Comments appreciated. Even if you didn't find errors, please say so. Index: m4/arctwo.m4 =================================================================== RCS file: m4/arctwo.m4 diff -N m4/arctwo.m4 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ m4/arctwo.m4 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,11 @@ +# arctwo.m4 serial 1 +dnl Copyright (C) 2005 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +AC_DEFUN([gl_ARCTWO], +[ + AC_LIBSOURCES([arctwo.c, arctwo.h]) + AC_LIBOBJ([arctwo]) +]) Index: lib/arctwo.c =================================================================== RCS file: lib/arctwo.c diff -N lib/arctwo.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ lib/arctwo.c 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,231 @@ +/* arctwo.c --- The RC2 cipher as described in RFC 2268. + * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2, or (at your + * option) any later version. + * + * This file is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/* Code from GnuTLS/Libgcrypt adapted for gnulib by Simon Josefsson. */ + +/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS + * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for + * direct use by Libgcrypt by Werner Koch. This implementation is + * only useful for pkcs#12 descryption. + * + * The implementation here is based on Peter Gutmann's RRC.2 paper. + */ + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#include "arctwo.h" + +static const uint8_t arctwo_sbox[] = { + 217, 120, 249, 196, 25, 221, 181, 237, + 40, 233, 253, 121, 74, 160, 216, 157, + 198, 126, 55, 131, 43, 118, 83, 142, + 98, 76, 100, 136, 68, 139, 251, 162, + 23, 154, 89, 245, 135, 179, 79, 19, + 97, 69, 109, 141, 9, 129, 125, 50, + 189, 143, 64, 235, 134, 183, 123, 11, + 240, 149, 33, 34, 92, 107, 78, 130, + 84, 214, 101, 147, 206, 96, 178, 28, + 115, 86, 192, 20, 167, 140, 241, 220, + 18, 117, 202, 31, 59, 190, 228, 209, + 66, 61, 212, 48, 163, 60, 182, 38, + 111, 191, 14, 218, 70, 105, 7, 87, + 39, 242, 29, 155, 188, 148, 67, 3, + 248, 17, 199, 246, 144, 239, 62, 231, + 6, 195, 213, 47, 200, 102, 30, 215, + 8, 232, 234, 222, 128, 82, 238, 247, + 132, 170, 114, 172, 53, 77, 106, 42, + 150, 26, 210, 113, 90, 21, 73, 116, + 75, 159, 208, 94, 4, 24, 164, 236, + 194, 224, 65, 110, 15, 81, 203, 204, + 36, 145, 175, 80, 161, 244, 112, 57, + 153, 124, 58, 133, 35, 184, 180, 122, + 252, 2, 54, 91, 37, 85, 151, 49, + 45, 93, 250, 152, 227, 138, 146, 174, + 5, 223, 41, 16, 103, 108, 186, 201, + 211, 0, 230, 207, 225, 158, 168, 44, + 99, 22, 1, 63, 88, 226, 137, 169, + 13, 56, 52, 27, 171, 51, 255, 176, + 187, 72, 12, 95, 185, 177, 205, 46, + 197, 243, 219, 71, 229, 165, 156, 119, + 10, 166, 32, 104, 254, 127, 193, 173 +}; + +#define rotl16(x,n) (((x) << ((uint16_t)(n))) | ((x) >> (16 - (uint16_t)(n)))) +#define rotr16(x,n) (((x) >> ((uint16_t)(n))) | ((x) << (16 - (uint16_t)(n)))) + +/* C89 compliant way to cast 'char' to 'unsigned char'. */ +static inline unsigned char +to_uchar (char ch) +{ + return ch; +} + +void +arctwo_encrypt (arctwo_context *context, const char *inbuf, + char *outbuf, size_t length) +{ + for (; length >= ARCTWO_BLOCK_SIZE; length -= ARCTWO_BLOCK_SIZE, + inbuf += ARCTWO_BLOCK_SIZE, outbuf += ARCTWO_BLOCK_SIZE) + { + size_t i, j; + uint16_t word0 = 0, word1 = 0, word2 = 0, word3 = 0; + + word0 = (word0 << 8) | to_uchar (inbuf[1]); + word0 = (word0 << 8) | to_uchar (inbuf[0]); + word1 = (word1 << 8) | to_uchar (inbuf[3]); + word1 = (word1 << 8) | to_uchar (inbuf[2]); + word2 = (word2 << 8) | to_uchar (inbuf[5]); + word2 = (word2 << 8) | to_uchar (inbuf[4]); + word3 = (word3 << 8) | to_uchar (inbuf[7]); + word3 = (word3 << 8) | to_uchar (inbuf[6]); + + for (i = 0; i < 16; i++) + { + j = i * 4; + /* For some reason I cannot combine those steps. */ + word0 += (word1 & ~word3) + (word2 & word3) + context->S[j]; + word0 = rotl16 (word0, 1); + + word1 += (word2 & ~word0) + (word3 & word0) + context->S[j + 1]; + word1 = rotl16 (word1, 2); + + word2 += (word3 & ~word1) + (word0 & word1) + context->S[j + 2]; + word2 = rotl16 (word2, 3); + + word3 += (word0 & ~word2) + (word1 & word2) + context->S[j + 3]; + word3 = rotl16 (word3, 5); + + if (i == 4 || i == 10) + { + word0 += context->S[word3 & 63]; + word1 += context->S[word0 & 63]; + word2 += context->S[word1 & 63]; + word3 += context->S[word2 & 63]; + } + } + + outbuf[0] = word0 & 255; + outbuf[1] = word0 >> 8; + outbuf[2] = word1 & 255; + outbuf[3] = word1 >> 8; + outbuf[4] = word2 & 255; + outbuf[5] = word2 >> 8; + outbuf[6] = word3 & 255; + outbuf[7] = word3 >> 8; + } +} + +void +arctwo_decrypt (arctwo_context *context, const char *inbuf, + char *outbuf, size_t length) +{ + for (; length >= ARCTWO_BLOCK_SIZE; length -= ARCTWO_BLOCK_SIZE, + inbuf += ARCTWO_BLOCK_SIZE, outbuf += ARCTWO_BLOCK_SIZE) + { + size_t i, j; + uint16_t word0 = 0, word1 = 0, word2 = 0, word3 = 0; + + word0 = (word0 << 8) | to_uchar (inbuf[1]); + word0 = (word0 << 8) | to_uchar (inbuf[0]); + word1 = (word1 << 8) | to_uchar (inbuf[3]); + word1 = (word1 << 8) | to_uchar (inbuf[2]); + word2 = (word2 << 8) | to_uchar (inbuf[5]); + word2 = (word2 << 8) | to_uchar (inbuf[4]); + word3 = (word3 << 8) | to_uchar (inbuf[7]); + word3 = (word3 << 8) | to_uchar (inbuf[6]); + + for (i = 16; i > 0; i--) + { + j = (i - 1) * 4; + + word3 = rotr16 (word3, 5); + word3 -= (word0 & ~word2) + (word1 & word2) + context->S[j + 3]; + + word2 = rotr16 (word2, 3); + word2 -= (word3 & ~word1) + (word0 & word1) + context->S[j + 2]; + + word1 = rotr16 (word1, 2); + word1 -= (word2 & ~word0) + (word3 & word0) + context->S[j + 1]; + + word0 = rotr16 (word0, 1); + word0 -= (word1 & ~word3) + (word2 & word3) + context->S[j]; + + if (i == 6 || i == 12) + { + word3 = word3 - context->S[word2 & 63]; + word2 = word2 - context->S[word1 & 63]; + word1 = word1 - context->S[word0 & 63]; + word0 = word0 - context->S[word3 & 63]; + } + } + + outbuf[0] = word0 & 255; + outbuf[1] = word0 >> 8; + outbuf[2] = word1 & 255; + outbuf[3] = word1 >> 8; + outbuf[4] = word2 & 255; + outbuf[5] = word2 >> 8; + outbuf[6] = word3 & 255; + outbuf[7] = word3 >> 8; + } +} + +void +arctwo_setkey_ekb (arctwo_context *context, + size_t keylen, const char *key, size_t effective_keylen) +{ + size_t i; + uint8_t *S, x; + + if (keylen < 40 / 8 || effective_keylen > 1024) + return; + + S = (uint8_t *) context->S; + + for (i = 0; i < keylen; i++) + S[i] = (uint8_t) key[i]; + + for (i = keylen; i < 128; i++) + S[i] = arctwo_sbox[(S[i - keylen] + S[i - 1]) & 255]; + + S[0] = arctwo_sbox[S[0]]; + + /* Phase 2 - reduce effective key size to "bits". This was not + * discussed in Gutmann's paper. I've copied that from the public + * domain code posted in sci.crypt. */ + if (effective_keylen) + { + size_t len = (effective_keylen + 7) >> 3; + i = 128 - len; + x = arctwo_sbox[S[i] & (255 >> (7 & -effective_keylen))]; + S[i] = x; + + while (i--) + { + x = arctwo_sbox[x ^ S[i + len]]; + S[i] = x; + } + } + + /* Make the expanded key, endian independent. */ + for (i = 0; i < 64; i++) + context->S[i] = ((uint16_t) S[i * 2] | (((uint16_t) S[i * 2 + 1]) << 8)); +} Index: lib/arctwo.h =================================================================== RCS file: lib/arctwo.h diff -N lib/arctwo.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ lib/arctwo.h 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,63 @@ +/* arctwo.h --- The arctwo block cipher + * Copyright (C) 2000, 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2, or (at your + * option) any later version. + * + * This file is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + */ + +/* Code from Libgcrypt adapted for gnulib by Simon Josefsson. */ + +#ifndef ARCTWO_H +# define ARCTWO_H + +# include <stddef.h> +# include <stdint.h> + +typedef struct +{ + uint16_t S[64]; +} arctwo_context; + +#define ARCTWO_BLOCK_SIZE 8 + +/* Initialize CONTEXT using KEY of KEYLEN length. If + EFFECTIVE_KEYLEN, truncate the key (using a special algorithm) to + only be of EFFECTIVE_KEYLEN bits. Normally, you use + EFFECTIVE_KEYLEN of 0, but see RFC 2268 for more information. */ +void +arctwo_setkey_ekb (arctwo_context *context, + size_t keylen, const char *key, size_t effective_keylen); + +#define arctwo_setkey(context,keylen,key) \ + arctwo_setkey_ekb (context, keylen, key, 0) + +/* Encrypt INBUF of size LENGTH into OUTBUF. LENGTH must be a + multiple of ARCTWO_BLOCK_SIZE. CONTEXT hold the encryption key, + and must have been initialized with arctwo_setkey or + arctwo_setkey_ekb. */ +extern void +arctwo_encrypt (arctwo_context *context, const char *inbuf, + char *outbuf, size_t length); + +/* Decrypt INBUF of size LENGTH into OUTBUF. LENGTH must be a + multiple of ARCTWO_BLOCK_SIZE. CONTEXT hold the decryption key, + and must have been initialized with arctwo_setkey or + arctwo_setkey_ekb. */ +extern void +arctwo_decrypt (arctwo_context *context, const char *inbuf, + char *outbuf, size_t length); + +#endif /* ARCTWO_H */ Index: modules/arctwo =================================================================== RCS file: modules/arctwo diff -N modules/arctwo --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ modules/arctwo 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,25 @@ +Description: +ARCTWO block cipher implementation + +Files: +lib/arctwo.h +lib/arctwo.c +m4/arctwo.m4 + +Depends-on: +stdint +inline + +configure.ac: +gl_ARCTWO + +Makefile.am: + +Include: +"arctwo.h" + +License: +LGPL + +Maintainer: +Simon Josefsson Index: modules/arctwo-tests =================================================================== RCS file: modules/arctwo-tests diff -N modules/arctwo-tests --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ modules/arctwo-tests 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,11 @@ +Files: +tests/test-arctwo.c + +Depends-on: + +configure.ac: + +Makefile.am: +TESTS += test-arctwo +noinst_PROGRAMS += test-arctwo +test_arctwo_SOURCES = test-arctwo.c Index: tests/test-arctwo.c =================================================================== RCS file: tests/test-arctwo.c diff -N tests/test-arctwo.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ tests/test-arctwo.c 17 Oct 2005 12:48:29 -0000 @@ -0,0 +1,187 @@ +/* + * Copyright (C) 2005 Free Software Foundation + * Written by Simon Josefsson + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. */ + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include "arctwo.h" + +int +main (int argc, char *argv[]) +{ + arctwo_context ctx; + char scratch[16]; + + /* Test vectors from Peter Gutmann's paper. */ + static char key_1[] = + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static char plaintext_1[] = + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static const char ciphertext_1[] = + { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 }; + + static char key_2[] = + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + static char plaintext_2[] = + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static char ciphertext_2[] = + { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 }; + + /* This one was checked against libmcrypt's RFC2268. */ + static char key_3[] = + { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static char plaintext_3[] = + { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static char ciphertext_3[] = + { 0x8f, 0xd1, 0x03, 0x89, 0x33, 0x6b, 0xf9, 0x5e }; + + /* From RFC2268. */ + static char key_4[] = + { 0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + static char plaintext_4[] = + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + static char ciphertext_4[] = + { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; + + static char key_5[] = + { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; + static char plaintext_5[] = + { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }; + static char ciphertext_5[] = + { 0x27, 0x8b, 0x27, 0xe4, 0x2e, 0x2f, 0x0d, 0x49 }; + + static char key_6[] = + { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static char plaintext_6[] = + { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; + static char ciphertext_6[] = + { 0x30, 0x64, 0x9e, 0xdf, 0x9b, 0xe7, 0xd2, 0xc2 }; + + /* First test. */ + arctwo_setkey (&ctx, sizeof(key_1), key_1); + arctwo_encrypt (&ctx, plaintext_1, scratch, ARCTWO_BLOCK_SIZE); + + if (memcmp (scratch, ciphertext_1, sizeof(ciphertext_1))) + return 1; + + arctwo_setkey (&ctx, sizeof(key_1), key_1); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp (scratch, plaintext_1, sizeof(plaintext_1))) + return 1; + + /* Second test. */ + arctwo_setkey (&ctx, sizeof(key_2), key_2); + arctwo_encrypt (&ctx, plaintext_2, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp (scratch, ciphertext_2, sizeof(ciphertext_2))) + return 1; + + arctwo_setkey (&ctx, sizeof(key_2), key_2); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp (scratch, plaintext_2, sizeof(plaintext_2))) + return 1; + + /* Third test. */ + arctwo_setkey(&ctx, sizeof(key_3), key_3); + arctwo_encrypt(&ctx, plaintext_3, scratch, ARCTWO_BLOCK_SIZE); + + if (memcmp(scratch, ciphertext_3, sizeof(ciphertext_3))) + return 1; + + arctwo_setkey (&ctx, sizeof(key_3), key_3); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp(scratch, plaintext_3, sizeof(plaintext_3))) + return 1; + + /* Fourth test. */ + arctwo_setkey_ekb(&ctx, sizeof(key_4), key_4, 63); + arctwo_encrypt(&ctx, plaintext_4, scratch, ARCTWO_BLOCK_SIZE); + + if (memcmp(scratch, ciphertext_4, sizeof(ciphertext_4))) + { + size_t i; + printf ("expected:\n"); + for (i = 0; i < sizeof (ciphertext_4); i++) + printf ("%02x ", ciphertext_4[i] & 0xFF); + printf ("\ncomputed:\n"); + for (i = 0; i < sizeof (ciphertext_4); i++) + printf ("%02x ", scratch[i] & 0xFF); + printf ("\n"); + return 1; + } + + arctwo_setkey_ekb (&ctx, sizeof(key_4), key_4, 63); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp(scratch, plaintext_4, sizeof(plaintext_4))) + return 1; + + /* Fifth test. */ + arctwo_setkey_ekb(&ctx, sizeof(key_5), key_5, 64); + arctwo_encrypt(&ctx, plaintext_5, scratch, ARCTWO_BLOCK_SIZE); + + if (memcmp(scratch, ciphertext_5, sizeof(ciphertext_5))) + { + size_t i; + printf ("expected:\n"); + for (i = 0; i < sizeof (ciphertext_5); i++) + printf ("%02x ", ciphertext_5[i] & 0xFF); + printf ("\ncomputed:\n"); + for (i = 0; i < sizeof (ciphertext_5); i++) + printf ("%02x ", scratch[i] & 0xFF); + printf ("\n"); + return 1; + } + + arctwo_setkey_ekb (&ctx, sizeof(key_5), key_5, 64); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp(scratch, plaintext_5, sizeof(plaintext_5))) + return 1; + + /* Sixth test. */ + arctwo_setkey_ekb(&ctx, 8, key_6, 64); + arctwo_encrypt(&ctx, plaintext_6, scratch, ARCTWO_BLOCK_SIZE); + + if (memcmp(scratch, ciphertext_6, sizeof(ciphertext_6))) + { + size_t i; + printf ("expected:\n"); + for (i = 0; i < sizeof (ciphertext_6); i++) + printf ("%02x ", ciphertext_6[i] & 0xFF); + printf ("\ncomputed:\n"); + for (i = 0; i < sizeof (ciphertext_6); i++) + printf ("%02x ", scratch[i] & 0xFF); + printf ("\n"); + return 1; + } + + arctwo_setkey_ekb (&ctx, sizeof(key_6), key_6, 64); + arctwo_decrypt (&ctx, scratch, scratch, ARCTWO_BLOCK_SIZE); + if (memcmp(scratch, plaintext_6, sizeof(plaintext_6))) + return 1; + + return 0; +}
_______________________________________________ bug-gnulib mailing list bug-gnulib@gnu.org http://lists.gnu.org/mailman/listinfo/bug-gnulib