int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #endif { ulong32 L, R; int r; #ifndef __GNUC__ ulong32 *S1, *S2, *S3, *S4; #endif LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); #ifndef __GNUC__ S1 = skey->blowfish.S[0]; S2 = skey->blowfish.S[1]; S3 = skey->blowfish.S[2]; S4 = skey->blowfish.S[3]; #endif /* load it */ LOAD32H(L, &pt[0]); LOAD32H(R, &pt[4]); /* do 16 rounds */ for (r = 0; r < 16; ) { L ^= skey->blowfish.K[r++]; R ^= F(L); R ^= skey->blowfish.K[r++]; L ^= F(R); L ^= skey->blowfish.K[r++]; R ^= F(L); R ^= skey->blowfish.K[r++]; L ^= F(R); } /* last keying */ R ^= skey->blowfish.K[17]; L ^= skey->blowfish.K[16]; /* store */ STORE32H(R, &ct[0]); STORE32H(L, &ct[4]); return CRYPT_OK; }
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // TransformFunction // // Compress 512-bits /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// static void TransformFunction ( Sha256Context* Context, uint8_t* Buffer ) { uint32_t S[8]; uint32_t W[64]; uint32_t t0; uint32_t t1; uint32_t t; int i; // Copy state into S for( i=0; i<8; i++ ) { S[i] = Context->state[i]; } // Copy the state into 512-bits into W[0..15] for( i=0; i<16; i++ ) { LOAD32H( W[i], Buffer + (4*i) ); } // Fill W[16..63] for( i=16; i<64; i++ ) { W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; } // Compress for( i=0; i<64; i++ ) { Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; } // Feedback for( i=0; i<8; i++ ) { Context->state[i] = Context->state[i] + S[i]; } }
INT blowfish_ecb_decrypt(const UCHAR *ct, UCHAR *pt, symmetric_key *skey) #endif { ULONG L, R; INT r; #ifndef __GNUC__ ULONG *S1, *S2, *S3, *S4; #endif LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); #ifndef __GNUC__ S1 = skey->blowfish.S[0]; S2 = skey->blowfish.S[1]; S3 = skey->blowfish.S[2]; S4 = skey->blowfish.S[3]; #endif /* load it */ LOAD32H(R, &ct[0]); LOAD32H(L, &ct[4]); /* undo last keying */ R ^= skey->blowfish.K[17]; L ^= skey->blowfish.K[16]; /* do 16 rounds */ for (r = 15; r > 0; ) { L ^= F(R); R ^= skey->blowfish.K[r--]; R ^= F(L); L ^= skey->blowfish.K[r--]; L ^= F(R); R ^= skey->blowfish.K[r--]; R ^= F(L); L ^= skey->blowfish.K[r--]; } /* store */ STORE32H(L, &pt[0]); STORE32H(R, &pt[4]); return CRYPT_OK; }
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key) #endif { ulong32 L, R; int r; #ifndef __GNUC__ ulong32 *S1, *S2, *S3, *S4; #endif _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(key != NULL); #ifndef __GNUC__ S1 = key->blowfish.S[0]; S2 = key->blowfish.S[1]; S3 = key->blowfish.S[2]; S4 = key->blowfish.S[3]; #endif /* load it */ LOAD32H(R, &ct[0]); LOAD32H(L, &ct[4]); /* undo last keying */ R ^= key->blowfish.K[17]; L ^= key->blowfish.K[16]; /* do 16 rounds */ for (r = 15; r > 0; ) { L ^= F(R); R ^= key->blowfish.K[r--]; R ^= F(L); L ^= key->blowfish.K[r--]; L ^= F(R); R ^= key->blowfish.K[r--]; R ^= F(L); L ^= key->blowfish.K[r--]; } /* store */ STORE32H(L, &pt[0]); STORE32H(R, &pt[4]); }
int multi2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { ulong32 sk[8], dk[2]; int x; LTC_ARGCHK(key != NULL); LTC_ARGCHK(skey != NULL); if (keylen != 40) return CRYPT_INVALID_KEYSIZE; if (num_rounds == 0) num_rounds = 128; skey->multi2.N = num_rounds; for (x = 0; x < 8; x++) { LOAD32H(sk[x], key + x*4); } LOAD32H(dk[0], key + 32); LOAD32H(dk[1], key + 36); setup(dk, sk, skey->multi2.uk); zeromem(sk, sizeof(sk)); zeromem(dk, sizeof(dk)); return CRYPT_OK; }
static void four_rounds(pelican_state *pelmac) { ulong32 s0, s1, s2, s3, t0, t1, t2, t3; int r; LOAD32H(s0, pelmac->state ); LOAD32H(s1, pelmac->state + 4); LOAD32H(s2, pelmac->state + 8); LOAD32H(s3, pelmac->state + 12); for (r = 0; r < 4; r++) { t0 = Te0(byte(s0, 3)) ^ Te1(byte(s1, 2)) ^ Te2(byte(s2, 1)) ^ Te3(byte(s3, 0)); t1 = Te0(byte(s1, 3)) ^ Te1(byte(s2, 2)) ^ Te2(byte(s3, 1)) ^ Te3(byte(s0, 0)); t2 = Te0(byte(s2, 3)) ^ Te1(byte(s3, 2)) ^ Te2(byte(s0, 1)) ^ Te3(byte(s1, 0)); t3 = Te0(byte(s3, 3)) ^ Te1(byte(s0, 2)) ^ Te2(byte(s1, 1)) ^ Te3(byte(s2, 0)); s0 = t0; s1 = t1; s2 = t2; s3 = t3; } STORE32H(s0, pelmac->state ); STORE32H(s1, pelmac->state + 4); STORE32H(s2, pelmac->state + 8); STORE32H(s3, pelmac->state + 12); }
int crc32_test(void) { #ifndef LTC_TEST return CRYPT_NOP; #else const void* in = "libtomcrypt"; const unsigned char crc32[] = { 0xef, 0x76, 0x73, 0xb3 }; unsigned char out[4]; crc32_state ctx; crc32_init(&ctx); crc32_update(&ctx, in, strlen(in)); crc32_finish(&ctx, out, 4); if (XMEMCMP(crc32, out, 4)) { #ifdef LTC_TEST_DBG ulong32 _out, _crc32; LOAD32H(_out, out); LOAD32H(_crc32, crc32); printf("crc32 fail! Is: 0x%x Should: 0x%x\n", _out, _crc32); #endif return CRYPT_FAIL_TESTVECTOR; } return CRYPT_OK; #endif }
static void sha256_compress(hash_state * md) #endif { unsigned long S[8], W[64], t0, t1; int i; _ARGCHK(md != NULL); /* copy state into S */ for (i = 0; i < 8; i++) S[i] = md->sha256.state[i]; /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], md->sha256.buf + (4*i)); } /* fill W[16..63] */ for (i = 16; i < 64; i++) { W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; } /* Compress */ for (i = 0; i < 64; i++) { t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3] + t0; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t0 + t1; } /* feedback */ for (i = 0; i < 8; i++) { md->sha256.state[i] = md->sha256.state[i] + S[i]; } }
static void sha256_compress(sha256_state * md, unsigned char *buf) { unsigned long S[8], W[64], t0, t1; unsigned long t; int i; /* copy state into S */ for (i = 0; i < 8; i++) { S[i] = md->state[i]; } /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4*i)); } /* fill W[16..63] */ for (i = 16; i < 64; i++) { W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; } /* Compress */ #define RND(a,b,c,d,e,f,g,h,i) \ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ t1 = Sigma0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; for (i = 0; i < 64; ++i) { RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; } /* feedback */ for (i = 0; i < 8; i++) { md->state[i] = md->state[i] + S[i]; } }
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) #endif { ulong32 x[4], z[4]; unsigned char buf[16]; int y, i; LTC_ARGCHK(key != NULL); LTC_ARGCHK(skey != NULL); if (num_rounds != 12 && num_rounds != 16 && num_rounds != 0) { return CRYPT_INVALID_ROUNDS; } if (num_rounds == 12 && keylen > 10) { return CRYPT_INVALID_ROUNDS; } if (keylen < 5 || keylen > 16) { return CRYPT_INVALID_KEYSIZE; } /* extend the key as required */ zeromem(buf, sizeof(buf)); XMEMCPY(buf, key, (size_t)keylen); /* load and start the awful looking network */ for (y = 0; y < 4; y++) { LOAD32H(x[3-y],buf+4*y); } for (i = y = 0; y < 2; y++) { z[3] = x[3] ^ S5[GB(x, 0xD)] ^ S6[GB(x, 0xF)] ^ S7[GB(x, 0xC)] ^ S8[GB(x, 0xE)] ^ S7[GB(x, 0x8)]; z[2] = x[1] ^ S5[GB(z, 0x0)] ^ S6[GB(z, 0x2)] ^ S7[GB(z, 0x1)] ^ S8[GB(z, 0x3)] ^ S8[GB(x, 0xA)]; z[1] = x[0] ^ S5[GB(z, 0x7)] ^ S6[GB(z, 0x6)] ^ S7[GB(z, 0x5)] ^ S8[GB(z, 0x4)] ^ S5[GB(x, 0x9)]; z[0] = x[2] ^ S5[GB(z, 0xA)] ^ S6[GB(z, 0x9)] ^ S7[GB(z, 0xb)] ^ S8[GB(z, 0x8)] ^ S6[GB(x, 0xB)]; skey->cast5.K[i++] = S5[GB(z, 0x8)] ^ S6[GB(z, 0x9)] ^ S7[GB(z, 0x7)] ^ S8[GB(z, 0x6)] ^ S5[GB(z, 0x2)]; skey->cast5.K[i++] = S5[GB(z, 0xA)] ^ S6[GB(z, 0xB)] ^ S7[GB(z, 0x5)] ^ S8[GB(z, 0x4)] ^ S6[GB(z, 0x6)]; skey->cast5.K[i++] = S5[GB(z, 0xC)] ^ S6[GB(z, 0xd)] ^ S7[GB(z, 0x3)] ^ S8[GB(z, 0x2)] ^ S7[GB(z, 0x9)]; skey->cast5.K[i++] = S5[GB(z, 0xE)] ^ S6[GB(z, 0xF)] ^ S7[GB(z, 0x1)] ^ S8[GB(z, 0x0)] ^ S8[GB(z, 0xc)]; x[3] = z[1] ^ S5[GB(z, 0x5)] ^ S6[GB(z, 0x7)] ^ S7[GB(z, 0x4)] ^ S8[GB(z, 0x6)] ^ S7[GB(z, 0x0)]; x[2] = z[3] ^ S5[GB(x, 0x0)] ^ S6[GB(x, 0x2)] ^ S7[GB(x, 0x1)] ^ S8[GB(x, 0x3)] ^ S8[GB(z, 0x2)]; x[1] = z[2] ^ S5[GB(x, 0x7)] ^ S6[GB(x, 0x6)] ^ S7[GB(x, 0x5)] ^ S8[GB(x, 0x4)] ^ S5[GB(z, 0x1)]; x[0] = z[0] ^ S5[GB(x, 0xA)] ^ S6[GB(x, 0x9)] ^ S7[GB(x, 0xb)] ^ S8[GB(x, 0x8)] ^ S6[GB(z, 0x3)]; skey->cast5.K[i++] = S5[GB(x, 0x3)] ^ S6[GB(x, 0x2)] ^ S7[GB(x, 0xc)] ^ S8[GB(x, 0xd)] ^ S5[GB(x, 0x8)]; skey->cast5.K[i++] = S5[GB(x, 0x1)] ^ S6[GB(x, 0x0)] ^ S7[GB(x, 0xe)] ^ S8[GB(x, 0xf)] ^ S6[GB(x, 0xd)]; skey->cast5.K[i++] = S5[GB(x, 0x7)] ^ S6[GB(x, 0x6)] ^ S7[GB(x, 0x8)] ^ S8[GB(x, 0x9)] ^ S7[GB(x, 0x3)]; skey->cast5.K[i++] = S5[GB(x, 0x5)] ^ S6[GB(x, 0x4)] ^ S7[GB(x, 0xa)] ^ S8[GB(x, 0xb)] ^ S8[GB(x, 0x7)]; /* second half */ z[3] = x[3] ^ S5[GB(x, 0xD)] ^ S6[GB(x, 0xF)] ^ S7[GB(x, 0xC)] ^ S8[GB(x, 0xE)] ^ S7[GB(x, 0x8)]; z[2] = x[1] ^ S5[GB(z, 0x0)] ^ S6[GB(z, 0x2)] ^ S7[GB(z, 0x1)] ^ S8[GB(z, 0x3)] ^ S8[GB(x, 0xA)]; z[1] = x[0] ^ S5[GB(z, 0x7)] ^ S6[GB(z, 0x6)] ^ S7[GB(z, 0x5)] ^ S8[GB(z, 0x4)] ^ S5[GB(x, 0x9)]; z[0] = x[2] ^ S5[GB(z, 0xA)] ^ S6[GB(z, 0x9)] ^ S7[GB(z, 0xb)] ^ S8[GB(z, 0x8)] ^ S6[GB(x, 0xB)]; skey->cast5.K[i++] = S5[GB(z, 0x3)] ^ S6[GB(z, 0x2)] ^ S7[GB(z, 0xc)] ^ S8[GB(z, 0xd)] ^ S5[GB(z, 0x9)]; skey->cast5.K[i++] = S5[GB(z, 0x1)] ^ S6[GB(z, 0x0)] ^ S7[GB(z, 0xe)] ^ S8[GB(z, 0xf)] ^ S6[GB(z, 0xc)]; skey->cast5.K[i++] = S5[GB(z, 0x7)] ^ S6[GB(z, 0x6)] ^ S7[GB(z, 0x8)] ^ S8[GB(z, 0x9)] ^ S7[GB(z, 0x2)]; skey->cast5.K[i++] = S5[GB(z, 0x5)] ^ S6[GB(z, 0x4)] ^ S7[GB(z, 0xa)] ^ S8[GB(z, 0xb)] ^ S8[GB(z, 0x6)]; x[3] = z[1] ^ S5[GB(z, 0x5)] ^ S6[GB(z, 0x7)] ^ S7[GB(z, 0x4)] ^ S8[GB(z, 0x6)] ^ S7[GB(z, 0x0)]; x[2] = z[3] ^ S5[GB(x, 0x0)] ^ S6[GB(x, 0x2)] ^ S7[GB(x, 0x1)] ^ S8[GB(x, 0x3)] ^ S8[GB(z, 0x2)]; x[1] = z[2] ^ S5[GB(x, 0x7)] ^ S6[GB(x, 0x6)] ^ S7[GB(x, 0x5)] ^ S8[GB(x, 0x4)] ^ S5[GB(z, 0x1)]; x[0] = z[0] ^ S5[GB(x, 0xA)] ^ S6[GB(x, 0x9)] ^ S7[GB(x, 0xb)] ^ S8[GB(x, 0x8)] ^ S6[GB(z, 0x3)]; skey->cast5.K[i++] = S5[GB(x, 0x8)] ^ S6[GB(x, 0x9)] ^ S7[GB(x, 0x7)] ^ S8[GB(x, 0x6)] ^ S5[GB(x, 0x3)]; skey->cast5.K[i++] = S5[GB(x, 0xa)] ^ S6[GB(x, 0xb)] ^ S7[GB(x, 0x5)] ^ S8[GB(x, 0x4)] ^ S6[GB(x, 0x7)]; skey->cast5.K[i++] = S5[GB(x, 0xc)] ^ S6[GB(x, 0xd)] ^ S7[GB(x, 0x3)] ^ S8[GB(x, 0x2)] ^ S7[GB(x, 0x8)]; skey->cast5.K[i++] = S5[GB(x, 0xe)] ^ S6[GB(x, 0xf)] ^ S7[GB(x, 0x1)] ^ S8[GB(x, 0x0)] ^ S8[GB(x, 0xd)]; } skey->cast5.keylen = keylen; #ifdef LTC_CLEAN_STACK zeromem(buf, sizeof(buf)); zeromem(x, sizeof(x)); zeromem(z, sizeof(z)); #endif return CRYPT_OK; }
/** Initialize the AES (Rijndael) block cipher @param key The symmetric key you wish to pass @param keylen The key length in bytes @param num_rounds The number of rounds desired (0 for default) @param skey The key in as scheduled by this function. @return CRYPT_OK if successful */ int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, rijndael_key *rijndael) { int i, j; unsigned long temp, *rk; unsigned long *rrk; LTC_ARGCHK(key != NULL); LTC_ARGCHK(rijndael != NULL); if (keylen != 16 && keylen != 24 && keylen != 32) return CRYPT_INVALID_KEYSIZE; if (num_rounds != 0 && num_rounds != (10 + ((keylen / 8) - 2) * 2)) return CRYPT_INVALID_ROUNDS; rijndael->Nr = 10 + ((keylen / 8) - 2) * 2; /* setup the forward key */ i = 0; rk = rijndael->eK; LOAD32H(rk[0], key); LOAD32H(rk[1], key + 4); LOAD32H(rk[2], key + 8); LOAD32H(rk[3], key + 12); if (keylen == 16) { j = 44; for (;;) { temp = rk[3]; rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; if (++i == 10) break; rk += 4; } } else if (keylen == 24) { j = 52; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); for (;;) { temp = rijndael->eK[rk - rijndael->eK + 5]; rk[6] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[7] = rk[1] ^ rk[6]; rk[8] = rk[2] ^ rk[7]; rk[9] = rk[3] ^ rk[8]; if (++i == 8) break; rk[10] = rk[4] ^ rk[9]; rk[11] = rk[5] ^ rk[10]; rk += 6; } } else if (keylen == 32) { j = 60; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); LOAD32H(rk[6], key + 24); LOAD32H(rk[7], key + 28); for (;;) { temp = rijndael->eK[rk - rijndael->eK + 7]; rk[8] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[9] = rk[1] ^ rk[8]; rk[10] = rk[2] ^ rk[9]; rk[11] = rk[3] ^ rk[10]; if (++i == 7) { break; } temp = rk[11]; rk[12] = rk[4] ^ setup_mix(RORc(temp, 8)); rk[13] = rk[5] ^ rk[12]; rk[14] = rk[6] ^ rk[13]; rk[15] = rk[7] ^ rk[14]; rk += 8; } } else { /* this can't happen */ return CRYPT_ERROR; } /* setup the inverse key now */ rk = rijndael->dK; rrk = rijndael->eK + j - 4; /* apply the inverse MixColumn transform to all round keys but the first and the last: */ /* copy first */ *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; rk -= 3; rrk -= 3; for (i = 1; i < rijndael->Nr; i++) { rrk -= 4; rk += 4; temp = rrk[0]; rk[0] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[1]; rk[1] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[2]; rk[2] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[3]; rk[3] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; } /* copy last */ rrk -= 4; rk += 4; *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; return CRYPT_OK; }
/** Decrypts a block of text with AES @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) @param skey The key as scheduled @return CRYPT_OK if successful */ int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, rijndael_key *rijndael) { unsigned long s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(rijndael != NULL); Nr = rijndael->Nr; rk = rijndael->dK; /* * map byte array block to cipher state * and add initial round key: */ LOAD32H(s0, ct); s0 ^= rk[0]; LOAD32H(s1, ct + 4); s1 ^= rk[1]; LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; /* * Nr - 1 full rounds: */ r = Nr >> 1; for (;;) { t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[4]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[5]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[6]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[7]; rk += 8; if (--r == 0) break; s0 = Td0(byte(t0, 3)) ^ Td1(byte(t3, 2)) ^ Td2(byte(t2, 1)) ^ Td3(byte(t1, 0)) ^ rk[0]; s1 = Td0(byte(t1, 3)) ^ Td1(byte(t0, 2)) ^ Td2(byte(t3, 1)) ^ Td3(byte(t2, 0)) ^ rk[1]; s2 = Td0(byte(t2, 3)) ^ Td1(byte(t1, 2)) ^ Td2(byte(t0, 1)) ^ Td3(byte(t3, 0)) ^ rk[2]; s3 = Td0(byte(t3, 3)) ^ Td1(byte(t2, 2)) ^ Td2(byte(t1, 1)) ^ Td3(byte(t0, 0)) ^ rk[3]; } /* * apply last round and * map cipher state to byte array block: */ s0 = (Td4[byte(t0, 3)] & 0xff000000) ^ (Td4[byte(t3, 2)] & 0x00ff0000) ^ (Td4[byte(t2, 1)] & 0x0000ff00) ^ (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = (Td4[byte(t1, 3)] & 0xff000000) ^ (Td4[byte(t0, 2)] & 0x00ff0000) ^ (Td4[byte(t3, 1)] & 0x0000ff00) ^ (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt + 4); s2 = (Td4[byte(t2, 3)] & 0xff000000) ^ (Td4[byte(t1, 2)] & 0x00ff0000) ^ (Td4[byte(t0, 1)] & 0x0000ff00) ^ (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt + 8); s3 = (Td4[byte(t3, 3)] & 0xff000000) ^ (Td4[byte(t2, 2)] & 0x00ff0000) ^ (Td4[byte(t1, 1)] & 0x0000ff00) ^ (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt + 12); return CRYPT_OK; }
static void sha1_compress(struct sha1_state *sha1, unsigned char *buf) { SHA1_INT32 a,b,c,d,e,W[80],i; /** copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4*i)); } /** copy state */ a = sha1->state[0]; b = sha1->state[1]; c = sha1->state[2]; d = sha1->state[3]; e = sha1->state[4]; /** expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); } /** compress */ /** round one */ #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); FF0(e,a,b,c,d,i++); FF0(d,e,a,b,c,i++); FF0(c,d,e,a,b,i++); FF0(b,c,d,e,a,i++); } /** round two */ for (; i < 40; ) { FF1(a,b,c,d,e,i++); FF1(e,a,b,c,d,i++); FF1(d,e,a,b,c,i++); FF1(c,d,e,a,b,i++); FF1(b,c,d,e,a,i++); } /** round three */ for (; i < 60; ) { FF2(a,b,c,d,e,i++); FF2(e,a,b,c,d,i++); FF2(d,e,a,b,c,i++); FF2(c,d,e,a,b,i++); FF2(b,c,d,e,a,i++); } /** round four */ for (; i < 80; ) { FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); FF3(b,c,d,e,a,i++); } #undef FF0 #undef FF1 #undef FF2 #undef FF3 /** store */ sha1->state[0] = sha1->state[0] + a; sha1->state[1] = sha1->state[1] + b; sha1->state[2] = sha1->state[2] + c; sha1->state[3] = sha1->state[3] + d; sha1->state[4] = sha1->state[4] + e; }
int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); Nr = skey->rijndael.Nr; rk = skey->rijndael.dK; /* * map byte array block to cipher state * and add initial round key: */ LOAD32H(s0, ct ); s0 ^= rk[0]; LOAD32H(s1, ct + 4); s1 ^= rk[1]; LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; #ifdef LTC_SMALL_CODE for (r = 0; ; r++) { rk += 4; t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[0]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[1]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[2]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[3]; if (r == Nr-2) { break; } s0 = t0; s1 = t1; s2 = t2; s3 = t3; } rk += 4; #else /* * Nr - 1 full rounds: */ r = Nr >> 1; for (;;) { t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[4]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[5]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[6]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[7]; rk += 8; if (--r == 0) { break; } s0 = Td0(byte(t0, 3)) ^ Td1(byte(t3, 2)) ^ Td2(byte(t2, 1)) ^ Td3(byte(t1, 0)) ^ rk[0]; s1 = Td0(byte(t1, 3)) ^ Td1(byte(t0, 2)) ^ Td2(byte(t3, 1)) ^ Td3(byte(t2, 0)) ^ rk[1]; s2 = Td0(byte(t2, 3)) ^ Td1(byte(t1, 2)) ^ Td2(byte(t0, 1)) ^ Td3(byte(t3, 0)) ^ rk[2]; s3 = Td0(byte(t3, 3)) ^ Td1(byte(t2, 2)) ^ Td2(byte(t1, 1)) ^ Td3(byte(t0, 0)) ^ rk[3]; } #endif /* * apply last round and * map cipher state to byte array block: */ s0 = (Td4[byte(t0, 3)] & 0xff000000) ^ (Td4[byte(t3, 2)] & 0x00ff0000) ^ (Td4[byte(t2, 1)] & 0x0000ff00) ^ (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = (Td4[byte(t1, 3)] & 0xff000000) ^ (Td4[byte(t0, 2)] & 0x00ff0000) ^ (Td4[byte(t3, 1)] & 0x0000ff00) ^ (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt+4); s2 = (Td4[byte(t2, 3)] & 0xff000000) ^ (Td4[byte(t1, 2)] & 0x00ff0000) ^ (Td4[byte(t0, 1)] & 0x0000ff00) ^ (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt+8); s3 = (Td4[byte(t3, 3)] & 0xff000000) ^ (Td4[byte(t2, 2)] & 0x00ff0000) ^ (Td4[byte(t1, 1)] & 0x0000ff00) ^ (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt+12); return CRYPT_OK; }
static void sha1_compress(sha1_state *md, unsigned char *buf) { uint32_t a,b,c,d,e,W[80],i; /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4*i)); } /* copy state */ a = md->state[0]; b = md->state[1]; c = md->state[2]; d = md->state[3]; e = md->state[4]; /* expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); } /* compress */ /* round one */ // #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] - 0x5d6aa4d4UL); b = ROLc(b, 30); // #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x16ae9debUL) + buf[0]; b = ROLc(b, 30); // #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] - 0x34032e48UL); b = ROLc(b, 30); // #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] - 0x5cd39e93); b = ROLc(b, 30); for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); FF0(e,a,b,c,d,i++); FF0(d,e,a,b,c,i++); FF0(c,d,e,a,b,i++); FF0(b,c,d,e,a,i++); } /* round two */ for (; i < 40; ) { FF1(a,b,c,d,e,i++); FF1(e,a,b,c,d,i++); FF1(d,e,a,b,c,i++); FF1(c,d,e,a,b,i++); FF1(b,c,d,e,a,i++); } /* round three */ // for (; i < 60; ) { for (; i < 60; ) { FF2(a,b,c,d,e,i++); FF2(e,a,b,c,d,i++); FF2(d,e,a,b,c,i++); FF2(c,d,e,a,b,i++); FF2(b,c,d,e,a,i++); } FF2(a,b,c,d,e,i++); i = e; e = d; d = c; c = b; b = a; a = i; i = 61; /* round four */ for (; i < 76; ) { FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); FF3(b,c,d,e,a,i++); } FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); i = b; b = c; c = d; d = e; e = a; a = i; #undef FF0 #undef FF1 #undef FF2 #undef FF3 /* store */ md->state[0] = md->state[0] + a + 1; md->state[1] = md->state[1] + b; md->state[2] = md->state[2] + c; md->state[3] = md->state[3] + d; md->state[4] = md->state[4] + e; }
/* Test store/load macros with offsets */ int store_test(void) { unsigned char buf[256]; int y; ulong32 L, L1; ulong64 LL, LL1; #ifdef LTC_FAST int x, z; #endif for (y = 0; y < 4; y++) { L = 0x12345678UL; L1 = 0; STORE32L(L, buf + y); LOAD32L(L1, buf + y); if (L1 != L) { fprintf(stderr, "\n32L failed at offset %d\n", y); return 1; } STORE32H(L, buf + y); LOAD32H(L1, buf + y); if (L1 != L) { fprintf(stderr, "\n32H failed at offset %d\n", y); return 1; } } for (y = 0; y < 8; y++) { LL = CONST64 (0x01020304050607); LL1 = 0; STORE64L(LL, buf + y); LOAD64L(LL1, buf + y); if (LL1 != LL) { fprintf(stderr, "\n64L failed at offset %d\n", y); return 1; } STORE64H(LL, buf + y); LOAD64H(LL1, buf + y); if (LL1 != LL) { fprintf(stderr, "\n64H failed at offset %d\n", y); return 1; } } /* test LTC_FAST */ #ifdef LTC_FAST y = 16; for (z = 0; z < y; z++) { /* fill y bytes with random */ yarrow_read(buf+z, y, &yarrow_prng); yarrow_read(buf+z+y, y, &yarrow_prng); /* now XOR it byte for byte */ for (x = 0; x < y; x++) { buf[2*y+z+x] = buf[z+x] ^ buf[z+y+x]; } /* now XOR it word for word */ for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&buf[3*y+z+x])) = *((LTC_FAST_TYPE*)(&buf[z+x])) ^ *((LTC_FAST_TYPE*)(&buf[z+y+x])); } if (memcmp(&buf[2*y+z], &buf[3*y+z], y)) { fprintf(stderr, "\nLTC_FAST failed at offset %d\n", z); return 1; } } #endif return 0; }
/** Decrypts a block of text with AES @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) @param skey The key as scheduled @return CRYPT_OK if successful */ static int aes_decrypt(aes_key_t* ctx, uint8_t* ct, uint8_t* pt) { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; Nr = ctx->Nr; rk = ctx->dK; /* * map byte array block to cipher state * and add initial round key: */ LOAD32H(s0, ct ); s0 ^= rk[0]; LOAD32H(s1, ct + 4); s1 ^= rk[1]; LOAD32H(s2, ct + 8); s2 ^= rk[2]; LOAD32H(s3, ct + 12); s3 ^= rk[3]; /* * Nr - 1 full rounds: */ r = Nr >> 1; for (;;) { t0 = Td0(byte(s0, 3)) ^ Td1(byte(s3, 2)) ^ Td2(byte(s2, 1)) ^ Td3(byte(s1, 0)) ^ rk[4]; t1 = Td0(byte(s1, 3)) ^ Td1(byte(s0, 2)) ^ Td2(byte(s3, 1)) ^ Td3(byte(s2, 0)) ^ rk[5]; t2 = Td0(byte(s2, 3)) ^ Td1(byte(s1, 2)) ^ Td2(byte(s0, 1)) ^ Td3(byte(s3, 0)) ^ rk[6]; t3 = Td0(byte(s3, 3)) ^ Td1(byte(s2, 2)) ^ Td2(byte(s1, 1)) ^ Td3(byte(s0, 0)) ^ rk[7]; rk += 8; if (--r == 0) { break; } s0 = Td0(byte(t0, 3)) ^ Td1(byte(t3, 2)) ^ Td2(byte(t2, 1)) ^ Td3(byte(t1, 0)) ^ rk[0]; s1 = Td0(byte(t1, 3)) ^ Td1(byte(t0, 2)) ^ Td2(byte(t3, 1)) ^ Td3(byte(t2, 0)) ^ rk[1]; s2 = Td0(byte(t2, 3)) ^ Td1(byte(t1, 2)) ^ Td2(byte(t0, 1)) ^ Td3(byte(t3, 0)) ^ rk[2]; s3 = Td0(byte(t3, 3)) ^ Td1(byte(t2, 2)) ^ Td2(byte(t1, 1)) ^ Td3(byte(t0, 0)) ^ rk[3]; } /* * apply last round and * map cipher state to byte array block: */ s0 = (Td4[byte(t0, 3)] & 0xff000000) ^ (Td4[byte(t3, 2)] & 0x00ff0000) ^ (Td4[byte(t2, 1)] & 0x0000ff00) ^ (Td4[byte(t1, 0)] & 0x000000ff) ^ rk[0]; STORE32H(s0, pt); s1 = (Td4[byte(t1, 3)] & 0xff000000) ^ (Td4[byte(t0, 2)] & 0x00ff0000) ^ (Td4[byte(t3, 1)] & 0x0000ff00) ^ (Td4[byte(t2, 0)] & 0x000000ff) ^ rk[1]; STORE32H(s1, pt+4); s2 = (Td4[byte(t2, 3)] & 0xff000000) ^ (Td4[byte(t1, 2)] & 0x00ff0000) ^ (Td4[byte(t0, 1)] & 0x0000ff00) ^ (Td4[byte(t3, 0)] & 0x000000ff) ^ rk[2]; STORE32H(s2, pt+8); s3 = (Td4[byte(t3, 3)] & 0xff000000) ^ (Td4[byte(t2, 2)] & 0x00ff0000) ^ (Td4[byte(t1, 1)] & 0x0000ff00) ^ (Td4[byte(t0, 0)] & 0x000000ff) ^ rk[3]; STORE32H(s3, pt+12); }
static int sha1_compress(hash_state *md, unsigned char *buf) #endif { ulong32 a,b,c,d,e,W[80],i; #ifdef LTC_SMALL_CODE ulong32 t; #endif /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4*i)); } /* copy state */ a = md->sha1.state[0]; b = md->sha1.state[1]; c = md->sha1.state[2]; d = md->sha1.state[3]; e = md->sha1.state[4]; /* expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); } /* compress */ /* round one */ #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); #ifdef LTC_SMALL_CODE for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 40; ) { FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 60; ) { FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 80; ) { FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } #else for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); FF0(e,a,b,c,d,i++); FF0(d,e,a,b,c,i++); FF0(c,d,e,a,b,i++); FF0(b,c,d,e,a,i++); } /* round two */ for (; i < 40; ) { FF1(a,b,c,d,e,i++); FF1(e,a,b,c,d,i++); FF1(d,e,a,b,c,i++); FF1(c,d,e,a,b,i++); FF1(b,c,d,e,a,i++); } /* round three */ for (; i < 60; ) { FF2(a,b,c,d,e,i++); FF2(e,a,b,c,d,i++); FF2(d,e,a,b,c,i++); FF2(c,d,e,a,b,i++); FF2(b,c,d,e,a,i++); } /* round four */ for (; i < 80; ) { FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); FF3(b,c,d,e,a,i++); } #endif #undef FF0 #undef FF1 #undef FF2 #undef FF3 /* store */ md->sha1.state[0] = md->sha1.state[0] + a; md->sha1.state[1] = md->sha1.state[1] + b; md->sha1.state[2] = md->sha1.state[2] + c; md->sha1.state[3] = md->sha1.state[3] + d; md->sha1.state[4] = md->sha1.state[4] + e; return CRYPT_OK; }
static int sha256_compress(hash_state * md, unsigned char *buf) #endif { ulong32 S[8], W[64], t0, t1; #ifdef LTC_SMALL_CODE ulong32 t; #endif int i; /* copy state into S */ for (i = 0; i < 8; i++) { S[i] = md->sha256.state[i]; } /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4*i)); } /* fill W[16..63] */ for (i = 16; i < 64; i++) { W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; } /* Compress */ #ifdef LTC_SMALL_CODE #define RND(a,b,c,d,e,f,g,h,i) \ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ t1 = Sigma0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; for (i = 0; i < 64; ++i) { RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; } #else #define RND(a,b,c,d,e,f,g,h,i,ki) \ t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ t1 = Sigma0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3); RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee); RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f); RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814); RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208); RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); #undef RND #endif /* feedback */ for (i = 0; i < 8; i++) { md->sha256.state[i] = md->sha256.state[i] + S[i]; } return CRYPT_OK; }
static void sha1_compress(hash_state *md) #endif { unsigned long a,b,c,d,e,W[80],i; _ARGCHK(md != NULL); /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], md->sha1.buf + (4*i)); } /* copy state */ a = md->sha1.state[0]; b = md->sha1.state[1]; c = md->sha1.state[2]; d = md->sha1.state[3]; e = md->sha1.state[4]; /* expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); } /* compress */ /* round one */ #define FF0(a,b,c,d,e,i) e = (ROL(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROL(b, 30); #define FF1(a,b,c,d,e,i) e = (ROL(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROL(b, 30); #define FF2(a,b,c,d,e,i) e = (ROL(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROL(b, 30); #define FF3(a,b,c,d,e,i) e = (ROL(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROL(b, 30); for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); FF0(e,a,b,c,d,i++); FF0(d,e,a,b,c,i++); FF0(c,d,e,a,b,i++); FF0(b,c,d,e,a,i++); } /* round two */ for (i = 20; i < 40; ) { FF1(a,b,c,d,e,i++); FF1(e,a,b,c,d,i++); FF1(d,e,a,b,c,i++); FF1(c,d,e,a,b,i++); FF1(b,c,d,e,a,i++); } /* round three */ for (i = 40; i < 60; ) { FF2(a,b,c,d,e,i++); FF2(e,a,b,c,d,i++); FF2(d,e,a,b,c,i++); FF2(c,d,e,a,b,i++); FF2(b,c,d,e,a,i++); } /* round four */ for (i = 60; i < 80; ) { FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); FF3(b,c,d,e,a,i++); } #undef FF0 #undef FF1 #undef FF2 #undef FF3 /* store */ md->sha1.state[0] = md->sha1.state[0] + a; md->sha1.state[1] = md->sha1.state[1] + b; md->sha1.state[2] = md->sha1.state[2] + c; md->sha1.state[3] = md->sha1.state[3] + d; md->sha1.state[4] = md->sha1.state[4] + e; }
/** Initialize the AES (Rijndael) block cipher @param key The symmetric key you wish to pass @param keylen The key length in bytes @param num_rounds The number of rounds desired (0 for default) @param skey The key in as scheduled by this function. @return CRYPT_OK if successful */ static int aes_setup(aes_key_t* ctx, uint8_t* key, int keylen) { int i, j; ulong32 temp, *rk; ulong32 *rrk; int num_rounds = 0; if (keylen != 16 && keylen != 24 && keylen != 32) { dfsch_error("Invalid key length", DFSCH_MAKE_FIXNUM(keylen)); } ctx->Nr = 10 + ((keylen/8)-2)*2; /* setup the forward key */ i = 0; rk = ctx->eK; LOAD32H(rk[0], key ); LOAD32H(rk[1], key + 4); LOAD32H(rk[2], key + 8); LOAD32H(rk[3], key + 12); if (keylen == 16) { j = 44; for (;;) { temp = rk[3]; rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; if (++i == 10) { break; } rk += 4; } } else if (keylen == 24) { j = 52; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); for (;;) { temp = rk[5]; rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; rk[ 9] = rk[ 3] ^ rk[ 8]; if (++i == 8) { break; } rk[10] = rk[ 4] ^ rk[ 9]; rk[11] = rk[ 5] ^ rk[10]; rk += 6; } } else if (keylen == 32) { j = 60; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); LOAD32H(rk[6], key + 24); LOAD32H(rk[7], key + 28); for (;;) { temp = rk[7]; rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; rk[11] = rk[ 3] ^ rk[10]; if (++i == 7) { break; } temp = rk[11]; rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8)); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; rk += 8; } } /* setup the inverse key now */ rk = ctx->dK; rrk = ctx->eK + j - 4; /* apply the inverse MixColumn transform to all round keys but the first and the last: */ /* copy first */ *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; rk -= 3; rrk -= 3; for (i = 1; i < ctx->Nr; i++) { rrk -= 4; rk += 4; temp = rrk[0]; rk[0] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[1]; rk[1] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[2]; rk[2] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[3]; rk[3] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; } /* copy last */ rrk -= 4; rk += 4; *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; }
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { unsigned long x, y, z, A; unsigned char B[8]; _ARGCHK(key != NULL); _ARGCHK(skey != NULL); /* check key length */ if (keylen < 8 || keylen > 56) { return CRYPT_INVALID_KEYSIZE; } /* check rounds */ if (num_rounds != 0 && num_rounds != 16) { return CRYPT_INVALID_ROUNDS; } /* load in key bytes (Supplied by David Hopwood) */ for (x = y = 0; x < 18; x++) { A = 0; for (z = 0; z < 4; z++) { A = (A << 8) | ((unsigned long)key[y++ % keylen]); } skey->blowfish.K[x] = ORIG_P[x] ^ A; } /* copy sboxes */ for (x = 0; x < 4; x++) { for (y = 0; y < 256; y++) { skey->blowfish.S[x][y] = ORIG_S[x][y]; } } /* encrypt K array */ for (x = 0; x < 8; x++) { B[x] = 0; } for (x = 0; x < 18; x += 2) { /* encrypt it */ blowfish_ecb_encrypt(B, B, skey); /* copy it */ LOAD32H(skey->blowfish.K[x], &B[0]); LOAD32H(skey->blowfish.K[x+1], &B[4]); } /* encrypt S array */ for (x = 0; x < 4; x++) { for (y = 0; y < 256; y += 2) { /* encrypt it */ blowfish_ecb_encrypt(B, B, skey); /* copy it */ LOAD32H(skey->blowfish.S[x][y], &B[0]); LOAD32H(skey->blowfish.S[x][y+1], &B[4]); } } #ifdef CLEAN_STACK zeromem(B, sizeof(B)); #endif return CRYPT_OK; }
/** Initialize the AES (Rijndael) block cipher @param key The symmetric key you wish to pass @param keylen The key length in bytes @param num_rounds The number of rounds desired (0 for default) @param skey The key in as scheduled by this function. @return CRYPT_OK if successful */ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { int i, j; ulong32 temp, *rk; #ifndef ENCRYPT_ONLY ulong32 *rrk; #endif LTC_ARGCHK(key != NULL); LTC_ARGCHK(skey != NULL); if (keylen != 16 && keylen != 24 && keylen != 32) { return CRYPT_INVALID_KEYSIZE; } if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) { return CRYPT_INVALID_ROUNDS; } skey->rijndael.Nr = 10 + ((keylen/8)-2)*2; /* setup the forward key */ i = 0; rk = skey->rijndael.eK; LOAD32H(rk[0], key ); LOAD32H(rk[1], key + 4); LOAD32H(rk[2], key + 8); LOAD32H(rk[3], key + 12); if (keylen == 16) { j = 44; for (;;) { temp = rk[3]; rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; if (++i == 10) { break; } rk += 4; } } else if (keylen == 24) { j = 52; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); for (;;) { #ifdef _MSC_VER temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; #else temp = rk[5]; #endif rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; rk[ 9] = rk[ 3] ^ rk[ 8]; if (++i == 8) { break; } rk[10] = rk[ 4] ^ rk[ 9]; rk[11] = rk[ 5] ^ rk[10]; rk += 6; } } else if (keylen == 32) { j = 60; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); LOAD32H(rk[6], key + 24); LOAD32H(rk[7], key + 28); for (;;) { #ifdef _MSC_VER temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; #else temp = rk[7]; #endif rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; rk[11] = rk[ 3] ^ rk[10]; if (++i == 7) { break; } temp = rk[11]; rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8)); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; rk += 8; } } else { /* this can't happen */ return CRYPT_ERROR; } #ifndef ENCRYPT_ONLY /* setup the inverse key now */ rk = skey->rijndael.dK; rrk = skey->rijndael.eK + j - 4; /* apply the inverse MixColumn transform to all round keys but the first and the last: */ /* copy first */ *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; rk -= 3; rrk -= 3; for (i = 1; i < skey->rijndael.Nr; i++) { rrk -= 4; rk += 4; #ifdef LTC_SMALL_CODE temp = rrk[0]; rk[0] = setup_mix2(temp); temp = rrk[1]; rk[1] = setup_mix2(temp); temp = rrk[2]; rk[2] = setup_mix2(temp); temp = rrk[3]; rk[3] = setup_mix2(temp); #else temp = rrk[0]; rk[0] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[1]; rk[1] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[2]; rk[2] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; temp = rrk[3]; rk[3] = Tks0[byte(temp, 3)] ^ Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; #endif } /* copy last */ rrk -= 4; rk += 4; *rk++ = *rrk++; *rk++ = *rrk++; *rk++ = *rrk++; *rk = *rrk; #endif /* ENCRYPT_ONLY */ return CRYPT_OK; }
//SHA-1 compress process static void __fastcall SHA1_Compress( SHA1_State *sha1, uint8_t *buf) { SHA1_INT32 a = 0, b = 0, c = 0, d = 0, e = 0, W[80U] = {0}; size_t Index = 0; //Copy the state into 512-bits into W[0..15]. for (Index = 0;Index < 16U;++Index) LOAD32H(W[Index], buf + (4U * Index)); //Copy state. a = sha1->State[0]; b = sha1->State[1U]; c = sha1->State[2U]; d = sha1->State[3U]; e = sha1->State[4U]; //Expand it. for (Index = 16U;Index < 80U;++Index) W[Index] = ROL(W[Index - 3U] ^ W[Index - 8U] ^ W[Index - 14U] ^ W[Index - 16U], 1); //Compress. //Round 1 #define SHA1_FF0(a, b, c, d, e, Index) e = (ROLc(a, 5) + SHA1_F0(b, c, d) + e + W[Index] + 0x5A827999UL); b = ROLc(b, 30); #define SHA1_FF1(a, b, c, d, e, Index) e = (ROLc(a, 5) + SHA1_F1(b, c, d) + e + W[Index] + 0x6ED9EBA1UL); b = ROLc(b, 30); #define SHA1_FF2(a, b, c, d, e, Index) e = (ROLc(a, 5) + SHA1_F2(b, c, d) + e + W[Index] + 0x8F1BBCDCUL); b = ROLc(b, 30); #define SHA1_FF3(a, b, c, d, e, Index) e = (ROLc(a, 5) + SHA1_F3(b, c, d) + e + W[Index] + 0xCA62C1D6UL); b = ROLc(b, 30); for (Index = 0;Index < 20U;) { SHA1_FF0(a, b, c, d, e, Index++); SHA1_FF0(e, a, b, c, d, Index++); SHA1_FF0(d, e, a, b, c, Index++); SHA1_FF0(c, d, e, a, b, Index++); SHA1_FF0(b, c, d, e, a, Index++); } //Round 2 for (;Index < 40U;) { SHA1_FF1(a, b, c, d, e, Index++); SHA1_FF1(e, a, b, c, d, Index++); SHA1_FF1(d, e, a, b, c, Index++); SHA1_FF1(c, d, e, a, b, Index++); SHA1_FF1(b, c, d, e, a, Index++); } //Round 3 for (;Index < 60U;) { SHA1_FF2(a, b, c, d, e, Index++); SHA1_FF2(e, a, b, c, d, Index++); SHA1_FF2(d, e, a, b, c, Index++); SHA1_FF2(c, d, e, a, b, Index++); SHA1_FF2(b, c, d, e, a, Index++); } //Round 4 for (;Index < 80U;) { SHA1_FF3(a, b, c, d, e, Index++); SHA1_FF3(e, a, b, c, d, Index++); SHA1_FF3(d, e, a, b, c, Index++); SHA1_FF3(c, d, e, a, b, Index++); SHA1_FF3(b, c, d, e, a, Index++); } #undef SHA1_FF0 #undef SHA1_FF1 #undef SHA1_FF2 #undef SHA1_FF3 //Store. sha1->State[0] = sha1->State[0] + a; sha1->State[1U] = sha1->State[1U] + b; sha1->State[2U] = sha1->State[2U] + c; sha1->State[3U] = sha1->State[3U] + d; sha1->State[4U] = sha1->State[4U] + e; return; }
static int sha1_compress(sha1_state* state, const unsigned char* buf) { ulong32 a, b, c, d, e, W[80], i; ulong32 t; /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], buf + (4 * i)); } /* copy state */ a = state->state[0]; b = state->state[1]; c = state->state[2]; d = state->state[3]; e = state->state[4]; /* expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); } /* compress */ /* round one */ #define FF0(a, b, c, d, e, i) \ e = (ROLc(a, 5) + F0(b, c, d) + e + W[i] + 0x5a827999UL); \ b = ROLc(b, 30); #define FF1(a, b, c, d, e, i) \ e = (ROLc(a, 5) + F1(b, c, d) + e + W[i] + 0x6ed9eba1UL); \ b = ROLc(b, 30); #define FF2(a, b, c, d, e, i) \ e = (ROLc(a, 5) + F2(b, c, d) + e + W[i] + 0x8f1bbcdcUL); \ b = ROLc(b, 30); #define FF3(a, b, c, d, e, i) \ e = (ROLc(a, 5) + F3(b, c, d) + e + W[i] + 0xca62c1d6UL); \ b = ROLc(b, 30); for (i = 0; i < 20;) { FF0(a, b, c, d, e, i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 40;) { FF1(a, b, c, d, e, i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 60;) { FF2(a, b, c, d, e, i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 80;) { FF3(a, b, c, d, e, i++); t = e; e = d; d = c; c = b; b = a; a = t; } #undef FF0 #undef FF1 #undef FF2 #undef FF3 /* store */ state->state[0] = state->state[0] + a; state->state[1] = state->state[1] + b; state->state[2] = state->state[2] + c; state->state[3] = state->state[3] + d; state->state[4] = state->state[4] + e; return CRYPT_OK; }
static void csp_sha1_compress(csp_sha1_state * sha1, const uint8_t * buf) { uint32_t a, b, c, d, e, W[80], i; /* Copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) LOAD32H(W[i], buf + (4*i)); /* Copy state */ a = sha1->state[0]; b = sha1->state[1]; c = sha1->state[2]; d = sha1->state[3]; e = sha1->state[4]; /* Expand it */ for (i = 16; i < 80; i++) W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); /* Compress */ i = 0; /* Round one */ for (; i < 20;) { FF_0(a, b, c, d, e, i++); FF_0(e, a, b, c, d, i++); FF_0(d, e, a, b, c, i++); FF_0(c, d, e, a, b, i++); FF_0(b, c, d, e, a, i++); } /* Round two */ for (; i < 40;) { FF_1(a, b, c, d, e, i++); FF_1(e, a, b, c, d, i++); FF_1(d, e, a, b, c, i++); FF_1(c, d, e, a, b, i++); FF_1(b, c, d, e, a, i++); } /* Round three */ for (; i < 60;) { FF_2(a, b, c, d, e, i++); FF_2(e, a, b, c, d, i++); FF_2(d, e, a, b, c, i++); FF_2(c, d, e, a, b, i++); FF_2(b, c, d, e, a, i++); } /* Round four */ for (; i < 80;) { FF_3(a, b, c, d, e, i++); FF_3(e, a, b, c, d, i++); FF_3(d, e, a, b, c, i++); FF_3(c, d, e, a, b, i++); FF_3(b, c, d, e, a, i++); } /* Store */ sha1->state[0] += a; sha1->state[1] += b; sha1->state[2] += c; sha1->state[3] += d; sha1->state[4] += e; }
static void sha1_compress(psDigestContext_t *md) #endif /* USE_BURN_STACK */ { uint32 a,b,c,d,e,W[80],i; #ifndef PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE uint32 t; #endif psAssert(md != NULL); /* copy the state into 512-bits into W[0..15] */ for (i = 0; i < 16; i++) { LOAD32H(W[i], md->sha1.buf + (4*i)); } /* copy state */ a = md->sha1.state[0]; b = md->sha1.state[1]; c = md->sha1.state[2]; d = md->sha1.state[3]; e = md->sha1.state[4]; /* expand it */ for (i = 16; i < 80; i++) { W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); } /* compress */ /* round one */ #define FF0(a,b,c,d,e,i) e = (ROL(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROL(b, 30); #define FF1(a,b,c,d,e,i) e = (ROL(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROL(b, 30); #define FF2(a,b,c,d,e,i) e = (ROL(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROL(b, 30); #define FF3(a,b,c,d,e,i) e = (ROL(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROL(b, 30); #ifndef PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 40; ) { FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 60; ) { FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } for (; i < 80; ) { FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; } #else /* PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE */ for (i = 0; i < 20; ) { FF0(a,b,c,d,e,i++); FF0(e,a,b,c,d,i++); FF0(d,e,a,b,c,i++); FF0(c,d,e,a,b,i++); FF0(b,c,d,e,a,i++); } /* round two */ for (; i < 40; ) { FF1(a,b,c,d,e,i++); FF1(e,a,b,c,d,i++); FF1(d,e,a,b,c,i++); FF1(c,d,e,a,b,i++); FF1(b,c,d,e,a,i++); } /* round three */ for (; i < 60; ) { FF2(a,b,c,d,e,i++); FF2(e,a,b,c,d,i++); FF2(d,e,a,b,c,i++); FF2(c,d,e,a,b,i++); FF2(b,c,d,e,a,i++); } /* round four */ for (; i < 80; ) { FF3(a,b,c,d,e,i++); FF3(e,a,b,c,d,i++); FF3(d,e,a,b,c,i++); FF3(c,d,e,a,b,i++); FF3(b,c,d,e,a,i++); } #endif /* PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE */ #undef FF0 #undef FF1 #undef FF2 #undef FF3 /* store */ md->sha1.state[0] = md->sha1.state[0] + a; md->sha1.state[1] = md->sha1.state[1] + b; md->sha1.state[2] = md->sha1.state[2] + c; md->sha1.state[3] = md->sha1.state[3] + d; md->sha1.state[4] = md->sha1.state[4] + e; }