_RETURN(c,
make_client_userauth make_client_userauth
(ssh_format("%lz", self->options->super.user), (ssh_format("%lz", options->super.user),
ATOM_SSH_CONNECTION, ATOM_SSH_CONNECTION,
(LIST_LENGTH(keys) (LIST_LENGTH(keys)
? make_object_list ? make_object_list
(2, (3,
none,
make_client_publickey_auth(keys), make_client_publickey_auth(keys),
password, password,
-1) -1)
: make_object_list(1, password, -1)))); : make_object_list(2, none, password, -1))));
} }
/* (login options public-keys connection) */
DEFINE_COMMAND_SIMPLE(lsh_login_command, a)
{
CAST(lsh_options, options, a);
return /* NOTE: options2identities can block for reading, so it must not be
&make_options_command(options,
do_lsh_login)->super;
}
/* NOTE: options2identities is a command_simple, so it must not be
* invoked directly. */ * invoked directly. */
/* Requests the ssh-userauth service, log in, and request connection /* Requests the ssh-userauth service, log in, and request connection
@ -667,8 +631,8 @@ DEFINE_COMMAND_SIMPLE(lsh_login_command, a)
(lambda (connection) (lambda (connection)
(lsh_login options (lsh_login options
; The prog1 delay is needed because options2identities is ; The prog1 delay is needed because options2identities
; not a command_simple. ; may not return immediately.
(options2identities (prog1 options connection)) (options2identities (prog1 options connection))
; Request the userauth service ; Request the userauth service
@ -718,7 +682,6 @@ const char *argp_program_bug_address = BUG_ADDRESS;
#define OPT_DH 0x206 #define OPT_DH 0x206
#define OPT_SRP 0x207 #define OPT_SRP 0x207
#define OPT_USERAUTH 0x208
#define OPT_STDIN 0x210 #define OPT_STDIN 0x210
#define OPT_STDOUT 0x211 #define OPT_STDOUT 0x211
@ -761,17 +724,24 @@ main_options[] =
{ "no-dh-keyexchange", OPT_DH | ARG_NOT, NULL, 0, "Disable DH support.", 0 }, { "no-dh-keyexchange", OPT_DH | ARG_NOT, NULL, 0, "Disable DH support.", 0 },
#if 0
{ "userauth", OPT_USERAUTH, NULL, 0, { "userauth", OPT_USERAUTH, NULL, 0,
"Request the ssh-userauth service (default, unless SRP is being used).", 0 }, "Request the ssh-userauth service (default, unless SRP is being used).", 0 },
{ "no-userauth", OPT_USERAUTH | ARG_NOT, NULL, 0, { "no-userauth", OPT_USERAUTH | ARG_NOT, NULL, 0,
"Request the ssh-userauth service (default if SRP is used).", 0 }, "Request the ssh-userauth service (default if SRP is used).", 0 },
#endif
/* ACtions */ /* Actions */
{ "forward-remote-port", 'R', "remote-port:target-host:target-port", { "forward-remote-port", 'R', "remote-port:target-host:target-port",
0, "", CLIENT_ARGP_ACTION_GROUP }, 0, "", CLIENT_ARGP_ACTION_GROUP },
#if !MACOS #if !MACOS
{ "gateway", 'G', NULL, 0, "Setup a local gateway", 0 }, { "gateway", 'G', NULL, 0, "Setup a local gateway", 0 },
#endif #endif
{ "x11-forward", 'x', NULL, 0, "Enable X11 forwarding.", CLIENT_ARGP_MODIFIER_GROUP },
{ "no-x11-forward", 'x' | ARG_NOT, NULL, 0,
"Disable X11 forwarding (default).", 0 },
{ NULL, 0, NULL, 0, NULL, 0 } { NULL, 0, NULL, 0, NULL, 0 }
}; };
@ -850,7 +820,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL; LIST(self->kex_algorithms)[i++] = ATOM_SRP_RING1_SHA1_LOCAL;
ALIST_SET(self->algorithms->algorithms, ALIST_SET(self->algorithms->algorithms,
ATOM_SRP_RING1_SHA1_LOCAL, ATOM_SRP_RING1_SHA1_LOCAL,
&make_srp_client(make_srp1(&self->random->super), &make_srp_client(make_srp1(&self->super.random->super),
self->super.tty, self->super.tty,
ssh_format("%lz", self->super.user)) ssh_format("%lz", self->super.user))
->super); ->super);
@ -861,7 +831,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1; LIST(self->kex_algorithms)[i++] = ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
ALIST_SET(self->algorithms->algorithms, ALIST_SET(self->algorithms->algorithms,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_dh_client(make_dh1(&self->random->super)) &make_dh_client(make_dh1(&self->super.random->super))
->super); ->super);
} }
} }
@ -869,49 +839,8 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
argp_error(state, "All keyexchange algorithms disabled."); argp_error(state, "All keyexchange algorithms disabled.");
{ {
struct command *perform_userauth = NULL;
/* NOTE: The default, self->with_userauth < 0, means that we
* should figure out the right thing automatically. */
if (self->with_userauth < 0)
{
/* Make the decision early, if possible. */
if (!self->with_srp_keyexchange)
/* We're not using SRP, so we request the
* ssh-userauth-service */
self->with_userauth = 1;
else if (!self->with_dh_keyexchange)
/* We're using SRP, and should not need any extra
* user authentication. */
self->with_userauth = 0;
}
if (self->with_userauth)
{
CAST_SUBTYPE(command, o, make_lsh_userauth(self)); CAST_SUBTYPE(command, o, make_lsh_userauth(self));
perform_userauth = o; self->service = o;
}
switch(self->with_userauth)
{
case 0:
self->service = &request_connection_service.super;
break;
case 1:
self->service = perform_userauth;
break;
case -1:
/* Examine the CONNECTION_SRP flag, later. */
self->service
= make_connection_if_srp(&request_connection_service.super,
perform_userauth);
default:
fatal("Internal error.\n");
}
assert(self->service);
} }
{ {
@ -923,11 +852,11 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
else if (self->sloppy) else if (self->sloppy)
{ {
#ifndef MACOS #ifndef MACOS
tmp = ssh_cformat("%lz/.lsh/captured_keys", self->home); tmp = ssh_format("%lz/.lsh/captured_keys", self->home);
#else #else
tmp = ssh_cformat("%lzcaptured_keys", self->home); tmp = ssh_format("%lzcaptured_keys", self->home);
#endif #endif
s = tmp->data; s = lsh_get_cstring(tmp);
} }
if (s) if (s)
{ {
@ -988,7 +917,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
} }
/* Start background poll */ /* Start background poll */
RANDOM_POLL_BACKGROUND(self->random->poller); RANDOM_POLL_BACKGROUND(self->super.random->poller);
break; break;
@ -1017,37 +946,6 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
CASE_FLAG(OPT_DH, with_dh_keyexchange); CASE_FLAG(OPT_DH, with_dh_keyexchange);
CASE_FLAG(OPT_SRP, with_srp_keyexchange); CASE_FLAG(OPT_SRP, with_srp_keyexchange);
CASE_FLAG(OPT_USERAUTH, with_userauth);
#if 0
case 'L':
{
UINT32 listen_port;
struct address_info *target;
#if MACOS
lshcontext *context = (lshcontext *)pthread_getspecific(ssh2threadkey);
#endif
if (!client_parse_forward_arg(arg, &listen_port, &target))
argp_error(state, "Invalid forward specification '%s'.", arg);
#if MACOS
if ( context ) {
context->_forward = 1;
context->_localport = listen_port;
}
#endif
client_add_action(&self->super, make_forward_local_port
(self->super.backend,
make_address_info((self->super.with_remote_peers
? NULL
: ssh_format("%lz", "127.0.0.1")),
listen_port),
target));
break;
}
#endif
case 'R': case 'R':
{ {
UINT32 listen_port; UINT32 listen_port;
@ -1071,6 +969,7 @@ main_argp_parser(int key, char *arg, struct argp_state *state)
#if !MACOS #if !MACOS
CASE_FLAG('G', start_gateway); CASE_FLAG('G', start_gateway);
#endif #endif
CASE_FLAG('x', super.with_x11);
} }
return 0; return 0;
@ -1109,21 +1008,20 @@ do_lsh_default_handler(struct exception_handler *s,
CAST_SUBTYPE(io_exception, exc, e); CAST_SUBTYPE(io_exception, exc, e);
*self->status = EXIT_FAILURE; *self->status = EXIT_FAILURE;
werror("lsh: %z, (errno = %i)\n", e->msg, exc->error); werror("%z, (errno = %i)\n", e->msg, exc->error);
} }
else else
switch(e->type) switch(e->type)
{ {
case EXC_RESOLVE: case EXC_RESOLVE:
case EXC_USERAUTH: case EXC_USERAUTH:
case EXC_SERVICE:
case EXC_SEXP_SYNTAX: case EXC_SEXP_SYNTAX:
case EXC_SPKI_TYPE: case EXC_SPKI_TYPE:
case EXC_GLOBAL_REQUEST: case EXC_GLOBAL_REQUEST:
case EXC_CHANNEL_REQUEST: case EXC_CHANNEL_REQUEST:
case EXC_CHANNEL_OPEN: case EXC_CHANNEL_OPEN:
werror("lsh: %z\n", e->msg); werror("%z\n", e->msg);
*self->status = EXIT_FAILURE; *self->status = EXIT_FAILURE;
break; break;
default: default:
@ -1199,10 +1097,10 @@ int main(int argc, char **argv)
make_handshake_info(CONNECTION_CLIENT, make_handshake_info(CONNECTION_CLIENT,
"lsh - a free ssh2 on MacOS9", NULL, "lsh - a free ssh2 on MacOS9", NULL,
SSH_MAX_PACKET, SSH_MAX_PACKET,
&options->random->super, &options->super.random->super,
options->algorithms->algorithms, options->algorithms->algorithms,
NULL), NULL),
make_simple_kexinit(&options->random->super, make_simple_kexinit(&options->super.random->super,
options->kex_algorithms, options->kex_algorithms,
options->algorithms->hostkey_algorithms, options->algorithms->hostkey_algorithms,
options->algorithms->crypto_algorithms, options->algorithms->crypto_algorithms,
@ -1223,15 +1121,17 @@ int main(int argc, char **argv)
* or not anybody is still using it. */ * or not anybody is still using it. */
close(STDOUT_FILENO); close(STDOUT_FILENO);
if (open("/dev/null", O_WRONLY) != STDOUT_FILENO) if (open("/dev/null", O_WRONLY) != STDOUT_FILENO)
werror("lsh: Strange: Final redirect of stdout to /dev/null failed.\n"); werror("Strange: Final redirect of stdout to /dev/null failed.\n");
#endif #endif
io_run(backend); io_run(backend);
/* FIXME: Perhaps we have to reset the stdio file descriptors to /* Close all files and other resources associated with the backend. */
* blocking mode? */ io_final(backend);
gc_final(); gc_final();
/* FIXME: Perhaps we have to reset the stdio file descriptors to
* blocking mode? */
return lsh_exit_code; return lsh_exit_code;
} }

View File

@ -29,7 +29,10 @@
#include "werror.h" #include "werror.h"
#include "charset.h" #include "charset.h"
#include "format.h" /* For format_size_in_decimal() */
/* For format_size_in_decimal */
#include "format.h"
#include "gc.h" #include "gc.h"
#include "io.h" #include "io.h"
#include "parse.h" #include "parse.h"
@ -43,6 +46,10 @@
#include <unistd.h> #include <unistd.h>
#endif #endif
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#if HAVE_SYSLOG_H #if HAVE_SYSLOG_H
#include <syslog.h> #include <syslog.h>
#endif #endif
@ -70,9 +77,11 @@ int syslog_flag = 0;
extern Boolean gLogStdIO; extern Boolean gLogStdIO;
extern int g_error_fd; extern int g_error_fd;
#endif #endif
static const char *program_name = NULL;
#define WERROR_TRACE -1 #define WERROR_TRACE -1
#define WERROR_DEBUG -2 #define WERROR_DEBUG -2
#define WERROR_LOG -3
static const struct argp_option static const struct argp_option
werror_options[] = werror_options[] =
@ -81,17 +90,23 @@ werror_options[] =
{ "verbose", 'v', NULL, 0, "Verbose diagnostic messages", 0}, { "verbose", 'v', NULL, 0, "Verbose diagnostic messages", 0},
{ "trace", WERROR_TRACE, NULL, 0, "Detailed trace", 0 }, { "trace", WERROR_TRACE, NULL, 0, "Detailed trace", 0 },
{ "debug", WERROR_DEBUG, NULL, 0, "Print huge amounts of debug information", 0 }, { "debug", WERROR_DEBUG, NULL, 0, "Print huge amounts of debug information", 0 },
{ "log-file", WERROR_LOG, "File name", 0,
"Append messages to this file.", 0},
{ NULL, 0, NULL, 0, NULL, 0 } { NULL, 0, NULL, 0, NULL, 0 }
}; };
static error_t static error_t
werror_argp_parser(int key, char *arg UNUSED, werror_argp_parser(int key, char *arg,
struct argp_state *state UNUSED) struct argp_state *state)
{ {
switch(key) switch(key)
{ {
default: default:
return ARGP_ERR_UNKNOWN; return ARGP_ERR_UNKNOWN;
case ARGP_KEY_END:
case ARGP_KEY_INIT:
program_name = state->name;
break;
case 'q': case 'q':
quiet_flag = 1; quiet_flag = 1;
break; break;
@ -104,6 +119,19 @@ werror_argp_parser(int key, char *arg UNUSED,
case WERROR_DEBUG: case WERROR_DEBUG:
debug_flag = 1; debug_flag = 1;
break; break;
case WERROR_LOG:
{
/* FIXME: For clients, this is right: We only get lsh-related
* messages to the log file, and child processes are not
* affected. But for the server, perhaps we should also dup
* the logfile over stderr? */
int fd = open(arg, O_WRONLY | O_CREAT | O_APPEND, 0666);
if (fd < 0)
argp_error(state, "Failed to open log file `%s'.", arg);
else
set_error_stream(fd);
}
} }
return 0; return 0;
} }
@ -132,24 +160,24 @@ static const struct exception *
static const struct exception * static const struct exception *
write_syslog(int fd UNUSED, UINT32 length, const UINT8 *data) write_syslog(int fd UNUSED, UINT32 length, const UINT8 *data)
{ {
struct lsh_string *s = make_cstring_l(length, data); struct lsh_string *s;
/* NOTE: make_cstring fails if the data contains any NUL characters. */ /* Data must not contain any NUL:s */
assert(s); assert(!memchr(data, '\0', length));
/* NUL-terminate the string. */
s = ssh_format("%ls", length, data);
#if 0
/* Make sure the message is properly terminated with \0. */
snprintf(string_buffer, MIN(BUF_SIZE, length), "%s", data);
#endif
/* FIXME: Should we use different log levels for werror, verbose and /* FIXME: Should we use different log levels for werror, verbose and
* debug? */ * debug? */
syslog(LOG_NOTICE, "%s", s->data); syslog(LOG_NOTICE, "%s", lsh_get_cstring(s));
lsh_string_free(s); lsh_string_free(s);
return NULL; return NULL;
} }
/* FIXME: Delete argument and use program_name. */
void void
set_error_syslog(const char *id) set_error_syslog(const char *id)
{ {
@ -169,7 +197,7 @@ write_ignore(int fd UNUSED,
{ return NULL; } { return NULL; }
void void
set_error_stream(int fd, int with_poll) set_error_stream(int fd)
{ {
lshcontext *context = (lshcontext *)pthread_getspecific(ssh2threadkey); lshcontext *context = (lshcontext *)pthread_getspecific(ssh2threadkey);
if ( !context ) { if ( !context ) {
@ -177,7 +205,14 @@ set_error_stream(int fd, int with_poll)
} }
error_fd = fd; error_fd = fd;
error_write = with_poll ? write_raw_with_poll : write_raw; error_write = write_raw;
}
void
set_error_nonblocking(int fd)
{
if (error_fd == fd)
error_write = write_raw_with_poll;
} }
int int
@ -194,6 +229,10 @@ dup_error_stream(void)
else else
{ {
int fd = dup(error_fd); int fd = dup(error_fd);
/* This function is used to get stderr away from the stdio fd
* range. In the unlikely event that dup returns an fd <=
* STDERR_FILENO, we treat that as an error. */
if (fd > STDERR_FILENO) if (fd > STDERR_FILENO)
{ {
io_set_close_on_exec(fd); io_set_close_on_exec(fd);
@ -413,6 +452,12 @@ werror_paranoia_putc(UINT8 c)
void void
werror_vformat(const char *f, va_list args) werror_vformat(const char *f, va_list args)
{ {
if (program_name)
{
werror_write(strlen(program_name), program_name);
werror_write(2, ": ");
}
while (*f) while (*f)
{ {
if (*f == '%') if (*f == '%')
@ -450,23 +495,11 @@ werror_vformat(const char *f, va_list args)
(do_hex ? werror_hex : werror_decimal)(va_arg(args, UINT32)); (do_hex ? werror_hex : werror_decimal)(va_arg(args, UINT32));
break; break;
case 'c': case 'c':
werror_putc(va_arg(args, int)); (do_paranoia ? werror_paranoia_putc : werror_putc)(va_arg(args, int));
break; break;
case 'n': case 'n':
werror_bignum(va_arg(args, MP_INT *), do_hex ? 16 : 10); werror_bignum(va_arg(args, MP_INT *), do_hex ? 16 : 10);
break; break;
case 'z':
{
char *s = va_arg(args, char *);
if (do_hex)
werror_hexdump(strlen(s), (unsigned char *)s);
while (*s)
(do_paranoia ? werror_paranoia_putc : werror_putc)(*s++);
break;
}
case 'a': case 'a':
{ {
int atom = va_arg(args, int); int atom = va_arg(args, int);
@ -543,9 +576,40 @@ werror_vformat(const char *f, va_list args)
if (do_free) if (do_free)
lsh_string_free(s); lsh_string_free(s);
}
break;
break;
}
case 't':
{
struct lsh_object *o = va_arg(args, struct lsh_object *);
const char *type;
if (!o)
type = "<NULL>";
else if (o->isa)
type = o->isa->name;
else
type = "<STATIC>";
werror_write(strlen(type), type);
break;
}
case 'z':
{
char *s = va_arg(args, char *);
if (do_hex)
werror_hexdump(strlen(s), s);
else if (do_paranoia)
while (*s)
werror_paranoia_putc(*s++);
else
werror_write(strlen(s), s);
break;
}
default: default:
fatal("werror_vformat: bad format string!\n"); fatal("werror_vformat: bad format string!\n");
break; break;
@ -564,13 +628,15 @@ werror(const char *format, ...)
if ( !context ) { if ( !context ) {
return; return;
} }
if (!context->_quiet_flag) /* It is somewhat reasonable to use both -q and -v. In this case
* werror()-messages should be displayed. */
if (context->_verbose_flag || !context->_quiet_flag)
{ {
if (gLogStdIO || (!context->_tracing && !context->_verbosing && !context->_debugging)) { if (gLogStdIO || (!context->_tracing && !context->_verbosing && !context->_debugging)) {
if (!gLogStdIO) { if (!gLogStdIO) {
werror_flush(); werror_flush();
/*set_error_stream(STDOUT_FILENO, 0);*/ /*set_error_stream(STDOUT_FILENO);*/
set_error_stream(g_error_fd, 0); set_error_stream(g_error_fd);
} }
} }
va_start(args, format); va_start(args, format);
@ -653,8 +719,8 @@ fatal(const char *format, ...)
if (context) if (context)
{ {
werror_flush(); werror_flush();
/*set_error_stream(STDOUT_FILENO, 0);*/ /*set_error_stream(STDOUT_FILENO);*/
set_error_stream(g_error_fd, 0); set_error_stream(g_error_fd);
va_start(args, format); va_start(args, format);
werror_vformat(format, args); werror_vformat(format, args);
va_end(args); va_end(args);