X-Git-Url: https://pd.if.org/git/?p=zpackage;a=blobdiff_plain;f=libtomcrypt%2Fsrc%2Fstream%2Fsober128%2Fsober128_stream.c;fp=libtomcrypt%2Fsrc%2Fstream%2Fsober128%2Fsober128_stream.c;h=0000000000000000000000000000000000000000;hp=5c35edac5f5f3a2ea7cad506edc4e53f7692db25;hb=094fa8c1bc2e27a560833c6a829b1d9b60de7034;hpb=27410df6ded2d78850397c159cbccff1a78012f2 diff --git a/libtomcrypt/src/stream/sober128/sober128_stream.c b/libtomcrypt/src/stream/sober128/sober128_stream.c deleted file mode 100644 index 5c35eda..0000000 --- a/libtomcrypt/src/stream/sober128/sober128_stream.c +++ /dev/null @@ -1,346 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file sober128_stream.c - Implementation of SOBER-128 by Tom St Denis. - Based on s128fast.c reference code supplied by Greg Rose of QUALCOMM. -*/ - -#ifdef LTC_SOBER128 - -#define __LTC_SOBER128TAB_C__ -#include "sober128tab.c" - -/* don't change these... */ -#define N 17 -#define FOLD N /* how many iterations of folding to do */ -#define INITKONST 0x6996c53a /* value of KONST to use during key loading */ -#define KEYP 15 /* where to insert key words */ -#define FOLDP 4 /* where to insert non-linear feedback */ - -#define B(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF)) - -static ulong32 BYTE2WORD(unsigned char *b) -{ - ulong32 t; - LOAD32L(t, b); - return t; -} - -static void XORWORD(ulong32 w, const unsigned char *in, unsigned char *out) -{ - ulong32 t; - LOAD32L(t, in); - t ^= w; - STORE32L(t, out); -} - -/* give correct offset for the current position of the register, - * where logically R[0] is at position "zero". - */ -#define OFF(zero, i) (((zero)+(i)) % N) - -/* step the LFSR */ -/* After stepping, "zero" moves right one place */ -#define STEP(R,z) \ - R[OFF(z,0)] = R[OFF(z,15)] ^ R[OFF(z,4)] ^ (R[OFF(z,0)] << 8) ^ Multab[(R[OFF(z,0)] >> 24) & 0xFF]; - -static void cycle(ulong32 *R) -{ - ulong32 t; - int i; - - STEP(R,0); - t = R[0]; - for (i = 1; i < N; ++i) { - R[i-1] = R[i]; - } - R[N-1] = t; -} - -/* Return a non-linear function of some parts of the register. - */ -#define NLFUNC(c,z) \ -{ \ - t = c->R[OFF(z,0)] + c->R[OFF(z,16)]; \ - t ^= Sbox[(t >> 24) & 0xFF]; \ - t = RORc(t, 8); \ - t = ((t + c->R[OFF(z,1)]) ^ c->konst) + c->R[OFF(z,6)]; \ - t ^= Sbox[(t >> 24) & 0xFF]; \ - t = t + c->R[OFF(z,13)]; \ -} - -static ulong32 nltap(sober128_state *c) -{ - ulong32 t; - NLFUNC(c, 0); - return t; -} - -/* Save the current register state - */ -static void s128_savestate(sober128_state *c) -{ - int i; - for (i = 0; i < N; ++i) { - c->initR[i] = c->R[i]; - } -} - -/* initialise to previously saved register state - */ -static void s128_reloadstate(sober128_state *c) -{ - int i; - - for (i = 0; i < N; ++i) { - c->R[i] = c->initR[i]; - } -} - -/* Initialise "konst" - */ -static void s128_genkonst(sober128_state *c) -{ - ulong32 newkonst; - - do { - cycle(c->R); - newkonst = nltap(c); - } while ((newkonst & 0xFF000000) == 0); - c->konst = newkonst; -} - -/* Load key material into the register - */ -#define ADDKEY(k) \ - c->R[KEYP] += (k); - -#define XORNL(nl) \ - c->R[FOLDP] ^= (nl); - -/* nonlinear diffusion of register for key */ -#define DROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); c->R[OFF((z+1),FOLDP)] ^= t; -static void s128_diffuse(sober128_state *c) -{ - ulong32 t; - /* relies on FOLD == N == 17! */ - DROUND(0); - DROUND(1); - DROUND(2); - DROUND(3); - DROUND(4); - DROUND(5); - DROUND(6); - DROUND(7); - DROUND(8); - DROUND(9); - DROUND(10); - DROUND(11); - DROUND(12); - DROUND(13); - DROUND(14); - DROUND(15); - DROUND(16); -} - -/** - Initialize an Sober128 context (only the key) - @param c [out] The destination of the Sober128 state - @param key The secret key - @param keylen The length of the secret key (octets) - @return CRYPT_OK if successful -*/ -int sober128_stream_setup(sober128_state *c, const unsigned char *key, unsigned long keylen) -{ - ulong32 i, k; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(keylen > 0); - - /* keylen must be multiple of 4 bytes */ - if ((keylen & 3) != 0) { - return CRYPT_INVALID_KEYSIZE; - } - - /* Register initialised to Fibonacci numbers */ - c->R[0] = 1; - c->R[1] = 1; - for (i = 2; i < N; ++i) { - c->R[i] = c->R[i-1] + c->R[i-2]; - } - c->konst = INITKONST; - - for (i = 0; i < keylen; i += 4) { - k = BYTE2WORD((unsigned char *)&key[i]); - ADDKEY(k); - cycle(c->R); - XORNL(nltap(c)); - } - - /* also fold in the length of the key */ - ADDKEY(keylen); - - /* now diffuse */ - s128_diffuse(c); - s128_genkonst(c); - s128_savestate(c); - c->nbuf = 0; - - return CRYPT_OK; -} - -/** - Set IV to the Sober128 state - @param c The Sober12820 state - @param iv The IV data to add - @param ivlen The length of the IV (must be 12) - @return CRYPT_OK on success - */ -int sober128_stream_setiv(sober128_state *c, const unsigned char *iv, unsigned long ivlen) -{ - ulong32 i, k; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(iv != NULL); - LTC_ARGCHK(ivlen > 0); - - /* ok we are adding an IV then... */ - s128_reloadstate(c); - - /* ivlen must be multiple of 4 bytes */ - if ((ivlen & 3) != 0) { - return CRYPT_INVALID_KEYSIZE; - } - - for (i = 0; i < ivlen; i += 4) { - k = BYTE2WORD((unsigned char *)&iv[i]); - ADDKEY(k); - cycle(c->R); - XORNL(nltap(c)); - } - - /* also fold in the length of the key */ - ADDKEY(ivlen); - - /* now diffuse */ - s128_diffuse(c); - c->nbuf = 0; - - return CRYPT_OK; -} - -/* XOR pseudo-random bytes into buffer - */ -#define SROUND(z) STEP(c->R,z); NLFUNC(c,(z+1)); XORWORD(t, in+(z*4), out+(z*4)); - -/** - Encrypt (or decrypt) bytes of ciphertext (or plaintext) with Sober128 - @param c The Sober128 state - @param in The plaintext (or ciphertext) - @param inlen The length of the input (octets) - @param out [out] The ciphertext (or plaintext), length inlen - @return CRYPT_OK if successful -*/ -int sober128_stream_crypt(sober128_state *c, const unsigned char *in, unsigned long inlen, unsigned char *out) -{ - ulong32 t; - - if (inlen == 0) return CRYPT_OK; /* nothing to do */ - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(c != NULL); - - /* handle any previously buffered bytes */ - while (c->nbuf != 0 && inlen != 0) { - *out++ = *in++ ^ (unsigned char)(c->sbuf & 0xFF); - c->sbuf >>= 8; - c->nbuf -= 8; - --inlen; - } - -#ifndef LTC_SMALL_CODE - /* do lots at a time, if there's enough to do */ - while (inlen >= N*4) { - SROUND(0); - SROUND(1); - SROUND(2); - SROUND(3); - SROUND(4); - SROUND(5); - SROUND(6); - SROUND(7); - SROUND(8); - SROUND(9); - SROUND(10); - SROUND(11); - SROUND(12); - SROUND(13); - SROUND(14); - SROUND(15); - SROUND(16); - out += 4*N; - in += 4*N; - inlen -= 4*N; - } -#endif - - /* do small or odd size buffers the slow way */ - while (4 <= inlen) { - cycle(c->R); - t = nltap(c); - XORWORD(t, in, out); - out += 4; - in += 4; - inlen -= 4; - } - - /* handle any trailing bytes */ - if (inlen != 0) { - cycle(c->R); - c->sbuf = nltap(c); - c->nbuf = 32; - while (c->nbuf != 0 && inlen != 0) { - *out++ = *in++ ^ (unsigned char)(c->sbuf & 0xFF); - c->sbuf >>= 8; - c->nbuf -= 8; - --inlen; - } - } - - return CRYPT_OK; -} - -int sober128_stream_keystream(sober128_state *c, unsigned char *out, unsigned long outlen) -{ - if (outlen == 0) return CRYPT_OK; /* nothing to do */ - LTC_ARGCHK(out != NULL); - XMEMSET(out, 0, outlen); - return sober128_stream_crypt(c, out, outlen, out); -} - -/** - Terminate and clear Sober128 state - @param c The Sober128 state - @return CRYPT_OK on success -*/ -int sober128_stream_done(sober128_state *c) -{ - LTC_ARGCHK(c != NULL); - XMEMSET(c, 0, sizeof(sober128_state)); - return CRYPT_OK; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */