Mercurial > projects > dcrypt
view dcrypt/crypto/ciphers/RC6.d @ 28:ad687db713a4
Further reworked the code for hash padding. Replaced all instances of 'char[]' with 'string' and removed a few 'const' modifiers as per Glenn Haecker's patch for D2 compatibility. Updated CONTRIBUTORS file.
| author | Thomas Dixon <reikon@reikon.us> |
|---|---|
| date | Sun, 10 May 2009 22:38:48 -0400 |
| parents | 8b5eaf3c2979 |
| children |
line wrap: on
line source
/** * This file is part of the dcrypt project. * * Copyright: Copyright (C) dcrypt contributors 2008. All rights reserved. * License: MIT * Authors: Thomas Dixon */ module dcrypt.crypto.ciphers.RC6; import dcrypt.misc.Bitwise; import dcrypt.misc.ByteConverter; import dcrypt.crypto.BlockCipher; /** * Implementation of the RC6-32/20/b cipher designed by * Ron Rivest et al. of RSA Security. * * It should be noted that this algorithm is very similar to RC5. * Currently there are no plans to implement RC5, but should that change * in the future, it may be wise to rewrite both RC5 and RC6 to use some * kind of template or base class. * * This algorithm is patented and trademarked. * * References: http://people.csail.mit.edu/rivest/Rc6.pdf */ class RC6 : BlockCipher { private { static const uint ROUNDS = 20, BLOCK_SIZE = 16, // Magic constants for a 32 bit word size P = 0xb7e15163, Q = 0x9e3779b9; uint[] S; ubyte[] workingKey; } string name() { return "RC6"; } uint blockSize() { return BLOCK_SIZE; } void init(bool encrypt, CipherParameters params) { SymmetricKey keyParams = cast(SymmetricKey)params; if (!keyParams) throw new InvalidParameterError( name()~": Invalid parameter passed to init"); _encrypt = encrypt; uint len = keyParams.key.length; if (len != 16 && len != 24 && len != 32) throw new InvalidKeyError( name()~": Invalid key length (requires 16/24/32 bytes)"); S = new uint[2*ROUNDS+4]; workingKey = keyParams.key; setup(workingKey); _initialized = true; } uint update(void[] input_, void[] output_) { if (!_initialized) throw new NotInitializedError(name()~": Cipher not initialized"); ubyte[] input = cast(ubyte[]) input_, output = cast(ubyte[]) output_; if (input.length < BLOCK_SIZE) throw new ShortBufferError(name()~": Input buffer too short"); if (output.length < BLOCK_SIZE) throw new ShortBufferError(name()~": Output buffer too short"); uint A = ByteConverter.LittleEndian.to!(uint)(input[0..4]), B = ByteConverter.LittleEndian.to!(uint)(input[4..8]), C = ByteConverter.LittleEndian.to!(uint)(input[8..12]), D = ByteConverter.LittleEndian.to!(uint)(input[12..16]), t, u; if (_encrypt) { B += S[0]; D += S[1]; for (int i = 1; i <= ROUNDS; i++) { t = Bitwise.rotateLeft(B*((B<<1)+1), 5); u = Bitwise.rotateLeft(D*((D<<1)+1), 5); A = Bitwise.rotateLeft(A^t, u) + S[i<<1]; C = Bitwise.rotateLeft(C^u, t) + S[(i<<1)+1]; t = A; A = B; B = C; C = D; D = t; } A += S[2*ROUNDS+2]; C += S[2*ROUNDS+3]; } else { C -= S[2*ROUNDS+3]; A -= S[2*ROUNDS+2]; for (int i = ROUNDS; i >= 1; i--) { t = D; D = C; C = B; B = A; A = t; u = Bitwise.rotateLeft(D*((D<<1)+1), 5); t = Bitwise.rotateLeft(B*((B<<1)+1), 5); C = Bitwise.rotateRight(C-S[(i<<1)+1], t) ^ u; A = Bitwise.rotateRight(A-S[i<<1], u) ^ t; } D -= S[1]; B -= S[0]; } output[0..4] = ByteConverter.LittleEndian.from!(uint)(A); output[4..8] = ByteConverter.LittleEndian.from!(uint)(B); output[8..12] = ByteConverter.LittleEndian.from!(uint)(C); output[12..16] = ByteConverter.LittleEndian.from!(uint)(D); return BLOCK_SIZE; } void reset() { setup(workingKey); } void setup(ubyte[] key) { uint c = key.length/4; uint[] L = new uint[c]; for (int i = 0, j = 0; i < c; i++, j+=4) L[i] = ByteConverter.LittleEndian.to!(uint)(key[j..j+int.sizeof]); S[0] = P; for (int i = 1; i <= 2*ROUNDS+3; i++) S[i] = S[i-1] + Q; uint A, B, i, j, v = 3*(2*ROUNDS+4); // Relying on ints initializing to 0 for (int s = 1; s <= v; s++) { A = S[i] = Bitwise.rotateLeft(S[i]+A+B, 3); B = L[j] = Bitwise.rotateLeft(L[j]+A+B, A+B); i = (i + 1) % (2*ROUNDS+4); j = (j + 1) % c; } } /** Some RC6 test vectors from the spec. */ debug (UnitTest) { unittest { static string[] test_keys = [ "00000000000000000000000000000000", "0123456789abcdef0112233445566778", "00000000000000000000000000000000"~ "0000000000000000", "0123456789abcdef0112233445566778"~ "899aabbccddeeff0", "00000000000000000000000000000000"~ "00000000000000000000000000000000", "0123456789abcdef0112233445566778"~ "899aabbccddeeff01032547698badcfe" ]; static string[] test_plaintexts = [ "00000000000000000000000000000000", "02132435465768798a9bacbdcedfe0f1", "00000000000000000000000000000000", "02132435465768798a9bacbdcedfe0f1", "00000000000000000000000000000000", "02132435465768798a9bacbdcedfe0f1" ]; static string[] test_ciphertexts = [ "8fc3a53656b1f778c129df4e9848a41e", "524e192f4715c6231f51f6367ea43f18", "6cd61bcb190b30384e8a3f168690ae82", "688329d019e505041e52e92af95291d4", "8f5fbd0510d15fa893fa3fda6e857ec2", "c8241816f0d7e48920ad16a1674e5d48" ]; RC6 t = new RC6(); foreach (uint i, string test_key; test_keys) { ubyte[] buffer = new ubyte[t.blockSize]; string result; SymmetricKey key = new SymmetricKey(ByteConverter.hexDecode(test_key)); // Encryption t.init(true, key); t.update(ByteConverter.hexDecode(test_plaintexts[i]), buffer); result = ByteConverter.hexEncode(buffer); assert(result == test_ciphertexts[i], t.name~": ("~result~") != ("~test_ciphertexts[i]~")"); // Decryption t.init(false, key); t.update(ByteConverter.hexDecode(test_ciphertexts[i]), buffer); result = ByteConverter.hexEncode(buffer); assert(result == test_plaintexts[i], t.name~": ("~result~") != ("~test_plaintexts[i]~")"); } } } }