5 * Copyright 2004 Michael Jung
6 * Based on public domain code by Tom St Denis (tomstdenis@iahu.ca)
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * This file contains code from the LibTomCrypt cryptographic
25 * library written by Tom St Denis (tomstdenis@iahu.ca). LibTomCrypt
26 * is in the public domain. The code in this file is tailored to
27 * special requirements. Take a look at http://libtomcrypt.org for the
33 /* 256-entry permutation table, probably derived somehow from pi */
34 static const unsigned char permute
[256] = {
35 217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
36 198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
37 23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50,
38 189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
39 84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
40 18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
41 111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3,
42 248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215,
43 8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
44 150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236,
45 194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
46 153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49,
47 45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201,
48 211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169,
49 13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
50 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
53 int rc2_setup(const unsigned char *key
, int keylen
, int bits
, int rounds
, rc2_key
*rc2
)
55 unsigned *xkey
= rc2
->xkey
;
56 unsigned char tmp
[128];
60 if (keylen
< 5 || keylen
> 128) {
61 return CRYPT_INVALID_KEYSIZE
;
64 if (rounds
!= 0 && rounds
!= 16) {
65 return CRYPT_INVALID_ROUNDS
;
68 /* Following comment is from Eric Young's rc2 code: */
69 /* It has come to my attention that there are 2 versions of the RC2
70 * key schedule. One which is normal, and anther which has a hook to
71 * use a reduced key length.
72 * BSAFE uses the 'retarded' version. What I previously shipped is
73 * the same as specifying 1024 for the 'bits' parameter. Bsafe uses
74 * a version where the bits parameter is the same as len*8 */
75 /* Seems like MS uses the 'retarded' version, too.
76 * Adjust effective keylen bits */
77 if (bits
<= 0) bits
= keylen
<< 3;
78 if (bits
> 1024) bits
= 1024;
80 for (i
= 0; i
< keylen
; i
++) {
81 tmp
[i
] = key
[i
] & 255;
84 /* Phase 1: Expand input key to 128 bytes */
86 for (i
= keylen
; i
< 128; i
++) {
87 tmp
[i
] = permute
[(tmp
[i
- 1] + tmp
[i
- keylen
]) & 255];
91 /* Phase 2 - reduce effective key size to "bits" */
92 /*bits = keylen<<3; */
93 T8
= (unsigned)(bits
+7)>>3;
94 TM
= (255 >> (unsigned)(7 & -bits
));
95 tmp
[128 - T8
] = permute
[tmp
[128 - T8
] & TM
];
96 for (i
= 127 - T8
; i
>= 0; i
--) {
97 tmp
[i
] = permute
[tmp
[i
+ 1] ^ tmp
[i
+ T8
]];
100 /* Phase 3 - copy to xkey in little-endian order */
101 for (i
= 0; i
< 64; i
++) {
102 xkey
[i
] = (unsigned)tmp
[2*i
] + ((unsigned)tmp
[2*i
+1] << 8);
108 /**********************************************************************\
109 * Encrypt an 8-byte block of plaintext using the given key. *
110 \**********************************************************************/
111 void rc2_ecb_encrypt( const unsigned char *plain
,
112 unsigned char *cipher
,
116 unsigned x76
, x54
, x32
, x10
, i
;
120 x76
= ((unsigned)plain
[7] << 8) + (unsigned)plain
[6];
121 x54
= ((unsigned)plain
[5] << 8) + (unsigned)plain
[4];
122 x32
= ((unsigned)plain
[3] << 8) + (unsigned)plain
[2];
123 x10
= ((unsigned)plain
[1] << 8) + (unsigned)plain
[0];
125 for (i
= 0; i
< 16; i
++) {
126 x10
= (x10
+ (x32
& ~x76
) + (x54
& x76
) + xkey
[4*i
+0]) & 0xFFFF;
127 x10
= ((x10
<< 1) | (x10
>> 15));
129 x32
= (x32
+ (x54
& ~x10
) + (x76
& x10
) + xkey
[4*i
+1]) & 0xFFFF;
130 x32
= ((x32
<< 2) | (x32
>> 14));
132 x54
= (x54
+ (x76
& ~x32
) + (x10
& x32
) + xkey
[4*i
+2]) & 0xFFFF;
133 x54
= ((x54
<< 3) | (x54
>> 13));
135 x76
= (x76
+ (x10
& ~x54
) + (x32
& x54
) + xkey
[4*i
+3]) & 0xFFFF;
136 x76
= ((x76
<< 5) | (x76
>> 11));
138 if (i
== 4 || i
== 10) {
139 x10
= (x10
+ xkey
[x76
& 63]) & 0xFFFF;
140 x32
= (x32
+ xkey
[x10
& 63]) & 0xFFFF;
141 x54
= (x54
+ xkey
[x32
& 63]) & 0xFFFF;
142 x76
= (x76
+ xkey
[x54
& 63]) & 0xFFFF;
146 cipher
[0] = (unsigned char)x10
;
147 cipher
[1] = (unsigned char)(x10
>> 8);
148 cipher
[2] = (unsigned char)x32
;
149 cipher
[3] = (unsigned char)(x32
>> 8);
150 cipher
[4] = (unsigned char)x54
;
151 cipher
[5] = (unsigned char)(x54
>> 8);
152 cipher
[6] = (unsigned char)x76
;
153 cipher
[7] = (unsigned char)(x76
>> 8);
156 /**********************************************************************\
157 * Decrypt an 8-byte block of ciphertext using the given key. *
158 \**********************************************************************/
159 void rc2_ecb_decrypt( const unsigned char *cipher
,
160 unsigned char *plain
,
163 unsigned x76
, x54
, x32
, x10
;
169 x76
= ((unsigned)cipher
[7] << 8) + (unsigned)cipher
[6];
170 x54
= ((unsigned)cipher
[5] << 8) + (unsigned)cipher
[4];
171 x32
= ((unsigned)cipher
[3] << 8) + (unsigned)cipher
[2];
172 x10
= ((unsigned)cipher
[1] << 8) + (unsigned)cipher
[0];
174 for (i
= 15; i
>= 0; i
--) {
175 if (i
== 4 || i
== 10) {
176 x76
= (x76
- xkey
[x54
& 63]) & 0xFFFF;
177 x54
= (x54
- xkey
[x32
& 63]) & 0xFFFF;
178 x32
= (x32
- xkey
[x10
& 63]) & 0xFFFF;
179 x10
= (x10
- xkey
[x76
& 63]) & 0xFFFF;
182 x76
= ((x76
<< 11) | (x76
>> 5));
183 x76
= (x76
- ((x10
& ~x54
) + (x32
& x54
) + xkey
[4*i
+3])) & 0xFFFF;
185 x54
= ((x54
<< 13) | (x54
>> 3));
186 x54
= (x54
- ((x76
& ~x32
) + (x10
& x32
) + xkey
[4*i
+2])) & 0xFFFF;
188 x32
= ((x32
<< 14) | (x32
>> 2));
189 x32
= (x32
- ((x54
& ~x10
) + (x76
& x10
) + xkey
[4*i
+1])) & 0xFFFF;
191 x10
= ((x10
<< 15) | (x10
>> 1));
192 x10
= (x10
- ((x32
& ~x76
) + (x54
& x76
) + xkey
[4*i
+0])) & 0xFFFF;
195 plain
[0] = (unsigned char)x10
;
196 plain
[1] = (unsigned char)(x10
>> 8);
197 plain
[2] = (unsigned char)x32
;
198 plain
[3] = (unsigned char)(x32
>> 8);
199 plain
[4] = (unsigned char)x54
;
200 plain
[5] = (unsigned char)(x54
>> 8);
201 plain
[6] = (unsigned char)x76
;
202 plain
[7] = (unsigned char)(x76
>> 8);