RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
Code Releases Activity

Merge pull request #391 from haukepetersen/import_crypto

Browse Source 
Initial import of crypto libs from SecureMicroMeshRouting
This commit is contained in:
Oleg Hahm 2013-12-19 10:10:37 -08:00
commit 885798aaca
23 changed files with 4649 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
sys/Makefile
View File

@ -76,8 +76,23 @@ endif
ifneq (,$(findstring bloom,$(USEMODULE)))
DIRS += bloom
endif
ifneq (,$(findstring crypto,$(USEMODULE)))
DIRS += crypto
ifneq (,$(findstring crypto_3des,$(USEMODULE)))
DIRS += crypto/3des
endif
ifneq (,$(findstring crypto_aes,$(USEMODULE)))
DIRS += crypto/aes
endif
ifneq (,$(findstring crypto_rc5,$(USEMODULE)))
DIRS += crypto/rc5
endif
ifneq (,$(findstring crypto_sha256,$(USEMODULE)))
DIRS += crypto/sha256
endif
ifneq (,$(findstring crypto_skipjack,$(USEMODULE)))
DIRS += crypto/skipjack
endif
ifneq (,$(findstring crypto_twofish,$(USEMODULE)))
DIRS += crypto/twofish
endif
ifneq (,$(findstring random,$(USEMODULE)))
DIRS += random

532
sys/crypto/3des/3des.c Normal file
View File

@ -0,0 +1,532 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file 3des.c
* @brief implementation of the 3DES cipher-algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Tom St Denis <tomstdenis@gmail.com>, http://libtomcrypt.com
* @author Dobes Vandermeer
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*
* @date 18.09.2013 14:32:33
*
* @note This implementation is based on a DES implementation included
* in the LibTomCrypt modular cryptographic library.
* The LibTomCrypt library provides various cryptographic
* algorithms in a highly modular and flexible manner.
* The library is free for all purposes without any express
* guarantee it works.
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
* DES code submitted by Dobes Vandermeer
* @}
*/
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/3des.h"
#include "crypto/ciphers.h"
/*************** GLOBALS ******************/
/**
* @brief Interface to the 3DES cipher
*/
block_cipher_interface_t tripledes_interface = {
"3DES",
tripledes_init,
tripledes_encrypt,
tripledes_decrypt,
tripledes_setup_key,
tripledes_get_preferred_block_size
};
/**
* @brief struct for the 3DES key expansion
*/
struct des3_key_s {
uint32_t ek[3][32]; ///< encryption key
uint32_t dk[3][32]; ///< decryption key
} des3_key_s;
/************** PROTOTYPES ***************/
static void cookey(const uint32_t *raw1, uint32_t *keyout);
static void deskey(const uint8_t *key, int decrypt, uint32_t *keyout);
static void desfunc(uint32_t *block, const uint32_t *keys);
static uint8_t des3_key_setup(const uint8_t *key, struct des3_key_s *dkey);
/*****************************************/
/* Use the key schedule specific in the standard (ANSI X3.92-1981) */
static const uint8_t pc1[56] = {
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3
};
static const uint8_t totrot[16] = {
1, 2, 4, 6,
8, 10, 12, 14,
15, 17, 19, 21,
23, 25, 27, 28
};
static const uint8_t pc2[48] = {
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31
};
static const uint32_t SP1[64] = {
0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL,
0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL,
0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL,
0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL,
0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL,
0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL,
0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL,
0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL,
0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL,
0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL,
0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL,
0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL,
0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL,
0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL,
0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL,
0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL
};
static const uint32_t SP2[64] = {
0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL,
0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL,
0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL,
0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL,
0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL,
0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL,
0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL,
0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL,
0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL,
0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL,
0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL,
0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL,
0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL,
0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL,
0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL,
0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL
};
static const uint32_t SP3[64] = {
0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL,
0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL,
0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL,
0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL,
0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL,
0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL,
0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL,
0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL,
0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL,
0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL,
0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL,
0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL,
0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL,
0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL,
0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL,
0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL
};
static const uint32_t SP4[64] = {
0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL,
0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL,
0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL,
0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL,
0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL,
0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL,
0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL,
0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL,
0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL,
0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL,
0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL,
0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL,
0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL,
0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL,
0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL,
0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL
};
static const uint32_t SP5[64] = {
0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL,
0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL,
0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL,
0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL,
0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL,
0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL,
0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL,
0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL,
0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL,
0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL,
0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL,
0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL,
0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL,
0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL,
0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL,
0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL
};
static const uint32_t SP6[64] = {
0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL,
0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL,
0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL,
0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL,
0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL,
0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL,
0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL,
0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL,
0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL,
0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL,
0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL,
0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL,
0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL,
0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL,
0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL,
0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL
};
static const uint32_t SP7[64] = {
0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL,
0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL,
0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL,
0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL,
0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL,
0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL,
0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL,
0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL,
0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL,
0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL,
0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL,
0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL,
0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL,
0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL,
0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL,
0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL
};
static const uint32_t SP8[64] = {
0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL,
0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL,
0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL,
0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL,
0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL,
0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL,
0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL,
0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL,
0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL,
0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL,
0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL,
0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL,
0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL,
0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL,
0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL,
0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL
};
int tripledes_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key)
{
uint8_t i;
//printf("%-40s: Entry\r\n", __FUNCTION__);
// 16 byte blocks only
if (blockSize != THREEDES_BLOCK_SIZE) {
printf("%-40s: blockSize != 3DES_BLOCK_SIZE...\r\n", __FUNCTION__);
return 0;
}
//key must be at least 24 Bytes long
if (keySize < 24) {
//fill up by concatenating key to as long as needed
for (i = 0; i < 24; i++) {
context->context[i] = key[(i % keySize)];
}
}
else {
for (i = 0; i < 24; i++) {
context->context[i] = key[i];
}
}
return 1;
}
int tripledes_setup_key(cipher_context_t *context, uint8_t *key,
uint8_t keysize) //To change !!!
{
return tripledes_init(context, tripledes_get_preferred_block_size(),
keysize, key);
}
int tripledes_encrypt(cipher_context_t *context, uint8_t *plain, uint8_t *crypt)
{
int res;
struct des3_key_s *key = malloc(sizeof(des3_key_s));
uint32_t work[2];
if (!key) {
printf("%-40s: [ERROR] Could NOT malloc space for the des3_key_s \
struct.\r\n", __FUNCTION__);
return -1;
}
memset(key, 0, sizeof(des3_key_s));
res = des3_key_setup(context->context, key);
if (res < 0) {
printf("%-40s: [ERROR] des3_key_setup failed with Code %i\r\n",
__FUNCTION__, res);
free(key);
return -2;
}
work[0] = WPA_GET_BE32(plain);
work[1] = WPA_GET_BE32(plain + 4);
desfunc(work, key->ek[0]);
desfunc(work, key->ek[1]);
desfunc(work, key->ek[2]);
WPA_PUT_BE32(crypt, work[0]);
WPA_PUT_BE32(crypt + 4, work[1]);
free(key);
return 1;
}
int tripledes_decrypt(cipher_context_t *context, uint8_t *crypt, uint8_t *plain)
{
int res;
struct des3_key_s *key = malloc(sizeof(des3_key_s));
uint32_t work[2];
if (!key) {
printf("%-40s: [ERROR] Could NOT malloc space for the des3_key_s \
struct.\r\n", __FUNCTION__);
return -1;
}
memset(key, 0, sizeof(des3_key_s));
res = des3_key_setup(context->context, key);
if (res < 0) {
printf("%-40s: [ERROR] des3_key_setup failed with Code %i\r\n",
__FUNCTION__, res);
free(key);
return -2;
}
work[0] = WPA_GET_BE32(crypt);
work[1] = WPA_GET_BE32(crypt + 4);
desfunc(work, key->dk[0]);
desfunc(work, key->dk[1]);
desfunc(work, key->dk[2]);
WPA_PUT_BE32(plain, work[0]);
WPA_PUT_BE32(plain + 4, work[1]);
free(key);
return 1;
}
uint8_t tripledes_get_preferred_block_size()
{
return THREEDES_BLOCK_SIZE;
}
static void cookey(const uint32_t *raw1, uint32_t *keyout)
{
uint32_t *cook;
const uint32_t *raw0;
uint32_t dough[32];
int i;
cook = dough;
for (i = 0; i < 16; i++, raw1++) {
raw0 = raw1++;
*cook = (*raw0 & 0x00fc0000L) << 6;
*cook |= (*raw0 & 0x00000fc0L) << 10;
*cook |= (*raw1 & 0x00fc0000L) >> 10;
*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
*cook = (*raw0 & 0x0003f000L) << 12;
*cook |= (*raw0 & 0x0000003fL) << 16;
*cook |= (*raw1 & 0x0003f000L) >> 4;
*cook++ |= (*raw1 & 0x0000003fL);
}
memcpy(keyout, dough, sizeof(dough));
}
static void deskey(const uint8_t *key, int decrypt, uint32_t *keyout)
{
uint32_t i, j, l, m, n, kn[32];
uint8_t pc1m[56], pcr[56];
for (j = 0; j < 56; j++) {
l = (uint32_t) pc1[j];
m = l & 7;
pc1m[j] = (uint8_t)
((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0);
}
for (i = 0; i < 16; i++) {
if (decrypt) {
m = (15 - i) << 1;
}
else {
m = i << 1;
}
n = m + 1;
kn[m] = kn[n] = 0L;
for (j = 0; j < 28; j++) {
l = j + (uint32_t) totrot[i];
if (l < 28) {
pcr[j] = pc1m[l];
}
else {
pcr[j] = pc1m[l - 28];
}
}
for (/* j = 28 */; j < 56; j++) {
l = j + (uint32_t) totrot[i];
if (l < 56) {
pcr[j] = pc1m[l];
}
else {
pcr[j] = pc1m[l - 28];
}
}
for (j = 0; j < 24; j++) {
if ((int) pcr[(int) pc2[j]] != 0) {
kn[m] |= bigbyte[j];
}
if ((int) pcr[(int) pc2[j + 24]] != 0) {
kn[n] |= bigbyte[j];
}
}
}
cookey(kn, keyout);
}
static void desfunc(uint32_t *block, const uint32_t *keys)
{
uint32_t work, right, leftt;
int cur_round;
leftt = block[0];
right = block[1];
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
work = ((leftt >> 16) ^ right) & 0x0000ffffL;
right ^= work;
leftt ^= (work << 16);
work = ((right >> 2) ^ leftt) & 0x33333333L;
leftt ^= work;
right ^= (work << 2);
work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
leftt ^= work;
right ^= (work << 8);
right = ROLc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ROLc(leftt, 1);
for (cur_round = 0; cur_round < 8; cur_round++) {
work = RORc(right, 4) ^ *keys++;
leftt ^= SP7[work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
^ SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
leftt ^= SP8[ work & 0x3fL]
^ SP6[(work >> 8) & 0x3fL]
^ SP4[(work >> 16) & 0x3fL]
^ SP2[(work >> 24) & 0x3fL];
work = RORc(leftt, 4) ^ *keys++;
right ^= SP7[ work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
^ SP1[(work >> 24) & 0x3fL];
work = leftt ^ *keys++;
right ^= SP8[ work & 0x3fL]
^ SP6[(work >> 8) & 0x3fL]
^ SP4[(work >> 16) & 0x3fL]
^ SP2[(work >> 24) & 0x3fL];
}
right = RORc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = RORc(leftt, 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
/* -- */
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
block[0] = right;
block[1] = leftt;
}
static uint8_t des3_key_setup(const uint8_t *key, struct des3_key_s *dkey)
{
deskey(key, 0, dkey->ek[0]);
deskey(key + 8, 1, dkey->ek[1]);
deskey(key + 16, 0, dkey->ek[2]);
deskey(key, 1, dkey->dk[2]);
deskey(key + 8, 0, dkey->dk[1]);
deskey(key + 16, 1, dkey->dk[0]);
return 1;
}

9
sys/crypto/3des/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = 3des.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_3des
include $(RIOTBASE)/Makefile.base

9
sys/crypto/Makefile
View File

@ -1,9 +0,0 @@
INCLUDES = -I../include
MODULE = crypto
include $(RIOTBASE)/Makefile.base
ifeq ($(strip $(BOARD)),msba2)
$(warning sha256 produces wrong results on msba2 with our old toolchain)
endif

9
sys/crypto/aes/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = aes.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_aes
include $(RIOTBASE)/Makefile.base

1467
sys/crypto/aes/aes.c Normal file
View File

File diff suppressed because it is too large Load Diff

12
sys/crypto/doc.txt Normal file
View File

@ -0,0 +1,12 @@
/*
* Copyright (C) 2013 Freie Universität Berlin
*
* This file subject to the terms and conditions of the GNU Lesser General
* Public License. See the file LICENSE in the top level directory for more
* details.
*/
/**
* @defgroup sys_crypto Crypto
* @brief The crypto module is a lose collection of different crypto and hash algorithms
*/

9
sys/crypto/rc5/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = rc5.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_rc5
include $(RIOTBASE)/Makefile.base

192
sys/crypto/rc5/rc5.c Normal file
View File

@ -0,0 +1,192 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file rc5.c
* @brief implementation of the RC5 cipher-algorithm
*
* @author Freie Universität Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
* @author Naveen Sastry
*
* @}
*/
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/rc5.h"
#include "crypto/ciphers.h"
/**
* Define a fixed blocksize of 8 bytes
*/
#define BLOCK_SIZE (8U)
/**
* @brief Interface to the rc5 cipher
*/
block_cipher_interface_t rc5_interface = {
"RC5",
rc5_init,
rc5_encrypt,
rc5_decrypt,
rc5_setup_key,
rc5_get_preferred_block_size
};
int rc5_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize, uint8_t *key)
{
(void)keySize;
// 8 byte blocks only
if (blockSize != BLOCK_SIZE) {
return 0;
}
return rc5_setup_key(context, key, 0);
}
int rc5_encrypt(cipher_context_t *context, uint8_t *block,
uint8_t *cipherBlock)
{
register uint32_t l;
register uint32_t r;
register uint32_t *s = ((rc5_context_t *) context->context)->skey;
uint8_t i, tmp;
c2l(block, l);
block += 4;
c2l(block, r);
l += *s++;
r += *s++;
for (i = RC5_ROUNDS; i > 0; i--) {
l ^= r;
tmp = r;
tmp &= 0x1f;
rotl32(l, tmp);
l += *s++;
r ^= l;
tmp = l;
tmp &= 0x1f;
rotl32(r, tmp);
r += *s++;
}
l2c(l, cipherBlock);
cipherBlock += 4;
l2c(r, cipherBlock);
return 1;
}
int rc5_decrypt(cipher_context_t *context, uint8_t *cipherBlock,
uint8_t *plainBlock)
{
register uint32_t l;
register uint32_t r;
register uint32_t *s = ((rc5_context_t *) context->context)->skey +
(2 * RC5_ROUNDS) + 1;
uint8_t i, tmp;
c2l(cipherBlock, l);
cipherBlock += 4;
c2l(cipherBlock, r);
for (i = RC5_ROUNDS; i > 0; i--) {
r -= *s--;
tmp = l;
tmp &= 0x1f;
rotr32(r, tmp);
r ^= l;
l -= *s--;
tmp = r;
tmp &= 0x1f;
rotr32(l, tmp);
l ^= r;
}
r -= *s--;
l -= *s;
l2c(l, plainBlock);
plainBlock += 4;
l2c(r, plainBlock);
return 1;
}
int rc5_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize)
{
(void)keysize;
uint32_t *L, l, A, B, *S, k;
uint8_t ii, jj, m;
int8_t i;
uint8_t tmp[8];
S = ((rc5_context_t *)context->context)->skey;
//dumpBuffer ("RC5M:setupKey K", (uint8_t *)key, 8);
c2l(key, l);
L = (uint32_t *) tmp;
L[0] = l;
key += 4;
c2l(key, l);
L[1] = l;
S[0] = RC5_32_P;
//dumpBuffer ("RC5M:setupKey L", (uint8_t *)L, 8);
for (i = 1; i < 2 * RC5_ROUNDS + 2; i++) {
S[i] = (S[i - 1] + RC5_32_Q);
/* sum =(*S+RC5_32_Q)&RC5_32_MASK;
* S++;
* S = sum;
*/
}
//dumpBuffer ("RC5M: setupKey S", (uint8_t *)S, 2 * (RC5_ROUNDS +1) * 4);
ii = jj = 0;
A = B = 0;
S = ((rc5_context_t *)context->context)->skey;
for (i = 3 * (2 * RC5_ROUNDS + 2) - 1; i >= 0; i--) {
k = (*S + A + B)&RC5_32_MASK;
rotl32((k), (3));
A = *S = k;
S++;
m = ((char)(A + B)) & 0x1f;
k = (*L + A + B)&RC5_32_MASK;
rotl32((k), (m));
B = *L = k;
if (++ii >= 2 * RC5_ROUNDS + 2) {
ii = 0;
S = ((rc5_context_t *)context->context)->skey;
}
jj ^= 4;
L = (uint32_t *)(&tmp[jj]);
}
return 1;
}
/**
* Returns the preferred block size that this cipher operates with. It is
* always safe to call this function before the init() call has been made.
*
* @return the preferred block size for this cipher. In the case where the
* cipher operates with multiple block sizes, this will pick one
* particular size (deterministically).
*/
uint8_t rc5_get_preferred_block_size()
{
return BLOCK_SIZE;
}

9
sys/crypto/sha256/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = sha256.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_sha256
include $(RIOTBASE)/Makefile.base

46
sys/crypto/sha256.c → sys/crypto/sha256/sha256.c
View File

@ -27,9 +27,23 @@
* $FreeBSD: src/lib/libmd/sha256c.c,v 1.2 2006/01/17 15:35:56 phk Exp $
*/
/**
* @ingroup sys_crypto
* @{
*
* @file sha256.c
* @brief SHA256 hash function implementation
*
* @author Colin Percival
* @author Christian Mehlis
* @author Rene Kijewski
*
* @}
*/
#include <string.h>
#include "sha256.h"
#include "crypto/sha256.h"
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
/* Copy a vector of big-endian uint32_t into a vector of bytes */
@ -94,7 +108,7 @@ static const uint32_t K[64] = {
* SHA256 block compression function. The 256-bit state is transformed via
* the 512-bit input block to produce a new state.
*/
static void SHA256_Transform(uint32_t *state, const unsigned char block[64])
static void sha256_transform(uint32_t *state, const unsigned char block[64])
{
uint32_t W[64];
uint32_t S[8];
@ -136,7 +150,7 @@ static unsigned char PAD[64] = {
};
/* Add padding and terminating bit-count. */
static void SHA256_Pad(SHA256_CTX *ctx)
static void sha256_pad(sha256_context_t *ctx)
{
/*
* Convert length to a vector of bytes -- we do this now rather
@ -148,14 +162,14 @@ static void SHA256_Pad(SHA256_CTX *ctx)
/* Add 1--64 bytes so that the resulting length is 56 mod 64 */
uint32_t r = (ctx->count[1] >> 3) & 0x3f;
uint32_t plen = (r < 56) ? (56 - r) : (120 - r);
SHA256_Update(ctx, PAD, (size_t) plen);
sha256_update(ctx, PAD, (size_t) plen);
/* Add the terminating bit-count */
SHA256_Update(ctx, len, 8);
sha256_update(ctx, len, 8);
}
/* SHA-256 initialization. Begins a SHA-256 operation. */
void SHA256_Init(SHA256_CTX *ctx)
void sha256_init(sha256_context_t *ctx)
{
/* Zero bits processed so far */
ctx->count[0] = ctx->count[1] = 0;
@ -172,7 +186,7 @@ void SHA256_Init(SHA256_CTX *ctx)
}
/* Add bytes into the hash */
void SHA256_Update(SHA256_CTX *ctx, const void *in, size_t len)
void sha256_update(sha256_context_t *ctx, const void *in, size_t len)
{
/* Number of bytes left in the buffer from previous updates */
uint32_t r = (ctx->count[1] >> 3) & 0x3f;
@ -198,13 +212,13 @@ void SHA256_Update(SHA256_CTX *ctx, const void *in, size_t len)
const unsigned char *src = in;
memcpy(&ctx->buf[r], src, 64 - r);
SHA256_Transform(ctx->state, ctx->buf);
sha256_transform(ctx->state, ctx->buf);
src += 64 - r;
len -= 64 - r;
/* Perform complete blocks */
while (len >= 64) {
SHA256_Transform(ctx->state, src);
sha256_transform(ctx->state, src);
src += 64;
len -= 64;
}
@ -217,10 +231,10 @@ void SHA256_Update(SHA256_CTX *ctx, const void *in, size_t len)
* SHA-256 finalization. Pads the input data, exports the hash value,
* and clears the context state.
*/
void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx)
void sha256_final(unsigned char digest[32], sha256_context_t *ctx)
{
/* Add padding */
SHA256_Pad(ctx);
sha256_pad(ctx);
/* Write the hash */
be32enc_vect(digest, ctx->state, 32);
@ -229,18 +243,18 @@ void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx)
memset((void *) ctx, 0, sizeof(*ctx));
}
unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
unsigned char *sha256(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
sha256_context_t c;
static unsigned char m[SHA256_DIGEST_LENGTH];
if (md == NULL) {
md = m;
}
SHA256_Init(&c);
SHA256_Update(&c, d, n);
SHA256_Final(md, &c);
sha256_init(&c);
sha256_update(&c, d, n);
sha256_final(md, &c);
return md;
}

9
sys/crypto/skipjack/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = skipjack.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_skipjack
include $(RIOTBASE)/Makefile.base

351
sys/crypto/skipjack/skipjack.c Normal file
View File

@ -0,0 +1,351 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file skipjack.c
* @brief implementation of the SkipJack Cipher-Algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
* @author Naveen Sastry
*
* @}
*/
/*
* From the NIST description of SkipJack.
*/
// our context: we just expand the key to 20 bytes.
//
// we have two options for the expansion:
// 1. no expansion. advantage: 10byte context. disadvantage: mucks up
// the G box code with ifs / mods. Alternatively adds lots of code and
// muckiness.
// 2. expand key to 128 bytes. Makes G boxes easy to write, and minimal
// code expansion. disadvantage: wasted memory
// 3. expand key to 20 bytes. G boxes still simple, the encode and decode
// functions are a little more complicated, but still more or less
// managable. this is what we've implemented.
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/ciphers.h"
#include "crypto/skipjack.h"
/**
* @brief Define a fixed block size of 8 bytes
*/
#define BLOCK_SIZE (8U)
/**
* @brief Interface to the skipjack cipher
*/
block_cipher_interface_t skipjack_interface = {
"SkipJack",
skipjack_init,
skipjack_encrypt,
skipjack_decrypt,
skipjack_setup_key,
skipjack_get_preferred_block_size
};
// F-BOX
// It can live in either RAM (faster access) or program memory (save ram,
// but slower access). The type CRYPTO_TABLE_TYPE, defined in crypto.h
// defines where we drop the table and how we access it. This is necessary
// to compile for the PC target since it doesn't support tables in
// program memory the same way.
static const uint8_t SJ_F[] /*__attribute__((C))*/ = {
0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4, 0xB3, 0x21, 0x15, 0x78,
0x99, 0xB1, 0xAF, 0xF9, 0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E,
0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28, 0x0A, 0xDF, 0x02, 0xA0,
0x17, 0xF1, 0x60, 0x68, 0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53,
0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19, 0x7C, 0xAE, 0xE5, 0xF5,
0xF7, 0x16, 0x6A, 0xA2, 0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B,
0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8, 0x55, 0xB9, 0xDA, 0x85,
0x3F, 0x41, 0xBF, 0xE0, 0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90,
0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56,
0x6D, 0x98, 0x9B, 0x76, 0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20,
0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D, 0x42, 0xED, 0x9E, 0x6E,
0x49, 0x3C, 0xCD, 0x43, 0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18,
0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA, 0xC8, 0x74, 0xDC, 0xC9,
0x5D, 0x5C, 0x31, 0xA4, 0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87,
0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40, 0x34, 0x4B, 0x1C, 0x73,
0xD1, 0xC4, 0xFD, 0x3B, 0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5,
0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0, 0x29, 0x79, 0x71, 0x7E,
0xFF, 0x8C, 0x0E, 0xE2, 0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1,
0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8, 0x08, 0x77, 0x11, 0xBE,
0x92, 0x4F, 0x24, 0xC5, 0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC,
0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3, 0xBD, 0xA8, 0x3A, 0x01,
0x05, 0x59, 0x2A, 0x46
};
int skipjack_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key)
{
// 8 byte blocks only
if (blockSize != BLOCK_SIZE) {
return 0;
}
return skipjack_setup_key(context, key, keySize);
}
/**
* @brief convert 2x uint8_t to uint16_t
*
* @param c pointer to the 2x uint8_t input
* @param s pointer to the resulting uint16_t
*
*/
static void c2sM(uint8_t *c, uint16_t *s)
{
memcpy(s, c, sizeof(uint16_t));
return;
}
/**
* @brief convert one uint16_t to 2x uint8_t
*
* @param s pointer to the uint16_t input
* @param c pointer to the first resulting uint8_ts
*/
static void s2cM(uint16_t s, uint8_t *c)
{
memcpy(c, &s, sizeof(uint16_t));
return;
}
int skipjack_encrypt(cipher_context_t *context, uint8_t *plainBlock,
uint8_t *cipherBlock)
{
// prologue 10 pushs = 20 cycles
/*register*/ uint8_t counter = 1;
/*register*/ uint8_t *skey = ((skipjack_context_t *)context->context)->skey;
/*register*/ uint16_t w1, w2, w3, w4, tmp;
/*register*/ uint8_t bLeft, bRight;
//dumpBuffer("SkipJack.encrypt: plainBlock", plainBlock, 8);
c2sM(plainBlock, &w1);
plainBlock += 2;
c2sM(plainBlock, &w2);
plainBlock += 2;
c2sM(plainBlock, &w3);
plainBlock += 2;
c2sM(plainBlock, &w4);
plainBlock += 2;
/*
* code if we had expanded key to 128 bytes. this is what the code below
* does, but after every 5 operations, it resets the where we are
* in the key back to the beginning of the skey. so our loops end up
* looking a little funny.
*
* while (counter < 9)
* RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
* while (counter < 17)
* RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
* while (counter < 25)
* RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
* while (counter < 33)
* RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
*/
while (counter < 6) { // 5x
RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey;
while (counter < 9) { // 3x
RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
while (counter < 11) { // 2x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey;
while (counter < 16) { // 5x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey;
// 1x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
while (counter < 21) { // 4x
RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey;
while (counter < 25) { // 4x
RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
// 1x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
skey = ((skipjack_context_t *)context->context)->skey;
while (counter < 31) { // 5x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey;
while (counter < 33) { // 2x
RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
s2cM(w1, cipherBlock);
cipherBlock += 2;
s2cM(w2, cipherBlock);
cipherBlock += 2;
s2cM(w3, cipherBlock);
cipherBlock += 2;
s2cM(w4, cipherBlock);
cipherBlock += 2;
return 1;
}
int skipjack_decrypt(cipher_context_t *context, uint8_t *cipherBlock,
uint8_t *plainBlock)
{
/*register*/ uint8_t counter = 32;
/*register*/ uint8_t *skey = ((skipjack_context_t *)context->context)->skey + 4;
/*register*/ uint16_t w1, w2, w3, w4, tmp;
/*register*/ uint8_t bLeft, bRight;
//dumpBuffer("SkipJack.decrypt: cipherBlock", cipherBlock, 8);
c2sM(cipherBlock, &w1);
cipherBlock += 2;
c2sM(cipherBlock, &w2);
cipherBlock += 2;
c2sM(cipherBlock, &w3);
cipherBlock += 2;
c2sM(cipherBlock, &w4);
/*
// code if we had expanded key to 128 bytes. this is what the code below
// does, but after every 5 operations, it resets the where we are
// in the key back to the beginning of the skey. so our loops end up
// looking a little funny.
while (counter > 24)
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
while (counter > 16)
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
while (counter > 8)
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
while (counter > 0)
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight );
*/
while (counter > 30) { //2x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey + 16;
while (counter > 25) { //5x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey + 16;
//1x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
while (counter > 20) { //4x
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey + 16;
while (counter > 16) { //4x
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
//1x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
skey = ((skipjack_context_t *)context->context)->skey + 16;
while (counter > 10) { //5x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey + 16;
while (counter > 8) { // 2x
RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
while (counter > 5) { // 3x
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
skey = ((skipjack_context_t *)context->context)->skey + 16;
while (counter > 0) { // 5x
RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight);
}
s2cM(w1, plainBlock);
plainBlock += 2;
s2cM(w2, plainBlock);
plainBlock += 2;
s2cM(w3, plainBlock);
plainBlock += 2;
s2cM(w4, plainBlock);
return 1;
}
int skipjack_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize)
{
int i = 0;
uint8_t *skey = ((skipjack_context_t *)context->context)->skey;
// for keys which are smaller than 160 bits, concatenate until they reach
// 160 bits in size. Note that key expansion is just concatenation.
if (keysize < CIPHERS_KEYSIZE) {
//fill up by concatenating key to as long as needed
for (i = 0; i < CIPHERS_KEYSIZE; i++) {
skey[i] = key[(i % keysize)];
}
}
else {
for (i = 0; i < CIPHERS_KEYSIZE; i++) {
skey[i] = key[i];
}
}
return 1;
}
uint8_t skipjack_get_preferred_block_size()
{
return BLOCK_SIZE;
}

9
sys/crypto/twofish/Makefile Normal file
View File

@ -0,0 +1,9 @@
SRC = twofish.c
OBJ = $(SRC:%.c=$(BINDIR)%.o)
DEP = $(SRC:%.c=$(BINDIR)%.d)
MODULE = crypto_twofish
include $(RIOTBASE)/Makefile.base

759
sys/crypto/twofish/twofish.c Normal file
View File

@ -0,0 +1,759 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file twofish.c
* @brief implementation of the twofish cipher-algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
* @author Matthew Skala <mskala@ansuz.sooke.bc.ca>
*
* @}
*/
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/twofish.h"
#include "crypto/ciphers.h"
//prototype
static int twofish_set_key(twofish_context_t *ctx, uint8_t *key, uint8_t keylen);
// twofish interface
block_cipher_interface_t twofish_interface = {
"TWOFISH",
twofish_init,
twofish_encrypt,
twofish_decrypt,
twofish_setup_key,
twofish_get_preferred_block_size
};
/* These two tables are the q0 and q1 permutations, exactly as described in
* the Twofish paper. */
static const uint8_t q0[256] = {
0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
0x4A, 0x5E, 0xC1, 0xE0
};
static const uint8_t q1[256] = {
0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
0x55, 0x09, 0xBE, 0x91
};
/*
* These MDS tables are actually tables of MDS composed with q0 and q1,
* because it is only ever used that way and we can save some time by
* precomputing. Of course the main saving comes from precomputing the
* GF(2^8) multiplication involved in the MDS matrix multiply; by looking
* things up in these tables we reduce the matrix multiply to four lookups
* and three XORs. Semi-formally, the definition of these tables is:
* mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T
* mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T
* where ^T means "transpose", the matrix multiply is performed in GF(2^8)
* represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
* by Schneier et al, and I'm casually glossing over the byte/word
* conversion issues.
*/
static const uint32_t mds[4][256] = {
{
0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91
},
{
0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8
},
{
0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF
},
{
0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8
}
};
/* The exp_to_poly and poly_to_exp tables are used to perform efficient
* operations in GF(2^8) represented as GF(2)[x]/w(x) where
* w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the
* definition of the RS matrix in the key schedule. Elements of that field
* are polynomials of degree not greater than 7 and all coefficients 0 or 1,
* which can be represented naturally by bytes (just substitute x=2). In that
* form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
* multiplication is inefficient without hardware support. To multiply
* faster, I make use of the fact x is a generator for the nonzero elements,
* so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
* some n in 0..254. Note that that caret is exponentiation in GF(2^8),
* *not* polynomial notation. So if I want to compute pq where p and q are
* in GF(2^8), I can just say:
* 1. if p=0 or q=0 then pq=0
* 2. otherwise, find m and n such that p=x^m and q=x^n
* 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
* The translations in steps 2 and 3 are looked up in the tables
* poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this
* in action, look at the CALC_S macro. As additional wrinkles, note that
* one of my operands is always a constant, so the poly_to_exp lookup on it
* is done in advance; I included the original values in the comments so
* readers can have some chance of recognizing that this *is* the RS matrix
* from the Twofish paper. I've only included the table entries I actually
* need; I never do a lookup on a variable input of zero and the biggest
* exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
* never sum to more than 491. I'm repeating part of the exp_to_poly table
* so that I don't have to do mod-255 reduction in the exponent arithmetic.
* Since I know my constant operands are never zero, I only have to worry
* about zero values in the variable operand, and I do it with a simple
* conditional branch. I know conditionals are expensive, but I couldn't
* see a non-horrible way of avoiding them, and I did manage to group the
* statements so that each if covers four group multiplications.
*/
static const uint8_t poly_to_exp[255] = {
0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
0x85, 0xC8, 0xA1
};
static const uint8_t exp_to_poly[492] = {
0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
};
/* The table constants are indices of
* S-box entries, preprocessed through q0 and q1. */
static uint8_t calc_sb_tbl[512] = {
0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
};
int twofish_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key)
{
//printf("%-40s: Entry\r\n", __FUNCTION__);
// 16 byte blocks only
if (blockSize != TWOFISH_BLOCK_SIZE) {
printf("%-40s: blockSize != TWOFISH_BLOCK_SIZE...\r\n", __FUNCTION__);
return 0;
}
uint8_t i;
//key must be at least CIPHERS_KEYSIZE Bytes long
if (keySize < CIPHERS_KEYSIZE) {
//fill up by concatenating key to as long as needed
for (i = 0; i < CIPHERS_KEYSIZE; i++) {
context->context[i] = key[(i % keySize)];
}
}
else {
for (i = 0; i < CIPHERS_KEYSIZE; i++) {
context->context[i] = key[i];
}
}
return 1;
}
int twofish_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize)
{
return twofish_init(context, twofish_get_preferred_block_size(),
keysize, key);
}
/**
* @brief Perform the key setup.
* Note that this works only with 128- and 256-bit keys, despite the
* API that looks like it might support other sizes.
*
* @param ctx pointer to the context that the setup will be executed on
* @param key pointer to the key
* @param keylen length of the key in bytes
*
* @return -1 if invalid key-length, 0 otherwise
*/
static int twofish_set_key(twofish_context_t *ctx, uint8_t *key, uint8_t keylen)
{
int i, j, k;
/* Temporaries for CALC_K. */
uint32_t x, y;
/* The S vector used to key the S-boxes, split up into individual bytes.
* 128-bit keys use only sa through sh; 256-bit use all of them. */
uint8_t sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
uint8_t si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
/* Temporary for CALC_S. */
uint8_t tmp;
/* Check key length. */
if (((keylen - 16) | 16) != 16) {
printf("%-40s: [ERROR] invalid key-length!\r\n", __FUNCTION__);
return -1;//GPG_ERR_INV_KEYLEN;
}
/* Compute the first two words of the S vector. The magic numbers are
* the entries of the RS matrix, preprocessed through poly_to_exp. The
* numbers in the comments are the original (polynomial form) matrix
* entries. */
CALC_S(sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
CALC_S(sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
CALC_S(sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
CALC_S(sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
CALC_S(sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
CALC_S(sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
CALC_S(sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
CALC_S(sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
CALC_S(se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
CALC_S(se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
CALC_S(se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
CALC_S(se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
CALC_S(se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
CALC_S(se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
CALC_S(se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
CALC_S(se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
if (keylen == 32) { /* 256-bit key */
/* Calculate the remaining two words of the S vector */
CALC_S(si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
CALC_S(si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
CALC_S(si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
CALC_S(si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
CALC_S(si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
CALC_S(si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
CALC_S(si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
CALC_S(si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
CALC_S(sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
CALC_S(sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
CALC_S(sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
CALC_S(sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
CALC_S(sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
CALC_S(sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
CALC_S(sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
CALC_S(sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
/* Compute the S-boxes. */
for (i = j = 0, k = 1; i < 256; i++, j += 2, k += 2) {
CALC_SB256_2(i, calc_sb_tbl[j], calc_sb_tbl[k]);
}
/*
* Calculate whitening and round subkeys. The constants are
* indices of subkeys, preprocessed through q0 and q1.
*
**/
CALC_K256(w, 0, 0xA9, 0x75, 0x67, 0xF3);
CALC_K256(w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
CALC_K256(w, 4, 0x04, 0xDB, 0xFD, 0x7B);
CALC_K256(w, 6, 0xA3, 0xFB, 0x76, 0xC8);
CALC_K256(k, 0, 0x9A, 0x4A, 0x92, 0xD3);
CALC_K256(k, 2, 0x80, 0xE6, 0x78, 0x6B);
CALC_K256(k, 4, 0xE4, 0x45, 0xDD, 0x7D);
CALC_K256(k, 6, 0xD1, 0xE8, 0x38, 0x4B);
CALC_K256(k, 8, 0x0D, 0xD6, 0xC6, 0x32);
CALC_K256(k, 10, 0x35, 0xD8, 0x98, 0xFD);
CALC_K256(k, 12, 0x18, 0x37, 0xF7, 0x71);
CALC_K256(k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
CALC_K256(k, 16, 0x43, 0x30, 0x75, 0x0F);
CALC_K256(k, 18, 0x37, 0xF8, 0x26, 0x1B);
CALC_K256(k, 20, 0xFA, 0x87, 0x13, 0xFA);
CALC_K256(k, 22, 0x94, 0x06, 0x48, 0x3F);
CALC_K256(k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
CALC_K256(k, 26, 0x8B, 0xAE, 0x30, 0x5B);
CALC_K256(k, 28, 0x84, 0x8A, 0x54, 0x00);
CALC_K256(k, 30, 0xDF, 0xBC, 0x23, 0x9D);
}
else {
/* Compute the S-boxes. */
for (i = j = 0, k = 1; i < 256; i++, j += 2, k += 2) {
CALC_SB_2(i, calc_sb_tbl[j], calc_sb_tbl[k]);
}
/*
* Calculate whitening and round subkeys. The constants are
* indices of subkeys, preprocessed through q0 and q1.
**/
CALC_K(w, 0, 0xA9, 0x75, 0x67, 0xF3);
CALC_K(w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
CALC_K(w, 4, 0x04, 0xDB, 0xFD, 0x7B);
CALC_K(w, 6, 0xA3, 0xFB, 0x76, 0xC8);
CALC_K(k, 0, 0x9A, 0x4A, 0x92, 0xD3);
CALC_K(k, 2, 0x80, 0xE6, 0x78, 0x6B);
CALC_K(k, 4, 0xE4, 0x45, 0xDD, 0x7D);
CALC_K(k, 6, 0xD1, 0xE8, 0x38, 0x4B);
CALC_K(k, 8, 0x0D, 0xD6, 0xC6, 0x32);
CALC_K(k, 10, 0x35, 0xD8, 0x98, 0xFD);
CALC_K(k, 12, 0x18, 0x37, 0xF7, 0x71);
CALC_K(k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
CALC_K(k, 16, 0x43, 0x30, 0x75, 0x0F);
CALC_K(k, 18, 0x37, 0xF8, 0x26, 0x1B);
CALC_K(k, 20, 0xFA, 0x87, 0x13, 0xFA);
CALC_K(k, 22, 0x94, 0x06, 0x48, 0x3F);
CALC_K(k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
CALC_K(k, 26, 0x8B, 0xAE, 0x30, 0x5B);
CALC_K(k, 28, 0x84, 0x8A, 0x54, 0x00);
CALC_K(k, 30, 0xDF, 0xBC, 0x23, 0x9D);
}
return 0;
}
/* Encrypt one block. in and out may be the same. */
int twofish_encrypt(cipher_context_t *context, uint8_t *in, uint8_t *out)
{
int res;
//setup the twofish-specific context
twofish_context_t *ctx = malloc(sizeof(twofish_context_t));
if (!ctx) {
printf("%-40s: [ERROR] Could NOT malloc space for the twofish_context_t \
struct.\r\n", __FUNCTION__);
return -1;
}
res = twofish_set_key(ctx, context->context, TWOFISH_KEY_SIZE);
if (res < 0) {
printf("%-40s: [ERROR] twofish_setKey failed with Code %i\r\n",
__FUNCTION__, res);
free(ctx);
return -2;
}
/* The four 32-bit chunks of the text. */
uint32_t a, b, c, d;
/* Temporaries used by the round function. */
uint32_t x, y;
/* Input whitening and packing. */
INPACK(0, a, 0);
INPACK(1, b, 1);
INPACK(2, c, 2);
INPACK(3, d, 3);
/* Encryption Feistel cycles. */
ENCCYCLE(0);
ENCCYCLE(1);
ENCCYCLE(2);
ENCCYCLE(3);
ENCCYCLE(4);
ENCCYCLE(5);
ENCCYCLE(6);
ENCCYCLE(7);
/* Output whitening and unpacking. */
OUTUNPACK(0, c, 4);
OUTUNPACK(1, d, 5);
OUTUNPACK(2, a, 6);
OUTUNPACK(3, b, 7);
free(ctx);
return 1;
}
/* Decrypt one block. in and out may be the same. */
int twofish_decrypt(cipher_context_t *context, uint8_t *in, uint8_t *out)
{
int res;
twofish_context_t *ctx = malloc(sizeof(twofish_context_t));
if (!ctx) {
printf("%-40s: [ERROR] Could NOT malloc space for the twofish_context_t \
struct.\r\n", __FUNCTION__);
return -1;
}
res = twofish_set_key(ctx, context->context, TWOFISH_KEY_SIZE);
if (res < 0) {
printf("%-40s: [ERROR] twofish_setKey failed with Code %i\r\n",
__FUNCTION__, res);
free(ctx);
return -2;
}
/* The four 32-bit chunks of the text. */
uint32_t a, b, c, d;
/* Temporaries used by the round function. */
uint32_t x, y;
/* Input whitening and packing. */
INPACK(0, c, 4);
INPACK(1, d, 5);
INPACK(2, a, 6);
INPACK(3, b, 7);
/* Encryption Feistel cycles. */
DECCYCLE(7);
DECCYCLE(6);
DECCYCLE(5);
DECCYCLE(4);
DECCYCLE(3);
DECCYCLE(2);
DECCYCLE(1);
DECCYCLE(0);
/* Output whitening and unpacking. */
OUTUNPACK(0, a, 0);
OUTUNPACK(1, b, 1);
OUTUNPACK(2, c, 2);
OUTUNPACK(3, d, 3);
free(ctx);
return 1;
}
uint8_t twofish_get_preferred_block_size()
{
return TWOFISH_BLOCK_SIZE;
}

151
sys/include/crypto/3des.h Normal file
View File

@ -0,0 +1,151 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file 3des.h
* @brief Headers for the implementation of the 3DES cipher-algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics,
* @author Nicolai Schmittberger (nicolai.schmittberger@fu-berlin.de)
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*/
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "assert.h"
#include "crypto/ciphers.h"
#ifndef THREEDES_H_
#define THREEDES_H_
#define THREEDES_BLOCK_SIZE 8
#define THREEDES_KEY_SIZE PARSEC_KEYSIZE
#define ROLc(x, y) \
((((unsigned long) (x) << (unsigned long) ((y) & 31)) | \
(((unsigned long) (x) & 0xFFFFFFFFUL) >> \
(unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL)
#define RORc(x, y) \
(((((unsigned long) (x) & 0xFFFFFFFFUL) >> \
(unsigned long) ((y) & 31)) | \
((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & \
0xFFFFFFFFUL)
//source: http://hostap.epitest.fi/wpa_supplicant/devel/common_8h.html
#define WPA_GET_BE32(a) \
((((uint32_t) (a)[0]) << 24) | \
(((uint32_t) (a)[1]) << 16) | \
(((uint32_t) (a)[2]) << 8 ) | ((uint32_t) (a)[3]))
//source: http://hostap.epitest.fi/wpa_supplicant/devel/common_8h.html
#define WPA_PUT_BE32(a, val) \
do { \
(a)[0] = (uint8_t) ((((uint32_t) (val)) >> 24) & 0xff); \
(a)[1] = (uint8_t) ((((uint32_t) (val)) >> 16) & 0xff); \
(a)[2] = (uint8_t) ((((uint32_t) (val)) >> 8) & 0xff); \
(a)[3] = (uint8_t) (((uint32_t) (val)) & 0xff); \
} while (0)
static const uint32_t bytebit[8] = {0200, 0100, 040, 020, 010, 04, 02, 01};
static const uint32_t bigbyte[24] = {
0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL,
0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL,
0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL,
0x800UL, 0x400UL, 0x200UL, 0x100UL,
0x80UL, 0x40UL, 0x20UL, 0x10UL,
0x8UL, 0x4UL, 0x2UL, 0x1L
};
/**
* @brief initializes the 3DES Cipher-algorithm with the passed
* parameters
*
* @param context the cipher_context_t-struct to save the
* initialization of the cipher in
* @param blockSize the used blocksize - this must match
* the cipher-blocksize
* @param keySize the size of the key
* @param key a pointer to the key
*
* @return 0 if blocksize doesn't match else 1
*/
int tripledes_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key);
/**
* @brief updates the used key for this context after initialization has
* already been done
*
* @param context the cipher_context_t-struct to save the updated key in
* @param key a pointer to the key
* @param keysize the length of the key
*
* @return 0 if initialized blocksize is wrong, 1 else
*/
int tripledes_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize);
/**
* @brief encrypts one plain-block and saves the result in crypt.
* encrypts one blocksize long block of plaintext pointed to by
* plain to one blocksize long block of ciphertext which will be
* written to the the memory-area pointed to by crypt
*
* @param context the cipher_context_t-struct to use for this
* encryption
* @param plain a pointer to the plaintext-block (of size
* blocksize)
* @param crypt a pointer to the place where the ciphertext will
* be stored
*
* @return -1 if no space for the key could be malloced
* -2 if the key could not be setup correctly
* 1 if encryption was successful
*/
int tripledes_encrypt(cipher_context_t *context, uint8_t *plain, uint8_t *crypt);
/**
* @brief decrypts one cipher-block and saves the plain-block in plain.
* decrypts one blocksize long block of ciphertext pointed to by
* crypt to one blocksize long block of plaintext and stores the
* plaintext in the memory-area pointed to by plain
*
* @param context the cipher_context_t-struct to use for this
* decryption
* @param crypt a pointer to the ciphertext-block (of size blocksize)
* to be decrypted
* @param plain a pointer to the place where the decrypted plaintext
* will be stored
*
* @return -1 if no space for the key could be malloced
* -2 if the key could not be setup correctly
* 1 if decryption was successful
*/
int tripledes_decrypt(cipher_context_t *context, uint8_t *crypt, uint8_t *plain);
/**
* @brief returns the blocksize of the 3DES algorithm
*/
uint8_t tripledes_get_preferred_block_size(void);
/**
* Interface to access the functions
*
*/
extern block_cipher_interface_t tripledes_interface;
/** @} */
#endif /* THREEDES_H_ */

141
sys/include/crypto/aes.h Normal file
View File

@ -0,0 +1,141 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file aes.h
* @brief Headers for the implementation of the AES cipher-algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Fabrice Bellard
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*/
#ifndef AES_H
#define AES_H
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/ciphers.h"
typedef uint32_t u32;
typedef uint16_t u16;
typedef uint8_t u8;
/* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
(ct)[1] = (u8)((st) >> 16); \
(ct)[2] = (u8)((st) >> 8); \
(ct)[3] = (u8)(st); }
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
#define AES_KEY_SIZE 16
struct aes_key_st {
uint32_t rd_key[4 * (AES_MAXNR + 1)];
int rounds;
};
typedef struct aes_key_st AES_KEY;
/**
* @brief the cipher_context_t-struct adapted for AES
*/
typedef struct {
uint32_t context[(4 * (AES_MAXNR + 1)) + 1];
} aes_context_t;
/**
* @brief initializes the AES Cipher-algorithm with the passed parameters
*
* @param context the cipher_context_t-struct to save the initialization
* of the cipher in
* @param blockSize the used blocksize - this must match the
* cipher-blocksize
* @param keySize the size of the key
* @param key a pointer to the key
*
* @return 0 if blocksize doesn't match else 1
*/
int aes_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key);
/**
* @brief updates the used key for this context after initialization has
* already been done
*
* @param context the cipher_context_t-struct to save the updated key
* in
* @param key a pointer to the key
* @param keysize the length of the key
*
* @return 0 if initialized blocksize is wrong, 1 else
*/
int aes_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize);
/**
* @brief encrypts one plainBlock-block and saves the result in cipherblock.
* encrypts one blocksize long block of plaintext pointed to by
* plainBlock to one blocksize long block of ciphertext which will be
* written to the the memory-area pointed to by cipherBlock
*
* @param context the cipher_context_t-struct to use for this
* encryption
* @param plainBlock a pointer to the plaintext-block (of size
* blocksize)
* @param cipherBlock a pointer to the place where the ciphertext will
* be stored
*
* @return 1 or result of aes_set_encrypt_key if it failed
*/
int aes_encrypt(cipher_context_t *context, uint8_t *plain_block,
uint8_t *cipher_block);
/**
* @brief decrypts one cipher-block and saves the plain-block in plainBlock.
* decrypts one blocksize long block of ciphertext pointed to by
* cipherBlock to one blocksize long block of plaintext and stores
* the plaintext in the memory-area pointed to by plainBlock
*
* @param context the cipher_context_t-struct to use for this
* decryption
* @param cipherBlock a pointer to the ciphertext-block (of size
* blocksize) to be decrypted
* @param plainBlock a pointer to the place where the decrypted
* plaintext will be stored
*
* @return 1 or result of ::aes_set_decrypt_key if it failed
*/
int aes_decrypt(cipher_context_t *context, uint8_t *cipher_block,
uint8_t *plain_block);
/**
* @brief returns the blocksize of the AES algorithm
*/
uint8_t aes_get_preferred_block_size(void);
/**
* Interface to access the functions
*
*/
extern block_cipher_interface_t aes_inerface;
/** @} */
#endif /* AES_H */

207
sys/include/crypto/cbcmode.h Normal file
View File

@ -0,0 +1,207 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file cbcmode.h
* @brief Headers of the implementation of the CBC Mode of Operation
*
* Implementation of the CBC Mode of Operation with Ciphertext-Stealing for encryption.
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics.
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#ifndef CBCMODE_H_
#define CBCMODE_H_
#include "crypto/ciphers.h"
#define MIN(a, b) ( ((a) < (b)) ? (a) : (b))
#define DBG_CRYPTO 1
enum {
// we allocate some static buffers on the stack; they have to be less
// than this size
CBCMODE_MAX_BLOCK_SIZE = 8,
CBCMODE_MAX_BLOCK_SIZE_AES = 16
};
/*// We run a simple state machine in the incremental decrypt:
//
// +--> ONE_BLOCK
// |
// ---|
// |
// +--> GENERAL --+---> TWO_LEFT_A ----> TWO_LEFT_B
// ^ |
// | |
// +------+
*/
enum {
ONE_BLOCK,
GENERAL,
TWO_LEFT_A,
TWO_LEFT_B
};
#define FAIL 0
#define SUCCESS 1
/**
* @struct CBCModeContext CBCMode.c "CBCMode.c"
* @brief The context for processing the en-/decryption in the CBC-Mode with
* CTS
*
* @param spill1 test1
*/
typedef struct CBCModeContext {
// Spill-Block 1 for temporary usage
uint8_t spill1 [CBCMODE_MAX_BLOCK_SIZE ];
// Spill-Block 2 for temporary usage
uint8_t spill2 [CBCMODE_MAX_BLOCK_SIZE ];
// the blocksize currently used
uint8_t bsize;
// how many more bytes of ciphertext do we need to recv
uint16_t remaining;
// how many bytes of plaintext we've deciphered.
uint16_t completed;
// TRUE iff spill1 is the accumulator and spill2 holds prev cipher text.
// false o.w.
uint8_t accum;
// into the accumulator
uint8_t offset;
// state enum
uint8_t state;
} /*__attribute__ ((packed)) */ CBCModeContext;
/*
* @brief Initialize the Mode. It uses the underlying BlockCipher's
* preferred block cipher mode, and passes the key and keySize
* parameters to the underlying BlockCipher.
*
* @param context structure to hold the opaque data from this
* initialization call. It should be passed to future
* invocations of this module which use this particular key.
* It also contains the opaque context for the underlying
* BlockCipher as well.
* @param keySize key size in bytes
* @param key pointer to the key
*
* @return Whether initialization was successful. The command may be
* unsuccessful if the key size is not valid for the given cipher
* implementation. It can also fail if the preferred block size of
* the cipher does not agree with the preferred size of the mode.
*/
int block_cipher_mode_init(CipherModeContext *context, uint8_t key_size,
uint8_t *key);
/**
* @brief same as BlockCipherMode_init but with the possibility to specify
* the index of the cipher in the archive
*
* @param context structure to hold the opaque data from this
* initialization call. It should be passed to future
* invocations of this module which use this particular
* key. It also contains the opaque context for the
* underlying BlockCipher as well.
* @param keySize key size in bytes.
* @param key pointer to the key.
* @param cipher_index the index of the cipher-algorithm to init in the
* (cipher-)archive
*
* @return Whether initialization was successful. The command may be
* unsuccessful if the key size is not valid for the given cipher
* implementation. It can also fail if the preferred block size of
* the cipher does not agree with the preferred size of the mode.
*/
int block_cipher_mode_init0(CipherModeContext *context, uint8_t key_size,
uint8_t *key, uint8_t cipher_index);
/**
* @brief prints the debug-messages passed by ::dumpBuffer
*
* @param mode the mode of the debug-message
* @param format pointer to the message
*/
void dbg(uint8_t mode, const char *format, ...);
/**
* @brief dumps the passed buffer to the console
*
* @param bufName pointer to the name of the buffer
* @param buf pointer to the buffer itself
* @param size the size of the buffer in bytes
*/
void dump_buffer(char *bufName, uint8_t *buf, uint8_t size);
/**
* @brief Encrypts num_bytes of plaintext blocks (each of size blockSize)
* using the key from the init phase. The IV is a pointer to the
* initialization vector (of size equal to the blockSize) which is
* used to initialize the encryption.
* In place encryption should work provided that the plain and and
* cipher buffer are the same. (they may either be the same or
* non-overlapping. partial overlaps are not supported).
*
* @param plain_blocks a plaintext block numBlocks, where each block is of
* blockSize bytes
* @param cipher_blocks an array of numBlocks * blockSize bytes to hold the
* resulting cyphertext
* @param num_bytes number of data blocks to encrypt
* @param IV an array of the initialization vector. It should be
* of block size bytes
*
* @return Whether the encryption was successful. Possible failure reasons
* include not calling init().
*/
int block_cipher_mode_encrypt(CipherModeContext *context, uint8_t *plain_blocks,
uint8_t *cipher_blocks, uint16_t num_bytes,
uint8_t *IV);
/**
* @brief Decrypts num_bytes of ciphertext blocks (each of size blockSize)
* using the key from the init phase. The IV is a pointer to the
* initialization vector (of size equal to the blockSize) which is
* used to initialize the decryption.
* In place decryption should work provided that the plain and and
* cipher buffer are the same. (they may either be the same or
* non-overlapping. partial overlaps are not supported).
*
* @param cipher_blocks an array of num_bytes * blockSize bytes that holds
* the cipher text
* @param plain_blocks an array of num_bytes * blockSize bytes to hold the
* resulting plaintext.
* @param num_bytes number of data blocks to encrypt
* @param IV an array of the initialization vector. It should be
* of block size bytes
*
* @return Whether the decryption was successful. Possible failure reasons
* include not calling init().
*/
int block_cipher_mode_decrypt(CipherModeContext *context,
uint8_t *cipher_blocks,
uint8_t *plain_blocks,
uint16_t num_bytes,
uint8_t *IV);
/** @} */
#endif /* CBCMODE_H_ */

122
sys/include/crypto/ciphers.h Normal file
View File

@ -0,0 +1,122 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file ciphers.h
* @brief Headers for the packet encryption class. They are used to encrypt single packets.
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
* @author Mark Essien <markessien@gmail.com>
*/
#ifndef __CIPHERS_H_
#define __CIPHERS_H_
/* Shared header file for all cipher algorithms */
/* Set the algorithms that should be compiled in here. When these defines
* are set, then packets will be compiled 5 times.
*
* */
#define AES
// #define RC5
// #define THREEDES
// #define AES
// #define TWOFISH
// #define SKIPJACK
/// the length of keys in bytes
#define PARSEC_MAX_BLOCK_CIPHERS 5
#define CIPHERS_KEYSIZE 20
/**
* @brief the context for cipher-operations
* always order by number of bytes descending!!! <br>
* rc5 needs 104 bytes <br>
* threedes needs 24 bytes <br>
* aes needs PARSEC_KEYSIZE bytes <br>
* twofish needs PARSEC_KEYSIZE bytes <br>
* skipjack needs 20 bytes <br>
* identity needs 1 byte <br>
*/
typedef struct {
#if defined(RC5)
uint8_t context[104]; // supports RC5 and lower
#elif defined(THREEDES)
uint8_t context[24]; // supports ThreeDES and lower
#elif defined(AES)
uint8_t context[CIPHERS_KEYSIZE]; // supports AES and lower
#elif defined(TWOFISH)
uint8_t context[CIPHERS_KEYSIZE]; // supports TwoFish and lower
#elif defined(SKIPJACK)
uint8_t context[20]; // supports SkipJack and lower
#endif
} cipher_context_t;
/**
* @struct BlockCipherInterface_t
* @brief BlockCipher-Interface for the Cipher-Algorithms
* @typedef BlockCipherInterface_t
*/
typedef struct {
char name[10];
// the init function
int (*BlockCipher_init)(cipher_context_t *context, uint8_t blockSize,
uint8_t keySize, uint8_t *key);
// the encrypt function
int (*BlockCipher_encrypt)(cipher_context_t *context, uint8_t *plainBlock,
uint8_t *cipherBlock);
// the decrypt function
int (*BlockCipher_decrypt)(cipher_context_t *context, uint8_t *cipherBlock,
uint8_t *plainBlock);
// the setupKey function
int (*setupKey)(cipher_context_t *context, uint8_t *key, uint8_t keysize);
// read the BlockSize of this Cipher
uint8_t (*BlockCipherInfo_getPreferredBlockSize)(void);
} block_cipher_interface_t;
typedef struct CipherModeContext {
cipher_context_t cc; // CipherContext for the cipher-operations
uint8_t context[24]; // context for the block-cipher-modes'
// internal functions
//CBCModeContext* context;
} CipherModeContext;
/**
* @brief struct for an archive of all available ciphers
* @struct BlockCipher_Archive_t CipherManager.h "ciphers/CipherManager.h"
* @typedef BlockCipher_Archive_t
*/
typedef struct {
// the number of available ciphers
uint8_t NoCiphers;
// the ciphers in form or BlockCipherInterface_ts
block_cipher_interface_t ciphers[PARSEC_MAX_BLOCK_CIPHERS];
} block_cipher_archive_t;
typedef struct {
// cipher_context_t for the cipher-operations
cipher_context_t cc;
#if defined(AES) || defined (TWOFISH)
// supports 16-Byte blocksize
uint8_t context[20];
#else
// supports 8-Byte blocksize
uint8_t context[12];
#endif
} cipher_mac_context_t;
/** @} */
#endif /* __CIPHERS_H_ */

140
sys/include/crypto/rc5.h Normal file
View File

@ -0,0 +1,140 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file rc5.h
* @brief Headers for the implementation of the RC5 Cipher-Algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*/
#include "crypto/ciphers.h"
#ifndef RC5_H_
#define RC5_H_
#define RC5_32_P 0xB7E15163L
#define RC5_32_Q 0x9E3779B9L
#define RC5_32_MASK 0xffffffffL
#define RC5_ROUNDS 12
#define rotl32(a,b) fastrol32((a), (b))
#define rotr32(a,b) fastror32((a), (b))
#define rol32(a, n) ( a = (((a) << (n)) | ((a) >> (32-(n)))))
#define ror32(a, n) ( a = (((a) >> (n)) | ((a) << (32-(n)))))
#define fastrol32 rol32
#define fastror32 ror32
// convert a 4byte char array to a unsigned long
// [assumes least significant byte of char array is first]
#define c2l(c,l) (l =((unsigned long)(*((c)))), \
l|=((unsigned long)(*((c+1))))<< 8L, \
l|=((unsigned long)(*((c+2))))<<16L, \
l|=((unsigned long)(*((c+3))))<<24L)
// convert an unsigned long to a 4 byte char array
// [assumes least significant byte of char array is first]
#define l2c(l,c) (*((c)) =(unsigned char)(((l) )&0xff), \
*((c+1))=(unsigned char)(((l)>> 8L)&0xff), \
*((c+2))=(unsigned char)(((l)>>16L)&0xff), \
*((c+3))=(unsigned char)(((l)>>24L)&0xff))
// 2 * (ROUNDS +1) * 4
// 2 * 13 * 4 = 104 bytes
/**
* @brief the cipher_context_t adapted for RC5
*/
typedef struct {
uint32_t skey [2 * (RC5_ROUNDS + 1)];
} rc5_context_t;
/**
* @brief Initialize the BlockCipher.
*
* @param context the cipher_context_t-struct to save the initialization
* of the cipher in
* @param blockSize the used blocksize - this must match the
* cipher-blocksize
* @param keySize the size of the key
* @param key a pointer to the key
*
* @return Whether initialization was successful. The command may be
* unsuccessful if the key size or blockSize are not valid for the
* given cipher implementation.
*/
int rc5_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key);
/**
* @brief Encrypts a single block (of blockSize) using the passed context.
*
* PROLOGUE: 24 cycles
* INIT: 48 cycles
* LOOP: 1680 cycles (12 + fastrol [= 42] + 16) * 2 * RC5_ROUNDS
* CLOSE: 24 cycles
* =====================
* 1776 cycles (avg case)
*
* @param context the cipher_context_t-struct to save the updated key in
* @param plainBlock a plaintext block of blockSize
* @param cipherBlock the resulting ciphertext block of blockSize
*
* @return Whether the encryption was successful. Possible failure reasons
* include not calling init().
*/
int rc5_encrypt(cipher_context_t *context, uint8_t *block, uint8_t *cipherBlock);
/**
* @brief Decrypts a single block (of blockSize) using the key and the
* keySize.
*
* @param context the cipher_context_t-struct to use for this decryption
* @param cipherBlock a ciphertext block of blockSize
* @param plainBlock the resulting plaintext block of blockSize
*
* @return Whether the decryption was successful. Possible failure reasons
* include not calling init() or an unimplimented decrypt function.
*/
int rc5_decrypt(cipher_context_t *context, uint8_t *cipherBlock,
uint8_t *plainBlock);
/**
* @brief Sets up the key for usage with RC5
* Performs the key expansion on the real secret.
*
* @param context the cipher_context_t-struct to save the updated key in
* @param key a pointer to the secret key
* @param keysize the length of the secret key
*
* @return SUCCESS
*/
int rc5_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize);
/**
* @brief Returns the preferred block size that this cipher operates with.
* It is always safe to call this function before the init() call has
* been made.
*
* @return the preferred block size for this cipher.
*/
uint8_t rc5_get_preferred_block_size(void);
/**
* Interface to access the functions
*
*/
extern block_cipher_interface_t rc5_interface;
/** @} */
#endif /* RC5_H_ */

33
sys/include/sha256.h → sys/include/crypto/sha256.h
View File

@ -34,6 +34,18 @@
* @brief SHA264 hash generator
*/
/**
* @ingroup sys_crypto
* @{
*
* @file sha256.h
* @brief Header definitions for the SHA256 hash function
*
* @author Colin Percival
* @author Christian Mehlis
* @author Rene Kijewski
*/
#ifndef _SHA256_H_
#define _SHA256_H_
@ -41,36 +53,36 @@
#define SHA256_DIGEST_LENGTH 32
typedef struct SHA256Context {
typedef struct {
uint32_t state[8];
uint32_t count[2];
unsigned char buf[64];
} SHA256_CTX;
} sha256_context_t;
/**
* @brief SHA-256 initialization. Begins a SHA-256 operation.
*
* @param ctx SHA256_CTX handle to init
* @param ctx sha256_context_t handle to init
*/
void SHA256_Init(SHA256_CTX *ctx);
void sha256_init(sha256_context_t *ctx);
/**
* @brief Add bytes into the hash
*
* @param ctx SHA256_CTX handle to use
* @param ctx sha256_context_t handle to use
* @param in pointer to the input buffer
* @param len length of the buffer
*/
void SHA256_Update(SHA256_CTX *ctx, const void *in, size_t len);
void sha256_update(sha256_context_t *ctx, const void *in, size_t len);
/**
* @brief SHA-256 finalization. Pads the input data, exports the hash value,
* and clears the context state.
*
* @param digest resulting digest, this is the hash of all the bytes
* @param ctx SHA256_CTX handle to use
* @param ctx sha256_context_t handle to use
*/
void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx);
void sha256_final(unsigned char digest[32], sha256_context_t *ctx);
/**
* @brief A wrapper function to simplify the generation of a hash, this is
@ -82,6 +94,7 @@ void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx);
* SHA256_DIGEST_LENGTH
* if md == NULL, one static buffer is used
*/
unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
unsigned char *sha256(const unsigned char *d, size_t n, unsigned char *md);
#endif /* !_SHA256_H_ */
/** @} */
#endif /* _SHA256_H_ */

170
sys/include/crypto/skipjack.h Normal file
View File

@ -0,0 +1,170 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file skipjack.h
* @brief Headers for the implementation of the SkipJack cipher-algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de>
*/
#ifndef SKIPJACK_H_
#define SKIPJACK_H_
#include "crypto/ciphers.h"
#define F(addr) /*CRYPTO_TABLE_ACCESS( &SJ_F[addr])*/ (SJ_F[addr])
// G-Permutation: 4 round feistel structure
#define G(key, b, bLeft, bRight) \
( \
bLeft = b, \
bRight = (b >> 8), \
bLeft ^= F(bRight ^ key[0]), \
bRight ^= F(bLeft ^ key[1]), \
bLeft ^= F(bRight ^ key[2]), \
bRight ^= F(bLeft ^ key[3]), \
((bRight << 8) | bLeft))
#define G_INV(key, b, bLeft, bRight) \
( bLeft = b, \
bRight = (b >> 8), \
bRight ^= F(bLeft ^ key[3]), \
bLeft ^= F(bRight ^ key[2]), \
bRight ^= F(bLeft ^ key[1]), \
bLeft ^= F(bRight ^ key[0]), \
((bRight << 8) | bLeft))
// A-RULE:
#define RULE_A(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight ) { \
tmp = w4; \
w4 = w3; \
w3 = w2; \
w2 = G(skey, w1, bLeft, bRight); \
w1 = ((tmp ^ w2) ^ counter); \
counter++; \
skey += 4; }
#define RULE_A_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight) { \
tmp = w4; \
w4 = (w1 ^ w2 ^ counter); \
w1 = G_INV(skey, w2, bLeft, bRight); \
w2 = w3; \
w3 = tmp; \
counter--; \
skey -= 4; } \
// B-RULE:
#define RULE_B(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight ) { \
tmp = w1; \
w1 = w4; \
w4 = w3; \
w3 = (tmp ^ w2 ^ counter); \
w2 = G(skey, tmp, bLeft, bRight); \
counter++; \
skey += 4; }
#define RULE_B_INV(skey, w1, w2, w3, w4, counter, tmp, bLeft, bRight ) { \
tmp = w1; \
w1 = G_INV(skey, w2, bLeft, bRight); \
w2 = (w1 ^ w3 ^ counter); \
w3 = w4; \
w4 = tmp; \
counter--; \
skey -= 4; }
/**
* @brief The cipher_context_t adapted for SkipJack
* @typedef skipjack_context_t
*/
typedef struct {
// 2 times keysize. makes unrolling keystream easier / efficient
uint8_t skey [ 20 ];
} skipjack_context_t;
/**
* @brief Initialize the SkipJack-BlockCipher context.
*
* @param context structure to hold the opaque data from this
* initialization call. It should be passed to future
* invocations of this module which use this particular
* key.
* @param blockSize size of the block in bytes.
* @param keySize key size in bytes
* @param key pointer to the key
*
* @return Whether initialization was successful. The command may be
* unsuccessful if the key size or blockSize are not valid.
*/
int skipjack_init(cipher_context_t *context, uint8_t blockSize, uint8_t keySize,
uint8_t *key);
/**
* @brief Encrypts a single block (of blockSize) using the passed context.
*
* @param context holds the module specific opaque data related to the
* key (perhaps key expansions).
* @param plainBlock a plaintext block of blockSize
* @param cipherBlock the resulting ciphertext block of blockSize
*
* @return Whether the encryption was successful. Possible failure reasons
* include not calling init().
*/
int skipjack_encrypt(cipher_context_t *context, uint8_t *plainBlock,
uint8_t *cipherBlock);
/**
* @brief Decrypts a single block (of blockSize) using the passed context.
*
* @param context holds the module specific opaque data related to the
* key (perhaps key expansions).
* @param cipherBlock a ciphertext block of blockSize
* @param plainBlock the resulting plaintext block of blockSize
*
* @return Whether the decryption was successful. Possible failure reasons
* include not calling init()
*/
int skipjack_decrypt(cipher_context_t *context, uint8_t *cipherBlock,
uint8_t *plainBlock);
/**
* @brief Sets up the context to use the passed key for usage with SkipJack
* Performs the key expansion on the real secret.
*
* @param context the cipher_context_t-struct to save the updated key in
* @param key a pointer to the secret key
* @param keysize the length of the secret key
*
* @return SUCCESS
*/
int skipjack_setup_key(cipher_context_t *context, uint8_t *key, uint8_t keysize);
/**
* @brief Returns the preferred block size that this cipher operates with.
* It is always safe to call this function before the init() call has
* been made.
*
* @return the preferred block size for this cipher. In the case where the
* cipher operates with multiple block sizes, this will pick one
* particular size (deterministically).
*/
uint8_t skipjack_get_preferred_block_size(void);
/**
* Interface to access the functions
*
*/
extern block_cipher_interface_t skipjack_interface;
/** @} */
#endif /* SKIPJACK_H_ */

281
sys/include/crypto/twofish.h Normal file
View File

@ -0,0 +1,281 @@
/*
* Copyright (C) 2013 Freie Universität Berlin, Computer Systems & Telematics
*
* This source code is licensed under the LGPLv2 license,
* See the file LICENSE for more details.
*/
/**
* @ingroup sys_crypto
* @{
*
* @file twofish.h
* @brief Headers for the implementation of the TwoFish Cipher-Algorithm
*
* @author Freie Universitaet Berlin, Computer Systems & Telematics
* @author Nicolai Schmittberger <nicolai.schmittberger@fu-berlin.de>
* @author Zakaria Kasmi <zkasmi@inf.fu-berlin.de> *
*/
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "crypto/ciphers.h"
#ifndef TWOFISH_H_
#define TWOFISH_H_
#define TWOFISH_BLOCK_SIZE 16
#define TWOFISH_KEY_SIZE 16 //only alternative is 32!
/**
* Macro to perform one column of the RS matrix multiplication. The
* parameters a, b, c, and d are the four bytes of output; i is the index
* of the key bytes, and w, x, y, and z, are the column of constants from
* the RS matrix, preprocessed through the poly_to_exp table.
**/
#define CALC_S(a, b, c, d, i, w, x, y, z) \
if (key[i]) { \
tmp = poly_to_exp[key[i] - 1]; \
(a) ^= exp_to_poly[tmp + (w)]; \
(b) ^= exp_to_poly[tmp + (x)]; \
(c) ^= exp_to_poly[tmp + (y)]; \
(d) ^= exp_to_poly[tmp + (z)]; \
}
/**
* Macros to calculate the key-dependent S-boxes for a 128-bit key using
* the S vector from CALC_S. CALC_SB_2 computes a single entry in all
* four S-boxes, where i is the index of the entry to compute, and a and b
* are the index numbers preprocessed through the q0 and q1 tables
* respectively. CALC_SB is simply a convenience to make the code shorter;
* it calls CALC_SB_2 four times with consecutive indices from i to i+3,
* using the remaining parameters two by two.
**/
#define CALC_SB_2(i, a, b) \
ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
#define CALC_SB(i, a, b, c, d, e, f, g, h) \
CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
#define CALC_SB256_2(i, a, b) \
ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
/**
* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the
* last two stages of the h() function for a given index (either 2i or 2i+1).
* a, b, c, and d are the four bytes going into the last two stages. For
* 128-bit keys, this is the entire h() function and a and c are the index
* preprocessed through q0 and q1 respectively; for longer keys they are the
* output of previous stages. j is the index of the first key byte to use.
* CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
* twice, doing the Psuedo-Hadamard Transform, and doing the necessary
* rotations. Its parameters are: a, the array to write the results into,
* j, the index of the first output entry, k and l, the preprocessed indices
* for index 2i, and m and n, the preprocessed indices for index 2i+1.
* CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
* additional lookup-and-XOR stages. The parameters a and b are the index
* preprocessed through q0 and q1 respectively; j is the index of the first
* key byte to use. CALC_K256 is identical to CALC_K but for using the
* CALC_K256_2 macro instead of CALC_K_2.
**/
#define CALC_K_2(a, b, c, d, j) \
mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
#define CALC_K(a, j, k, l, m, n) \
x = CALC_K_2 (k, l, k, l, 0); \
y = CALC_K_2 (m, n, m, n, 4); \
y = (y << 8) + (y >> 24); \
x += y; y += x; ctx->a[j] = x; \
ctx->a[(j) + 1] = (y << 9) + (y >> 23)
#define CALC_K256_2(a, b, j) \
CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
#define CALC_K256(a, j, k, l, m, n) \
x = CALC_K256_2 (k, l, 0); \
y = CALC_K256_2 (m, n, 4); \
y = (y << 8) + (y >> 24); \
x += y; y += x; ctx->a[j] = x; \
ctx->a[(j) + 1] = (y << 9) + (y >> 23)
/**
* Macros to compute the g() function in the encryption and decryption
* rounds. G1 is the straight g() function; G2 includes the 8-bit
* rotation for the high 32-bit word.
**/
#define G1(a) \
(ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
#define G2(b) \
(ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
/**
* Encryption and decryption Feistel rounds. Each one calls the two g()
* macros, does the PHT, and performs the XOR and the appropriate bit
* rotations. The parameters are the round number (used to select subkeys),
* and the four 32-bit chunks of the text.
**/
#define ENCROUND(n, a, b, c, d) \
x = G1 (a); y = G2 (b); \
x += y; y += x + ctx->k[2 * (n) + 1]; \
(c) ^= x + ctx->k[2 * (n)]; \
(c) = ((c) >> 1) + ((c) << 31); \
(d) = (((d) << 1)+((d) >> 31)) ^ y
#define DECROUND(n, a, b, c, d) \
x = G1 (a); y = G2 (b); \
x += y; y += x; \
(d) ^= y + ctx->k[2 * (n) + 1]; \
(d) = ((d) >> 1) + ((d) << 31); \
(c) = (((c) << 1)+((c) >> 31)); \
(c) ^= (x + ctx->k[2 * (n)])
/**
* Encryption and decryption cycles; each one is simply two Feistel rounds
* with the 32-bit chunks re-ordered to simulate the "swap"
**/
#define ENCCYCLE(n) \
ENCROUND (2 * (n), a, b, c, d); \
ENCROUND (2 * (n) + 1, c, d, a, b)
#define DECCYCLE(n) \
DECROUND (2 * (n) + 1, c, d, a, b); \
DECROUND (2 * (n), a, b, c, d)
/**
* Macros to convert the input and output bytes into 32-bit words,
* and simultaneously perform the whitening step. INPACK packs word
* number n into the variable named by x, using whitening subkey number m.
* OUTUNPACK unpacks word number n from the variable named by x, using
* whitening subkey number m.
**/
#define INPACK(n, x, m) \
x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
#define OUTUNPACK(n, x, m) \
x ^= ctx->w[m]; \
out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
/**
* @brief Structure for an expanded Twofish key.
*
* @param s contains the key-dependent S-boxes composed with the MDS
* matrix;
* @param w contains the eight "whitening" subkeys, K[0] through K[7].
* @param k holds the remaining, "round" subkeys.
*
* Note that k[i] corresponds to what the Twofish paper calls K[i+8].
*/
typedef struct {
uint32_t s[4][256], w[8], k[32];
} twofish_context_t;
/**
* @brief Initialize the TwoFish-BlockCipher context.
*
* @param context structure to hold the opaque data from this
* initialization
* call. It should be passed to future invocations of
* this module
* which use this particular key.
* @param blockSize size of the block in bytes.
* @param keySize key size in bytes
* @param key pointer to the key
*
* @return Whether initialization was successful. The command may be
* unsuccessful if the key size or blockSize are not valid.
*/
int twofish_init(cipher_context_t *context, uint8_t block_size, uint8_t key_size, uint8_t *key);
/**
* @brief Sets up the context to use the passed key for usage with TwoFish
* Performs the key expansion on the real secret.
*
* @param context the CipherContext-struct to save the updated key in
* @param key a pointer to the secret key
* @param keysize the length of the secret key
*
* @return SUCCESS
*/
int twofish_setup_key(cipher_context_t *context, uint8_t *key, uint8_t key_size);
/**
* @brief Encrypts a single block (of blockSize) using the passed context.
*
* @param context holds the module specific opaque data related to the
* key (perhaps key expansions).
* @param in a plaintext block of blockSize
* @param out the resulting ciphertext block of blockSize
*
* @return Whether the encryption was successful. Possible failure reasons
* include not calling init().
*/
int twofish_encrypt(cipher_context_t *context, uint8_t *in, uint8_t *out);
/**
* @brief Decrypts a single block (of blockSize) using the passed context.
*
* @param context holds the module specific opaque data related to the
* key (perhaps key expansions).
* @param in a ciphertext block of blockSize
* @param out the resulting plaintext block of blockSize
*
* @return Whether the decryption was successful. Possible failure reasons
* include not calling init()
*/
int twofish_decrypt(cipher_context_t *context, uint8_t *in, uint8_t *out);
/**
* @brief Returns the preferred block size that this cipher operates with.
* It is always safe to call this function before the init() call has
* been made.
*
* @return the preferred block size for this cipher. In the case where the
* cipher operates with multiple block sizes, this will pick one
* particular size (deterministically).
*/
uint8_t twofish_get_preferred_block_size(void);
/**
* Interface to access the functions
*
*/
extern block_cipher_interface_t twofish_interface;
/** @} */
#endif /* TWOFISH_H_ */