From 4b0796be76e243a920844104385f2073e1375030 Mon Sep 17 00:00:00 2001 From: LegionMammal978 Date: Thu, 14 Sep 2023 23:48:31 -0400 Subject: [PATCH 1/2] cast6: initial crate --- Cargo.lock | 8 ++ Cargo.toml | 1 + cast6/CHANGELOG.md | 9 ++ cast6/Cargo.toml | 27 ++++ cast6/LICENSE-APACHE | 201 +++++++++++++++++++++++++++ cast6/LICENSE-MIT | 26 ++++ cast6/README.md | 71 ++++++++++ cast6/benches/mod.rs | 8 ++ cast6/src/consts.rs | 173 +++++++++++++++++++++++ cast6/src/lib.rs | 318 +++++++++++++++++++++++++++++++++++++++++++ cast6/tests/mod.rs | 36 +++++ 11 files changed, 878 insertions(+) create mode 100644 cast6/CHANGELOG.md create mode 100644 cast6/Cargo.toml create mode 100644 cast6/LICENSE-APACHE create mode 100644 cast6/LICENSE-MIT create mode 100644 cast6/README.md create mode 100644 cast6/benches/mod.rs create mode 100644 cast6/src/consts.rs create mode 100644 cast6/src/lib.rs create mode 100644 cast6/tests/mod.rs diff --git a/Cargo.lock b/Cargo.lock index f08334a8..b91bf989 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -65,6 +65,14 @@ dependencies = [ "hex-literal", ] +[[package]] +name = "cast6" +version = "0.1.0" +dependencies = [ + "cipher", + "hex-literal", +] + [[package]] name = "cfg-if" version = "1.0.0" diff --git a/Cargo.toml b/Cargo.toml index 3b016b31..5e9042a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,6 +6,7 @@ members = [ "blowfish", "camellia", "cast5", + "cast6", "des", "idea", "kuznyechik", diff --git a/cast6/CHANGELOG.md b/cast6/CHANGELOG.md new file mode 100644 index 00000000..ff5c587e --- /dev/null +++ b/cast6/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## 0.1.0 (2023-09-14) +- Initial release diff --git a/cast6/Cargo.toml b/cast6/Cargo.toml new file mode 100644 index 00000000..05883feb --- /dev/null +++ b/cast6/Cargo.toml @@ -0,0 +1,27 @@ +[package] +name = "cast6" +version = "0.1.0" +description = "CAST6 block cipher" +authors = ["RustCrypto Developers"] +license = "MIT OR Apache-2.0" +edition = "2021" +rust-version = "1.56" +readme = "README.md" +documentation = "https://docs.rs/cast6" +repository = "https://github.com/RustCrypto/block-ciphers" +keywords = ["crypto", "cast6", "block-cipher"] +categories = ["cryptography", "no-std"] + +[dependencies] +cipher = "0.4.3" + +[dev-dependencies] +cipher = { version = "0.4.3", features = ["dev"] } +hex-literal = "0.3" + +[features] +zeroize = ["cipher/zeroize"] + +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] diff --git a/cast6/LICENSE-APACHE b/cast6/LICENSE-APACHE new file mode 100644 index 00000000..78173fa2 --- /dev/null +++ b/cast6/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cast6/LICENSE-MIT b/cast6/LICENSE-MIT new file mode 100644 index 00000000..09e1c41e --- /dev/null +++ b/cast6/LICENSE-MIT @@ -0,0 +1,26 @@ +Copyright (c) 2018-2019 Friedel Ziegelmayer +Copyright (c) 2018-2023 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/cast6/README.md b/cast6/README.md new file mode 100644 index 00000000..3cdcddea --- /dev/null +++ b/cast6/README.md @@ -0,0 +1,71 @@ +# RustCrypto: CAST6 Cipher + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +[![Project Chat][chat-image]][chat-link] +[![Build Status][build-image]][build-link] +[![HAZMAT][hazmat-image]][hazmat-link] + +Pure Rust implementation of the [CAST6 block cipher][1]. + +[Documentation][docs-link] + +## ⚠️ Security Warning: [Hazmat!][hazmat-link] + +This crate does not ensure ciphertexts are authentic (i.e. by using a MAC to +verify ciphertext integrity), which can lead to serious vulnerabilities +if used incorrectly! + +No security audits of this crate have ever been performed, and it has not been +thoroughly assessed to ensure its operation is constant-time on common CPU +architectures. + +USE AT YOUR OWN RISK! + +## Minimum Supported Rust Version + +Rust **1.56** or higher. + +Minimum supported Rust version can be changed in the future, but it will be +done with a minor version bump. + +## SemVer Policy + +- All on-by-default features of this library are covered by SemVer +- MSRV is considered exempt from SemVer as noted above + +## License + +Licensed under either of: + + * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) + * [MIT license](http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in the work by you, as defined in the Apache-2.0 license, shall be +dual licensed as above, without any additional terms or conditions. + +[//]: # (badges) + +[crate-image]: https://img.shields.io/crates/v/cast6.svg +[crate-link]: https://crates.io/crates/cast6 +[docs-image]: https://docs.rs/cast6/badge.svg +[docs-link]: https://docs.rs/cast6/ +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg +[hazmat-image]: https://img.shields.io/badge/crypto-hazmat%E2%9A%A0-red.svg +[hazmat-link]: https://github.com/RustCrypto/meta/blob/master/HAZMAT.md +[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg +[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260039-block-ciphers +[build-image]: https://github.com/RustCrypto/block-ciphers/workflows/cast6/badge.svg?branch=master&event=push +[build-link]: https://github.com/RustCrypto/block-ciphers/actions?query=workflow%3Acast6 + +[//]: # (general links) + +[1]: https://en.wikipedia.org/wiki/CAST-256 diff --git a/cast6/benches/mod.rs b/cast6/benches/mod.rs new file mode 100644 index 00000000..d3f66f70 --- /dev/null +++ b/cast6/benches/mod.rs @@ -0,0 +1,8 @@ +#![feature(test)] +extern crate test; + +use cast6::Cast6; +use cipher::{block_decryptor_bench, block_encryptor_bench}; + +block_encryptor_bench!(Key: Cast6, cast6_encrypt_block, cast6_encrypt_blocks); +block_decryptor_bench!(Key: Cast6, cast6_decrypt_block, cast6_decrypt_blocks); diff --git a/cast6/src/consts.rs b/cast6/src/consts.rs new file mode 100644 index 00000000..bbcbc082 --- /dev/null +++ b/cast6/src/consts.rs @@ -0,0 +1,173 @@ +#![allow(clippy::unreadable_literal)] + +pub const S1: [u32; 256] = [ + 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, + 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, + 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, + 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, + 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, + 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, + 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, + 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, + 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, + 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, + 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, + 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, + 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, + 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, + 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, + 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, + 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, + 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, + 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, + 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, + 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, + 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, + 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, + 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, + 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, + 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, + 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, + 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, + 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, + 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, + 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, + 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf, +]; + +pub const S2: [u32; 256] = [ + 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, + 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, + 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, + 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, + 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, + 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, + 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, + 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, + 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, + 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, + 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, + 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, + 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, + 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, + 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, + 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, + 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, + 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, + 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, + 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, + 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, + 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, + 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, + 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, + 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, + 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, + 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, + 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, + 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, + 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, + 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, + 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1, +]; + +pub const S3: [u32; 256] = [ + 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, + 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, + 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, + 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, + 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, + 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, + 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, + 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, + 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, + 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, + 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, + 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, + 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, + 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, + 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, + 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, + 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, + 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, + 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, + 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, + 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, + 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, + 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, + 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, + 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, + 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, + 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, + 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, + 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, + 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, + 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, + 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783, +]; + +pub const S4: [u32; 256] = [ + 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, + 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, + 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, + 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, + 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, + 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, + 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, + 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, + 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, + 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, + 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, + 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, + 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, + 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, + 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, + 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, + 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, + 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, + 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, + 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, + 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, + 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, + 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, + 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, + 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, + 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, + 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, + 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, + 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, + 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, + 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, + 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2, +]; + +pub const TM: [u32; 192] = [ + 0x5a827999, 0xc95c653a, 0x383650db, 0xa7103c7c, 0x15ea281d, 0x84c413be, 0xf39dff5f, 0x6277eb00, + 0xd151d6a1, 0x402bc242, 0xaf05ade3, 0x1ddf9984, 0x8cb98525, 0xfb9370c6, 0x6a6d5c67, 0xd9474808, + 0x482133a9, 0xb6fb1f4a, 0x25d50aeb, 0x94aef68c, 0x0388e22d, 0x7262cdce, 0xe13cb96f, 0x5016a510, + 0xbef090b1, 0x2dca7c52, 0x9ca467f3, 0x0b7e5394, 0x7a583f35, 0xe9322ad6, 0x580c1677, 0xc6e60218, + 0x35bfedb9, 0xa499d95a, 0x1373c4fb, 0x824db09c, 0xf1279c3d, 0x600187de, 0xcedb737f, 0x3db55f20, + 0xac8f4ac1, 0x1b693662, 0x8a432203, 0xf91d0da4, 0x67f6f945, 0xd6d0e4e6, 0x45aad087, 0xb484bc28, + 0x235ea7c9, 0x9238936a, 0x01127f0b, 0x6fec6aac, 0xdec6564d, 0x4da041ee, 0xbc7a2d8f, 0x2b541930, + 0x9a2e04d1, 0x0907f072, 0x77e1dc13, 0xe6bbc7b4, 0x5595b355, 0xc46f9ef6, 0x33498a97, 0xa2237638, + 0x10fd61d9, 0x7fd74d7a, 0xeeb1391b, 0x5d8b24bc, 0xcc65105d, 0x3b3efbfe, 0xaa18e79f, 0x18f2d340, + 0x87ccbee1, 0xf6a6aa82, 0x65809623, 0xd45a81c4, 0x43346d65, 0xb20e5906, 0x20e844a7, 0x8fc23048, + 0xfe9c1be9, 0x6d76078a, 0xdc4ff32b, 0x4b29decc, 0xba03ca6d, 0x28ddb60e, 0x97b7a1af, 0x06918d50, + 0x756b78f1, 0xe4456492, 0x531f5033, 0xc1f93bd4, 0x30d32775, 0x9fad1316, 0x0e86feb7, 0x7d60ea58, + 0xec3ad5f9, 0x5b14c19a, 0xc9eead3b, 0x38c898dc, 0xa7a2847d, 0x167c701e, 0x85565bbf, 0xf4304760, + 0x630a3301, 0xd1e41ea2, 0x40be0a43, 0xaf97f5e4, 0x1e71e185, 0x8d4bcd26, 0xfc25b8c7, 0x6affa468, + 0xd9d99009, 0x48b37baa, 0xb78d674b, 0x266752ec, 0x95413e8d, 0x041b2a2e, 0x72f515cf, 0xe1cf0170, + 0x50a8ed11, 0xbf82d8b2, 0x2e5cc453, 0x9d36aff4, 0x0c109b95, 0x7aea8736, 0xe9c472d7, 0x589e5e78, + 0xc7784a19, 0x365235ba, 0xa52c215b, 0x14060cfc, 0x82dff89d, 0xf1b9e43e, 0x6093cfdf, 0xcf6dbb80, + 0x3e47a721, 0xad2192c2, 0x1bfb7e63, 0x8ad56a04, 0xf9af55a5, 0x68894146, 0xd7632ce7, 0x463d1888, + 0xb5170429, 0x23f0efca, 0x92cadb6b, 0x01a4c70c, 0x707eb2ad, 0xdf589e4e, 0x4e3289ef, 0xbd0c7590, + 0x2be66131, 0x9ac04cd2, 0x099a3873, 0x78742414, 0xe74e0fb5, 0x5627fb56, 0xc501e6f7, 0x33dbd298, + 0xa2b5be39, 0x118fa9da, 0x8069957b, 0xef43811c, 0x5e1d6cbd, 0xccf7585e, 0x3bd143ff, 0xaaab2fa0, + 0x19851b41, 0x885f06e2, 0xf738f283, 0x6612de24, 0xd4ecc9c5, 0x43c6b566, 0xb2a0a107, 0x217a8ca8, + 0x90547849, 0xff2e63ea, 0x6e084f8b, 0xdce23b2c, 0x4bbc26cd, 0xba96126e, 0x296ffe0f, 0x9849e9b0, + 0x0723d551, 0x75fdc0f2, 0xe4d7ac93, 0x53b19834, 0xc28b83d5, 0x31656f76, 0xa03f5b17, 0x0f1946b8, +]; + +pub const TR: [u8; 32] = [ + 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0a, 0x1b, 0x0c, 0x1d, 0x0e, 0x1f, 0x10, 0x01, 0x12, + 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1a, 0x0b, 0x1c, 0x0d, 0x1e, 0x0f, 0x00, 0x11, 0x02, +]; diff --git a/cast6/src/lib.rs b/cast6/src/lib.rs new file mode 100644 index 00000000..e4adbaf7 --- /dev/null +++ b/cast6/src/lib.rs @@ -0,0 +1,318 @@ +//! Pure Rust implementation of the [CAST6] block cipher ([RFC 2612]). +//! +//! # ⚠️ Security Warning: Hazmat! +//! +//! This crate implements only the low-level block cipher function, and is intended +//! for use for implementing higher-level constructions *only*. It is NOT +//! intended for direct use in applications. +//! +//! USE AT YOUR OWN RISK! +//! +//! # Examples +//! ``` +//! use cast6::cipher::generic_array::GenericArray; +//! use cast6::cipher::{Key, Block, BlockEncrypt, BlockDecrypt, KeyInit}; +//! use cast6::Cast6; +//! +//! let key = GenericArray::from([0u8; 32]); +//! let mut block = GenericArray::from([0u8; 16]); +//! // Initialize cipher +//! let cipher = Cast6::new(&key); +//! +//! let block_copy = block.clone(); +//! // Encrypt block in-place +//! cipher.encrypt_block(&mut block); +//! // And decrypt it back +//! cipher.decrypt_block(&mut block); +//! assert_eq!(block, block_copy); +//! ``` +//! +//! [CAST6]: https://en.wikipedia.org/wiki/CAST-256 +//! [RFC 2612]: https://tools.ietf.org/html/rfc2612 + +#![no_std] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg" +)] +#![deny(unsafe_code)] +#![cfg_attr(docsrs, feature(doc_cfg))] +#![warn(missing_docs, rust_2018_idioms)] + +pub use cipher; + +mod consts; + +use cipher::{ + consts::{U16, U32}, + AlgorithmName, BlockCipher, InvalidLength, Key, KeyInit, KeySizeUser, +}; +use core::fmt; + +#[cfg(feature = "zeroize")] +use cipher::zeroize::{Zeroize, ZeroizeOnDrop}; + +use consts::{S1, S2, S3, S4, TM, TR}; + +/// The CAST6 block cipher. +#[derive(Clone)] +pub struct Cast6 { + masking: [[u32; 4]; 12], + rotate: [[u8; 4]; 12], +} + +impl Cast6 { + fn init_state() -> Cast6 { + Cast6 { + masking: [[0u32; 4]; 12], + rotate: [[0u8; 4]; 12], + } + } + + /// Implements the key schedule according to RFC 2612 2.4. + /// https://tools.ietf.org/html/rfc2612#section-2.4 + fn key_schedule(&mut self, key: &[u8]) { + let mut kappa = [ + u32::from_be_bytes(key[0..4].try_into().unwrap()), + u32::from_be_bytes(key[4..8].try_into().unwrap()), + u32::from_be_bytes(key[8..12].try_into().unwrap()), + u32::from_be_bytes(key[12..16].try_into().unwrap()), + u32::from_be_bytes(key[16..20].try_into().unwrap()), + u32::from_be_bytes(key[20..24].try_into().unwrap()), + u32::from_be_bytes(key[24..28].try_into().unwrap()), + u32::from_be_bytes(key[28..32].try_into().unwrap()), + ]; + + for i in 0..12 { + let m = &TM[(i * 16)..(i * 16 + 8)]; + let r = &TR[((i % 2) * 16)..((i % 2) * 16 + 8)]; + forward_octave(&mut kappa, m, r); + + let m = &TM[(i * 16 + 8)..(i * 16 + 16)]; + let r = &TR[((i % 2) * 16 + 8)..((i % 2) * 16 + 16)]; + forward_octave(&mut kappa, m, r); + + let [a, b, c, d, e, f, g, h] = kappa; + self.masking[i] = [h, f, d, b]; + + self.rotate[i][0] = (a & 0x1f) as u8; + self.rotate[i][1] = (c & 0x1f) as u8; + self.rotate[i][2] = (e & 0x1f) as u8; + self.rotate[i][3] = (g & 0x1f) as u8; + } + } +} + +macro_rules! f1 { + ($D:expr, $m:expr, $r:expr) => {{ + let i = ($m.wrapping_add($D)).rotate_left(u32::from($r)); + (S1[(i >> 24) as usize] ^ S2[((i >> 16) & 0xff) as usize]) + .wrapping_sub(S3[((i >> 8) & 0xff) as usize]) + .wrapping_add(S4[(i & 0xff) as usize]) + }}; +} + +macro_rules! f2 { + ($D:expr, $m:expr, $r:expr) => {{ + let i = ($m ^ $D).rotate_left(u32::from($r)); + S1[(i >> 24) as usize] + .wrapping_sub(S2[((i >> 16) & 0xff) as usize]) + .wrapping_add(S3[((i >> 8) & 0xff) as usize]) + ^ S4[(i & 0xff) as usize] + }}; +} + +macro_rules! f3 { + ($D:expr, $m:expr, $r:expr) => {{ + let i = ($m.wrapping_sub($D)).rotate_left(u32::from($r)); + (S1[(i >> 24) as usize].wrapping_add(S2[((i >> 16) & 0xff) as usize]) + ^ S3[((i >> 8) & 0xff) as usize]) + .wrapping_sub(S4[(i & 0xff) as usize]) + }}; +} + +#[inline] +fn forward_quad(beta: &mut [u32; 4], m: &[u32], r: &[u8]) { + // Let "BETA <- Qi(BETA)" be short-hand notation for the following: + // C = C ^ f1(D, Kr0_(i), Km0_(i)) + // B = B ^ f2(C, Kr1_(i), Km1_(i)) + // A = A ^ f3(B, Kr2_(i), Km2_(i)) + // D = D ^ f1(A, Kr3_(i), Km3_(i)) + + let [a, b, c, d] = beta; + *c ^= f1!(*d, m[0], r[0]); + *b ^= f2!(*c, m[1], r[1]); + *a ^= f3!(*b, m[2], r[2]); + *d ^= f1!(*a, m[3], r[3]); +} + +#[inline] +fn reverse_quad(beta: &mut [u32; 4], m: &[u32], r: &[u8]) { + // Let "BETA <- QBARi(BETA)" be short-hand notation for the + // following: + // D = D ^ f1(A, Kr3_(i), Km3_(i)) + // A = A ^ f3(B, Kr2_(i), Km2_(i)) + // B = B ^ f2(C, Kr1_(i), Km1_(i)) + // C = C ^ f1(D, Kr0_(i), Km0_(i)) + + let [a, b, c, d] = beta; + *d ^= f1!(*a, m[3], r[3]); + *a ^= f3!(*b, m[2], r[2]); + *b ^= f2!(*c, m[1], r[1]); + *c ^= f1!(*d, m[0], r[0]); +} + +#[inline] +fn forward_octave(kappa: &mut [u32; 8], m: &[u32], r: &[u8]) { + // Let "KAPPA <- Wi(KAPPA)" be short-hand notation for the + // following: + // G = G ^ f1(H, Tr0_(i), Tm0_(i)) + // F = F ^ f2(G, Tr1_(i), Tm1_(i)) + // E = E ^ f3(F, Tr2_(i), Tm2_(i)) + // D = D ^ f1(E, Tr3_(i), Tm3_(i)) + // C = C ^ f2(D, Tr4_(i), Tm4_(i)) + // B = B ^ f3(C, Tr5_(i), Tm5_(i)) + // A = A ^ f1(B, Tr6_(i), Tm6_(i)) + // H = H ^ f2(A, Tr7_(i), Tm7_(i)) + + let [a, b, c, d, e, f, g, h] = kappa; + *g ^= f1!(*h, m[0], r[0]); + *f ^= f2!(*g, m[1], r[1]); + *e ^= f3!(*f, m[2], r[2]); + *d ^= f1!(*e, m[3], r[3]); + *c ^= f2!(*d, m[4], r[4]); + *b ^= f3!(*c, m[5], r[5]); + *a ^= f1!(*b, m[6], r[6]); + *h ^= f2!(*a, m[7], r[7]); +} + +impl BlockCipher for Cast6 {} + +impl KeySizeUser for Cast6 { + type KeySize = U32; +} + +impl KeyInit for Cast6 { + fn new(key: &Key) -> Self { + Self::new_from_slice(key).unwrap() + } + + fn new_from_slice(key: &[u8]) -> Result { + // Available key sizes are 128, 160, 192, 224, and 256 bits. + if key.len() < 16 || key.len() > 32 || key.len() % 4 != 0 { + return Err(InvalidLength); + } + let mut cast6 = Cast6::init_state(); + + if key.len() < 32 { + // Pad keys that are less than 256 bits long. + let mut padded_key = [0u8; 32]; + padded_key[..key.len()].copy_from_slice(key); + cast6.key_schedule(&padded_key[..]); + } else { + cast6.key_schedule(key); + } + Ok(cast6) + } +} + +impl fmt::Debug for Cast6 { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("Cast6 { ... }") + } +} + +impl AlgorithmName for Cast6 { + fn write_alg_name(f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.write_str("Cast6") + } +} + +#[cfg(feature = "zeroize")] +#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))] +impl Drop for Cast6 { + fn drop(&mut self) { + self.masking.zeroize(); + self.rotate.zeroize(); + } +} + +#[cfg(feature = "zeroize")] +#[cfg_attr(docsrs, doc(cfg(feature = "zeroize")))] +impl ZeroizeOnDrop for Cast6 {} + +cipher::impl_simple_block_encdec!( + Cast6, U16, cipher, block, + encrypt: { + let masking = &cipher.masking; + let rotate = &cipher.rotate; + + // Let BETA = (ABCD) be a 128-bit block where A, B, C and D are each + // 32 bits in length. + // BETA = 128bits of plaintext. + let b = block.get_in(); + let mut beta = [ + u32::from_be_bytes(b[0..4].try_into().unwrap()), + u32::from_be_bytes(b[4..8].try_into().unwrap()), + u32::from_be_bytes(b[8..12].try_into().unwrap()), + u32::from_be_bytes(b[12..16].try_into().unwrap()), + ]; + + // for (i=0; i<6; i++) + // BETA <- Qi(BETA) + forward_quad(&mut beta, &masking[0], &rotate[0]); + forward_quad(&mut beta, &masking[1], &rotate[1]); + forward_quad(&mut beta, &masking[2], &rotate[2]); + forward_quad(&mut beta, &masking[3], &rotate[3]); + forward_quad(&mut beta, &masking[4], &rotate[4]); + forward_quad(&mut beta, &masking[5], &rotate[5]); + + // for (i=6; i<12; i++) + // BETA <- QBARi(BETA) + reverse_quad(&mut beta, &masking[6], &rotate[6]); + reverse_quad(&mut beta, &masking[7], &rotate[7]); + reverse_quad(&mut beta, &masking[8], &rotate[8]); + reverse_quad(&mut beta, &masking[9], &rotate[9]); + reverse_quad(&mut beta, &masking[10], &rotate[10]); + reverse_quad(&mut beta, &masking[11], &rotate[11]); + + // 128bits of ciphertext = BETA + let block = block.get_out(); + block[0..4].copy_from_slice(&beta[0].to_be_bytes()); + block[4..8].copy_from_slice(&beta[1].to_be_bytes()); + block[8..12].copy_from_slice(&beta[2].to_be_bytes()); + block[12..16].copy_from_slice(&beta[3].to_be_bytes()); + } + decrypt: { + let masking = &cipher.masking; + let rotate = &cipher.rotate; + + let b = block.get_in(); + let mut beta = [ + u32::from_be_bytes(b[0..4].try_into().unwrap()), + u32::from_be_bytes(b[4..8].try_into().unwrap()), + u32::from_be_bytes(b[8..12].try_into().unwrap()), + u32::from_be_bytes(b[12..16].try_into().unwrap()), + ]; + + forward_quad(&mut beta, &masking[11], &rotate[11]); + forward_quad(&mut beta, &masking[10], &rotate[10]); + forward_quad(&mut beta, &masking[9], &rotate[9]); + forward_quad(&mut beta, &masking[8], &rotate[8]); + forward_quad(&mut beta, &masking[7], &rotate[7]); + forward_quad(&mut beta, &masking[6], &rotate[6]); + + reverse_quad(&mut beta, &masking[5], &rotate[5]); + reverse_quad(&mut beta, &masking[4], &rotate[4]); + reverse_quad(&mut beta, &masking[3], &rotate[3]); + reverse_quad(&mut beta, &masking[2], &rotate[2]); + reverse_quad(&mut beta, &masking[1], &rotate[1]); + reverse_quad(&mut beta, &masking[0], &rotate[0]); + + let block = block.get_out(); + block[0..4].copy_from_slice(&beta[0].to_be_bytes()); + block[4..8].copy_from_slice(&beta[1].to_be_bytes()); + block[8..12].copy_from_slice(&beta[2].to_be_bytes()); + block[12..16].copy_from_slice(&beta[3].to_be_bytes()); + } +); diff --git a/cast6/tests/mod.rs b/cast6/tests/mod.rs new file mode 100644 index 00000000..93dec13b --- /dev/null +++ b/cast6/tests/mod.rs @@ -0,0 +1,36 @@ +use cast6::Cast6; +use cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, KeyInit}; +use hex_literal::hex; + +/// Test vectors from RFC 2612 Appendix A +/// https://tools.ietf.org/html/rfc2612#page-10 +#[test] +fn rfc2144_a() { + let key128 = hex!("2342bb9efa38542c0af75647f29f615d"); + let key192 = hex!("2342bb9efa38542cbed0ac83940ac298bac77a7717942863"); + let key256 = hex!("2342bb9efa38542cbed0ac83940ac2988d7c47ce264908461cc1b5137ae6b604"); + let ct128 = GenericArray::from(hex!("c842a08972b43d20836c91d1b7530f6b")); + let ct192 = GenericArray::from(hex!("1b386c0210dcadcbdd0e41aa08a7a7e8")); + let ct256 = GenericArray::from(hex!("4f6a2038286897b9c9870136553317fa")); + let pt = GenericArray::default(); + + let mut buf = pt; + + let c = Cast6::new_from_slice(&key128).unwrap(); + c.encrypt_block(&mut buf); + assert_eq!(buf, ct128); + c.decrypt_block(&mut buf); + assert_eq!(buf, pt); + + let c = Cast6::new_from_slice(&key192).unwrap(); + c.encrypt_block(&mut buf); + assert_eq!(buf, ct192); + c.decrypt_block(&mut buf); + assert_eq!(buf, pt); + + let c = Cast6::new_from_slice(&key256).unwrap(); + c.encrypt_block(&mut buf); + assert_eq!(buf, ct256); + c.decrypt_block(&mut buf); + assert_eq!(buf, pt); +} From b63fd3d48853bb28694ab03023e5342bf4dfbed0 Mon Sep 17 00:00:00 2001 From: LegionMammal978 Date: Fri, 15 Sep 2023 17:54:53 -0400 Subject: [PATCH 2/2] cast6: add to README.md table --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 88f34fd0..45a7a04b 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ It's generally recommended not to use other cipher implementations in this repos | [Blowfish] | [`blowfish`] | [![crates.io](https://img.shields.io/crates/v/blowfish.svg)](https://crates.io/crates/blowfish) | [![Documentation](https://docs.rs/blowfish/badge.svg)](https://docs.rs/blowfish) | ![MSRV 1.56][msrv-1.56] | | [Camellia] | [`camellia`] | [![crates.io](https://img.shields.io/crates/v/camellia.svg)](https://crates.io/crates/camellia) | [![Documentation](https://docs.rs/camellia/badge.svg)](https://docs.rs/camellia) | ![MSRV 1.56][msrv-1.56] | | [CAST5] (CAST-128) | [`cast5`] | [![crates.io](https://img.shields.io/crates/v/cast5.svg)](https://crates.io/crates/cast5) | [![Documentation](https://docs.rs/cast5/badge.svg)](https://docs.rs/cast5) | ![MSRV 1.56][msrv-1.56] | +| [CAST6] (CAST-256) | [`cast6`] | [![crates.io](https://img.shields.io/crates/v/cast6.svg)](https://crates.io/crates/cast6) | [![Documentation](https://docs.rs/cast6/badge.svg)](https://docs.rs/cast6) | ![MSRV 1.56][msrv-1.56] | | [DES] + [3DES] (DEA, 3DEA) | [`des`] | [![crates.io](https://img.shields.io/crates/v/des.svg)](https://crates.io/crates/des) | [![Documentation](https://docs.rs/des/badge.svg)](https://docs.rs/des) | ![MSRV 1.56][msrv-1.56] | | [IDEA] | [`idea`] | [![crates.io](https://img.shields.io/crates/v/idea.svg)](https://crates.io/crates/idea) | [![Documentation](https://docs.rs/idea/badge.svg)](https://docs.rs/idea) | ![MSRV 1.56][msrv-1.56] | | [Kuznyechik] (GOST R 34.12-2015) | [`kuznyechik`] | [![crates.io](https://img.shields.io/crates/v/kuznyechik.svg)](https://crates.io/crates/kuznyechik) | [![Documentation](https://docs.rs/kuznyechik/badge.svg)](https://docs.rs/kuznyechik) | ![MSRV 1.56][msrv-1.56] | @@ -92,6 +93,7 @@ dual licensed as above, without any additional terms or conditions. [`blowfish`]: ./blowfish [`camellia`]: ./camellia [`cast5`]: ./cast5 +[`cast6`]: ./cast6 [`des`]: ./des [`idea`]: ./idea [`kuznyechik`]: ./kuznyechik @@ -115,6 +117,7 @@ dual licensed as above, without any additional terms or conditions. [Blowfish]: https://en.wikipedia.org/wiki/Blowfish_(cipher) [Camellia]: https://en.wikipedia.org/wiki/Camellia_(cipher) [CAST5]: https://en.wikipedia.org/wiki/CAST-128 +[CAST6]: https://en.wikipedia.org/wiki/CAST-256 [DES]: https://en.wikipedia.org/wiki/Data_Encryption_Standard [3DES]: https://en.wikipedia.org/wiki/Triple_DES [IDEA]: https://simple.wikipedia.org/wiki/International_Data_Encryption_Algorithm