/* This is an independent implementation of the DEAL encryption */ /* algorithm submitted by Richard Outerbridge and Lars Knudsen as */ /* a candidate the NIST AES programme. */ /* */ /* Copyright in this implementation is held by Dr B R Gladman but */ /* I hereby give permission for its free direct or derivative use */ /* subject to aks_keynowledgment of its origin and compliance with */ /* any constraints that are placed on the exploitation of DEAL by */ /* its designers. */ /* */ /* Dr Brian Gladman (gladman@seven77.demon.co.uk) 30th Noveember 98 */ /* Timing Data: Algorithm: deal (deal0.c) 128 bit key: Key Setup: 8777 cycles Encrypt: 2833 cycles = 9.0 mbits/sec Decrypt: 2836 cycles = 9.0 mbits/sec Mean: 2835 cycles = 9.0 mbits/sec 192 bit key: Key Setup: 8812 cycles Encrypt: 2833 cycles = 9.0 mbits/sec Decrypt: 2833 cycles = 9.0 mbits/sec Mean: 2833 cycles = 9.0 mbits/sec 256 bit key: Key Setup: 11745 cycles Encrypt: 3758 cycles = 6.8 mbits/sec Decrypt: 3757 cycles = 6.8 mbits/sec Mean: 3757 cycles = 6.8 mbits/sec */ #include "../std_defs.h" #include "../des/des.h" static char *alg_name[] = { "deal", "deal0.c" }; char **cipher_name() { return alg_name; } u4byte ks_key[2] = { 0x67452301, 0xefcdab89 }; u4byte ks_ks[32]; /* storage for the local key schedule */ u4byte ks_init = 0; u4byte k_len; /* copy of key_length */ u4byte l_key[256]; /* storage for key schedule */ /* initialise the key schedule from the user supplied key */ u4byte *set_key(const u4byte key_blk[], const u4byte key_len) { u4byte lk[2]; if(!ks_init) { des_ky(ks_key, ks_ks); ks_init = 1; } k_len = (key_len + 63) / 64; switch(k_len) { case 2: lk[0] = key_blk[0]; lk[1] = key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key); lk[0] ^= key_blk[2]; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 32); lk[0] ^= key_blk[0] ^ 0x00000080; lk[1] ^= key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 64); lk[0] ^= key_blk[2] ^ 0x00000040; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 96); lk[0] ^= key_blk[0] ^ 0x00000020; lk[1] ^= key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 128); lk[0] ^= key_blk[2] ^ 0x00000010; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 160); break; case 3: lk[0] = key_blk[0]; lk[1] = key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key); lk[0] ^= key_blk[2]; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 32); lk[0] ^= key_blk[4]; lk[1] ^= key_blk[5]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 64); lk[0] ^= key_blk[0] ^ 0x00000080; lk[1] ^= key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 96); lk[0] ^= key_blk[2] ^ 0x00000040; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 128); lk[0] ^= key_blk[4] ^ 0x00000020; lk[1] ^= key_blk[5]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 160); break; case 4: lk[0] = key_blk[0]; lk[1] = key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key); lk[0] ^= key_blk[2]; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 32); lk[0] ^= key_blk[4]; lk[1] ^= key_blk[5]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 64); lk[0] ^= key_blk[6]; lk[1] ^= key_blk[7]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 96); lk[0] ^= key_blk[0] ^ 0x00000080; lk[1] ^= key_blk[1]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 128); lk[0] ^= key_blk[2] ^ 0x00000040; lk[1] ^= key_blk[3]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 160); lk[0] ^= key_blk[4] ^ 0x00000020; lk[1] ^= key_blk[5]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 192); lk[0] ^= key_blk[6] ^ 0x00000010; lk[1] ^= key_blk[7]; des_ec(lk, lk, ks_ks); des_ky(lk, l_key + 224); break; } return l_key; }; /* encrypt a bloks_key of text */ void encrypt(const u4byte in_blk[4], u4byte out_blk[4]) { u4byte a[2], b[2], c[2]; a[0] = in_blk[0]; a[1] = in_blk[1]; b[0] = in_blk[2]; b[1] = in_blk[3]; des_ec(a, c, l_key + 0); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 32); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 64); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 96); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 128); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 160); a[0] ^= c[0]; a[1] ^= c[1]; if(k_len == 4) { des_ec(a, c, l_key + 192); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 224); a[0] ^= c[0]; a[1] ^= c[1]; } out_blk[0] = a[0]; out_blk[1] = a[1]; out_blk[2] = b[0]; out_blk[3] = b[1]; }; /* decrypt a bloks_key of text */ void decrypt(const u4byte in_blk[4], u4byte out_blk[4]) { u4byte a[2], b[2], c[2]; a[0] = in_blk[0]; a[1] = in_blk[1]; b[0] = in_blk[2]; b[1] = in_blk[3]; if(k_len == 4) { des_ec(b, c, l_key + 224); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 192); b[0] ^= c[0]; b[1] ^= c[1]; } des_ec(b, c, l_key + 160); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 128); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 96); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 64); b[0] ^= c[0]; b[1] ^= c[1]; des_ec(b, c, l_key + 32); a[0] ^= c[0]; a[1] ^= c[1]; des_ec(a, c, l_key + 0); b[0] ^= c[0]; b[1] ^= c[1]; out_blk[0] = a[0]; out_blk[1] = a[1]; out_blk[2] = b[0]; out_blk[3] = b[1]; };