rc2.go

Documentation: golang.org/x/crypto/pkcs12/internal/rc2

     1  // Copyright 2015 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package rc2 implements the RC2 cipher
     6  /*
     7  https://www.ietf.org/rfc/rfc2268.txt
     8  http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf
     9  
    10  This code is licensed under the MIT license.
    11  */
    12  package rc2
    13  
    14  import (
    15  	"crypto/cipher"
    16  	"encoding/binary"
    17  	"math/bits"
    18  )
    19  
    20  // The rc2 block size in bytes
    21  const BlockSize = 8
    22  
    23  type rc2Cipher struct {
    24  	k [64]uint16
    25  }
    26  
    27  // New returns a new rc2 cipher with the given key and effective key length t1
    28  func New(key []byte, t1 int) (cipher.Block, error) {
    29  	// TODO(dgryski): error checking for key length
    30  	return &rc2Cipher{
    31  		k: expandKey(key, t1),
    32  	}, nil
    33  }
    34  
    35  func (*rc2Cipher) BlockSize() int { return BlockSize }
    36  
    37  var piTable = [256]byte{
    38  	0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
    39  	0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
    40  	0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
    41  	0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
    42  	0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
    43  	0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
    44  	0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
    45  	0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
    46  	0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
    47  	0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
    48  	0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
    49  	0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
    50  	0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
    51  	0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
    52  	0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
    53  	0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad,
    54  }
    55  
    56  func expandKey(key []byte, t1 int) [64]uint16 {
    57  
    58  	l := make([]byte, 128)
    59  	copy(l, key)
    60  
    61  	var t = len(key)
    62  	var t8 = (t1 + 7) / 8
    63  	var tm = byte(255 % uint(1<<(8+uint(t1)-8*uint(t8))))
    64  
    65  	for i := len(key); i < 128; i++ {
    66  		l[i] = piTable[l[i-1]+l[uint8(i-t)]]
    67  	}
    68  
    69  	l[128-t8] = piTable[l[128-t8]&tm]
    70  
    71  	for i := 127 - t8; i >= 0; i-- {
    72  		l[i] = piTable[l[i+1]^l[i+t8]]
    73  	}
    74  
    75  	var k [64]uint16
    76  
    77  	for i := range k {
    78  		k[i] = uint16(l[2*i]) + uint16(l[2*i+1])*256
    79  	}
    80  
    81  	return k
    82  }
    83  
    84  func (c *rc2Cipher) Encrypt(dst, src []byte) {
    85  
    86  	r0 := binary.LittleEndian.Uint16(src[0:])
    87  	r1 := binary.LittleEndian.Uint16(src[2:])
    88  	r2 := binary.LittleEndian.Uint16(src[4:])
    89  	r3 := binary.LittleEndian.Uint16(src[6:])
    90  
    91  	var j int
    92  
    93  	for j <= 16 {
    94  		// mix r0
    95  		r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
    96  		r0 = bits.RotateLeft16(r0, 1)
    97  		j++
    98  
    99  		// mix r1
   100  		r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
   101  		r1 = bits.RotateLeft16(r1, 2)
   102  		j++
   103  
   104  		// mix r2
   105  		r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
   106  		r2 = bits.RotateLeft16(r2, 3)
   107  		j++
   108  
   109  		// mix r3
   110  		r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
   111  		r3 = bits.RotateLeft16(r3, 5)
   112  		j++
   113  
   114  	}
   115  
   116  	r0 = r0 + c.k[r3&63]
   117  	r1 = r1 + c.k[r0&63]
   118  	r2 = r2 + c.k[r1&63]
   119  	r3 = r3 + c.k[r2&63]
   120  
   121  	for j <= 40 {
   122  		// mix r0
   123  		r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
   124  		r0 = bits.RotateLeft16(r0, 1)
   125  		j++
   126  
   127  		// mix r1
   128  		r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
   129  		r1 = bits.RotateLeft16(r1, 2)
   130  		j++
   131  
   132  		// mix r2
   133  		r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
   134  		r2 = bits.RotateLeft16(r2, 3)
   135  		j++
   136  
   137  		// mix r3
   138  		r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
   139  		r3 = bits.RotateLeft16(r3, 5)
   140  		j++
   141  
   142  	}
   143  
   144  	r0 = r0 + c.k[r3&63]
   145  	r1 = r1 + c.k[r0&63]
   146  	r2 = r2 + c.k[r1&63]
   147  	r3 = r3 + c.k[r2&63]
   148  
   149  	for j <= 60 {
   150  		// mix r0
   151  		r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
   152  		r0 = bits.RotateLeft16(r0, 1)
   153  		j++
   154  
   155  		// mix r1
   156  		r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
   157  		r1 = bits.RotateLeft16(r1, 2)
   158  		j++
   159  
   160  		// mix r2
   161  		r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
   162  		r2 = bits.RotateLeft16(r2, 3)
   163  		j++
   164  
   165  		// mix r3
   166  		r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
   167  		r3 = bits.RotateLeft16(r3, 5)
   168  		j++
   169  	}
   170  
   171  	binary.LittleEndian.PutUint16(dst[0:], r0)
   172  	binary.LittleEndian.PutUint16(dst[2:], r1)
   173  	binary.LittleEndian.PutUint16(dst[4:], r2)
   174  	binary.LittleEndian.PutUint16(dst[6:], r3)
   175  }
   176  
   177  func (c *rc2Cipher) Decrypt(dst, src []byte) {
   178  
   179  	r0 := binary.LittleEndian.Uint16(src[0:])
   180  	r1 := binary.LittleEndian.Uint16(src[2:])
   181  	r2 := binary.LittleEndian.Uint16(src[4:])
   182  	r3 := binary.LittleEndian.Uint16(src[6:])
   183  
   184  	j := 63
   185  
   186  	for j >= 44 {
   187  		// unmix r3
   188  		r3 = bits.RotateLeft16(r3, 16-5)
   189  		r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
   190  		j--
   191  
   192  		// unmix r2
   193  		r2 = bits.RotateLeft16(r2, 16-3)
   194  		r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
   195  		j--
   196  
   197  		// unmix r1
   198  		r1 = bits.RotateLeft16(r1, 16-2)
   199  		r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
   200  		j--
   201  
   202  		// unmix r0
   203  		r0 = bits.RotateLeft16(r0, 16-1)
   204  		r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
   205  		j--
   206  	}
   207  
   208  	r3 = r3 - c.k[r2&63]
   209  	r2 = r2 - c.k[r1&63]
   210  	r1 = r1 - c.k[r0&63]
   211  	r0 = r0 - c.k[r3&63]
   212  
   213  	for j >= 20 {
   214  		// unmix r3
   215  		r3 = bits.RotateLeft16(r3, 16-5)
   216  		r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
   217  		j--
   218  
   219  		// unmix r2
   220  		r2 = bits.RotateLeft16(r2, 16-3)
   221  		r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
   222  		j--
   223  
   224  		// unmix r1
   225  		r1 = bits.RotateLeft16(r1, 16-2)
   226  		r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
   227  		j--
   228  
   229  		// unmix r0
   230  		r0 = bits.RotateLeft16(r0, 16-1)
   231  		r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
   232  		j--
   233  
   234  	}
   235  
   236  	r3 = r3 - c.k[r2&63]
   237  	r2 = r2 - c.k[r1&63]
   238  	r1 = r1 - c.k[r0&63]
   239  	r0 = r0 - c.k[r3&63]
   240  
   241  	for j >= 0 {
   242  		// unmix r3
   243  		r3 = bits.RotateLeft16(r3, 16-5)
   244  		r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
   245  		j--
   246  
   247  		// unmix r2
   248  		r2 = bits.RotateLeft16(r2, 16-3)
   249  		r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
   250  		j--
   251  
   252  		// unmix r1
   253  		r1 = bits.RotateLeft16(r1, 16-2)
   254  		r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
   255  		j--
   256  
   257  		// unmix r0
   258  		r0 = bits.RotateLeft16(r0, 16-1)
   259  		r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
   260  		j--
   261  
   262  	}
   263  
   264  	binary.LittleEndian.PutUint16(dst[0:], r0)
   265  	binary.LittleEndian.PutUint16(dst[2:], r1)
   266  	binary.LittleEndian.PutUint16(dst[4:], r2)
   267  	binary.LittleEndian.PutUint16(dst[6:], r3)
   268  }
   269
View as plain text