search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
status update, probably last commit
[rofl0r-kripto.git] / lib / block / skipjack.c
blob8abfcbb94a16dadf82dfe5a3aca74c89bd5a83da
1 /*
2 * Written in 2013 by Gregor Pintar <grpintar@gmail.com>
3 *
4 * To the extent possible under law, the author(s) have dedicated
5 * all copyright and related and neighboring rights to this software
6 * to the public domain worldwide.
7 *
8 * This software is distributed without any warranty.
9 *
10 * You should have received a copy of the CC0 Public Domain Dedication.
11 * If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
12 */
13
14 /* Based on Tom St Denis's implementation */
15
16 #include <stdint.h>
17 #include <stdlib.h>
18 #include <string.h>
19
20 #include <kripto/cast.h>
21 #include <kripto/loadstore.h>
22 #include <kripto/memwipe.h>
23 #include <kripto/block.h>
24 #include <kripto/desc/block.h>
25 #include <kripto/object/block.h>
26
27 #include <kripto/block/skipjack.h>
28
29 struct kripto_block
30 {
31 struct kripto_block_object obj;
32 uint8_t k[10];
33 };
34
35 static const uint8_t S[256] =
36 {
37 0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4,
38 0xB3, 0x21, 0x15, 0x78, 0x99, 0xB1, 0xAF, 0xF9,
39 0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E,
40 0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28,
41 0x0A, 0xDF, 0x02, 0xA0, 0x17, 0xF1, 0x60, 0x68,
42 0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53,
43 0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19,
44 0x7C, 0xAE, 0xE5, 0xF5, 0xF7, 0x16, 0x6A, 0xA2,
45 0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B,
46 0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8,
47 0x55, 0xB9, 0xDA, 0x85, 0x3F, 0x41, 0xBF, 0xE0,
48 0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90,
49 0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69,
50 0x45, 0x00, 0x94, 0x56, 0x6D, 0x98, 0x9B, 0x76,
51 0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20,
52 0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D,
53 0x42, 0xED, 0x9E, 0x6E, 0x49, 0x3C, 0xCD, 0x43,
54 0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18,
55 0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA,
56 0xC8, 0x74, 0xDC, 0xC9, 0x5D, 0x5C, 0x31, 0xA4,
57 0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87,
58 0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40,
59 0x34, 0x4B, 0x1C, 0x73, 0xD1, 0xC4, 0xFD, 0x3B,
60 0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5,
61 0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0,
62 0x29, 0x79, 0x71, 0x7E, 0xFF, 0x8C, 0x0E, 0xE2,
63 0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1,
64 0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8,
65 0x08, 0x77, 0x11, 0xBE, 0x92, 0x4F, 0x24, 0xC5,
66 0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC,
67 0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3,
68 0xBD, 0xA8, 0x3A, 0x01, 0x05, 0x59, 0x2A, 0x46
69 };
70
71 /* i + 1 (mod 10) */
72 static const uint8_t plus1mod10[10] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
73
74 /* i - 1 (mod 10) */
75 static const uint8_t minus1mod10[10] = {9, 0, 1, 2, 3, 4, 5, 6, 7, 8};
76
77 static inline uint16_t F
78 (
79 const uint16_t x,
80 const uint8_t *k,
81 uint8_t *i
82 )
83 {
84 uint8_t hi;
85 uint8_t lo;
86
87 hi = x >> 8;
88 lo = x;
89
90 hi ^= S[lo ^ k[*i]]; *i = plus1mod10[*i];
91 lo ^= S[hi ^ k[*i]]; *i = plus1mod10[*i];
92 hi ^= S[lo ^ k[*i]]; *i = plus1mod10[*i];
93 lo ^= S[hi ^ k[*i]]; *i = plus1mod10[*i];
94
95 return ((uint16_t)hi << 8) | (uint16_t)lo;
96 }
97
98 static inline uint16_t invF
99 (
100 const uint16_t x,
101 const uint8_t *k,
102 uint8_t *i
103 )
104 {
105 uint8_t hi;
106 uint8_t lo;
107
108 hi = x >> 8;
109 lo = x;
110
111 *i = minus1mod10[*i]; lo ^= S[hi ^ k[*i]];
112 *i = minus1mod10[*i]; hi ^= S[lo ^ k[*i]];
113 *i = minus1mod10[*i]; lo ^= S[hi ^ k[*i]];
114 *i = minus1mod10[*i]; hi ^= S[lo ^ k[*i]];
115
116 return ((uint16_t)hi << 8) | (uint16_t)lo;
117 }
118
119 static void skipjack_encrypt(const kripto_block *s, const void *pt, void *ct)
120 {
121 uint16_t x0;
122 uint16_t x1;
123 uint16_t x2;
124 uint16_t x3;
125 uint16_t t0;
126 uint16_t t1;
127
128 unsigned int r = 0;
129 uint8_t i = 0;
130
131 x0 = LOAD16B(CU8(pt));
132 x1 = LOAD16B(CU8(pt) + 2);
133 x2 = LOAD16B(CU8(pt) + 4);
134 x3 = LOAD16B(CU8(pt) + 6);
135
136 /* RULE A */
137 while(r < 8)
138 {
139 t0 = F(x0, s->k, &i);
140 x0 = t0 ^ x3 ^ ++r;
141 x3 = x2;
142 x2 = x1;
143 x1 = t0;
144 }
145
146 /* RULE B */
147 while(r < 16)
148 {
149 t0 = F(x0, s->k, &i);
150 t1 = x3;
151 x3 = x2;
152 x2 = x0 ^ x1 ^ ++r;
153 x0 = t1;
154 x1 = t0;
155 }
156
157 /* RULE A */
158 while(r < 24)
159 {
160 t0 = F(x0, s->k, &i);
161 x0 = t0 ^ x3 ^ ++r;
162 x3 = x2;
163 x2 = x1;
164 x1 = t0;
165 }
166
167 /* RULE B */
168 while(r < 32)
169 {
170 t0 = F(x0, s->k, &i);
171 t1 = x3;
172 x3 = x2;
173 x2 = x0 ^ x1 ^ ++r;
174 x0 = t1;
175 x1 = t0;
176 }
177
178 STORE16B(x0, U8(ct));
179 STORE16B(x1, U8(ct) + 2);
180 STORE16B(x2, U8(ct) + 4);
181 STORE16B(x3, U8(ct) + 6);
182 }
183
184 static void skipjack_decrypt(const kripto_block *s, const void *ct, void *pt)
185 {
186 uint16_t x0;
187 uint16_t x1;
188 uint16_t x2;
189 uint16_t x3;
190 uint16_t t;
191
192 unsigned int r = 32;
193 uint8_t i = 8; /* (r * 4) % 10 */
194
195 x0 = LOAD16B(CU8(ct));
196 x1 = LOAD16B(CU8(ct) + 2);
197 x2 = LOAD16B(CU8(ct) + 4);
198 x3 = LOAD16B(CU8(ct) + 6);
199
200 /* RULE B */
201 while(r > 24)
202 {
203 t = invF(x1, s->k, &i);
204 x1 = t ^ x2 ^ r--;
205 x2 = x3;
206 x3 = x0;
207 x0 = t;
208 }
209
210 /* RULE A */
211 while(r > 16)
212 {
213 t = x0 ^ x1 ^ r--;
214 x0 = invF(x1, s->k, &i);
215 x1 = x2;
216 x2 = x3;
217 x3 = t;
218 }
219
220 /* RULE B */
221 while(r > 8)
222 {
223 t = invF(x1, s->k, &i);
224 x1 = t ^ x2 ^ r--;
225 x2 = x3;
226 x3 = x0;
227 x0 = t;
228 }
229
230 /* RULE A */
231 while(r)
232 {
233 t = x0 ^ x1 ^ r--;
234 x0 = invF(x1, s->k, &i);
235 x1 = x2;
236 x2 = x3;
237 x3 = t;
238 }
239
240 STORE16B(x0, U8(pt));
241 STORE16B(x1, U8(pt) + 2);
242 STORE16B(x2, U8(pt) + 4);
243 STORE16B(x3, U8(pt) + 6);
244 }
245
246 static kripto_block *skipjack_recreate
247 (
248 kripto_block *s,
249 unsigned int r,
250 const void *key,
251 unsigned int key_len
252 )
253 {
254 (void)r;
255
256 memcpy(s->k, key, key_len);
257
258 if(key_len < 10) memset(s->k + key_len, 0, 10 - key_len);
259
260 return s;
261 }
262
263 static kripto_block *skipjack_create
264 (
265 unsigned int r,
266 const void *key,
267 unsigned int key_len
268 )
269 {
270 kripto_block *s;
271
272 s = malloc(sizeof(kripto_block));
273 if(!s) return 0;
274
275 s->obj.desc = kripto_block_skipjack;
276
277 skipjack_recreate(s, r, key, key_len);
278
279 return s;
280 }
281
282 static void skipjack_destroy(kripto_block *s)
283 {
284 kripto_memwipe(s, sizeof(kripto_block));
285 free(s);
286 }
287
288 static const kripto_block_desc skipjack =
289 {
290 &skipjack_create,
291 &skipjack_recreate,
292 0, /* tweak */
293 &skipjack_encrypt,
294 &skipjack_decrypt,
295 &skipjack_destroy,
296 8, /* block size */
297 10, /* max key */
298 0 /* max tweak */
299 };
300
301 const kripto_block_desc *const kripto_block_skipjack = &skipjack;