Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wine-mirror
GitHub Repository: wine-mirror/wine
 Path: blob/master/libs/tomcrypt/src/ciphers/rc2.c
5971 views
1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis

2
 *

3
 * LibTomCrypt is a library that provides various cryptographic

4
 * algorithms in a highly modular and flexible manner.

5
 *

6
 * The library is free for all purposes without any express

7
 * guarantee it works.

8
 */

9
/**********************************************************************\

10
* To commemorate the 1996 RSA Data Security Conference, the following  *

11
* code is released into the public domain by its author.  Prost!       *

12
*                                                                      *

13
* This cipher uses 16-bit words and little-endian byte ordering.       *

14
* I wonder which processor it was optimized for?                       *

15
*                                                                      *

16
* Thanks to CodeView, SoftIce, and D86 for helping bring this code to  *

17
* the public.                                                          *

18
\**********************************************************************/

19
#include "tomcrypt.h"

20


21
/**

22
  @file rc2.c

23
  Implementation of RC2 with fixed effective key length of 64bits

24
*/

25


26
#ifdef LTC_RC2

27


28
const struct ltc_cipher_descriptor rc2_desc = {

29
   "rc2",

30
   12, 8, 128, 8, 16,

31
   &rc2_setup,

32
   &rc2_ecb_encrypt,

33
   &rc2_ecb_decrypt,

34
   &rc2_test,

35
   &rc2_done,

36
   &rc2_keysize,

37
   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL

38
};

39


40
/* 256-entry permutation table, probably derived somehow from pi */

41
static const unsigned char permute[256] = {

42
        217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,

43
        198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,

44
         23,154, 89,245,135,179, 79, 19, 97, 69,109,141,  9,129,125, 50,

45
        189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,

46
         84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,

47
         18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,

48
        111,191, 14,218, 70,105,  7, 87, 39,242, 29,155,188,148, 67,  3,

49
        248, 17,199,246,144,239, 62,231,  6,195,213, 47,200,102, 30,215,

50
          8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,

51
        150, 26,210,113, 90, 21, 73,116, 75,159,208, 94,  4, 24,164,236,

52
        194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,

53
        153,124, 58,133, 35,184,180,122,252,  2, 54, 91, 37, 85,151, 49,

54
         45, 93,250,152,227,138,146,174,  5,223, 41, 16,103,108,186,201,

55
        211,  0,230,207,225,158,168, 44, 99, 22,  1, 63, 88,226,137,169,

56
         13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,

57
        197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173

58
};

59


60
 /**

61
    Initialize the RC2 block cipher

62
    @param key The symmetric key you wish to pass

63
    @param keylen The key length in bytes

64
    @param bits The effective key length in bits

65
    @param num_rounds The number of rounds desired (0 for default)

66
    @param skey The key in as scheduled by this function.

67
    @return CRYPT_OK if successful

68
 */

69
int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey)

70
{

71
   unsigned *xkey = skey->rc2.xkey;

72
   unsigned char tmp[128];

73
   unsigned T8, TM;

74
   int i;

75


76
   LTC_ARGCHK(key  != NULL);

77
   LTC_ARGCHK(skey != NULL);

78


79
   if (keylen == 0 || keylen > 128 || bits > 1024) {

80
      return CRYPT_INVALID_KEYSIZE;

81
   }

82
   if (bits == 0) {

83
      bits = 1024;

84
   }

85


86
   if (num_rounds != 0 && num_rounds != 16) {

87
      return CRYPT_INVALID_ROUNDS;

88
   }

89


90
   for (i = 0; i < keylen; i++) {

91
      tmp[i] = key[i] & 255;

92
   }

93


94
   /* Phase 1: Expand input key to 128 bytes */

95
   if (keylen < 128) {

96
      for (i = keylen; i < 128; i++) {

97
         tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255];

98
      }

99
   }

100


101
   /* Phase 2 - reduce effective key size to "bits" */

102
   T8   = (unsigned)(bits+7)>>3;

103
   TM   = (255 >> (unsigned)(7 & -bits));

104
   tmp[128 - T8] = permute[tmp[128 - T8] & TM];

105
   for (i = 127 - T8; i >= 0; i--) {

106
      tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]];

107
   }

108


109
   /* Phase 3 - copy to xkey in little-endian order */

110
   for (i = 0; i < 64; i++) {

111
      xkey[i] =  (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);

112
   }

113


114
#ifdef LTC_CLEAN_STACK

115
   zeromem(tmp, sizeof(tmp));

116
#endif

117


118
   return CRYPT_OK;

119
}

120


121
/**

122
   Initialize the RC2 block cipher

123


124
     The effective key length is here always keylen * 8

125


126
   @param key The symmetric key you wish to pass

127
   @param keylen The key length in bytes

128
   @param num_rounds The number of rounds desired (0 for default)

129
   @param skey The key in as scheduled by this function.

130
   @return CRYPT_OK if successful

131
*/

132
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)

133
{

134
   return rc2_setup_ex(key, keylen, keylen * 8, num_rounds, skey);

135
}

136


137
/**********************************************************************\

138
* Encrypt an 8-byte block of plaintext using the given key.            *

139
\**********************************************************************/

140
/**

141
  Encrypts a block of text with RC2

142
  @param pt The input plaintext (8 bytes)

143
  @param ct The output ciphertext (8 bytes)

144
  @param skey The key as scheduled

145
  @return CRYPT_OK if successful

146
*/

147
#ifdef LTC_CLEAN_STACK

148
static int _rc2_ecb_encrypt( const unsigned char *pt,

149
                            unsigned char *ct,

150
                            symmetric_key *skey)

151
#else

152
int rc2_ecb_encrypt( const unsigned char *pt,

153
                            unsigned char *ct,

154
                            symmetric_key *skey)

155
#endif

156
{

157
    unsigned *xkey;

158
    unsigned x76, x54, x32, x10, i;

159


160
    LTC_ARGCHK(pt  != NULL);

161
    LTC_ARGCHK(ct != NULL);

162
    LTC_ARGCHK(skey   != NULL);

163


164
    xkey = skey->rc2.xkey;

165


166
    x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6];

167
    x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4];

168
    x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2];

169
    x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0];

170


171
    for (i = 0; i < 16; i++) {

172
        x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;

173
        x10 = ((x10 << 1) | (x10 >> 15));

174


175
        x32 = (x32 + (x54 & ~x10) + (x76 & x10) + xkey[4*i+1]) & 0xFFFF;

176
        x32 = ((x32 << 2) | (x32 >> 14));

177


178
        x54 = (x54 + (x76 & ~x32) + (x10 & x32) + xkey[4*i+2]) & 0xFFFF;

179
        x54 = ((x54 << 3) | (x54 >> 13));

180


181
        x76 = (x76 + (x10 & ~x54) + (x32 & x54) + xkey[4*i+3]) & 0xFFFF;

182
        x76 = ((x76 << 5) | (x76 >> 11));

183


184
        if (i == 4 || i == 10) {

185
            x10 = (x10 + xkey[x76 & 63]) & 0xFFFF;

186
            x32 = (x32 + xkey[x10 & 63]) & 0xFFFF;

187
            x54 = (x54 + xkey[x32 & 63]) & 0xFFFF;

188
            x76 = (x76 + xkey[x54 & 63]) & 0xFFFF;

189
        }

190
    }

191


192
    ct[0] = (unsigned char)x10;

193
    ct[1] = (unsigned char)(x10 >> 8);

194
    ct[2] = (unsigned char)x32;

195
    ct[3] = (unsigned char)(x32 >> 8);

196
    ct[4] = (unsigned char)x54;

197
    ct[5] = (unsigned char)(x54 >> 8);

198
    ct[6] = (unsigned char)x76;

199
    ct[7] = (unsigned char)(x76 >> 8);

200


201
    return CRYPT_OK;

202
}

203


204
#ifdef LTC_CLEAN_STACK

205
int rc2_ecb_encrypt( const unsigned char *pt,

206
                            unsigned char *ct,

207
                            symmetric_key *skey)

208
{

209
    int err = _rc2_ecb_encrypt(pt, ct, skey);

210
    burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);

211
    return err;

212
}

213
#endif

214


215
/**********************************************************************\

216
* Decrypt an 8-byte block of ciphertext using the given key.           *

217
\**********************************************************************/

218
/**

219
  Decrypts a block of text with RC2

220
  @param ct The input ciphertext (8 bytes)

221
  @param pt The output plaintext (8 bytes)

222
  @param skey The key as scheduled

223
  @return CRYPT_OK if successful

224
*/

225
#ifdef LTC_CLEAN_STACK

226
static int _rc2_ecb_decrypt( const unsigned char *ct,

227
                            unsigned char *pt,

228
                            symmetric_key *skey)

229
#else

230
int rc2_ecb_decrypt( const unsigned char *ct,

231
                            unsigned char *pt,

232
                            symmetric_key *skey)

233
#endif

234
{

235
    unsigned x76, x54, x32, x10;

236
    unsigned *xkey;

237
    int i;

238


239
    LTC_ARGCHK(pt  != NULL);

240
    LTC_ARGCHK(ct != NULL);

241
    LTC_ARGCHK(skey   != NULL);

242


243
    xkey = skey->rc2.xkey;

244


245
    x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6];

246
    x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4];

247
    x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2];

248
    x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0];

249


250
    for (i = 15; i >= 0; i--) {

251
        if (i == 4 || i == 10) {

252
            x76 = (x76 - xkey[x54 & 63]) & 0xFFFF;

253
            x54 = (x54 - xkey[x32 & 63]) & 0xFFFF;

254
            x32 = (x32 - xkey[x10 & 63]) & 0xFFFF;

255
            x10 = (x10 - xkey[x76 & 63]) & 0xFFFF;

256
        }

257


258
        x76 = ((x76 << 11) | (x76 >> 5));

259
        x76 = (x76 - ((x10 & ~x54) + (x32 & x54) + xkey[4*i+3])) & 0xFFFF;

260


261
        x54 = ((x54 << 13) | (x54 >> 3));

262
        x54 = (x54 - ((x76 & ~x32) + (x10 & x32) + xkey[4*i+2])) & 0xFFFF;

263


264
        x32 = ((x32 << 14) | (x32 >> 2));

265
        x32 = (x32 - ((x54 & ~x10) + (x76 & x10) + xkey[4*i+1])) & 0xFFFF;

266


267
        x10 = ((x10 << 15) | (x10 >> 1));

268
        x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;

269
    }

270


271
    pt[0] = (unsigned char)x10;

272
    pt[1] = (unsigned char)(x10 >> 8);

273
    pt[2] = (unsigned char)x32;

274
    pt[3] = (unsigned char)(x32 >> 8);

275
    pt[4] = (unsigned char)x54;

276
    pt[5] = (unsigned char)(x54 >> 8);

277
    pt[6] = (unsigned char)x76;

278
    pt[7] = (unsigned char)(x76 >> 8);

279


280
    return CRYPT_OK;

281
}

282


283
#ifdef LTC_CLEAN_STACK

284
int rc2_ecb_decrypt( const unsigned char *ct,

285
                            unsigned char *pt,

286
                            symmetric_key *skey)

287
{

288
    int err = _rc2_ecb_decrypt(ct, pt, skey);

289
    burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));

290
    return err;

291
}

292
#endif

293


294
/**

295
  Performs a self-test of the RC2 block cipher

296
  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled

297
*/

298
int rc2_test(void)

299
{

300
 #ifndef LTC_TEST

301
    return CRYPT_NOP;

302
 #else

303
   static const struct {

304
        int keylen, bits;

305
        unsigned char key[16], pt[8], ct[8];

306
   } tests[] = {

307


308
   { 8, 63,

309
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

310
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

311
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

312
     { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }

313
   },

314
   { 8, 64,

315
     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

316
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

317
     { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },

318
     { 0x27, 0x8b, 0x27, 0xe4, 0x2e, 0x2f, 0x0d, 0x49 }

319
   },

320
   { 8, 64,

321
     { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

322
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

323
     { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },

324
     { 0x30, 0x64, 0x9e, 0xdf, 0x9b, 0xe7, 0xd2, 0xc2 }

325
   },

326
   { 1, 64,

327
     { 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

328
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

329
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

330
     { 0x61, 0xa8, 0xa2, 0x44, 0xad, 0xac, 0xcc, 0xf0 }

331
   },

332
   { 7, 64,

333
     { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x00,

334
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

335
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

336
     { 0x6c, 0xcf, 0x43, 0x08, 0x97, 0x4c, 0x26, 0x7f }

337
   },

338
   { 16, 64,

339
     { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f,

340
       0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2 },

341
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

342
     { 0x1a, 0x80, 0x7d, 0x27, 0x2b, 0xbe, 0x5d, 0xb1 }

343
   },

344
   { 16, 128,

345
     { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f,

346
       0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2 },

347
     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },

348
     { 0x22, 0x69, 0x55, 0x2a, 0xb0, 0xf8, 0x5c, 0xa6 }

349
   }

350
  };

351
    int x, y, err;

352
    symmetric_key skey;

353
    unsigned char tmp[2][8];

354


355
    for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) {

356
        zeromem(tmp, sizeof(tmp));

357
        if (tests[x].bits == (tests[x].keylen * 8)) {

358
           if ((err = rc2_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) {

359
              return err;

360
           }

361
        }

362
        else {

363
           if ((err = rc2_setup_ex(tests[x].key, tests[x].keylen, tests[x].bits, 0, &skey)) != CRYPT_OK) {

364
              return err;

365
           }

366
        }

367


368
        rc2_ecb_encrypt(tests[x].pt, tmp[0], &skey);

369
        rc2_ecb_decrypt(tmp[0], tmp[1], &skey);

370


371
        if (compare_testvector(tmp[0], 8, tests[x].ct, 8, "RC2 CT", x) ||

372
              compare_testvector(tmp[1], 8, tests[x].pt, 8, "RC2 PT", x)) {

373
           return CRYPT_FAIL_TESTVECTOR;

374
        }

375


376
      /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */

377
      for (y = 0; y < 8; y++) tmp[0][y] = 0;

378
      for (y = 0; y < 1000; y++) rc2_ecb_encrypt(tmp[0], tmp[0], &skey);

379
      for (y = 0; y < 1000; y++) rc2_ecb_decrypt(tmp[0], tmp[0], &skey);

380
      for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;

381
    }

382
    return CRYPT_OK;

383
   #endif

384
}

385


386
/** Terminate the context

387
   @param skey    The scheduled key

388
*/

389
void rc2_done(symmetric_key *skey)

390
{

391
  LTC_UNUSED_PARAM(skey);

392
}

393


394
/**

395
  Gets suitable key size

396
  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

397
  @return CRYPT_OK if the input key size is acceptable.

398
*/

399
int rc2_keysize(int *keysize)

400
{

401
   LTC_ARGCHK(keysize != NULL);

402
   if (*keysize < 1) {

403
       return CRYPT_INVALID_KEYSIZE;

404
   } else if (*keysize > 128) {

405
       *keysize = 128;

406
   }

407
   return CRYPT_OK;

408
}

409


410
#endif

411


412