Mercurial > projects > dcrypt
annotate dcrypt/crypto/ciphers/RC6.d @ 23:4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
author | Thomas Dixon <reikon@reikon.us> |
---|---|
date | Sat, 14 Feb 2009 19:58:20 -0500 |
parents | ec23779ee794 |
children | 176c933827a8 |
rev | line source |
---|---|
0 | 1 /** |
2 * This file is part of the dcrypt project. | |
6
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
3 * |
0 | 4 * Copyright: Copyright (C) dcrypt contributors 2008. All rights reserved. |
5 * License: MIT | |
6 * Authors: Thomas Dixon | |
7 */ | |
8 | |
9 module dcrypt.crypto.ciphers.RC6; | |
10 | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
11 import dcrypt.misc.Bitwise; |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
12 import dcrypt.misc.ByteConverter; |
0 | 13 import dcrypt.crypto.BlockCipher; |
14 | |
15 /** | |
16 * Implementation of the RC6-32/20/b cipher designed by | |
17 * Ron Rivest et al. of RSA Security. | |
6
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
18 * |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
19 * It should be noted that this algorithm is very similar to RC5. |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
20 * Currently there are no plans to implement RC5, but should that change |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
21 * in the future, it may be wise to rewrite both RC5 and RC6 to use some |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
22 * kind of template or base class. |
0 | 23 * |
6
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
24 * This algorithm is patented and trademarked. |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
25 * |
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
26 * References: http://people.csail.mit.edu/rivest/Rc6.pdf |
0 | 27 */ |
28 class RC6 : BlockCipher { | |
1
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
29 private { |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
30 const uint ROUNDS = 20, |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
31 BLOCK_SIZE = 16, |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
32 // Magic constants for a 32 bit word size |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
33 P = 0xb7e15163, |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
34 Q = 0x9e3779b9; |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
35 uint[] S; |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
36 ubyte[] workingKey; |
483e4467b5f6
Added Blowfish with test vectors. Minor cleanup of other cipher classes (should probably clean more). Continued work on high-level cipher API (didn't get very far).
Thomas Dixon <reikon@reikon.us>
parents:
0
diff
changeset
|
37 } |
0 | 38 |
39 char[] name() { | |
40 return "RC6"; | |
41 } | |
42 | |
43 uint blockSize() { | |
44 return BLOCK_SIZE; | |
45 } | |
46 | |
47 void init(bool encrypt, CipherParameters params) { | |
48 SymmetricKey keyParams = cast(SymmetricKey)params; | |
49 if (!keyParams) | |
50 throw new InvalidParameterError( | |
51 name()~": Invalid parameter passed to init"); | |
14
5ce3012f1def
Removed some redundancy in code. Added NotSupportedError, a base PRNG class and a class which creates a PRNG from a hash function. Changed the MAC class' finalization methods to digest and hexDigest instead of finish and hexFinish respectively. Also added a base Checksum class, crc32 and adler32 in dcrypt.misc as per request.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
52 _encrypt = encrypt; |
0 | 53 |
54 uint len = keyParams.key.length; | |
55 if (len != 16 && len != 24 && len != 32) | |
56 throw new InvalidKeyError( | |
57 name()~": Invalid key length (requires 16/24/32 bytes)"); | |
58 | |
59 S = new uint[2*ROUNDS+4]; | |
60 | |
61 workingKey = keyParams.key; | |
62 setup(workingKey); | |
63 | |
14
5ce3012f1def
Removed some redundancy in code. Added NotSupportedError, a base PRNG class and a class which creates a PRNG from a hash function. Changed the MAC class' finalization methods to digest and hexDigest instead of finish and hexFinish respectively. Also added a base Checksum class, crc32 and adler32 in dcrypt.misc as per request.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
64 _initialized = true; |
0 | 65 } |
66 | |
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
67 uint update(void[] input_, void[] output_) { |
14
5ce3012f1def
Removed some redundancy in code. Added NotSupportedError, a base PRNG class and a class which creates a PRNG from a hash function. Changed the MAC class' finalization methods to digest and hexDigest instead of finish and hexFinish respectively. Also added a base Checksum class, crc32 and adler32 in dcrypt.misc as per request.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
68 if (!_initialized) |
0 | 69 throw new NotInitializedError(name()~": Cipher not initialized"); |
70 | |
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
71 ubyte[] input = cast(ubyte[]) input_, |
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
72 output = cast(ubyte[]) output_; |
0 | 73 |
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
74 if (input.length < BLOCK_SIZE) |
0 | 75 throw new ShortBufferError(name()~": Input buffer too short"); |
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
76 |
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
77 if (output.length < BLOCK_SIZE) |
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
78 throw new ShortBufferError(name()~": Output buffer too short"); |
0 | 79 |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
80 uint A = ByteConverter.LittleEndian.to!(uint)(input[0..4]), |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
81 B = ByteConverter.LittleEndian.to!(uint)(input[4..8]), |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
82 C = ByteConverter.LittleEndian.to!(uint)(input[8..12]), |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
83 D = ByteConverter.LittleEndian.to!(uint)(input[12..16]), |
0 | 84 t, |
85 u; | |
86 | |
14
5ce3012f1def
Removed some redundancy in code. Added NotSupportedError, a base PRNG class and a class which creates a PRNG from a hash function. Changed the MAC class' finalization methods to digest and hexDigest instead of finish and hexFinish respectively. Also added a base Checksum class, crc32 and adler32 in dcrypt.misc as per request.
Thomas Dixon <reikon@reikon.us>
parents:
12
diff
changeset
|
87 if (_encrypt) { |
0 | 88 B += S[0]; |
89 D += S[1]; | |
90 for (int i = 1; i <= ROUNDS; i++) { | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
91 t = Bitwise.rotateLeft(B*((B<<1)+1), 5); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
92 u = Bitwise.rotateLeft(D*((D<<1)+1), 5); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
93 A = Bitwise.rotateLeft(A^t, u) + S[i<<1]; |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
94 C = Bitwise.rotateLeft(C^u, t) + S[(i<<1)+1]; |
0 | 95 t = A; |
96 A = B; | |
97 B = C; | |
98 C = D; | |
99 D = t; | |
100 } | |
101 A += S[2*ROUNDS+2]; | |
102 C += S[2*ROUNDS+3]; | |
103 } else { | |
104 C -= S[2*ROUNDS+3]; | |
105 A -= S[2*ROUNDS+2]; | |
106 for (int i = ROUNDS; i >= 1; i--) { | |
107 t = D; | |
108 D = C; | |
109 C = B; | |
110 B = A; | |
111 A = t; | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
112 u = Bitwise.rotateLeft(D*((D<<1)+1), 5); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
113 t = Bitwise.rotateLeft(B*((B<<1)+1), 5); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
114 C = Bitwise.rotateRight(C-S[(i<<1)+1], t) ^ u; |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
115 A = Bitwise.rotateRight(A-S[i<<1], u) ^ t; |
0 | 116 } |
117 D -= S[1]; | |
118 B -= S[0]; | |
119 } | |
120 | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
121 output[0..4] = ByteConverter.LittleEndian.from!(uint)(A); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
122 output[4..8] = ByteConverter.LittleEndian.from!(uint)(B); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
123 output[8..12] = ByteConverter.LittleEndian.from!(uint)(C); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
124 output[12..16] = ByteConverter.LittleEndian.from!(uint)(D); |
0 | 125 |
12
8c7f8fecdd75
Added ManagedBlockCipher, changed Crypto to just import everything, made Hash.update() return itself (for chaining) and ditched BlockCipherWrapper.
Thomas Dixon <reikon@reikon.us>
parents:
8
diff
changeset
|
126 return BLOCK_SIZE; |
0 | 127 } |
128 | |
129 void reset() { | |
130 setup(workingKey); | |
131 } | |
132 | |
133 void setup(ubyte[] key) { | |
134 uint c = key.length/4; | |
135 uint[] L = new uint[c]; | |
136 for (int i = 0, j = 0; i < c; i++, j+=4) | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
137 L[i] = ByteConverter.LittleEndian.to!(uint)(key[j..j+int.sizeof]); |
21
ec23779ee794
Removed redundant test vector from Blowfish unittest.
Thomas Dixon <reikon@reikon.us>
parents:
14
diff
changeset
|
138 |
0 | 139 S[0] = P; |
140 for (int i = 1; i <= 2*ROUNDS+3; i++) | |
141 S[i] = S[i-1] + Q; | |
21
ec23779ee794
Removed redundant test vector from Blowfish unittest.
Thomas Dixon <reikon@reikon.us>
parents:
14
diff
changeset
|
142 |
ec23779ee794
Removed redundant test vector from Blowfish unittest.
Thomas Dixon <reikon@reikon.us>
parents:
14
diff
changeset
|
143 uint A, B, i, j, v = 3*(2*ROUNDS+4); // Relying on ints initializing to 0 |
0 | 144 for (int s = 1; s <= v; s++) { |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
145 A = S[i] = Bitwise.rotateLeft(S[i]+A+B, 3); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
146 B = L[j] = Bitwise.rotateLeft(L[j]+A+B, A+B); |
0 | 147 i = (i + 1) % (2*ROUNDS+4); |
148 j = (j + 1) % c; | |
149 } | |
150 } | |
151 | |
152 /** Some RC6 test vectors from the spec. */ | |
153 version (UnitTest) { | |
154 unittest { | |
155 static const char[][] test_keys = [ | |
156 "00000000000000000000000000000000", | |
157 "0123456789abcdef0112233445566778", | |
158 "00000000000000000000000000000000"~ | |
159 "0000000000000000", | |
160 "0123456789abcdef0112233445566778"~ | |
161 "899aabbccddeeff0", | |
162 "00000000000000000000000000000000"~ | |
163 "00000000000000000000000000000000", | |
164 "0123456789abcdef0112233445566778"~ | |
165 "899aabbccddeeff01032547698badcfe" | |
166 ]; | |
167 | |
168 static const char[][] test_plaintexts = [ | |
169 "00000000000000000000000000000000", | |
170 "02132435465768798a9bacbdcedfe0f1", | |
171 "00000000000000000000000000000000", | |
172 "02132435465768798a9bacbdcedfe0f1", | |
173 "00000000000000000000000000000000", | |
174 "02132435465768798a9bacbdcedfe0f1" | |
175 ]; | |
176 | |
177 static const char[][] test_ciphertexts = [ | |
178 "8fc3a53656b1f778c129df4e9848a41e", | |
179 "524e192f4715c6231f51f6367ea43f18", | |
180 "6cd61bcb190b30384e8a3f168690ae82", | |
181 "688329d019e505041e52e92af95291d4", | |
182 "8f5fbd0510d15fa893fa3fda6e857ec2", | |
183 "c8241816f0d7e48920ad16a1674e5d48" | |
184 ]; | |
185 | |
186 RC6 t = new RC6(); | |
187 foreach (uint i, char[] test_key; test_keys) { | |
188 ubyte[] buffer = new ubyte[t.blockSize]; | |
189 char[] result; | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
190 SymmetricKey key = new SymmetricKey(ByteConverter.hexDecode(test_key)); |
0 | 191 |
192 // Encryption | |
193 t.init(true, key); | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
194 t.update(ByteConverter.hexDecode(test_plaintexts[i]), buffer); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
195 result = ByteConverter.hexEncode(buffer); |
0 | 196 assert(result == test_ciphertexts[i], |
2
71aae178f89a
Added copy() to hash functions. Modified some code style.
Thomas Dixon <reikon@reikon.us>
parents:
1
diff
changeset
|
197 t.name~": ("~result~") != ("~test_ciphertexts[i]~")"); |
0 | 198 |
199 // Decryption | |
200 t.init(false, key); | |
23
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
201 t.update(ByteConverter.hexDecode(test_ciphertexts[i]), buffer); |
4589f8c5eb3c
Replaced dcrypt.crypto.Util with dcrypt.misc.Bitwise and dcrypt.misc.ByteConverter. Altered all dependent files to reflect changes.
Thomas Dixon <reikon@reikon.us>
parents:
21
diff
changeset
|
202 result = ByteConverter.hexEncode(buffer); |
0 | 203 assert(result == test_plaintexts[i], |
6
5cb17e09d685
Minor edits to the unittests of hash functions and ciphers. Added AES and test vectors.
Thomas Dixon <reikon@reikon.us>
parents:
2
diff
changeset
|
204 t.name~": ("~result~") != ("~test_plaintexts[i]~")"); |
0 | 205 } |
206 } | |
207 } | |
208 } |