15 ANONYMOUS_NAMESPACE_BEGIN
17 using CryptoPP::word32;
18 using CryptoPP::word64;
21 word32 G_func(word32 x)
32 h = (((
static_cast<word32
>(a*a) >> 17U) +
static_cast<word32
>(a*b)) >> 15U) + b*b;
36 return static_cast<word32
>(h^l);
42 return static_cast<word32
>((z >> 32) ^ z);
45 word32 NextState(word32 c[8], word32 x[8], word32 carry)
48 word32 g[8], c_old[8], i;
55 c[0] =
static_cast<word32
>(c[0] + 0x4D34D34D + carry);
56 c[1] =
static_cast<word32
>(c[1] + 0xD34D34D3 + (c[0] < c_old[0]));
57 c[2] =
static_cast<word32
>(c[2] + 0x34D34D34 + (c[1] < c_old[1]));
58 c[3] =
static_cast<word32
>(c[3] + 0x4D34D34D + (c[2] < c_old[2]));
59 c[4] =
static_cast<word32
>(c[4] + 0xD34D34D3 + (c[3] < c_old[3]));
60 c[5] =
static_cast<word32
>(c[5] + 0x34D34D34 + (c[4] < c_old[4]));
61 c[6] =
static_cast<word32
>(c[6] + 0x4D34D34D + (c[5] < c_old[5]));
62 c[7] =
static_cast<word32
>(c[7] + 0xD34D34D3 + (c[6] < c_old[6]));
63 carry = (c[7] < c_old[7]);
67 g[i] = G_func(static_cast<word32>(x[i] + c[i]));
70 x[0] =
static_cast<word32
>(g[0] + rotlConstant<16>(g[7]) + rotlConstant<16>(g[6]));
71 x[1] =
static_cast<word32
>(g[1] + rotlConstant<8>(g[0]) + g[7]);
72 x[2] =
static_cast<word32
>(g[2] + rotlConstant<16>(g[1]) + rotlConstant<16>(g[0]));
73 x[3] =
static_cast<word32
>(g[3] + rotlConstant<8>(g[2]) + g[1]);
74 x[4] =
static_cast<word32
>(g[4] + rotlConstant<16>(g[3]) + rotlConstant<16>(g[2]));
75 x[5] =
static_cast<word32
>(g[5] + rotlConstant<8>(g[4]) + g[3]);
76 x[6] =
static_cast<word32
>(g[6] + rotlConstant<16>(g[5]) + rotlConstant<16>(g[4]));
77 x[7] =
static_cast<word32
>(g[7] + rotlConstant<8>(g[6]) + g[5]);
82 ANONYMOUS_NAMESPACE_END
86 void RabbitPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
89 CRYPTOPP_UNUSED(params);
97 m_mx[1] =
static_cast<word32
>(m_t[3] << 16) | (m_t[2] >> 16);
98 m_mx[3] =
static_cast<word32
>(m_t[0] << 16) | (m_t[3] >> 16);
99 m_mx[5] =
static_cast<word32
>(m_t[1] << 16) | (m_t[0] >> 16);
100 m_mx[7] =
static_cast<word32
>(m_t[2] << 16) | (m_t[1] >> 16);
103 m_mc[0] = rotlConstant<16>(m_t[2]);
104 m_mc[2] = rotlConstant<16>(m_t[3]);
105 m_mc[4] = rotlConstant<16>(m_t[0]);
106 m_mc[6] = rotlConstant<16>(m_t[1]);
107 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
108 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
109 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
110 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
116 for (
unsigned int i = 0; i<4; i++)
117 m_mcy = NextState(m_mc, m_mx, m_mcy);
120 for (
unsigned int i = 0; i<8; i++)
121 m_mc[i] ^= m_mx[(i + 4) & 0x7];
124 for (
unsigned int i = 0; i<8; i++)
132 void RabbitPolicy::OperateKeystream(
KeystreamOperation operation, byte *output,
const byte *input,
size_t iterationCount)
135 for (
size_t i = 0; i<iterationCount; ++i, out += 16)
138 m_wcy = NextState(m_wc, m_wx, m_wcy);
157 void RabbitWithIVPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
160 CRYPTOPP_UNUSED(params);
168 m_mx[1] =
static_cast<word32
>(m_t[3] << 16) | (m_t[2] >> 16);
169 m_mx[3] =
static_cast<word32
>(m_t[0] << 16) | (m_t[3] >> 16);
170 m_mx[5] =
static_cast<word32
>(m_t[1] << 16) | (m_t[0] >> 16);
171 m_mx[7] =
static_cast<word32
>(m_t[2] << 16) | (m_t[1] >> 16);
174 m_mc[0] = rotlConstant<16>(m_t[2]);
175 m_mc[2] = rotlConstant<16>(m_t[3]);
176 m_mc[4] = rotlConstant<16>(m_t[0]);
177 m_mc[6] = rotlConstant<16>(m_t[1]);
178 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
179 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
180 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
181 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
187 for (
unsigned int i = 0; i<4; i++)
188 m_mcy = NextState(m_mc, m_mx, m_mcy);
191 for (
unsigned int i = 0; i<8; i++)
192 m_mc[i] ^= m_mx[(i + 4) & 0x7];
195 for (
unsigned int i = 0; i<8; i++)
203 void RabbitWithIVPolicy::CipherResynchronize(byte *keystreamBuffer,
const byte *iv,
size_t length)
205 CRYPTOPP_UNUSED(keystreamBuffer);
206 CRYPTOPP_UNUSED(length);
211 m_t[1] = (m_t[0] >> 16) | (m_t[2] & 0xFFFF0000);
212 m_t[3] = (m_t[2] << 16) | (m_t[0] & 0x0000FFFF);
215 m_wc[0] = m_mc[0] ^ m_t[0];
216 m_wc[1] = m_mc[1] ^ m_t[1];
217 m_wc[2] = m_mc[2] ^ m_t[2];
218 m_wc[3] = m_mc[3] ^ m_t[3];
219 m_wc[4] = m_mc[4] ^ m_t[0];
220 m_wc[5] = m_mc[5] ^ m_t[1];
221 m_wc[6] = m_mc[6] ^ m_t[2];
222 m_wc[7] = m_mc[7] ^ m_t[3];
225 for (
unsigned int i = 0; i<8; i++)
230 for (
unsigned int i = 0; i<4; i++)
231 m_wcy = NextState(m_wc, m_wx, m_wcy);
234 void RabbitWithIVPolicy::OperateKeystream(
KeystreamOperation operation, byte *output,
const byte *input,
size_t iterationCount)
237 for (
unsigned int i = 0; i<iterationCount; ++i, out += 16)
240 m_wcy = NextState(m_wc, m_wx, m_wcy);
Utility functions for the Crypto++ library.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
Library configuration file.
byte order is little-endian
Classes and functions for secure memory allocations.
unsigned int GetBytesPerIteration() const
Provides number of bytes operated upon during an iteration.
T rotlConstant(T x)
Performs a left rotate.
Classes for Rabbit stream cipher.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Access a block of memory.
KeystreamOperation
Keystream operation flags.
Crypto++ library namespace.
Interface for retrieving values given their names.