Line | Count | Source (jump to first uncovered line) |
1 | | // safer.cpp - modified by by Wei Dai from Richard De Moliner's safer.c |
2 | | |
3 | | #include "pch.h" |
4 | | #include "safer.h" |
5 | | #include "misc.h" |
6 | | #include "argnames.h" |
7 | | |
8 | | #if CRYPTOPP_MSC_VERSION |
9 | | # pragma warning(disable: 4244) |
10 | | #endif |
11 | | |
12 | | NAMESPACE_BEGIN(CryptoPP) |
13 | | |
14 | | const byte SAFER::Base::exp_tab[256] = |
15 | | {1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, |
16 | | 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, |
17 | | 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, |
18 | | 255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, |
19 | | 241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, |
20 | | 129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, |
21 | | 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, |
22 | | 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, |
23 | | 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, |
24 | | 249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, |
25 | | 193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, |
26 | | 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, |
27 | | 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, |
28 | | 128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, |
29 | | 253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, |
30 | | 225, 102, 221, 179, 88, 105, 99, 86, 15, 161, 49, 149, 23, 7, 58, 40}; |
31 | | |
32 | | const byte SAFER::Base::log_tab[256] = |
33 | | {128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, |
34 | | 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, |
35 | | 112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, |
36 | | 201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, |
37 | | 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, |
38 | | 175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, |
39 | | 121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, |
40 | | 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, |
41 | | 208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, |
42 | | 210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, |
43 | | 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, |
44 | | 164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, |
45 | | 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, |
46 | | 122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, |
47 | | 109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, |
48 | | 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48}; |
49 | | |
50 | 214k | #define EXP(x) exp_tab[(x)] |
51 | 214k | #define LOG(x) log_tab[(x)] |
52 | 473k | #define PHT(x, y) { y += x; x += y; } |
53 | 169k | #define IPHT(x, y) { x -= y; y -= x; } |
54 | | |
55 | | static const unsigned int BLOCKSIZE = 8; |
56 | | static const unsigned int MAX_ROUNDS = 13; |
57 | | |
58 | | void SAFER::Base::UncheckedSetKey(const byte *userkey_1, unsigned int length, const NameValuePairs ¶ms) |
59 | 12 | { |
60 | 12 | bool strengthened = Strengthened(); |
61 | 12 | unsigned int nof_rounds = params.GetIntValueWithDefault(Name::Rounds(), length == 8 ? (strengthened ? 8 : 6) : 10); |
62 | | |
63 | 12 | const byte *userkey_2 = length == 8 ? userkey_1 : userkey_1 + 8; |
64 | 12 | keySchedule.New(1 + BLOCKSIZE * (1 + 2 * nof_rounds)); |
65 | | |
66 | 12 | unsigned int i, j; |
67 | 12 | byte *key = keySchedule; |
68 | 12 | SecByteBlock ka(BLOCKSIZE + 1), kb(BLOCKSIZE + 1); |
69 | | |
70 | 12 | if (MAX_ROUNDS < nof_rounds) |
71 | 0 | nof_rounds = MAX_ROUNDS; |
72 | 12 | *key++ = (unsigned char)nof_rounds; |
73 | 12 | ka[BLOCKSIZE] = 0; |
74 | 12 | kb[BLOCKSIZE] = 0; |
75 | 108 | for (j = 0; j < BLOCKSIZE; j++) |
76 | 96 | { |
77 | 96 | ka[BLOCKSIZE] ^= ka[j] = rotlConstant<5>(userkey_1[j]); |
78 | 96 | kb[BLOCKSIZE] ^= kb[j] = *key++ = userkey_2[j]; |
79 | 96 | } |
80 | | |
81 | 102 | for (i = 1; i <= nof_rounds; i++) |
82 | 90 | { |
83 | 900 | for (j = 0; j < BLOCKSIZE + 1; j++) |
84 | 810 | { |
85 | 810 | ka[j] = rotlConstant<6>(ka[j]); |
86 | 810 | kb[j] = rotlConstant<6>(kb[j]); |
87 | 810 | } |
88 | 810 | for (j = 0; j < BLOCKSIZE; j++) |
89 | 720 | if (strengthened) |
90 | 400 | *key++ = (ka[(j + 2 * i - 1) % (BLOCKSIZE + 1)] |
91 | 400 | + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; |
92 | 320 | else |
93 | 320 | *key++ = (ka[j] + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF; |
94 | 810 | for (j = 0; j < BLOCKSIZE; j++) |
95 | 720 | if (strengthened) |
96 | 400 | *key++ = (kb[(j + 2 * i) % (BLOCKSIZE + 1)] |
97 | 400 | + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; |
98 | 320 | else |
99 | 320 | *key++ = (kb[j] + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF; |
100 | 90 | } |
101 | 12 | } |
102 | | |
103 | | typedef BlockGetAndPut<byte, BigEndian> Block; |
104 | | |
105 | | void SAFER::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const |
106 | 6.56k | { |
107 | 6.56k | byte a, b, c, d, e, f, g, h, t; |
108 | 6.56k | const byte *key = keySchedule+1; |
109 | 6.56k | unsigned int round = keySchedule[0]; |
110 | | |
111 | 6.56k | Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); |
112 | 46.0k | while(round--) |
113 | 39.4k | { |
114 | 39.4k | a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; |
115 | 39.4k | e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; |
116 | 39.4k | a = EXP(a) + key[ 8]; b = LOG(b) ^ key[ 9]; |
117 | 39.4k | c = LOG(c) ^ key[10]; d = EXP(d) + key[11]; |
118 | 39.4k | e = EXP(e) + key[12]; f = LOG(f) ^ key[13]; |
119 | 39.4k | g = LOG(g) ^ key[14]; h = EXP(h) + key[15]; |
120 | 39.4k | key += 16; |
121 | 39.4k | PHT(a, b); PHT(c, d); PHT(e, f); PHT(g, h); |
122 | 39.4k | PHT(a, c); PHT(e, g); PHT(b, d); PHT(f, h); |
123 | 39.4k | PHT(a, e); PHT(b, f); PHT(c, g); PHT(d, h); |
124 | 39.4k | t = b; b = e; e = c; c = t; t = d; d = f; f = g; g = t; |
125 | 39.4k | } |
126 | 6.56k | a ^= key[0]; b += key[1]; c += key[2]; d ^= key[3]; |
127 | 6.56k | e ^= key[4]; f += key[5]; g += key[6]; h ^= key[7]; |
128 | 6.56k | Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); |
129 | 6.56k | } |
130 | | |
131 | | void SAFER::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const |
132 | 1.76k | { |
133 | 1.76k | byte a, b, c, d, e, f, g, h, t; |
134 | 1.76k | unsigned int round = keySchedule[0]; |
135 | 1.76k | const byte *key = keySchedule + BLOCKSIZE * (1 + 2 * round) - 7; |
136 | | |
137 | 1.76k | Block::Get(inBlock)(a)(b)(c)(d)(e)(f)(g)(h); |
138 | 1.76k | h ^= key[7]; g -= key[6]; f -= key[5]; e ^= key[4]; |
139 | 1.76k | d ^= key[3]; c -= key[2]; b -= key[1]; a ^= key[0]; |
140 | 15.8k | while (round--) |
141 | 14.1k | { |
142 | 14.1k | key -= 16; |
143 | 14.1k | t = e; e = b; b = c; c = t; t = f; f = d; d = g; g = t; |
144 | 14.1k | IPHT(a, e); IPHT(b, f); IPHT(c, g); IPHT(d, h); |
145 | 14.1k | IPHT(a, c); IPHT(e, g); IPHT(b, d); IPHT(f, h); |
146 | 14.1k | IPHT(a, b); IPHT(c, d); IPHT(e, f); IPHT(g, h); |
147 | 14.1k | h -= key[15]; g ^= key[14]; f ^= key[13]; e -= key[12]; |
148 | 14.1k | d -= key[11]; c ^= key[10]; b ^= key[9]; a -= key[8]; |
149 | 14.1k | h = LOG(h) ^ key[7]; g = EXP(g) - key[6]; |
150 | 14.1k | f = EXP(f) - key[5]; e = LOG(e) ^ key[4]; |
151 | 14.1k | d = LOG(d) ^ key[3]; c = EXP(c) - key[2]; |
152 | 14.1k | b = EXP(b) - key[1]; a = LOG(a) ^ key[0]; |
153 | 14.1k | } |
154 | 1.76k | Block::Put(xorBlock, outBlock)(a)(b)(c)(d)(e)(f)(g)(h); |
155 | 1.76k | } |
156 | | |
157 | | NAMESPACE_END |