16#define WordType word32
18#define BYTES_PER_ITERATION 16
20#define RABBIT_OUTPUT(x){\
21 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, (m_wx[0] ^ (m_wx[5] >> 16) ^ (m_wx[3] << 16)));\
22 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, (m_wx[2] ^ (m_wx[7] >> 16) ^ (m_wx[5] << 16)));\
23 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, (m_wx[4] ^ (m_wx[1] >> 16) ^ (m_wx[7] << 16)));\
24 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, (m_wx[6] ^ (m_wx[3] >> 16) ^ (m_wx[1] << 16)));}
26ANONYMOUS_NAMESPACE_BEGIN
28using CryptoPP::word32;
29using CryptoPP::word64;
30using CryptoPP::rotlConstant;
43 h = (((
static_cast<word32>(a*a) >> 17U) +
static_cast<word32>(a*b)) >> 15U) + b*b;
47 return static_cast<word32>(h^l);
53 return static_cast<word32>((z >> 32) ^ z);
66 c[0] =
static_cast<word32>(c[0] + 0x4D34D34D + carry);
67 c[1] =
static_cast<word32>(c[1] + 0xD34D34D3 + (c[0] < c_old[0]));
68 c[2] =
static_cast<word32>(c[2] + 0x34D34D34 + (c[1] < c_old[1]));
69 c[3] =
static_cast<word32>(c[3] + 0x4D34D34D + (c[2] < c_old[2]));
70 c[4] =
static_cast<word32>(c[4] + 0xD34D34D3 + (c[3] < c_old[3]));
71 c[5] =
static_cast<word32>(c[5] + 0x34D34D34 + (c[4] < c_old[4]));
72 c[6] =
static_cast<word32>(c[6] + 0x4D34D34D + (c[5] < c_old[5]));
73 c[7] =
static_cast<word32>(c[7] + 0xD34D34D3 + (c[6] < c_old[6]));
74 carry = (c[7] < c_old[7]);
78 g[i] = G_func(
static_cast<word32>(x[i] + c[i]));
81 x[0] =
static_cast<word32>(g[0] + rotlConstant<16>(g[7]) + rotlConstant<16>(g[6]));
82 x[1] =
static_cast<word32>(g[1] + rotlConstant<8>(g[0]) + g[7]);
83 x[2] =
static_cast<word32>(g[2] + rotlConstant<16>(g[1]) + rotlConstant<16>(g[0]));
84 x[3] =
static_cast<word32>(g[3] + rotlConstant<8>(g[2]) + g[1]);
85 x[4] =
static_cast<word32>(g[4] + rotlConstant<16>(g[3]) + rotlConstant<16>(g[2]));
86 x[5] =
static_cast<word32>(g[5] + rotlConstant<8>(g[4]) + g[3]);
87 x[6] =
static_cast<word32>(g[6] + rotlConstant<16>(g[5]) + rotlConstant<16>(g[4]));
88 x[7] =
static_cast<word32>(g[7] + rotlConstant<8>(g[6]) + g[5]);
93ANONYMOUS_NAMESPACE_END
97void RabbitPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
100 CRYPTOPP_UNUSED(params);
108 m_mx[1] =
static_cast<word32>(m_t[3] << 16) | (m_t[2] >> 16);
109 m_mx[3] =
static_cast<word32>(m_t[0] << 16) | (m_t[3] >> 16);
110 m_mx[5] =
static_cast<word32>(m_t[1] << 16) | (m_t[0] >> 16);
111 m_mx[7] =
static_cast<word32>(m_t[2] << 16) | (m_t[1] >> 16);
114 m_mc[0] = rotlConstant<16>(m_t[2]);
115 m_mc[2] = rotlConstant<16>(m_t[3]);
116 m_mc[4] = rotlConstant<16>(m_t[0]);
117 m_mc[6] = rotlConstant<16>(m_t[1]);
118 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
119 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
120 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
121 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
127 for (
size_t i = 0; i<4; i++)
128 m_mcy = NextState(m_mc, m_mx, m_mcy);
131 for (
size_t i = 0; i<8; i++)
132 m_mc[i] ^= m_mx[(i + 4) & 0x7];
135 for (
size_t i = 0; i<8; i++)
143void RabbitPolicy::OperateKeystream(
KeystreamOperation operation,
byte *output,
const byte *input,
size_t iterationCount)
148 m_wcy = NextState(m_wc, m_wx, m_wcy);
152 }
while (--iterationCount);
155void RabbitWithIVPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
158 CRYPTOPP_UNUSED(params);
166 m_mx[1] =
static_cast<word32>(m_t[3] << 16) | (m_t[2] >> 16);
167 m_mx[3] =
static_cast<word32>(m_t[0] << 16) | (m_t[3] >> 16);
168 m_mx[5] =
static_cast<word32>(m_t[1] << 16) | (m_t[0] >> 16);
169 m_mx[7] =
static_cast<word32>(m_t[2] << 16) | (m_t[1] >> 16);
172 m_mc[0] = rotlConstant<16>(m_t[2]);
173 m_mc[2] = rotlConstant<16>(m_t[3]);
174 m_mc[4] = rotlConstant<16>(m_t[0]);
175 m_mc[6] = rotlConstant<16>(m_t[1]);
176 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
177 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
178 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
179 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
185 for (
size_t i = 0; i<4; i++)
186 m_mcy = NextState(m_mc, m_mx, m_mcy);
189 for (
size_t i = 0; i<8; i++)
190 m_mc[i] ^= m_mx[(i + 4) & 0x7];
193 for (
size_t i = 0; i<8; i++)
201void RabbitWithIVPolicy::CipherResynchronize(
byte *keystreamBuffer,
const byte *iv,
size_t length)
203 CRYPTOPP_UNUSED(keystreamBuffer);
204 CRYPTOPP_UNUSED(length);
209 m_t[1] = (m_t[0] >> 16) | (m_t[2] & 0xFFFF0000);
210 m_t[3] = (m_t[2] << 16) | (m_t[0] & 0x0000FFFF);
213 m_wc[0] = m_mc[0] ^ m_t[0];
214 m_wc[1] = m_mc[1] ^ m_t[1];
215 m_wc[2] = m_mc[2] ^ m_t[2];
216 m_wc[3] = m_mc[3] ^ m_t[3];
217 m_wc[4] = m_mc[4] ^ m_t[0];
218 m_wc[5] = m_mc[5] ^ m_t[1];
219 m_wc[6] = m_mc[6] ^ m_t[2];
220 m_wc[7] = m_mc[7] ^ m_t[3];
223 for (
size_t i = 0; i<8; i++)
228 for (
size_t i = 0; i<4; i++)
229 m_wcy = NextState(m_wc, m_wx, m_wcy);
232void RabbitWithIVPolicy::OperateKeystream(
KeystreamOperation operation,
byte *output,
const byte *input,
size_t iterationCount)
237 m_wcy = NextState(m_wc, m_wx, m_wcy);
241 }
while (--iterationCount);
Access a block of memory.
Interface for retrieving values given their names.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Library configuration file.
unsigned int word32
32-bit unsigned datatype
unsigned long long word64
64-bit unsigned datatype
@ LITTLE_ENDIAN_ORDER
byte order is little-endian
Utility functions for the Crypto++ library.
void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen)
Copy bytes in a buffer to an array of elements in big-endian order.
Crypto++ library namespace.
Classes for Rabbit stream cipher.
Classes and functions for secure memory allocations.
Classes for implementing stream ciphers.
#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)
Helper macro to implement OperateKeystream.
KeystreamOperation
Keystream operation flags.
static const int BYTES_PER_ITERATION
Number of bytes for an iteration.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.