From b21162cf8e06f40baa1f58be6a8c17435cebc34d Mon Sep 17 00:00:00 2001 From: weidai Date: Fri, 4 Oct 2002 17:31:41 +0000 Subject: Initial revision git-svn-id: svn://svn.code.sf.net/p/cryptopp/code/trunk/c5@2 57ff6487-cd31-0410-9ec3-f628ee90f5f0 --- mars.cpp | 210 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 210 insertions(+) create mode 100644 mars.cpp (limited to 'mars.cpp') diff --git a/mars.cpp b/mars.cpp new file mode 100644 index 0000000..804c9b1 --- /dev/null +++ b/mars.cpp @@ -0,0 +1,210 @@ +// mars.cpp - modified by Sean Woods from Brian Gladman's mars6.c for Crypto++ +// key setup updated by Wei Dai to reflect IBM's "tweak" proposed in August 1999 + +/* This is an independent implementation of the MARS encryption */ +/* algorithm designed by a team at IBM as a candidate for the US */ +/* NIST Advanced Encryption Standard (AES) effort. The algorithm */ +/* is subject to Patent action by IBM, who intend to offer royalty */ +/* free use if a Patent is granted. */ +/* */ +/* Copyright in this implementation is held by Dr B R Gladman but */ +/* I hereby give permission for its free direct or derivative use */ +/* subject to acknowledgment of its origin and compliance with any */ +/* constraints that IBM place on the use of the MARS algorithm. */ +/* */ +/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 4th October 1998 */ + +#include "pch.h" +#include "mars.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +ANONYMOUS_NAMESPACE_BEGIN +static word32 gen_mask(word32 x) +{ + word32 m; + + m = (~x ^ (x >> 1)) & 0x7fffffff; + m &= (m >> 1) & (m >> 2); m &= (m >> 3) & (m >> 6); + + if(!m) + return 0; + + m <<= 1; m |= (m << 1); m |= (m << 2); m |= (m << 4); + m |= (m << 1) & ~x & 0x80000000; + + return m & 0xfffffffc; +}; +NAMESPACE_END + +void MARS::Base::UncheckedSetKey(CipherDir direction, const byte *userKey, unsigned int length) +{ + AssertValidKeyLength(length); + + // Initialize T[] with the key data + FixedSizeSecBlock T; + GetUserKey(LITTLE_ENDIAN_ORDER, T.begin(), 15, userKey, length); + T[length/4] = length/4; + + for (unsigned int j=0; j<4; j++) // compute 10 words of K[] in each iteration + { + unsigned int i; + // Do linear transformation + for (i=0; i<15; i++) + T[i] = T[i] ^ rotlFixed(T[(i+8)%15] ^ T[(i+13)%15], 3) ^ (4*i+j); + + // Do four rounds of stirring + for (unsigned int k=0; k<4; k++) + for (i=0; i<15; i++) + T[i] = rotlFixed(T[i] + Sbox[T[(i+14)%15]%512], 9); + + // Store next 10 key words into K[] + for (i=0; i<10; i++) + EK[10*j+i] = T[4*i%15]; + } + + // Modify multiplication key-words + for(unsigned int i = 5; i < 37; i += 2) + { + word32 w = EK[i] | 3; + word32 m = gen_mask(w); + if(m) + w ^= (rotlMod(Sbox[265 + (EK[i] & 3)], EK[i-1]) & m); + EK[i] = w; + } +} + +#define f_mix(a,b,c,d) \ + r = rotrFixed(a, 8); \ + b ^= Sbox[a & 255]; \ + b += Sbox[(r & 255) + 256]; \ + r = rotrFixed(a, 16); \ + a = rotrFixed(a, 24); \ + c += Sbox[r & 255]; \ + d ^= Sbox[(a & 255) + 256] + +#define b_mix(a,b,c,d) \ + r = rotlFixed(a, 8); \ + b ^= Sbox[(a & 255) + 256]; \ + c -= Sbox[r & 255]; \ + r = rotlFixed(a, 16); \ + a = rotlFixed(a, 24); \ + d -= Sbox[(r & 255) + 256]; \ + d ^= Sbox[a & 255] + +#define f_ktr(a,b,c,d,i) \ + m = a + EK[i]; \ + a = rotlFixed(a, 13); \ + r = a * EK[i + 1]; \ + l = Sbox[m & 511]; \ + r = rotlFixed(r, 5); \ + l ^= r; \ + c += rotlMod(m, r); \ + r = rotlFixed(r, 5); \ + l ^= r; \ + d ^= r; \ + b += rotlMod(l, r) + +#define r_ktr(a,b,c,d,i) \ + r = a * EK[i + 1]; \ + a = rotrFixed(a, 13); \ + m = a + EK[i]; \ + l = Sbox[m & 511]; \ + r = rotlFixed(r, 5); \ + l ^= r; \ + c -= rotlMod(m, r); \ + r = rotlFixed(r, 5); \ + l ^= r; \ + d ^= r; \ + b -= rotlMod(l, r) + +typedef BlockGetAndPut Block; + +void MARS::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + word32 a, b, c, d, l, m, r; + + Block::Get(inBlock)(a)(b)(c)(d); + + a += EK[0]; + b += EK[1]; + c += EK[2]; + d += EK[3]; + + int i; + for (i = 0; i < 2; i++) { + f_mix(a,b,c,d); + a += d; + f_mix(b,c,d,a); + b += c; + f_mix(c,d,a,b); + f_mix(d,a,b,c); + } + + f_ktr(a,b,c,d, 4); f_ktr(b,c,d,a, 6); f_ktr(c,d,a,b, 8); f_ktr(d,a,b,c,10); + f_ktr(a,b,c,d,12); f_ktr(b,c,d,a,14); f_ktr(c,d,a,b,16); f_ktr(d,a,b,c,18); + f_ktr(a,d,c,b,20); f_ktr(b,a,d,c,22); f_ktr(c,b,a,d,24); f_ktr(d,c,b,a,26); + f_ktr(a,d,c,b,28); f_ktr(b,a,d,c,30); f_ktr(c,b,a,d,32); f_ktr(d,c,b,a,34); + + for (i = 0; i < 2; i++) { + b_mix(a,b,c,d); + b_mix(b,c,d,a); + c -= b; + b_mix(c,d,a,b); + d -= a; + b_mix(d,a,b,c); + } + + a -= EK[36]; + b -= EK[37]; + c -= EK[38]; + d -= EK[39]; + + Block::Put(xorBlock, outBlock)(a)(b)(c)(d); +} + +void MARS::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + word32 a, b, c, d, l, m, r; + + Block::Get(inBlock)(d)(c)(b)(a); + + d += EK[36]; + c += EK[37]; + b += EK[38]; + a += EK[39]; + + int i; + for (i = 0; i < 2; i++) { + f_mix(a,b,c,d); + a += d; + f_mix(b,c,d,a); + b += c; + f_mix(c,d,a,b); + f_mix(d,a,b,c); + } + + r_ktr(a,b,c,d,34); r_ktr(b,c,d,a,32); r_ktr(c,d,a,b,30); r_ktr(d,a,b,c,28); + r_ktr(a,b,c,d,26); r_ktr(b,c,d,a,24); r_ktr(c,d,a,b,22); r_ktr(d,a,b,c,20); + r_ktr(a,d,c,b,18); r_ktr(b,a,d,c,16); r_ktr(c,b,a,d,14); r_ktr(d,c,b,a,12); + r_ktr(a,d,c,b,10); r_ktr(b,a,d,c, 8); r_ktr(c,b,a,d, 6); r_ktr(d,c,b,a, 4); + + for (i = 0; i < 2; i++) { + b_mix(a,b,c,d); + b_mix(b,c,d,a); + c -= b; + b_mix(c,d,a,b); + d -= a; + b_mix(d,a,b,c); + } + + d -= EK[0]; + c -= EK[1]; + b -= EK[2]; + a -= EK[3]; + + Block::Put(xorBlock, outBlock)(d)(c)(b)(a); +} + +NAMESPACE_END -- cgit v1.2.1