Botan
1.11.15
|
00001 /* 00002 * SEED 00003 * (C) 1999-2007 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/internal/block_utils.h> 00009 #include <botan/seed.h> 00010 00011 namespace Botan { 00012 00013 BOTAN_REGISTER_BLOCK_CIPHER_NOARGS(SEED); 00014 00015 /* 00016 * SEED G Function 00017 */ 00018 u32bit SEED::G_FUNC::operator()(u32bit X) const 00019 { 00020 return (S0[get_byte(3, X)] ^ S1[get_byte(2, X)] ^ 00021 S2[get_byte(1, X)] ^ S3[get_byte(0, X)]); 00022 } 00023 00024 /* 00025 * SEED Encryption 00026 */ 00027 void SEED::encrypt_n(const byte in[], byte out[], size_t blocks) const 00028 { 00029 for(size_t i = 0; i != blocks; ++i) 00030 { 00031 u32bit B0 = load_be<u32bit>(in, 0); 00032 u32bit B1 = load_be<u32bit>(in, 1); 00033 u32bit B2 = load_be<u32bit>(in, 2); 00034 u32bit B3 = load_be<u32bit>(in, 3); 00035 00036 G_FUNC G; 00037 00038 for(size_t j = 0; j != 16; j += 2) 00039 { 00040 u32bit T0, T1; 00041 00042 T0 = B2 ^ K[2*j]; 00043 T1 = G(B2 ^ B3 ^ K[2*j+1]); 00044 T0 = G(T1 + T0); 00045 T1 = G(T1 + T0); 00046 B1 ^= T1; 00047 B0 ^= T0 + T1; 00048 00049 T0 = B0 ^ K[2*j+2]; 00050 T1 = G(B0 ^ B1 ^ K[2*j+3]); 00051 T0 = G(T1 + T0); 00052 T1 = G(T1 + T0); 00053 B3 ^= T1; 00054 B2 ^= T0 + T1; 00055 } 00056 00057 store_be(out, B2, B3, B0, B1); 00058 00059 in += BLOCK_SIZE; 00060 out += BLOCK_SIZE; 00061 } 00062 } 00063 00064 /* 00065 * SEED Decryption 00066 */ 00067 void SEED::decrypt_n(const byte in[], byte out[], size_t blocks) const 00068 { 00069 for(size_t i = 0; i != blocks; ++i) 00070 { 00071 u32bit B0 = load_be<u32bit>(in, 0); 00072 u32bit B1 = load_be<u32bit>(in, 1); 00073 u32bit B2 = load_be<u32bit>(in, 2); 00074 u32bit B3 = load_be<u32bit>(in, 3); 00075 00076 G_FUNC G; 00077 00078 for(size_t j = 0; j != 16; j += 2) 00079 { 00080 u32bit T0, T1; 00081 00082 T0 = B2 ^ K[30-2*j]; 00083 T1 = G(B2 ^ B3 ^ K[31-2*j]); 00084 T0 = G(T1 + T0); 00085 T1 = G(T1 + T0); 00086 B1 ^= T1; 00087 B0 ^= T0 + T1; 00088 00089 T0 = B0 ^ K[28-2*j]; 00090 T1 = G(B0 ^ B1 ^ K[29-2*j]); 00091 T0 = G(T1 + T0); 00092 T1 = G(T1 + T0); 00093 B3 ^= T1; 00094 B2 ^= T0 + T1; 00095 } 00096 00097 store_be(out, B2, B3, B0, B1); 00098 00099 in += BLOCK_SIZE; 00100 out += BLOCK_SIZE; 00101 } 00102 } 00103 00104 /* 00105 * SEED Key Schedule 00106 */ 00107 void SEED::key_schedule(const byte key[], size_t) 00108 { 00109 const u32bit RC[16] = { 00110 0x9E3779B9, 0x3C6EF373, 0x78DDE6E6, 0xF1BBCDCC, 00111 0xE3779B99, 0xC6EF3733, 0x8DDE6E67, 0x1BBCDCCF, 00112 0x3779B99E, 0x6EF3733C, 0xDDE6E678, 0xBBCDCCF1, 00113 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B 00114 }; 00115 00116 secure_vector<u32bit> WK(4); 00117 00118 for(size_t i = 0; i != 4; ++i) 00119 WK[i] = load_be<u32bit>(key, i); 00120 00121 G_FUNC G; 00122 00123 K.resize(32); 00124 00125 for(size_t i = 0; i != 16; i += 2) 00126 { 00127 K[2*i ] = G(WK[0] + WK[2] - RC[i]); 00128 K[2*i+1] = G(WK[1] - WK[3] + RC[i]) ^ K[2*i]; 00129 00130 byte T = get_byte(3, WK[0]); 00131 WK[0] = (WK[0] >> 8) | (get_byte(3, WK[1]) << 24); 00132 WK[1] = (WK[1] >> 8) | (T << 24); 00133 00134 K[2*i+2] = G(WK[0] + WK[2] - RC[i+1]); 00135 K[2*i+3] = G(WK[1] - WK[3] + RC[i+1]) ^ K[2*i+2]; 00136 00137 T = get_byte(0, WK[3]); 00138 WK[3] = (WK[3] << 8) | get_byte(0, WK[2]); 00139 WK[2] = (WK[2] << 8) | T; 00140 } 00141 } 00142 00143 void SEED::clear() 00144 { 00145 zap(K); 00146 } 00147 00148 }