NoekeonEngine.cs :  » PDF » iTextSharp » Org » BouncyCastle » Crypto » Engines » C# / CSharp Open Source

using System;

using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Utilities;

namespace Org.BouncyCastle.Crypto.Engines{
  /**
  * A Noekeon engine, using direct-key mode.
  */
  public class NoekeonEngine
    : IBlockCipher
  {
    private const int GenericSize = 16; // Block and key size, as well as the amount of rounds.

    private static readonly uint[] nullVector = 
    {
      0x00, 0x00, 0x00, 0x00 // Used in decryption
    };

    private static readonly uint[] roundConstants = 
    {
      0x80, 0x1b, 0x36, 0x6c,
      0xd8, 0xab, 0x4d, 0x9a,
      0x2f, 0x5e, 0xbc, 0x63,
      0xc6, 0x97, 0x35, 0x6a,
      0xd4
    };

    private uint[]  state = new uint[4], // a
            subKeys = new uint[4], // k
            decryptKeys = new uint[4];

    private bool _initialised, _forEncryption;

    /**
    * Create an instance of the Noekeon encryption algorithm
    * and set some defaults
    */
    public NoekeonEngine()
    {
      _initialised = false;
    }

    public string AlgorithmName
    {
      get { return "Noekeon"; }
    }

    public bool IsPartialBlockOkay
    {
      get { return false; }
    }

    public int GetBlockSize()
    {
      return GenericSize;
    }

    /**
    * initialise
    *
    * @param forEncryption whether or not we are for encryption.
    * @param params the parameters required to set up the cipher.
    * @exception ArgumentException if the params argument is
    * inappropriate.
    */
    public void Init(
      bool        forEncryption,
      ICipherParameters  parameters)
    {
      if (!(parameters is KeyParameter))
        throw new ArgumentException("Invalid parameters passed to Noekeon init - " + parameters.GetType().Name, "parameters");

      _forEncryption = forEncryption;
      _initialised = true;

      KeyParameter p = (KeyParameter) parameters;

      setKey(p.GetKey());
    }

    public int ProcessBlock(
      byte[]  input,
      int    inOff,
      byte[]  output,
      int    outOff)
    {
      if (!_initialised)
        throw new InvalidOperationException(AlgorithmName + " not initialised");
      if ((inOff + GenericSize) > input.Length)
        throw new DataLengthException("input buffer too short");
      if ((outOff + GenericSize) > output.Length)
        throw new DataLengthException("output buffer too short");

      return _forEncryption
        ?  encryptBlock(input, inOff, output, outOff)
        :  decryptBlock(input, inOff, output, outOff);
    }

    public void Reset()
    {
      // TODO This should do something in case the encryption is aborted
    }

    /**
    * Re-key the cipher.
    *
    * @param  key  the key to be used
    */
    private void setKey(byte[] key)
    {
      subKeys[0] = Pack.BE_To_UInt32(key, 0);
      subKeys[1] = Pack.BE_To_UInt32(key, 4);
      subKeys[2] = Pack.BE_To_UInt32(key, 8);
      subKeys[3] = Pack.BE_To_UInt32(key, 12);
    }

    private int encryptBlock(
      byte[]  input,
      int    inOff,
      byte[]  output,
      int    outOff)
    {
      state[0] = Pack.BE_To_UInt32(input, inOff);
      state[1] = Pack.BE_To_UInt32(input, inOff+4);
      state[2] = Pack.BE_To_UInt32(input, inOff+8);
      state[3] = Pack.BE_To_UInt32(input, inOff+12);

      int i;
      for (i = 0; i < GenericSize; i++)
      {
        state[0] ^= roundConstants[i];
        theta(state, subKeys);
        pi1(state);
        gamma(state);
        pi2(state);            
      }

      state[0] ^= roundConstants[i];
      theta(state, subKeys);

      Pack.UInt32_To_BE(state[0], output, outOff);
      Pack.UInt32_To_BE(state[1], output, outOff+4);
      Pack.UInt32_To_BE(state[2], output, outOff+8);
      Pack.UInt32_To_BE(state[3], output, outOff+12);

      return GenericSize;
    }

    private int decryptBlock(
      byte[]  input,
      int    inOff,
      byte[]  output,
      int    outOff)
    {
      state[0] = Pack.BE_To_UInt32(input, inOff);
      state[1] = Pack.BE_To_UInt32(input, inOff+4);
      state[2] = Pack.BE_To_UInt32(input, inOff+8);
      state[3] = Pack.BE_To_UInt32(input, inOff+12);

      Array.Copy(subKeys, 0, decryptKeys, 0, subKeys.Length);
      theta(decryptKeys, nullVector);

      int i;
      for (i = GenericSize; i > 0; i--)
      {
        theta(state, decryptKeys);
        state[0] ^= roundConstants[i];
        pi1(state);
        gamma(state);
        pi2(state);
      }

      theta(state, decryptKeys);
      state[0] ^= roundConstants[i];

      Pack.UInt32_To_BE(state[0], output, outOff);
      Pack.UInt32_To_BE(state[1], output, outOff+4);
      Pack.UInt32_To_BE(state[2], output, outOff+8);
      Pack.UInt32_To_BE(state[3], output, outOff+12);

      return GenericSize;
    }

    private void gamma(uint[] a)
    {
      a[1] ^= ~a[3] & ~a[2];
      a[0] ^= a[2] & a[1];

      uint tmp = a[3];
      a[3]  = a[0];
      a[0]  = tmp;
      a[2] ^= a[0]^a[1]^a[3];

      a[1] ^= ~a[3] & ~a[2];
      a[0] ^= a[2] & a[1];
    }

    private void theta(uint[] a, uint[] k)
    {
      uint tmp;
      tmp   = a[0]^a[2]; 
      tmp  ^= rotl(tmp,8)^rotl(tmp,24); 
      a[1] ^= tmp; 
      a[3] ^= tmp; 

      for (int i = 0; i < 4; i++)
      {
        a[i] ^= k[i];
      }

      tmp   = a[1]^a[3]; 
      tmp  ^= rotl(tmp,8)^rotl(tmp,24); 
      a[0] ^= tmp; 
      a[2] ^= tmp;
    }

    private void pi1(uint[] a)
    {
      a[1] = rotl(a[1], 1);
      a[2] = rotl(a[2], 5);
      a[3] = rotl(a[3], 2);
    }

    private void pi2(uint[] a)
    {
      a[1] = rotl(a[1], 31);
      a[2] = rotl(a[2], 27);
      a[3] = rotl(a[3], 30);
    }

    // Helpers

    private uint rotl(uint x, int y)
    {
      return (x << y) | (x >> (32-y));
    }
  }
}