diff options
Diffstat (limited to 'src/block/cast')
-rw-r--r-- | src/block/cast/cast128.cpp | 30 | ||||
-rw-r--r-- | src/block/cast/cast128.h | 10 | ||||
-rw-r--r-- | src/block/cast/cast256.cpp | 61 | ||||
-rw-r--r-- | src/block/cast/cast256.h | 8 |
4 files changed, 57 insertions, 52 deletions
diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp index 24469e025..d64523c8b 100644 --- a/src/block/cast/cast128.cpp +++ b/src/block/cast/cast128.cpp @@ -16,7 +16,7 @@ namespace { /* * CAST-128 Round Type 1 */ -inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R1(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK + R, RK); L ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - @@ -26,7 +26,7 @@ inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK) /* * CAST-128 Round Type 2 */ -inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R2(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK ^ R, RK); L ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + @@ -36,7 +36,7 @@ inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK) /* * CAST-128 Round Type 3 */ -inline void R3(u32bit& L, u32bit R, u32bit MK, u32bit RK) +inline void R3(u32bit& L, u32bit R, u32bit MK, byte RK) { u32bit T = rotate_left(MK - R, RK); L ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ @@ -118,23 +118,27 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_128::key_schedule(const byte key[], size_t length) { - clear(); - SecureVector<u32bit> X(4); - for(size_t j = 0; j != length; ++j) - X[j/4] = (X[j/4] << 8) + key[j]; + MK.resize(48); + RK.resize(48); + + secure_vector<u32bit> X(4); + for(size_t i = 0; i != length; ++i) + X[i/4] = (X[i/4] << 8) + key[i]; cast_ks(MK, X); - cast_ks(RK, X); - for(size_t j = 0; j != 16; ++j) - RK[j] %= 32; + secure_vector<u32bit> RK32(48); + cast_ks(RK32, X); + + for(size_t i = 0; i != 16; ++i) + RK[i] = RK32[i] % 32; } /* * S-Box Based Key Expansion */ -void CAST_128::cast_ks(MemoryRegion<u32bit>& K, - MemoryRegion<u32bit>& X) +void CAST_128::cast_ks(secure_vector<u32bit>& K, + secure_vector<u32bit>& X) { class ByteReader { @@ -145,7 +149,7 @@ void CAST_128::cast_ks(MemoryRegion<u32bit>& K, const u32bit* X; }; - SecureVector<u32bit> Z(4); + secure_vector<u32bit> Z(4); ByteReader x(&X[0]), z(&Z[0]); Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 10c646c94..f3f23b14a 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -21,23 +21,23 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(MK); zeroise(RK); } + void clear() { MK.clear(); RK.clear(); } std::string name() const { return "CAST-128"; } BlockCipher* clone() const { return new CAST_128; } - CAST_128() : MK(16), RK(16) {} private: void key_schedule(const byte[], size_t); - static void cast_ks(MemoryRegion<u32bit>& ks, - MemoryRegion<u32bit>& user_key); + static void cast_ks(secure_vector<u32bit>& ks, + secure_vector<u32bit>& user_key); static const u32bit S5[256]; static const u32bit S6[256]; static const u32bit S7[256]; static const u32bit S8[256]; - SecureVector<u32bit> MK, RK; + secure_vector<u32bit> MK; + secure_vector<byte> RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp index 8be0a8dd6..9476d3faf 100644 --- a/src/block/cast/cast256.cpp +++ b/src/block/cast/cast256.cpp @@ -138,40 +138,43 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_256::key_schedule(const byte key[], size_t length) { - SecureVector<u32bit> K(8); - for(size_t j = 0; j != length; ++j) - K[j/4] = (K[j/4] << 8) + key[j]; + MK.resize(48); + RK.resize(48); + + secure_vector<u32bit> K(8); + for(size_t i = 0; i != length; ++i) + K[i/4] = (K[i/4] << 8) + key[i]; u32bit A = K[0], B = K[1], C = K[2], D = K[3], E = K[4], F = K[5], G = K[6], H = K[7]; - for(size_t j = 0; j != 48; j += 4) + for(size_t i = 0; i != 48; i += 4) { - round1(G, H, KEY_MASK[4*j+ 0], KEY_ROT[(4*j+ 0) % 32]); - round2(F, G, KEY_MASK[4*j+ 1], KEY_ROT[(4*j+ 1) % 32]); - round3(E, F, KEY_MASK[4*j+ 2], KEY_ROT[(4*j+ 2) % 32]); - round1(D, E, KEY_MASK[4*j+ 3], KEY_ROT[(4*j+ 3) % 32]); - round2(C, D, KEY_MASK[4*j+ 4], KEY_ROT[(4*j+ 4) % 32]); - round3(B, C, KEY_MASK[4*j+ 5], KEY_ROT[(4*j+ 5) % 32]); - round1(A, B, KEY_MASK[4*j+ 6], KEY_ROT[(4*j+ 6) % 32]); - round2(H, A, KEY_MASK[4*j+ 7], KEY_ROT[(4*j+ 7) % 32]); - round1(G, H, KEY_MASK[4*j+ 8], KEY_ROT[(4*j+ 8) % 32]); - round2(F, G, KEY_MASK[4*j+ 9], KEY_ROT[(4*j+ 9) % 32]); - round3(E, F, KEY_MASK[4*j+10], KEY_ROT[(4*j+10) % 32]); - round1(D, E, KEY_MASK[4*j+11], KEY_ROT[(4*j+11) % 32]); - round2(C, D, KEY_MASK[4*j+12], KEY_ROT[(4*j+12) % 32]); - round3(B, C, KEY_MASK[4*j+13], KEY_ROT[(4*j+13) % 32]); - round1(A, B, KEY_MASK[4*j+14], KEY_ROT[(4*j+14) % 32]); - round2(H, A, KEY_MASK[4*j+15], KEY_ROT[(4*j+15) % 32]); - - RK[j ] = (A % 32); - RK[j+1] = (C % 32); - RK[j+2] = (E % 32); - RK[j+3] = (G % 32); - MK[j ] = H; - MK[j+1] = F; - MK[j+2] = D; - MK[j+3] = B; + round1(G, H, KEY_MASK[4*i+ 0], KEY_ROT[(4*i+ 0) % 32]); + round2(F, G, KEY_MASK[4*i+ 1], KEY_ROT[(4*i+ 1) % 32]); + round3(E, F, KEY_MASK[4*i+ 2], KEY_ROT[(4*i+ 2) % 32]); + round1(D, E, KEY_MASK[4*i+ 3], KEY_ROT[(4*i+ 3) % 32]); + round2(C, D, KEY_MASK[4*i+ 4], KEY_ROT[(4*i+ 4) % 32]); + round3(B, C, KEY_MASK[4*i+ 5], KEY_ROT[(4*i+ 5) % 32]); + round1(A, B, KEY_MASK[4*i+ 6], KEY_ROT[(4*i+ 6) % 32]); + round2(H, A, KEY_MASK[4*i+ 7], KEY_ROT[(4*i+ 7) % 32]); + round1(G, H, KEY_MASK[4*i+ 8], KEY_ROT[(4*i+ 8) % 32]); + round2(F, G, KEY_MASK[4*i+ 9], KEY_ROT[(4*i+ 9) % 32]); + round3(E, F, KEY_MASK[4*i+10], KEY_ROT[(4*i+10) % 32]); + round1(D, E, KEY_MASK[4*i+11], KEY_ROT[(4*i+11) % 32]); + round2(C, D, KEY_MASK[4*i+12], KEY_ROT[(4*i+12) % 32]); + round3(B, C, KEY_MASK[4*i+13], KEY_ROT[(4*i+13) % 32]); + round1(A, B, KEY_MASK[4*i+14], KEY_ROT[(4*i+14) % 32]); + round2(H, A, KEY_MASK[4*i+15], KEY_ROT[(4*i+15) % 32]); + + RK[i ] = (A % 32); + RK[i+1] = (C % 32); + RK[i+2] = (E % 32); + RK[i+3] = (G % 32); + MK[i ] = H; + MK[i+1] = F; + MK[i+2] = D; + MK[i+3] = B; } } diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 2f2beef47..4f31f187d 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -21,19 +21,17 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> void encrypt_n(const byte in[], byte out[], size_t blocks) const; void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void clear() { zeroise(MK); zeroise(RK); } + void clear() { MK.clear(); RK.clear(); } std::string name() const { return "CAST-256"; } BlockCipher* clone() const { return new CAST_256; } - - CAST_256() : MK(48), RK(48) {} private: void key_schedule(const byte[], size_t); static const u32bit KEY_MASK[192]; static const byte KEY_ROT[32]; - SecureVector<u32bit> MK; - SecureVector<byte> RK; + secure_vector<u32bit> MK; + secure_vector<byte> RK; }; extern const u32bit CAST_SBOX1[256]; |