Varun Bahl / CyaSSL-Encryp

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of CyaSSL-forEncrypt by Mobius IoT

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers rabbit.c Source File

rabbit.c

00001 /* rabbit.c
00002  *
00003  * Copyright (C) 2006-2009 Sawtooth Consulting Ltd.
00004  *
00005  * This file is part of CyaSSL.
00006  *
00007  * CyaSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * CyaSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
00020  */
00021 
00022 
00023 #ifndef NO_RABBIT
00024 
00025 #include "rabbit.h"
00026 #include "misc.c"
00027 
00028 
00029 #ifdef BIG_ENDIAN_ORDER
00030     #define LITTLE32(x) ByteReverseWord32(x)
00031 #else
00032     #define LITTLE32(x) (x)
00033 #endif
00034 
00035 #define U32V(x) (word32)(x)
00036 
00037 
00038 /* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
00039 /* the upper 32 bits XOR the lower 32 bits */
00040 static word32 RABBIT_g_func(word32 x)
00041 {
00042     /* Temporary variables */
00043     word32 a, b, h, l;
00044 
00045     /* Construct high and low argument for squaring */
00046     a = x&0xFFFF;
00047     b = x>>16;
00048 
00049     /* Calculate high and low result of squaring */
00050     h = (((U32V(a*a)>>17) + U32V(a*b))>>15) + b*b;
00051     l = x*x;
00052 
00053     /* Return high XOR low */
00054     return U32V(h^l);
00055 }
00056 
00057 
00058 /* Calculate the next internal state */
00059 static void RABBIT_next_state(RabbitCtx* ctx)
00060 {
00061     /* Temporary variables */
00062     word32 g[8], c_old[8], i;
00063 
00064     /* Save old counter values */
00065     for (i=0; i<8; i++)
00066         c_old[i] = ctx->c[i];
00067 
00068     /* Calculate new counter values */
00069     ctx->c[0] = U32V(ctx->c[0] + 0x4D34D34D + ctx->carry);
00070     ctx->c[1] = U32V(ctx->c[1] + 0xD34D34D3 + (ctx->c[0] < c_old[0]));
00071     ctx->c[2] = U32V(ctx->c[2] + 0x34D34D34 + (ctx->c[1] < c_old[1]));
00072     ctx->c[3] = U32V(ctx->c[3] + 0x4D34D34D + (ctx->c[2] < c_old[2]));
00073     ctx->c[4] = U32V(ctx->c[4] + 0xD34D34D3 + (ctx->c[3] < c_old[3]));
00074     ctx->c[5] = U32V(ctx->c[5] + 0x34D34D34 + (ctx->c[4] < c_old[4]));
00075     ctx->c[6] = U32V(ctx->c[6] + 0x4D34D34D + (ctx->c[5] < c_old[5]));
00076     ctx->c[7] = U32V(ctx->c[7] + 0xD34D34D3 + (ctx->c[6] < c_old[6]));
00077     ctx->carry = (ctx->c[7] < c_old[7]);
00078    
00079     /* Calculate the g-values */
00080     for (i=0;i<8;i++)
00081         g[i] = RABBIT_g_func(U32V(ctx->x[i] + ctx->c[i]));
00082 
00083     /* Calculate new state values */
00084     ctx->x[0] = U32V(g[0] + rotlFixed(g[7],16) + rotlFixed(g[6], 16));
00085     ctx->x[1] = U32V(g[1] + rotlFixed(g[0], 8) + g[7]);
00086     ctx->x[2] = U32V(g[2] + rotlFixed(g[1],16) + rotlFixed(g[0], 16));
00087     ctx->x[3] = U32V(g[3] + rotlFixed(g[2], 8) + g[1]);
00088     ctx->x[4] = U32V(g[4] + rotlFixed(g[3],16) + rotlFixed(g[2], 16));
00089     ctx->x[5] = U32V(g[5] + rotlFixed(g[4], 8) + g[3]);
00090     ctx->x[6] = U32V(g[6] + rotlFixed(g[5],16) + rotlFixed(g[4], 16));
00091     ctx->x[7] = U32V(g[7] + rotlFixed(g[6], 8) + g[5]);
00092 }
00093 
00094 
00095 /* IV setup */
00096 static void RabbitSetIV(Rabbit* ctx, const byte* iv)
00097 {
00098     /* Temporary variables */
00099     word32 i0, i1, i2, i3, i;
00100       
00101     /* Generate four subvectors */
00102     i0 = LITTLE32(*(word32*)(iv+0));
00103     i2 = LITTLE32(*(word32*)(iv+4));
00104     i1 = (i0>>16) | (i2&0xFFFF0000);
00105     i3 = (i2<<16) | (i0&0x0000FFFF);
00106 
00107     /* Modify counter values */
00108     ctx->workCtx.c[0] = ctx->masterCtx.c[0] ^ i0;
00109     ctx->workCtx.c[1] = ctx->masterCtx.c[1] ^ i1;
00110     ctx->workCtx.c[2] = ctx->masterCtx.c[2] ^ i2;
00111     ctx->workCtx.c[3] = ctx->masterCtx.c[3] ^ i3;
00112     ctx->workCtx.c[4] = ctx->masterCtx.c[4] ^ i0;
00113     ctx->workCtx.c[5] = ctx->masterCtx.c[5] ^ i1;
00114     ctx->workCtx.c[6] = ctx->masterCtx.c[6] ^ i2;
00115     ctx->workCtx.c[7] = ctx->masterCtx.c[7] ^ i3;
00116 
00117     /* Copy state variables */
00118     for (i=0; i<8; i++)
00119         ctx->workCtx.x[i] = ctx->masterCtx.x[i];
00120     ctx->workCtx.carry = ctx->masterCtx.carry;
00121 
00122     /* Iterate the system four times */
00123     for (i=0; i<4; i++)
00124         RABBIT_next_state(&(ctx->workCtx));
00125 }
00126 
00127 
00128 /* Key setup */
00129 void RabbitSetKey(Rabbit* ctx, const byte* key, const byte* iv)
00130 {
00131     /* Temporary variables */
00132     word32 k0, k1, k2, k3, i;
00133 
00134     /* Generate four subkeys */
00135     k0 = LITTLE32(*(word32*)(key+ 0));
00136     k1 = LITTLE32(*(word32*)(key+ 4));
00137     k2 = LITTLE32(*(word32*)(key+ 8));
00138     k3 = LITTLE32(*(word32*)(key+12));
00139 
00140     /* Generate initial state variables */
00141     ctx->masterCtx.x[0] = k0;
00142     ctx->masterCtx.x[2] = k1;
00143     ctx->masterCtx.x[4] = k2;
00144     ctx->masterCtx.x[6] = k3;
00145     ctx->masterCtx.x[1] = U32V(k3<<16) | (k2>>16);
00146     ctx->masterCtx.x[3] = U32V(k0<<16) | (k3>>16);
00147     ctx->masterCtx.x[5] = U32V(k1<<16) | (k0>>16);
00148     ctx->masterCtx.x[7] = U32V(k2<<16) | (k1>>16);
00149 
00150     /* Generate initial counter values */
00151     ctx->masterCtx.c[0] = rotlFixed(k2, 16);
00152     ctx->masterCtx.c[2] = rotlFixed(k3, 16);
00153     ctx->masterCtx.c[4] = rotlFixed(k0, 16);
00154     ctx->masterCtx.c[6] = rotlFixed(k1, 16);
00155     ctx->masterCtx.c[1] = (k0&0xFFFF0000) | (k1&0xFFFF);
00156     ctx->masterCtx.c[3] = (k1&0xFFFF0000) | (k2&0xFFFF);
00157     ctx->masterCtx.c[5] = (k2&0xFFFF0000) | (k3&0xFFFF);
00158     ctx->masterCtx.c[7] = (k3&0xFFFF0000) | (k0&0xFFFF);
00159 
00160     /* Clear carry bit */
00161     ctx->masterCtx.carry = 0;
00162 
00163     /* Iterate the system four times */
00164     for (i=0; i<4; i++)
00165         RABBIT_next_state(&(ctx->masterCtx));
00166 
00167     /* Modify the counters */
00168     for (i=0; i<8; i++)
00169         ctx->masterCtx.c[i] ^= ctx->masterCtx.x[(i+4)&0x7];
00170 
00171     /* Copy master instance to work instance */
00172     for (i=0; i<8; i++) {
00173         ctx->workCtx.x[i] = ctx->masterCtx.x[i];
00174         ctx->workCtx.c[i] = ctx->masterCtx.c[i];
00175     }
00176     ctx->workCtx.carry = ctx->masterCtx.carry;
00177 
00178     if (iv) RabbitSetIV(ctx, iv);    
00179 }
00180 
00181 
00182 /* Encrypt/decrypt a message of any size */
00183 void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
00184 {
00185 
00186     /* Encrypt/decrypt all full blocks */
00187     while (msglen >= 16) {
00188         /* Iterate the system */
00189         RABBIT_next_state(&(ctx->workCtx));
00190 
00191         /* Encrypt/decrypt 16 bytes of data */
00192         *(word32*)(output+ 0) = *(word32*)(input+ 0) ^
00193                    LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^
00194                    U32V(ctx->workCtx.x[3]<<16));
00195         *(word32*)(output+ 4) = *(word32*)(input+ 4) ^
00196                    LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^
00197                    U32V(ctx->workCtx.x[5]<<16));
00198         *(word32*)(output+ 8) = *(word32*)(input+ 8) ^
00199                    LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^
00200                    U32V(ctx->workCtx.x[7]<<16));
00201         *(word32*)(output+12) = *(word32*)(input+12) ^
00202                    LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^
00203                    U32V(ctx->workCtx.x[1]<<16));
00204 
00205         /* Increment pointers and decrement length */
00206         input += 16;
00207         output += 16;
00208         msglen -= 16;
00209     }
00210 
00211     /* Encrypt/decrypt remaining data */
00212     if (msglen) {
00213 
00214         word32 i;
00215         word32 tmp[4];
00216         byte*  buffer = (byte*)tmp;
00217 
00218         /* Iterate the system */
00219         RABBIT_next_state(&(ctx->workCtx));
00220 
00221         /* Generate 16 bytes of pseudo-random data */
00222         tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
00223                   (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
00224         tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ 
00225                   (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
00226         tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ 
00227                   (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
00228         tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ 
00229                   (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));
00230 
00231         /* Encrypt/decrypt the data */
00232         for (i=0; i<msglen; i++)
00233             output[i] = input[i] ^ buffer[i];
00234     }
00235 }
00236 
00237 
00238 
00239 #endif /* NO_RABBIT */
Generated on Mon Jul 25 2022 10:27:44 by  doxygen 1.7.2