libmcrypt-nm/lib/safer.c

/*******************************************************************************
*
* FILE:           safer.c
*
* DESCRIPTION:    block-cipher algorithm SAFER (Secure And Fast Encryption
*                 Routine) in its four versions: SAFER K-64, SAFER K-128,
*                 SAFER SK-64 and SAFER SK-128.
*
* AUTHOR:         Richard De Moliner (demoliner@isi.ee.ethz.ch)
*                 Signal and Information Processing Laboratory
*                 Swiss Federal Institute of Technology
*                 CH-8092 Zuerich, Switzerland
*
* DATE:           September 9, 1995
*
* CHANGE HISTORY:
*
*******************************************************************************/

/* $Id: safer.c,v 1.1.1.1 1999/10/15 22:49:23 nmav Exp $ */

/******************* External Headers *****************************************/

/******************* Local Headers ********************************************/
#include "safer.h"
#include "libdefs.h"

/******************* Constants ************************************************/
#define TAB_LEN      256

/******************* Assertions ***********************************************/

/******************* Macros ***************************************************/
#define ROL(x, n)    ((unsigned char)((unsigned int)(x) << (n)\
                                     |(unsigned int)((x) & 0xFF) >> (8 - (n))))
#define EXP(x)       exp_tab[(x) & 0xFF]
#define LOG(x)       log_tab[(x) & 0xFF]
#define PHT(x, y)    { y += x; x += y; }
#define IPHT(x, y)   { x -= y; y -= x; }

/******************* Types ****************************************************/
static unsigned char exp_tab[TAB_LEN];
static unsigned char log_tab[TAB_LEN];

/******************* Module Data **********************************************/

/******************* Functions ************************************************/

/******************************************************************************/

void _mcrypt_Safer_Init_Module(void)
{
        unsigned int i, exp;

        exp = 1;
        for (i = 0; i < TAB_LEN; i++) {
                exp_tab[i] = (unsigned char) (exp & 0xFF);
                log_tab[exp_tab[i]] = (unsigned char) i;
                exp = exp * 45 % 257;
        }
}                               /* Safer_Init_Module */

/******************************************************************************/

void _mcrypt_Safer_Expand_Userkey(safer_block_t * userkey_1,
                                  safer_block_t * userkey_2,
                                  unsigned int nof_rounds,
                                  int strengthened, safer_key_t * key)
{
        unsigned int i, j;
        unsigned char ka[SAFER_BLOCK_LEN + 1];
        unsigned char kb[SAFER_BLOCK_LEN + 1];

        if (SAFER_MAX_NOF_ROUNDS < nof_rounds)
                nof_rounds = SAFER_MAX_NOF_ROUNDS;
        *key++ = (unsigned char) nof_rounds;
        ka[SAFER_BLOCK_LEN] = 0;
        kb[SAFER_BLOCK_LEN] = 0;
        for (j = 0; j < SAFER_BLOCK_LEN; j++) {
                ka[SAFER_BLOCK_LEN] ^= ka[j] = ROL(userkey_1[j], 5);
                kb[SAFER_BLOCK_LEN] ^= kb[j] = *key++ = userkey_2[j];
        }
        for (i = 1; i <= nof_rounds; i++) {
                for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) {
                        ka[j] = ROL(ka[j], 6);
                        kb[j] = ROL(kb[j], 6);
                }
                for (j = 0; j < SAFER_BLOCK_LEN; j++)
                        if (strengthened)
                                *key++ =
                                    (ka
                                     [(j + 2 * i - 1) %
                                      (SAFER_BLOCK_LEN + 1)] +
                                     exp_tab[exp_tab[18 * i + j + 1]]) &
                                    0xFF;
                        else
                                *key++ =
                                    (ka[j] +
                                     exp_tab[exp_tab[18 * i + j + 1]]) &
                                    0xFF;
                for (j = 0; j < SAFER_BLOCK_LEN; j++)
                        if (strengthened)
                                *key++ =
                                    (kb
                                     [(j + 2 * i) %
                                      (SAFER_BLOCK_LEN + 1)] +
                                     exp_tab[exp_tab[18 * i + j + 10]]) &
                                    0xFF;
                        else
                                *key++ =
                                    (kb[j] +
                                     exp_tab[exp_tab[18 * i + j + 10]]) &
                                    0xFF;
        }
        for (j = 0; j < SAFER_BLOCK_LEN + 1; j++)
                ka[j] = kb[j] = 0;
}                               /* Safer_Expand_Userkey */

/******************************************************************************/


void _mcrypt_Safer_Encrypt_Block(safer_block_t * block_in,
                                 const safer_key_t * key)
{
        unsigned char a, b, c, d, e, f, g, h, t;
        unsigned int round;

        a = block_in[0];
        b = block_in[1];
        c = block_in[2];
        d = block_in[3];
        e = block_in[4];
        f = block_in[5];
        g = block_in[6];
        h = block_in[7];
        if (SAFER_MAX_NOF_ROUNDS < (round = *key))
                round = SAFER_MAX_NOF_ROUNDS;
        while (round--) {
                a ^= *++key;
                b += *++key;
                c += *++key;
                d ^= *++key;
                e ^= *++key;
                f += *++key;
                g += *++key;
                h ^= *++key;
                a = EXP(a) + *++key;
                b = LOG(b) ^ *++key;
                c = LOG(c) ^ *++key;
                d = EXP(d) + *++key;
                e = EXP(e) + *++key;
                f = LOG(f) ^ *++key;
                g = LOG(g) ^ *++key;
                h = EXP(h) + *++key;
                PHT(a, b);
                PHT(c, d);
                PHT(e, f);
                PHT(g, h);
                PHT(a, c);
                PHT(e, g);
                PHT(b, d);
                PHT(f, h);
                PHT(a, e);
                PHT(b, f);
                PHT(c, g);
                PHT(d, h);
                t = b;
                b = e;
                e = c;
                c = t;
                t = d;
                d = f;
                f = g;
                g = t;
        }
        a ^= *++key;
        b += *++key;
        c += *++key;
        d ^= *++key;
        e ^= *++key;
        f += *++key;
        g += *++key;
        h ^= *++key;
        block_in[0] = a & 0xFF;
        block_in[1] = b & 0xFF;
        block_in[2] = c & 0xFF;
        block_in[3] = d & 0xFF;
        block_in[4] = e & 0xFF;
        block_in[5] = f & 0xFF;
        block_in[6] = g & 0xFF;
        block_in[7] = h & 0xFF;
}                               /* Safer_Encrypt_Block */

/******************************************************************************/

void _mcrypt_Safer_Decrypt_Block(safer_block_t * block_in,
                                 const safer_key_t * key)
{
        safer_block_t a, b, c, d, e, f, g, h, t;
        unsigned int round;
        a = block_in[0];
        b = block_in[1];
        c = block_in[2];
        d = block_in[3];
        e = block_in[4];
        f = block_in[5];
        g = block_in[6];
        h = block_in[7];
        if (SAFER_MAX_NOF_ROUNDS < (round = *key))
                round = SAFER_MAX_NOF_ROUNDS;
        key += SAFER_BLOCK_LEN * (1 + 2 * round);
        h ^= *key;
        g -= *--key;
        f -= *--key;
        e ^= *--key;
        d ^= *--key;
        c -= *--key;
        b -= *--key;
        a ^= *--key;
        while (round--) {
                t = e;
                e = b;
                b = c;
                c = t;
                t = f;
                f = d;
                d = g;
                g = t;
                IPHT(a, e);
                IPHT(b, f);
                IPHT(c, g);
                IPHT(d, h);
                IPHT(a, c);
                IPHT(e, g);
                IPHT(b, d);
                IPHT(f, h);
                IPHT(a, b);
                IPHT(c, d);
                IPHT(e, f);
                IPHT(g, h);
                h -= *--key;
                g ^= *--key;
                f ^= *--key;
                e -= *--key;
                d -= *--key;
                c ^= *--key;
                b ^= *--key;
                a -= *--key;
                h = LOG(h) ^ *--key;
                g = EXP(g) - *--key;
                f = EXP(f) - *--key;
                e = LOG(e) ^ *--key;
                d = LOG(d) ^ *--key;
                c = EXP(c) - *--key;
                b = EXP(b) - *--key;
                a = LOG(a) ^ *--key;
        }
        block_in[0] = a & 0xFF;
        block_in[1] = b & 0xFF;
        block_in[2] = c & 0xFF;
        block_in[3] = d & 0xFF;
        block_in[4] = e & 0xFF;
        block_in[5] = f & 0xFF;
        block_in[6] = g & 0xFF;
        block_in[7] = h & 0xFF;
}                               /* Safer_Decrypt_Block */

/******************************************************************************/
1	/*******************************************************************************
2	*
3	* FILE: safer.c
4	*
5	* DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption
6	* Routine) in its four versions: SAFER K-64, SAFER K-128,
7	* SAFER SK-64 and SAFER SK-128.
8	*
9	* AUTHOR: Richard De Moliner (demoliner@isi.ee.ethz.ch)
10	* Signal and Information Processing Laboratory
11	* Swiss Federal Institute of Technology
12	* CH-8092 Zuerich, Switzerland
13	*
14	* DATE: September 9, 1995
15	*
16	* CHANGE HISTORY:
17	*
18	*******************************************************************************/
19
20	/* $Id: safer.c,v 1.1.1.1 1999/10/15 22:49:23 nmav Exp $ */
21
22	/***************** External Headers ***************************************/
23
24	/***************** Local Headers ******************************************/
25	#include "safer.h"
26	#include "libdefs.h"
27
28	/***************** Constants **********************************************/
29	#define TAB_LEN 256
30
31	/***************** Assertions *********************************************/
32
33	/***************** Macros *************************************************/
34	#define ROL(x, n) ((unsigned char)((unsigned int)(x) << (n)\
35	\|(unsigned int)((x) & 0xFF) >> (8 - (n))))
36	#define EXP(x) exp_tab[(x) & 0xFF]
37	#define LOG(x) log_tab[(x) & 0xFF]
38	#define PHT(x, y) { y += x; x += y; }
39	#define IPHT(x, y) { x -= y; y -= x; }
40
41	/***************** Types **************************************************/
42	static unsigned char exp_tab[TAB_LEN];
43	static unsigned char log_tab[TAB_LEN];
44
45	/***************** Module Data ********************************************/
46
47	/***************** Functions **********************************************/
48
49	/******************************************************************************/
50
51	void _mcrypt_Safer_Init_Module(void)
52	{
53	unsigned int i, exp;
54
55	exp = 1;
56	for (i = 0; i < TAB_LEN; i++) {
57	exp_tab[i] = (unsigned char) (exp & 0xFF);
58	log_tab[exp_tab[i]] = (unsigned char) i;
59	exp = exp * 45 % 257;
60	}
61	} /* Safer_Init_Module */
62
63	/******************************************************************************/
64
65	void _mcrypt_Safer_Expand_Userkey(safer_block_t * userkey_1,
66	safer_block_t * userkey_2,
67	unsigned int nof_rounds,
68	int strengthened, safer_key_t * key)
69	{
70	unsigned int i, j;
71	unsigned char ka[SAFER_BLOCK_LEN + 1];
72	unsigned char kb[SAFER_BLOCK_LEN + 1];
73
74	if (SAFER_MAX_NOF_ROUNDS < nof_rounds)
75	nof_rounds = SAFER_MAX_NOF_ROUNDS;
76	*key++ = (unsigned char) nof_rounds;
77	ka[SAFER_BLOCK_LEN] = 0;
78	kb[SAFER_BLOCK_LEN] = 0;
79	for (j = 0; j < SAFER_BLOCK_LEN; j++) {
80	ka[SAFER_BLOCK_LEN] ^= ka[j] = ROL(userkey_1[j], 5);
81	kb[SAFER_BLOCK_LEN] ^= kb[j] = *key++ = userkey_2[j];
82	}
83	for (i = 1; i <= nof_rounds; i++) {
84	for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) {
85	ka[j] = ROL(ka[j], 6);
86	kb[j] = ROL(kb[j], 6);
87	}
88	for (j = 0; j < SAFER_BLOCK_LEN; j++)
89	if (strengthened)
90	*key++ =
91	(ka
92	[(j + 2 * i - 1) %
93	(SAFER_BLOCK_LEN + 1)] +
94	exp_tab[exp_tab[18 * i + j + 1]]) &
95	0xFF;
96	else
97	*key++ =
98	(ka[j] +
99	exp_tab[exp_tab[18 * i + j + 1]]) &
100	0xFF;
101	for (j = 0; j < SAFER_BLOCK_LEN; j++)
102	if (strengthened)
103	*key++ =
104	(kb
105	[(j + 2 * i) %
106	(SAFER_BLOCK_LEN + 1)] +
107	exp_tab[exp_tab[18 * i + j + 10]]) &
108	0xFF;
109	else
110	*key++ =
111	(kb[j] +
112	exp_tab[exp_tab[18 * i + j + 10]]) &
113	0xFF;
114	}
115	for (j = 0; j < SAFER_BLOCK_LEN + 1; j++)
116	ka[j] = kb[j] = 0;
117	} /* Safer_Expand_Userkey */
118
119	/******************************************************************************/
120
121
122	void _mcrypt_Safer_Encrypt_Block(safer_block_t * block_in,
123	const safer_key_t * key)
124	{
125	unsigned char a, b, c, d, e, f, g, h, t;
126	unsigned int round;
127
128	a = block_in[0];
129	b = block_in[1];
130	c = block_in[2];
131	d = block_in[3];
132	e = block_in[4];
133	f = block_in[5];
134	g = block_in[6];
135	h = block_in[7];
136	if (SAFER_MAX_NOF_ROUNDS < (round = *key))
137	round = SAFER_MAX_NOF_ROUNDS;
138	while (round--) {
139	a ^= *++key;
140	b += *++key;
141	c += *++key;
142	d ^= *++key;
143	e ^= *++key;
144	f += *++key;
145	g += *++key;
146	h ^= *++key;
147	a = EXP(a) + *++key;
148	b = LOG(b) ^ *++key;
149	c = LOG(c) ^ *++key;
150	d = EXP(d) + *++key;
151	e = EXP(e) + *++key;
152	f = LOG(f) ^ *++key;
153	g = LOG(g) ^ *++key;
154	h = EXP(h) + *++key;
155	PHT(a, b);
156	PHT(c, d);
157	PHT(e, f);
158	PHT(g, h);
159	PHT(a, c);
160	PHT(e, g);
161	PHT(b, d);
162	PHT(f, h);
163	PHT(a, e);
164	PHT(b, f);
165	PHT(c, g);
166	PHT(d, h);
167	t = b;
168	b = e;
169	e = c;
170	c = t;
171	t = d;
172	d = f;
173	f = g;
174	g = t;
175	}
176	a ^= *++key;
177	b += *++key;
178	c += *++key;
179	d ^= *++key;
180	e ^= *++key;
181	f += *++key;
182	g += *++key;
183	h ^= *++key;
184	block_in[0] = a & 0xFF;
185	block_in[1] = b & 0xFF;
186	block_in[2] = c & 0xFF;
187	block_in[3] = d & 0xFF;
188	block_in[4] = e & 0xFF;
189	block_in[5] = f & 0xFF;
190	block_in[6] = g & 0xFF;
191	block_in[7] = h & 0xFF;
192	} /* Safer_Encrypt_Block */
193
194	/******************************************************************************/
195
196	void _mcrypt_Safer_Decrypt_Block(safer_block_t * block_in,
197	const safer_key_t * key)
198	{
199	safer_block_t a, b, c, d, e, f, g, h, t;
200	unsigned int round;
201	a = block_in[0];
202	b = block_in[1];
203	c = block_in[2];
204	d = block_in[3];
205	e = block_in[4];
206	f = block_in[5];
207	g = block_in[6];
208	h = block_in[7];
209	if (SAFER_MAX_NOF_ROUNDS < (round = *key))
210	round = SAFER_MAX_NOF_ROUNDS;
211	key += SAFER_BLOCK_LEN * (1 + 2 * round);
212	h ^= *key;
213	g -= *--key;
214	f -= *--key;
215	e ^= *--key;
216	d ^= *--key;
217	c -= *--key;
218	b -= *--key;
219	a ^= *--key;
220	while (round--) {
221	t = e;
222	e = b;
223	b = c;
224	c = t;
225	t = f;
226	f = d;
227	d = g;
228	g = t;
229	IPHT(a, e);
230	IPHT(b, f);
231	IPHT(c, g);
232	IPHT(d, h);
233	IPHT(a, c);
234	IPHT(e, g);
235	IPHT(b, d);
236	IPHT(f, h);
237	IPHT(a, b);
238	IPHT(c, d);
239	IPHT(e, f);
240	IPHT(g, h);
241	h -= *--key;
242	g ^= *--key;
243	f ^= *--key;
244	e -= *--key;
245	d -= *--key;
246	c ^= *--key;
247	b ^= *--key;
248	a -= *--key;
249	h = LOG(h) ^ *--key;
250	g = EXP(g) - *--key;
251	f = EXP(f) - *--key;
252	e = LOG(e) ^ *--key;
253	d = LOG(d) ^ *--key;
254	c = EXP(c) - *--key;
255	b = EXP(b) - *--key;
256	a = LOG(a) ^ *--key;
257	}
258	block_in[0] = a & 0xFF;
259	block_in[1] = b & 0xFF;
260	block_in[2] = c & 0xFF;
261	block_in[3] = d & 0xFF;
262	block_in[4] = e & 0xFF;
263	block_in[5] = f & 0xFF;
264	block_in[6] = g & 0xFF;
265	block_in[7] = h & 0xFF;
266	} /* Safer_Decrypt_Block */
267
268	/******************************************************************************/