1 |
/******************************************************************************* |
2 |
* |
3 |
* FILE: safer.c |
4 |
* |
5 |
* DESCRIPTION: block-cipher algorithm SAFER (Secure And Fast Encryption |
6 |
* Routine) in its four versions: SAFER K-64, SAFER K-128, |
7 |
* SAFER SK-64 and SAFER SK-128. |
8 |
* |
9 |
* AUTHOR: Richard De Moliner (demoliner@isi.ee.ethz.ch) |
10 |
* Signal and Information Processing Laboratory |
11 |
* Swiss Federal Institute of Technology |
12 |
* CH-8092 Zuerich, Switzerland |
13 |
* |
14 |
* DATE: September 9, 1995 |
15 |
* |
16 |
* CHANGE HISTORY: |
17 |
* |
18 |
*******************************************************************************/ |
19 |
|
20 |
/* $Id: safer.c,v 1.1.1.1 1999/10/15 22:49:23 nmav Exp $ */ |
21 |
|
22 |
/******************* External Headers *****************************************/ |
23 |
|
24 |
/******************* Local Headers ********************************************/ |
25 |
#include "safer.h" |
26 |
#include "libdefs.h" |
27 |
|
28 |
/******************* Constants ************************************************/ |
29 |
#define TAB_LEN 256 |
30 |
|
31 |
/******************* Assertions ***********************************************/ |
32 |
|
33 |
/******************* Macros ***************************************************/ |
34 |
#define ROL(x, n) ((unsigned char)((unsigned int)(x) << (n)\ |
35 |
|(unsigned int)((x) & 0xFF) >> (8 - (n)))) |
36 |
#define EXP(x) exp_tab[(x) & 0xFF] |
37 |
#define LOG(x) log_tab[(x) & 0xFF] |
38 |
#define PHT(x, y) { y += x; x += y; } |
39 |
#define IPHT(x, y) { x -= y; y -= x; } |
40 |
|
41 |
/******************* Types ****************************************************/ |
42 |
static unsigned char exp_tab[TAB_LEN]; |
43 |
static unsigned char log_tab[TAB_LEN]; |
44 |
|
45 |
/******************* Module Data **********************************************/ |
46 |
|
47 |
/******************* Functions ************************************************/ |
48 |
|
49 |
/******************************************************************************/ |
50 |
|
51 |
void _mcrypt_Safer_Init_Module(void) |
52 |
{ |
53 |
unsigned int i, exp; |
54 |
|
55 |
exp = 1; |
56 |
for (i = 0; i < TAB_LEN; i++) { |
57 |
exp_tab[i] = (unsigned char) (exp & 0xFF); |
58 |
log_tab[exp_tab[i]] = (unsigned char) i; |
59 |
exp = exp * 45 % 257; |
60 |
} |
61 |
} /* Safer_Init_Module */ |
62 |
|
63 |
/******************************************************************************/ |
64 |
|
65 |
void _mcrypt_Safer_Expand_Userkey(safer_block_t * userkey_1, |
66 |
safer_block_t * userkey_2, |
67 |
unsigned int nof_rounds, |
68 |
int strengthened, safer_key_t * key) |
69 |
{ |
70 |
unsigned int i, j; |
71 |
unsigned char ka[SAFER_BLOCK_LEN + 1]; |
72 |
unsigned char kb[SAFER_BLOCK_LEN + 1]; |
73 |
|
74 |
if (SAFER_MAX_NOF_ROUNDS < nof_rounds) |
75 |
nof_rounds = SAFER_MAX_NOF_ROUNDS; |
76 |
*key++ = (unsigned char) nof_rounds; |
77 |
ka[SAFER_BLOCK_LEN] = 0; |
78 |
kb[SAFER_BLOCK_LEN] = 0; |
79 |
for (j = 0; j < SAFER_BLOCK_LEN; j++) { |
80 |
ka[SAFER_BLOCK_LEN] ^= ka[j] = ROL(userkey_1[j], 5); |
81 |
kb[SAFER_BLOCK_LEN] ^= kb[j] = *key++ = userkey_2[j]; |
82 |
} |
83 |
for (i = 1; i <= nof_rounds; i++) { |
84 |
for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) { |
85 |
ka[j] = ROL(ka[j], 6); |
86 |
kb[j] = ROL(kb[j], 6); |
87 |
} |
88 |
for (j = 0; j < SAFER_BLOCK_LEN; j++) |
89 |
if (strengthened) |
90 |
*key++ = |
91 |
(ka |
92 |
[(j + 2 * i - 1) % |
93 |
(SAFER_BLOCK_LEN + 1)] + |
94 |
exp_tab[exp_tab[18 * i + j + 1]]) & |
95 |
0xFF; |
96 |
else |
97 |
*key++ = |
98 |
(ka[j] + |
99 |
exp_tab[exp_tab[18 * i + j + 1]]) & |
100 |
0xFF; |
101 |
for (j = 0; j < SAFER_BLOCK_LEN; j++) |
102 |
if (strengthened) |
103 |
*key++ = |
104 |
(kb |
105 |
[(j + 2 * i) % |
106 |
(SAFER_BLOCK_LEN + 1)] + |
107 |
exp_tab[exp_tab[18 * i + j + 10]]) & |
108 |
0xFF; |
109 |
else |
110 |
*key++ = |
111 |
(kb[j] + |
112 |
exp_tab[exp_tab[18 * i + j + 10]]) & |
113 |
0xFF; |
114 |
} |
115 |
for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) |
116 |
ka[j] = kb[j] = 0; |
117 |
} /* Safer_Expand_Userkey */ |
118 |
|
119 |
/******************************************************************************/ |
120 |
|
121 |
|
122 |
void _mcrypt_Safer_Encrypt_Block(safer_block_t * block_in, |
123 |
const safer_key_t * key) |
124 |
{ |
125 |
unsigned char a, b, c, d, e, f, g, h, t; |
126 |
unsigned int round; |
127 |
|
128 |
a = block_in[0]; |
129 |
b = block_in[1]; |
130 |
c = block_in[2]; |
131 |
d = block_in[3]; |
132 |
e = block_in[4]; |
133 |
f = block_in[5]; |
134 |
g = block_in[6]; |
135 |
h = block_in[7]; |
136 |
if (SAFER_MAX_NOF_ROUNDS < (round = *key)) |
137 |
round = SAFER_MAX_NOF_ROUNDS; |
138 |
while (round--) { |
139 |
a ^= *++key; |
140 |
b += *++key; |
141 |
c += *++key; |
142 |
d ^= *++key; |
143 |
e ^= *++key; |
144 |
f += *++key; |
145 |
g += *++key; |
146 |
h ^= *++key; |
147 |
a = EXP(a) + *++key; |
148 |
b = LOG(b) ^ *++key; |
149 |
c = LOG(c) ^ *++key; |
150 |
d = EXP(d) + *++key; |
151 |
e = EXP(e) + *++key; |
152 |
f = LOG(f) ^ *++key; |
153 |
g = LOG(g) ^ *++key; |
154 |
h = EXP(h) + *++key; |
155 |
PHT(a, b); |
156 |
PHT(c, d); |
157 |
PHT(e, f); |
158 |
PHT(g, h); |
159 |
PHT(a, c); |
160 |
PHT(e, g); |
161 |
PHT(b, d); |
162 |
PHT(f, h); |
163 |
PHT(a, e); |
164 |
PHT(b, f); |
165 |
PHT(c, g); |
166 |
PHT(d, h); |
167 |
t = b; |
168 |
b = e; |
169 |
e = c; |
170 |
c = t; |
171 |
t = d; |
172 |
d = f; |
173 |
f = g; |
174 |
g = t; |
175 |
} |
176 |
a ^= *++key; |
177 |
b += *++key; |
178 |
c += *++key; |
179 |
d ^= *++key; |
180 |
e ^= *++key; |
181 |
f += *++key; |
182 |
g += *++key; |
183 |
h ^= *++key; |
184 |
block_in[0] = a & 0xFF; |
185 |
block_in[1] = b & 0xFF; |
186 |
block_in[2] = c & 0xFF; |
187 |
block_in[3] = d & 0xFF; |
188 |
block_in[4] = e & 0xFF; |
189 |
block_in[5] = f & 0xFF; |
190 |
block_in[6] = g & 0xFF; |
191 |
block_in[7] = h & 0xFF; |
192 |
} /* Safer_Encrypt_Block */ |
193 |
|
194 |
/******************************************************************************/ |
195 |
|
196 |
void _mcrypt_Safer_Decrypt_Block(safer_block_t * block_in, |
197 |
const safer_key_t * key) |
198 |
{ |
199 |
safer_block_t a, b, c, d, e, f, g, h, t; |
200 |
unsigned int round; |
201 |
a = block_in[0]; |
202 |
b = block_in[1]; |
203 |
c = block_in[2]; |
204 |
d = block_in[3]; |
205 |
e = block_in[4]; |
206 |
f = block_in[5]; |
207 |
g = block_in[6]; |
208 |
h = block_in[7]; |
209 |
if (SAFER_MAX_NOF_ROUNDS < (round = *key)) |
210 |
round = SAFER_MAX_NOF_ROUNDS; |
211 |
key += SAFER_BLOCK_LEN * (1 + 2 * round); |
212 |
h ^= *key; |
213 |
g -= *--key; |
214 |
f -= *--key; |
215 |
e ^= *--key; |
216 |
d ^= *--key; |
217 |
c -= *--key; |
218 |
b -= *--key; |
219 |
a ^= *--key; |
220 |
while (round--) { |
221 |
t = e; |
222 |
e = b; |
223 |
b = c; |
224 |
c = t; |
225 |
t = f; |
226 |
f = d; |
227 |
d = g; |
228 |
g = t; |
229 |
IPHT(a, e); |
230 |
IPHT(b, f); |
231 |
IPHT(c, g); |
232 |
IPHT(d, h); |
233 |
IPHT(a, c); |
234 |
IPHT(e, g); |
235 |
IPHT(b, d); |
236 |
IPHT(f, h); |
237 |
IPHT(a, b); |
238 |
IPHT(c, d); |
239 |
IPHT(e, f); |
240 |
IPHT(g, h); |
241 |
h -= *--key; |
242 |
g ^= *--key; |
243 |
f ^= *--key; |
244 |
e -= *--key; |
245 |
d -= *--key; |
246 |
c ^= *--key; |
247 |
b ^= *--key; |
248 |
a -= *--key; |
249 |
h = LOG(h) ^ *--key; |
250 |
g = EXP(g) - *--key; |
251 |
f = EXP(f) - *--key; |
252 |
e = LOG(e) ^ *--key; |
253 |
d = LOG(d) ^ *--key; |
254 |
c = EXP(c) - *--key; |
255 |
b = EXP(b) - *--key; |
256 |
a = LOG(a) ^ *--key; |
257 |
} |
258 |
block_in[0] = a & 0xFF; |
259 |
block_in[1] = b & 0xFF; |
260 |
block_in[2] = c & 0xFF; |
261 |
block_in[3] = d & 0xFF; |
262 |
block_in[4] = e & 0xFF; |
263 |
block_in[5] = f & 0xFF; |
264 |
block_in[6] = g & 0xFF; |
265 |
block_in[7] = h & 0xFF; |
266 |
} /* Safer_Decrypt_Block */ |
267 |
|
268 |
/******************************************************************************/ |