?? cast.c
字號(hào):
/*** CAST-128 (also known as CAST5)* implementing the CAST-128 algorithm in CBC mode** Written by Walter Dvorak <e9226745@student.tuwien.ac.at>** For details in the CAST Encryption Algorithm please refer:* [1] C. Adams, "Constructing Symmetric Ciphers Using the CAST* Design Procedure", in* Selected Areas in Cryptography, Kluwer Academic Publishers,* 1997, pp. 71-104.** This work based in parts on a cast-128 implementation* for OpenBSD from Steve Reid <sreid@sea-to-sky.net>** modified to fit into CryptPak by Markus Hahn* (on 12 April 2000)** source code reformatted by Markus Hahn (00/08/04)* const modifiers added by Markus Hahn (00/09/29)* ineffective code removed by Markus Hahn (01/07/29)* adapted to standard cryptpak by Markus Hahn (04/03/25)** This program is Public Domain** Some notes:* 1. CAST 16-rounds/128bit key only implementation. No support* for 12-rounds/ 80bit key version.* 2. In _BIGTEST compiled version, the selftest is a full* maintenance test, specifed in appendix C in [1]** Date: 26.9.1998**/#include "cast.h"#undef _BIGTEST/** S-Boxes for CAST-128*/#include "cast_boxes.h"/** CAST5 work context*/typedef struct { WORD32 xkey[32]; /* Key after expansion */ WORD32 lCBCLo; /* CBC IV */ WORD32 lCBCHi; BYTEBOOL blLegacy;} CASTCTX;/** Macros to access 8-bit bytes out of a 32-bit word*/#define U8a(x) ( (WORD8) (x>>24) )#define U8b(x) ( (WORD8) ((x>>16) &255))#define U8c(x) ( (WORD8) ((x>>8) &255))#define U8d(x) ( (WORD8) ((x) &255))/** Circular left shift*/#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )/** CAST-128 uses three different round functions*/#define F1(l, r, i) \ t = ROL(key->xkey[i] + r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) - \ cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];#define F2(l, r, i) \ t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) + \ cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];#define F3(l, r, i) \ t = ROL(key->xkey[i] - r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) ^ \ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];/** CAST Encryption Function*/void _cast_encrypt(CASTCTX* key, WORD32* inblock, WORD32* outblock){ register WORD32 t, l, r; /* Get inblock into l,r */ l = inblock[0]; r = inblock[1]; /* unrolled encryption loop */ F1(l, r, 0); F2(r, l, 1); F3(l, r, 2); F1(r, l, 3); F2(l, r, 4); F3(r, l, 5); F1(l, r, 6); F2(r, l, 7); F3(l, r, 8); F1(r, l, 9); F2(l, r, 10); F3(r, l, 11); F1(l, r, 12); F2(r, l, 13); F3(l, r, 14); F1(r, l, 15); /* Put l,r into outblock */ outblock[0] = r; outblock[1] = l;}/** Decryption Function*/void _cast_decrypt(CASTCTX* key, WORD32* inblock, WORD32* outblock){ register WORD32 t, l, r; /* Get inblock into l,r */ r = inblock[0]; l = inblock[1]; F1(r, l, 15); F3(l, r, 14); F2(r, l, 13); F1(l, r, 12); F3(r, l, 11); F2(l, r, 10); F1(r, l, 9); F3(l, r, 8); F2(r, l, 7); F1(l, r, 6); F3(r, l, 5); F2(l, r, 4); F1(r, l, 3); F3(l, r, 2); F2(r, l, 1); F1(l, r, 0); /* Put l,r into outblock */ outblock[0] = l; outblock[1] = r;}/** Key Schedule*/void _cast_setkey(CASTCTX* key, WORD8* rawkey, WORD32 keybytes){ WORD32 t[4], z[4], x[4]; unsigned int i; /* Copy key to workspace */ for (i = 0; i < 4; i++) { x[i] = 0; if ((i*4+0) < keybytes) x[i] = (WORD32)rawkey[i*4+0] << 24; if ((i*4+1) < keybytes) x[i] |= (WORD32)rawkey[i*4+1] << 16; if ((i*4+2) < keybytes) x[i] |= (WORD32)rawkey[i*4+2] << 8; if ((i*4+3) < keybytes) x[i] |= (WORD32)rawkey[i*4+3]; } /* Generate 32 subkeys, four at a time */ for (i = 0; i < 32; i+=4) { switch (i & 4) { case 0: t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])] ^ cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])] ^ cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])]; t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])] ^ cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])] ^ cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])]; t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])] ^ cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])] ^ cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])]; t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^ cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])] ^ cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])]; break; case 4: t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])] ^ cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])] ^ cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])]; t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])] ^ cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])] ^ cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])]; t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])] ^ cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])] ^ cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])]; t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])] ^ cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])] ^ cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])]; break; } switch (i & 12) { case 0: case 12: key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])] ^ cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])]; key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])] ^ cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])]; key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])] ^ cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])]; key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])] ^ cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])]; break; case 4: case 8: key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])] ^ cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])]; key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])] ^ cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])]; key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])] ^ cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])]; key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])] ^ cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])]; break; } switch (i & 12) { case 0: key->xkey[i+0] ^= cast_sbox5[U8c(z[0])]; key->xkey[i+1] ^= cast_sbox6[U8c(z[1])]; key->xkey[i+2] ^= cast_sbox7[U8b(z[2])]; key->xkey[i+3] ^= cast_sbox8[U8a(z[3])]; break; case 4: key->xkey[i+0] ^= cast_sbox5[U8a(x[2])]; key->xkey[i+1] ^= cast_sbox6[U8b(x[3])]; key->xkey[i+2] ^= cast_sbox7[U8d(x[0])]; key->xkey[i+3] ^= cast_sbox8[U8d(x[1])]; break; case 8: key->xkey[i+0] ^= cast_sbox5[U8b(z[2])]; key->xkey[i+1] ^= cast_sbox6[U8a(z[3])]; key->xkey[i+2] ^= cast_sbox7[U8c(z[0])]; key->xkey[i+3] ^= cast_sbox8[U8c(z[1])]; break; case 12: key->xkey[i+0] ^= cast_sbox5[U8d(x[0])]; key->xkey[i+1] ^= cast_sbox6[U8d(x[1])]; key->xkey[i+2] ^= cast_sbox7[U8a(x[2])]; key->xkey[i+3] ^= cast_sbox8[U8b(x[3])]; break; } if (i >= 16) { key->xkey[i+0] &= 31; key->xkey[i+1] &= 31; key->xkey[i+2] &= 31; key->xkey[i+3] &= 31; } } /* Wipe clean */ for (i = 0; i < 4; i++) { t[i] = x[i] = z[i] = 0; }}/** GetDriver Info*/WORD32 CAST_GetCipherInfo(CIPHERINFOBLOCK* pInfo) { WORD32 lI; WORD8* pSrc; WORD8* pDst; CIPHERINFOBLOCK tempinfo; // prepare the information context tempinfo.lSizeOf = pInfo->lSizeOf; tempinfo.lBlockSize = 8; tempinfo.lKeySize = 16; tempinfo.blOwnHasher = BOOL_FALSE; tempinfo.lInitDataSize = 8; tempinfo.lContextSize = sizeof(CASTCTX); tempinfo.bCipherIs = CIPHER_IS_BLOCKLINK; // copy as many bytes of the information block as possible pSrc = (WORD8*) &tempinfo; pDst = (WORD8*) pInfo; for (lI = 0; lI < tempinfo.lSizeOf; lI++) { *pDst++ = *pSrc++; } return CIPHER_ERROR_NOERROR;}/** Driver Selftest*/WORD32 CAST_SelfTest (void* pTestContext) {#ifdef _BIGTEST WORD32 a[4] = { 0x01234567, 0x12345678,
0x23456789, 0x3456789a };
WORD32 b[4] = { 0x01234567, 0x12345678,
0x23456789, 0x3456789a };
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -