Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/cast.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD: releng/5.1/sys/opencrypto/cast.c 104476 2002-10-04 20:31:23Z sam $ */ 2 /* $OpenBSD: cast.c,v 1.2 2000/06/06 06:49:47 deraadt Exp $ */ 3 4 /* 5 * CAST-128 in C 6 * Written by Steve Reid <sreid@sea-to-sky.net> 7 * 100% Public Domain - no warranty 8 * Released 1997.10.11 9 */ 10 11 #include <sys/types.h> 12 #include <opencrypto/cast.h> 13 #include <opencrypto/castsb.h> 14 15 /* Macros to access 8-bit bytes out of a 32-bit word */ 16 #define U_INT8_Ta(x) ( (u_int8_t) (x>>24) ) 17 #define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) ) 18 #define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) ) 19 #define U_INT8_Td(x) ( (u_int8_t) ((x)&255) ) 20 21 /* Circular left shift */ 22 #define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) ) 23 24 /* CAST-128 uses three different round functions */ 25 #define F1(l, r, i) \ 26 t = ROL(key->xkey[i] + r, key->xkey[i+16]); \ 27 l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \ 28 cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)]; 29 #define F2(l, r, i) \ 30 t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \ 31 l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \ 32 cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)]; 33 #define F3(l, r, i) \ 34 t = ROL(key->xkey[i] - r, key->xkey[i+16]); \ 35 l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \ 36 cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)]; 37 38 39 /***** Encryption Function *****/ 40 41 void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) 42 { 43 u_int32_t t, l, r; 44 45 /* Get inblock into l,r */ 46 l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | 47 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; 48 r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | 49 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; 50 /* Do the work */ 51 F1(l, r, 0); 52 F2(r, l, 1); 53 F3(l, r, 2); 54 F1(r, l, 3); 55 F2(l, r, 4); 56 F3(r, l, 5); 57 F1(l, r, 6); 58 F2(r, l, 7); 59 F3(l, r, 8); 60 F1(r, l, 9); 61 F2(l, r, 10); 62 F3(r, l, 11); 63 /* Only do full 16 rounds if key length > 80 bits */ 64 if (key->rounds > 12) { 65 F1(l, r, 12); 66 F2(r, l, 13); 67 F3(l, r, 14); 68 F1(r, l, 15); 69 } 70 /* Put l,r into outblock */ 71 outblock[0] = U_INT8_Ta(r); 72 outblock[1] = U_INT8_Tb(r); 73 outblock[2] = U_INT8_Tc(r); 74 outblock[3] = U_INT8_Td(r); 75 outblock[4] = U_INT8_Ta(l); 76 outblock[5] = U_INT8_Tb(l); 77 outblock[6] = U_INT8_Tc(l); 78 outblock[7] = U_INT8_Td(l); 79 /* Wipe clean */ 80 t = l = r = 0; 81 } 82 83 84 /***** Decryption Function *****/ 85 86 void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) 87 { 88 u_int32_t t, l, r; 89 90 /* Get inblock into l,r */ 91 r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | 92 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; 93 l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | 94 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; 95 /* Do the work */ 96 /* Only do full 16 rounds if key length > 80 bits */ 97 if (key->rounds > 12) { 98 F1(r, l, 15); 99 F3(l, r, 14); 100 F2(r, l, 13); 101 F1(l, r, 12); 102 } 103 F3(r, l, 11); 104 F2(l, r, 10); 105 F1(r, l, 9); 106 F3(l, r, 8); 107 F2(r, l, 7); 108 F1(l, r, 6); 109 F3(r, l, 5); 110 F2(l, r, 4); 111 F1(r, l, 3); 112 F3(l, r, 2); 113 F2(r, l, 1); 114 F1(l, r, 0); 115 /* Put l,r into outblock */ 116 outblock[0] = U_INT8_Ta(l); 117 outblock[1] = U_INT8_Tb(l); 118 outblock[2] = U_INT8_Tc(l); 119 outblock[3] = U_INT8_Td(l); 120 outblock[4] = U_INT8_Ta(r); 121 outblock[5] = U_INT8_Tb(r); 122 outblock[6] = U_INT8_Tc(r); 123 outblock[7] = U_INT8_Td(r); 124 /* Wipe clean */ 125 t = l = r = 0; 126 } 127 128 129 /***** Key Schedual *****/ 130 131 void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes) 132 { 133 u_int32_t t[4], z[4], x[4]; 134 int i; 135 136 /* Set number of rounds to 12 or 16, depending on key length */ 137 key->rounds = (keybytes <= 10 ? 12 : 16); 138 139 /* Copy key to workspace x */ 140 for (i = 0; i < 4; i++) { 141 x[i] = 0; 142 if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24; 143 if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16; 144 if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8; 145 if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3]; 146 } 147 /* Generate 32 subkeys, four at a time */ 148 for (i = 0; i < 32; i+=4) { 149 switch (i & 4) { 150 case 0: 151 t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^ 152 cast_sbox6[U_INT8_Td(x[3])] ^ cast_sbox7[U_INT8_Ta(x[3])] ^ 153 cast_sbox8[U_INT8_Tc(x[3])] ^ cast_sbox7[U_INT8_Ta(x[2])]; 154 t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^ 155 cast_sbox6[U_INT8_Tc(z[0])] ^ cast_sbox7[U_INT8_Tb(z[0])] ^ 156 cast_sbox8[U_INT8_Td(z[0])] ^ cast_sbox8[U_INT8_Tc(x[2])]; 157 t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^ 158 cast_sbox6[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Tb(z[1])] ^ 159 cast_sbox8[U_INT8_Ta(z[1])] ^ cast_sbox5[U_INT8_Tb(x[2])]; 160 t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^ 161 cast_sbox6[U_INT8_Tb(z[2])] ^ cast_sbox7[U_INT8_Td(z[2])] ^ 162 cast_sbox8[U_INT8_Ta(z[2])] ^ cast_sbox6[U_INT8_Td(x[2])]; 163 break; 164 case 4: 165 t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^ 166 cast_sbox6[U_INT8_Td(z[1])] ^ cast_sbox7[U_INT8_Ta(z[1])] ^ 167 cast_sbox8[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Ta(z[0])]; 168 t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^ 169 cast_sbox6[U_INT8_Tc(x[0])] ^ cast_sbox7[U_INT8_Tb(x[0])] ^ 170 cast_sbox8[U_INT8_Td(x[0])] ^ cast_sbox8[U_INT8_Tc(z[0])]; 171 t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^ 172 cast_sbox6[U_INT8_Tc(x[1])] ^ cast_sbox7[U_INT8_Tb(x[1])] ^ 173 cast_sbox8[U_INT8_Ta(x[1])] ^ cast_sbox5[U_INT8_Tb(z[0])]; 174 t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^ 175 cast_sbox6[U_INT8_Tb(x[2])] ^ cast_sbox7[U_INT8_Td(x[2])] ^ 176 cast_sbox8[U_INT8_Ta(x[2])] ^ cast_sbox6[U_INT8_Td(z[0])]; 177 break; 178 } 179 switch (i & 12) { 180 case 0: 181 case 12: 182 key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^ cast_sbox6[U_INT8_Tb(t[2])] ^ 183 cast_sbox7[U_INT8_Td(t[1])] ^ cast_sbox8[U_INT8_Tc(t[1])]; 184 key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^ cast_sbox6[U_INT8_Td(t[2])] ^ 185 cast_sbox7[U_INT8_Tb(t[1])] ^ cast_sbox8[U_INT8_Ta(t[1])]; 186 key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^ cast_sbox6[U_INT8_Tb(t[3])] ^ 187 cast_sbox7[U_INT8_Td(t[0])] ^ cast_sbox8[U_INT8_Tc(t[0])]; 188 key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^ cast_sbox6[U_INT8_Td(t[3])] ^ 189 cast_sbox7[U_INT8_Tb(t[0])] ^ cast_sbox8[U_INT8_Ta(t[0])]; 190 break; 191 case 4: 192 case 8: 193 key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^ cast_sbox6[U_INT8_Tc(t[0])] ^ 194 cast_sbox7[U_INT8_Ta(t[3])] ^ cast_sbox8[U_INT8_Tb(t[3])]; 195 key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^ cast_sbox6[U_INT8_Ta(t[0])] ^ 196 cast_sbox7[U_INT8_Tc(t[3])] ^ cast_sbox8[U_INT8_Td(t[3])]; 197 key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^ cast_sbox6[U_INT8_Tc(t[1])] ^ 198 cast_sbox7[U_INT8_Ta(t[2])] ^ cast_sbox8[U_INT8_Tb(t[2])]; 199 key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^ cast_sbox6[U_INT8_Ta(t[1])] ^ 200 cast_sbox7[U_INT8_Tc(t[2])] ^ cast_sbox8[U_INT8_Td(t[2])]; 201 break; 202 } 203 switch (i & 12) { 204 case 0: 205 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])]; 206 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])]; 207 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])]; 208 key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])]; 209 break; 210 case 4: 211 key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])]; 212 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])]; 213 key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])]; 214 key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])]; 215 break; 216 case 8: 217 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])]; 218 key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])]; 219 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])]; 220 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])]; 221 break; 222 case 12: 223 key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])]; 224 key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])]; 225 key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])]; 226 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])]; 227 break; 228 } 229 if (i >= 16) { 230 key->xkey[i+0] &= 31; 231 key->xkey[i+1] &= 31; 232 key->xkey[i+2] &= 31; 233 key->xkey[i+3] &= 31; 234 } 235 } 236 /* Wipe clean */ 237 for (i = 0; i < 4; i++) { 238 t[i] = x[i] = z[i] = 0; 239 } 240 } 241 242 /* Made in Canada */ 243
Cache object: 08c5679e4d0245fac3a845b6b532de88
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]