3 * $Id: square.c,v 1.1 2000/07/15 20:51:58 mdw Exp $
5 * The Square block cipher
7 * (c) 2000 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Revision history --------------------------------------------------*
33 * Revision 1.1 2000/07/15 20:51:58 mdw
38 /*----- Header files ------------------------------------------------------*/
43 #include <mLib/bits.h>
49 #include "square-tab.h"
51 /*----- Global variables --------------------------------------------------*/
53 const octet square_keysz[] = { KSZ_RANGE, SQUARE_KEYSZ, 4, 16, 4 };
55 /*----- Constant tables ---------------------------------------------------*/
57 static const octet S[256] = SQUARE_S, SI[256] = SQUARE_SI;
58 static const uint32 T[4][256] = SQUARE_T, TI[4][256] = SQUARE_TI;
59 static const uint32 U[4][256] = SQUARE_U;
60 static const octet rcon[] = SQUARE_RCON;
62 /*----- Main code ---------------------------------------------------------*/
64 #define BYTESUB(x, s) \
65 (s[U8((x) >> 24)] << 24 | s[U8((x) >> 16)] << 16 | \
66 s[U8((x) >> 8)] << 8 | s[U8((x) >> 0)] << 0)
68 /* --- @square_init@ --- *
70 * Arguments: @square_ctx *k@ = pointer to context to initialize
71 * @const void *buf@ = pointer to buffer of key material
72 * @size_t sz@ = size of the key material
76 * Use: Initializes a Square context with a particular key. Square
77 * keys must be a multiple of 32 bits long, and may be at most
81 void square_init(square_ctx *k, const void *buf, size_t sz)
87 uint32 kk[SQUARE_KWORDS];
89 /* --- Sort out the key size --- */
91 KSZ_ASSERT(square, sz);
94 /* --- Fetch the first key words out --- */
97 for (i = 0; i < nk; i++) {
103 /* --- Expand this material to fill the rest of the table --- */
108 for (; i < nw; i++) {
109 uint32 w = kk[i - nk];
118 /* --- Make the encryption and decryption keys --- */
120 for (i = 0; i < nr * 4; i++) {
122 k->w[i] = (U[0][U8(w >> 0)] ^ U[1][U8(w >> 8)] ^
123 U[2][U8(w >> 16)] ^ U[3][U8(w >> 24)]);
129 for (i = 0; i < nr * 4; i += 4) {
131 for (j = 0; j < 4; j++)
132 k->wi[i + j] = kk[jj + j];
134 for (j = 0; j < 4; j++)
135 k->wi[i + j] = k->w[j];
140 /* --- @square_eblk@, @square_dblk@ --- *
142 * Arguments: @const square_ctx *k@ = pointer to Square context
143 * @const uint32 s[4]@ = pointer to source block
144 * @uint32 d[4]@ = pointer to destination block
148 * Use: Low-level block encryption and decryption.
151 #define EROUND(aa, bb, cc, dd, a, b, c, d, w) do { \
152 aa = (T[0][U8(a >> 0)] ^ T[1][U8(b >> 0)] ^ \
153 T[2][U8(c >> 0)] ^ T[3][U8(d >> 0)]) ^ *w++; \
154 bb = (T[0][U8(a >> 8)] ^ T[1][U8(b >> 8)] ^ \
155 T[2][U8(c >> 8)] ^ T[3][U8(d >> 8)]) ^ *w++; \
156 cc = (T[0][U8(a >> 16)] ^ T[1][U8(b >> 16)] ^ \
157 T[2][U8(c >> 16)] ^ T[3][U8(d >> 16)]) ^ *w++; \
158 dd = (T[0][U8(a >> 24)] ^ T[1][U8(b >> 24)] ^ \
159 T[2][U8(c >> 24)] ^ T[3][U8(d >> 24)]) ^ *w++; \
162 #define DROUND(aa, bb, cc, dd, a, b, c, d, w) do { \
163 aa = (TI[0][U8(a >> 0)] ^ TI[1][U8(b >> 0)] ^ \
164 TI[2][U8(c >> 0)] ^ TI[3][U8(d >> 0)]) ^ *w++; \
165 bb = (TI[0][U8(a >> 8)] ^ TI[1][U8(b >> 8)] ^ \
166 TI[2][U8(c >> 8)] ^ TI[3][U8(d >> 8)]) ^ *w++; \
167 cc = (TI[0][U8(a >> 16)] ^ TI[1][U8(b >> 16)] ^ \
168 TI[2][U8(c >> 16)] ^ TI[3][U8(d >> 16)]) ^ *w++; \
169 dd = (TI[0][U8(a >> 24)] ^ TI[1][U8(b >> 24)] ^ \
170 TI[2][U8(c >> 24)] ^ TI[3][U8(d >> 24)]) ^ *w++; \
173 void square_eblk(const square_ctx *k, const uint32 *s, uint32 *dst)
175 uint32 a = s[0], b = s[1], c = s[2], d = s[3];
176 uint32 aa, bb, cc, dd;
179 a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;
181 EROUND(aa, bb, cc, dd, a, b, c, d, w);
182 EROUND(a, b, c, d, aa, bb, cc, dd, w);
183 EROUND(aa, bb, cc, dd, a, b, c, d, w);
184 EROUND(a, b, c, d, aa, bb, cc, dd, w);
185 EROUND(aa, bb, cc, dd, a, b, c, d, w);
186 EROUND(a, b, c, d, aa, bb, cc, dd, w);
187 EROUND(aa, bb, cc, dd, a, b, c, d, w);
189 a = ((S[U8(aa >> 0)] << 0) ^ (S[U8(bb >> 0)] << 8) ^
190 (S[U8(cc >> 0)] << 16) ^ (S[U8(dd >> 0)] << 24)) ^ *w++;
191 b = ((S[U8(aa >> 8)] << 0) ^ (S[U8(bb >> 8)] << 8) ^
192 (S[U8(cc >> 8)] << 16) ^ (S[U8(dd >> 8)] << 24)) ^ *w++;
193 c = ((S[U8(aa >> 16)] << 0) ^ (S[U8(bb >> 16)] << 8) ^
194 (S[U8(cc >> 16)] << 16) ^ (S[U8(dd >> 16)] << 24)) ^ *w++;
195 d = ((S[U8(aa >> 24)] << 0) ^ (S[U8(bb >> 24)] << 8) ^
196 (S[U8(cc >> 24)] << 16) ^ (S[U8(dd >> 24)] << 24)) ^ *w++;
198 dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
201 void square_dblk(const square_ctx *k, const uint32 *s, uint32 *dst)
203 uint32 a = s[0], b = s[1], c = s[2], d = s[3];
204 uint32 aa, bb, cc, dd;
207 a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;
209 DROUND(aa, bb, cc, dd, a, b, c, d, w);
210 DROUND(a, b, c, d, aa, bb, cc, dd, w);
211 DROUND(aa, bb, cc, dd, a, b, c, d, w);
212 DROUND(a, b, c, d, aa, bb, cc, dd, w);
213 DROUND(aa, bb, cc, dd, a, b, c, d, w);
214 DROUND(a, b, c, d, aa, bb, cc, dd, w);
215 DROUND(aa, bb, cc, dd, a, b, c, d, w);
217 a = ((SI[U8(aa >> 0)] << 0) ^ (SI[U8(bb >> 0)] << 8) ^
218 (SI[U8(cc >> 0)] << 16) ^ (SI[U8(dd >> 0)] << 24)) ^ *w++;
219 b = ((SI[U8(aa >> 8)] << 0) ^ (SI[U8(bb >> 8)] << 8) ^
220 (SI[U8(cc >> 8)] << 16) ^ (SI[U8(dd >> 8)] << 24)) ^ *w++;
221 c = ((SI[U8(aa >> 16)] << 0) ^ (SI[U8(bb >> 16)] << 8) ^
222 (SI[U8(cc >> 16)] << 16) ^ (SI[U8(dd >> 16)] << 24)) ^ *w++;
223 d = ((SI[U8(aa >> 24)] << 0) ^ (SI[U8(bb >> 24)] << 8) ^
224 (SI[U8(cc >> 24)] << 16) ^ (SI[U8(dd >> 24)] << 24)) ^ *w++;
226 dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
229 BLKC_TEST(SQUARE, square)
231 /*----- That's all, folks -------------------------------------------------*/