16#define WordType word32
18#define BYTES_PER_ITERATION 16
20#define RABBIT_OUTPUT(x){\
21 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, (m_wx[0] ^ (m_wx[5] >> 16) ^ (m_wx[3] << 16)));\
22 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, (m_wx[2] ^ (m_wx[7] >> 16) ^ (m_wx[5] << 16)));\
23 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, (m_wx[4] ^ (m_wx[1] >> 16) ^ (m_wx[7] << 16)));\
24 CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, (m_wx[6] ^ (m_wx[3] >> 16) ^ (m_wx[1] << 16)));}
26ANONYMOUS_NAMESPACE_BEGIN
28using CryptoPP::word32;
29using CryptoPP::word64;
30using CryptoPP::rotlConstant;
43 h = (((
static_cast<word32>(a*a) >> 17U) +
static_cast<word32>(a*b)) >> 15U) + b*b;
47 return static_cast<word32>(h^l);
53 return static_cast<word32>((z >> 32) ^ z);
66 c[0] =
static_cast<word32>(c[0] + 0x4D34D34D + carry);
67 c[1] =
static_cast<word32>(c[1] + 0xD34D34D3 + (c[0] < c_old[0]));
68 c[2] =
static_cast<word32>(c[2] + 0x34D34D34 + (c[1] < c_old[1]));
69 c[3] =
static_cast<word32>(c[3] + 0x4D34D34D + (c[2] < c_old[2]));
70 c[4] =
static_cast<word32>(c[4] + 0xD34D34D3 + (c[3] < c_old[3]));
71 c[5] =
static_cast<word32>(c[5] + 0x34D34D34 + (c[4] < c_old[4]));
72 c[6] =
static_cast<word32>(c[6] + 0x4D34D34D + (c[5] < c_old[5]));
73 c[7] =
static_cast<word32>(c[7] + 0xD34D34D3 + (c[6] < c_old[6]));
74 carry = (c[7] < c_old[7]);
78 g[i] = G_func(
static_cast<word32>(x[i] + c[i]));
93ANONYMOUS_NAMESPACE_END
97void RabbitPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
100 CRYPTOPP_UNUSED(params);
108 m_mx[1] =
static_cast<word32>(m_t[3] << 16) | (m_t[2] >> 16);
109 m_mx[3] =
static_cast<word32>(m_t[0] << 16) | (m_t[3] >> 16);
110 m_mx[5] =
static_cast<word32>(m_t[1] << 16) | (m_t[0] >> 16);
111 m_mx[7] =
static_cast<word32>(m_t[2] << 16) | (m_t[1] >> 16);
118 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
119 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
120 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
121 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
127 for (
size_t i = 0; i<4; i++)
128 m_mcy = NextState(m_mc, m_mx, m_mcy);
131 for (
size_t i = 0; i<8; i++)
132 m_mc[i] ^= m_mx[(i + 4) & 0x7];
135 for (
size_t i = 0; i<8; i++)
143void RabbitPolicy::OperateKeystream(
KeystreamOperation operation,
byte *output,
const byte *input,
size_t iterationCount)
148 m_wcy = NextState(m_wc, m_wx, m_wcy);
152 }
while (--iterationCount);
155void RabbitWithIVPolicy::CipherSetKey(
const NameValuePairs ¶ms,
const byte *userKey,
size_t keylen)
158 CRYPTOPP_UNUSED(params);
166 m_mx[1] =
static_cast<word32>(m_t[3] << 16) | (m_t[2] >> 16);
167 m_mx[3] =
static_cast<word32>(m_t[0] << 16) | (m_t[3] >> 16);
168 m_mx[5] =
static_cast<word32>(m_t[1] << 16) | (m_t[0] >> 16);
169 m_mx[7] =
static_cast<word32>(m_t[2] << 16) | (m_t[1] >> 16);
176 m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF);
177 m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF);
178 m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF);
179 m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF);
185 for (
size_t i = 0; i<4; i++)
186 m_mcy = NextState(m_mc, m_mx, m_mcy);
189 for (
size_t i = 0; i<8; i++)
190 m_mc[i] ^= m_mx[(i + 4) & 0x7];
193 for (
size_t i = 0; i<8; i++)
201void RabbitWithIVPolicy::CipherResynchronize(
byte *keystreamBuffer,
const byte *iv,
size_t length)
203 CRYPTOPP_UNUSED(keystreamBuffer);
204 CRYPTOPP_UNUSED(length);
208 GetBlock<word32, LittleEndian> v(iv); v(m_t[0])(m_t[2]);
209 m_t[1] = (m_t[0] >> 16) | (m_t[2] & 0xFFFF0000);
210 m_t[3] = (m_t[2] << 16) | (m_t[0] & 0x0000FFFF);
213 m_wc[0] = m_mc[0] ^ m_t[0];
214 m_wc[1] = m_mc[1] ^ m_t[1];
215 m_wc[2] = m_mc[2] ^ m_t[2];
216 m_wc[3] = m_mc[3] ^ m_t[3];
217 m_wc[4] = m_mc[4] ^ m_t[0];
218 m_wc[5] = m_mc[5] ^ m_t[1];
219 m_wc[6] = m_mc[6] ^ m_t[2];
220 m_wc[7] = m_mc[7] ^ m_t[3];
223 for (
size_t i = 0; i<8; i++)
228 for (
size_t i = 0; i<4; i++)
229 m_wcy = NextState(m_wc, m_wx, m_wcy);
232void RabbitWithIVPolicy::OperateKeystream(
KeystreamOperation operation,
byte *output,
const byte *input,
size_t iterationCount)
237 m_wcy = NextState(m_wc, m_wx, m_wcy);
241 }
while (--iterationCount);
Interface for retrieving values given their names.
Library configuration file.
unsigned int word32
32-bit unsigned datatype
unsigned long long word64
64-bit unsigned datatype
@ LITTLE_ENDIAN_ORDER
byte order is little-endian
Utility functions for the Crypto++ library.
T rotlConstant(T x)
Performs a left rotate.
void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen)
Copy bytes in a buffer to an array of elements in big-endian order.
Crypto++ library namespace.
Classes for Rabbit stream cipher.
Classes and functions for secure memory allocations.
Classes for implementing stream ciphers.
#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)
Helper macro to implement OperateKeystream.
KeystreamOperation
Keystream operation flags.
static const int BYTES_PER_ITERATION
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.