ice_key.cpp

Go to the documentation of this file.

#ifndef ICE_KEY_IMPLEMENTATION_FILE
#define ICE_KEY_IMPLEMENTATION_FILE

/*****************************************************************************\
*                                                                             *
*  Name   : ice_key                                                           *
*  Author : Matthew Kwan                                                      *
*  Mods   : Chris Koeritz                                                     *
*                                                                             *
*******************************************************************************
* Copyright (c) 1996-$now By Author.  This program is free software; you can  *
* redistribute it and/or modify it under the terms of the GNU General Public  *
* License as published by the Free Software Foundation; either version 2 of   *
* the License or (at your option) any later version.  This is online at:      *
*     http://www.fsf.org/copyleft/gpl.html                                    *
* Please send any updates to: fred@gruntose.com                               *
\*****************************************************************************/

#include "ice_key.h"

#include <basis/byte_array.h>
#include <basis/chaos.h>
#include <basis/function.h>
#include <basis/log_base.h>
#include <basis/mutex.h>
#include <data_struct/static_memory_gremlin.h>

#include <string.h>

#undef LOG
#define LOG(s) CLASS_EMERGENCY_LOG(program_wide_logger(), s)

SAFE_STATIC(mutex, __ice_box_init_lock, )

/* Structure of a single round subkey */
class ice_subkey
{
public:
  unsigned int val[3];
};

/* The S-boxes. */
static unsigned int ice_sbox[4][1024];

/* Modulo values for the S-boxes. */
static const int ice_smod[4][4] = 
{
  {333, 313, 505, 369},
  {379, 375, 319, 391},
  {361, 445, 451, 397},
  {397, 425, 395, 505}
};

/* XOR values for the S-boxes. */
static const int ice_sxor[4][4] = 
{
  {0x83, 0x85, 0x9b, 0xcd},
  {0xcc, 0xa7, 0xad, 0x41},
  {0x4b, 0x2e, 0xd4, 0x33},
  {0xea, 0xcb, 0x2e, 0x04}
};

/* Permutation values for the P-box */
static const unsigned int ice_pbox[32] = {
    0x00000001, 0x00000080, 0x00000400, 0x00002000,
    0x00080000, 0x00200000, 0x01000000, 0x40000000,
    0x00000008, 0x00000020, 0x00000100, 0x00004000,
    0x00010000, 0x00800000, 0x04000000, 0x20000000,
    0x00000004, 0x00000010, 0x00000200, 0x00008000,
    0x00020000, 0x00400000, 0x08000000, 0x10000000,
    0x00000002, 0x00000040, 0x00000800, 0x00001000,
    0x00040000, 0x00100000, 0x02000000, 0x80000000};

/* The key rotation schedule */
static const int ice_keyrot[16] =
{
  0, 1, 2, 3, 2, 1, 3, 0,
  1, 3, 2, 0, 3, 1, 0, 2
};

ice_key::ice_key(int n, bool randomize)
: _key_set(false),
  _randomizer(new chaos),
  _randomize(randomize)
{
  initialize_ice_sboxes();
  if (n < 1) n = 1;  // minimum "n" is one, so reset if it's too low.
  _size = n;
  _rounds = n * 16;
  _keysched = new ice_subkey[_rounds];
}

ice_key::~ice_key()
{
  int i, j;

  for (i = 0; i < _rounds; i++)
    for (j = 0; j < 3; j++)
      _keysched[i].val[j] = 0;

  _rounds = _size = 0;

  delete [] _keysched;

  WHACK(_randomizer);
}

// 8-bit Galois Field multiplication of a by b, modulo m.  Just like arithmetic
// multiplication, except that additions and subtractions are replaced by XOR.
static int gf_mult(register int a, register int b, register int m)
{
  register int res = 0;

  while (b) {
    if (b & 1) res ^= a;

    a <<= 1;
    b >>= 1;

    if (a >= 256) a ^= m;
  }

  return res;
}

// Galois Field exponentiation.  Raise the base to the power of 7, modulo m.
static int gf_exp7(register int b, int m)
{
  register int x;

  if (b == 0) return 0;

  x = gf_mult(b, b, m);
  x = gf_mult(b, x, m);
  x = gf_mult(x, x, m);
  return gf_mult(b, x, m);
}

// Carry out the ICE 32-bit P-box permutation.
static unsigned int ice_perm32(register unsigned int x)
{
  register unsigned int res = 0;
  register const unsigned int *pbox = ice_pbox;

  while (x) {
    if (x & 1) res |= *pbox;
    pbox++;
    x >>= 1;
  }

  return res;
}

void ice_key::initialize_ice_sboxes()
{
  auto_synchronizer l(__ice_box_init_lock());
    // ensure that we don't allow our static blobs to be scrambled by
    // multiple threads hitting the following code at the same time.
  static bool ice_sboxes_initialized = false;
    // if we haven't done it before, then we need to do it.  otherwise we do
    // nothing.
  if (ice_sboxes_initialized) return;  // get out if we already did it.

  register int i;
  for (i = 0; i < 1024; i++) {
    int col = (i >> 1) & 0xff;
    int row = (i & 0x1) | ((i & 0x200) >> 8);
    unsigned int x;

    x = gf_exp7(col ^ ice_sxor[0][row], ice_smod[0][row]) << 24;
    ice_sbox[0][i] = ice_perm32(x);

    x = gf_exp7(col ^ ice_sxor[1][row], ice_smod[1][row]) << 16;
    ice_sbox[1][i] = ice_perm32(x);

    x = gf_exp7(col ^ ice_sxor[2][row], ice_smod[2][row]) << 8;
    ice_sbox[2][i] = ice_perm32(x);

    x = gf_exp7(col ^ ice_sxor[3][row], ice_smod[3][row]);
    ice_sbox[3][i] = ice_perm32(x);
  }

  ice_sboxes_initialized = true;  // now record we've done it.
}

// The single round ICE f function.
static unsigned int ice_f(register unsigned int p, const ice_subkey *sk)
{
  unsigned int tl, tr;    /* Expanded 40-bit values */
  unsigned int al, ar;    /* Salted expanded 40-bit values */

  /* Left half expansion */
  tl = ((p >> 16) & 0x3ff) | (((p >> 14) | (p << 18)) & 0xffc00);

  /* Right half expansion */
  tr = (p & 0x3ff) | ((p << 2) & 0xffc00);

  /* Perform the salt permutation */
  // al = (tr & sk->val[2]) | (tl & ~sk->val[2]);
  // ar = (tl & sk->val[2]) | (tr & ~sk->val[2]);
  al = sk->val[2] & (tl ^ tr);
  ar = al ^ tr;
  al ^= tl;

  al ^= sk->val[0];    /* XOR with the subkey */
  ar ^= sk->val[1];

  /* S-box lookup and permutation */
  return ice_sbox[0][al >> 10] | ice_sbox[1][al & 0x3ff]
      | ice_sbox[2][ar >> 10] | ice_sbox[3][ar & 0x3ff];
}

byte_array ice_key::int_to_bytes(u_int to_encode) const
{
  byte_array to_return;
  for (int i = 0; i < 4; i++) {
    to_return += to_encode % 0x100;
    to_encode = to_encode >> 8;
  }
  return to_return;
}

u_int ice_key::bytes_to_int(const byte_array &to_decode) const
{
  u_int to_return = 0;
  for (int i = 3; i >= 0; i--) {
    to_return = to_return << 8;
    to_return += to_decode[i];
  }
  return to_return;
}

bool ice_key::encrypt(const byte_array &ptext, byte_array &ctext) const
{
  ctext.reset();
  if (!_key_set) return false;
  if (!ptext.length()) return false;
  byte_array to_encode(int_to_bytes(u_int(ptext.length())));
  to_encode += ptext;
  // check whether the length is divisible by eight.  if not, pad the array.
  int leftover = to_encode.length() % 8;
  if (leftover) {
    for (int i = 0; i < 8 - leftover; i++) {
      if (_randomize)
        to_encode += byte(_randomizer->inclusive(0, 255));
      else
        to_encode += 0;
    }
  }
  ctext.reset(to_encode.length());
  for (int i = 0; i < to_encode.length(); i += 8) {
    code_granule eight_in;
    code_granule eight_out;
    memory_assign(eight_in, &to_encode[i], 8);
    encrypt_eight(eight_in, eight_out);
    ctext.overwrite(i, byte_array(8, eight_out), 8);
  }
  return true;
}

bool ice_key::decrypt(const byte_array &ctext, byte_array &ptext) const
{
  ptext.reset();
  if (!_key_set) return false;
  if (!ctext.length()) return false;
  byte_array decoded(ctext.length());
  for (int i = 0; i < ctext.length(); i += 8) {
    code_granule eight_in;
    code_granule eight_out;
    int j;
    for (j = 0; j < 8; j++) {
      eight_in[j] = (i + j < ctext.length())? ctext[i + j] : 0;
    }

    decrypt_eight(eight_in, eight_out);
    decoded.overwrite(i, byte_array(8, eight_out), 8);
  }

  // now reclaim the original length.
  byte_array length_bytes = decoded.subarray(0, 3);
  decoded.zap(0, 3);
  int original_length = int(bytes_to_int(length_bytes));
  if (original_length != decoded.length())
    decoded.zap(original_length, decoded.length() - 1);
  ptext = decoded;
  return true;
}

void ice_key::encrypt_eight(const code_granule &ptext,
    code_granule &ctext) const
{
  register int i;
  register unsigned int l, r;

  l = (ptext[0] << 24) | (ptext[1] << 16) | (ptext[2] << 8) | ptext[3];
  r = (ptext[4] << 24) | (ptext[5] << 16) | (ptext[6] << 8) | ptext[7];

  for (i = 0; i < _rounds; i += 2) {
    l ^= ice_f(r, &_keysched[i]);
    r ^= ice_f(l, &_keysched[i + 1]);
  }

  for (i = 0; i < 4; i++) {
    ctext[3 - i] = byte(r & 0xff);
    ctext[7 - i] = byte(l & 0xff);

    r >>= 8;
    l >>= 8;
  }
}

void ice_key::decrypt_eight(const code_granule &ctext,
    code_granule &ptext) const
{
  register int i;
  register unsigned int l, r;

  l = (ctext[0] << 24) | (ctext[1] << 16) | (ctext[2] << 8) | ctext[3];
  r = (ctext[4] << 24) | (ctext[5] << 16) | (ctext[6] << 8) | ctext[7];

  for (i = _rounds - 1; i > 0; i -= 2) {
    l ^= ice_f(r, &_keysched[i]);
    r ^= ice_f(l, &_keysched[i - 1]);
  }

  for (i = 0; i < 4; i++) {
    ptext[3 - i] = byte(r & 0xff);
    ptext[7 - i] = byte(l & 0xff);

    r >>= 8;
    l >>= 8;
  }
}

void ice_key::schedule_build(u_short *kb, int n, const int *keyrot)
{
  int i;

  for (i = 0; i < 8; i++) {
    register int j;
    register int kr = keyrot[i];
    ice_subkey *isk = &_keysched[n + i];

    for (j = 0; j < 3; j++) isk->val[j] = 0;

    for (j = 0; j < 15; j++) {
      register int k;
      unsigned int *curr_sk = &isk->val[j % 3];

      for (k = 0; k < 4; k++) {
        unsigned short *curr_kb = &kb[(kr + k) & 3];
        register int bit = *curr_kb & 1;

        *curr_sk = (*curr_sk << 1) | bit;
        *curr_kb = (*curr_kb >> 1) | ((bit ^ 1) << 15);
      }
    }
  }
}

bool ice_key::set(const byte_array &key)
{
  FUNCDEF("set");
  int i;
  if (key.length() != _size * 8) {
    LOG("failure in key size; it is not the block size times 8.");
    return false;
  }

  _key_set = true;

  if (_rounds == 8) {
    unsigned short kb[4];

    for (i = 0; i < 4; i++)
      kb[3 - i] = (key[i*2] << 8) | key[i*2 + 1];

    schedule_build(kb, 0, ice_keyrot);
    return true;
  }

  for (i = 0; i < _size; i++) {
    int j;
    unsigned short kb[4];

    for (j = 0; j < 4; j++)
      kb[3 - j] = (key[i*8 + j*2] << 8) | key[i*8 + j*2 + 1];

    schedule_build(kb, i*8, ice_keyrot);
    schedule_build(kb, _rounds - 8 - i*8, &ice_keyrot[8]);
  }
  return true;
}


#endif //ICE_KEY_IMPLEMENTATION_FILE

---