deal.c

AES候选算法之一DEAL算法C源码

/* This is an independent implementation of the DEAL encryption		*/
/* algorithm submitted by Richard Outerbridge and Lars Knudsen as	*/
/* a candidate the NIST AES programme.								*/
/*																	*/
/* Copyright in this implementation is held by Dr B R Gladman but	*/
/* I hereby give permission for its free direct or derivative use	*/
/* subject to aks_keynowledgment of its origin and compliance with	*/
/* any constraints that are placed on the exploitation of DEAL by	*/
/* its designers.													*/
/*																	*/
/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 30th Noveember 98	*/

/* Timing Data:

Algorithm: deal (deal0.c)

128 bit key:
Key Setup:    8777 cycles
Encrypt:      2833 cycles =     9.0 mbits/sec
Decrypt:      2836 cycles =     9.0 mbits/sec
Mean:         2835 cycles =     9.0 mbits/sec
192 bit key:
Key Setup:    8812 cycles
Encrypt:      2833 cycles =     9.0 mbits/sec
Decrypt:      2833 cycles =     9.0 mbits/sec
Mean:         2833 cycles =     9.0 mbits/sec
256 bit key:
Key Setup:   11745 cycles
Encrypt:      3758 cycles =     6.8 mbits/sec
Decrypt:      3757 cycles =     6.8 mbits/sec
Mean:         3757 cycles =     6.8 mbits/sec

*/

#include "../std_defs.h"
#include "../des/des.h"

static char	*alg_name[] = { "deal", "deal0.c" };

char **cipher_name()
{
	return alg_name;
}

u4byte  ks_key[2] = { 0x67452301, 0xefcdab89 };

u4byte	ks_ks[32];	/* storage for the local key schedule	*/
u4byte	ks_init = 0;

u4byte	k_len;		/* copy of key_length					*/ 
u4byte	l_key[256];	/* storage for key schedule				*/

/* initialise the key schedule from the user supplied key	*/

u4byte *set_key(const u4byte key_blk[], const u4byte key_len)
{	u4byte	lk[2];

	if(!ks_init)
	{
		des_ky(ks_key, ks_ks); ks_init = 1;
	}

	k_len = (key_len + 63) / 64;

	switch(k_len)
	{
		case 2:
			lk[0] = key_blk[0]; 
			lk[1] = key_blk[1]; 
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key);

			lk[0] ^= key_blk[2]; 
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key + 32);
			  
			lk[0] ^= key_blk[0] ^ 0x00000080;  
			lk[1] ^= key_blk[1];
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key + 64);
			  
			lk[0] ^= key_blk[2] ^ 0x00000040;  
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key + 96);
			  
			lk[0] ^= key_blk[0] ^ 0x00000020;  
			lk[1] ^= key_blk[1];
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key + 128);
			  
			lk[0] ^= key_blk[2] ^ 0x00000010;  
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key + 160);
			break;
		case 3:
			lk[0] = key_blk[0]; 
			lk[1] = key_blk[1]; 
			des_ec(lk, lk, ks_ks); 
			des_ky(lk, l_key);

			lk[0] ^= key_blk[2]; 
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 32);
			  
			lk[0] ^= key_blk[4];  
			lk[1] ^= key_blk[5];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 64);
			  
			lk[0] ^= key_blk[0] ^ 0x00000080;  
			lk[1] ^= key_blk[1];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 96);
			  
			lk[0] ^= key_blk[2] ^ 0x00000040;  
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 128);
			  
			lk[0] ^= key_blk[4] ^ 0x00000020;  
			lk[1] ^= key_blk[5];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 160);
			break;
		case 4:
			lk[0] = key_blk[0]; 
			lk[1] = key_blk[1]; 
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key);

			lk[0] ^= key_blk[2]; 
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 32);
			  
			lk[0] ^= key_blk[4];  
			lk[1] ^= key_blk[5];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 64);
			  
			lk[0] ^= key_blk[6];  
			lk[1] ^= key_blk[7];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 96);
			  
			lk[0] ^= key_blk[0] ^ 0x00000080;  
			lk[1] ^= key_blk[1];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 128);
			  
			lk[0] ^= key_blk[2] ^ 0x00000040;  
			lk[1] ^= key_blk[3];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 160);
			lk[0] ^= key_blk[4] ^ 0x00000020;  
			lk[1] ^= key_blk[5];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 192);
			  
			lk[0] ^= key_blk[6] ^ 0x00000010;  
			lk[1] ^= key_blk[7];
			des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 224);
			break;
	}	
	return l_key;
};

/* encrypt a bloks_key of text	*/

void encrypt(const u4byte in_blk[4], u4byte out_blk[4])
{	u4byte	a[2], b[2], c[2];

	a[0] = in_blk[0]; a[1] = in_blk[1];
	b[0] = in_blk[2]; b[1] = in_blk[3];

	des_ec(a, c, l_key +   0); b[0] ^= c[0]; b[1] ^= c[1];
	des_ec(b, c, l_key +  32); a[0] ^= c[0]; a[1] ^= c[1];

	des_ec(a, c, l_key +  64); b[0] ^= c[0]; b[1] ^= c[1];
	des_ec(b, c, l_key +  96); a[0] ^= c[0]; a[1] ^= c[1];

	des_ec(a, c, l_key + 128); b[0] ^= c[0]; b[1] ^= c[1];
	des_ec(b, c, l_key + 160); a[0] ^= c[0]; a[1] ^= c[1];

	if(k_len == 4)
	{
		des_ec(a, c, l_key + 192); b[0] ^= c[0]; b[1] ^= c[1];
		des_ec(b, c, l_key + 224); a[0] ^= c[0]; a[1] ^= c[1];
	}

	out_blk[0] = a[0]; out_blk[1] = a[1];
	out_blk[2] = b[0]; out_blk[3] = b[1];
};

/* decrypt a bloks_key of text	*/

void decrypt(const u4byte in_blk[4], u4byte out_blk[4])
{	u4byte	a[2], b[2], c[2];

	a[0] = in_blk[0]; a[1] = in_blk[1];
	b[0] = in_blk[2]; b[1] = in_blk[3];

	if(k_len == 4)
	{
		des_ec(b, c, l_key + 224); a[0] ^= c[0]; a[1] ^= c[1];
		des_ec(a, c, l_key + 192); b[0] ^= c[0]; b[1] ^= c[1];
	}

	des_ec(b, c, l_key + 160); a[0] ^= c[0]; a[1] ^= c[1];
	des_ec(a, c, l_key + 128); b[0] ^= c[0]; b[1] ^= c[1];

	des_ec(b, c, l_key +  96); a[0] ^= c[0]; a[1] ^= c[1];
	des_ec(a, c, l_key +  64); b[0] ^= c[0]; b[1] ^= c[1];

	des_ec(b, c, l_key +  32); a[0] ^= c[0]; a[1] ^= c[1];
	des_ec(a, c, l_key +   0); b[0] ^= c[0]; b[1] ^= c[1];

	out_blk[0] = a[0]; out_blk[1] = a[1];
	out_blk[2] = b[0]; out_blk[3] = b[1];
};