cast5.c

该压缩包中包括 tom的加密函数库及pdf说明 ,以及Rinick s ECC：椭圆曲线非对称加密密钥生成器

   }

   skey->cast5.keylen = keylen;

#ifdef LTC_CLEAN_STACK
   zeromem(buf, sizeof(buf));
   zeromem(x, sizeof(x));
   zeromem(z, sizeof(z));
#endif  

   return CRYPT_OK;
}

#ifdef LTC_CLEAN_STACK
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
   int z;
   z = _cast5_setup(key, keylen, num_rounds, skey);
   burn_stack(sizeof(ulong32)*8 + 16 + sizeof(int)*2);
   return z;
}
#endif

#ifdef _MSC_VER
   #define INLINE __inline
#else
   #define INLINE 
#endif   
   
INLINE static ulong32 FI(ulong32 R, ulong32 Km, ulong32 Kr)
{
   ulong32 I;
   I = (Km + R);
   I = ROL(I, Kr);
   return ((S1[byte(I, 3)] ^ S2[byte(I,2)]) - S3[byte(I,1)]) + S4[byte(I,0)];
}
   
INLINE static ulong32 FII(ulong32 R, ulong32 Km, ulong32 Kr)
{
   ulong32 I;
   I = (Km ^ R);
   I = ROL(I, Kr);
   return ((S1[byte(I, 3)] - S2[byte(I,2)]) + S3[byte(I,1)]) ^ S4[byte(I,0)];
}

INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr)
{
   ulong32 I;
   I = (Km - R);
   I = ROL(I, Kr);
   return ((S1[byte(I, 3)] + S2[byte(I,2)]) ^ S3[byte(I,1)]) - S4[byte(I,0)];
}

/**
  Encrypts a block of text with CAST5
  @param pt The input plaintext (8 bytes)
  @param ct The output ciphertext (8 bytes)
  @param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
   ulong32 R, L;

   LTC_ARGCHK(pt   != NULL);
   LTC_ARGCHK(ct   != NULL);
   LTC_ARGCHK(skey != NULL);

   LOAD32H(L,&pt[0]); 
   LOAD32H(R,&pt[4]);
   L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
   R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
   L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
   R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
   L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
   R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
   L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
   R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
   L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
   R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
   L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
   R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
   if (skey->cast5.keylen > 10) {
      L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
      R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
      L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
      R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
   }
   STORE32H(R,&ct[0]);
   STORE32H(L,&ct[4]);
}


#ifdef LTC_CLEAN_STACK
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
   _cast5_ecb_encrypt(pt,ct,skey);
   burn_stack(sizeof(ulong32)*3);
}
#endif

/**
  Decrypts a block of text with CAST5
  @param ct The input ciphertext (8 bytes)
  @param pt The output plaintext (8 bytes)
  @param skey The key as scheduled 
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
   ulong32 R, L;

   LTC_ARGCHK(pt   != NULL);
   LTC_ARGCHK(ct   != NULL);
   LTC_ARGCHK(skey != NULL);

   LOAD32H(R,&ct[0]); 
   LOAD32H(L,&ct[4]);
   if (skey->cast5.keylen > 10) {
      R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
      L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
      R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
      L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
   }
   R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
   L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
   R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
   L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
   R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
   L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
   R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
   L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
   R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
   L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
   R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
   L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
   STORE32H(L,&pt[0]);
   STORE32H(R,&pt[4]);
}

#ifdef LTC_CLEAN_STACK
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
   _cast5_ecb_decrypt(ct,pt,skey);
   burn_stack(sizeof(ulong32)*3);
}
#endif

/**
  Performs a self-test of the CAST5 block cipher
  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int cast5_test(void)
{
 #ifndef LTC_TEST
    return CRYPT_NOP;
 #else    
   static const struct {
       int keylen;
       unsigned char key[16];
       unsigned char pt[8];
       unsigned char ct[8];
   } tests[] = {
     { 16,
       {0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A},
       {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
       {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2}
     },
     { 10,
       {0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
       {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
       {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B},
     },
     { 5,
       {0x01, 0x23, 0x45, 0x67, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
       {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
       {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E}
     }
   };
   int i, y, err;
   symmetric_key key;
   unsigned char tmp[2][8];

   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       if ((err = cast5_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) {
          return err;
       }
       cast5_ecb_encrypt(tests[i].pt, tmp[0], &key);
       cast5_ecb_decrypt(tmp[0], tmp[1], &key);
       if ((memcmp(tmp[0], tests[i].ct, 8) != 0) || (memcmp(tmp[1], tests[i].pt, 8) != 0)) {
          return CRYPT_FAIL_TESTVECTOR;
       }
      /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
      for (y = 0; y < 8; y++) tmp[0][y] = 0;
      for (y = 0; y < 1000; y++) cast5_ecb_encrypt(tmp[0], tmp[0], &key);
      for (y = 0; y < 1000; y++) cast5_ecb_decrypt(tmp[0], tmp[0], &key);
      for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
   
   }
   return CRYPT_OK;
 #endif
}

/** Terminate the context 
   @param skey    The scheduled key
*/
void cast5_done(symmetric_key *skey)
{
}

/**
  Gets suitable key size
  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
  @return CRYPT_OK if the input key size is acceptable.
*/
int cast5_keysize(int *keysize)
{
   LTC_ARGCHK(keysize != NULL);
   if (*keysize < 5) {
      return CRYPT_INVALID_KEYSIZE;
   } else if (*keysize > 16) {
      *keysize = 16;
   }
   return CRYPT_OK;
} 

#endif

/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/cast5.c,v $ */
/* $Revision: 1.7 $ */
/* $Date: 2005/05/05 14:35:58 $ */