| blob | c84c114ebe90259bbfd8ff01626fd724da0bd675 |
1 /* This file is derived from sober128 implementation in corosync
2 cluster engine. corosync cluster engine borrows the implementation
3 from LibTomCrypt.
5 The latest version of the original code can be found at
6 http://www.libtom.net/LibTomCrypt/ according to which this code is in the
7 Public Domain
8 */
10 /* About LibTomCrypt:
11 * ---------------------------------------------------------------------
12 * LibTomCrypt, modular cryptographic library -- Tom St Denis
13 *
14 * LibTomCrypt is a library that provides various cryptographic
15 * algorithms in a highly modular and flexible manner.
16 *
17 * The library is free for all purposes without any express
18 * guarantee it works.
19 *
20 * Tom St Denis, tomstdenis@iahu.ca, http://www.libtom.net/LibTomCrypt/
21 */
28 /* ---- HELPER MACROS ---- */
29 #define STORE32L(x, y) \
30 { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
31 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
33 #define LOAD32L(x, y) \
34 { x = ((unsigned long)((y)[3] & 255)<<24) | \
35 ((unsigned long)((y)[2] & 255)<<16) | \
36 ((unsigned long)((y)[1] & 255)<<8) | \
37 ((unsigned long)((y)[0] & 255)); }
39 /* rotates the hard way */
40 #define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
43 /* Id: s128multab.h 213 2003-12-16 04:27:12Z ggr $ */
44 /* @(#)TuringMultab.h 1.3 (QUALCOMM) 02/09/03 */
45 /* Multiplication table for Turing using 0xD02B4367 */
112 };
114 /* Id: s128sbox.h 213 2003-12-16 04:27:12Z ggr $ */
115 /* Sbox for SOBER-128 */
116 /*
117 * This is really the combination of two SBoxes; the least significant
118 * 24 bits comes from:
119 * 8->32 Sbox generated by Millan et. al. at Queensland University of
120 * Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter,
121 * "On the Design of 8*32 S-boxes". Unpublished report, by the
122 * Information Systems Research Centre,
123 * Queensland University of Technology, 1999.
124 *
125 * The most significant 8 bits are the Skipjack "F table", which can be
126 * found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf .
127 * In this optimised table, though, the intent is to XOR the word from
128 * the table selected by the high byte with the input word. Thus, the
129 * high byte is actually the Skipjack F-table entry XORED with its
130 * table index.
131 */
197 };
200 /* Implementation of SOBER-128 by Tom St Denis.
201 * Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM.
202 */
204 /* don't change these... */
205 #define N 17
212 {
213 ulong32 t;
216 }
219 {
220 ulong32 t;
224 }
226 /* give correct offset for the current position of the register,
227 * where logically R[0] is at position "zero".
228 */
229 #define OFF(zero, i) (((zero)+(i)) % N)
231 /* step the LFSR */
232 /* After stepping, "zero" moves right one place */
233 #define STEP(R,z) \
234 R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF];
237 {
238 ulong32 t;
245 }
247 }
249 /* Return a non-linear function of some parts of the register.
250 */
251 #define NLFUNC(c,z) \
252 { \
253 t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \
254 t ^= Sbox[(t >> 24) & 0xFF]; \
255 t = ROR(t, 8); \
256 t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \
257 t ^= Sbox[(t >> 24) & 0xFF]; \
258 t = t + c->R[OFF(z,13)]; \
259 }
262 {
263 ulong32 t;
266 }
268 /* initialise to known state
269 */
271 {
274 /* Register initialised to Fibonacci numbers */
279 }
282 /* next add_entropy will be the key */
287 }
289 /* Save the current register state
290 */
292 {
296 }
297 }
299 /* initialise to previously saved register state
300 */
302 {
307 }
308 }
310 /* Initialise "konst"
311 */
313 {
314 ulong32 newkonst;
321 }
323 /* Load key material into the register
324 */
325 #define ADDKEY(k) \
326 c->R[KEYP] += (k);
328 #define XORNL(nl) \
329 c->R[FOLDP] ^= (nl);
331 /* nonlinear diffusion of register for key */
332 #define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t;
334 {
335 ulong32 t;
336 /* relies on FOLD == N == 17! */
354 }
357 {
362 /* this is the first call to the add_entropy so this input is the key */
363 /* len must be multiple of 4 bytes */
364 /* assert ((len & 3) == 0); */
371 }
373 /* also fold in the length of the key */
376 /* now diffuse */
385 /* ok we are adding an IV then... */
388 /* len must be multiple of 4 bytes */
389 /* assert ((len & 3) == 0); */
396 }
398 /* also fold in the length of the key */
401 /* now diffuse */
404 }
407 }
409 /* XOR pseudo-random bytes into buffer
410 */
411 #define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4));
414 {
419 /* handle any previously buffered bytes */
425 }
427 #ifndef SMALL_CODE
428 /* do lots at a time, if there's enough to do */
449 }
450 #endif
452 /* do small or odd size buffers the slow way */
459 }
461 /* handle any trailing bytes */
471 }
472 }
475 }
477 /*
478 * Editor modelines - https://www.wireshark.org/tools/modelines.html
479 *
480 * Local variables:
481 * c-basic-offset: 4
482 * tab-width: 8
483 * indent-tabs-mode: nil
484 * End:
485 *
486 * vi: set shiftwidth=4 tabstop=8 expandtab:
487 * :indentSize=4:tabSize=8:noTabs=true:
488 */