1 /********************************************************************\
\r
3 * C specification of the threeway block cipher *
\r
5 \********************************************************************/
\r
6 /*file i/o main function by Pate Williams 1996*/
\r
13 #define STRT_E 0x0b0b /* round constant of first encryption round */
\r
14 #define STRT_D 0xb1b1 /* round constant of first decryption round */
\r
15 #define NMBR 11 /* number of rounds is 11 */
\r
17 #define BLK_SIZE 12 /*number of bytes per block*/
\r
19 typedef unsigned long int word32 ;
\r
20 /* the program only works correctly if long = 32bits */
\r
22 void mu(word32 *a) /* inverts the order of the bits of a */
\r
27 b[0] = b[1] = b[2] = 0 ;
\r
28 for( i=0 ; i<32 ; i++ )
\r
30 b[0] <<= 1 ; b[1] <<= 1 ; b[2] <<= 1 ;
\r
31 if(a[0]&1) b[2] |= 1 ;
\r
32 if(a[1]&1) b[1] |= 1 ;
\r
33 if(a[2]&1) b[0] |= 1 ;
\r
34 a[0] >>= 1 ; a[1] >>= 1 ; a[2] >>= 1 ;
\r
37 a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
\r
40 void gamma(word32 *a) /* the nonlinear step */
\r
44 b[0] = a[0] ^ (a[1]|(~a[2])) ;
\r
45 b[1] = a[1] ^ (a[2]|(~a[0])) ;
\r
46 b[2] = a[2] ^ (a[0]|(~a[1])) ;
\r
48 a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
\r
51 void theta(word32 *a) /* the linear step */
\r
55 b[0] = a[0] ^ (a[0]>>16) ^ (a[1]<<16) ^ (a[1]>>16) ^ (a[2]<<16) ^
\r
56 (a[1]>>24) ^ (a[2]<<8) ^ (a[2]>>8) ^ (a[0]<<24) ^
\r
57 (a[2]>>16) ^ (a[0]<<16) ^ (a[2]>>24) ^ (a[0]<<8) ;
\r
58 b[1] = a[1] ^ (a[1]>>16) ^ (a[2]<<16) ^ (a[2]>>16) ^ (a[0]<<16) ^
\r
59 (a[2]>>24) ^ (a[0]<<8) ^ (a[0]>>8) ^ (a[1]<<24) ^
\r
60 (a[0]>>16) ^ (a[1]<<16) ^ (a[0]>>24) ^ (a[1]<<8) ;
\r
61 b[2] = a[2] ^ (a[2]>>16) ^ (a[0]<<16) ^ (a[0]>>16) ^ (a[1]<<16) ^
\r
62 (a[0]>>24) ^ (a[1]<<8) ^ (a[1]>>8) ^ (a[2]<<24) ^
\r
63 (a[1]>>16) ^ (a[2]<<16) ^ (a[1]>>24) ^ (a[2]<<8) ;
\r
65 a[0] = b[0] ; a[1] = b[1] ; a[2] = b[2] ;
\r
68 void pi_1(word32 *a)
\r
70 a[0] = (a[0]>>10) ^ (a[0]<<22);
\r
71 a[2] = (a[2]<<1) ^ (a[2]>>31);
\r
74 void pi_2(word32 *a)
\r
76 a[0] = (a[0]<<1) ^ (a[0]>>31);
\r
77 a[2] = (a[2]>>10) ^ (a[2]<<22);
\r
80 void rho(word32 *a) /* the round function */
\r
88 void rndcon_gen(word32 strt,word32 *rtab)
\r
89 { /* generates the round constants */
\r
92 for(i=0 ; i<=NMBR ; i++ )
\r
96 if( strt&0x10000 ) strt ^= 0x11011 ;
\r
100 void encrypt(word32 *a, word32 *k)
\r
103 word32 rcon[NMBR+1] ;
\r
105 rndcon_gen(STRT_E,rcon) ;
\r
106 for( i=0 ; i<NMBR ; i++ )
\r
108 a[0] ^= k[0] ^ (rcon[i]<<16) ;
\r
110 a[2] ^= k[2] ^ rcon[i] ;
\r
113 a[0] ^= k[0] ^ (rcon[NMBR]<<16) ;
\r
115 a[2] ^= k[2] ^ rcon[NMBR] ;
\r
119 void decrypt(word32 *a, word32 *k)
\r
122 word32 ki[3] ; /* the `inverse' key */
\r
123 word32 rcon[NMBR+1] ; /* the `inverse' round constants */
\r
125 ki[0] = k[0] ; ki[1] = k[1] ; ki[2] = k[2] ;
\r
129 rndcon_gen(STRT_D,rcon) ;
\r
132 for( i=0 ; i<NMBR ; i++ )
\r
134 a[0] ^= ki[0] ^ (rcon[i]<<16) ;
\r
136 a[2] ^= ki[2] ^ rcon[i] ;
\r
139 a[0] ^= ki[0] ^ (rcon[NMBR]<<16) ;
\r
141 a[2] ^= ki[2] ^ rcon[NMBR] ;
\r