Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

wolfcrypt/src/hc128.c@16:048e5e270a58, 2019-11-19 (annotated)

Committer:
sPymbed
Date:
Tue Nov 19 14:32:16 2019 +0000
Revision:
16:048e5e270a58
Parent:
15:117db924cf7c 
working ssl

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* hc128.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 15:117db924cf7c 3 * Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 28
wolfSSL 15:117db924cf7c 29 #ifdef HAVE_HC128
wolfSSL 15:117db924cf7c 30
wolfSSL 15:117db924cf7c 31 #include <wolfssl/wolfcrypt/hc128.h>
wolfSSL 15:117db924cf7c 32 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 15:117db924cf7c 33 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 15:117db924cf7c 34 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 35 #include <wolfssl/wolfcrypt/hc128.h>
wolfSSL 15:117db924cf7c 36 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 37 #else
wolfSSL 15:117db924cf7c 38 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 39 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 40 #endif
wolfSSL 15:117db924cf7c 41
wolfSSL 15:117db924cf7c 42
wolfSSL 15:117db924cf7c 43 #ifdef BIG_ENDIAN_ORDER
wolfSSL 15:117db924cf7c 44 #define LITTLE32(x) ByteReverseWord32(x)
wolfSSL 15:117db924cf7c 45 #else
wolfSSL 15:117db924cf7c 46 #define LITTLE32(x) (x)
wolfSSL 15:117db924cf7c 47 #endif
wolfSSL 15:117db924cf7c 48
wolfSSL 15:117db924cf7c 49
wolfSSL 15:117db924cf7c 50 /*h1 function*/
wolfSSL 15:117db924cf7c 51 #define h1(ctx, x, y) { \
wolfSSL 15:117db924cf7c 52 byte a,c; \
wolfSSL 15:117db924cf7c 53 a = (byte) (x); \
wolfSSL 15:117db924cf7c 54 c = (byte) ((x) >> 16); \
wolfSSL 15:117db924cf7c 55 y = (ctx->T[512+a])+(ctx->T[512+256+c]); \
wolfSSL 15:117db924cf7c 56 }
wolfSSL 15:117db924cf7c 57
wolfSSL 15:117db924cf7c 58 /*h2 function*/
wolfSSL 15:117db924cf7c 59 #define h2(ctx, x, y) { \
wolfSSL 15:117db924cf7c 60 byte a,c; \
wolfSSL 15:117db924cf7c 61 a = (byte) (x); \
wolfSSL 15:117db924cf7c 62 c = (byte) ((x) >> 16); \
wolfSSL 15:117db924cf7c 63 y = (ctx->T[a])+(ctx->T[256+c]); \
wolfSSL 15:117db924cf7c 64 }
wolfSSL 15:117db924cf7c 65
wolfSSL 15:117db924cf7c 66 /*one step of HC-128, update P and generate 32 bits keystream*/
wolfSSL 15:117db924cf7c 67 #define step_P(ctx,u,v,a,b,c,d,n){ \
wolfSSL 15:117db924cf7c 68 word32 tem0,tem1,tem2,tem3; \
wolfSSL 15:117db924cf7c 69 h1((ctx),(ctx->X[(d)]),tem3); \
wolfSSL 15:117db924cf7c 70 tem0 = rotrFixed((ctx->T[(v)]),23); \
wolfSSL 15:117db924cf7c 71 tem1 = rotrFixed((ctx->X[(c)]),10); \
wolfSSL 15:117db924cf7c 72 tem2 = rotrFixed((ctx->X[(b)]),8); \
wolfSSL 15:117db924cf7c 73 (ctx->T[(u)]) += tem2+(tem0 ^ tem1); \
wolfSSL 15:117db924cf7c 74 (ctx->X[(a)]) = (ctx->T[(u)]); \
wolfSSL 15:117db924cf7c 75 (n) = tem3 ^ (ctx->T[(u)]) ; \
wolfSSL 15:117db924cf7c 76 }
wolfSSL 15:117db924cf7c 77
wolfSSL 15:117db924cf7c 78 /*one step of HC-128, update Q and generate 32 bits keystream*/
wolfSSL 15:117db924cf7c 79 #define step_Q(ctx,u,v,a,b,c,d,n){ \
wolfSSL 15:117db924cf7c 80 word32 tem0,tem1,tem2,tem3; \
wolfSSL 15:117db924cf7c 81 h2((ctx),(ctx->Y[(d)]),tem3); \
wolfSSL 15:117db924cf7c 82 tem0 = rotrFixed((ctx->T[(v)]),(32-23)); \
wolfSSL 15:117db924cf7c 83 tem1 = rotrFixed((ctx->Y[(c)]),(32-10)); \
wolfSSL 15:117db924cf7c 84 tem2 = rotrFixed((ctx->Y[(b)]),(32-8)); \
wolfSSL 15:117db924cf7c 85 (ctx->T[(u)]) += tem2 + (tem0 ^ tem1); \
wolfSSL 15:117db924cf7c 86 (ctx->Y[(a)]) = (ctx->T[(u)]); \
wolfSSL 15:117db924cf7c 87 (n) = tem3 ^ (ctx->T[(u)]) ; \
wolfSSL 15:117db924cf7c 88 }
wolfSSL 15:117db924cf7c 89
wolfSSL 15:117db924cf7c 90 /*16 steps of HC-128, generate 512 bits keystream*/
wolfSSL 15:117db924cf7c 91 static void generate_keystream(HC128* ctx, word32* keystream)
wolfSSL 15:117db924cf7c 92 {
wolfSSL 15:117db924cf7c 93 word32 cc,dd;
wolfSSL 15:117db924cf7c 94 cc = ctx->counter1024 & 0x1ff;
wolfSSL 15:117db924cf7c 95 dd = (cc+16)&0x1ff;
wolfSSL 15:117db924cf7c 96
wolfSSL 15:117db924cf7c 97 if (ctx->counter1024 < 512)
wolfSSL 15:117db924cf7c 98 {
wolfSSL 15:117db924cf7c 99 ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
wolfSSL 15:117db924cf7c 100 step_P(ctx, cc+0, cc+1, 0, 6, 13,4, keystream[0]);
wolfSSL 15:117db924cf7c 101 step_P(ctx, cc+1, cc+2, 1, 7, 14,5, keystream[1]);
wolfSSL 15:117db924cf7c 102 step_P(ctx, cc+2, cc+3, 2, 8, 15,6, keystream[2]);
wolfSSL 15:117db924cf7c 103 step_P(ctx, cc+3, cc+4, 3, 9, 0, 7, keystream[3]);
wolfSSL 15:117db924cf7c 104 step_P(ctx, cc+4, cc+5, 4, 10,1, 8, keystream[4]);
wolfSSL 15:117db924cf7c 105 step_P(ctx, cc+5, cc+6, 5, 11,2, 9, keystream[5]);
wolfSSL 15:117db924cf7c 106 step_P(ctx, cc+6, cc+7, 6, 12,3, 10,keystream[6]);
wolfSSL 15:117db924cf7c 107 step_P(ctx, cc+7, cc+8, 7, 13,4, 11,keystream[7]);
wolfSSL 15:117db924cf7c 108 step_P(ctx, cc+8, cc+9, 8, 14,5, 12,keystream[8]);
wolfSSL 15:117db924cf7c 109 step_P(ctx, cc+9, cc+10,9, 15,6, 13,keystream[9]);
wolfSSL 15:117db924cf7c 110 step_P(ctx, cc+10,cc+11,10,0, 7, 14,keystream[10]);
wolfSSL 15:117db924cf7c 111 step_P(ctx, cc+11,cc+12,11,1, 8, 15,keystream[11]);
wolfSSL 15:117db924cf7c 112 step_P(ctx, cc+12,cc+13,12,2, 9, 0, keystream[12]);
wolfSSL 15:117db924cf7c 113 step_P(ctx, cc+13,cc+14,13,3, 10,1, keystream[13]);
wolfSSL 15:117db924cf7c 114 step_P(ctx, cc+14,cc+15,14,4, 11,2, keystream[14]);
wolfSSL 15:117db924cf7c 115 step_P(ctx, cc+15,dd+0, 15,5, 12,3, keystream[15]);
wolfSSL 15:117db924cf7c 116 }
wolfSSL 15:117db924cf7c 117 else
wolfSSL 15:117db924cf7c 118 {
wolfSSL 15:117db924cf7c 119 ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
wolfSSL 15:117db924cf7c 120 step_Q(ctx, 512+cc+0, 512+cc+1, 0, 6, 13,4, keystream[0]);
wolfSSL 15:117db924cf7c 121 step_Q(ctx, 512+cc+1, 512+cc+2, 1, 7, 14,5, keystream[1]);
wolfSSL 15:117db924cf7c 122 step_Q(ctx, 512+cc+2, 512+cc+3, 2, 8, 15,6, keystream[2]);
wolfSSL 15:117db924cf7c 123 step_Q(ctx, 512+cc+3, 512+cc+4, 3, 9, 0, 7, keystream[3]);
wolfSSL 15:117db924cf7c 124 step_Q(ctx, 512+cc+4, 512+cc+5, 4, 10,1, 8, keystream[4]);
wolfSSL 15:117db924cf7c 125 step_Q(ctx, 512+cc+5, 512+cc+6, 5, 11,2, 9, keystream[5]);
wolfSSL 15:117db924cf7c 126 step_Q(ctx, 512+cc+6, 512+cc+7, 6, 12,3, 10,keystream[6]);
wolfSSL 15:117db924cf7c 127 step_Q(ctx, 512+cc+7, 512+cc+8, 7, 13,4, 11,keystream[7]);
wolfSSL 15:117db924cf7c 128 step_Q(ctx, 512+cc+8, 512+cc+9, 8, 14,5, 12,keystream[8]);
wolfSSL 15:117db924cf7c 129 step_Q(ctx, 512+cc+9, 512+cc+10,9, 15,6, 13,keystream[9]);
wolfSSL 15:117db924cf7c 130 step_Q(ctx, 512+cc+10,512+cc+11,10,0, 7, 14,keystream[10]);
wolfSSL 15:117db924cf7c 131 step_Q(ctx, 512+cc+11,512+cc+12,11,1, 8, 15,keystream[11]);
wolfSSL 15:117db924cf7c 132 step_Q(ctx, 512+cc+12,512+cc+13,12,2, 9, 0, keystream[12]);
wolfSSL 15:117db924cf7c 133 step_Q(ctx, 512+cc+13,512+cc+14,13,3, 10,1, keystream[13]);
wolfSSL 15:117db924cf7c 134 step_Q(ctx, 512+cc+14,512+cc+15,14,4, 11,2, keystream[14]);
wolfSSL 15:117db924cf7c 135 step_Q(ctx, 512+cc+15,512+dd+0, 15,5, 12,3, keystream[15]);
wolfSSL 15:117db924cf7c 136 }
wolfSSL 15:117db924cf7c 137 }
wolfSSL 15:117db924cf7c 138
wolfSSL 15:117db924cf7c 139
wolfSSL 15:117db924cf7c 140 /* The following defines the initialization functions */
wolfSSL 15:117db924cf7c 141 #define f1(x) (rotrFixed((x),7) ^ rotrFixed((x),18) ^ ((x) >> 3))
wolfSSL 15:117db924cf7c 142 #define f2(x) (rotrFixed((x),17) ^ rotrFixed((x),19) ^ ((x) >> 10))
wolfSSL 15:117db924cf7c 143
wolfSSL 15:117db924cf7c 144 /*update table P*/
wolfSSL 15:117db924cf7c 145 #define update_P(ctx,u,v,a,b,c,d){ \
wolfSSL 15:117db924cf7c 146 word32 tem0,tem1,tem2,tem3; \
wolfSSL 15:117db924cf7c 147 tem0 = rotrFixed((ctx->T[(v)]),23); \
wolfSSL 15:117db924cf7c 148 tem1 = rotrFixed((ctx->X[(c)]),10); \
wolfSSL 15:117db924cf7c 149 tem2 = rotrFixed((ctx->X[(b)]),8); \
wolfSSL 15:117db924cf7c 150 h1((ctx),(ctx->X[(d)]),tem3); \
wolfSSL 15:117db924cf7c 151 (ctx->T[(u)]) = ((ctx->T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \
wolfSSL 15:117db924cf7c 152 (ctx->X[(a)]) = (ctx->T[(u)]); \
wolfSSL 15:117db924cf7c 153 }
wolfSSL 15:117db924cf7c 154
wolfSSL 15:117db924cf7c 155 /*update table Q*/
wolfSSL 15:117db924cf7c 156 #define update_Q(ctx,u,v,a,b,c,d){ \
wolfSSL 15:117db924cf7c 157 word32 tem0,tem1,tem2,tem3; \
wolfSSL 15:117db924cf7c 158 tem0 = rotrFixed((ctx->T[(v)]),(32-23)); \
wolfSSL 15:117db924cf7c 159 tem1 = rotrFixed((ctx->Y[(c)]),(32-10)); \
wolfSSL 15:117db924cf7c 160 tem2 = rotrFixed((ctx->Y[(b)]),(32-8)); \
wolfSSL 15:117db924cf7c 161 h2((ctx),(ctx->Y[(d)]),tem3); \
wolfSSL 15:117db924cf7c 162 (ctx->T[(u)]) = ((ctx->T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \
wolfSSL 15:117db924cf7c 163 (ctx->Y[(a)]) = (ctx->T[(u)]); \
wolfSSL 15:117db924cf7c 164 }
wolfSSL 15:117db924cf7c 165
wolfSSL 15:117db924cf7c 166 /*16 steps of HC-128, without generating keystream, */
wolfSSL 15:117db924cf7c 167 /*but use the outputs to update P and Q*/
wolfSSL 15:117db924cf7c 168 static void setup_update(HC128* ctx) /*each time 16 steps*/
wolfSSL 15:117db924cf7c 169 {
wolfSSL 15:117db924cf7c 170 word32 cc,dd;
wolfSSL 15:117db924cf7c 171 cc = ctx->counter1024 & 0x1ff;
wolfSSL 15:117db924cf7c 172 dd = (cc+16)&0x1ff;
wolfSSL 15:117db924cf7c 173
wolfSSL 15:117db924cf7c 174 if (ctx->counter1024 < 512)
wolfSSL 15:117db924cf7c 175 {
wolfSSL 15:117db924cf7c 176 ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
wolfSSL 15:117db924cf7c 177 update_P(ctx, cc+0, cc+1, 0, 6, 13, 4);
wolfSSL 15:117db924cf7c 178 update_P(ctx, cc+1, cc+2, 1, 7, 14, 5);
wolfSSL 15:117db924cf7c 179 update_P(ctx, cc+2, cc+3, 2, 8, 15, 6);
wolfSSL 15:117db924cf7c 180 update_P(ctx, cc+3, cc+4, 3, 9, 0, 7);
wolfSSL 15:117db924cf7c 181 update_P(ctx, cc+4, cc+5, 4, 10,1, 8);
wolfSSL 15:117db924cf7c 182 update_P(ctx, cc+5, cc+6, 5, 11,2, 9);
wolfSSL 15:117db924cf7c 183 update_P(ctx, cc+6, cc+7, 6, 12,3, 10);
wolfSSL 15:117db924cf7c 184 update_P(ctx, cc+7, cc+8, 7, 13,4, 11);
wolfSSL 15:117db924cf7c 185 update_P(ctx, cc+8, cc+9, 8, 14,5, 12);
wolfSSL 15:117db924cf7c 186 update_P(ctx, cc+9, cc+10,9, 15,6, 13);
wolfSSL 15:117db924cf7c 187 update_P(ctx, cc+10,cc+11,10,0, 7, 14);
wolfSSL 15:117db924cf7c 188 update_P(ctx, cc+11,cc+12,11,1, 8, 15);
wolfSSL 15:117db924cf7c 189 update_P(ctx, cc+12,cc+13,12,2, 9, 0);
wolfSSL 15:117db924cf7c 190 update_P(ctx, cc+13,cc+14,13,3, 10, 1);
wolfSSL 15:117db924cf7c 191 update_P(ctx, cc+14,cc+15,14,4, 11, 2);
wolfSSL 15:117db924cf7c 192 update_P(ctx, cc+15,dd+0, 15,5, 12, 3);
wolfSSL 15:117db924cf7c 193 }
wolfSSL 15:117db924cf7c 194 else
wolfSSL 15:117db924cf7c 195 {
wolfSSL 15:117db924cf7c 196 ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
wolfSSL 15:117db924cf7c 197 update_Q(ctx, 512+cc+0, 512+cc+1, 0, 6, 13, 4);
wolfSSL 15:117db924cf7c 198 update_Q(ctx, 512+cc+1, 512+cc+2, 1, 7, 14, 5);
wolfSSL 15:117db924cf7c 199 update_Q(ctx, 512+cc+2, 512+cc+3, 2, 8, 15, 6);
wolfSSL 15:117db924cf7c 200 update_Q(ctx, 512+cc+3, 512+cc+4, 3, 9, 0, 7);
wolfSSL 15:117db924cf7c 201 update_Q(ctx, 512+cc+4, 512+cc+5, 4, 10,1, 8);
wolfSSL 15:117db924cf7c 202 update_Q(ctx, 512+cc+5, 512+cc+6, 5, 11,2, 9);
wolfSSL 15:117db924cf7c 203 update_Q(ctx, 512+cc+6, 512+cc+7, 6, 12,3, 10);
wolfSSL 15:117db924cf7c 204 update_Q(ctx, 512+cc+7, 512+cc+8, 7, 13,4, 11);
wolfSSL 15:117db924cf7c 205 update_Q(ctx, 512+cc+8, 512+cc+9, 8, 14,5, 12);
wolfSSL 15:117db924cf7c 206 update_Q(ctx, 512+cc+9, 512+cc+10,9, 15,6, 13);
wolfSSL 15:117db924cf7c 207 update_Q(ctx, 512+cc+10,512+cc+11,10,0, 7, 14);
wolfSSL 15:117db924cf7c 208 update_Q(ctx, 512+cc+11,512+cc+12,11,1, 8, 15);
wolfSSL 15:117db924cf7c 209 update_Q(ctx, 512+cc+12,512+cc+13,12,2, 9, 0);
wolfSSL 15:117db924cf7c 210 update_Q(ctx, 512+cc+13,512+cc+14,13,3, 10, 1);
wolfSSL 15:117db924cf7c 211 update_Q(ctx, 512+cc+14,512+cc+15,14,4, 11, 2);
wolfSSL 15:117db924cf7c 212 update_Q(ctx, 512+cc+15,512+dd+0, 15,5, 12, 3);
wolfSSL 15:117db924cf7c 213 }
wolfSSL 15:117db924cf7c 214 }
wolfSSL 15:117db924cf7c 215
wolfSSL 15:117db924cf7c 216
wolfSSL 15:117db924cf7c 217 /* for the 128-bit key: key[0]...key[15]
wolfSSL 15:117db924cf7c 218 * key[0] is the least significant byte of ctx->key[0] (K_0);
wolfSSL 15:117db924cf7c 219 * key[3] is the most significant byte of ctx->key[0] (K_0);
wolfSSL 15:117db924cf7c 220 * ...
wolfSSL 15:117db924cf7c 221 * key[12] is the least significant byte of ctx->key[3] (K_3)
wolfSSL 15:117db924cf7c 222 * key[15] is the most significant byte of ctx->key[3] (K_3)
wolfSSL 15:117db924cf7c 223 *
wolfSSL 15:117db924cf7c 224 * for the 128-bit iv: iv[0]...iv[15]
wolfSSL 15:117db924cf7c 225 * iv[0] is the least significant byte of ctx->iv[0] (IV_0);
wolfSSL 15:117db924cf7c 226 * iv[3] is the most significant byte of ctx->iv[0] (IV_0);
wolfSSL 15:117db924cf7c 227 * ...
wolfSSL 15:117db924cf7c 228 * iv[12] is the least significant byte of ctx->iv[3] (IV_3)
wolfSSL 15:117db924cf7c 229 * iv[15] is the most significant byte of ctx->iv[3] (IV_3)
wolfSSL 15:117db924cf7c 230 */
wolfSSL 15:117db924cf7c 231
wolfSSL 15:117db924cf7c 232
wolfSSL 15:117db924cf7c 233
wolfSSL 15:117db924cf7c 234 static void Hc128_SetIV(HC128* ctx, const byte* inIv)
wolfSSL 15:117db924cf7c 235 {
wolfSSL 15:117db924cf7c 236 word32 i;
wolfSSL 15:117db924cf7c 237 word32 iv[4];
wolfSSL 15:117db924cf7c 238
wolfSSL 15:117db924cf7c 239 if (inIv)
wolfSSL 15:117db924cf7c 240 XMEMCPY(iv, inIv, sizeof(iv));
wolfSSL 15:117db924cf7c 241 else
wolfSSL 15:117db924cf7c 242 XMEMSET(iv, 0, sizeof(iv));
wolfSSL 15:117db924cf7c 243
wolfSSL 15:117db924cf7c 244 for (i = 0; i < (128 >> 5); i++)
wolfSSL 15:117db924cf7c 245 ctx->iv[i] = LITTLE32(iv[i]);
wolfSSL 15:117db924cf7c 246
wolfSSL 15:117db924cf7c 247 for (; i < 8; i++) ctx->iv[i] = ctx->iv[i-4];
wolfSSL 15:117db924cf7c 248
wolfSSL 15:117db924cf7c 249 /* expand the key and IV into the table T */
wolfSSL 15:117db924cf7c 250 /* (expand the key and IV into the table P and Q) */
wolfSSL 15:117db924cf7c 251
wolfSSL 15:117db924cf7c 252 for (i = 0; i < 8; i++) ctx->T[i] = ctx->key[i];
wolfSSL 15:117db924cf7c 253 for (i = 8; i < 16; i++) ctx->T[i] = ctx->iv[i-8];
wolfSSL 15:117db924cf7c 254
wolfSSL 15:117db924cf7c 255 for (i = 16; i < (256+16); i++)
wolfSSL 15:117db924cf7c 256 ctx->T[i] = f2(ctx->T[i-2]) + ctx->T[i-7] + f1(ctx->T[i-15]) +
wolfSSL 15:117db924cf7c 257 ctx->T[i-16]+i;
wolfSSL 15:117db924cf7c 258
wolfSSL 15:117db924cf7c 259 for (i = 0; i < 16; i++) ctx->T[i] = ctx->T[256+i];
wolfSSL 15:117db924cf7c 260
wolfSSL 15:117db924cf7c 261 for (i = 16; i < 1024; i++)
wolfSSL 15:117db924cf7c 262 ctx->T[i] = f2(ctx->T[i-2]) + ctx->T[i-7] + f1(ctx->T[i-15]) +
wolfSSL 15:117db924cf7c 263 ctx->T[i-16]+256+i;
wolfSSL 15:117db924cf7c 264
wolfSSL 15:117db924cf7c 265 /* initialize counter1024, X and Y */
wolfSSL 15:117db924cf7c 266 ctx->counter1024 = 0;
wolfSSL 15:117db924cf7c 267 for (i = 0; i < 16; i++) ctx->X[i] = ctx->T[512-16+i];
wolfSSL 15:117db924cf7c 268 for (i = 0; i < 16; i++) ctx->Y[i] = ctx->T[512+512-16+i];
wolfSSL 15:117db924cf7c 269
wolfSSL 15:117db924cf7c 270 /* run the cipher 1024 steps before generating the output */
wolfSSL 15:117db924cf7c 271 for (i = 0; i < 64; i++) setup_update(ctx);
wolfSSL 15:117db924cf7c 272 }
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274
wolfSSL 15:117db924cf7c 275 static WC_INLINE int DoKey(HC128* ctx, const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 276 {
wolfSSL 15:117db924cf7c 277 word32 i;
wolfSSL 15:117db924cf7c 278
wolfSSL 15:117db924cf7c 279 /* Key size in bits 128 */
wolfSSL 15:117db924cf7c 280 for (i = 0; i < (128 >> 5); i++)
wolfSSL 15:117db924cf7c 281 ctx->key[i] = LITTLE32(((word32*)key)[i]);
wolfSSL 15:117db924cf7c 282
wolfSSL 15:117db924cf7c 283 for ( ; i < 8 ; i++) ctx->key[i] = ctx->key[i-4];
wolfSSL 15:117db924cf7c 284
wolfSSL 15:117db924cf7c 285 Hc128_SetIV(ctx, iv);
wolfSSL 15:117db924cf7c 286
wolfSSL 15:117db924cf7c 287 return 0;
wolfSSL 15:117db924cf7c 288 }
wolfSSL 15:117db924cf7c 289
wolfSSL 15:117db924cf7c 290
wolfSSL 15:117db924cf7c 291 int wc_Hc128_SetHeap(HC128* ctx, void* heap)
wolfSSL 15:117db924cf7c 292 {
wolfSSL 15:117db924cf7c 293 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 294 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 295 }
wolfSSL 15:117db924cf7c 296
wolfSSL 15:117db924cf7c 297 #ifdef XSTREAM_ALIGN
wolfSSL 15:117db924cf7c 298 ctx->heap = heap;
wolfSSL 15:117db924cf7c 299 #endif
wolfSSL 15:117db924cf7c 300
wolfSSL 15:117db924cf7c 301 (void)heap;
wolfSSL 15:117db924cf7c 302 return 0;
wolfSSL 15:117db924cf7c 303 }
wolfSSL 15:117db924cf7c 304
wolfSSL 15:117db924cf7c 305 /* Key setup */
wolfSSL 15:117db924cf7c 306 int wc_Hc128_SetKey(HC128* ctx, const byte* key, const byte* iv)
wolfSSL 15:117db924cf7c 307 {
wolfSSL 15:117db924cf7c 308 if (ctx == NULL || key == NULL) {
wolfSSL 15:117db924cf7c 309 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 310 }
wolfSSL 15:117db924cf7c 311
wolfSSL 15:117db924cf7c 312 #ifdef XSTREAM_ALIGN
wolfSSL 15:117db924cf7c 313 /* default heap to NULL or heap test value */
wolfSSL 15:117db924cf7c 314 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 15:117db924cf7c 315 ctx->heap = (void*)WOLFSSL_HEAP_TEST;
wolfSSL 15:117db924cf7c 316 #else
wolfSSL 15:117db924cf7c 317 ctx->heap = NULL;
wolfSSL 15:117db924cf7c 318 #endif /* WOLFSSL_HEAP_TEST */
wolfSSL 15:117db924cf7c 319
wolfSSL 15:117db924cf7c 320 if ((wolfssl_word)key % 4) {
wolfSSL 15:117db924cf7c 321 int alignKey[4];
wolfSSL 15:117db924cf7c 322
wolfSSL 15:117db924cf7c 323 /* iv gets aligned in SetIV */
wolfSSL 15:117db924cf7c 324 WOLFSSL_MSG("Hc128SetKey unaligned key");
wolfSSL 15:117db924cf7c 325
wolfSSL 15:117db924cf7c 326 XMEMCPY(alignKey, key, sizeof(alignKey));
wolfSSL 15:117db924cf7c 327
wolfSSL 15:117db924cf7c 328 return DoKey(ctx, (const byte*)alignKey, iv);
wolfSSL 15:117db924cf7c 329 }
wolfSSL 15:117db924cf7c 330 #endif /* XSTREAM_ALIGN */
wolfSSL 15:117db924cf7c 331
wolfSSL 15:117db924cf7c 332 return DoKey(ctx, key, iv);
wolfSSL 15:117db924cf7c 333 }
wolfSSL 15:117db924cf7c 334
wolfSSL 15:117db924cf7c 335
wolfSSL 15:117db924cf7c 336
wolfSSL 15:117db924cf7c 337 /* The following defines the encryption of data stream */
wolfSSL 15:117db924cf7c 338 static WC_INLINE int DoProcess(HC128* ctx, byte* output, const byte* input,
wolfSSL 15:117db924cf7c 339 word32 msglen)
wolfSSL 15:117db924cf7c 340 {
wolfSSL 15:117db924cf7c 341 word32 i, keystream[16];
wolfSSL 15:117db924cf7c 342
wolfSSL 15:117db924cf7c 343 for ( ; msglen >= 64; msglen -= 64, input += 64, output += 64)
wolfSSL 15:117db924cf7c 344 {
wolfSSL 15:117db924cf7c 345 generate_keystream(ctx, keystream);
wolfSSL 15:117db924cf7c 346
wolfSSL 15:117db924cf7c 347 /* unroll loop */
wolfSSL 15:117db924cf7c 348 ((word32*)output)[0] = ((word32*)input)[0] ^ LITTLE32(keystream[0]);
wolfSSL 15:117db924cf7c 349 ((word32*)output)[1] = ((word32*)input)[1] ^ LITTLE32(keystream[1]);
wolfSSL 15:117db924cf7c 350 ((word32*)output)[2] = ((word32*)input)[2] ^ LITTLE32(keystream[2]);
wolfSSL 15:117db924cf7c 351 ((word32*)output)[3] = ((word32*)input)[3] ^ LITTLE32(keystream[3]);
wolfSSL 15:117db924cf7c 352 ((word32*)output)[4] = ((word32*)input)[4] ^ LITTLE32(keystream[4]);
wolfSSL 15:117db924cf7c 353 ((word32*)output)[5] = ((word32*)input)[5] ^ LITTLE32(keystream[5]);
wolfSSL 15:117db924cf7c 354 ((word32*)output)[6] = ((word32*)input)[6] ^ LITTLE32(keystream[6]);
wolfSSL 15:117db924cf7c 355 ((word32*)output)[7] = ((word32*)input)[7] ^ LITTLE32(keystream[7]);
wolfSSL 15:117db924cf7c 356 ((word32*)output)[8] = ((word32*)input)[8] ^ LITTLE32(keystream[8]);
wolfSSL 15:117db924cf7c 357 ((word32*)output)[9] = ((word32*)input)[9] ^ LITTLE32(keystream[9]);
wolfSSL 15:117db924cf7c 358 ((word32*)output)[10] = ((word32*)input)[10] ^ LITTLE32(keystream[10]);
wolfSSL 15:117db924cf7c 359 ((word32*)output)[11] = ((word32*)input)[11] ^ LITTLE32(keystream[11]);
wolfSSL 15:117db924cf7c 360 ((word32*)output)[12] = ((word32*)input)[12] ^ LITTLE32(keystream[12]);
wolfSSL 15:117db924cf7c 361 ((word32*)output)[13] = ((word32*)input)[13] ^ LITTLE32(keystream[13]);
wolfSSL 15:117db924cf7c 362 ((word32*)output)[14] = ((word32*)input)[14] ^ LITTLE32(keystream[14]);
wolfSSL 15:117db924cf7c 363 ((word32*)output)[15] = ((word32*)input)[15] ^ LITTLE32(keystream[15]);
wolfSSL 15:117db924cf7c 364 }
wolfSSL 15:117db924cf7c 365
wolfSSL 15:117db924cf7c 366 if (msglen > 0)
wolfSSL 15:117db924cf7c 367 {
wolfSSL 15:117db924cf7c 368 XMEMSET(keystream, 0, sizeof(keystream)); /* hush the static analysis */
wolfSSL 15:117db924cf7c 369 generate_keystream(ctx, keystream);
wolfSSL 15:117db924cf7c 370
wolfSSL 15:117db924cf7c 371 #ifdef BIG_ENDIAN_ORDER
wolfSSL 15:117db924cf7c 372 {
wolfSSL 15:117db924cf7c 373 word32 wordsLeft = msglen / sizeof(word32);
wolfSSL 15:117db924cf7c 374 if (msglen % sizeof(word32)) wordsLeft++;
wolfSSL 15:117db924cf7c 375
wolfSSL 15:117db924cf7c 376 ByteReverseWords(keystream, keystream, wordsLeft * sizeof(word32));
wolfSSL 15:117db924cf7c 377 }
wolfSSL 15:117db924cf7c 378 #endif
wolfSSL 15:117db924cf7c 379
wolfSSL 15:117db924cf7c 380 for (i = 0; i < msglen; i++)
wolfSSL 15:117db924cf7c 381 output[i] = input[i] ^ ((byte*)keystream)[i];
wolfSSL 15:117db924cf7c 382 }
wolfSSL 15:117db924cf7c 383
wolfSSL 15:117db924cf7c 384 return 0;
wolfSSL 15:117db924cf7c 385 }
wolfSSL 15:117db924cf7c 386
wolfSSL 15:117db924cf7c 387
wolfSSL 15:117db924cf7c 388 /* Encrypt/decrypt a message of any size */
wolfSSL 15:117db924cf7c 389 int wc_Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen)
wolfSSL 15:117db924cf7c 390 {
wolfSSL 15:117db924cf7c 391 if (ctx == NULL || output == NULL || input == NULL) {
wolfSSL 15:117db924cf7c 392 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 393 }
wolfSSL 15:117db924cf7c 394
wolfSSL 15:117db924cf7c 395 #ifdef XSTREAM_ALIGN
wolfSSL 15:117db924cf7c 396 if ((wolfssl_word)input % 4 || (wolfssl_word)output % 4) {
wolfSSL 15:117db924cf7c 397 #ifndef NO_WOLFSSL_ALLOC_ALIGN
wolfSSL 15:117db924cf7c 398 byte* tmp;
wolfSSL 15:117db924cf7c 399 WOLFSSL_MSG("Hc128Process unaligned");
wolfSSL 15:117db924cf7c 400
wolfSSL 15:117db924cf7c 401 tmp = (byte*)XMALLOC(msglen, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 402 if (tmp == NULL) return MEMORY_E;
wolfSSL 15:117db924cf7c 403
wolfSSL 15:117db924cf7c 404 XMEMCPY(tmp, input, msglen);
wolfSSL 15:117db924cf7c 405 DoProcess(ctx, tmp, tmp, msglen);
wolfSSL 15:117db924cf7c 406 XMEMCPY(output, tmp, msglen);
wolfSSL 15:117db924cf7c 407
wolfSSL 15:117db924cf7c 408 XFREE(tmp, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 409
wolfSSL 15:117db924cf7c 410 return 0;
wolfSSL 15:117db924cf7c 411 #else
wolfSSL 15:117db924cf7c 412 return BAD_ALIGN_E;
wolfSSL 15:117db924cf7c 413 #endif
wolfSSL 15:117db924cf7c 414 }
wolfSSL 15:117db924cf7c 415 #endif /* XSTREAM_ALIGN */
wolfSSL 15:117db924cf7c 416
wolfSSL 15:117db924cf7c 417 return DoProcess(ctx, output, input, msglen);
wolfSSL 15:117db924cf7c 418 }
wolfSSL 15:117db924cf7c 419
wolfSSL 15:117db924cf7c 420
wolfSSL 15:117db924cf7c 421 #else /* HAVE_HC128 */
wolfSSL 15:117db924cf7c 422
wolfSSL 15:117db924cf7c 423
wolfSSL 15:117db924cf7c 424 #ifdef _MSC_VER
wolfSSL 15:117db924cf7c 425 /* 4206 warning for blank file */
wolfSSL 15:117db924cf7c 426 #pragma warning(disable: 4206)
wolfSSL 15:117db924cf7c 427 #endif
wolfSSL 15:117db924cf7c 428
wolfSSL 15:117db924cf7c 429
wolfSSL 15:117db924cf7c 430 #endif /* HAVE_HC128 */
wolfSSL 15:117db924cf7c 431