wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/idea.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* idea.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 15:117db924cf7c 28
wolfSSL 15:117db924cf7c 29 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 30
wolfSSL 15:117db924cf7c 31 #include <wolfssl/wolfcrypt/idea.h>
wolfSSL 15:117db924cf7c 32
wolfSSL 15:117db924cf7c 33 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 15:117db924cf7c 34 #include <wolfssl/wolfcrypt/logging.h>
wolfSSL 15:117db924cf7c 35
wolfSSL 15:117db924cf7c 36 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 38 #else
wolfSSL 15:117db924cf7c 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 40 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 41 #endif
wolfSSL 15:117db924cf7c 42
wolfSSL 15:117db924cf7c 43 /* multiplication of x and y modulo 2^16+1
wolfSSL 15:117db924cf7c 44 * IDEA specify a special case when an entry value is 0 ( x or y)
wolfSSL 15:117db924cf7c 45 * then it must be replaced by 2^16
wolfSSL 15:117db924cf7c 46 */
wolfSSL 15:117db924cf7c 47 static WC_INLINE word16 idea_mult(word16 x, word16 y)
wolfSSL 15:117db924cf7c 48 {
wolfSSL 15:117db924cf7c 49 long mul, res;
wolfSSL 15:117db924cf7c 50
wolfSSL 15:117db924cf7c 51 mul = (long)x * (long)y;
wolfSSL 15:117db924cf7c 52 if (mul) {
wolfSSL 15:117db924cf7c 53 res = (mul & IDEA_MASK) - ((word32)mul >> 16);
wolfSSL 15:117db924cf7c 54 if (res <= 0)
wolfSSL 15:117db924cf7c 55 res += IDEA_MODULO;
wolfSSL 15:117db924cf7c 56
wolfSSL 15:117db924cf7c 57 return (word16) (res & IDEA_MASK);
wolfSSL 15:117db924cf7c 58 }
wolfSSL 15:117db924cf7c 59
wolfSSL 15:117db924cf7c 60 if (!x)
wolfSSL 15:117db924cf7c 61 return ((IDEA_MODULO - y) & IDEA_MASK);
wolfSSL 15:117db924cf7c 62
wolfSSL 15:117db924cf7c 63 /* !y */
wolfSSL 15:117db924cf7c 64 return ((IDEA_MODULO - x) & IDEA_MASK);
wolfSSL 15:117db924cf7c 65 }
wolfSSL 15:117db924cf7c 66
wolfSSL 15:117db924cf7c 67 /* compute 1/a modulo 2^16+1 using Extended euclidean algorithm
wolfSSL 15:117db924cf7c 68 * adapted from fp_invmod */
wolfSSL 15:117db924cf7c 69 static WC_INLINE word16 idea_invmod(word16 x)
wolfSSL 15:117db924cf7c 70 {
wolfSSL 15:117db924cf7c 71 int u, v, b, d;
wolfSSL 15:117db924cf7c 72
wolfSSL 15:117db924cf7c 73 if (x <= 1)
wolfSSL 15:117db924cf7c 74 return x;
wolfSSL 15:117db924cf7c 75
wolfSSL 15:117db924cf7c 76 u = IDEA_MODULO;
wolfSSL 15:117db924cf7c 77 v = x;
wolfSSL 15:117db924cf7c 78 d = 1;
wolfSSL 15:117db924cf7c 79 b = 0;
wolfSSL 15:117db924cf7c 80
wolfSSL 15:117db924cf7c 81 do {
wolfSSL 15:117db924cf7c 82 while (!(u & 1)) {
wolfSSL 15:117db924cf7c 83 u >>= 1;
wolfSSL 15:117db924cf7c 84 if (b & 1)
wolfSSL 15:117db924cf7c 85 b -= IDEA_MODULO;
wolfSSL 15:117db924cf7c 86 b >>= 1;
wolfSSL 15:117db924cf7c 87 }
wolfSSL 15:117db924cf7c 88
wolfSSL 15:117db924cf7c 89 while (!(v & 1)) {
wolfSSL 15:117db924cf7c 90 v >>= 1;
wolfSSL 15:117db924cf7c 91 if (d & 1) {
wolfSSL 15:117db924cf7c 92 d -= IDEA_MODULO;
wolfSSL 15:117db924cf7c 93 }
wolfSSL 15:117db924cf7c 94 d >>= 1;
wolfSSL 15:117db924cf7c 95 }
wolfSSL 15:117db924cf7c 96
wolfSSL 15:117db924cf7c 97 if (u >= v) {
wolfSSL 15:117db924cf7c 98 u -= v;
wolfSSL 15:117db924cf7c 99 b -= d;
wolfSSL 15:117db924cf7c 100 } else {
wolfSSL 15:117db924cf7c 101 v -= u;
wolfSSL 15:117db924cf7c 102 d -= b;
wolfSSL 15:117db924cf7c 103 }
wolfSSL 15:117db924cf7c 104 } while (u != 0);
wolfSSL 15:117db924cf7c 105
wolfSSL 15:117db924cf7c 106 /* d is now the inverse, put positive value if required */
wolfSSL 15:117db924cf7c 107 while (d < 0)
wolfSSL 15:117db924cf7c 108 d += IDEA_MODULO;
wolfSSL 15:117db924cf7c 109
wolfSSL 15:117db924cf7c 110 /* d must be < IDEA_MODULO */
wolfSSL 15:117db924cf7c 111 while (d >= (int)IDEA_MODULO)
wolfSSL 15:117db924cf7c 112 d -= IDEA_MODULO;
wolfSSL 15:117db924cf7c 113
wolfSSL 15:117db924cf7c 114 return (word16)(d & IDEA_MASK);
wolfSSL 15:117db924cf7c 115 }
wolfSSL 15:117db924cf7c 116
wolfSSL 15:117db924cf7c 117 /* generate the 52 16-bits key sub-blocks from the 128 key */
wolfSSL 15:117db924cf7c 118 int wc_IdeaSetKey(Idea *idea, const byte* key, word16 keySz,
wolfSSL 15:117db924cf7c 119 const byte *iv, int dir)
wolfSSL 15:117db924cf7c 120 {
wolfSSL 15:117db924cf7c 121 word16 idx = 0;
wolfSSL 15:117db924cf7c 122 word32 t;
wolfSSL 15:117db924cf7c 123 short i;
wolfSSL 15:117db924cf7c 124
wolfSSL 15:117db924cf7c 125 if (idea == NULL || key == NULL || keySz != IDEA_KEY_SIZE ||
wolfSSL 15:117db924cf7c 126 (dir != IDEA_ENCRYPTION && dir != IDEA_DECRYPTION))
wolfSSL 15:117db924cf7c 127 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 128
wolfSSL 15:117db924cf7c 129 /* initial key schedule for 0 -> 7 */
wolfSSL 15:117db924cf7c 130 for (i = 0; i < IDEA_ROUNDS; i++) {
wolfSSL 15:117db924cf7c 131 idea->skey[i] = (word16)key[idx++] << 8;
wolfSSL 15:117db924cf7c 132 idea->skey[i] |= (word16)key[idx++];
wolfSSL 15:117db924cf7c 133 }
wolfSSL 15:117db924cf7c 134
wolfSSL 15:117db924cf7c 135 /* shift phase key schedule for 8 -> 51 */
wolfSSL 15:117db924cf7c 136 for (i = IDEA_ROUNDS; i < IDEA_SK_NUM; i++) {
wolfSSL 15:117db924cf7c 137 t = (word32)idea->skey[((i+1) & 7) ? i-7 : i-15] << 9;
wolfSSL 15:117db924cf7c 138 t |= (word32)idea->skey[((i+2) & 7) < 2 ? i-14 : i-6] >> 7;
wolfSSL 15:117db924cf7c 139 idea->skey[i] = (word16)(t & IDEA_MASK);
wolfSSL 15:117db924cf7c 140 }
wolfSSL 15:117db924cf7c 141
wolfSSL 15:117db924cf7c 142 /* compute decryption key from encryption key */
wolfSSL 15:117db924cf7c 143 if (dir == IDEA_DECRYPTION) {
wolfSSL 15:117db924cf7c 144 word16 enckey[IDEA_SK_NUM];
wolfSSL 15:117db924cf7c 145
wolfSSL 15:117db924cf7c 146 /* put encryption key in tmp buffer */
wolfSSL 15:117db924cf7c 147 XMEMCPY(enckey, idea->skey, sizeof(idea->skey));
wolfSSL 15:117db924cf7c 148
wolfSSL 15:117db924cf7c 149 idx = 0;
wolfSSL 15:117db924cf7c 150
wolfSSL 15:117db924cf7c 151 idea->skey[6*IDEA_ROUNDS] = idea_invmod(enckey[idx++]);
wolfSSL 15:117db924cf7c 152 idea->skey[6*IDEA_ROUNDS+1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 153 idea->skey[6*IDEA_ROUNDS+2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 154 idea->skey[6*IDEA_ROUNDS+3] = idea_invmod(enckey[idx++]);
wolfSSL 15:117db924cf7c 155
wolfSSL 15:117db924cf7c 156 for (i = 6*(IDEA_ROUNDS-1); i >= 0; i -= 6) {
wolfSSL 15:117db924cf7c 157 idea->skey[i+4] = enckey[idx++];
wolfSSL 15:117db924cf7c 158 idea->skey[i+5] = enckey[idx++];
wolfSSL 15:117db924cf7c 159
wolfSSL 15:117db924cf7c 160 idea->skey[i] = idea_invmod(enckey[idx++]);
wolfSSL 15:117db924cf7c 161 if (i) {
wolfSSL 15:117db924cf7c 162 idea->skey[i+2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 163 idea->skey[i+1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 164 }
wolfSSL 15:117db924cf7c 165 else {
wolfSSL 15:117db924cf7c 166 idea->skey[1] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 167 idea->skey[2] = (IDEA_2EXP16 - enckey[idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 168 }
wolfSSL 15:117db924cf7c 169
wolfSSL 15:117db924cf7c 170 idea->skey[i+3] = idea_invmod(enckey[idx++]);
wolfSSL 15:117db924cf7c 171 }
wolfSSL 15:117db924cf7c 172
wolfSSL 15:117db924cf7c 173 /* erase temporary buffer */
wolfSSL 15:117db924cf7c 174 ForceZero(enckey, sizeof(enckey));
wolfSSL 15:117db924cf7c 175 }
wolfSSL 15:117db924cf7c 176
wolfSSL 15:117db924cf7c 177 /* set the iv */
wolfSSL 15:117db924cf7c 178 return wc_IdeaSetIV(idea, iv);
wolfSSL 15:117db924cf7c 179 }
wolfSSL 15:117db924cf7c 180
wolfSSL 15:117db924cf7c 181 /* set the IV in the Idea key structure */
wolfSSL 15:117db924cf7c 182 int wc_IdeaSetIV(Idea *idea, const byte* iv)
wolfSSL 15:117db924cf7c 183 {
wolfSSL 15:117db924cf7c 184 if (idea == NULL)
wolfSSL 15:117db924cf7c 185 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 186
wolfSSL 15:117db924cf7c 187 if (iv != NULL)
wolfSSL 15:117db924cf7c 188 XMEMCPY(idea->reg, iv, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 189 else
wolfSSL 15:117db924cf7c 190 XMEMSET(idea->reg, 0, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 191
wolfSSL 15:117db924cf7c 192 return 0;
wolfSSL 15:117db924cf7c 193 }
wolfSSL 15:117db924cf7c 194
wolfSSL 15:117db924cf7c 195 /* encryption/decryption for a block (64 bits)
wolfSSL 15:117db924cf7c 196 */
wolfSSL 15:117db924cf7c 197 int wc_IdeaCipher(Idea *idea, byte* out, const byte* in)
wolfSSL 15:117db924cf7c 198 {
wolfSSL 15:117db924cf7c 199 word32 t1, t2;
wolfSSL 15:117db924cf7c 200 word16 i, skey_idx = 0, idx = 0;
wolfSSL 15:117db924cf7c 201 word16 x[4];
wolfSSL 15:117db924cf7c 202
wolfSSL 15:117db924cf7c 203 if (idea == NULL || out == NULL || in == NULL) {
wolfSSL 15:117db924cf7c 204 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 205 }
wolfSSL 15:117db924cf7c 206
wolfSSL 15:117db924cf7c 207 /* put input byte block in word16 */
wolfSSL 15:117db924cf7c 208 for (i = 0; i < IDEA_BLOCK_SIZE/2; i++) {
wolfSSL 15:117db924cf7c 209 x[i] = (word16)in[idx++] << 8;
wolfSSL 15:117db924cf7c 210 x[i] |= (word16)in[idx++];
wolfSSL 15:117db924cf7c 211 }
wolfSSL 15:117db924cf7c 212
wolfSSL 15:117db924cf7c 213 for (i = 0; i < IDEA_ROUNDS; i++) {
wolfSSL 15:117db924cf7c 214 x[0] = idea_mult(x[0], idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 215 x[1] = ((word32)x[1] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 216 x[2] = ((word32)x[2] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 217 x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 218
wolfSSL 15:117db924cf7c 219 t2 = x[0] ^ x[2];
wolfSSL 15:117db924cf7c 220 t2 = idea_mult((word16)t2, idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 221 t1 = (t2 + (x[1] ^ x[3])) & IDEA_MASK;
wolfSSL 15:117db924cf7c 222 t1 = idea_mult((word16)t1, idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 223 t2 = (t1 + t2) & IDEA_MASK;
wolfSSL 15:117db924cf7c 224
wolfSSL 15:117db924cf7c 225 x[0] ^= t1;
wolfSSL 15:117db924cf7c 226 x[3] ^= t2;
wolfSSL 15:117db924cf7c 227
wolfSSL 15:117db924cf7c 228 t2 ^= x[1];
wolfSSL 15:117db924cf7c 229 x[1] = x[2] ^ (word16)t1;
wolfSSL 15:117db924cf7c 230 x[2] = (word16)t2;
wolfSSL 15:117db924cf7c 231 }
wolfSSL 15:117db924cf7c 232
wolfSSL 15:117db924cf7c 233 x[0] = idea_mult(x[0], idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 234 out[0] = (x[0] >> 8) & 0xFF;
wolfSSL 15:117db924cf7c 235 out[1] = x[0] & 0xFF;
wolfSSL 15:117db924cf7c 236
wolfSSL 15:117db924cf7c 237 x[2] = ((word32)x[2] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 238 out[2] = (x[2] >> 8) & 0xFF;
wolfSSL 15:117db924cf7c 239 out[3] = x[2] & 0xFF;
wolfSSL 15:117db924cf7c 240
wolfSSL 15:117db924cf7c 241 x[1] = ((word32)x[1] + (word32)idea->skey[skey_idx++]) & IDEA_MASK;
wolfSSL 15:117db924cf7c 242 out[4] = (x[1] >> 8) & 0xFF;
wolfSSL 15:117db924cf7c 243 out[5] = x[1] & 0xFF;
wolfSSL 15:117db924cf7c 244
wolfSSL 15:117db924cf7c 245 x[3] = idea_mult(x[3], idea->skey[skey_idx++]);
wolfSSL 15:117db924cf7c 246 out[6] = (x[3] >> 8) & 0xFF;
wolfSSL 15:117db924cf7c 247 out[7] = x[3] & 0xFF;
wolfSSL 15:117db924cf7c 248
wolfSSL 15:117db924cf7c 249 return 0;
wolfSSL 15:117db924cf7c 250 }
wolfSSL 15:117db924cf7c 251
wolfSSL 15:117db924cf7c 252 int wc_IdeaCbcEncrypt(Idea *idea, byte* out, const byte* in, word32 len)
wolfSSL 15:117db924cf7c 253 {
wolfSSL 15:117db924cf7c 254 int blocks;
wolfSSL 15:117db924cf7c 255 int ret;
wolfSSL 15:117db924cf7c 256
wolfSSL 15:117db924cf7c 257 if (idea == NULL || out == NULL || in == NULL)
wolfSSL 15:117db924cf7c 258 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 259
wolfSSL 15:117db924cf7c 260 blocks = len / IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 261 while (blocks--) {
wolfSSL 15:117db924cf7c 262 xorbuf((byte*)idea->reg, in, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 263 ret = wc_IdeaCipher(idea, (byte*)idea->reg, (byte*)idea->reg);
wolfSSL 15:117db924cf7c 264 if (ret != 0) {
wolfSSL 15:117db924cf7c 265 return ret;
wolfSSL 15:117db924cf7c 266 }
wolfSSL 15:117db924cf7c 267
wolfSSL 15:117db924cf7c 268 XMEMCPY(out, idea->reg, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 269
wolfSSL 15:117db924cf7c 270 out += IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 271 in += IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 272 }
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274 return 0;
wolfSSL 15:117db924cf7c 275 }
wolfSSL 15:117db924cf7c 276
wolfSSL 15:117db924cf7c 277 int wc_IdeaCbcDecrypt(Idea *idea, byte* out, const byte* in, word32 len)
wolfSSL 15:117db924cf7c 278 {
wolfSSL 15:117db924cf7c 279 int blocks;
wolfSSL 15:117db924cf7c 280 int ret;
wolfSSL 15:117db924cf7c 281
wolfSSL 15:117db924cf7c 282 if (idea == NULL || out == NULL || in == NULL)
wolfSSL 15:117db924cf7c 283 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 284
wolfSSL 15:117db924cf7c 285 blocks = len / IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 286 while (blocks--) {
wolfSSL 15:117db924cf7c 287 XMEMCPY((byte*)idea->tmp, in, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 288 ret = wc_IdeaCipher(idea, out, (byte*)idea->tmp);
wolfSSL 15:117db924cf7c 289 if (ret != 0) {
wolfSSL 15:117db924cf7c 290 return ret;
wolfSSL 15:117db924cf7c 291 }
wolfSSL 15:117db924cf7c 292
wolfSSL 15:117db924cf7c 293 xorbuf(out, (byte*)idea->reg, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 294 XMEMCPY(idea->reg, idea->tmp, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 295
wolfSSL 15:117db924cf7c 296 out += IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 297 in += IDEA_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 298 }
wolfSSL 15:117db924cf7c 299
wolfSSL 15:117db924cf7c 300 return 0;
wolfSSL 15:117db924cf7c 301 }
wolfSSL 15:117db924cf7c 302
wolfSSL 15:117db924cf7c 303 #endif /* HAVE_IDEA */
wolfSSL 15:117db924cf7c 304