cast5.cpp

CAST5加密算法

    Kr = c->Kr;

    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);

    outbuf[0] = (r >> 24) & 0xff;
    outbuf[1] = (r >> 16) & 0xff;
    outbuf[2] = (r >>  8) & 0xff;
    outbuf[3] =  r	  & 0xff;
    outbuf[4] = (l >> 24) & 0xff;
    outbuf[5] = (l >> 16) & 0xff;
    outbuf[6] = (l >>  8) & 0xff;
    outbuf[7] =  l	  & 0xff;
}

void decrypt_block( void *c, byte *outbuf, const byte *inbuf )
{
    do_decrypt_block (( CAST5_context *)c, outbuf, inbuf);
    burn_stack (20+4*sizeof(void*));
}


const char* selftest(void)
{
    CAST5_context c;
    byte key[16]  = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
		      0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A  };
    byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
    byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };
    byte buffer[8];

    cast_setkey( &c, key, 16 );
    encrypt_block( &c, buffer, plain );
    if( memcmp( buffer, cipher, 8 ) )
	return "1";
    decrypt_block( &c, buffer, buffer );
    if( memcmp( buffer, plain, 8 ) )
	return "2";

#if 0 /* full maintenance test */
    {
	int i;
	byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
			0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
	byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
			0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
	byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
			0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };
	byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
			0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };

	for(i=0; i < 1000000; i++ ) {
	    cast_setkey( &c, b0, 16 );
	    encrypt_block( &c, a0, a0 );
	    encrypt_block( &c, a0+8, a0+8 );
	    cast_setkey( &c, a0, 16 );
	    encrypt_block( &c, b0, b0 );
	    encrypt_block( &c, b0+8, b0+8 );
	}
	if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )
	    return "3";

    }
#endif
    return NULL;
}


static void
key_schedule( u32 *x, u32 *z, u32 *k )
{

#define xi(i)   ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
#define zi(i)   ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)

    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
    k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
    k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
    k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
    k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];

    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
    k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
    k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
    k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
    k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];

    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
    k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
    k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
    k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
    k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];

    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
    k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
    k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
    k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
    k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];

#undef xi
#undef zi
}


static int
do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
{
  static int initialized;
  static const char* selftest_failed;
    int i;
    u32 x[4];
    u32 z[4];
    u32 k[16];

    if( !initialized ) {
	initialized = 1;
	selftest_failed = selftest();
	if( selftest_failed )
	    fprintf(stderr,"CAST5 selftest failed (%s).\n", selftest_failed );
    }
    if( selftest_failed )
	return G10ERR_SELFTEST_FAILED;

    if( keylen != 16 )
	return G10ERR_WRONG_KEYLEN;

    x[0] = key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];
    x[1] = key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];
    x[2] = key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];
    x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];

    key_schedule( x, z, k );
    for(i=0; i < 16; i++ )
	c->Km[i] = k[i];
    key_schedule( x, z, k );
    for(i=0; i < 16; i++ )
	c->Kr[i] = k[i] & 0x1f;

    memset(&x,0, sizeof x);
    memset(&z,0, sizeof z);
    memset(&k,0, sizeof k);

#undef xi
#undef zi
    return 0;
}

int cast_setkey( void *c, const byte *key, unsigned keylen )
{
    int rc = do_cast_setkey ((CAST5_context *)c, key, keylen);
    burn_stack (96+7*sizeof(void*));
    return rc;
}

/****************
 * Return some information about the algorithm.  We need algo here to
 * distinguish different flavors of the algorithm.
 * Returns: A pointer to string describing the algorithm or NULL if
 *	    the ALGO is invalid.
 */
const char *
cast5_get_info( int algo, size_t *keylen,
		size_t *blocksize, size_t *contextsize,
		int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
		void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
		void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
		)
{
    *keylen = 128;
    *blocksize = CAST5_BLOCKSIZE;
    *contextsize = sizeof(CAST5_context);
    *r_setkey = cast_setkey;
    *r_encrypt = encrypt_block;
    *r_decrypt = decrypt_block;

    if( algo == CIPHER_ALGO_CAST5 )
	return "CAST5";
    return NULL;
}