search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
maxtweak added to block
[rofl0r-kripto.git] / lib / block / anubis.c
blob36d5a1ecb007509bb306a0c14bc4ae9c47be2e49
1 /*
2 * Written in 2011 by Gregor Pintar <grpintar@gmail.com>
3 *
4 * To the extent possible under law, the author(s) have dedicated
5 * all copyright and related and neighboring rights to this software
6 * to the public domain worldwide.
7 *
8 * This software is distributed without any warranty.
9 *
10 * You should have received a copy of the CC0 Public Domain Dedication.
11 * If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
12 */
13
14 /*
15 * Anubis tweak implementation derived from Paulo S.L.M. Barreto
16 * and Vincent Rijmen public domain source.
17 */
18
19 #include <stdint.h>
20 #include <stdlib.h>
21
22 #include <kripto/cast.h>
23 #include <kripto/loadstore.h>
24 #include <kripto/memwipe.h>
25 #include <kripto/block.h>
26 #include <kripto/desc/block.h>
27 #include <kripto/object/block.h>
28
29 #include <kripto/block/anubis.h>
30
31 struct kripto_block
32 {
33 struct kripto_block_object obj;
34 unsigned int rounds;
35 size_t size;
36 uint32_t *k;
37 uint32_t *dk;
38 };
39
40 static const uint32_t s0[256] =
41 {
42 0xBA69D2BB, 0x54A84DE5, 0x2F5EBCE2, 0x74E8CD25,
43 0x53A651F7, 0xD3BB6BD0, 0xD2B96FD6, 0x4D9A29B3,
44 0x50A05DFD, 0xAC458ACF, 0x8D070E09, 0xBF63C6A5,
45 0x70E0DD3D, 0x52A455F1, 0x9A29527B, 0x4C982DB5,
46 0xEAC98F46, 0xD5B773C4, 0x97336655, 0xD1BF63DC,
47 0x3366CCAA, 0x51A259FB, 0x5BB671C7, 0xA651A2F3,
48 0xDEA15FFE, 0x48903DAD, 0xA84D9AD7, 0x992F5E71,
49 0xDBAB4BE0, 0x3264C8AC, 0xB773E695, 0xFCE5D732,
50 0xE3DBAB70, 0x9E214263, 0x913F7E41, 0x9B2B567D,
51 0xE2D9AF76, 0xBB6BD6BD, 0x4182199B, 0x6EDCA579,
52 0xA557AEF9, 0xCB8B0B80, 0x6BD6B167, 0x95376E59,
53 0xA15FBEE1, 0xF3FBEB10, 0xB17FFE81, 0x0204080C,
54 0xCC851792, 0xC49537A2, 0x1D3A744E, 0x14285078,
55 0xC39B2BB0, 0x63C69157, 0xDAA94FE6, 0x5DBA69D3,
56 0x5FBE61DF, 0xDCA557F2, 0x7DFAE913, 0xCD871394,
57 0x7FFEE11F, 0x5AB475C1, 0x6CD8AD75, 0x5CB86DD5,
58 0xF7F3FB08, 0x264C98D4, 0xFFE3DB38, 0xEDC79354,
59 0xE8CD874A, 0x9D274E69, 0x6FDEA17F, 0x8E010203,
60 0x19326456, 0xA05DBAE7, 0xF0FDE71A, 0x890F1E11,
61 0x0F1E3C22, 0x070E1C12, 0xAF4386C5, 0xFBEBCB20,
62 0x08102030, 0x152A547E, 0x0D1A342E, 0x04081018,
63 0x01020406, 0x64C88D45, 0xDFA35BF8, 0x76ECC529,
64 0x79F2F90B, 0xDDA753F4, 0x3D7AF48E, 0x162C5874,
65 0x3F7EFC82, 0x376EDCB2, 0x6DDAA973, 0x3870E090,
66 0xB96FDEB1, 0x73E6D137, 0xE9CF834C, 0x356AD4BE,
67 0x55AA49E3, 0x71E2D93B, 0x7BF6F107, 0x8C050A0F,
68 0x72E4D531, 0x880D1A17, 0xF6F1FF0E, 0x2A54A8FC,
69 0x3E7CF884, 0x5EBC65D9, 0x274E9CD2, 0x468C0589,
70 0x0C183028, 0x65CA8943, 0x68D0BD6D, 0x61C2995B,
71 0x03060C0A, 0xC19F23BC, 0x57AE41EF, 0xD6B17FCE,
72 0xD9AF43EC, 0x58B07DCD, 0xD8AD47EA, 0x66CC8549,
73 0xD7B37BC8, 0x3A74E89C, 0xC88D078A, 0x3C78F088,
74 0xFAE9CF26, 0x96316253, 0xA753A6F5, 0x982D5A77,
75 0xECC59752, 0xB86DDAB7, 0xC7933BA8, 0xAE4182C3,
76 0x69D2B96B, 0x4B9631A7, 0xAB4B96DD, 0xA94F9ED1,
77 0x67CE814F, 0x0A14283C, 0x478E018F, 0xF2F9EF16,
78 0xB577EE99, 0x224488CC, 0xE5D7B364, 0xEEC19F5E,
79 0xBE61C2A3, 0x2B56ACFA, 0x811F3E21, 0x1224486C,
80 0x831B362D, 0x1B366C5A, 0x0E1C3824, 0x23468CCA,
81 0xF5F7F304, 0x458A0983, 0x214284C6, 0xCE811F9E,
82 0x499239AB, 0x2C58B0E8, 0xF9EFC32C, 0xE6D1BF6E,
83 0xB671E293, 0x2850A0F0, 0x172E5C72, 0x8219322B,
84 0x1A34685C, 0x8B0B161D, 0xFEE1DF3E, 0x8A09121B,
85 0x09122436, 0xC98F038C, 0x87132635, 0x4E9C25B9,
86 0xE1DFA37C, 0x2E5CB8E4, 0xE4D5B762, 0xE0DDA77A,
87 0xEBCB8B40, 0x903D7A47, 0xA455AAFF, 0x1E3C7844,
88 0x85172E39, 0x60C09D5D, 0x00000000, 0x254A94DE,
89 0xF4F5F702, 0xF1FFE31C, 0x94356A5F, 0x0B162C3A,
90 0xE7D3BB68, 0x75EAC923, 0xEFC39B58, 0x3468D0B8,
91 0x3162C4A6, 0xD4B577C2, 0xD0BD67DA, 0x86112233,
92 0x7EFCE519, 0xAD478EC9, 0xFDE7D334, 0x2952A4F6,
93 0x3060C0A0, 0x3B76EC9A, 0x9F234665, 0xF8EDC72A,
94 0xC6913FAE, 0x13264C6A, 0x060C1814, 0x050A141E,
95 0xC59733A4, 0x11224466, 0x77EEC12F, 0x7CF8ED15,
96 0x7AF4F501, 0x78F0FD0D, 0x366CD8B4, 0x1C387048,
97 0x3972E496, 0x59B279CB, 0x18306050, 0x56AC45E9,
98 0xB37BF68D, 0xB07DFA87, 0x244890D8, 0x204080C0,
99 0xB279F28B, 0x9239724B, 0xA35BB6ED, 0xC09D27BA,
100 0x44880D85, 0x62C49551, 0x10204060, 0xB475EA9F,
101 0x84152A3F, 0x43861197, 0x933B764D, 0xC2992FB6,
102 0x4A9435A1, 0xBD67CEA9, 0x8F030605, 0x2D5AB4EE,
103 0xBC65CAAF, 0x9C254A6F, 0x6AD4B561, 0x40801D9D,
104 0xCF831B98, 0xA259B2EB, 0x801D3A27, 0x4F9E21BF,
105 0x1F3E7C42, 0xCA890F86, 0xAA4992DB, 0x42841591
106 };
107
108 static const uint32_t s1[256] =
109 {
110 0x69BABBD2, 0xA854E54D, 0x5E2FE2BC, 0xE87425CD,
111 0xA653F751, 0xBBD3D06B, 0xB9D2D66F, 0x9A4DB329,
112 0xA050FD5D, 0x45ACCF8A, 0x078D090E, 0x63BFA5C6,
113 0xE0703DDD, 0xA452F155, 0x299A7B52, 0x984CB52D,
114 0xC9EA468F, 0xB7D5C473, 0x33975566, 0xBFD1DC63,
115 0x6633AACC, 0xA251FB59, 0xB65BC771, 0x51A6F3A2,
116 0xA1DEFE5F, 0x9048AD3D, 0x4DA8D79A, 0x2F99715E,
117 0xABDBE04B, 0x6432ACC8, 0x73B795E6, 0xE5FC32D7,
118 0xDBE370AB, 0x219E6342, 0x3F91417E, 0x2B9B7D56,
119 0xD9E276AF, 0x6BBBBDD6, 0x82419B19, 0xDC6E79A5,
120 0x57A5F9AE, 0x8BCB800B, 0xD66B67B1, 0x3795596E,
121 0x5FA1E1BE, 0xFBF310EB, 0x7FB181FE, 0x04020C08,
122 0x85CC9217, 0x95C4A237, 0x3A1D4E74, 0x28147850,
123 0x9BC3B02B, 0xC6635791, 0xA9DAE64F, 0xBA5DD369,
124 0xBE5FDF61, 0xA5DCF257, 0xFA7D13E9, 0x87CD9413,
125 0xFE7F1FE1, 0xB45AC175, 0xD86C75AD, 0xB85CD56D,
126 0xF3F708FB, 0x4C26D498, 0xE3FF38DB, 0xC7ED5493,
127 0xCDE84A87, 0x279D694E, 0xDE6F7FA1, 0x018E0302,
128 0x32195664, 0x5DA0E7BA, 0xFDF01AE7, 0x0F89111E,
129 0x1E0F223C, 0x0E07121C, 0x43AFC586, 0xEBFB20CB,
130 0x10083020, 0x2A157E54, 0x1A0D2E34, 0x08041810,
131 0x02010604, 0xC864458D, 0xA3DFF85B, 0xEC7629C5,
132 0xF2790BF9, 0xA7DDF453, 0x7A3D8EF4, 0x2C167458,
133 0x7E3F82FC, 0x6E37B2DC, 0xDA6D73A9, 0x703890E0,
134 0x6FB9B1DE, 0xE67337D1, 0xCFE94C83, 0x6A35BED4,
135 0xAA55E349, 0xE2713BD9, 0xF67B07F1, 0x058C0F0A,
136 0xE47231D5, 0x0D88171A, 0xF1F60EFF, 0x542AFCA8,
137 0x7C3E84F8, 0xBC5ED965, 0x4E27D29C, 0x8C468905,
138 0x180C2830, 0xCA654389, 0xD0686DBD, 0xC2615B99,
139 0x06030A0C, 0x9FC1BC23, 0xAE57EF41, 0xB1D6CE7F,
140 0xAFD9EC43, 0xB058CD7D, 0xADD8EA47, 0xCC664985,
141 0xB3D7C87B, 0x743A9CE8, 0x8DC88A07, 0x783C88F0,
142 0xE9FA26CF, 0x31965362, 0x53A7F5A6, 0x2D98775A,
143 0xC5EC5297, 0x6DB8B7DA, 0x93C7A83B, 0x41AEC382,
144 0xD2696BB9, 0x964BA731, 0x4BABDD96, 0x4FA9D19E,
145 0xCE674F81, 0x140A3C28, 0x8E478F01, 0xF9F216EF,
146 0x77B599EE, 0x4422CC88, 0xD7E564B3, 0xC1EE5E9F,
147 0x61BEA3C2, 0x562BFAAC, 0x1F81213E, 0x24126C48,
148 0x1B832D36, 0x361B5A6C, 0x1C0E2438, 0x4623CA8C,
149 0xF7F504F3, 0x8A458309, 0x4221C684, 0x81CE9E1F,
150 0x9249AB39, 0x582CE8B0, 0xEFF92CC3, 0xD1E66EBF,
151 0x71B693E2, 0x5028F0A0, 0x2E17725C, 0x19822B32,
152 0x341A5C68, 0x0B8B1D16, 0xE1FE3EDF, 0x098A1B12,
153 0x12093624, 0x8FC98C03, 0x13873526, 0x9C4EB925,
154 0xDFE17CA3, 0x5C2EE4B8, 0xD5E462B7, 0xDDE07AA7,
155 0xCBEB408B, 0x3D90477A, 0x55A4FFAA, 0x3C1E4478,
156 0x1785392E, 0xC0605D9D, 0x00000000, 0x4A25DE94,
157 0xF5F402F7, 0xFFF11CE3, 0x35945F6A, 0x160B3A2C,
158 0xD3E768BB, 0xEA7523C9, 0xC3EF589B, 0x6834B8D0,
159 0x6231A6C4, 0xB5D4C277, 0xBDD0DA67, 0x11863322,
160 0xFC7E19E5, 0x47ADC98E, 0xE7FD34D3, 0x5229F6A4,
161 0x6030A0C0, 0x763B9AEC, 0x239F6546, 0xEDF82AC7,
162 0x91C6AE3F, 0x26136A4C, 0x0C061418, 0x0A051E14,
163 0x97C5A433, 0x22116644, 0xEE772FC1, 0xF87C15ED,
164 0xF47A01F5, 0xF0780DFD, 0x6C36B4D8, 0x381C4870,
165 0x723996E4, 0xB259CB79, 0x30185060, 0xAC56E945,
166 0x7BB38DF6, 0x7DB087FA, 0x4824D890, 0x4020C080,
167 0x79B28BF2, 0x39924B72, 0x5BA3EDB6, 0x9DC0BA27,
168 0x8844850D, 0xC4625195, 0x20106040, 0x75B49FEA,
169 0x15843F2A, 0x86439711, 0x3B934D76, 0x99C2B62F,
170 0x944AA135, 0x67BDA9CE, 0x038F0506, 0x5A2DEEB4,
171 0x65BCAFCA, 0x259C6F4A, 0xD46A61B5, 0x80409D1D,
172 0x83CF981B, 0x59A2EBB2, 0x1D80273A, 0x9E4FBF21,
173 0x3E1F427C, 0x89CA860F, 0x49AADB92, 0x84429115
174 };
175
176 static const uint32_t s2[256] =
177 {
178 0xD2BBBA69, 0x4DE554A8, 0xBCE22F5E, 0xCD2574E8,
179 0x51F753A6, 0x6BD0D3BB, 0x6FD6D2B9, 0x29B34D9A,
180 0x5DFD50A0, 0x8ACFAC45, 0x0E098D07, 0xC6A5BF63,
181 0xDD3D70E0, 0x55F152A4, 0x527B9A29, 0x2DB54C98,
182 0x8F46EAC9, 0x73C4D5B7, 0x66559733, 0x63DCD1BF,
183 0xCCAA3366, 0x59FB51A2, 0x71C75BB6, 0xA2F3A651,
184 0x5FFEDEA1, 0x3DAD4890, 0x9AD7A84D, 0x5E71992F,
185 0x4BE0DBAB, 0xC8AC3264, 0xE695B773, 0xD732FCE5,
186 0xAB70E3DB, 0x42639E21, 0x7E41913F, 0x567D9B2B,
187 0xAF76E2D9, 0xD6BDBB6B, 0x199B4182, 0xA5796EDC,
188 0xAEF9A557, 0x0B80CB8B, 0xB1676BD6, 0x6E599537,
189 0xBEE1A15F, 0xEB10F3FB, 0xFE81B17F, 0x080C0204,
190 0x1792CC85, 0x37A2C495, 0x744E1D3A, 0x50781428,
191 0x2BB0C39B, 0x915763C6, 0x4FE6DAA9, 0x69D35DBA,
192 0x61DF5FBE, 0x57F2DCA5, 0xE9137DFA, 0x1394CD87,
193 0xE11F7FFE, 0x75C15AB4, 0xAD756CD8, 0x6DD55CB8,
194 0xFB08F7F3, 0x98D4264C, 0xDB38FFE3, 0x9354EDC7,
195 0x874AE8CD, 0x4E699D27, 0xA17F6FDE, 0x02038E01,
196 0x64561932, 0xBAE7A05D, 0xE71AF0FD, 0x1E11890F,
197 0x3C220F1E, 0x1C12070E, 0x86C5AF43, 0xCB20FBEB,
198 0x20300810, 0x547E152A, 0x342E0D1A, 0x10180408,
199 0x04060102, 0x8D4564C8, 0x5BF8DFA3, 0xC52976EC,
200 0xF90B79F2, 0x53F4DDA7, 0xF48E3D7A, 0x5874162C,
201 0xFC823F7E, 0xDCB2376E, 0xA9736DDA, 0xE0903870,
202 0xDEB1B96F, 0xD13773E6, 0x834CE9CF, 0xD4BE356A,
203 0x49E355AA, 0xD93B71E2, 0xF1077BF6, 0x0A0F8C05,
204 0xD53172E4, 0x1A17880D, 0xFF0EF6F1, 0xA8FC2A54,
205 0xF8843E7C, 0x65D95EBC, 0x9CD2274E, 0x0589468C,
206 0x30280C18, 0x894365CA, 0xBD6D68D0, 0x995B61C2,
207 0x0C0A0306, 0x23BCC19F, 0x41EF57AE, 0x7FCED6B1,
208 0x43ECD9AF, 0x7DCD58B0, 0x47EAD8AD, 0x854966CC,
209 0x7BC8D7B3, 0xE89C3A74, 0x078AC88D, 0xF0883C78,
210 0xCF26FAE9, 0x62539631, 0xA6F5A753, 0x5A77982D,
211 0x9752ECC5, 0xDAB7B86D, 0x3BA8C793, 0x82C3AE41,
212 0xB96B69D2, 0x31A74B96, 0x96DDAB4B, 0x9ED1A94F,
213 0x814F67CE, 0x283C0A14, 0x018F478E, 0xEF16F2F9,
214 0xEE99B577, 0x88CC2244, 0xB364E5D7, 0x9F5EEEC1,
215 0xC2A3BE61, 0xACFA2B56, 0x3E21811F, 0x486C1224,
216 0x362D831B, 0x6C5A1B36, 0x38240E1C, 0x8CCA2346,
217 0xF304F5F7, 0x0983458A, 0x84C62142, 0x1F9ECE81,
218 0x39AB4992, 0xB0E82C58, 0xC32CF9EF, 0xBF6EE6D1,
219 0xE293B671, 0xA0F02850, 0x5C72172E, 0x322B8219,
220 0x685C1A34, 0x161D8B0B, 0xDF3EFEE1, 0x121B8A09,
221 0x24360912, 0x038CC98F, 0x26358713, 0x25B94E9C,
222 0xA37CE1DF, 0xB8E42E5C, 0xB762E4D5, 0xA77AE0DD,
223 0x8B40EBCB, 0x7A47903D, 0xAAFFA455, 0x78441E3C,
224 0x2E398517, 0x9D5D60C0, 0x00000000, 0x94DE254A,
225 0xF702F4F5, 0xE31CF1FF, 0x6A5F9435, 0x2C3A0B16,
226 0xBB68E7D3, 0xC92375EA, 0x9B58EFC3, 0xD0B83468,
227 0xC4A63162, 0x77C2D4B5, 0x67DAD0BD, 0x22338611,
228 0xE5197EFC, 0x8EC9AD47, 0xD334FDE7, 0xA4F62952,
229 0xC0A03060, 0xEC9A3B76, 0x46659F23, 0xC72AF8ED,
230 0x3FAEC691, 0x4C6A1326, 0x1814060C, 0x141E050A,
231 0x33A4C597, 0x44661122, 0xC12F77EE, 0xED157CF8,
232 0xF5017AF4, 0xFD0D78F0, 0xD8B4366C, 0x70481C38,
233 0xE4963972, 0x79CB59B2, 0x60501830, 0x45E956AC,
234 0xF68DB37B, 0xFA87B07D, 0x90D82448, 0x80C02040,
235 0xF28BB279, 0x724B9239, 0xB6EDA35B, 0x27BAC09D,
236 0x0D854488, 0x955162C4, 0x40601020, 0xEA9FB475,
237 0x2A3F8415, 0x11974386, 0x764D933B, 0x2FB6C299,
238 0x35A14A94, 0xCEA9BD67, 0x06058F03, 0xB4EE2D5A,
239 0xCAAFBC65, 0x4A6F9C25, 0xB5616AD4, 0x1D9D4080,
240 0x1B98CF83, 0xB2EBA259, 0x3A27801D, 0x21BF4F9E,
241 0x7C421F3E, 0x0F86CA89, 0x92DBAA49, 0x15914284
242 };
243
244 static const uint32_t s3[256] =
245 {
246 0xBBD269BA, 0xE54DA854, 0xE2BC5E2F, 0x25CDE874,
247 0xF751A653, 0xD06BBBD3, 0xD66FB9D2, 0xB3299A4D,
248 0xFD5DA050, 0xCF8A45AC, 0x090E078D, 0xA5C663BF,
249 0x3DDDE070, 0xF155A452, 0x7B52299A, 0xB52D984C,
250 0x468FC9EA, 0xC473B7D5, 0x55663397, 0xDC63BFD1,
251 0xAACC6633, 0xFB59A251, 0xC771B65B, 0xF3A251A6,
252 0xFE5FA1DE, 0xAD3D9048, 0xD79A4DA8, 0x715E2F99,
253 0xE04BABDB, 0xACC86432, 0x95E673B7, 0x32D7E5FC,
254 0x70ABDBE3, 0x6342219E, 0x417E3F91, 0x7D562B9B,
255 0x76AFD9E2, 0xBDD66BBB, 0x9B198241, 0x79A5DC6E,
256 0xF9AE57A5, 0x800B8BCB, 0x67B1D66B, 0x596E3795,
257 0xE1BE5FA1, 0x10EBFBF3, 0x81FE7FB1, 0x0C080402,
258 0x921785CC, 0xA23795C4, 0x4E743A1D, 0x78502814,
259 0xB02B9BC3, 0x5791C663, 0xE64FA9DA, 0xD369BA5D,
260 0xDF61BE5F, 0xF257A5DC, 0x13E9FA7D, 0x941387CD,
261 0x1FE1FE7F, 0xC175B45A, 0x75ADD86C, 0xD56DB85C,
262 0x08FBF3F7, 0xD4984C26, 0x38DBE3FF, 0x5493C7ED,
263 0x4A87CDE8, 0x694E279D, 0x7FA1DE6F, 0x0302018E,
264 0x56643219, 0xE7BA5DA0, 0x1AE7FDF0, 0x111E0F89,
265 0x223C1E0F, 0x121C0E07, 0xC58643AF, 0x20CBEBFB,
266 0x30201008, 0x7E542A15, 0x2E341A0D, 0x18100804,
267 0x06040201, 0x458DC864, 0xF85BA3DF, 0x29C5EC76,
268 0x0BF9F279, 0xF453A7DD, 0x8EF47A3D, 0x74582C16,
269 0x82FC7E3F, 0xB2DC6E37, 0x73A9DA6D, 0x90E07038,
270 0xB1DE6FB9, 0x37D1E673, 0x4C83CFE9, 0xBED46A35,
271 0xE349AA55, 0x3BD9E271, 0x07F1F67B, 0x0F0A058C,
272 0x31D5E472, 0x171A0D88, 0x0EFFF1F6, 0xFCA8542A,
273 0x84F87C3E, 0xD965BC5E, 0xD29C4E27, 0x89058C46,
274 0x2830180C, 0x4389CA65, 0x6DBDD068, 0x5B99C261,
275 0x0A0C0603, 0xBC239FC1, 0xEF41AE57, 0xCE7FB1D6,
276 0xEC43AFD9, 0xCD7DB058, 0xEA47ADD8, 0x4985CC66,
277 0xC87BB3D7, 0x9CE8743A, 0x8A078DC8, 0x88F0783C,
278 0x26CFE9FA, 0x53623196, 0xF5A653A7, 0x775A2D98,
279 0x5297C5EC, 0xB7DA6DB8, 0xA83B93C7, 0xC38241AE,
280 0x6BB9D269, 0xA731964B, 0xDD964BAB, 0xD19E4FA9,
281 0x4F81CE67, 0x3C28140A, 0x8F018E47, 0x16EFF9F2,
282 0x99EE77B5, 0xCC884422, 0x64B3D7E5, 0x5E9FC1EE,
283 0xA3C261BE, 0xFAAC562B, 0x213E1F81, 0x6C482412,
284 0x2D361B83, 0x5A6C361B, 0x24381C0E, 0xCA8C4623,
285 0x04F3F7F5, 0x83098A45, 0xC6844221, 0x9E1F81CE,
286 0xAB399249, 0xE8B0582C, 0x2CC3EFF9, 0x6EBFD1E6,
287 0x93E271B6, 0xF0A05028, 0x725C2E17, 0x2B321982,
288 0x5C68341A, 0x1D160B8B, 0x3EDFE1FE, 0x1B12098A,
289 0x36241209, 0x8C038FC9, 0x35261387, 0xB9259C4E,
290 0x7CA3DFE1, 0xE4B85C2E, 0x62B7D5E4, 0x7AA7DDE0,
291 0x408BCBEB, 0x477A3D90, 0xFFAA55A4, 0x44783C1E,
292 0x392E1785, 0x5D9DC060, 0x00000000, 0xDE944A25,
293 0x02F7F5F4, 0x1CE3FFF1, 0x5F6A3594, 0x3A2C160B,
294 0x68BBD3E7, 0x23C9EA75, 0x589BC3EF, 0xB8D06834,
295 0xA6C46231, 0xC277B5D4, 0xDA67BDD0, 0x33221186,
296 0x19E5FC7E, 0xC98E47AD, 0x34D3E7FD, 0xF6A45229,
297 0xA0C06030, 0x9AEC763B, 0x6546239F, 0x2AC7EDF8,
298 0xAE3F91C6, 0x6A4C2613, 0x14180C06, 0x1E140A05,
299 0xA43397C5, 0x66442211, 0x2FC1EE77, 0x15EDF87C,
300 0x01F5F47A, 0x0DFDF078, 0xB4D86C36, 0x4870381C,
301 0x96E47239, 0xCB79B259, 0x50603018, 0xE945AC56,
302 0x8DF67BB3, 0x87FA7DB0, 0xD8904824, 0xC0804020,
303 0x8BF279B2, 0x4B723992, 0xEDB65BA3, 0xBA279DC0,
304 0x850D8844, 0x5195C462, 0x60402010, 0x9FEA75B4,
305 0x3F2A1584, 0x97118643, 0x4D763B93, 0xB62F99C2,
306 0xA135944A, 0xA9CE67BD, 0x0506038F, 0xEEB45A2D,
307 0xAFCA65BC, 0x6F4A259C, 0x61B5D46A, 0x9D1D8040,
308 0x981B83CF, 0xEBB259A2, 0x273A1D80, 0xBF219E4F,
309 0x427C3E1F, 0x860F89CA, 0xDB9249AA, 0x91158442
310 };
311
312 static const uint32_t ks0[256] =
313 {
314 0xBABABABA, 0x54545454, 0x2F2F2F2F, 0x74747474,
315 0x53535353, 0xD3D3D3D3, 0xD2D2D2D2, 0x4D4D4D4D,
316 0x50505050, 0xACACACAC, 0x8D8D8D8D, 0xBFBFBFBF,
317 0x70707070, 0x52525252, 0x9A9A9A9A, 0x4C4C4C4C,
318 0xEAEAEAEA, 0xD5D5D5D5, 0x97979797, 0xD1D1D1D1,
319 0x33333333, 0x51515151, 0x5B5B5B5B, 0xA6A6A6A6,
320 0xDEDEDEDE, 0x48484848, 0xA8A8A8A8, 0x99999999,
321 0xDBDBDBDB, 0x32323232, 0xB7B7B7B7, 0xFCFCFCFC,
322 0xE3E3E3E3, 0x9E9E9E9E, 0x91919191, 0x9B9B9B9B,
323 0xE2E2E2E2, 0xBBBBBBBB, 0x41414141, 0x6E6E6E6E,
324 0xA5A5A5A5, 0xCBCBCBCB, 0x6B6B6B6B, 0x95959595,
325 0xA1A1A1A1, 0xF3F3F3F3, 0xB1B1B1B1, 0x02020202,
326 0xCCCCCCCC, 0xC4C4C4C4, 0x1D1D1D1D, 0x14141414,
327 0xC3C3C3C3, 0x63636363, 0xDADADADA, 0x5D5D5D5D,
328 0x5F5F5F5F, 0xDCDCDCDC, 0x7D7D7D7D, 0xCDCDCDCD,
329 0x7F7F7F7F, 0x5A5A5A5A, 0x6C6C6C6C, 0x5C5C5C5C,
330 0xF7F7F7F7, 0x26262626, 0xFFFFFFFF, 0xEDEDEDED,
331 0xE8E8E8E8, 0x9D9D9D9D, 0x6F6F6F6F, 0x8E8E8E8E,
332 0x19191919, 0xA0A0A0A0, 0xF0F0F0F0, 0x89898989,
333 0x0F0F0F0F, 0x07070707, 0xAFAFAFAF, 0xFBFBFBFB,
334 0x08080808, 0x15151515, 0x0D0D0D0D, 0x04040404,
335 0x01010101, 0x64646464, 0xDFDFDFDF, 0x76767676,
336 0x79797979, 0xDDDDDDDD, 0x3D3D3D3D, 0x16161616,
337 0x3F3F3F3F, 0x37373737, 0x6D6D6D6D, 0x38383838,
338 0xB9B9B9B9, 0x73737373, 0xE9E9E9E9, 0x35353535,
339 0x55555555, 0x71717171, 0x7B7B7B7B, 0x8C8C8C8C,
340 0x72727272, 0x88888888, 0xF6F6F6F6, 0x2A2A2A2A,
341 0x3E3E3E3E, 0x5E5E5E5E, 0x27272727, 0x46464646,
342 0x0C0C0C0C, 0x65656565, 0x68686868, 0x61616161,
343 0x03030303, 0xC1C1C1C1, 0x57575757, 0xD6D6D6D6,
344 0xD9D9D9D9, 0x58585858, 0xD8D8D8D8, 0x66666666,
345 0xD7D7D7D7, 0x3A3A3A3A, 0xC8C8C8C8, 0x3C3C3C3C,
346 0xFAFAFAFA, 0x96969696, 0xA7A7A7A7, 0x98989898,
347 0xECECECEC, 0xB8B8B8B8, 0xC7C7C7C7, 0xAEAEAEAE,
348 0x69696969, 0x4B4B4B4B, 0xABABABAB, 0xA9A9A9A9,
349 0x67676767, 0x0A0A0A0A, 0x47474747, 0xF2F2F2F2,
350 0xB5B5B5B5, 0x22222222, 0xE5E5E5E5, 0xEEEEEEEE,
351 0xBEBEBEBE, 0x2B2B2B2B, 0x81818181, 0x12121212,
352 0x83838383, 0x1B1B1B1B, 0x0E0E0E0E, 0x23232323,
353 0xF5F5F5F5, 0x45454545, 0x21212121, 0xCECECECE,
354 0x49494949, 0x2C2C2C2C, 0xF9F9F9F9, 0xE6E6E6E6,
355 0xB6B6B6B6, 0x28282828, 0x17171717, 0x82828282,
356 0x1A1A1A1A, 0x8B8B8B8B, 0xFEFEFEFE, 0x8A8A8A8A,
357 0x09090909, 0xC9C9C9C9, 0x87878787, 0x4E4E4E4E,
358 0xE1E1E1E1, 0x2E2E2E2E, 0xE4E4E4E4, 0xE0E0E0E0,
359 0xEBEBEBEB, 0x90909090, 0xA4A4A4A4, 0x1E1E1E1E,
360 0x85858585, 0x60606060, 0x00000000, 0x25252525,
361 0xF4F4F4F4, 0xF1F1F1F1, 0x94949494, 0x0B0B0B0B,
362 0xE7E7E7E7, 0x75757575, 0xEFEFEFEF, 0x34343434,
363 0x31313131, 0xD4D4D4D4, 0xD0D0D0D0, 0x86868686,
364 0x7E7E7E7E, 0xADADADAD, 0xFDFDFDFD, 0x29292929,
365 0x30303030, 0x3B3B3B3B, 0x9F9F9F9F, 0xF8F8F8F8,
366 0xC6C6C6C6, 0x13131313, 0x06060606, 0x05050505,
367 0xC5C5C5C5, 0x11111111, 0x77777777, 0x7C7C7C7C,
368 0x7A7A7A7A, 0x78787878, 0x36363636, 0x1C1C1C1C,
369 0x39393939, 0x59595959, 0x18181818, 0x56565656,
370 0xB3B3B3B3, 0xB0B0B0B0, 0x24242424, 0x20202020,
371 0xB2B2B2B2, 0x92929292, 0xA3A3A3A3, 0xC0C0C0C0,
372 0x44444444, 0x62626262, 0x10101010, 0xB4B4B4B4,
373 0x84848484, 0x43434343, 0x93939393, 0xC2C2C2C2,
374 0x4A4A4A4A, 0xBDBDBDBD, 0x8F8F8F8F, 0x2D2D2D2D,
375 0xBCBCBCBC, 0x9C9C9C9C, 0x6A6A6A6A, 0x40404040,
376 0xCFCFCFCF, 0xA2A2A2A2, 0x80808080, 0x4F4F4F4F,
377 0x1F1F1F1F, 0xCACACACA, 0xAAAAAAAA, 0x42424242
378 };
379
380 static const uint8_t ks1[256] =
381 {
382 0x00, 0x02, 0x04, 0x06, 0x08, 0x0A, 0x0C, 0x0E,
383 0x10, 0x12, 0x14, 0x16, 0x18, 0x1A, 0x1C, 0x1E,
384 0x20, 0x22, 0x24, 0x26, 0x28, 0x2A, 0x2C, 0x2E,
385 0x30, 0x32, 0x34, 0x36, 0x38, 0x3A, 0x3C, 0x3E,
386 0x40, 0x42, 0x44, 0x46, 0x48, 0x4A, 0x4C, 0x4E,
387 0x50, 0x52, 0x54, 0x56, 0x58, 0x5A, 0x5C, 0x5E,
388 0x60, 0x62, 0x64, 0x66, 0x68, 0x6A, 0x6C, 0x6E,
389 0x70, 0x72, 0x74, 0x76, 0x78, 0x7A, 0x7C, 0x7E,
390 0x80, 0x82, 0x84, 0x86, 0x88, 0x8A, 0x8C, 0x8E,
391 0x90, 0x92, 0x94, 0x96, 0x98, 0x9A, 0x9C, 0x9E,
392 0xA0, 0xA2, 0xA4, 0xA6, 0xA8, 0xAA, 0xAC, 0xAE,
393 0xB0, 0xB2, 0xB4, 0xB6, 0xB8, 0xBA, 0xBC, 0xBE,
394 0xC0, 0xC2, 0xC4, 0xC6, 0xC8, 0xCA, 0xCC, 0xCE,
395 0xD0, 0xD2, 0xD4, 0xD6, 0xD8, 0xDA, 0xDC, 0xDE,
396 0xE0, 0xE2, 0xE4, 0xE6, 0xE8, 0xEA, 0xEC, 0xEE,
397 0xF0, 0xF2, 0xF4, 0xF6, 0xF8, 0xFA, 0xFC, 0xFE,
398 0x1D, 0x1F, 0x19, 0x1B, 0x15, 0x17, 0x11, 0x13,
399 0x0D, 0x0F, 0x09, 0x0B, 0x05, 0x07, 0x01, 0x03,
400 0x3D, 0x3F, 0x39, 0x3B, 0x35, 0x37, 0x31, 0x33,
401 0x2D, 0x2F, 0x29, 0x2B, 0x25, 0x27, 0x21, 0x23,
402 0x5D, 0x5F, 0x59, 0x5B, 0x55, 0x57, 0x51, 0x53,
403 0x4D, 0x4F, 0x49, 0x4B, 0x45, 0x47, 0x41, 0x43,
404 0x7D, 0x7F, 0x79, 0x7B, 0x75, 0x77, 0x71, 0x73,
405 0x6D, 0x6F, 0x69, 0x6B, 0x65, 0x67, 0x61, 0x63,
406 0x9D, 0x9F, 0x99, 0x9B, 0x95, 0x97, 0x91, 0x93,
407 0x8D, 0x8F, 0x89, 0x8B, 0x85, 0x87, 0x81, 0x83,
408 0xBD, 0xBF, 0xB9, 0xBB, 0xB5, 0xB7, 0xB1, 0xB3,
409 0xAD, 0xAF, 0xA9, 0xAB, 0xA5, 0xA7, 0xA1, 0xA3,
410 0xDD, 0xDF, 0xD9, 0xDB, 0xD5, 0xD7, 0xD1, 0xD3,
411 0xCD, 0xCF, 0xC9, 0xCB, 0xC5, 0xC7, 0xC1, 0xC3,
412 0xFD, 0xFF, 0xF9, 0xFB, 0xF5, 0xF7, 0xF1, 0xF3,
413 0xED, 0xEF, 0xE9, 0xEB, 0xE5, 0xE7, 0xE1, 0xE3
414 };
415
416 static const uint32_t ks2[256] =
417 {
418 0x00, 0x06, 0x0C, 0x0A, 0x18, 0x1E, 0x14, 0x12,
419 0x30, 0x36, 0x3C, 0x3A, 0x28, 0x2E, 0x24, 0x22,
420 0x60, 0x66, 0x6C, 0x6A, 0x78, 0x7E, 0x74, 0x72,
421 0x50, 0x56, 0x5C, 0x5A, 0x48, 0x4E, 0x44, 0x42,
422 0xC0, 0xC6, 0xCC, 0xCA, 0xD8, 0xDE, 0xD4, 0xD2,
423 0xF0, 0xF6, 0xFC, 0xFA, 0xE8, 0xEE, 0xE4, 0xE2,
424 0xA0, 0xA6, 0xAC, 0xAA, 0xB8, 0xBE, 0xB4, 0xB2,
425 0x90, 0x96, 0x9C, 0x9A, 0x88, 0x8E, 0x84, 0x82,
426 0x9D, 0x9B, 0x91, 0x97, 0x85, 0x83, 0x89, 0x8F,
427 0xAD, 0xAB, 0xA1, 0xA7, 0xB5, 0xB3, 0xB9, 0xBF,
428 0xFD, 0xFB, 0xF1, 0xF7, 0xE5, 0xE3, 0xE9, 0xEF,
429 0xCD, 0xCB, 0xC1, 0xC7, 0xD5, 0xD3, 0xD9, 0xDF,
430 0x5D, 0x5B, 0x51, 0x57, 0x45, 0x43, 0x49, 0x4F,
431 0x6D, 0x6B, 0x61, 0x67, 0x75, 0x73, 0x79, 0x7F,
432 0x3D, 0x3B, 0x31, 0x37, 0x25, 0x23, 0x29, 0x2F,
433 0x0D, 0x0B, 0x01, 0x07, 0x15, 0x13, 0x19, 0x1F,
434 0x27, 0x21, 0x2B, 0x2D, 0x3F, 0x39, 0x33, 0x35,
435 0x17, 0x11, 0x1B, 0x1D, 0x0F, 0x09, 0x03, 0x05,
436 0x47, 0x41, 0x4B, 0x4D, 0x5F, 0x59, 0x53, 0x55,
437 0x77, 0x71, 0x7B, 0x7D, 0x6F, 0x69, 0x63, 0x65,
438 0xE7, 0xE1, 0xEB, 0xED, 0xFF, 0xF9, 0xF3, 0xF5,
439 0xD7, 0xD1, 0xDB, 0xDD, 0xCF, 0xC9, 0xC3, 0xC5,
440 0x87, 0x81, 0x8B, 0x8D, 0x9F, 0x99, 0x93, 0x95,
441 0xB7, 0xB1, 0xBB, 0xBD, 0xAF, 0xA9, 0xA3, 0xA5,
442 0xBA, 0xBC, 0xB6, 0xB0, 0xA2, 0xA4, 0xAE, 0xA8,
443 0x8A, 0x8C, 0x86, 0x80, 0x92, 0x94, 0x9E, 0x98,
444 0xDA, 0xDC, 0xD6, 0xD0, 0xC2, 0xC4, 0xCE, 0xC8,
445 0xEA, 0xEC, 0xE6, 0xE0, 0xF2, 0xF4, 0xFE, 0xF8,
446 0x7A, 0x7C, 0x76, 0x70, 0x62, 0x64, 0x6E, 0x68,
447 0x4A, 0x4C, 0x46, 0x40, 0x52, 0x54, 0x5E, 0x58,
448 0x1A, 0x1C, 0x16, 0x10, 0x02, 0x04, 0x0E, 0x08,
449 0x2A, 0x2C, 0x26, 0x20, 0x32, 0x34, 0x3E, 0x38
450 };
451
452 static const uint8_t ks3[256] =
453 {
454 0x00, 0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38,
455 0x40, 0x48, 0x50, 0x58, 0x60, 0x68, 0x70, 0x78,
456 0x80, 0x88, 0x90, 0x98, 0xA0, 0xA8, 0xB0, 0xB8,
457 0xC0, 0xC8, 0xD0, 0xD8, 0xE0, 0xE8, 0xF0, 0xF8,
458 0x1D, 0x15, 0x0D, 0x05, 0x3D, 0x35, 0x2D, 0x25,
459 0x5D, 0x55, 0x4D, 0x45, 0x7D, 0x75, 0x6D, 0x65,
460 0x9D, 0x95, 0x8D, 0x85, 0xBD, 0xB5, 0xAD, 0xA5,
461 0xDD, 0xD5, 0xCD, 0xC5, 0xFD, 0xF5, 0xED, 0xE5,
462 0x3A, 0x32, 0x2A, 0x22, 0x1A, 0x12, 0x0A, 0x02,
463 0x7A, 0x72, 0x6A, 0x62, 0x5A, 0x52, 0x4A, 0x42,
464 0xBA, 0xB2, 0xAA, 0xA2, 0x9A, 0x92, 0x8A, 0x82,
465 0xFA, 0xF2, 0xEA, 0xE2, 0xDA, 0xD2, 0xCA, 0xC2,
466 0x27, 0x2F, 0x37, 0x3F, 0x07, 0x0F, 0x17, 0x1F,
467 0x67, 0x6F, 0x77, 0x7F, 0x47, 0x4F, 0x57, 0x5F,
468 0xA7, 0xAF, 0xB7, 0xBF, 0x87, 0x8F, 0x97, 0x9F,
469 0xE7, 0xEF, 0xF7, 0xFF, 0xC7, 0xCF, 0xD7, 0xDF,
470 0x74, 0x7C, 0x64, 0x6C, 0x54, 0x5C, 0x44, 0x4C,
471 0x34, 0x3C, 0x24, 0x2C, 0x14, 0x1C, 0x04, 0x0C,
472 0xF4, 0xFC, 0xE4, 0xEC, 0xD4, 0xDC, 0xC4, 0xCC,
473 0xB4, 0xBC, 0xA4, 0xAC, 0x94, 0x9C, 0x84, 0x8C,
474 0x69, 0x61, 0x79, 0x71, 0x49, 0x41, 0x59, 0x51,
475 0x29, 0x21, 0x39, 0x31, 0x09, 0x01, 0x19, 0x11,
476 0xE9, 0xE1, 0xF9, 0xF1, 0xC9, 0xC1, 0xD9, 0xD1,
477 0xA9, 0xA1, 0xB9, 0xB1, 0x89, 0x81, 0x99, 0x91,
478 0x4E, 0x46, 0x5E, 0x56, 0x6E, 0x66, 0x7E, 0x76,
479 0x0E, 0x06, 0x1E, 0x16, 0x2E, 0x26, 0x3E, 0x36,
480 0xCE, 0xC6, 0xDE, 0xD6, 0xEE, 0xE6, 0xFE, 0xF6,
481 0x8E, 0x86, 0x9E, 0x96, 0xAE, 0xA6, 0xBE, 0xB6,
482 0x53, 0x5B, 0x43, 0x4B, 0x73, 0x7B, 0x63, 0x6B,
483 0x13, 0x1B, 0x03, 0x0B, 0x33, 0x3B, 0x23, 0x2B,
484 0xD3, 0xDB, 0xC3, 0xCB, 0xF3, 0xFB, 0xE3, 0xEB,
485 0x93, 0x9B, 0x83, 0x8B, 0xB3, 0xBB, 0xA3, 0xAB
486 };
487
488 static const uint32_t rc[64] =
489 {
490 0xBA542F74, 0x53D3D24D, 0x50AC8DBF, 0x70529A4C,
491 0xEAD597D1, 0x33515BA6, 0xDE48A899, 0xDB32B7FC,
492 0xE39E919B, 0xE2BB416E, 0xA5CB6B95, 0xA1F3B102,
493 0xCCC41D14, 0xC363DA5D, 0x5FDC7DCD, 0x7F5A6C5C,
494 0xF726FFED, 0xE89D6F8E, 0x19A0F089, 0x0F07AFFB,
495 0x08150D04, 0x0164DF76, 0x79DD3D16, 0x3F376D38,
496 0xB973E935, 0x55717B8C, 0x7288F62A, 0x3E5E2746,
497 0x0C656861, 0x03C157D6, 0xD958D866, 0xD73AC83C,
498 0xFA96A798, 0xECB8C7AE, 0x694BABA9, 0x670A47F2,
499 0xB522E5EE, 0xBE2B8112, 0x831B0E23, 0xF54521CE,
500 0x492CF9E6, 0xB6281782, 0x1A8BFE8A, 0x09C9874E,
501 0xE12EE4E0, 0xEB90A41E, 0x85600025, 0xF4F1940B,
502 0xE775EF34, 0x31D4D086, 0x7EADFD29, 0x303B9FF8,
503 0xC6130605, 0xC511777C, 0x7A78361C, 0x39591856,
504 0xB3B02420, 0xB292A3C0, 0x446210B4, 0x844393C2,
505 0x4ABD8F2D, 0xBC9C6A40, 0xCFA2804F, 0x1FCAAA42
506 };
507
508 static void anubis_crypt
509 (
510 const uint32_t *k,
511 unsigned int r,
512 const void *in,
513 void *out
514 )
515 {
516 uint32_t x0;
517 uint32_t x1;
518 uint32_t x2;
519 uint32_t x3;
520 uint32_t t0;
521 uint32_t t1;
522 uint32_t t2;
523 uint32_t t3;
524 unsigned int i;
525
526 x0 = LOAD32B(CU8(in)) ^ k[0];
527 x1 = LOAD32B(CU8(in) + 4) ^ k[1];
528 x2 = LOAD32B(CU8(in) + 8) ^ k[2];
529 x3 = LOAD32B(CU8(in) + 12) ^ k[3];
530
531 /* r - 1 full rounds */
532 for(i = 4; i < (r << 2);)
533 {
534 t0 = s0[x0 >> 24] ^
535 s1[x1 >> 24] ^
536 s2[x2 >> 24] ^
537 s3[x3 >> 24] ^
538 k[i++];
539
540 t1 = s0[(x0 >> 16) & 0xFF] ^
541 s1[(x1 >> 16) & 0xFF] ^
542 s2[(x2 >> 16) & 0xFF] ^
543 s3[(x3 >> 16) & 0xFF] ^
544 k[i++];
545
546 t2 = s0[(x0 >> 8) & 0xFF] ^
547 s1[(x1 >> 8) & 0xFF] ^
548 s2[(x2 >> 8) & 0xFF] ^
549 s3[(x3 >> 8) & 0xFF] ^
550 k[i++];
551
552 t3 = s0[x0 & 0xFF] ^
553 s1[x1 & 0xFF] ^
554 s2[x2 & 0xFF] ^
555 s3[x3 & 0xFF] ^
556 k[i++];
557
558 x0 = t0;
559 x1 = t1;
560 x2 = t2;
561 x3 = t3;
562 }
563
564 /* last round */
565 t0 = ((s0[x0 >> 24] & 0xFF000000) |
566 (s1[x1 >> 24] & 0x00FF0000) |
567 (s2[x2 >> 24] & 0x0000FF00) |
568 (s3[x3 >> 24] & 0x000000FF)) ^
569 k[i++];
570
571 t1 = ((s0[(x0 >> 16) & 0xFF] & 0xFF000000) |
572 (s1[(x1 >> 16) & 0xFF] & 0x00FF0000) |
573 (s2[(x2 >> 16) & 0xFF] & 0x0000FF00) |
574 (s3[(x3 >> 16) & 0xFF] & 0x000000FF)) ^
575 k[i++];
576
577 t2 = ((s0[(x0 >> 8) & 0xFF] & 0xFF000000) |
578 (s1[(x1 >> 8) & 0xFF] & 0x00FF0000) |
579 (s2[(x2 >> 8) & 0xFF] & 0x0000FF00) |
580 (s3[(x3 >> 8) & 0xFF] & 0x000000FF)) ^
581 k[i++];
582
583 t3 = ((s0[x0 & 0xFF] & 0xFF000000) |
584 (s1[x1 & 0xFF] & 0x00FF0000) |
585 (s2[x2 & 0xFF] & 0x0000FF00) |
586 (s3[x3 & 0xFF] & 0x000000FF)) ^
587 k[i++];
588
589 STORE32B(t0, U8(out));
590 STORE32B(t1, U8(out) + 4);
591 STORE32B(t2, U8(out) + 8);
592 STORE32B(t3, U8(out) + 12);
593 }
594
595 static void anubis_setup
596 (
597 kripto_block *s,
598 const uint8_t *key,
599 unsigned int key_len
600 )
601 {
602 int i;
603 int j;
604 unsigned int r;
605 const unsigned int n = (key_len + 3) >> 2;
606 uint32_t t0;
607 uint32_t t1;
608 uint32_t t2;
609 uint32_t t3;
610 uint32_t x[80];
611 uint32_t kx[80];
612
613 for(r = 0; r < n; r++) kx[r] = 0;
614
615 for(r = 0; r < key_len; r++)
616 kx[r >> 2] |= key[r] << (24 - ((r & 3) << 3));
617
618 /* generate s->rounds + 1 round keys */
619 for(r = 0; r <= s->rounds; r++)
620 {
621 /* generate r-th round key K^r */
622 t0 = ks0[kx[n - 1] >> 24];
623 t1 = ks0[(kx[n - 1] >> 16) & 0xFF];
624 t2 = ks0[(kx[n - 1] >> 8) & 0xFF];
625 t3 = ks0[kx[n - 1] & 0xFF];
626
627 for(i = n - 2; i >= 0; i--)
628 {
629 t0 = ks0[kx[i] >> 24] ^
630 ((t0 & 0xFF000000) |
631 (ks1[(t0 >> 16) & 0xFF] << 16) |
632 (ks2[(t0 >> 8) & 0xFF] << 8) |
633 ks3[t0 & 0xFF]);
634
635 t1 = ks0[(kx[i] >> 16) & 0xFF] ^
636 ((t1 & 0xFF000000) |
637 (ks1[(t1 >> 16) & 0xFF] << 16) |
638 (ks2[(t1 >> 8) & 0xFF] << 8) |
639 ks3[t1 & 0xFF]);
640
641 t2 = ks0[(kx[i] >> 8) & 0xFF] ^
642 ((t2 & 0xFF000000) |
643 (ks1[(t2 >> 16) & 0xFF] << 16) |
644 (ks2[(t2 >> 8) & 0xFF] << 8) |
645 ks3[t2 & 0xFF]);
646
647 t3 = ks0[kx[i] & 0xFF] ^
648 ((t3 & 0xFF000000) |
649 (ks1[(t3 >> 16) & 0xFF] << 16) |
650 (ks2[(t3 >> 8) & 0xFF] << 8) |
651 ks3[t3 & 0xFF]);
652 }
653
654 s->k[r << 2] = t0;
655 s->k[(r << 2) + 1] = t1;
656 s->k[(r << 2) + 2] = t2;
657 s->k[(r << 2) + 3] = t3;
658
659 if(r == s->rounds) break;
660
661 /* compute kx^{r+1} from kx^r */
662 for(i = 0; (unsigned int)i < n; i++)
663 {
664 j = i;
665 x[i] = s0[kx[j--] >> 24]; if(j < 0) j = n - 1;
666 x[i] ^= s1[(kx[j--] >> 16) & 0xFF]; if(j < 0) j = n - 1;
667 x[i] ^= s2[(kx[j--] >> 8) & 0xFF]; if(j < 0) j = n - 1;
668 x[i] ^= s3[kx[j] & 0xFF];
669 }
670 kx[0] = x[0] ^ rc[r];
671 for(i = 1; (unsigned int)i < n; i++) kx[i] = x[i];
672 }
673
674 /* wipe */
675 kripto_memwipe(x, n << 2);
676 kripto_memwipe(kx, n << 2);
677 kripto_memwipe(&t1, sizeof(uint32_t));
678 kripto_memwipe(&t2, sizeof(uint32_t));
679 kripto_memwipe(&t3, sizeof(uint32_t));
680
681 /* generate inverse key schedule */
682 for(i = 0; i < 4; i++)
683 {
684 s->dk[i] = s->k[(s->rounds << 2) + i];
685 s->dk[(s->rounds << 2) + i] = s->k[i];
686 }
687 for(r = 1; r < s->rounds; r++)
688 {
689 for(i = 0; i < 4; i++)
690 {
691 t0 = s->k[((s->rounds - r) << 2) + i];
692
693 s->dk[(r << 2) + i] = s0[ks0[t0 >> 24] & 0xFF] ^
694 s1[ks0[(t0 >> 16) & 0xFF] & 0xFF] ^
695 s2[ks0[(t0 >> 8) & 0xFF] & 0xFF] ^
696 s3[ks0[t0 & 0xFF] & 0xFF];
697 }
698 }
699
700 /* wipe */
701 kripto_memwipe(&t0, sizeof(uint32_t));
702 }
703
704 static void anubis_encrypt
705 (
706 const kripto_block *s,
707 const void *pt,
708 void *ct
709 )
710 {
711 anubis_crypt(s->k, s->rounds, pt, ct);
712 }
713
714 static void anubis_decrypt
715 (
716 const kripto_block *s,
717 const void *ct,
718 void *pt
719 )
720 {
721 anubis_crypt(s->dk, s->rounds, ct, pt);
722 }
723
724 static kripto_block *anubis_create
725 (
726 unsigned int r,
727 const void *key,
728 unsigned int key_len
729 )
730 {
731 kripto_block *s;
732
733 if(!r)
734 {
735 r = 8 + ((key_len + 3) >> 2);
736 if(r < 12) r = 12;
737 }
738
739 s = malloc(sizeof(kripto_block) + ((r + 1) << 5));
740 if(!s) return 0;
741
742 s->obj.desc = kripto_block_anubis;
743 s->size = sizeof(kripto_block) + ((r + 1) << 5);
744 s->rounds = r;
745 s->k = (uint32_t *)((uint8_t *)s + sizeof(kripto_block));
746 s->dk = s->k + ((r + 1) << 2);
747
748 anubis_setup(s, key, key_len);
749
750 return s;
751 }
752
753 static void anubis_destroy(kripto_block *s)
754 {
755 kripto_memwipe(s, s->size);
756 free(s);
757 }
758
759 static kripto_block *anubis_recreate
760 (
761 kripto_block *s,
762 unsigned int r,
763 const void *key,
764 unsigned int key_len
765 )
766 {
767 if(!r)
768 {
769 r = 8 + ((key_len + 3) >> 2);
770 if(r < 12) r = 12;
771 }
772
773 if(sizeof(kripto_block) + ((r + 1) << 5) > s->size)
774 {
775 anubis_destroy(s);
776 s = anubis_create(r, key, key_len);
777 }
778 else
779 {
780 s->rounds = r;
781 anubis_setup(s, key, key_len);
782 }
783
784 return s;
785 }
786
787 static const kripto_block_desc anubis =
788 {
789 &anubis_create,
790 &anubis_recreate,
791 0, /* tweak */
792 &anubis_encrypt,
793 &anubis_decrypt,
794 &anubis_destroy,
795 16, /* block size */
796 40, /* max key */
797 0, /* max tweak */
798 };
799
800 const kripto_block_desc *const kripto_block_anubis = &anubis;