New block cipher.

[catacomb] / square.c

/* -*-c-*-
 *
 * $Id: square.c,v 1.1 2000/07/15 20:51:58 mdw Exp $
 *
 * The Square block cipher
 *
 * (c) 2000 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: square.c,v $
 * Revision 1.1  2000/07/15 20:51:58  mdw
 * New block cipher.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <assert.h>
#include <stdio.h>

#include <mLib/bits.h>

#include "blkc.h"
#include "gcipher.h"
#include "paranoia.h"
#include "square.h"
#include "square-tab.h"

/*----- Global variables --------------------------------------------------*/

const octet square_keysz[] = { KSZ_RANGE, SQUARE_KEYSZ, 4, 16, 4 };

/*----- Constant tables ---------------------------------------------------*/

static const octet S[256] = SQUARE_S, SI[256] = SQUARE_SI;
static const uint32 T[4][256] = SQUARE_T, TI[4][256] = SQUARE_TI;
static const uint32 U[4][256] = SQUARE_U;
static const octet rcon[] = SQUARE_RCON;

/*----- Main code ---------------------------------------------------------*/

#define BYTESUB(x, s)                                                   \
  (s[U8((x) >> 24)] << 24 | s[U8((x) >> 16)] << 16 |                    \
   s[U8((x) >>  8)] <<  8 | s[U8((x) >>  0)] <<  0)

/* --- @square_init@ --- *
 *
 * Arguments:   @square_ctx *k@ = pointer to context to initialize
 *              @const void *buf@ = pointer to buffer of key material
 *              @size_t sz@ = size of the key material
 *
 * Returns:     ---
 *
 * Use:         Initializes a Square context with a particular key.  Square
 *              keys must be a multiple of 32 bits long, and may be at most
 *              128 bits.
 */

void square_init(square_ctx *k, const void *buf, size_t sz)
{
  unsigned nk, nr, nw;
  unsigned i, j, jj;
  const octet *p;
  uint32 ww;
  uint32 kk[SQUARE_KWORDS];

  /* --- Sort out the key size --- */

  KSZ_ASSERT(square, sz);
  nk = sz / 4;

  /* --- Fetch the first key words out --- */

  p = buf;
  for (i = 0; i < nk; i++) {
    kk[i] = LOAD32_L(p);
    p += 4;
  }
  nr = 8;

  /* --- Expand this material to fill the rest of the table --- */

  nw = (nr + 1) * 4;
  ww = kk[i - 1];
  p = rcon;
  for (; i < nw; i++) {
    uint32 w = kk[i - nk];
    if (i % nk == 0) {
      ww = ROR32(ww, 8);
      w ^= ww ^ *p++;
    } else
      w ^= ww;
    kk[i] = ww = w;
  }

  /* --- Make the encryption and decryption keys --- */

  for (i = 0; i < nr * 4; i++) {
    uint32 w = kk[i];
    k->w[i] = (U[0][U8(w >>  0)] ^ U[1][U8(w >>  8)] ^
               U[2][U8(w >> 16)] ^ U[3][U8(w >> 24)]);
  }
  for (; i < nw; i++)
    k->w[i] = kk[i];

  jj = nw;
  for (i = 0; i < nr * 4; i += 4) {
    jj -= 4;
    for (j = 0; j < 4; j++)
      k->wi[i + j] = kk[jj + j];
  }
  for (j = 0; j < 4; j++)
    k->wi[i + j] = k->w[j];

  BURN(kk);
}

/* --- @square_eblk@, @square_dblk@ --- *
 *
 * Arguments:   @const square_ctx *k@ = pointer to Square context
 *              @const uint32 s[4]@ = pointer to source block
 *              @uint32 d[4]@ = pointer to destination block
 *
 * Returns:     ---
 *
 * Use:         Low-level block encryption and decryption.
 */

#define EROUND(aa, bb, cc, dd, a, b, c, d, w) do {                      \
  aa = (T[0][U8(a >>  0)] ^ T[1][U8(b >>  0)] ^                         \
        T[2][U8(c >>  0)] ^ T[3][U8(d >>  0)]) ^ *w++;                  \
  bb = (T[0][U8(a >>  8)] ^ T[1][U8(b >>  8)] ^                         \
        T[2][U8(c >>  8)] ^ T[3][U8(d >>  8)]) ^ *w++;                  \
  cc = (T[0][U8(a >> 16)] ^ T[1][U8(b >> 16)] ^                         \
        T[2][U8(c >> 16)] ^ T[3][U8(d >> 16)]) ^ *w++;                  \
  dd = (T[0][U8(a >> 24)] ^ T[1][U8(b >> 24)] ^                         \
        T[2][U8(c >> 24)] ^ T[3][U8(d >> 24)]) ^ *w++;                  \
} while (0)

#define DROUND(aa, bb, cc, dd, a, b, c, d, w) do {                      \
  aa = (TI[0][U8(a >>  0)] ^ TI[1][U8(b >>  0)] ^                       \
        TI[2][U8(c >>  0)] ^ TI[3][U8(d >>  0)]) ^ *w++;                \
  bb = (TI[0][U8(a >>  8)] ^ TI[1][U8(b >>  8)] ^                       \
        TI[2][U8(c >>  8)] ^ TI[3][U8(d >>  8)]) ^ *w++;                \
  cc = (TI[0][U8(a >> 16)] ^ TI[1][U8(b >> 16)] ^                       \
        TI[2][U8(c >> 16)] ^ TI[3][U8(d >> 16)]) ^ *w++;                \
  dd = (TI[0][U8(a >> 24)] ^ TI[1][U8(b >> 24)] ^                       \
        TI[2][U8(c >> 24)] ^ TI[3][U8(d >> 24)]) ^ *w++;                \
} while (0)

void square_eblk(const square_ctx *k, const uint32 *s, uint32 *dst)
{
  uint32 a = s[0], b = s[1], c = s[2], d = s[3];
  uint32 aa, bb, cc, dd;
  uint32 *w = k->w;

  a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;

  EROUND(aa, bb, cc, dd, a, b, c, d, w);
  EROUND(a, b, c, d, aa, bb, cc, dd, w);
  EROUND(aa, bb, cc, dd, a, b, c, d, w);
  EROUND(a, b, c, d, aa, bb, cc, dd, w);
  EROUND(aa, bb, cc, dd, a, b, c, d, w);
  EROUND(a, b, c, d, aa, bb, cc, dd, w);
  EROUND(aa, bb, cc, dd, a, b, c, d, w);

  a = ((S[U8(aa >>  0)] <<  0) ^ (S[U8(bb >>  0)] <<  8) ^
       (S[U8(cc >>  0)] << 16) ^ (S[U8(dd >>  0)] << 24)) ^ *w++;
  b = ((S[U8(aa >>  8)] <<  0) ^ (S[U8(bb >>  8)] <<  8) ^      
       (S[U8(cc >>  8)] << 16) ^ (S[U8(dd >>  8)] << 24)) ^ *w++;
  c = ((S[U8(aa >> 16)] <<  0) ^ (S[U8(bb >> 16)] <<  8) ^
       (S[U8(cc >> 16)] << 16) ^ (S[U8(dd >> 16)] << 24)) ^ *w++;
  d = ((S[U8(aa >> 24)] <<  0) ^ (S[U8(bb >> 24)] <<  8) ^
       (S[U8(cc >> 24)] << 16) ^ (S[U8(dd >> 24)] << 24)) ^ *w++;

  dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
}

void square_dblk(const square_ctx *k, const uint32 *s, uint32 *dst)
{
  uint32 a = s[0], b = s[1], c = s[2], d = s[3];
  uint32 aa, bb, cc, dd;
  uint32 *w = k->wi;

  a ^= *w++; b ^= *w++; c ^= *w++; d ^= *w++;

  DROUND(aa, bb, cc, dd, a, b, c, d, w);
  DROUND(a, b, c, d, aa, bb, cc, dd, w);
  DROUND(aa, bb, cc, dd, a, b, c, d, w);
  DROUND(a, b, c, d, aa, bb, cc, dd, w);
  DROUND(aa, bb, cc, dd, a, b, c, d, w);
  DROUND(a, b, c, d, aa, bb, cc, dd, w);
  DROUND(aa, bb, cc, dd, a, b, c, d, w);

  a = ((SI[U8(aa >>  0)] <<  0) ^ (SI[U8(bb >>  0)] <<  8) ^
       (SI[U8(cc >>  0)] << 16) ^ (SI[U8(dd >>  0)] << 24)) ^ *w++;
  b = ((SI[U8(aa >>  8)] <<  0) ^ (SI[U8(bb >>  8)] <<  8) ^
       (SI[U8(cc >>  8)] << 16) ^ (SI[U8(dd >>  8)] << 24)) ^ *w++;
  c = ((SI[U8(aa >> 16)] <<  0) ^ (SI[U8(bb >> 16)] <<  8) ^
       (SI[U8(cc >> 16)] << 16) ^ (SI[U8(dd >> 16)] << 24)) ^ *w++;
  d = ((SI[U8(aa >> 24)] <<  0) ^ (SI[U8(bb >> 24)] <<  8) ^
       (SI[U8(cc >> 24)] << 16) ^ (SI[U8(dd >> 24)] << 24)) ^ *w++;

  dst[0] = a; dst[1] = b; dst[2] = c; dst[3] = d;
}

BLKC_TEST(SQUARE, square)

/*----- That's all, folks -------------------------------------------------*/