static int
cast5_setkey(void *ctx, const u8 * key, unsigned key_len, u32 * flags)
{
	int i;
	u32 x[4];
	u32 z[4];
	u32 k[16];
	__be32 p_key[4];
	struct cast5_ctx *c = (struct cast5_ctx *) ctx;
	
	if (key_len < 5 || key_len > 16) {
		*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
		return -EINVAL;
	}

	c->rr = key_len <= 10 ? 1 : 0;

	memset(p_key, 0, 16);
	memcpy(p_key, key, key_len);


	x[0] = be32_to_cpu(p_key[0]);
	x[1] = be32_to_cpu(p_key[1]);
	x[2] = be32_to_cpu(p_key[2]);
	x[3] = be32_to_cpu(p_key[3]);

	key_schedule(x, z, k);
	for (i = 0; i < 16; i++)
		c->Km[i] = k[i];
	key_schedule(x, z, k);
	for (i = 0; i < 16; i++)
		c->Kr[i] = k[i] & 0x1f;
	return 0;
}
Exemple #2
0
static int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned key_len)
{
	struct cast5_ctx *c = crypto_tfm_ctx(tfm);
	int i;
	u32 x[4];
	u32 z[4];
	u32 k[16];
	__be32 p_key[4];

	c->rr = key_len <= 10 ? 1 : 0;

	memset(p_key, 0, 16);
	memcpy(p_key, key, key_len);


	x[0] = be32_to_cpu(p_key[0]);
	x[1] = be32_to_cpu(p_key[1]);
	x[2] = be32_to_cpu(p_key[2]);
	x[3] = be32_to_cpu(p_key[3]);

	key_schedule(x, z, k);
	for (i = 0; i < 16; i++)
		c->Km[i] = k[i];
	key_schedule(x, z, k);
	for (i = 0; i < 16; i++)
		c->Kr[i] = k[i] & 0x1f;
	return 0;
}
Exemple #3
0
int crypto_stream_skinny128128ecb_avx2(
  unsigned char *out,
  unsigned char *in,
  unsigned long long inlen,
  const unsigned char *k
) 
{
  int i, j;
  u256 rk[40][16];
  u256 x[32];
  u256 key;

  if (!inlen) return 0;

  key_schedule(k, rk);

  while(inlen >= 1024){
      pack_message(x, in);
      encrypt_64blocks(x, rk);
      unpack_and_store_message(out, x);
    
    inlen -= 1024;
    in += 1024;
    out += 1024;
  }

  return 0;
}
Exemple #4
0
char* serpent_decrypt(uint32_t key[KEY_LENGTH], char* input, int test) {
  char* output;
  output = (char*) malloc(sizeof(char));
  output[0] = '\0';

  int done = F;
  uint32_t round_keys[NUM_ROUND_KEYS][ROUND_KEY_LENGTH];  uint32_t current_block[BLOCK_LENGTH];
  uint32_t past_block[BLOCK_LENGTH];
  uint32_t iv[BLOCK_LENGTH];
  char** input_ptr = &input;
  
  key_schedule(round_keys, key);

  if (!test) {
    read_iv(input_ptr, iv); /* If test there isn't an IV */
  } 
  
  memcpy(past_block, iv, BLOCK_LENGTH * BYTE_CHUNK_SIZE);

  while (!done) {
    done = decrypt_read_block(input_ptr, current_block); 

    decrypt_block(round_keys, current_block, past_block, output, test); // the function sets current_block from this call to past_block for next
  }

  return output;
}
Exemple #5
0
void test_key_schedule_128bitkey(){
  unsigned char keys[] = {
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

  unsigned char expected[] =   
    {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
      0x62, 0x63, 0x63, 0x63, 0x62, 0x63, 0x63, 0x63, 0x62, 0x63, 0x63, 0x63, 0x62, 0x63, 0x63, 0x63, 
      0x9b, 0x98, 0x98, 0xc9, 0xf9, 0xfb, 0xfb, 0xaa, 0x9b, 0x98, 0x98, 0xc9, 0xf9, 0xfb, 0xfb, 0xaa, 
      0x90, 0x97, 0x34, 0x50, 0x69, 0x6c, 0xcf, 0xfa, 0xf2, 0xf4, 0x57, 0x33, 0x0b, 0x0f, 0xac, 0x99, 
      0xee, 0x06, 0xda, 0x7b, 0x87, 0x6a, 0x15, 0x81, 0x75, 0x9e, 0x42, 0xb2, 0x7e, 0x91, 0xee, 0x2b, 
      0x7f, 0x2e, 0x2b, 0x88, 0xf8, 0x44, 0x3e, 0x09, 0x8d, 0xda, 0x7c, 0xbb, 0xf3, 0x4b, 0x92, 0x90, 
      0xec, 0x61, 0x4b, 0x85, 0x14, 0x25, 0x75, 0x8c, 0x99, 0xff, 0x09, 0x37, 0x6a, 0xb4, 0x9b, 0xa7, 
      0x21, 0x75, 0x17, 0x87, 0x35, 0x50, 0x62, 0x0b, 0xac, 0xaf, 0x6b, 0x3c, 0xc6, 0x1b, 0xf0, 0x9b, 
      0x0e, 0xf9, 0x03, 0x33, 0x3b, 0xa9, 0x61, 0x38, 0x97, 0x06, 0x0a, 0x04, 0x51, 0x1d, 0xfa, 0x9f, 
      0xb1, 0xd4, 0xd8, 0xe2, 0x8a, 0x7d, 0xb9, 0xda, 0x1d, 0x7b, 0xb3, 0xde, 0x4c, 0x66, 0x49, 0x41, 
      0xb4, 0xef, 0x5b, 0xcb, 0x3e, 0x92, 0xe2, 0x11, 0x23, 0xe9, 0x51, 0xcf, 0x6f, 0x8f, 0x18, 0x8e};
  key_schedule(keys, 16);
  print_keys(keys, 176);
  
  printf("\n");
  print_keys(expected, 176);

  assert( bytencmp(keys, expected, 176) == 0 );
}
Exemple #6
0
int main()
{
    uint16_t
        x[2*N_BRANCHES],
        master_key[2*K_SIZE],
        k[N_BRANCHES*N_STEPS+1][2*ROUNDS_PER_STEPS] = {{0}};
    uint8_t i, j;


    initialize_test_vectors(x, master_key);


    printf("master = ");
    for (i=0 ; i<2*K_SIZE ; i++)
    {
        printf("%04x ", master_key[i]);
    }


    key_schedule(k, master_key);
    for (i=0 ; i<N_BRANCHES*N_STEPS+1 ; i++)
    {
        printf("\nk^{%2d} = ", i);
        for (j=0 ; j<2*ROUNDS_PER_STEPS ; j++)
            printf("%04x ", k[i][j]);
    }


    printf("\n\nplaintext  = ");
    for (i=0 ; i<2*N_BRANCHES ; i++)
    {
        printf("%04x ", x[i]);
    }


    sparx_encrypt(x, k);
    printf("\nciphertext = ");
    for (i=0 ; i<2*N_BRANCHES ; i++)
    {
        printf("%04x ", x[i]);
    }
    check_test_vectors(x, 0);


    sparx_decrypt(x, k);
    printf("\ndecryption = ");
    for (i=0 ; i<2*N_BRANCHES ; i++)
    {
        printf("%04x ", x[i]);
    }
    check_test_vectors(x, 1);


    printf("\n");
    return 0;
}
Exemple #7
0
void Tiger::Transform (word64 *digest, const word64 *X)
{
	word64 a = digest[0];
	word64 b = digest[1];
	word64 c = digest[2];
	word64 Y[8];

	pass(a,b,c,5,X);
	key_schedule(Y,X);
	pass(c,a,b,7,Y);
	key_schedule(Y,Y);
	pass(b,c,a,9,Y);

	digest[0] = a ^ digest[0];
	digest[1] = b - digest[1];
	digest[2] = c + digest[2];

	Y[0] = Y[1] = Y[2] = Y[3] = Y[4] = Y[5] = Y[6] = Y[7] = 0;
}
Exemple #8
0
void PRESENT80_InitKEY(const unsigned char* userkey){
	ALIGN16(unsigned char tk[16]);
	memset(tk, 0, sizeof(tk));
	memcpy(tk, userkey, 2);
	memcpy(tk+8, userkey, 2);
	dqword lowkey = LOAD(tk);
	memcpy(tk, userkey+2, 8);
	memcpy(tk+8, userkey+2, 8);
	dqword highkey = LOAD(tk);
	rks[0] = highkey;
	format_input(&rks[0]);
	for(int i=0; i<31; i++){
        key_schedule(&highkey, &lowkey, i);
        rks[i+1] = highkey;
        format_input(&rks[i+1]);
	}
}
Exemple #9
0
void aes128_ecb_decrypt(uint8_t *plaintext, const uint8_t *key, const uint8_t *ciphertext) {
    int round;
    
    memcpy(plaintext, ciphertext, 16);
    
    key_schedule(key, round_keys);
    
    add_round_key(plaintext, round_keys + 160);
    inv_shift_rows(plaintext);
    inv_sub_bytes(plaintext);
    
    for (round = N_ROUNDS - 1; round > 0; round--) {
        add_round_key(plaintext, round_keys + 16 * round);
        inv_mix_columns(plaintext);
        inv_shift_rows(plaintext);
        inv_sub_bytes(plaintext);
    }
    
    add_round_key(plaintext, round_keys);
    
}
Exemple #10
0
void aes128_ecb_encrypt(const uint8_t *plaintext, const uint8_t *key, uint8_t *ciphertext) {
    int round;
    
    memcpy(ciphertext, plaintext, 16);
    
    key_schedule(key, round_keys);
    add_round_key(ciphertext, round_keys);
    
    for (round = 1; round < N_ROUNDS; round++) {
        sub_bytes(ciphertext);
        shift_rows(ciphertext);
        mix_columns(ciphertext);
        add_round_key(ciphertext, round_keys + 16 * round);
        
    }
    
    sub_bytes(ciphertext);
    shift_rows(ciphertext);
    add_round_key(ciphertext, round_keys + 160);
    
}
Exemple #11
0
void encrypt(WORDSIZE* data, WORDSIZE* key)
{
    WORDSIZE round_keys[ROUNDS * 4];
    key_schedule(permutation, round_keys, key, ROUNDS, 4);
    key_alternating_cipher(permutation, round_keys, data, ROUNDS, 4);
}    
Exemple #12
0
int crypto_aead_encrypt(
unsigned char *c,unsigned long long *clen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k
)
{
	u8 param[]={0x06,0,0,0,0x80,0,0,0}; 
	
	block L, W, Delta_0, Delta_1, Delta_2, blk, result, CS;
	int i; u8 zeroes[16], ozs[16], blen = 16, Is_final = 0, Is_complete =1;
	unsigned long long cnt;
	for(i=0; i<16; i++)	{zeroes[i]=0x00;}   	
	for(i=1; i<16; i++)	{ozs[i]=0x00;} ozs[0] = 0x80; 	


	cnt = (8+mlen-1)/16 + 1;
	*clen = (cnt +1)* 16 + 1;

	if((mlen+8)%16 == 0) 
		c[*clen-1] = 0x00; 
	else 
		c[*clen-1] = 0x01; 

	key_schedule(k);

	/* ==========  Generate the Masks =========== */
	AES(6, ENCRYPT, blk, zeroes, &aes_key1);
	AES(6, ENCRYPT, L, blk, &aes_key1);

	mult_3(Delta_0, L); 
	mult_inv2(Delta_0, Delta_0); 

	mult_inv2(Delta_1, L); 	

	mult_3(Delta_2, L); 
	mult_3(Delta_2, Delta_2); 
	mult_inv2(Delta_2, Delta_2);

	/* ======  Process Associated Data ======== */
	for(i=0; i<16; i++)
		W[i]=0x00;
	process_AD(W, Delta_0, npub, param, ad, adlen);


	/* ================  Process Successive Message Blocks ==================== */

	
	/* ====== Process the first Message block, whose first 8 byte is the secret message number ===== */
	
	if(mlen < 8){ Is_complete = 0; }
	if(mlen <= 8) { blen = 8 + mlen; }
	load_block(blk, nsec, m, 8, blen-8); copy_block(CS, blk); 
	process_block(Delta_1, Delta_2, result, blk, W, Is_complete, ENCRYPT, Is_final, MESSAGE);
	
	store_bytes(c, result, 0, 15); c +=16;
	if(mlen >= 8)  {mlen -= 8; m +=8;}
	else mlen = 0;

	/* ============= Process Message blocks ================== */
	while(mlen > 0){
		if(mlen >= 16){
			load_block(blk, m, ozs, 16, 0);
			if(mlen == 16) {xor_block(blk, blk, CS); }
			else xor_block(CS, CS, blk);
			blen = 16; mlen -= 16; m+=16; 
		}
		else 	{Is_complete = 0; blen = mlen; mlen = 0; 
			load_block(blk, m, ozs, blen, 0); xor_block(blk, CS, blk);
			
		}	
		process_block(Delta_1, Delta_2, result, blk, W, Is_complete, ENCRYPT, Is_final, MESSAGE); 
		store_bytes(c, result, 0, 15); c +=16;
		
	}

	/* ================ Process checksum block ====================== */
	process_block(Delta_1, Delta_2, result, blk, W, 1, ENCRYPT, 1, MESSAGE); 
	store_bytes(c, result, 0, 15);
	return 0;
}
Exemple #13
0
/* ===================   ELmD(6,0,0) Verified Decryption Function =================== */
int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c, unsigned long long clen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k
)
{
	u8 param[]={0x06,0,0,0,0x80,0,0,0}; 
	
	block L, W, Delta_0, Delta_1, Delta_2, blk, result, CS;
	int i, j, flag=0; u8 zeroes[16], ozs[16], blen = 16, Is_final = 0, Is_complete =1;
	unsigned long long outputmlen;	
	for(i=0; i<16; i++)	{zeroes[i]=0x00;}   		// all zero.
	for(i=1; i<16; i++)	{ozs[i]=0x00;} ozs[0] = 0x80; 	//useful for padding. 
	
	if(((clen % 16) != 1)||(clen < 33))
		return -1;

	key_schedule(k);
	
	/* =========== Generate the Masks ========== */
	AES(6, ENCRYPT, blk, zeroes, &aes_key1);
	AES(6, ENCRYPT, L, blk, &aes_key1);

	mult_3(Delta_0, L); 
	mult_inv2(Delta_0, Delta_0); 

	mult_inv2(Delta_1, L); 

	mult_3(Delta_2, L); 
	mult_3(Delta_2, Delta_2); 
	mult_inv2(Delta_2, Delta_2);

	/* =============  Process Associated Data  ================ */
	for(i=0; i<16; i++)
		W[i]=0x00;
	process_AD(W, Delta_0, npub, param, ad, adlen); 

	
	 load_block(CS, zeroes, zeroes, 16, 0);

	 /* ================ Process Ciphertext Blocks ============ */
	 load_block(blk, c, zeroes, 16, 0);  

	 /* =================== Process 1st Block =================== */
	 if( (clen==33) && (c[clen-1]==0x01) ) {
	 	process_block(Delta_2, Delta_1, result, blk, W, 0, DECRYPT, Is_final, CIPHERTEXT); 
		for(i=15; i>7; i--) { if(result[i]==0x80) { flag=1; break; } }
		if(flag == 0) {return -1; }
		for(j=i+1; j<16; j++) { if(result[j]!=0) {return -1; }}
		store_bytes(m, result, 8, i-1);  
		outputmlen = i-8;
	 }
	 else {
		process_block(Delta_2, Delta_1, result, blk, W, 1, DECRYPT, Is_final, CIPHERTEXT);
		store_bytes(m, result, 8, 15);  m +=8; outputmlen = 8;
	 }
	 xor_block(CS, CS, result); store_bytes(nsec, result, 0, 7); 
	 clen -= 16; c+=16;

	/* ============= Process Successive Ciphertext Blocks ============== */
	while(clen > 17){
	   
	   load_block(blk, c, zeroes, 16, 0);  
	   if((clen == 33) && (c[clen-1]==0x01)) { 
	   	process_block(Delta_2, Delta_1, result, blk, W, 0, DECRYPT, Is_final, CIPHERTEXT); 
		xor_block(result, result, CS);
		for(i=15; i>0; i--) { if(result[i]==0x80) { flag=1; break; } }
		if(flag == 0) {return -1;}
		for(j=i+1; j<16; j++) { if(result[j]!=0) {return -1; }}
	   	store_bytes(m, result, 0, i-1); outputmlen += i;
	   }
	   else{ 
	        process_block(Delta_2, Delta_1, result, blk, W, 1, DECRYPT, Is_final, CIPHERTEXT); 
		if(clen == 33) { xor_block(result, result, CS); }
		store_bytes(m, result, 0, 15); outputmlen += 16;
	   } 

	   xor_block(CS, CS, result);
	   clen -= 16; c+=16;

	   if(clen != 17)
		   m +=16; 
	}
	

	/* ==========  Process checksum block  ============= */
	Is_final = 1;
	process_block(Delta_2, Delta_1, result, c, W, 1, DECRYPT, Is_final, CIPHERTEXT); 
	
	for(i=0; i<16; i++) {if(CS[i]!=result[i]) return -1; } 
	*mlen = outputmlen;
	return 0;
}
int crypto_aead_encrypt(
unsigned char *c,unsigned long long *clen,
const unsigned char *m,unsigned long long mlen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k
)
{
	u8 param[]={0x06,0,0x7f,0x81,0x80,0,0,0}; 
	
	block L, W, Delta_0, Delta_1, Delta_2, blk, result, CS;
	int i; 
	unsigned long long h, blk_ctr=0, blk_ctr1=0 ;
	u8 zeroes[16], ozs[16], blen = 16, Is_final = 0, Is_complete =1;
	for(i=0; i<16; i++)	{zeroes[i]=0x00;}   	
	for(i=1; i<16; i++)	{ozs[i]=0x00;} ozs[0] = 0x80; 	

	h = (mlen+8-1) / (IT_GAP * 16);
	
	if(h > IT_MAX)
		h = IT_MAX;

	*clen = mlen + 24 + h*16 ;  

	key_schedule(k);

	/* ==========  Generate the Masks =========== */
	AES(6, ENCRYPT, blk, zeroes, &aes_key1);
	AES(6, ENCRYPT, L, blk, &aes_key1);

	mult_3(Delta_0, L); 
	mult_inv2(Delta_0, Delta_0); 

	mult_inv2(Delta_1, L); 	

	mult_3(Delta_2, L); 
	mult_3(Delta_2, Delta_2); 
	mult_inv2(Delta_2, Delta_2);

	/* ======  Process Associated Data ======== */
	for(i=0; i<16; i++)
		W[i]=0x00;
	process_AD(W, Delta_0, npub, param, ad, adlen);


	/* ================  Process Message Blocks ==================== */

	
	/* ====== Process the first Message block, whose first 8 byte is the secret message number ===== */
	
	if(mlen < 8){ Is_complete = 0; }
	if(mlen <= 8) { blen = 8 + mlen; }
	load_block(blk, nsec, m, 8, blen-8); copy_block(CS, blk); 
	process_block(Delta_1, Delta_2, result, blk, W, Is_complete, ENCRYPT, Is_final, MESSAGE);
	
	store_bytes(c, result, 0, 15); c +=16; blk_ctr++; 
	if(mlen >= 8)  {mlen -= 8; m +=8;}
	else mlen = 0;

	/* ============= Process Message blocks ================== */
	while(mlen > 0){
		if(mlen >= 16){
			load_block(blk, m, ozs, 16, 0); 
			if(mlen == 16){xor_block(blk, CS, blk); }
			else xor_block(CS, CS, blk);
			//xor_block(CS, CS, blk); 
			blen = 16; mlen -= 16; m+=16; 
		}
		else 	{Is_complete = 0; blen = mlen; mlen = 0; 
			load_block(blk, m, ozs, blen, 0); xor_block(blk, CS, blk);
			
		}	
		process_block(Delta_1, Delta_2, result, blk, W, Is_complete, ENCRYPT, Is_final, MESSAGE); 
		store_bytes(c, result, 0, 15); c +=16; blk_ctr++;
		
		if(blk_ctr == IT_GAP && blk_ctr1 < IT_MAX && mlen>0) {
			AES(6, DECRYPT, result, W, &aes_key2); 	
			mask(Delta_2, result, result, 1); 
			store_bytes(c, result, 0, 15); c +=16; blk_ctr =0; blk_ctr1++;
		}
	}

	/* ================ Process checksum block ====================== */
	process_block(Delta_1, Delta_2, result, blk, W, 1, ENCRYPT, 1, MESSAGE); 
	store_bytes(c, result, 0, blen-1);

	return 0;
}
/* ===================   ELmD(6,127,1) Verified Decryption Function =================== */
int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c, unsigned long long clen,
const unsigned char *ad, unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k
)
{
	u8 param[]={0x06,0,0x7f,0x81,0x80,0,0,0}; 
	
	block L, W, Delta_0, Delta_1, Delta_2, blk, result, CS;
	int i; u8 zeroes[16], ozs[16], blen = 16, Is_final = 0, Is_complete =1;
	unsigned long long outputmlen, blk_ctr=0, blk_ctr1=0;	
	for(i=0; i<16; i++)	{zeroes[i]=0x00;}   		// all zero.
	for(i=1; i<16; i++)	{ozs[i]=0x00;} ozs[0] = 0x80; 	//useful for padding.
	
	if(clen < 24)
		return -1;
	
	key_schedule(k);
	
	/* =========== Generate the Masks ========== */
	AES(6, ENCRYPT, blk, zeroes, &aes_key1);
	AES(6, ENCRYPT, L, blk, &aes_key1);

	mult_3(Delta_0, L); 
	mult_inv2(Delta_0, Delta_0); 

	mult_inv2(Delta_1, L); 

	mult_3(Delta_2, L); 
	mult_3(Delta_2, Delta_2); 
	mult_inv2(Delta_2, Delta_2);

	/* =============  Process Associated Data  ================ */
	for(i=0; i<16; i++)
		W[i]=0x00;
	process_AD(W, Delta_0, npub, param, ad, adlen); 

	
	 load_block(CS, zeroes, zeroes, 16, 0);

	 /* ================ Process Ciphertext Blocks ============ */
	 load_block(blk, c, zeroes, 16, 0);  

	 /* =================== Process 1st Block =================== */
	 if(clen<32){
	 	process_block(Delta_2, Delta_1, result, blk, W, 0, DECRYPT, Is_final, CIPHERTEXT); 
		store_bytes(m, result, 8, 8+(clen-25)); outputmlen = clen - 24;
	 }
	 else {
		process_block(Delta_2, Delta_1, result, blk, W, 1, DECRYPT, Is_final, CIPHERTEXT);
		store_bytes(m, result, 8, 15);  m +=8; outputmlen = 8;
	 }
	 xor_block(CS, CS, result); store_bytes(nsec, result, 0, 7); 
	 clen -= 16; c+=16; blk_ctr ++; 

	 if(clen < 16){ 
		if(result[clen] != 0x80) return -1; 
		for(i=clen+1; i<16; i++) {if(result[i]!=0) return -1;} 
	 }

	/* ============= Process Successive Ciphertext Blocks ============== */
	while(clen > 16){
	   
	   load_block(blk, c, zeroes, 16, 0);  
	   if(clen < 32){ 
	   	process_block(Delta_2, Delta_1, result, blk, W, 0, DECRYPT, Is_final, CIPHERTEXT); 
		xor_block(result, result, CS);
	   	store_bytes(m, result, 0, clen - 17); outputmlen += clen-16 ;
	   }
	   else{ 
	        process_block(Delta_2, Delta_1, result, blk, W, 1, DECRYPT, Is_final, CIPHERTEXT); 
		if(clen == 32) {xor_block(result, result, CS);}
		store_bytes(m, result, 0, 15); outputmlen += 16;
	   } 

	   xor_block(CS, CS, result);
	   clen -= 16; c+=16; blk_ctr ++; 

	   
	   if(clen < 16){ 
		if(result[clen] != 0x80) return -1; 
		for(i=clen+1; i<16; i++) {if(result[i]!=0) return -1;} 
	   }
	   else
		   m +=16; 

	   
	   if(blk_ctr == IT_GAP && blk_ctr1 < IT_MAX && clen > 32){ 
		AES(6, DECRYPT, result, W, &aes_key2); 
		mask(Delta_2, result, result, 1); 
		for(i=0; i<16; i++) { if(c[i] != result[i]) {return -1; } }
		c +=16; clen -= 16; blk_ctr =0; blk_ctr1++;
	   }
	   
	}

	/* ==========  Process checksum block  ============= */
	Is_final = 1;
	process_block(Delta_1, Delta_2, result, CS, W, 1, ENCRYPT, Is_final, MESSAGE); 
	for(i=0; i<clen; i++) {if(result[i]!=c[i]) return -1;} 
	*mlen = outputmlen;
	
	return 0;
}
Exemple #16
0
static Aes aes_encrypt(OE oe, Aes key, Aes in) {
  Aes plx = Aes_new(oe);
  uint round = 0;
  Aes tmp = 0;
  *plx = *in;

  /*
    Add the round key to the state to obtain the final state in
    {plx} of this round.
  */
  plx=add_round_key(oe,tmp=plx,key);
  //oe->p("Final state from this round:");
  //print_aes(oe,plx);
  Aes_destroy(oe,&tmp);


  for(round = 1;round < 11;++round) {
    byte b[32] = {0};
    /*
      Run the key schedule getting the new key in {key1} from the
      round number and the old key previously (e.g. before this line)
      stored in {key1}.
    */
    key = key_schedule(oe,tmp=key,round);
    Aes_destroy(oe,&tmp);

    /*
      Print what round we are at
    */
    //osal_sprintf(b,"Round %u:",round);
    //oe->p(b);

    /*
      Perform the S-Box on the state i {plx} which is out AES state.
    */
    plx=subbytes(oe,tmp=plx);
    //oe->p("After SubBytes:");
    //print_aes(oe,plx);
    Aes_destroy(oe,&tmp);

    /*
      Perform the shift rows step from {plx} assigning the new state
      to {plx}.

    plx = shift_rows(oe,plx);
    oe->p("After Shift rows:");
    print_aes(oe,plx);
    */

    /*
      Perform the mix columns step from {plx} assignment the new state
      to {plx} again.
     */
    if (round < 10)  {
      //plx = mix_columns(oe,plx);
      plx = shift_row_mix_cols(oe,tmp=plx);
      Aes_destroy(oe,&tmp);
    } else {
      plx = shift_rows(oe, tmp=plx);
      Aes_destroy(oe,&tmp);
    }
    //oe->p("After linear transform: ");
    //print_aes(oe,plx);

    /*
      Add the round key to the state to obtain the final state in
      {plx} of this round.
     */
    plx=add_round_key(oe,tmp=plx,key);
    //oe->p("Final state from this round:");
    //print_aes(oe,plx);
    Aes_destroy(oe,&tmp);

    /*
      Print the round key.
     */
    //oe->p("Key");
    //print_aes(oe,key);
  }

  return plx;
}
Exemple #17
0
void encrypt3(char *s,FILE* f,FILE* p,int decrypt){
    char PC1[56]={0};
    char PC2[48]={0};
    unsigned char input[8]={0};
    char V[16]={0};
    int K1[16][48],K2[16][48],K3[16][48];
    char IP[64]={0};
    char IP1[64]={0};
    unsigned int m[64]={0};
    int L0[32]={0},R0[32]={0};
    int i=0,j,k,temp,c,r;
    char E[48]={0};
    char S[8][64];
    char P[32];
    int Rtemp[48]={0};
    char T[32]={0};
    char fun[32]={0};
    int output[64]={0};
    int outtemp[64]={0};
    int cc;
    int flag=0;
    int count=0;
    //fseek(f,0,SEEK_SET);
    if(tablecheck(f,PC1,V,PC2,IP,E,S,P)==false){
        
        fprintf(stderr,"malformed table\n");
        return ;
    }
    if(s[0]!='1'){
        fprintf(stderr,"key too short\n");
        return ;
    }
    
    key_schedule(s,PC1,V,PC2,K1);
    key_schedule(s+16,PC1,V,PC2,K2);
    key_schedule(s+32,PC1,V,PC2,K3);
    while((cc=fgetc(p))!=EOF){
        
        input[count]=cc;
        
        
        count++;
        
        if (count==8) {
            
            array_hex_to_bin(input,m,8,0);
            
            
            
            for(i=0;i<32;i++){
                L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
            }
            
            for(i=32;i<64;i++){
                R0[i-32]=m[IP[i]-1];
            }
            if (flag==0) {
                fprintf(stderr,"(L0,R0)=");
                print_hex_from_bin(L0,32);
                print_hex_from_bin(R0,32);
                fprintf(stderr,"\n");
            }
            
            for(i=0;i<16;i++){
                for(j=0;j<48;j++)
                {
                    if(decrypt==0){
                        Rtemp[j]=(R0[E[j]-1]+K1[i][j])%2;//  E(Ri-1)+ki
                    }else{
                        
                        Rtemp[j]=(R0[E[j]-1]+K3[15-i][j])%2;
                    }
                    
                }
                
                for(j=0;j<8;j++){
                    r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                    c=0;
                    temp=8;
                    for(k=1;k<5;k++){
                        
                        c+=Rtemp[j*6+k]*temp;
                        temp/=2;
                    }
                    temp=S[j][r*16+c];// Sbox
                    T[j*4+3]=temp%2;
                    temp/=2;
                    T[j*4+2]=temp%2;
                    temp/=2;
                    T[j*4+1]=temp%2;
                    temp/=2;
                    T[j*4]=temp%2;
                }
                for(j=0;j<32;j++){
                    fun[j]=T[P[j]-1];//P permutation
                }
                for(j=0;j<32;j++){
                    Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
                }
                if (flag==0) {
                    fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                    
                    print_hex_from_bin(R0,32);
                    print_hex_from_bin(Rtemp,32);
                    fprintf(stderr,"\n");
                }
                if(i!=15){
                    for(j=0;j<32;j++){
                        L0[j]=R0[j];
                    }
                    for(j=0;j<32;j++){
                        R0[j]=Rtemp[j];
                    }
                }
            }
            inverse(IP,IP1);
            for(i=0;i<64;i++){
                if(i<32)
                    outtemp[i]=Rtemp[i];
                else
                    outtemp[i]=R0[i-32];
            }
            
            
            for(i=0;i<64;i++){
                output[i]=outtemp[IP1[i]-1];
                
            }
            //----------------------------------------------------------------------------------------------
            
            
            for(i=0;i<64;i++){
                m[i]=output[i];
            }
            
            
            
            for(i=0;i<32;i++){
                L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
            }
            
            for(i=32;i<64;i++){
                R0[i-32]=m[IP[i]-1];
            }
            if (flag==0) {
                fprintf(stderr,"(L0,R0)=");
                print_hex_from_bin(L0,32);
                print_hex_from_bin(R0,32);
                fprintf(stderr,"\n");
            }
            
            for(i=0;i<16;i++){
                for(j=0;j<48;j++)
                {
                    if(decrypt==1){
                        Rtemp[j]=(R0[E[j]-1]+K2[i][j])%2;//  E(Ri-1)+ki
                    }else{
                        
                        Rtemp[j]=(R0[E[j]-1]+K2[15-i][j])%2;
                    }
                    
                }
                
                for(j=0;j<8;j++){
                    r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                    c=0;
                    temp=8;
                    for(k=1;k<5;k++){
                        
                        c+=Rtemp[j*6+k]*temp;
                        temp/=2;
                    }
                    temp=S[j][r*16+c];// Sbox
                    T[j*4+3]=temp%2;
                    temp/=2;
                    T[j*4+2]=temp%2;
                    temp/=2;
                    T[j*4+1]=temp%2;
                    temp/=2;
                    T[j*4]=temp%2;
                }
                for(j=0;j<32;j++){
                    fun[j]=T[P[j]-1];//P permutation
                }
                for(j=0;j<32;j++){
                    Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
                }
                if (flag==0) {
                    fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                    
                    print_hex_from_bin(R0,32);
                    print_hex_from_bin(Rtemp,32);
                    fprintf(stderr,"\n");
                }
                if(i!=15){
                    for(j=0;j<32;j++){
                        L0[j]=R0[j];
                    }
                    for(j=0;j<32;j++){
                        R0[j]=Rtemp[j];
                    }
                }
            }
            inverse(IP,IP1);
            for(i=0;i<64;i++){
                if(i<32)
                    outtemp[i]=Rtemp[i];
                else
                    outtemp[i]=R0[i-32];
            }
            
            
            for(i=0;i<64;i++){
                output[i]=outtemp[IP1[i]-1];
                
            }
            
            
            
            //----------------------------------------------------------------------------------------------
            
            
            
            for(i=0;i<64;i++){
                m[i]=output[i];
            }
            
            
            
            for(i=0;i<32;i++){
                L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
            }
            
            for(i=32;i<64;i++){
                R0[i-32]=m[IP[i]-1];
            }
            if (flag==0) {
                fprintf(stderr,"(L0,R0)=");
                print_hex_from_bin(L0,32);
                print_hex_from_bin(R0,32);
                fprintf(stderr,"\n");
            }
            
            for(i=0;i<16;i++){
                for(j=0;j<48;j++)
                {
                    if(decrypt==0){
                        Rtemp[j]=(R0[E[j]-1]+K3[i][j])%2;//  E(Ri-1)+ki
                    }else{
                        
                        Rtemp[j]=(R0[E[j]-1]+K1[15-i][j])%2;
                    }
                    
                }
                
                for(j=0;j<8;j++){
                    r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                    c=0;
                    temp=8;
                    for(k=1;k<5;k++){
                        
                        c+=Rtemp[j*6+k]*temp;
                        temp/=2;
                    }
                    temp=S[j][r*16+c];// Sbox
                    T[j*4+3]=temp%2;
                    temp/=2;
                    T[j*4+2]=temp%2;
                    temp/=2;
                    T[j*4+1]=temp%2;
                    temp/=2;
                    T[j*4]=temp%2;
                }
                for(j=0;j<32;j++){
                    fun[j]=T[P[j]-1];//P permutation
                }
                for(j=0;j<32;j++){
                    Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
                }
                if (flag==0) {
                    fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                    
                    print_hex_from_bin(R0,32);
                    print_hex_from_bin(Rtemp,32);
                    fprintf(stderr,"\n");
                }
                if(i!=15){
                    for(j=0;j<32;j++){
                        L0[j]=R0[j];
                    }
                    for(j=0;j<32;j++){
                        R0[j]=Rtemp[j];
                    }
                }
            }
            inverse(IP,IP1);
            for(i=0;i<64;i++){
                if(i<32)
                    outtemp[i]=Rtemp[i];
                else
                    outtemp[i]=R0[i-32];
            }
            
            
            for(i=0;i<64;i++){
                output[i]=outtemp[IP1[i]-1];
                
            }
            
            
            
            //----------------------------------------------------------------------------------------------
            
            
            print_char_from_bin(output,64);
            
            flag=1;
            count=0;
        }
        
    }
    if(count>0){
        
        array_hex_to_bin(input,m,count,8-count);
        
        for(i=0;i<32;i++){
            L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
        }
        
        for(i=32;i<64;i++){
            R0[i-32]=m[IP[i]-1];
        }
        if (flag==0) {
            fprintf(stderr,"(L0,R0)=");
            print_hex_from_bin(L0,32);
            print_hex_from_bin(R0,32);
            fprintf(stderr,"\n");
        }
        
        for(i=0;i<16;i++){
            for(j=0;j<48;j++)
            {
                if(decrypt==0){
                    Rtemp[j]=(R0[E[j]-1]+K1[i][j])%2;//  E(Ri-1)+ki
                }else{
                    
                    Rtemp[j]=(R0[E[j]-1]+K3[15-i][j])%2;
                }
                
            }
            
            for(j=0;j<8;j++){
                r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                c=0;
                temp=8;
                for(k=1;k<5;k++){
                    
                    c+=Rtemp[j*6+k]*temp;
                    temp/=2;
                }
                temp=S[j][r*16+c];// Sbox
                T[j*4+3]=temp%2;
                temp/=2;
                T[j*4+2]=temp%2;
                temp/=2;
                T[j*4+1]=temp%2;
                temp/=2;
                T[j*4]=temp%2;
            }
            for(j=0;j<32;j++){
                fun[j]=T[P[j]-1];//P permutation
            }
            for(j=0;j<32;j++){
                Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
            }
            if (flag==0) {
                fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                
                print_hex_from_bin(R0,32);
                print_hex_from_bin(Rtemp,32);
                fprintf(stderr,"\n");
            }
            if(i!=15){
                for(j=0;j<32;j++){
                    L0[j]=R0[j];
                }
                for(j=0;j<32;j++){
                    R0[j]=Rtemp[j];
                }
            }
        }
        inverse(IP,IP1);
        for(i=0;i<64;i++){
            if(i<32)
                outtemp[i]=Rtemp[i];
            else
                outtemp[i]=R0[i-32];
        }
        
        
        for(i=0;i<64;i++){
            output[i]=outtemp[IP1[i]-1];
            
        }
        
        
        
        
        //----------------------------------------------------------------------------------------------
        
        
        for(i=0;i<64;i++){
            m[i]=output[i];
        }
        
        
        
        for(i=0;i<32;i++){
            L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
        }
        
        for(i=32;i<64;i++){
            R0[i-32]=m[IP[i]-1];
        }
        if (flag==0) {
            fprintf(stderr,"(L0,R0)=");
            print_hex_from_bin(L0,32);
            print_hex_from_bin(R0,32);
            fprintf(stderr,"\n");
        }
        
        for(i=0;i<16;i++){
            for(j=0;j<48;j++)
            {
                if(decrypt==1){
                    Rtemp[j]=(R0[E[j]-1]+K2[i][j])%2;//  E(Ri-1)+ki
                }else{
                    
                    Rtemp[j]=(R0[E[j]-1]+K2[15-i][j])%2;
                }
                
            }
            
            for(j=0;j<8;j++){
                r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                c=0;
                temp=8;
                for(k=1;k<5;k++){
                    
                    c+=Rtemp[j*6+k]*temp;
                    temp/=2;
                }
                temp=S[j][r*16+c];// Sbox
                T[j*4+3]=temp%2;
                temp/=2;
                T[j*4+2]=temp%2;
                temp/=2;
                T[j*4+1]=temp%2;
                temp/=2;
                T[j*4]=temp%2;
            }
            for(j=0;j<32;j++){
                fun[j]=T[P[j]-1];//P permutation
            }
            for(j=0;j<32;j++){
                Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
            }
            if (flag==0) {
                fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                
                print_hex_from_bin(R0,32);
                print_hex_from_bin(Rtemp,32);
                fprintf(stderr,"\n");
            }
            if(i!=15){
                for(j=0;j<32;j++){
                    L0[j]=R0[j];
                }
                for(j=0;j<32;j++){
                    R0[j]=Rtemp[j];
                }
            }
        }
        inverse(IP,IP1);
        for(i=0;i<64;i++){
            if(i<32)
                outtemp[i]=Rtemp[i];
            else
                outtemp[i]=R0[i-32];
        }
        
        
        for(i=0;i<64;i++){
            output[i]=outtemp[IP1[i]-1];
            
        }
        
        
        
        //----------------------------------------------------------------------------------------------
        
        
        
        for(i=0;i<64;i++){
            m[i]=output[i];
        }
        
        
        
        for(i=0;i<32;i++){
            L0[i]=m[IP[i]-1];//  IP (m1m2...m64)
        }
        
        for(i=32;i<64;i++){
            R0[i-32]=m[IP[i]-1];
        }
        if (flag==0) {
            fprintf(stderr,"(L0,R0)=");
            print_hex_from_bin(L0,32);
            print_hex_from_bin(R0,32);
            fprintf(stderr,"\n");
        }
        
        for(i=0;i<16;i++){
            for(j=0;j<48;j++)
            {
                if(decrypt==0){
                    Rtemp[j]=(R0[E[j]-1]+K3[i][j])%2;//  E(Ri-1)+ki
                }else{
                    
                    Rtemp[j]=(R0[E[j]-1]+K1[15-i][j])%2;
                }
                
            }
            
            for(j=0;j<8;j++){
                r=Rtemp[j*6]*2+Rtemp[j*6+5];//r and c
                c=0;
                temp=8;
                for(k=1;k<5;k++){
                    
                    c+=Rtemp[j*6+k]*temp;
                    temp/=2;
                }
                temp=S[j][r*16+c];// Sbox
                T[j*4+3]=temp%2;
                temp/=2;
                T[j*4+2]=temp%2;
                temp/=2;
                T[j*4+1]=temp%2;
                temp/=2;
                T[j*4]=temp%2;
            }
            for(j=0;j<32;j++){
                fun[j]=T[P[j]-1];//P permutation
            }
            for(j=0;j<32;j++){
                Rtemp[j]=(L0[j]+fun[j])%2;//L0 +
            }
            if (flag==0) {
                fprintf(stderr,"(L%d,R%d)=",i+1,i+1);
                
                print_hex_from_bin(R0,32);
                print_hex_from_bin(Rtemp,32);
                fprintf(stderr,"\n");
            }
            if(i!=15){
                for(j=0;j<32;j++){
                    L0[j]=R0[j];
                }
                for(j=0;j<32;j++){
                    R0[j]=Rtemp[j];
                }
            }
        }
        inverse(IP,IP1);
        for(i=0;i<64;i++){
            if(i<32)
                outtemp[i]=Rtemp[i];
            else
                outtemp[i]=R0[i-32];
        }
        
        
        for(i=0;i<64;i++){
            output[i]=outtemp[IP1[i]-1];
            
        }
        //----------------------------------------------------------------------------------------------
        
        print_char_from_bin(output,64);
        
        
    }
    return;
    
}