+++ /dev/null
-/* Modified for SILC. -Pekka */\r
-\r
-/* This is an independent implementation of the encryption algorithm: */\r
-/* */\r
-/* LOKI97 by Brown and Pieprzyk */\r
-/* */\r
-/* which is a candidate algorithm in the Advanced Encryption Standard */\r
-/* programme of the US National Institute of Standards and Technology. */\r
-/* */\r
-/* Copyright in this implementation is held by Dr B R Gladman but I */\r
-/* hereby give permission for its free direct or derivative use subject */\r
-/* to acknowledgment of its origin and compliance with any conditions */\r
-/* that the originators of the algorithm place on its exploitation. */\r
-/* */\r
-/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */\r
-\r
-/* Timing data for LOKI97 (loki.c)\r
-\r
-Core timing without I/O endian conversion:\r
-\r
-128 bit key:\r
-Key Setup: 7430 cycles\r
-Encrypt: 2134 cycles = 12.0 mbits/sec\r
-Decrypt: 2192 cycles = 11.7 mbits/sec\r
-Mean: 2163 cycles = 11.8 mbits/sec\r
-\r
-192 bit key:\r
-Key Setup: 7303 cycles\r
-Encrypt: 2138 cycles = 12.0 mbits/sec\r
-Decrypt: 2189 cycles = 11.7 mbits/sec\r
-Mean: 2164 cycles = 11.8 mbits/sec\r
-\r
-256 bit key:\r
-Key Setup: 7166 cycles\r
-Encrypt: 2131 cycles = 12.0 mbits/sec\r
-Decrypt: 2184 cycles = 11.7 mbits/sec\r
-Mean: 2158 cycles = 11.9 mbits/sec\r
-\r
-Full timing with I/O endian conversion:\r
-\r
-128 bit key:\r
-Key Setup: 7582 cycles\r
-Encrypt: 2174 cycles = 11.8 mbits/sec\r
-Decrypt: 2235 cycles = 11.5 mbits/sec\r
-Mean: 2205 cycles = 11.6 mbits/sec\r
-\r
-192 bit key:\r
-Key Setup: 7477 cycles\r
-Encrypt: 2167 cycles = 11.8 mbits/sec\r
-Decrypt: 2223 cycles = 11.5 mbits/sec\r
-Mean: 2195 cycles = 11.7 mbits/sec\r
-\r
-256 bit key:\r
-Key Setup: 7365 cycles\r
-Encrypt: 2177 cycles = 11.8 mbits/sec\r
-Decrypt: 2194 cycles = 11.7 mbits/sec\r
-Mean: 2186 cycles = 11.7 mbits/sec\r
-\r
-*/\r
-\r
-#include <stdio.h>\r
-#include <sys/types.h>\r
-#include "loki_internal.h"\r
-\r
-#define S1_SIZE 13\r
-#define S1_LEN (1 << S1_SIZE)\r
-#define S1_MASK (S1_LEN - 1)\r
-#define S1_HMASK (S1_MASK & ~0xff)\r
-#define S1_POLY 0x2911\r
-\r
-#define S2_SIZE 11\r
-#define S2_LEN (1 << S2_SIZE)\r
-#define S2_MASK (S2_LEN - 1)\r
-#define S2_HMASK (S2_MASK & ~0xff)\r
-#define S2_POLY 0x0aa7\r
-\r
-#define io_swap(x) ((x))\r
-\r
-u4byte delta[2] = { 0x7f4a7c15, 0x9e3779b9 };\r
-\r
-u1byte sb1[S1_LEN]; // GF(2^11) S box\r
-u1byte sb2[S2_LEN]; // GF(2^11) S box\r
-u4byte prm[256][2];\r
-u4byte init_done = 0;\r
-\r
-#define add_eq(x,y) (x)[1] += (y)[1] + (((x)[0] += (y)[0]) < (y)[0] ? 1 : x)\r
-#define sub_eq(x,y) xs = (x)[0]; (x)[1] -= (y)[1] + (((x)[0] -= (y)[0]) > xs ? 1 : 0) \r
-\r
-u4byte ff_mult(u4byte a, u4byte b, u4byte tpow, u4byte mpol)\r
-{ u4byte r, s, m;\r
-\r
- r = s = 0; m = (1 << tpow); \r
-\r
- while(b)\r
- {\r
- if(b & 1)\r
- \r
- s ^= a;\r
- \r
- b >>= 1; a <<= 1;\r
- \r
- if(a & m)\r
- \r
- a ^= mpol;\r
- }\r
-\r
- return s;\r
-};\r
-\r
-void init_tables(void)\r
-{ u4byte i, j, v;\r
-\r
- // initialise S box 1\r
-\r
- for(i = 0; i < S1_LEN; ++i)\r
- {\r
- j = v = i ^ S1_MASK; v = ff_mult(v, j, S1_SIZE, S1_POLY);\r
- sb1[i] = (u1byte)ff_mult(v, j, S1_SIZE, S1_POLY);\r
- } \r
- // initialise S box 2\r
-\r
- for(i = 0; i < S2_LEN; ++i)\r
- {\r
- j = v = i ^ S2_MASK; v = ff_mult(v, j, S2_SIZE, S2_POLY);\r
- sb2[i] = (u1byte)ff_mult(v, j, S2_SIZE, S2_POLY);\r
- }\r
-\r
- // initialise permutation table\r
-\r
- for(i = 0; i < 256; ++i)\r
- {\r
- prm[i][0] = ((i & 1) << 7) | ((i & 2) << 14) | ((i & 4) << 21) | ((i & 8) << 28);\r
- prm[i][1] = ((i & 16) << 3) | ((i & 32) << 10) | ((i & 64) << 17) | ((i & 128) << 24);\r
- }\r
-};\r
-\r
-void f_fun(u4byte res[2], const u4byte in[2], const u4byte key[2])\r
-{ u4byte i, tt[2], pp[2];\r
-\r
- tt[0] = (in[0] & ~key[0]) | (in[1] & key[0]);\r
- tt[1] = (in[1] & ~key[0]) | (in[0] & key[0]);\r
-\r
- i = sb1[((tt[1] >> 24) | (tt[0] << 8)) & S1_MASK];\r
- pp[0] = prm[i][0] >> 7; pp[1] = prm[i][1] >> 7;\r
- i = sb2[(tt[1] >> 16) & S2_MASK];\r
- pp[0] |= prm[i][0] >> 6; pp[1] |= prm[i][1] >> 6;\r
- i = sb1[(tt[1] >> 8) & S1_MASK];\r
- pp[0] |= prm[i][0] >> 5; pp[1] |= prm[i][1] >> 5;\r
- i = sb2[tt[1] & S2_MASK]; \r
- pp[0] |= prm[i][0] >> 4; pp[1] |= prm[i][1] >> 4;\r
- i = sb2[((tt[0] >> 24) | (tt[1] << 8)) & S2_MASK];\r
- pp[0] |= prm[i][0] >> 3; pp[1] |= prm[i][1] >> 3;\r
- i = sb1[(tt[0] >> 16) & S1_MASK]; \r
- pp[0] |= prm[i][0] >> 2; pp[1] |= prm[i][1] >> 2;\r
- i = sb2[(tt[0] >> 8) & S2_MASK]; \r
- pp[0] |= prm[i][0] >> 1; pp[1] |= prm[i][1] >> 1;\r
- i = sb1[tt[0] & S1_MASK]; \r
- pp[0] |= prm[i][0]; pp[1] |= prm[i][1];\r
-\r
- res[0] ^= sb1[byte(pp[0], 0) | (key[1] << 8) & S1_HMASK]\r
- | (sb1[byte(pp[0], 1) | (key[1] << 3) & S1_HMASK] << 8)\r
- | (sb2[byte(pp[0], 2) | (key[1] >> 2) & S2_HMASK] << 16)\r
- | (sb2[byte(pp[0], 3) | (key[1] >> 5) & S2_HMASK] << 24);\r
- res[1] ^= sb1[byte(pp[1], 0) | (key[1] >> 8) & S1_HMASK]\r
- | (sb1[byte(pp[1], 1) | (key[1] >> 13) & S1_HMASK] << 8)\r
- | (sb2[byte(pp[1], 2) | (key[1] >> 18) & S2_HMASK] << 16)\r
- | (sb2[byte(pp[1], 3) | (key[1] >> 21) & S2_HMASK] << 24);\r
-};\r
-\r
-u4byte *loki_set_key(LokiContext *ctx,\r
- const u4byte in_key[], const u4byte key_len)\r
-{ \r
- u4byte i, k1[2], k2[2], k3[2], k4[2], del[2], tt[2], sk[2];\r
- u4byte *l_key = ctx->l_key;\r
-\r
- if(!init_done)\r
- {\r
- init_tables(); init_done = 1;\r
- }\r
-\r
- k4[0] = io_swap(in_key[1]); k4[1] = io_swap(in_key[0]);\r
- k3[0] = io_swap(in_key[3]); k3[1] = io_swap(in_key[2]);\r
-\r
- switch ((key_len + 63) / 64)\r
- {\r
- case 2:\r
- k2[0] = 0; k2[1] = 0; f_fun(k2, k3, k4);\r
- k1[0] = 0; k1[1] = 0; f_fun(k1, k4, k3);\r
- break;\r
- case 3:\r
- k2[0] = io_swap(in_key[5]); k2[1] = io_swap(in_key[4]);\r
- k1[0] = 0; k1[1] = 0; f_fun(k1, k4, k3);\r
- break;\r
- case 4: \r
- k2[0] = in_key[5]; k2[1] = in_key[4];\r
- k1[0] = in_key[7]; k1[1] = in_key[6];\r
- k2[0] = io_swap(in_key[5]); k2[1] = io_swap(in_key[4]);\r
- k1[0] = io_swap(in_key[7]); k1[1] = io_swap(in_key[6]);\r
- }\r
-\r
- del[0] = delta[0]; del[1] = delta[1];\r
-\r
- for(i = 0; i < 48; ++i)\r
- {\r
- tt[0] = k1[0]; tt[1] = k1[1]; \r
- add_eq(tt, k3); add_eq(tt, del); add_eq(del, delta);\r
- sk[0] = k4[0]; sk[1] = k4[1];\r
- k4[0] = k3[0]; k4[1] = k3[1];\r
- k3[0] = k2[0]; k3[1] = k2[1];\r
- k2[0] = k1[0]; k2[1] = k1[1];\r
- k1[0] = sk[0]; k1[1] = sk[1];\r
- f_fun(k1, tt, k3);\r
- l_key[i + i] = k1[0]; l_key[i + i + 1] = k1[1];\r
- }\r
-\r
- return l_key;\r
-};\r
-\r
-#define r_fun(l,r,k) \\r
- add_eq((l),(k)); \\r
- f_fun((r),(l),(k) + 2); \\r
- add_eq((l), (k) + 4)\r
-\r
-void loki_encrypt(LokiContext *ctx,\r
- const u4byte in_blk[4], u4byte out_blk[4])\r
-{ \r
- u4byte blk[4];\r
- u4byte *l_key = ctx->l_key;\r
-\r
- blk[3] = io_swap(in_blk[0]); blk[2] = io_swap(in_blk[1]);\r
- blk[1] = io_swap(in_blk[2]); blk[0] = io_swap(in_blk[3]);\r
-\r
- r_fun(blk, blk + 2, l_key + 0);\r
- r_fun(blk + 2, blk, l_key + 6);\r
- r_fun(blk, blk + 2, l_key + 12);\r
- r_fun(blk + 2, blk, l_key + 18);\r
- r_fun(blk, blk + 2, l_key + 24);\r
- r_fun(blk + 2, blk, l_key + 30);\r
- r_fun(blk, blk + 2, l_key + 36);\r
- r_fun(blk + 2, blk, l_key + 42);\r
- r_fun(blk, blk + 2, l_key + 48);\r
- r_fun(blk + 2, blk, l_key + 54);\r
- r_fun(blk, blk + 2, l_key + 60);\r
- r_fun(blk + 2, blk, l_key + 66);\r
- r_fun(blk, blk + 2, l_key + 72);\r
- r_fun(blk + 2, blk, l_key + 78);\r
- r_fun(blk, blk + 2, l_key + 84);\r
- r_fun(blk + 2, blk, l_key + 90);\r
-\r
- out_blk[3] = io_swap(blk[2]); out_blk[2] = io_swap(blk[3]);\r
- out_blk[1] = io_swap(blk[0]); out_blk[0] = io_swap(blk[1]);\r
-};\r
-\r
-#define ir_fun(l,r,k) \\r
- sub_eq((l),(k) + 4); \\r
- f_fun((r),(l),(k) + 2); \\r
- sub_eq((l),(k))\r
-\r
-void loki_decrypt(LokiContext *ctx,\r
- const u4byte in_blk[4], u4byte out_blk[4])\r
-{ \r
- u4byte blk[4], xs;\r
- u4byte *l_key = ctx->l_key;\r
-\r
- blk[3] = io_swap(in_blk[0]); blk[2] = io_swap(in_blk[1]);\r
- blk[1] = io_swap(in_blk[2]); blk[0] = io_swap(in_blk[3]);\r
-\r
- ir_fun(blk, blk + 2, l_key + 90); \r
- ir_fun(blk + 2, blk, l_key + 84);\r
- ir_fun(blk, blk + 2, l_key + 78); \r
- ir_fun(blk + 2, blk, l_key + 72);\r
- ir_fun(blk, blk + 2, l_key + 66); \r
- ir_fun(blk + 2, blk, l_key + 60);\r
- ir_fun(blk, blk + 2, l_key + 54); \r
- ir_fun(blk + 2, blk, l_key + 48);\r
- ir_fun(blk, blk + 2, l_key + 42); \r
- ir_fun(blk + 2, blk, l_key + 36);\r
- ir_fun(blk, blk + 2, l_key + 30); \r
- ir_fun(blk + 2, blk, l_key + 24);\r
- ir_fun(blk, blk + 2, l_key + 18); \r
- ir_fun(blk + 2, blk, l_key + 12);\r
- ir_fun(blk, blk + 2, l_key + 6); \r
- ir_fun(blk + 2, blk, l_key);\r
-\r
- out_blk[3] = io_swap(blk[2]); out_blk[2] = io_swap(blk[3]);\r
- out_blk[1] = io_swap(blk[0]); out_blk[0] = io_swap(blk[1]); \r
-};\r
projects / silc.git / blobdiff