From e14cef8f772a6f73f05254ae220a3a83981ea753 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Tue, 31 Oct 2000 19:45:40 +0000 Subject: [PATCH] removed unnecessary ciphers. --- lib/silccrypt/Makefile.am | 2 +- lib/silccrypt/crypton.c | 298 -------------- lib/silccrypt/crypton.h | 137 ------- lib/silccrypt/crypton_internal.h | 39 -- lib/silccrypt/dfc.c | 410 ------------------- lib/silccrypt/dfc.h | 149 ------- lib/silccrypt/dfc_internal.h | 37 -- lib/silccrypt/e2.c | 378 ------------------ lib/silccrypt/e2.h | 146 ------- lib/silccrypt/e2_internal.h | 34 -- lib/silccrypt/loki.c | 287 -------------- lib/silccrypt/loki.h | 146 ------- lib/silccrypt/loki_internal.h | 37 -- lib/silccrypt/safer.c | 379 ------------------ lib/silccrypt/safer.h | 146 ------- lib/silccrypt/safer_internal.h | 38 -- lib/silccrypt/serpent.c | 657 ------------------------------- lib/silccrypt/serpent.h | 146 ------- lib/silccrypt/serpent_internal.h | 37 -- 19 files changed, 1 insertion(+), 3502 deletions(-) delete mode 100644 lib/silccrypt/crypton.c delete mode 100644 lib/silccrypt/crypton.h delete mode 100644 lib/silccrypt/crypton_internal.h delete mode 100644 lib/silccrypt/dfc.c delete mode 100644 lib/silccrypt/dfc.h delete mode 100644 lib/silccrypt/dfc_internal.h delete mode 100644 lib/silccrypt/e2.c delete mode 100644 lib/silccrypt/e2.h delete mode 100644 lib/silccrypt/e2_internal.h delete mode 100644 lib/silccrypt/loki.c delete mode 100644 lib/silccrypt/loki.h delete mode 100644 lib/silccrypt/loki_internal.h delete mode 100644 lib/silccrypt/safer.c delete mode 100644 lib/silccrypt/safer.h delete mode 100644 lib/silccrypt/safer_internal.h delete mode 100644 lib/silccrypt/serpent.c delete mode 100644 lib/silccrypt/serpent.h delete mode 100644 lib/silccrypt/serpent_internal.h diff --git a/lib/silccrypt/Makefile.am b/lib/silccrypt/Makefile.am index 5af41719..a1441d19 100644 --- a/lib/silccrypt/Makefile.am +++ b/lib/silccrypt/Makefile.am @@ -41,4 +41,4 @@ EXTRA_DIST = *.h INCLUDES = -I. -I.. -I../silccore -I../silcmath -I../silcske \ -I../silcsim -I../.. -I../silcutil -I../../includes \ - -I../silcmath/gmp + -I../silcmath/gmp -I../trq diff --git a/lib/silccrypt/crypton.c b/lib/silccrypt/crypton.c deleted file mode 100644 index dae0221a..00000000 --- a/lib/silccrypt/crypton.c +++ /dev/null @@ -1,298 +0,0 @@ -/* Modified for SILC. -Pekka */ - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* CRYPTON by Chae Hoon Lim of Future Systms Inc */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -/* Timing data for CRYPTON (crypton.c) - -128 bit key: -Key Setup: 531/1369 cycles (encrypt/decrypt) -Encrypt: 474 cycles = 54.0 mbits/sec -Decrypt: 474 cycles = 54.0 mbits/sec -Mean: 474 cycles = 54.0 mbits/sec - -192 bit key: -Key Setup: 539/1381 cycles (encrypt/decrypt) -Encrypt: 473 cycles = 54.1 mbits/sec -Decrypt: 470 cycles = 54.5 mbits/sec -Mean: 472 cycles = 54.3 mbits/sec - -256 bit key: -Key Setup: 552/1392 cycles (encrypt/decrypt) -Encrypt: 469 cycles = 54.6 mbits/sec -Decrypt: 483 cycles = 53.0 mbits/sec -Mean: 476 cycles = 53.8 mbits/sec - -*/ - -#include "silcincludes.h" -#include "crypton.h" - -#define gamma_tau(x,b,m,p,q) \ - (x) = (((u4byte)s_box[p][byte(b[0],m)] ) | \ - ((u4byte)s_box[q][byte(b[1],m)] << 8) | \ - ((u4byte)s_box[p][byte(b[2],m)] << 16) | \ - ((u4byte)s_box[q][byte(b[3],m)] << 24)) - -#define ma_0 0x3fcff3fc -#define ma_1 0xfc3fcff3 -#define ma_2 0xf3fc3fcf -#define ma_3 0xcff3fc3f - -#define mb_0 0xcffccffc -#define mb_1 0xf33ff33f -#define mb_2 0xfccffccf -#define mb_3 0x3ff33ff3 - -#define pi(b,n0,n1,n2,n3) \ - (((b)[0] & ma_##n0) ^ \ - ((b)[1] & ma_##n1) ^ \ - ((b)[2] & ma_##n2) ^ \ - ((b)[3] & ma_##n3)) - -#define phi_n(x,n0,n1,n2,n3) \ - ( (x) & mb_##n0) ^ \ - (rotl((x), 8) & mb_##n1) ^ \ - (rotl((x), 16) & mb_##n2) ^ \ - (rotl((x), 24) & mb_##n3) - -#define phi_00(x) phi_n(x,0,1,2,3) -#define phi_01(x) phi_n(x,3,0,1,2) -#define phi_02(x) phi_n(x,2,3,0,1) -#define phi_03(x) phi_n(x,1,2,3,0) - -#define phi_10(x) phi_n(x,3,0,1,2) -#define phi_11(x) phi_n(x,2,3,0,1) -#define phi_12(x) phi_n(x,1,2,3,0) -#define phi_13(x) phi_n(x,0,1,2,3) - -#define phi0(x,y) \ - (y)[0] = phi_00((x)[0]); \ - (y)[1] = phi_01((x)[1]); \ - (y)[2] = phi_02((x)[2]); \ - (y)[3] = phi_03((x)[3]) - -#define phi1(x,y) \ - (y)[0] = phi_10((x)[0]); \ - (y)[1] = phi_11((x)[1]); \ - (y)[2] = phi_12((x)[2]); \ - (y)[3] = phi_13((x)[3]) - -u1byte p_box[3][16] = -{ { 15, 9, 6, 8, 9, 9, 4, 12, 6, 2, 6, 10, 1, 3, 5, 15 }, - { 10, 15, 4, 7, 5, 2, 14, 6, 9, 3, 12, 8, 13, 1, 11, 0 }, - { 0, 4, 8, 4, 2, 15, 8, 13, 1, 1, 15, 7, 2, 11, 14, 15 } -}; - -u4byte tab_gen = 0; -u1byte s_box[2][256]; -u4byte s_tab[4][256]; - -void gen_tab(void) -{ u4byte i, xl, xr, yl, yr; - - for(i = 0; i < 256; ++i) - { - xl = (i & 0xf0) >> 4; xr = i & 15; - - yr = xr ^ p_box[1][xl ^ p_box[0][xr]]; - yl = xl ^ p_box[0][xr] ^ p_box[2][yr]; - - yr |= (yl << 4); s_box[0][i] = (u1byte)yr; s_box[1][yr] = (u1byte)i; - - xr = yr * 0x01010101; xl = i * 0x01010101; - - s_tab[0][ i] = xr & 0x3fcff3fc; - s_tab[1][yr] = xl & 0xfc3fcff3; - s_tab[2][ i] = xr & 0xf3fc3fcf; - s_tab[3][yr] = xl & 0xcff3fc3f; - } -}; - -/* initialise the key schedule from the user supplied key */ - -u4byte kp[4] = { 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f }; -u4byte kq[4] = { 0x9b05688c, 0x1f83d9ab, 0x5be0cd19, 0xcbbb9d5d }; - -#define h0_block(n,r0,r1) \ - e_key[4 * n + 8] = rotl(e_key[4 * n + 0], r0); \ - e_key[4 * n + 9] = rc ^ e_key[4 * n + 1]; \ - e_key[4 * n + 10] = rotl(e_key[4 * n + 2], r1); \ - e_key[4 * n + 11] = rc ^ e_key[4 * n + 3] - -#define h1_block(n,r0,r1) \ - e_key[4 * n + 8] = rc ^ e_key[4 * n + 0]; \ - e_key[4 * n + 9] = rotl(e_key[4 * n + 1], r0); \ - e_key[4 * n + 10] = rc ^ e_key[4 * n + 2]; \ - e_key[4 * n + 11] = rotl(e_key[4 * n + 3], r1) - -u4byte *crypton_set_key(CryptonContext *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u4byte i, rc, t0, t1, tmp[4]; - u4byte *e_key = ctx->l_key + 52; - u4byte *d_key = ctx->l_key; - - if(!tab_gen) - { - gen_tab(); tab_gen = 1; - } - - e_key[2] = e_key[3] = e_key[6] = e_key[7] = 0; - - switch((key_len + 63) / 64) - { - case 4: e_key[3] = in_key[6]; e_key[7] = in_key[7]; - case 3: e_key[2] = in_key[4]; e_key[6] = in_key[5]; - case 2: e_key[0] = in_key[0]; e_key[4] = in_key[1]; - e_key[1] = in_key[2]; e_key[5] = in_key[3]; - } - - tmp[0] = pi(e_key, 0, 1, 2, 3) ^ kp[0]; - tmp[1] = pi(e_key, 1, 2, 3, 0) ^ kp[1]; - tmp[2] = pi(e_key, 2, 3, 0, 1) ^ kp[2]; - tmp[3] = pi(e_key, 3, 0, 1, 2) ^ kp[3]; - - gamma_tau(e_key[0], tmp, 0, 0, 1); - gamma_tau(e_key[1], tmp, 1, 1, 0); - gamma_tau(e_key[2], tmp, 2, 0, 1); - gamma_tau(e_key[3], tmp, 3, 1, 0); - - tmp[0] = pi(e_key + 4, 1, 2, 3, 0) ^ kq[0]; - tmp[1] = pi(e_key + 4, 2, 3, 0, 1) ^ kq[1]; - tmp[2] = pi(e_key + 4, 3, 0, 1, 2) ^ kq[2]; - tmp[3] = pi(e_key + 4, 0, 1, 2, 3) ^ kq[3]; - - gamma_tau(e_key[4], tmp, 0, 1, 0); - gamma_tau(e_key[5], tmp, 1, 0, 1); - gamma_tau(e_key[6], tmp, 2, 1, 0); - gamma_tau(e_key[7], tmp, 3, 0, 1); - - t0 = e_key[0] ^ e_key[1] ^ e_key[2] ^ e_key[3]; - t1 = e_key[4] ^ e_key[5] ^ e_key[6] ^ e_key[7]; - - e_key[0] ^= t1; e_key[1] ^= t1; - e_key[2] ^= t1; e_key[3] ^= t1; - e_key[4] ^= t0; e_key[5] ^= t0; - e_key[6] ^= t0; e_key[7] ^= t0; - - rc = 0x01010101; - h0_block( 0, 8, 16); h1_block(1, 16, 24); rc <<= 1; - h1_block( 2, 24, 8); h0_block(3, 8, 16); rc <<= 1; - h0_block( 4, 16, 24); h1_block(5, 24, 8); rc <<= 1; - h1_block( 6, 8, 16); h0_block(7, 16, 24); rc <<= 1; - h0_block( 8, 24, 8); h1_block(9, 8, 16); rc <<= 1; - h1_block(10, 16, 24); - - for(i = 0; i < 13; ++i) - { - if(i & 1) - { - phi0(e_key + 4 * i, d_key + 48 - 4 * i); - } - else - { - phi1(e_key + 4 * i, d_key + 48 - 4 * i); - } - } - - phi1(d_key + 48, d_key + 48); - phi1(e_key + 48, e_key + 48); - - return l_key; -}; - -/* encrypt a block of text */ - -#define fr0(i,k) \ - b1[i] = s_tab[ (i) ][byte(b0[0],i)] ^ \ - s_tab[((i) + 1) & 3][byte(b0[1],i)] ^ \ - s_tab[((i) + 2) & 3][byte(b0[2],i)] ^ \ - s_tab[((i) + 3) & 3][byte(b0[3],i)] ^ (k) - -#define fr1(i,k) \ - b0[i] = s_tab[((i) + 1) & 3][byte(b1[0],i)] ^ \ - s_tab[((i) + 2) & 3][byte(b1[1],i)] ^ \ - s_tab[((i) + 3) & 3][byte(b1[2],i)] ^ \ - s_tab[(i) ][byte(b1[3],i)] ^ (k) - -#define f0_rnd(kp) \ - fr0(0,(kp)[0]); fr0(1,(kp)[1]); \ - fr0(2,(kp)[2]); fr0(3,(kp)[3]) - -#define f1_rnd(kp) \ - fr1(0,(kp)[0]); fr1(1,(kp)[1]); \ - fr1(2,(kp)[2]); fr1(3,(kp)[3]) - -void crypton_encrypt(CryptonContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte b0[4], b1[4]; - u4byte *e_key = ctx->l_key + 52; - u4byte *d_key = ctx->l_key; - - b0[0] = in_blk[0] ^ e_key[0]; - b0[1] = in_blk[1] ^ e_key[1]; - b0[2] = in_blk[2] ^ e_key[2]; - b0[3] = in_blk[3] ^ e_key[3]; - - f0_rnd(e_key + 4); f1_rnd(e_key + 8); - f0_rnd(e_key + 12); f1_rnd(e_key + 16); - f0_rnd(e_key + 20); f1_rnd(e_key + 24); - f0_rnd(e_key + 28); f1_rnd(e_key + 32); - f0_rnd(e_key + 36); f1_rnd(e_key + 40); - f0_rnd(e_key + 44); - - gamma_tau(b0[0], b1, 0, 1, 0); - gamma_tau(b0[1], b1, 1, 0, 1); - gamma_tau(b0[2], b1, 2, 1, 0); - gamma_tau(b0[3], b1, 3, 0, 1); - - out_blk[0] = b0[0] ^ e_key[48]; - out_blk[1] = b0[1] ^ e_key[49]; - out_blk[2] = b0[2] ^ e_key[50]; - out_blk[3] = b0[3] ^ e_key[51]; -}; - -/* decrypt a block of text */ - -void crypton_decrypt(CryptonContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte b0[4], b1[4]; - u4byte *e_key = ctx->l_key + 52; - u4byte *d_key = ctx->l_key; - - b0[0] = in_blk[0] ^ d_key[0]; - b0[1] = in_blk[1] ^ d_key[1]; - b0[2] = in_blk[2] ^ d_key[2]; - b0[3] = in_blk[3] ^ d_key[3]; - - f0_rnd(d_key + 4); f1_rnd(d_key + 8); - f0_rnd(d_key + 12); f1_rnd(d_key + 16); - f0_rnd(d_key + 20); f1_rnd(d_key + 24); - f0_rnd(d_key + 28); f1_rnd(d_key + 32); - f0_rnd(d_key + 36); f1_rnd(d_key + 40); - f0_rnd(d_key + 44); - - gamma_tau(b0[0], b1, 0, 1, 0); - gamma_tau(b0[1], b1, 1, 0, 1); - gamma_tau(b0[2], b1, 2, 1, 0); - gamma_tau(b0[3], b1, 3, 0, 1); - - out_blk[0] = b0[0] ^ d_key[48]; - out_blk[1] = b0[1] ^ d_key[49]; - out_blk[2] = b0[2] ^ d_key[50]; - out_blk[3] = b0[3] ^ d_key[51]; -}; diff --git a/lib/silccrypt/crypton.h b/lib/silccrypt/crypton.h deleted file mode 100644 index dc5a402c..00000000 --- a/lib/silccrypt/crypton.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - - crypton.h - - Author: Pekka Riikonen - - Copyright (C) 1999 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:54 priikone - * Initial revision - * - * - */ - -#ifndef CRYPTON_H -#define CRYPTON_H - -#include "crypton_internal.h" - -/* - * SILC Crypto API for Crypton - */ - -/* Sets the key for the cipher. */ - -SILC_CIPHER_API_SET_KEY(crypton) -{ - crypton_set_key((CryptonContext *)context, (unsigned int *)key, keylen); - return TRUE; -} - -/* Sets the string as a new key for the cipher. The string is first - hashed and then used as a new key. */ - -SILC_CIPHER_API_SET_KEY_WITH_STRING(crypton) -{ - SilcHash hash; - unsigned char key[16]; - - silc_hash_alloc("md5", &hash); - hash->make_hash(hash, string, stringlen, key); - - crypton_set_key((CryptonContext *)context, key, sizeof(key)); - - silc_hash_free(hash); - memset(&key, 'F', sizeof(key)); - - return TRUE; -} - -/* Returns the size of the cipher context. */ - -SILC_CIPHER_API_CONTEXT_LEN(crypton) -{ - return sizeof(CryptonContext); -} - -/* Encrypts with the cipher in CBC mode. */ - -SILC_CIPHER_API_ENCRYPT_CBC(crypton) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - crypton_encrypt((CryptonContext *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - crypton_encrypt((CryptonContext *)context, tmp, out); - in += 4; - out += 4; - } - - return TRUE; -} - -/* Decrypts with the cipher in CBC mode. */ - -SILC_CIPHER_API_DECRYPT_CBC(crypton) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - crypton_decrypt((CryptonContext *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - crypton_decrypt((CryptonContext *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return TRUE; -} - -#endif diff --git a/lib/silccrypt/crypton_internal.h b/lib/silccrypt/crypton_internal.h deleted file mode 100644 index 3dd79765..00000000 --- a/lib/silccrypt/crypton_internal.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - - crypton_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1999 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef CRYPTON_INTERNAL_H -#define CRYPTON_INTERNAL_H - -#include "ciphers_def.h" - -/* Cipher's context */ -typedef struct { - u4byte l_key[104]; -} CryptonContext; - -/* Prototypes */ -u4byte *crypton_set_key(CryptonContext *ctx, - const u4byte in_key[], const u4byte key_len); -void crypton_encrypt(CryptonContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); -void crypton_decrypt(CryptonContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); - -#endif diff --git a/lib/silccrypt/dfc.c b/lib/silccrypt/dfc.c deleted file mode 100644 index ba1449c2..00000000 --- a/lib/silccrypt/dfc.c +++ /dev/null @@ -1,410 +0,0 @@ -/* Modified for SILC. -Pekka */ - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* DFC designed by a team at CNRS and France Telecom */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ -/* */ -/* My thanks go to Serge Vaudenay of the Ecole Normale Superieure */ -/* for providing test vectors. This implementation has also been */ -/* tested with an independent implementation by Dr Russell Bradford */ -/* (Department of Mathematical Sciences, University of Bath, Bath, */ -/* UK) and checks out. My thanks go to Russell for his help in */ -/* comparing our implementations and finding bugs (and for help in */ -/* resolving 'endian' issues before test vectors became available). */ - -/* Timing data for DFC (dfc.c) - -Core timing without I/O endian conversion: - -Algorithm: dfc (dfc.c) - -128 bit key: -Key Setup: 5222 cycles -Encrypt: 1203 cycles = 21.3 mbits/sec -Decrypt: 1244 cycles = 20.6 mbits/sec -Mean: 1224 cycles = 20.9 mbits/sec - -192 bit key: -Key Setup: 5203 cycles -Encrypt: 1288 cycles = 19.9 mbits/sec -Decrypt: 1235 cycles = 20.7 mbits/sec -Mean: 1262 cycles = 20.3 mbits/sec - -256 bit key: -Key Setup: 5177 cycles -Encrypt: 1178 cycles = 21.7 mbits/sec -Decrypt: 1226 cycles = 20.9 mbits/sec -Mean: 1202 cycles = 21.3 mbits/sec - -Full timing with I/O endian conversion: - -128 bit key: -Key Setup: 5227 cycles -Encrypt: 1247 cycles = 20.5 mbits/sec -Decrypt: 1222 cycles = 20.9 mbits/sec -Mean: 1235 cycles = 20.7 mbits/sec - -192 bit key: -Key Setup: 5252 cycles -Encrypt: 1215 cycles = 21.1 mbits/sec -Decrypt: 1265 cycles = 20.2 mbits/sec -Mean: 1240 cycles = 20.6 mbits/sec - -256 bit key: -Key Setup: 5174 cycles -Encrypt: 1247 cycles = 20.5 mbits/sec -Decrypt: 1206 cycles = 21.2 mbits/sec -Mean: 1227 cycles = 20.9 mbits/sec - -*/ - -/* The EES string is as follows (the abstract contains an error in - the last line of this sequence which changes KC and KD): - - 0xb7e15162, 0x8aed2a6a, 0xbf715880, 0x9cf4f3c7, - 0x62e7160f, 0x38b4da56, 0xa784d904, 0x5190cfef, - 0x324e7738, 0x926cfbe5, 0xf4bf8d8d, 0x8c31d763, - 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, - - 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, - 0xd55c4d79, 0xfd5f24d6, 0x613c31c3, 0x839a2ddf, - 0x8a9a276b, 0xcfbfa1c8, 0x77c56284, 0xdab79cd4, - 0xc2b3293d, 0x20e9e5ea, 0xf02ac60a, 0xcc93ed87, - - 0x4422a52e, 0xcb238fee, 0xe5ab6add, 0x835fd1a0, - 0x753d0a8f, 0x78e537d2, 0xb95bb79d, 0x8dcaec64, - 0x2c1e9f23, 0xb829b5c2, 0x780bf387, 0x37df8bb3, - 0x00d01334, 0xa0d0bd86, 0x45cbfa73, 0xa6160ffe, - - 0x393c48cb, 0xbbca060f, 0x0ff8ec6d, 0x31beb5cc, - 0xeed7f2f0, 0xbb088017, 0x163bc60d, 0xf45a0ecb, - 0x1bcd289b, 0x06cbbfea, 0x21ad08e1, 0x847f3f73, - 0x78d56ced, 0x94640d6e, 0xf0d3d37b, 0xe67008e1, - - 0x86d1bf27, 0x5b9b241d, 0xeb64749a, 0x47dfdfb9, - - Where: - - EES = RT(0) | RT(1) | ... | RT(63) | KD | KC - - Note that the abstract describing DFC is written - in big endian notation with the most significant - digits of a sequence of digits placed at the low - index positions in arrays. This format is used - here and is only converted to machine format at - the point that maths is done on any numbers in - the round function. - - The key input is thus treated as an array of 32 - bit words numbered from 0..3, 0..5 or 0..7 - depending on key length. The first (leftmost) - bit of this key string as defined in the DFC - abstract is the most significant bit of word 0 - and the rightmost bit of this string is the least - signicant bit of the highest numbered key word. - - The input and output blocks for the cipher are - also treated as arrays of 32 bit words numbered - from 0..3. The most significant bit of word 0 is - the 1st (leftmost) bit of the 128 bit input string - and the least significant bit of word 3 is the - last (rightmost) bit. - - Note that the inputs, the output and the key are - in Intel little endian format when BYTE_SWAP is - defined -*/ - -#include -#include -#include "dfc_internal.h" - -/* The following arrays are all stored in big endian */ -/* format with 32 bit words at lower array positions */ -/* being more significant in multi-word values */ - -u4byte rt64[64] = -{ - 0xb7e15162, 0x8aed2a6a, 0xbf715880, 0x9cf4f3c7, - 0x62e7160f, 0x38b4da56, 0xa784d904, 0x5190cfef, - 0x324e7738, 0x926cfbe5, 0xf4bf8d8d, 0x8c31d763, - 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, - - 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, - 0xd55c4d79, 0xfd5f24d6, 0x613c31c3, 0x839a2ddf, - 0x8a9a276b, 0xcfbfa1c8, 0x77c56284, 0xdab79cd4, - 0xc2b3293d, 0x20e9e5ea, 0xf02ac60a, 0xcc93ed87, - - 0x4422a52e, 0xcb238fee, 0xe5ab6add, 0x835fd1a0, - 0x753d0a8f, 0x78e537d2, 0xb95bb79d, 0x8dcaec64, - 0x2c1e9f23, 0xb829b5c2, 0x780bf387, 0x37df8bb3, - 0x00d01334, 0xa0d0bd86, 0x45cbfa73, 0xa6160ffe, - - 0x393c48cb, 0xbbca060f, 0x0ff8ec6d, 0x31beb5cc, - 0xeed7f2f0, 0xbb088017, 0x163bc60d, 0xf45a0ecb, - 0x1bcd289b, 0x06cbbfea, 0x21ad08e1, 0x847f3f73, - 0x78d56ced, 0x94640d6e, 0xf0d3d37b, 0xe67008e1, -}; - -u4byte kc = 0xeb64749a; - -u4byte kd2[2] = -{ - 0x86d1bf27, 0x5b9b241d -}; - -u4byte ka2[6] = -{ - 0xb7e15162, 0x8aed2a6a, - 0xbf715880, 0x9cf4f3c7, - 0x62e7160f, 0x38b4da56, -}; - -u4byte kb2[6] = -{ - 0xa784d904, 0x5190cfef, - 0x324e7738, 0x926cfbe5, - 0xf4bf8d8d, 0x8c31d763, -}; - -u4byte ks8[8] = -{ 0xda06c80a, 0xbb1185eb, 0x4f7c7b57, 0x57f59584, - 0x90cfd47d, 0x7c19bb42, 0x158d9554, 0xf7b46bce, -}; - -#define lo(x) ((x) & 0x0000ffff) -#define hi(x) ((x) >> 16) - -#define mult_64(r,x,y) \ - x0 = lo(x[1]); x1 = hi(x[1]); x2 = lo(x[0]); x3 = hi(x[0]); \ - y0 = lo(y[1]); y1 = hi(y[1]); y2 = lo(y[0]); y3 = hi(y[0]); \ - t0 = x0 * y0; r[0] = lo(t0); c = hi(t0); \ - t0 = x0 * y1; t1 = x1 * y0; c += lo(t0) + lo(t1); \ - r[0] += (c << 16); c = hi(c) + hi(t0) + hi(t1); \ - t0 = x0 * y2; t1 = x1 * y1; t2 = x2 * y0; \ - c += lo(t0) + lo(t1) + lo(t2); r[1] = lo(c); \ - c = hi(c) + hi(t0) + hi(t1) + hi(t2); \ - t0 = x0 * y3; t1 = x1 * y2; t2 = x2 * y1; t3 = x3 * y0; \ - c += lo(t0) + lo(t1) + lo(t2) + lo(t3); r[1] += (c << 16); \ - c = hi(c) + hi(t0) + hi(t1) + hi(t2) + hi(t3); \ - t0 = x1 * y3; t1 = x2 * y2; t2 = x3 * y1; \ - c += lo(t0) + lo(t1) + lo(t2); r[2] = lo(c); \ - c = hi(c) + hi(t0) + hi(t1) + hi(t2); \ - t0 = x2 * y3; t1 = x3 * y2; c += lo(t0) + lo(t1); \ - r[2] += (c << 16); c = hi(c) + hi(t0) + hi(t1); \ - r[3] = c + x3 * y3 - -#define add_64(r,hi,lo) \ - if((r[0] += lo) < lo) \ - if(!++r[1]) \ - if(!++r[2]) \ - ++r[3]; \ - if((r[1] += hi) < hi) \ - if(!++r[2]) \ - ++r[3] - -#define mult_13(r) \ - c = 13 * lo((r)[0]); \ - d = hi((r)[0]); \ - (r)[0] = lo(c); \ - c = hi(c) + 13 * d; \ - (r)[0] += (c << 16); \ - c = hi(c) + 13 * lo((r)[1]); \ - d = hi((r)[1]); \ - (r)[1] = lo(c); \ - c = hi(c) + 13 * d; \ - (r)[1] += (c << 16); \ - (r)[2] = hi(c) - -/* Where necessary this is where conversion from big endian to */ -/* little endian format is performed. Since all the maths is */ -/* little endian care is needed when 64 bit blocks are being */ -/* used to get them in the right order by reversing the order */ -/* in which these are stored. This applies to the key array */ -/* which gives the two values A and B and to the constant KD. */ -/* Since the input and output blocks are big endian we also */ -/* have to invert the order of the 32 bit words in the 64 bit */ -/* blocks being processed. */ - -void r_fun(u4byte outp[2], const u4byte inp[2], const u4byte key[4]) -{ u4byte acc[5], x0, x1, x2, x3, y0, y1, y2, y3, t0, t1, t2, t3, c, d; - - mult_64(acc, inp, key); add_64(acc, key[2], key[3]); - - /* we need the value in the accumulator mod 2^64 + 13 so if */ - /* the accumulator value is hi * 2^64 + lo we need to find */ - /* a k value such that r = hi * 2^64 + lo - k * (2^64 + 13) */ - /* is 0 <= r < 2^64 + 13. We can see that k will be close */ - /* to hi in value - it may equal hi but will not be greater */ - /* and we can let k = hi - e with e >= 0 so that r is given */ - /* by r = e * (2^64 + 13) + lo - 13 * hi. If we compute the */ - /* lo - 13 * hi value, the overflow into the top 64 bits of */ - /* the accumulator has to be 'zeroed' by the e * (2^64 + 13)*/ - /* term and this sets the e value (in fact such an overlow */ - /* is only removed when the lower word is higher than 12). */ - - mult_13(acc + 2); /* multiply top of accumulator by 13 */ - - /* calculate lo - 13 * hi in acc[0] and acc[1] with any */ - /* overflow into top 64 bits in c */ - - d = acc[0]; acc[0] -= acc[2]; c = (acc[0] > d ? 1 : 0); - - d = acc[1]; acc[1] -= acc[3] + c; - c = (acc[1] > d ? 1 : (acc[1] == d ? c : 0)); - - c = 13 * (acc[4] + c); /* overflow into top 64 bits of acc */ - - if(((acc[0] += c) < c) && !(++acc[1])) - { - if(acc[0] > 12) - - acc[0] -= 13; - } - - /* do the confusion permutation */ - - d = acc[1] ^ kc; c = acc[0] ^ rt64[acc[1] >> 26]; - - c += kd2[0] + ((d += kd2[1]) < kd2[1] ? 1 : 0); - - outp[0] ^= c; outp[1] ^= d; -}; - -u4byte *dfc_set_key(DfcContext *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u4byte i, lk[32], rk[4]; - u4byte *l_key = ctx->l_key; - - for(i = 0; i < key_len / 32; ++i) - - lk[i] = io_swap(in_key[i]); - - /* pad the key with the KS array */ - - for(i = 0; i < 8 - key_len / 32; ++i) /* K|KS */ - - lk[i + key_len / 32] = ks8[i]; - - /* do the reordering of the key parameters */ - /* the OAP[1]|OBP[1]|OAP[2]... sequence is */ - /* at lk[0]... and the other at lk[16]... */ - - lk[18] = lk[5]; lk[19] = lk[2]; /* EBP */ - lk[16] = lk[1]; lk[17] = lk[6]; /* EAP */ - lk[ 2] = lk[4]; lk[ 3] = lk[3]; /* OBP */ - lk[ 0] = lk[0]; lk[ 1] = lk[7]; /* OAP */ - - /* create other elements using KA and KB */ - - for(i = 0; i < 6; i += 2) - { - lk[i + i + 4] = lk[ 0] ^ ka2[i]; /* OAP[i] ms */ - lk[i + i + 5] = lk[ 1] ^ ka2[i + 1]; /* OAP[i] ls */ - lk[i + i + 6] = lk[ 2] ^ kb2[i]; /* OBP[i] ms */ - lk[i + i + 7] = lk[ 3] ^ kb2[i + 1]; /* OBP[i] ls */ - lk[i + i + 20] = lk[16] ^ ka2[i]; /* EAP[i] ms */ - lk[i + i + 21] = lk[17] ^ ka2[i + 1]; /* EAP[i] ls */ - lk[i + i + 22] = lk[18] ^ kb2[i]; /* EBP[i] ms */ - lk[i + i + 23] = lk[19] ^ kb2[i + 1]; /* EBP[i] ls */ - } - - rk[0] = rk[1] = rk[2] = rk[3] = 0; - - /* do the 4 round key mixing encryption */ - - for(i = 0; i < 32; i += 8) - { - r_fun(rk, rk + 2, lk); /* R2|R1 */ - r_fun(rk + 2, rk, lk + 4); /* R2|R3 */ - r_fun(rk, rk + 2, lk + 8); /* R4|R3 */ - r_fun(rk + 2, rk, lk + 12); /* R4|R5 */ - - /* keep key in big endian format with */ - /* the most significant 32 bit words */ - /* first (lowest) in the key schedule */ - /* - note that the upper and lower 64 */ - /* bit blocks are in inverse order at */ - /* this point in the loop */ - - l_key[i + 0] = rk[2]; l_key[i + 1] = rk[3]; - l_key[i + 2] = rk[0]; l_key[i + 3] = rk[1]; - - r_fun(rk + 2, rk, lk + 16); /* R1|R2 */ - r_fun(rk, rk + 2, lk + 20); /* R3|R2 */ - r_fun(rk + 2, rk, lk + 24); /* R3|R4 */ - r_fun(rk, rk + 2, lk + 28); /* R5|R4 */ - - l_key[i + 4] = rk[0]; l_key[i + 5] = rk[1]; - l_key[i + 6] = rk[2]; l_key[i + 7] = rk[3]; - } - - return l_key; -}; - -void dfc_encrypt(DfcContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte blk[4]; - u4byte *l_key = ctx->l_key; - - /* the input/output format is big endian - */ - /* any reversals needed are performed when */ - /* maths is done in the round function */ - - blk[0] = io_swap(in_blk[0]); blk[1] = io_swap(in_blk[1]); - blk[2] = io_swap(in_blk[2]); blk[3] = io_swap(in_blk[3]); - - r_fun(blk, blk + 2, l_key + 0); /* R2|R1 */ - r_fun(blk + 2, blk, l_key + 4); /* R2|R3 */ - r_fun(blk, blk + 2, l_key + 8); /* R4|R3 */ - r_fun(blk + 2, blk, l_key + 12); /* R4|R5 */ - r_fun(blk, blk + 2, l_key + 16); /* R6|R5 */ - r_fun(blk + 2, blk, l_key + 20); /* R6|R7 */ - r_fun(blk, blk + 2, l_key + 24); /* R8|R7 */ - r_fun(blk + 2, blk, l_key + 28); /* R8|R9 */ - - /* swap order to obtain the result R9|R8 */ - - out_blk[0] = io_swap(blk[2]); out_blk[1] = io_swap(blk[3]); - out_blk[2] = io_swap(blk[0]); out_blk[3] = io_swap(blk[1]); -}; - -void dfc_decrypt(DfcContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte blk[4]; - u4byte *l_key = ctx->l_key; - - /* the input/output format is big endian - */ - /* any reversals needed are performed when */ - /* maths is done in the round function */ - - blk[0] = io_swap(in_blk[0]); blk[1] = io_swap(in_blk[1]); - blk[2] = io_swap(in_blk[2]); blk[3] = io_swap(in_blk[3]); - - r_fun(blk, blk + 2, l_key + 28); /* R7|R8 */ - r_fun(blk + 2, blk, l_key + 24); /* R7|R6 */ - r_fun(blk, blk + 2, l_key + 20); /* R5|R6 */ - r_fun(blk + 2, blk, l_key + 16); /* R5|R4 */ - r_fun(blk, blk + 2, l_key + 12); /* R3|R4 */ - r_fun(blk + 2, blk, l_key + 8); /* R3|R2 */ - r_fun(blk, blk + 2, l_key + 4); /* R1|R2 */ - r_fun(blk + 2, blk, l_key ); /* R1|R0 */ - - /* swap order to obtain the result R1|R0 */ - - out_blk[0] = io_swap(blk[2]); out_blk[1] = io_swap(blk[3]); - out_blk[2] = io_swap(blk[0]); out_blk[3] = io_swap(blk[1]); -}; diff --git a/lib/silccrypt/dfc.h b/lib/silccrypt/dfc.h deleted file mode 100644 index 97c25d52..00000000 --- a/lib/silccrypt/dfc.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - - dfc.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:54 priikone - * Initial revision - * - * - */ - -#ifndef DFC_H -#define DFC_H - -#include "dfc_internal.h" - -/* - * SILC Crypto API for DFC - */ - -/* Sets the key for the cipher. */ - -inline int silc_dfc_init(void *context, - const unsigned char *key, - unsigned int keylen) -{ - dfc_set_key((DfcContext *)context, (unsigned int *)key, keylen); - return 1; -} - -/* Sets the string as a new key for the cipher. The string is first - hashed and then used as a new key. */ - -inline int silc_dfc_set_string_as_key(void *context, - const unsigned char *string, - unsigned int keylen) -{ - /* SilcHash hash; - unsigned char key[16]; - - silc_hash_alloc("md5", &hash); - hash->make_hash(hash, string, stringlen, key); - - dfc_set_key((DfcContext *)context, key, sizeof(key)); - - silc_hash_free(hash); - memset(&key, 'F', sizeof(key)); - */ - return TRUE; -} - -/* Returns the size of the cipher context. */ - -inline unsigned int silc_dfc_context_len() -{ - return sizeof(DfcContext); -} - -/* Encrypts with the cipher in CBC mode. */ - -inline int silc_dfc_encrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - unsigned int len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - dfc_encrypt((DfcContext *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - dfc_encrypt((DfcContext *)context, tmp, out); - in += 4; - out += 4; - } - - return 1; -} - -/* Decrypts with the cipher in CBC mode. */ - -inline int silc_dfc_decrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - unsigned int len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - dfc_decrypt((DfcContext *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - dfc_decrypt((DfcContext *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return 1; -} - -#endif diff --git a/lib/silccrypt/dfc_internal.h b/lib/silccrypt/dfc_internal.h deleted file mode 100644 index 5ab4e0ab..00000000 --- a/lib/silccrypt/dfc_internal.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - - dfc_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef DFC_INTERNAL_H -#define DFC_INTERNAL_H - -/* Cipher's context */ -typedef struct { - u4byte l_key[32]; -} DfcContext; - -/* Prototypes */ -u4byte *dfc_set_key(DfcContext *ctx, - const u4byte in_key[], const u4byte key_len); -void dfc_encrypt(DfcContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); -void dfc_decrypt(DfcContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); - -#endif diff --git a/lib/silccrypt/e2.c b/lib/silccrypt/e2.c deleted file mode 100644 index 8cc8acdd..00000000 --- a/lib/silccrypt/e2.c +++ /dev/null @@ -1,378 +0,0 @@ -/* Modified for SILC. -Pekka */ - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* E2 by Nippon Telegraph and Telephone (NTT) Japan */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ -/* */ -/* In accordance with the wishes of NTT this implementation is made */ -/* available for academic and study purposes only. I gratefully */ -/* acknowledge the contributions made by Kazumaro Aoki of NTT Japan */ -/* for ways to increase the speed of this implementation. */ - -/* Timing data for E2 (e28.c) - -Core timing without I/O endian conversion: - -128 bit key: -Key Setup: 9473 cycles -Encrypt: 687 cycles = 37.3 mbits/sec -Decrypt: 691 cycles = 37.0 mbits/sec -Mean: 689 cycles = 37.2 mbits/sec - -192 bit key: -Key Setup: 9540 cycles -Encrypt: 696 cycles = 36.8 mbits/sec -Decrypt: 693 cycles = 36.9 mbits/sec -Mean: 695 cycles = 36.9 mbits/sec - -256 bit key: -Key Setup: 9913 cycles -Encrypt: 691 cycles = 37.0 mbits/sec -Decrypt: 706 cycles = 36.3 mbits/sec -Mean: 699 cycles = 36.6 mbits/sec - -Full timing with I/O endian conversion: - -128 bit key: -Key Setup: 9598 cycles -Encrypt: 730 cycles = 35.1 mbits/sec -Decrypt: 723 cycles = 35.4 mbits/sec -Mean: 727 cycles = 35.2 mbits/sec - -192 bit key: -Key Setup: 9393 cycles -Encrypt: 730 cycles = 35.1 mbits/sec -Decrypt: 720 cycles = 35.6 mbits/sec -Mean: 725 cycles = 35.3 mbits/sec - -256 bit key: -Key Setup: 9720 cycles -Encrypt: 727 cycles = 35.2 mbits/sec -Decrypt: 721 cycles = 35.5 mbits/sec -Mean: 724 cycles = 35.4 mbits/sec - -*/ - -#include -#include -#include "e2_internal.h" - -u1byte s_box[] = -{ - 0xe1, 0x42, 0x3e, 0x81, 0x4e, 0x17, 0x9e, 0xfd, 0xb4, 0x3f, 0x2c, 0xda, - 0x31, 0x1e, 0xe0, 0x41, 0xcc, 0xf3, 0x82, 0x7d, 0x7c, 0x12, 0x8e, 0xbb, - 0xe4, 0x58, 0x15, 0xd5, 0x6f, 0xe9, 0x4c, 0x4b, 0x35, 0x7b, 0x5a, 0x9a, - 0x90, 0x45, 0xbc, 0xf8, 0x79, 0xd6, 0x1b, 0x88, 0x02, 0xab, 0xcf, 0x64, - 0x09, 0x0c, 0xf0, 0x01, 0xa4, 0xb0, 0xf6, 0x93, 0x43, 0x63, 0x86, 0xdc, - 0x11, 0xa5, 0x83, 0x8b, 0xc9, 0xd0, 0x19, 0x95, 0x6a, 0xa1, 0x5c, 0x24, - 0x6e, 0x50, 0x21, 0x80, 0x2f, 0xe7, 0x53, 0x0f, 0x91, 0x22, 0x04, 0xed, - 0xa6, 0x48, 0x49, 0x67, 0xec, 0xf7, 0xc0, 0x39, 0xce, 0xf2, 0x2d, 0xbe, - 0x5d, 0x1c, 0xe3, 0x87, 0x07, 0x0d, 0x7a, 0xf4, 0xfb, 0x32, 0xf5, 0x8c, - 0xdb, 0x8f, 0x25, 0x96, 0xa8, 0xea, 0xcd, 0x33, 0x65, 0x54, 0x06, 0x8d, - 0x89, 0x0a, 0x5e, 0xd9, 0x16, 0x0e, 0x71, 0x6c, 0x0b, 0xff, 0x60, 0xd2, - 0x2e, 0xd3, 0xc8, 0x55, 0xc2, 0x23, 0xb7, 0x74, 0xe2, 0x9b, 0xdf, 0x77, - 0x2b, 0xb9, 0x3c, 0x62, 0x13, 0xe5, 0x94, 0x34, 0xb1, 0x27, 0x84, 0x9f, - 0xd7, 0x51, 0x00, 0x61, 0xad, 0x85, 0x73, 0x03, 0x08, 0x40, 0xef, 0x68, - 0xfe, 0x97, 0x1f, 0xde, 0xaf, 0x66, 0xe8, 0xb8, 0xae, 0xbd, 0xb3, 0xeb, - 0xc6, 0x6b, 0x47, 0xa9, 0xd8, 0xa7, 0x72, 0xee, 0x1d, 0x7e, 0xaa, 0xb6, - 0x75, 0xcb, 0xd4, 0x30, 0x69, 0x20, 0x7f, 0x37, 0x5b, 0x9d, 0x78, 0xa3, - 0xf1, 0x76, 0xfa, 0x05, 0x3d, 0x3a, 0x44, 0x57, 0x3b, 0xca, 0xc7, 0x8a, - 0x18, 0x46, 0x9c, 0xbf, 0xba, 0x38, 0x56, 0x1a, 0x92, 0x4d, 0x26, 0x29, - 0xa2, 0x98, 0x10, 0x99, 0x70, 0xa0, 0xc5, 0x28, 0xc1, 0x6d, 0x14, 0xac, - 0xf9, 0x5f, 0x4f, 0xc4, 0xc3, 0xd1, 0xfc, 0xdd, 0xb2, 0x59, 0xe6, 0xb5, - 0x36, 0x52, 0x4a, 0x2a -}; - -u4byte l_box[4][256]; -u4byte lb_init = 0; - -#define v_0 0x67452301 -#define v_1 0xefcdab89 - -/* s_fun(s_fun(s_fun(v))) */ - -#define k2_0 0x30d32e58 -#define k2_1 0xb89e4984 - -/* s_fun(s_fun(s_fun(s_fun(v)))) */ - -#define k3_0 0x0957cfec -#define k3_1 0xd800502e - -#define bp_fun(a,b,c,d,e,f,g,h) \ - u = (e ^ g) & 0x00ffff00; \ - v = (f ^ h) & 0x0000ffff; \ - a = e ^ u; c = g ^ u; \ - b = f ^ v; d = h ^ v - -#define ibp_fun(a,b,c,d,e,f,g,h) \ - u = (e ^ g) & 0xff0000ff; \ - v = (f ^ h) & 0xffff0000; \ - a = e ^ u; c = g ^ u; \ - b = f ^ v; d = h ^ v - -#define bp2_fun(x,y) \ - w = (x ^ y) & 0x00ff00ff; \ - x ^= w; y ^= w; \ - -#define s_fun(x,y) \ - p = x; q = x >> 8; \ - r = y; s = y >> 8; \ - x = l_box[0][r & 255]; \ - y = l_box[0][p & 255]; \ - p >>= 16; r >>= 16; \ - x |= l_box[1][q & 255]; \ - y |= l_box[1][s & 255]; \ - x |= l_box[2][r & 255]; \ - y |= l_box[2][p & 255]; \ - x |= l_box[3][p >> 8]; \ - y |= l_box[3][r >> 8] - -#define sx_fun(x,y) \ - p = x >> 8; \ - q = x >> 16; \ - x = l_box[0][x & 255]; \ - x |= l_box[1][p & 255]; \ - x |= l_box[2][q & 255]; \ - x |= l_box[3][q >> 8]; \ - p = y >> 8; \ - q = y >> 16; \ - y = l_box[0][y & 255]; \ - y |= l_box[1][p & 255]; \ - y |= l_box[2][q & 255]; \ - y |= l_box[3][q >> 8] - -#define spx_fun(x,y) \ - sx_fun(x,y); \ - y ^= x; \ - x ^= rotr(y, 16); \ - y ^= rotr(x, 8); \ - x ^= y - -#define sp_fun(x,y) \ - s_fun(x,y); \ - y ^= x; \ - x ^= rotr(y, 16); \ - y ^= rotr(x, 8); \ - x ^= y - -#define sr_fun(x,y) \ - p = x; q = x >> 8; \ - r = y; s = y >> 8; \ - y = l_box[1][p & 255]; \ - x = l_box[1][r & 255]; \ - p >>= 16; r >>= 16; \ - x |= l_box[2][q & 255]; \ - y |= l_box[2][s & 255]; \ - y |= l_box[3][p & 255]; \ - x |= l_box[3][r & 255]; \ - x |= l_box[0][r >> 8]; \ - y |= l_box[0][p >> 8] - -#define f_fun(a,b,c,d,k) \ - u = c ^ *(k); v = d ^ *(k + 1); \ - sp_fun(u, v); \ - u ^= *(k + 2); v ^= *(k + 3); \ - sr_fun(u, v); \ - a ^= v; \ - b ^= u - -#define byte_adr(x,n) *(((u1byte*)&x)+n) - -u4byte mod_inv(u4byte x) -{ u4byte y1, y2, a, b, q; - - y1 = ~((-x) / x); y2 = 1; - - a = x; b = y1 * x; - - for(;;) - { - q = a / b; - - if((a -= q * b) == 0) - - return (x * y1 == 1 ? y1 : -y1); - - y2 -= q * y1; - - q = b / a; - - if((b -= q * a) == 0) - - return (x * y2 == 1 ? y2 : -y2); - - y1 -= q * y2; - } -}; - -void g_fun(u4byte y[8], u4byte l[8], u4byte v[2]) -{ u4byte p,q; - - spx_fun(y[0], y[1]); spx_fun(v[0], v[1]); - l[0] = v[0] ^= y[0]; l[1] = v[1] ^= y[1]; - - spx_fun(y[2], y[3]); spx_fun(v[0], v[1]); - l[2] = v[0] ^= y[2]; l[3] = v[1] ^= y[3]; - - spx_fun(y[4], y[5]); spx_fun(v[0], v[1]); - l[4] = v[0] ^= y[4]; l[5] = v[1] ^= y[5]; - - spx_fun(y[6], y[7]); spx_fun(v[0], v[1]); - l[6] = v[0] ^= y[6]; l[7] = v[1] ^= y[7]; -}; - -u4byte *e2_set_key(E2Context *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u4byte lk[8], v[2], lout[8]; - u4byte i, j, k, w; - u4byte *l_key = ctx->l_key; - - if(!lb_init) - { - for(i = 0; i < 256; ++i) - { - l_box[0][i] = ((u4byte)(s_box[i])); - l_box[1][i] = ((u4byte)(s_box[i])) << 8; - l_box[2][i] = ((u4byte)(s_box[i])) << 16; - l_box[3][i] = ((u4byte)(s_box[i])) << 24; - } - - lb_init = 1; - } - - v[0] = bswap(v_0); v[1] = bswap(v_1); - - lk[0] = io_swap(in_key[0]); lk[1] = io_swap(in_key[1]); - lk[2] = io_swap(in_key[2]); lk[3] = io_swap(in_key[3]); - - lk[4] = io_swap(key_len > 128 ? in_key[4] : k2_0); - lk[5] = io_swap(key_len > 128 ? in_key[5] : k2_1); - - lk[6] = io_swap(key_len > 192 ? in_key[6] : k3_0); - lk[7] = io_swap(key_len > 192 ? in_key[7] : k3_1); - - g_fun(lk, lout, v); - - for(i = 0; i < 8; ++i) - { - g_fun(lk, lout, v); - - for(j = 0; j < 4; ++j) - { - // this is complex because of a byte swap in each 32 bit output word - - k = 2 * (48 - 16 * j + 2 * (i / 2) - i % 2); - - ((u1byte*)l_key)[k + 3] = ((u1byte*)lout)[j]; - ((u1byte*)l_key)[k + 2] = ((u1byte*)lout)[j + 16]; - - ((u1byte*)l_key)[k + 19] = ((u1byte*)lout)[j + 8]; - ((u1byte*)l_key)[k + 18] = ((u1byte*)lout)[j + 24]; - - ((u1byte*)l_key)[k + 131] = ((u1byte*)lout)[j + 4]; - ((u1byte*)l_key)[k + 130] = ((u1byte*)lout)[j + 20]; - - ((u1byte*)l_key)[k + 147] = ((u1byte*)lout)[j + 12]; - ((u1byte*)l_key)[k + 146] = ((u1byte*)lout)[j + 28]; - } - } - - for(i = 52; i < 60; ++i) - { - l_key[i] |= 1; l_key[i + 12] = mod_inv(l_key[i]); - } - - for(i = 0; i < 48; i += 4) - { - bp2_fun(l_key[i], l_key[i + 1]); - } - - return (u4byte*)&l_key; -}; - -void e2_encrypt(E2Context *ctx, const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte a,b,c,d,p,q,r,s,u,v; - u4byte *l_key = ctx->l_key; - - p = io_swap(in_blk[0]); q = io_swap(in_blk[1]); - r = io_swap(in_blk[2]); s = io_swap(in_blk[3]); - - p ^= l_key[48]; q ^= l_key[49]; r ^= l_key[50]; s ^= l_key[51]; - p *= l_key[52]; q *= l_key[53]; r *= l_key[54]; s *= l_key[55]; - - bp_fun(a, b, c, d, p, q, r, s); - - f_fun(a, b, c, d, l_key); - f_fun(c, d, a, b, l_key + 4); - f_fun(a, b, c, d, l_key + 8); - f_fun(c, d, a, b, l_key + 12); - f_fun(a, b, c, d, l_key + 16); - f_fun(c, d, a, b, l_key + 20); - f_fun(a, b, c, d, l_key + 24); - f_fun(c, d, a, b, l_key + 28); - f_fun(a, b, c, d, l_key + 32); - f_fun(c, d, a, b, l_key + 36); - f_fun(a, b, c, d, l_key + 40); - f_fun(c, d, a, b, l_key + 44); - - ibp_fun(p, q, r, s, a, b, c, d); - - p *= l_key[68]; q *= l_key[69]; r *= l_key[70]; s *= l_key[71]; - p ^= l_key[60]; q ^= l_key[61]; r ^= l_key[62]; s ^= l_key[63]; - - out_blk[0] = io_swap(p); out_blk[1] = io_swap(q); - out_blk[2] = io_swap(r); out_blk[3] = io_swap(s); -}; - -void e2_decrypt(E2Context *ctx, const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte a,b,c,d,p,q,r,s,u,v; - u4byte *l_key = ctx->l_key; - - p = io_swap(in_blk[0]); q = io_swap(in_blk[1]); - r = io_swap(in_blk[2]); s = io_swap(in_blk[3]); - - p ^= l_key[60]; q ^= l_key[61]; r ^= l_key[62]; s ^= l_key[63]; - p *= l_key[56]; q *= l_key[57]; r *= l_key[58]; s *= l_key[59]; - - bp_fun(a, b, c, d, p, q, r, s); - - f_fun(a, b, c, d, l_key + 44); - f_fun(c, d, a, b, l_key + 40); - - f_fun(a, b, c, d, l_key + 36); - f_fun(c, d, a, b, l_key + 32); - - f_fun(a, b, c, d, l_key + 28); - f_fun(c, d, a, b, l_key + 24); - - f_fun(a, b, c, d, l_key + 20); - f_fun(c, d, a, b, l_key + 16); - - f_fun(a, b, c, d, l_key + 12); - f_fun(c, d, a, b, l_key + 8); - - f_fun(a, b, c, d, l_key + 4); - f_fun(c, d, a, b, l_key); - - ibp_fun(p, q, r, s, a, b, c, d); - - p *= l_key[64]; q *= l_key[65]; r *= l_key[66]; s *= l_key[67]; - p ^= l_key[48]; q ^= l_key[49]; r ^= l_key[50]; s ^= l_key[51]; - - out_blk[0] = io_swap(p); out_blk[1] = io_swap(q); - out_blk[2] = io_swap(r); out_blk[3] = io_swap(s); -}; diff --git a/lib/silccrypt/e2.h b/lib/silccrypt/e2.h deleted file mode 100644 index 173af143..00000000 --- a/lib/silccrypt/e2.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - - e2.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:54 priikone - * Initial revision - * - * - */ - -#ifndef E2_H -#define E2_H - -#include "e2_internal.h" - -/* - * SILC Crypto API for E2 - */ - -/* Sets the key for the cipher. */ - -inline int silc_e2_init(void *context, - const unsigned char *key, - size_t keylen) -{ - e2_set_key((E2Context *)context, (unsigned int *)key, keylen); - return 1; -} - -/* Sets the string as a new key for the cipher. The string is first - hashed and then used as a new key. */ - -inline int silc_e2_set_string_as_key(void *context, - const unsigned char *string, - size_t keylen) -{ - /* unsigned char key[md5_hash_len]; - SilcMarsContext *ctx = (SilcMarsContext *)context; - - make_md5_hash(string, &key); - memcpy(&ctx->key, mars_set_key(&key, keylen), keylen); - memset(&key, 'F', sizeoof(key)); - */ - - return 1; -} - -/* Returns the size of the cipher context. */ - -inline size_t silc_e2_context_len() -{ - return sizeof(E2Context); -} - -/* Encrypts with the cipher in CBC mode. */ - -inline int silc_e2_encrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - e2_encrypt((E2Context *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - e2_encrypt((E2Context *)context, tmp, out); - in += 4; - out += 4; - } - - return 1; -} - -/* Decrypts with the cipher in CBC mode. */ - -inline int silc_e2_decrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - e2_decrypt((E2Context *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - e2_decrypt((E2Context *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return 1; -} - -#endif diff --git a/lib/silccrypt/e2_internal.h b/lib/silccrypt/e2_internal.h deleted file mode 100644 index 446b0a1b..00000000 --- a/lib/silccrypt/e2_internal.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - - e2_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef E2_INTERNAL_H -#define E2_INTERNAL_H - -typedef struct { - u4byte l_key[72]; -} E2Context; - -/* Prototypes */ -u4byte *e2_set_key(E2Context *ctx, - const u4byte in_key[], const u4byte key_len); -void e2_encrypt(E2Context *ctx, const u4byte in_blk[4], u4byte out_blk[4]); -void e2_decrypt(E2Context *ctx, const u4byte in_blk[4], u4byte out_blk[4]); - -#endif diff --git a/lib/silccrypt/loki.c b/lib/silccrypt/loki.c deleted file mode 100644 index c326f27a..00000000 --- a/lib/silccrypt/loki.c +++ /dev/null @@ -1,287 +0,0 @@ -/* Modified for SILC. -Pekka */ - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* LOKI97 by Brown and Pieprzyk */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -/* Timing data for LOKI97 (loki.c) - -Core timing without I/O endian conversion: - -128 bit key: -Key Setup: 7430 cycles -Encrypt: 2134 cycles = 12.0 mbits/sec -Decrypt: 2192 cycles = 11.7 mbits/sec -Mean: 2163 cycles = 11.8 mbits/sec - -192 bit key: -Key Setup: 7303 cycles -Encrypt: 2138 cycles = 12.0 mbits/sec -Decrypt: 2189 cycles = 11.7 mbits/sec -Mean: 2164 cycles = 11.8 mbits/sec - -256 bit key: -Key Setup: 7166 cycles -Encrypt: 2131 cycles = 12.0 mbits/sec -Decrypt: 2184 cycles = 11.7 mbits/sec -Mean: 2158 cycles = 11.9 mbits/sec - -Full timing with I/O endian conversion: - -128 bit key: -Key Setup: 7582 cycles -Encrypt: 2174 cycles = 11.8 mbits/sec -Decrypt: 2235 cycles = 11.5 mbits/sec -Mean: 2205 cycles = 11.6 mbits/sec - -192 bit key: -Key Setup: 7477 cycles -Encrypt: 2167 cycles = 11.8 mbits/sec -Decrypt: 2223 cycles = 11.5 mbits/sec -Mean: 2195 cycles = 11.7 mbits/sec - -256 bit key: -Key Setup: 7365 cycles -Encrypt: 2177 cycles = 11.8 mbits/sec -Decrypt: 2194 cycles = 11.7 mbits/sec -Mean: 2186 cycles = 11.7 mbits/sec - -*/ - -#include -#include -#include "loki_internal.h" - -#define S1_SIZE 13 -#define S1_LEN (1 << S1_SIZE) -#define S1_MASK (S1_LEN - 1) -#define S1_HMASK (S1_MASK & ~0xff) -#define S1_POLY 0x2911 - -#define S2_SIZE 11 -#define S2_LEN (1 << S2_SIZE) -#define S2_MASK (S2_LEN - 1) -#define S2_HMASK (S2_MASK & ~0xff) -#define S2_POLY 0x0aa7 - -#define io_swap(x) ((x)) - -u4byte delta[2] = { 0x7f4a7c15, 0x9e3779b9 }; - -u1byte sb1[S1_LEN]; // GF(2^11) S box -u1byte sb2[S2_LEN]; // GF(2^11) S box -u4byte prm[256][2]; -u4byte init_done = 0; - -#define add_eq(x,y) (x)[1] += (y)[1] + (((x)[0] += (y)[0]) < (y)[0] ? 1 : x) -#define sub_eq(x,y) xs = (x)[0]; (x)[1] -= (y)[1] + (((x)[0] -= (y)[0]) > xs ? 1 : 0) - -u4byte ff_mult(u4byte a, u4byte b, u4byte tpow, u4byte mpol) -{ u4byte r, s, m; - - r = s = 0; m = (1 << tpow); - - while(b) - { - if(b & 1) - - s ^= a; - - b >>= 1; a <<= 1; - - if(a & m) - - a ^= mpol; - } - - return s; -}; - -void init_tables(void) -{ u4byte i, j, v; - - // initialise S box 1 - - for(i = 0; i < S1_LEN; ++i) - { - j = v = i ^ S1_MASK; v = ff_mult(v, j, S1_SIZE, S1_POLY); - sb1[i] = (u1byte)ff_mult(v, j, S1_SIZE, S1_POLY); - } - // initialise S box 2 - - for(i = 0; i < S2_LEN; ++i) - { - j = v = i ^ S2_MASK; v = ff_mult(v, j, S2_SIZE, S2_POLY); - sb2[i] = (u1byte)ff_mult(v, j, S2_SIZE, S2_POLY); - } - - // initialise permutation table - - for(i = 0; i < 256; ++i) - { - prm[i][0] = ((i & 1) << 7) | ((i & 2) << 14) | ((i & 4) << 21) | ((i & 8) << 28); - prm[i][1] = ((i & 16) << 3) | ((i & 32) << 10) | ((i & 64) << 17) | ((i & 128) << 24); - } -}; - -void f_fun(u4byte res[2], const u4byte in[2], const u4byte key[2]) -{ u4byte i, tt[2], pp[2]; - - tt[0] = (in[0] & ~key[0]) | (in[1] & key[0]); - tt[1] = (in[1] & ~key[0]) | (in[0] & key[0]); - - i = sb1[((tt[1] >> 24) | (tt[0] << 8)) & S1_MASK]; - pp[0] = prm[i][0] >> 7; pp[1] = prm[i][1] >> 7; - i = sb2[(tt[1] >> 16) & S2_MASK]; - pp[0] |= prm[i][0] >> 6; pp[1] |= prm[i][1] >> 6; - i = sb1[(tt[1] >> 8) & S1_MASK]; - pp[0] |= prm[i][0] >> 5; pp[1] |= prm[i][1] >> 5; - i = sb2[tt[1] & S2_MASK]; - pp[0] |= prm[i][0] >> 4; pp[1] |= prm[i][1] >> 4; - i = sb2[((tt[0] >> 24) | (tt[1] << 8)) & S2_MASK]; - pp[0] |= prm[i][0] >> 3; pp[1] |= prm[i][1] >> 3; - i = sb1[(tt[0] >> 16) & S1_MASK]; - pp[0] |= prm[i][0] >> 2; pp[1] |= prm[i][1] >> 2; - i = sb2[(tt[0] >> 8) & S2_MASK]; - pp[0] |= prm[i][0] >> 1; pp[1] |= prm[i][1] >> 1; - i = sb1[tt[0] & S1_MASK]; - pp[0] |= prm[i][0]; pp[1] |= prm[i][1]; - - res[0] ^= sb1[byte(pp[0], 0) | (key[1] << 8) & S1_HMASK] - | (sb1[byte(pp[0], 1) | (key[1] << 3) & S1_HMASK] << 8) - | (sb2[byte(pp[0], 2) | (key[1] >> 2) & S2_HMASK] << 16) - | (sb2[byte(pp[0], 3) | (key[1] >> 5) & S2_HMASK] << 24); - res[1] ^= sb1[byte(pp[1], 0) | (key[1] >> 8) & S1_HMASK] - | (sb1[byte(pp[1], 1) | (key[1] >> 13) & S1_HMASK] << 8) - | (sb2[byte(pp[1], 2) | (key[1] >> 18) & S2_HMASK] << 16) - | (sb2[byte(pp[1], 3) | (key[1] >> 21) & S2_HMASK] << 24); -}; - -u4byte *loki_set_key(LokiContext *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u4byte i, k1[2], k2[2], k3[2], k4[2], del[2], tt[2], sk[2]; - u4byte *l_key = ctx->l_key; - - if(!init_done) - { - init_tables(); init_done = 1; - } - - k4[0] = io_swap(in_key[1]); k4[1] = io_swap(in_key[0]); - k3[0] = io_swap(in_key[3]); k3[1] = io_swap(in_key[2]); - - switch ((key_len + 63) / 64) - { - case 2: - k2[0] = 0; k2[1] = 0; f_fun(k2, k3, k4); - k1[0] = 0; k1[1] = 0; f_fun(k1, k4, k3); - break; - case 3: - k2[0] = io_swap(in_key[5]); k2[1] = io_swap(in_key[4]); - k1[0] = 0; k1[1] = 0; f_fun(k1, k4, k3); - break; - case 4: - k2[0] = in_key[5]; k2[1] = in_key[4]; - k1[0] = in_key[7]; k1[1] = in_key[6]; - k2[0] = io_swap(in_key[5]); k2[1] = io_swap(in_key[4]); - k1[0] = io_swap(in_key[7]); k1[1] = io_swap(in_key[6]); - } - - del[0] = delta[0]; del[1] = delta[1]; - - for(i = 0; i < 48; ++i) - { - tt[0] = k1[0]; tt[1] = k1[1]; - add_eq(tt, k3); add_eq(tt, del); add_eq(del, delta); - sk[0] = k4[0]; sk[1] = k4[1]; - k4[0] = k3[0]; k4[1] = k3[1]; - k3[0] = k2[0]; k3[1] = k2[1]; - k2[0] = k1[0]; k2[1] = k1[1]; - k1[0] = sk[0]; k1[1] = sk[1]; - f_fun(k1, tt, k3); - l_key[i + i] = k1[0]; l_key[i + i + 1] = k1[1]; - } - - return l_key; -}; - -#define r_fun(l,r,k) \ - add_eq((l),(k)); \ - f_fun((r),(l),(k) + 2); \ - add_eq((l), (k) + 4) - -void loki_encrypt(LokiContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte blk[4]; - u4byte *l_key = ctx->l_key; - - blk[3] = io_swap(in_blk[0]); blk[2] = io_swap(in_blk[1]); - blk[1] = io_swap(in_blk[2]); blk[0] = io_swap(in_blk[3]); - - r_fun(blk, blk + 2, l_key + 0); - r_fun(blk + 2, blk, l_key + 6); - r_fun(blk, blk + 2, l_key + 12); - r_fun(blk + 2, blk, l_key + 18); - r_fun(blk, blk + 2, l_key + 24); - r_fun(blk + 2, blk, l_key + 30); - r_fun(blk, blk + 2, l_key + 36); - r_fun(blk + 2, blk, l_key + 42); - r_fun(blk, blk + 2, l_key + 48); - r_fun(blk + 2, blk, l_key + 54); - r_fun(blk, blk + 2, l_key + 60); - r_fun(blk + 2, blk, l_key + 66); - r_fun(blk, blk + 2, l_key + 72); - r_fun(blk + 2, blk, l_key + 78); - r_fun(blk, blk + 2, l_key + 84); - r_fun(blk + 2, blk, l_key + 90); - - out_blk[3] = io_swap(blk[2]); out_blk[2] = io_swap(blk[3]); - out_blk[1] = io_swap(blk[0]); out_blk[0] = io_swap(blk[1]); -}; - -#define ir_fun(l,r,k) \ - sub_eq((l),(k) + 4); \ - f_fun((r),(l),(k) + 2); \ - sub_eq((l),(k)) - -void loki_decrypt(LokiContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte blk[4], xs; - u4byte *l_key = ctx->l_key; - - blk[3] = io_swap(in_blk[0]); blk[2] = io_swap(in_blk[1]); - blk[1] = io_swap(in_blk[2]); blk[0] = io_swap(in_blk[3]); - - ir_fun(blk, blk + 2, l_key + 90); - ir_fun(blk + 2, blk, l_key + 84); - ir_fun(blk, blk + 2, l_key + 78); - ir_fun(blk + 2, blk, l_key + 72); - ir_fun(blk, blk + 2, l_key + 66); - ir_fun(blk + 2, blk, l_key + 60); - ir_fun(blk, blk + 2, l_key + 54); - ir_fun(blk + 2, blk, l_key + 48); - ir_fun(blk, blk + 2, l_key + 42); - ir_fun(blk + 2, blk, l_key + 36); - ir_fun(blk, blk + 2, l_key + 30); - ir_fun(blk + 2, blk, l_key + 24); - ir_fun(blk, blk + 2, l_key + 18); - ir_fun(blk + 2, blk, l_key + 12); - ir_fun(blk, blk + 2, l_key + 6); - ir_fun(blk + 2, blk, l_key); - - out_blk[3] = io_swap(blk[2]); out_blk[2] = io_swap(blk[3]); - out_blk[1] = io_swap(blk[0]); out_blk[0] = io_swap(blk[1]); -}; diff --git a/lib/silccrypt/loki.h b/lib/silccrypt/loki.h deleted file mode 100644 index a93b2ce1..00000000 --- a/lib/silccrypt/loki.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - - loki.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:54 priikone - * Initial revision - * - * - */ - -#ifndef LOKI_H -#define LOKI_H - -#include "loki_internal.h" - -/* - * SILC Crypto API for Loki - */ - -/* Sets the key for the cipher. */ - -inline int silc_loki_init(void *context, - const unsigned char *key, - size_t keylen) -{ - loki_set_key((LokiContext *)context, (unsigned int *)key, keylen); - return 1; -} - -/* Sets the string as a new key for the cipher. The string - is first hashed and then used as a new key. */ - -inline int silc_loki_set_string_as_key(void *context, - const unsigned char *string, - size_t keylen) -{ - /* unsigned char key[md5_hash_len]; - SilcMarsContext *ctx = (SilcMarsContext *)context; - - make_md5_hash(string, &key); - memcpy(&ctx->key, mars_set_key(&key, keylen), keylen); - memset(&key, 'F', sizeoof(key)); - */ - - return 1; -} - -/* Returns the size of the cipher context. */ - -inline size_t silc_loki_context_len() -{ - return sizeof(LokiContext); -} - -/* Encrypts with the cipher in CBC mode. */ - -inline int silc_loki_encrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - loki_encrypt((LokiContext *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - loki_encrypt((LokiContext *)context, tmp, out); - in += 4; - out += 4; - } - - return 1; -} - -/* Decrypts with the cipher in CBC mode. */ - -inline int silc_loki_decrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - loki_decrypt((LokiContext *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - loki_decrypt((LokiContext *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return 1; -} - -#endif diff --git a/lib/silccrypt/loki_internal.h b/lib/silccrypt/loki_internal.h deleted file mode 100644 index 650f6b44..00000000 --- a/lib/silccrypt/loki_internal.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - - loki_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef LOKI_INTERNAL_H -#define LOKI_INTERNAL_H - -/* Cipher's context */ -typedef struct { - u4byte l_key[96]; -} LokiContext; - -/* Prototypes */ -u4byte *loki_set_key(LokiContext *ctx, - const u4byte in_key[], const u4byte key_len); -void loki_encrypt(LokiContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); -void loki_decrypt(LokiContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); - -#endif diff --git a/lib/silccrypt/safer.c b/lib/silccrypt/safer.c deleted file mode 100644 index bb0a3bc9..00000000 --- a/lib/silccrypt/safer.c +++ /dev/null @@ -1,379 +0,0 @@ - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* SAFER+ by Cylink */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -/* Timing data for SAFER+ (safer.c) - -Core timing without I/O endian conversion: - -128 bit key: -Key Setup: 4278 cycles -Encrypt: 1722 cycles = 14.9 mbits/sec -Decrypt: 1709 cycles = 15.0 mbits/sec -Mean: 1716 cycles = 14.9 mbits/sec - -192 bit key: -Key Setup: 7426 cycles -Encrypt: 2555 cycles = 10.0 mbits/sec -Decrypt: 2530 cycles = 10.1 mbits/sec -Mean: 2543 cycles = 10.1 mbits/sec - -256 bit key: -Key Setup: 11313 cycles -Encrypt: 3391 cycles = 7.5 mbits/sec -Decrypt: 3338 cycles = 7.7 mbits/sec -Mean: 3365 cycles = 7.6 mbits/sec - -Full timing with I/O endian conversion: - -128 bit key: -Key Setup: 3977 cycles -Encrypt: 1751 cycles = 14.6 mbits/sec -Decrypt: 1734 cycles = 14.8 mbits/sec -Mean: 1743 cycles = 14.7 mbits/sec - -192 bit key: -Key Setup: 6490 cycles -Encrypt: 2574 cycles = 9.9 mbits/sec -Decrypt: 2549 cycles = 10.0 mbits/sec -Mean: 2562 cycles = 10.0 mbits/sec - -256 bit key: -Key Setup: 9487 cycles -Encrypt: 3412 cycles = 7.5 mbits/sec -Decrypt: 3372 cycles = 7.6 mbits/sec -Mean: 3392 cycles = 7.5 mbits/sec - -*/ - -#include -#include -#include "safer_internal.h" - -u1byte expf[256] = -{ 1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, - 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, - 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, - 255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, - 241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, - 129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, - 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, - 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, - 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, - 249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, - 193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, - 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, - 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, - 128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, - 253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, - 225, 102, 221, 179, 88, 105, 99, 86, 15, 161, 49, 149, 23, 7, 58, 40 -}; - -u1byte logf[512] = -{ - 128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, - 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, - 112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, - 201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, - 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, - 175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, - 121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, - 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, - 208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, - 210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, - 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, - 164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, - 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, - 122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, - 109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, - 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48, - - 128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, - 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, - 112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, - 201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, - 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, - 175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, - 121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, - 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, - 208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, - 210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, - 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, - 164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, - 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, - 122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, - 109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, - 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48 -}; - -u4byte *safer_set_key(SaferContext *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u1byte by, lk[33]; - u4byte i, j, k, l, m; - u1byte *l_key = ctx->l_key; - - get_key(lk, key_len); - - ctx->k_bytes = k_bytes = key_len / 8; lk[k_bytes] = 0; - - for(i = 0; i < k_bytes; ++i) - { - lk[k_bytes] ^= lk[i]; l_key[i] = lk[i]; - } - - for(i = 0; i < k_bytes; ++i) - { - for(j = 0; j <= k_bytes; ++j) - { - by = lk[j]; lk[j] = by << 3 | by >> 5; - } - - k = 17 * i + 35; l = 16 * i + 16; m = i + 1; - - if(i < 16) - { - for(j = 0; j < 16; ++j) - { - l_key[l + j] = lk[m] + expf[expf[(k + j) & 255]]; - - m = (m == k_bytes ? 0 : m + 1); - } - } - else - { - for(j = 0; j < 16; ++j) - { - l_key[l + j] = lk[m] + expf[(k + j) & 255]; - - m = (m == k_bytes ? 0 : m + 1); - } - } - } - return (u4byte*)l_key; -}; - -void do_fr(u1byte x[16], u1byte *kp) -{ u1byte t; - - x[ 0] = expf[x[ 0] ^ kp[ 0]] + kp[16]; - x[ 1] = logf[x[ 1] + kp[ 1]] ^ kp[17]; - x[ 2] = logf[x[ 2] + kp[ 2]] ^ kp[18]; - x[ 3] = expf[x[ 3] ^ kp[ 3]] + kp[19]; - - x[ 4] = expf[x[ 4] ^ kp[ 4]] + kp[20]; - x[ 5] = logf[x[ 5] + kp[ 5]] ^ kp[21]; - x[ 6] = logf[x[ 6] + kp[ 6]] ^ kp[22]; - x[ 7] = expf[x[ 7] ^ kp[ 7]] + kp[23]; - - x[ 8] = expf[x[ 8] ^ kp[ 8]] + kp[24]; - x[ 9] = logf[x[ 9] + kp[ 9]] ^ kp[25]; - x[10] = logf[x[10] + kp[10]] ^ kp[26]; - x[11] = expf[x[11] ^ kp[11]] + kp[27]; - - x[12] = expf[x[12] ^ kp[12]] + kp[28]; - x[13] = logf[x[13] + kp[13]] ^ kp[29]; - x[14] = logf[x[14] + kp[14]] ^ kp[30]; - x[15] = expf[x[15] ^ kp[15]] + kp[31]; - - x[ 1] += x[ 0]; x[ 0] += x[ 1]; - x[ 3] += x[ 2]; x[ 2] += x[ 3]; - x[ 5] += x[ 4]; x[ 4] += x[ 5]; - x[ 7] += x[ 6]; x[ 6] += x[ 7]; - x[ 9] += x[ 8]; x[ 8] += x[ 9]; - x[11] += x[10]; x[10] += x[11]; - x[13] += x[12]; x[12] += x[13]; - x[15] += x[14]; x[14] += x[15]; - - x[ 7] += x[ 0]; x[ 0] += x[ 7]; - x[ 1] += x[ 2]; x[ 2] += x[ 1]; - x[ 3] += x[ 4]; x[ 4] += x[ 3]; - x[ 5] += x[ 6]; x[ 6] += x[ 5]; - x[11] += x[ 8]; x[ 8] += x[11]; - x[ 9] += x[10]; x[10] += x[ 9]; - x[15] += x[12]; x[12] += x[15]; - x[13] += x[14]; x[14] += x[13]; - - x[ 3] += x[ 0]; x[ 0] += x[ 3]; - x[15] += x[ 2]; x[ 2] += x[15]; - x[ 7] += x[ 4]; x[ 4] += x[ 7]; - x[ 1] += x[ 6]; x[ 6] += x[ 1]; - x[ 5] += x[ 8]; x[ 8] += x[ 5]; - x[13] += x[10]; x[10] += x[13]; - x[11] += x[12]; x[12] += x[11]; - x[ 9] += x[14]; x[14] += x[ 9]; - - x[13] += x[ 0]; x[ 0] += x[13]; - x[ 5] += x[ 2]; x[ 2] += x[ 5]; - x[ 9] += x[ 4]; x[ 4] += x[ 9]; - x[11] += x[ 6]; x[ 6] += x[11]; - x[15] += x[ 8]; x[ 8] += x[15]; - x[ 1] += x[10]; x[10] += x[ 1]; - x[ 3] += x[12]; x[12] += x[ 3]; - x[ 7] += x[14]; x[14] += x[ 7]; - - t = x[0]; x[0] = x[14]; x[14] = x[12]; x[12] = x[10]; x[10] = x[2]; - x[2] = x[8]; x[8] = x[4]; x[4] = t; - - t = x[1]; x[1] = x[7]; x[7] = x[11]; x[11] = x[5]; x[5] = x[13]; x[13] = t; - - t = x[15]; x[15] = x[3]; x[3] = t; -}; - -void do_ir(u1byte x[16], u1byte *kp) -{ u1byte t; - - t = x[3]; x[3] = x[15]; x[15] = t; - - t = x[13]; x[13] = x[5]; x[5] = x[11]; x[11] = x[7]; x[7] = x[1]; x[1] = t; - - t = x[4]; x[4] = x[8]; x[8] = x[2]; x[2] = x[10]; - x[10] = x[12]; x[12] = x[14]; x[14] = x[0]; x[0] = t; - - x[14] -= x[ 7]; x[ 7] -= x[14]; - x[12] -= x[ 3]; x[ 3] -= x[12]; - x[10] -= x[ 1]; x[ 1] -= x[10]; - x[ 8] -= x[15]; x[15] -= x[ 8]; - x[ 6] -= x[11]; x[11] -= x[ 6]; - x[ 4] -= x[ 9]; x[ 9] -= x[ 4]; - x[ 2] -= x[ 5]; x[ 5] -= x[ 2]; - x[ 0] -= x[13]; x[13] -= x[ 0]; - - x[14] -= x[ 9]; x[ 9] -= x[14]; - x[12] -= x[11]; x[11] -= x[12]; - x[10] -= x[13]; x[13] -= x[10]; - x[ 8] -= x[ 5]; x[ 5] -= x[ 8]; - x[ 6] -= x[ 1]; x[ 1] -= x[ 6]; - x[ 4] -= x[ 7]; x[ 7] -= x[ 4]; - x[ 2] -= x[15]; x[15] -= x[ 2]; - x[ 0] -= x[ 3]; x[ 3] -= x[ 0]; - - x[14] -= x[13]; x[13] -= x[14]; - x[12] -= x[15]; x[15] -= x[12]; - x[10] -= x[ 9]; x[ 9] -= x[10]; - x[ 8] -= x[11]; x[11] -= x[ 8]; - x[ 6] -= x[ 5]; x[ 5] -= x[ 6]; - x[ 4] -= x[ 3]; x[ 3] -= x[ 4]; - x[ 2] -= x[ 1]; x[ 1] -= x[ 2]; - x[ 0] -= x[ 7]; x[ 7] -= x[ 0]; - - x[14] -= x[15]; x[15] -= x[14]; - x[12] -= x[13]; x[13] -= x[12]; - x[10] -= x[11]; x[11] -= x[10]; - x[ 8] -= x[ 9]; x[ 9] -= x[ 8]; - x[ 6] -= x[ 7]; x[ 7] -= x[ 6]; - x[ 4] -= x[ 5]; x[ 5] -= x[ 4]; - x[ 2] -= x[ 3]; x[ 3] -= x[ 2]; - x[ 0] -= x[ 1]; x[ 1] -= x[ 0]; - - x[ 0] = logf[x[ 0] - kp[16] + 256] ^ kp[ 0]; - x[ 1] = expf[x[ 1] ^ kp[17]] - kp[ 1]; - x[ 2] = expf[x[ 2] ^ kp[18]] - kp[ 2]; - x[ 3] = logf[x[ 3] - kp[19] + 256] ^ kp[ 3]; - - x[ 4] = logf[x[ 4] - kp[20] + 256] ^ kp[ 4]; - x[ 5] = expf[x[ 5] ^ kp[21]] - kp[ 5]; - x[ 6] = expf[x[ 6] ^ kp[22]] - kp[ 6]; - x[ 7] = logf[x[ 7] - kp[23] + 256] ^ kp[ 7]; - - x[ 8] = logf[x[ 8] - kp[24] + 256] ^ kp[ 8]; - x[ 9] = expf[x[ 9] ^ kp[25]] - kp[ 9]; - x[10] = expf[x[10] ^ kp[26]] - kp[10]; - x[11] = logf[x[11] - kp[27] + 256] ^ kp[11]; - - x[12] = logf[x[12] - kp[28] + 256] ^ kp[12]; - x[13] = expf[x[13] ^ kp[29]] - kp[13]; - x[14] = expf[x[14] ^ kp[30]] - kp[14]; - x[15] = logf[x[15] - kp[31] + 256] ^ kp[15]; -}; - -void safer_encrypt(SaferContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u1byte blk[16], *kp; - u1byte *l_key = ctx->l_key; - u4byte k_bytes = ctx->k_bytes; - - get_block(blk); - - do_fr(blk, l_key); do_fr(blk, l_key + 32); - do_fr(blk, l_key + 64); do_fr(blk, l_key + 96); - do_fr(blk, l_key + 128); do_fr(blk, l_key + 160); - do_fr(blk, l_key + 192); do_fr(blk, l_key + 224); - - if(k_bytes > 16) - { - do_fr(blk, l_key + 256); do_fr(blk, l_key + 288); - do_fr(blk, l_key + 320); do_fr(blk, l_key + 352); - } - - if(k_bytes > 24) - { - do_fr(blk, l_key + 384); do_fr(blk, l_key + 416); - do_fr(blk, l_key + 448); do_fr(blk, l_key + 480); - } - - kp = l_key + 16 * k_bytes; - - blk[ 0] ^= kp[ 0]; blk[ 1] += kp[ 1]; - blk[ 2] += kp[ 2]; blk[ 3] ^= kp[ 3]; - blk[ 4] ^= kp[ 4]; blk[ 5] += kp[ 5]; - blk[ 6] += kp[ 6]; blk[ 7] ^= kp[ 7]; - blk[ 8] ^= kp[ 8]; blk[ 9] += kp[ 9]; - blk[10] += kp[10]; blk[11] ^= kp[11]; - blk[12] ^= kp[12]; blk[13] += kp[13]; - blk[14] += kp[14]; blk[15] ^= kp[15]; - - put_block(blk); -}; - -void safer_decrypt(SaferContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u1byte blk[16], *kp; - u1byte *l_key = ctx->l_key; - u4byte k_bytes = ctx->k_bytes; - - get_block(blk); - - kp = l_key + 16 * k_bytes; - - blk[ 0] ^= kp[ 0]; blk[ 1] -= kp[ 1]; - blk[ 2] -= kp[ 2]; blk[ 3] ^= kp[ 3]; - blk[ 4] ^= kp[ 4]; blk[ 5] -= kp[ 5]; - blk[ 6] -= kp[ 6]; blk[ 7] ^= kp[ 7]; - blk[ 8] ^= kp[ 8]; blk[ 9] -= kp[ 9]; - blk[10] -= kp[10]; blk[11] ^= kp[11]; - blk[12] ^= kp[12]; blk[13] -= kp[13]; - blk[14] -= kp[14]; blk[15] ^= kp[15]; - - if(k_bytes > 24) - { - do_ir(blk, l_key + 480); do_ir(blk, l_key + 448); - do_ir(blk, l_key + 416); do_ir(blk, l_key + 384); - } - - if(k_bytes > 16) - { - do_ir(blk, l_key + 352); do_ir(blk, l_key + 320); - do_ir(blk, l_key + 288); do_ir(blk, l_key + 256); - } - - do_ir(blk, l_key + 224); do_ir(blk, l_key + 192); - do_ir(blk, l_key + 160); do_ir(blk, l_key + 128); - do_ir(blk, l_key + 96); do_ir(blk, l_key + 64); - do_ir(blk, l_key + 32); do_ir(blk, l_key); - - put_block(blk); -}; diff --git a/lib/silccrypt/safer.h b/lib/silccrypt/safer.h deleted file mode 100644 index 063be801..00000000 --- a/lib/silccrypt/safer.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - - safer.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:55 priikone - * Initial revision - * - * - */ - -#ifndef SAFER_H -#define SAFER_H - -#include "safer_internal.h" - -/* - * SILC Crypto API for Safer - */ - -/* Sets the key for the cipher. */ - -inline int silc_safer_init(void *context, - const unsigned char *key, - size_t keylen) -{ - safer_set_key((SaferContext *)context, (unsigned int *)key, keylen); - return 1; -} - -/* Sets the string as a new key for the cipher. The string is first - hashed and then used as a new key. */ - -inline int silc_safer_set_string_as_key(void *context, - const unsigned char *string, - size_t keylen) -{ - /* unsigned char key[md5_hash_len]; - SilcMarsContext *ctx = (SilcMarsContext *)context; - - make_md5_hash(string, &key); - memcpy(&ctx->key, mars_set_key(&key, keylen), keylen); - memset(&key, 'F', sizeoof(key)); - */ - - return 1; -} - -/* Returns the size of the cipher context. */ - -inline size_t silc_safer_context_len() -{ - return sizeof(SaferContext); -} - -/* Encrypts with the cipher in CBC mode. */ - -inline int silc_safer_encrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - safer_encrypt((SaferContext *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - safer_encrypt((SaferContext *)context, tmp, out); - in += 4; - out += 4; - } - - return 1; -} - -/* Decrypts with the cipher in CBC mode. */ - -inline int silc_safer_decrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - safer_decrypt((SaferContext *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - safer_decrypt((SaferContext *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return 1; -} - -#endif diff --git a/lib/silccrypt/safer_internal.h b/lib/silccrypt/safer_internal.h deleted file mode 100644 index ee3bb1b4..00000000 --- a/lib/silccrypt/safer_internal.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - - safer_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef SAFER_INTERNAL_H -#define SAFER_INTERNAL_H - -/* Cipher's context */ -typedef struct { - u1byte l_key[33 * 16]; - u4byte k_bytes; -} SaferContext; - -/* Prototypes */ -u4byte *safer_set_key(SaferContext *ctx, - const u4byte in_key[], const u4byte key_len); -void safer_encrypt(SaferContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); -void safer_decrypt(SaferContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); - -#endif diff --git a/lib/silccrypt/serpent.c b/lib/silccrypt/serpent.c deleted file mode 100644 index 63640c8a..00000000 --- a/lib/silccrypt/serpent.c +++ /dev/null @@ -1,657 +0,0 @@ -/* Modified for SILC. -Pekka */x - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* Serpent by Ross Anderson, Eli Biham and Lars Knudsen */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -/* Timing data for Serpent (serpent.c) - -Core timing without I/O endian conversion: - -128 bit key: -Key Setup: 2402 cycles -Encrypt: 952 cycles = 26.9 mbits/sec -Decrypt: 914 cycles = 28.0 mbits/sec -Mean: 933 cycles = 27.4 mbits/sec - -192 bit key: -Key Setup: 2449 cycles -Encrypt: 952 cycles = 26.9 mbits/sec -Decrypt: 914 cycles = 28.0 mbits/sec -Mean: 933 cycles = 27.4 mbits/sec - -256 bit key: -Key Setup: 2349 cycles -Encrypt: 952 cycles = 26.9 mbits/sec -Decrypt: 914 cycles = 28.0 mbits/sec -Mean: 933 cycles = 27.4 mbits/sec - -Full timing with I/O endian conversion: - -128 bit key: -Key Setup: 2415 cycles -Encrypt: 985 cycles = 26.0 mbits/sec -Decrypt: 954 cycles = 26.8 mbits/sec -Mean: 970 cycles = 26.4 mbits/sec - -192 bit key: -Key Setup: 2438 cycles -Encrypt: 985 cycles = 26.0 mbits/sec -Decrypt: 954 cycles = 26.8 mbits/sec -Mean: 970 cycles = 26.4 mbits/sec - -256 bit key: -Key Setup: 2463 cycles -Encrypt: 985 cycles = 26.0 mbits/sec -Decrypt: 954 cycles = 26.8 mbits/sec -Mean: 970 cycles = 26.4 mbits/sec - -*/ - -#include -#include -#include "serpent_internal.h" - -/* Partially optimised Serpent S Box boolean functions derived */ -/* using a recursive descent analyser but without a full search */ -/* of all subtrees. This set of S boxes is the result of work */ -/* by Sam Simpson and Brian Gladman using the spare time on a */ -/* cluster of high capacity servers to search for S boxes with */ -/* this customised search engine. */ -/* */ -/* Copyright: Dr B. R Gladman (gladman@seven77.demon.co.uk) */ -/* and Sam Simpson (s.simpson@mia.co.uk) */ -/* 17th December 1998 */ -/* */ -/* We hereby give permission for information in this file to be */ -/* used freely subject only to acknowledgement of its origin */ - -/* 15 terms */ - -#define sb0(a,b,c,d,e,f,g,h) \ - t1 = a ^ d; \ - t2 = a & d; \ - t3 = c ^ t1; \ - t6 = b & t1; \ - t4 = b ^ t3; \ - t10 = ~t3; \ - h = t2 ^ t4; \ - t7 = a ^ t6; \ - t14 = ~t7; \ - t8 = c | t7; \ - t11 = t3 ^ t7; \ - g = t4 ^ t8; \ - t12 = h & t11; \ - f = t10 ^ t12; \ - e = t12 ^ t14 - -/* 15 terms */ - -#define ib0(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = a ^ b; \ - t3 = t1 | t2; \ - t4 = d ^ t3; \ - t7 = d & t2; \ - t5 = c ^ t4; \ - t8 = t1 ^ t7; \ - g = t2 ^ t5; \ - t11 = a & t4; \ - t9 = g & t8; \ - t14 = t5 ^ t8; \ - f = t4 ^ t9; \ - t12 = t5 | f; \ - h = t11 ^ t12; \ - e = h ^ t14 - -/* 14 terms! */ - -#define sb1(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = b ^ t1; \ - t3 = a | t2; \ - t4 = d | t2; \ - t5 = c ^ t3; \ - g = d ^ t5; \ - t7 = b ^ t4; \ - t8 = t2 ^ g; \ - t9 = t5 & t7; \ - h = t8 ^ t9; \ - t11 = t5 ^ t7; \ - f = h ^ t11; \ - t13 = t8 & t11; \ - e = t5 ^ t13 - -/* 17 terms */ - -#define ib1(a,b,c,d,e,f,g,h) \ - t1 = a ^ d; \ - t2 = a & b; \ - t3 = b ^ c; \ - t4 = a ^ t3; \ - t5 = b | d; \ - t7 = c | t1; \ - h = t4 ^ t5; \ - t8 = b ^ t7; \ - t11 = ~t2; \ - t9 = t4 & t8; \ - f = t1 ^ t9; \ - t13 = t9 ^ t11; \ - t12 = h & f; \ - g = t12 ^ t13; \ - t15 = a & d; \ - t16 = c ^ t13; \ - e = t15 ^ t16 - -/* 16 terms */ - -#define sb2(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = b ^ d; \ - t3 = c & t1; \ - t13 = d | t1; \ - e = t2 ^ t3; \ - t5 = c ^ t1; \ - t6 = c ^ e; \ - t7 = b & t6; \ - t10 = e | t5; \ - h = t5 ^ t7; \ - t9 = d | t7; \ - t11 = t9 & t10; \ - t14 = t2 ^ h; \ - g = a ^ t11; \ - t15 = g ^ t13; \ - f = t14 ^ t15 - -/* 16 terms */ - -#define ib2(a,b,c,d,e,f,g,h) \ - t1 = b ^ d; \ - t2 = ~t1; \ - t3 = a ^ c; \ - t4 = c ^ t1; \ - t7 = a | t2; \ - t5 = b & t4; \ - t8 = d ^ t7; \ - t11 = ~t4; \ - e = t3 ^ t5; \ - t9 = t3 | t8; \ - t14 = d & t11; \ - h = t1 ^ t9; \ - t12 = e | h; \ - f = t11 ^ t12; \ - t15 = t3 ^ t12; \ - g = t14 ^ t15 - -/* 17 terms */ - -#define sb3(a,b,c,d,e,f,g,h) \ - t1 = a ^ c; \ - t2 = d ^ t1; \ - t3 = a & t2; \ - t4 = d ^ t3; \ - t5 = b & t4; \ - g = t2 ^ t5; \ - t7 = a | g; \ - t8 = b | d; \ - t11 = a | d; \ - t9 = t4 & t7; \ - f = t8 ^ t9; \ - t12 = b ^ t11; \ - t13 = g ^ t9; \ - t15 = t3 ^ t8; \ - h = t12 ^ t13; \ - t16 = c & t15; \ - e = t12 ^ t16 - -/* 16 term solution that performs less well than 17 term one - in my environment (PPro/PII) - -#define sb3(a,b,c,d,e,f,g,h) \ - t1 = a ^ b; \ - t2 = a & c; \ - t3 = a | d; \ - t4 = c ^ d; \ - t5 = t1 & t3; \ - t6 = t2 | t5; \ - g = t4 ^ t6; \ - t8 = b ^ t3; \ - t9 = t6 ^ t8; \ - t10 = t4 & t9; \ - e = t1 ^ t10; \ - t12 = g & e; \ - f = t9 ^ t12; \ - t14 = b | d; \ - t15 = t4 ^ t12; \ - h = t14 ^ t15 -*/ - -/* 17 terms */ - -#define ib3(a,b,c,d,e,f,g,h) \ - t1 = b ^ c; \ - t2 = b | c; \ - t3 = a ^ c; \ - t7 = a ^ d; \ - t4 = t2 ^ t3; \ - t5 = d | t4; \ - t9 = t2 ^ t7; \ - e = t1 ^ t5; \ - t8 = t1 | t5; \ - t11 = a & t4; \ - g = t8 ^ t9; \ - t12 = e | t9; \ - f = t11 ^ t12; \ - t14 = a & g; \ - t15 = t2 ^ t14; \ - t16 = e & t15; \ - h = t4 ^ t16 - -/* 15 terms */ - -#define sb4(a,b,c,d,e,f,g,h) \ - t1 = a ^ d; \ - t2 = d & t1; \ - t3 = c ^ t2; \ - t4 = b | t3; \ - h = t1 ^ t4; \ - t6 = ~b; \ - t7 = t1 | t6; \ - e = t3 ^ t7; \ - t9 = a & e; \ - t10 = t1 ^ t6; \ - t11 = t4 & t10; \ - g = t9 ^ t11; \ - t13 = a ^ t3; \ - t14 = t10 & g; \ - f = t13 ^ t14 - -/* 17 terms */ - -#define ib4(a,b,c,d,e,f,g,h) \ - t1 = c ^ d; \ - t2 = c | d; \ - t3 = b ^ t2; \ - t4 = a & t3; \ - f = t1 ^ t4; \ - t6 = a ^ d; \ - t7 = b | d; \ - t8 = t6 & t7; \ - h = t3 ^ t8; \ - t10 = ~a; \ - t11 = c ^ h; \ - t12 = t10 | t11;\ - e = t3 ^ t12; \ - t14 = c | t4; \ - t15 = t7 ^ t14; \ - t16 = h | t10; \ - g = t15 ^ t16 - -/* 16 terms */ - -#define sb5(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = a ^ b; \ - t3 = a ^ d; \ - t4 = c ^ t1; \ - t5 = t2 | t3; \ - e = t4 ^ t5; \ - t7 = d & e; \ - t8 = t2 ^ e; \ - t10 = t1 | e; \ - f = t7 ^ t8; \ - t11 = t2 | t7; \ - t12 = t3 ^ t10; \ - t14 = b ^ t7; \ - g = t11 ^ t12; \ - t15 = f & t12; \ - h = t14 ^ t15 - -/* 16 terms */ - -#define ib5(a,b,c,d,e,f,g,h) \ - t1 = ~c; \ - t2 = b & t1; \ - t3 = d ^ t2; \ - t4 = a & t3; \ - t5 = b ^ t1; \ - h = t4 ^ t5; \ - t7 = b | h; \ - t8 = a & t7; \ - f = t3 ^ t8; \ - t10 = a | d; \ - t11 = t1 ^ t7; \ - e = t10 ^ t11; \ - t13 = a ^ c; \ - t14 = b & t10; \ - t15 = t4 | t13; \ - g = t14 ^ t15 - -/* 15 terms */ - -#define sb6(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = a ^ d; \ - t3 = b ^ t2; \ - t4 = t1 | t2; \ - t5 = c ^ t4; \ - f = b ^ t5; \ - t13 = ~t5; \ - t7 = t2 | f; \ - t8 = d ^ t7; \ - t9 = t5 & t8; \ - g = t3 ^ t9; \ - t11 = t5 ^ t8; \ - e = g ^ t11; \ - t14 = t3 & t11; \ - h = t13 ^ t14 - -/* 15 terms */ - -#define ib6(a,b,c,d,e,f,g,h) \ - t1 = ~a; \ - t2 = a ^ b; \ - t3 = c ^ t2; \ - t4 = c | t1; \ - t5 = d ^ t4; \ - t13 = d & t1; \ - f = t3 ^ t5; \ - t7 = t3 & t5; \ - t8 = t2 ^ t7; \ - t9 = b | t8; \ - h = t5 ^ t9; \ - t11 = b | h; \ - e = t8 ^ t11; \ - t14 = t3 ^ t11; \ - g = t13 ^ t14 - -/* 17 terms */ - -#define sb7(a,b,c,d,e,f,g,h) \ - t1 = ~c; \ - t2 = b ^ c; \ - t3 = b | t1; \ - t4 = d ^ t3; \ - t5 = a & t4; \ - t7 = a ^ d; \ - h = t2 ^ t5; \ - t8 = b ^ t5; \ - t9 = t2 | t8; \ - t11 = d & t3; \ - f = t7 ^ t9; \ - t12 = t5 ^ f; \ - t15 = t1 | t4; \ - t13 = h & t12; \ - g = t11 ^ t13; \ - t16 = t12 ^ g; \ - e = t15 ^ t16 - -/* 17 terms */ - -#define ib7(a,b,c,d,e,f,g,h) \ - t1 = a & b; \ - t2 = a | b; \ - t3 = c | t1; \ - t4 = d & t2; \ - h = t3 ^ t4; \ - t6 = ~d; \ - t7 = b ^ t4; \ - t8 = h ^ t6; \ - t11 = c ^ t7; \ - t9 = t7 | t8; \ - f = a ^ t9; \ - t12 = d | f; \ - e = t11 ^ t12; \ - t14 = a & h; \ - t15 = t3 ^ f; \ - t16 = e ^ t14; \ - g = t15 ^ t16 - -#define k_xor(r,a,b,c,d) \ - a ^= l_key[4 * r + 8]; \ - b ^= l_key[4 * r + 9]; \ - c ^= l_key[4 * r + 10]; \ - d ^= l_key[4 * r + 11] - -#define k_set(r,a,b,c,d) \ - a = l_key[4 * r + 8]; \ - b = l_key[4 * r + 9]; \ - c = l_key[4 * r + 10]; \ - d = l_key[4 * r + 11] - -#define k_get(r,a,b,c,d) \ - l_key[4 * r + 8] = a; \ - l_key[4 * r + 9] = b; \ - l_key[4 * r + 10] = c; \ - l_key[4 * r + 11] = d - -/* the linear transformation and its inverse */ - -#define rot(a,b,c,d) \ - a = rotl(a, 13); \ - c = rotl(c, 3); \ - d ^= c ^ (a << 3); \ - b ^= a ^ c; \ - d = rotl(d, 7); \ - b = rotl(b, 1); \ - a ^= b ^ d; \ - c ^= d ^ (b << 7); \ - a = rotl(a, 5); \ - c = rotl(c, 22) - -#define irot(a,b,c,d) \ - c = rotr(c, 22); \ - a = rotr(a, 5); \ - c ^= d ^ (b << 7); \ - a ^= b ^ d; \ - d = rotr(d, 7); \ - b = rotr(b, 1); \ - d ^= c ^ (a << 3); \ - b ^= a ^ c; \ - c = rotr(c, 3); \ - a = rotr(a, 13) - -/* initialise the key schedule from the user supplied key */ - -u4byte *serpent_set_key(SerpentContext *ctx, - const u4byte in_key[], const u4byte key_len) -{ - u4byte i,lk,a,b,c,d,e,f,g,h; - u4byte t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16; - u4byte *l_key = ctx->l_key; - - if(key_len < 0 || key_len > 256) - - return (u4byte*)0; - - i = 0; lk = (key_len + 31) / 32; - - while(i < lk) - { -#ifdef BLOCK_SWAP - l_key[i] = io_swap(in_key[lk - i - 1]); -#else - l_key[i] = in_key[i]; -#endif - i++; - } - - if(key_len < 256) - { - while(i < 8) - - l_key[i++] = 0; - - i = key_len / 32; lk = 1 << key_len % 32; - - l_key[i] = l_key[i] & (lk - 1) | lk; - } - - for(i = 0; i < 132; ++i) - { - lk = l_key[i] ^ l_key[i + 3] ^ l_key[i + 5] - ^ l_key[i + 7] ^ 0x9e3779b9 ^ i; - - l_key[i + 8] = (lk << 11) | (lk >> 21); - } - - k_set( 0,a,b,c,d);sb3(a,b,c,d,e,f,g,h);k_get( 0,e,f,g,h); - k_set( 1,a,b,c,d);sb2(a,b,c,d,e,f,g,h);k_get( 1,e,f,g,h); - k_set( 2,a,b,c,d);sb1(a,b,c,d,e,f,g,h);k_get( 2,e,f,g,h); - k_set( 3,a,b,c,d);sb0(a,b,c,d,e,f,g,h);k_get( 3,e,f,g,h); - k_set( 4,a,b,c,d);sb7(a,b,c,d,e,f,g,h);k_get( 4,e,f,g,h); - k_set( 5,a,b,c,d);sb6(a,b,c,d,e,f,g,h);k_get( 5,e,f,g,h); - k_set( 6,a,b,c,d);sb5(a,b,c,d,e,f,g,h);k_get( 6,e,f,g,h); - k_set( 7,a,b,c,d);sb4(a,b,c,d,e,f,g,h);k_get( 7,e,f,g,h); - k_set( 8,a,b,c,d);sb3(a,b,c,d,e,f,g,h);k_get( 8,e,f,g,h); - k_set( 9,a,b,c,d);sb2(a,b,c,d,e,f,g,h);k_get( 9,e,f,g,h); - k_set(10,a,b,c,d);sb1(a,b,c,d,e,f,g,h);k_get(10,e,f,g,h); - k_set(11,a,b,c,d);sb0(a,b,c,d,e,f,g,h);k_get(11,e,f,g,h); - k_set(12,a,b,c,d);sb7(a,b,c,d,e,f,g,h);k_get(12,e,f,g,h); - k_set(13,a,b,c,d);sb6(a,b,c,d,e,f,g,h);k_get(13,e,f,g,h); - k_set(14,a,b,c,d);sb5(a,b,c,d,e,f,g,h);k_get(14,e,f,g,h); - k_set(15,a,b,c,d);sb4(a,b,c,d,e,f,g,h);k_get(15,e,f,g,h); - k_set(16,a,b,c,d);sb3(a,b,c,d,e,f,g,h);k_get(16,e,f,g,h); - k_set(17,a,b,c,d);sb2(a,b,c,d,e,f,g,h);k_get(17,e,f,g,h); - k_set(18,a,b,c,d);sb1(a,b,c,d,e,f,g,h);k_get(18,e,f,g,h); - k_set(19,a,b,c,d);sb0(a,b,c,d,e,f,g,h);k_get(19,e,f,g,h); - k_set(20,a,b,c,d);sb7(a,b,c,d,e,f,g,h);k_get(20,e,f,g,h); - k_set(21,a,b,c,d);sb6(a,b,c,d,e,f,g,h);k_get(21,e,f,g,h); - k_set(22,a,b,c,d);sb5(a,b,c,d,e,f,g,h);k_get(22,e,f,g,h); - k_set(23,a,b,c,d);sb4(a,b,c,d,e,f,g,h);k_get(23,e,f,g,h); - k_set(24,a,b,c,d);sb3(a,b,c,d,e,f,g,h);k_get(24,e,f,g,h); - k_set(25,a,b,c,d);sb2(a,b,c,d,e,f,g,h);k_get(25,e,f,g,h); - k_set(26,a,b,c,d);sb1(a,b,c,d,e,f,g,h);k_get(26,e,f,g,h); - k_set(27,a,b,c,d);sb0(a,b,c,d,e,f,g,h);k_get(27,e,f,g,h); - k_set(28,a,b,c,d);sb7(a,b,c,d,e,f,g,h);k_get(28,e,f,g,h); - k_set(29,a,b,c,d);sb6(a,b,c,d,e,f,g,h);k_get(29,e,f,g,h); - k_set(30,a,b,c,d);sb5(a,b,c,d,e,f,g,h);k_get(30,e,f,g,h); - k_set(31,a,b,c,d);sb4(a,b,c,d,e,f,g,h);k_get(31,e,f,g,h); - k_set(32,a,b,c,d);sb3(a,b,c,d,e,f,g,h);k_get(32,e,f,g,h); - - return l_key; -}; - -/* encrypt a block of text */ - -void serpent_encrypt(SerpentContext *ctx, - const u4byte in_blk[4], u4byte out_blk[]) -{ - u4byte a,b,c,d,e,f,g,h; - u4byte t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16; - u4byte *l_key = ctx->l_key; - -#ifdef BLOCK_SWAP - a = io_swap(in_blk[3]); b = io_swap(in_blk[2]); - c = io_swap(in_blk[1]); d = io_swap(in_blk[0]); -#else - a = in_blk[0]; b = in_blk[1]; c = in_blk[2]; d = in_blk[3]; -#endif - - k_xor( 0,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor( 1,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor( 2,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor( 3,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor( 4,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor( 5,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor( 6,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor( 7,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor( 8,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor( 9,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(10,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(11,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(12,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(13,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(14,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(15,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(16,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(17,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(18,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(19,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(20,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(21,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(22,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(23,e,f,g,h); sb7(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(24,a,b,c,d); sb0(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(25,e,f,g,h); sb1(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(26,a,b,c,d); sb2(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(27,e,f,g,h); sb3(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(28,a,b,c,d); sb4(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(29,e,f,g,h); sb5(e,f,g,h,a,b,c,d); rot(a,b,c,d); - k_xor(30,a,b,c,d); sb6(a,b,c,d,e,f,g,h); rot(e,f,g,h); - k_xor(31,e,f,g,h); sb7(e,f,g,h,a,b,c,d); k_xor(32,a,b,c,d); - -#ifdef BLOCK_SWAP - out_blk[3] = io_swap(a); out_blk[2] = io_swap(b); - out_blk[1] = io_swap(c); out_blk[0] = io_swap(d); -#else - out_blk[0] = a; out_blk[1] = b; out_blk[2] = c; out_blk[3] = d; -#endif -}; - -/* decrypt a block of text */ - -void serpent_decrypt(SerpentContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]) -{ - u4byte a,b,c,d,e,f,g,h; - u4byte t1,t2,t3,t4,t5,t6,t7,t8,t9,t10,t11,t12,t13,t14,t15,t16; - u4byte *l_key = ctx->l_key; - -#ifdef BLOCK_SWAP - a = io_swap(in_blk[3]); b = io_swap(in_blk[2]); - c = io_swap(in_blk[1]); d = io_swap(in_blk[0]); -#else - a = in_blk[0]; b = in_blk[1]; c = in_blk[2]; d = in_blk[3]; -#endif - - k_xor(32,a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor(31,e,f,g,h); - irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(30,a,b,c,d); - irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(29,e,f,g,h); - irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(28,a,b,c,d); - irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(27,e,f,g,h); - irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(26,a,b,c,d); - irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor(25,e,f,g,h); - irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor(24,a,b,c,d); - irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor(23,e,f,g,h); - irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(22,a,b,c,d); - irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(21,e,f,g,h); - irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(20,a,b,c,d); - irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(19,e,f,g,h); - irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(18,a,b,c,d); - irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor(17,e,f,g,h); - irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor(16,a,b,c,d); - irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor(15,e,f,g,h); - irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor(14,a,b,c,d); - irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor(13,e,f,g,h); - irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor(12,a,b,c,d); - irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor(11,e,f,g,h); - irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor(10,a,b,c,d); - irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor( 9,e,f,g,h); - irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor( 8,a,b,c,d); - irot(a,b,c,d); ib7(a,b,c,d,e,f,g,h); k_xor( 7,e,f,g,h); - irot(e,f,g,h); ib6(e,f,g,h,a,b,c,d); k_xor( 6,a,b,c,d); - irot(a,b,c,d); ib5(a,b,c,d,e,f,g,h); k_xor( 5,e,f,g,h); - irot(e,f,g,h); ib4(e,f,g,h,a,b,c,d); k_xor( 4,a,b,c,d); - irot(a,b,c,d); ib3(a,b,c,d,e,f,g,h); k_xor( 3,e,f,g,h); - irot(e,f,g,h); ib2(e,f,g,h,a,b,c,d); k_xor( 2,a,b,c,d); - irot(a,b,c,d); ib1(a,b,c,d,e,f,g,h); k_xor( 1,e,f,g,h); - irot(e,f,g,h); ib0(e,f,g,h,a,b,c,d); k_xor( 0,a,b,c,d); - -#ifdef BLOCK_SWAP - out_blk[3] = io_swap(a); out_blk[2] = io_swap(b); - out_blk[1] = io_swap(c); out_blk[0] = io_swap(d); -#else - out_blk[0] = a; out_blk[1] = b; out_blk[2] = c; out_blk[3] = d; -#endif -}; diff --git a/lib/silccrypt/serpent.h b/lib/silccrypt/serpent.h deleted file mode 100644 index cadff85f..00000000 --- a/lib/silccrypt/serpent.h +++ /dev/null @@ -1,146 +0,0 @@ -/* - - serpent.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ -/* - * $Id$ - * $Log$ - * Revision 1.1 2000/06/27 11:36:55 priikone - * Initial revision - * - * - */ - -#ifndef SERPENT_H -#define SERPENT_H - -#include "serpent_internal.h" - -/* - * SILC Crypto API for Serpent - */ - -/* Sets the key for the cipher. */ - -inline int silc_serpent_init(void *context, - const unsigned char *key, - size_t keylen) -{ - serpent_set_key((SerpentContext *)context, (unsigned int *)key, keylen); - return 1; -} - -/* Sets the string as a new key for the cipher. The string is first - hashed and then used as a new key. */ - -inline int silc_serpent_set_string_as_key(void *context, - const unsigned char *string, - size_t keylen) -{ - /* unsigned char key[md5_hash_len]; - SilcMarsContext *ctx = (SilcMarsContext *)context; - - make_md5_hash(string, &key); - memcpy(&ctx->key, mars_set_key(&key, keylen), keylen); - memset(&key, 'F', sizeoof(key)); - */ - - return 1; -} - -/* Returns the size of the cipher context. */ - -inline size_t silc_serpent_context_len() -{ - return sizeof(SerpentContext); -} - -/* Encrypts with the cipher in CBC mode. */ - -inline int silc_serpent_encrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - unsigned int tmp[4]; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - tmp[0] = in[0] ^ tiv[0]; - tmp[1] = in[1] ^ tiv[1]; - tmp[2] = in[2] ^ tiv[2]; - tmp[3] = in[3] ^ tiv[3]; - serpent_encrypt((SerpentContext *)context, tmp, out); - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - tmp[0] = in[0] ^ out[0 - 4]; - tmp[1] = in[1] ^ out[1 - 4]; - tmp[2] = in[2] ^ out[2 - 4]; - tmp[3] = in[3] ^ out[3 - 4]; - serpent_encrypt((SerpentContext *)context, tmp, out); - in += 4; - out += 4; - } - - return 1; -} - -/* Decrypts with the cipher in CBC mode. */ - -inline int silc_serpent_decrypt_cbc(void *context, - const unsigned char *src, - unsigned char *dst, - size_t len, - unsigned char *iv) -{ - unsigned int *in, *out, *tiv; - int i; - - in = (unsigned int *)src; - out = (unsigned int *)dst; - tiv = (unsigned int *)iv; - - serpent_decrypt((SerpentContext *)context, in, out); - out[0] ^= tiv[0]; - out[1] ^= tiv[1]; - out[2] ^= tiv[2]; - out[3] ^= tiv[3]; - in += 4; - out += 4; - - for (i = 16; i < len; i += 16) { - serpent_decrypt((SerpentContext *)context, in, out); - out[0] ^= in[0 - 4]; - out[1] ^= in[1 - 4]; - out[2] ^= in[2 - 4]; - out[3] ^= in[3 - 4]; - in += 4; - out += 4; - } - - return 1; -} - -#endif diff --git a/lib/silccrypt/serpent_internal.h b/lib/silccrypt/serpent_internal.h deleted file mode 100644 index c777ed01..00000000 --- a/lib/silccrypt/serpent_internal.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - - serpent_internal.h - - Author: Pekka Riikonen - - Copyright (C) 1997 - 2000 Pekka Riikonen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -*/ - -#ifndef SERPENT_INTERNAL_H -#define SERPENT_INTERNAL_H - -/* Cipher's context */ -typedef struct { - u4byte l_key[140]; -} SerpentContext; - -/* Prototypes */ -u4byte *serpent_set_key(SerpentContext *ctx, - const u4byte in_key[], const u4byte key_len); -void serpent_encrypt(SerpentContext *ctx, - const u4byte in_blk[4], u4byte out_blk[]); -void serpent_decrypt(SerpentContext *ctx, - const u4byte in_blk[4], u4byte out_blk[4]); - -#endif -- 2.43.0