Crypto++: seal.cpp Source File

// seal.cpp - originally written and placed in the public domain by Wei Dai

// updated to SEAL 3.0 by Leonard Janke


#include "pch.h"


#include "seal.h"

#include "cpu.h"

#include "sha.h"

#include "misc.h"

#include "secblock.h"


NAMESPACE_BEGIN(CryptoPP)


#if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)

void SEAL_TestInstantiations()

{

    SEAL<>::Encryption x;

}

#endif


struct SEAL_Gamma

{

    SEAL_Gamma(const byte *key)

        : H(5), Z(5), D(16), lastIndex(0xffffffff)

    {

        GetUserKey(BIG_ENDIAN_ORDER, H.begin(), 5, key, 20);

        memset(D, 0, 64);

    }


    word32 Apply(word32 i);


    SecBlock<word32> H, Z, D;

    word32 lastIndex;

};


word32 SEAL_Gamma::Apply(word32 i)

{

    word32 shaIndex = i/5;

    if (shaIndex != lastIndex)

    {

        memcpy(Z, H, 20);

        D[0] = shaIndex;

        SHA1::Transform(Z, D);

        lastIndex = shaIndex;

    }


    return Z[i%5];

}


template <class B>

void SEAL_Policy<B>::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)

{

    CRYPTOPP_UNUSED(length);

    m_insideCounter = m_outsideCounter = m_startCount = 0;


    unsigned int L = params.GetIntValueWithDefault("NumberOfOutputBitsPerPositionIndex", 32*1024);

    m_iterationsPerCount = L / 8192;


    SEAL_Gamma gamma(key);

    unsigned int i;


    for (i=0; i<512; i++)

        m_T[i] = gamma.Apply(i);


    for (i=0; i<256; i++)

        m_S[i] = gamma.Apply(0x1000+i);


    m_R.New(4*(L/8192));


    for (i=0; i<m_R.size(); i++)

        m_R[i] = gamma.Apply(0x2000+i);

}


template <class B>

void SEAL_Policy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)

{

    CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(IV), CRYPTOPP_UNUSED(length);

    CRYPTOPP_ASSERT(length==4);


    m_outsideCounter = IV ? GetWord<word32>(false, BIG_ENDIAN_ORDER, IV) : 0;

    m_startCount = m_outsideCounter;

    m_insideCounter = 0;

}


template <class B>

void SEAL_Policy<B>::SeekToIteration(lword iterationCount)

{

    m_outsideCounter = m_startCount + (unsigned int)(iterationCount / m_iterationsPerCount);

    m_insideCounter = (unsigned int)(iterationCount % m_iterationsPerCount);

}


template <class B>

void SEAL_Policy<B>::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)

{

    word32 a, b, c, d, n1, n2, n3, n4;

    unsigned int p, q;


    CRYPTOPP_ASSERT(IsAlignedOn(m_T.begin(),GetAlignmentOf<word32>()));

    for (size_t iteration = 0; iteration < iterationCount; ++iteration)

    {

        #define Ttab(x) *(word32 *)(void*)((byte *)m_T.begin()+x)


        a = m_outsideCounter ^ m_R[4*m_insideCounter];

        b = rotrConstant<8>(m_outsideCounter) ^ m_R[4*m_insideCounter+1];

        c = rotrConstant<16>(m_outsideCounter) ^ m_R[4 * m_insideCounter + 2];

        d = rotrConstant<24>(m_outsideCounter) ^ m_R[4 * m_insideCounter + 3];


        for (unsigned int j=0; j<2; j++)

        {

            p = a & 0x7fc;

            b += Ttab(p);

            a = rotrConstant<9>(a);


            p = b & 0x7fc;

            c += Ttab(p);

            b = rotrConstant<9>(b);


            p = c & 0x7fc;

            d += Ttab(p);

            c = rotrConstant<9>(c);


            p = d & 0x7fc;

            a += Ttab(p);

            d = rotrConstant<9>(d);

        }


        n1 = d, n2 = b, n3 = a, n4 = c;


        p = a & 0x7fc;

        b += Ttab(p);

        a = rotrConstant<9>(a);


        p = b & 0x7fc;

        c += Ttab(p);

        b = rotrConstant<9>(b);


        p = c & 0x7fc;

        d += Ttab(p);

        c = rotrConstant<9>(c);


        p = d & 0x7fc;

        a += Ttab(p);

        d = rotrConstant<9>(d);


        // generate 8192 bits

        for (unsigned int i=0; i<64; i++)

        {

            p = a & 0x7fc;

            a = rotrConstant<9>(a);

            b += Ttab(p);

            b ^= a;


            q = b & 0x7fc;

            b = rotrConstant<9>(b);

            c ^= Ttab(q);

            c += b;


            p = (p+c) & 0x7fc;

            c = rotrConstant<9>(c);

            d += Ttab(p);

            d ^= c;


            q = (q+d) & 0x7fc;

            d = rotrConstant<9>(d);

            a ^= Ttab(q);

            a += d;


            p = (p+a) & 0x7fc;

            b ^= Ttab(p);

            a = rotrConstant<9>(a);


            q = (q+b) & 0x7fc;

            c += Ttab(q);

            b = rotrConstant<9>(b);


            p = (p+c) & 0x7fc;

            d ^= Ttab(p);

            c = rotrConstant<9>(c);


            q = (q+d) & 0x7fc;

            d = rotrConstant<9>(d);

            a += Ttab(q);


#define SEAL_OUTPUT(x)  \

    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 0, b + m_S[4*i+0]);\

    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 1, c ^ m_S[4*i+1]);\

    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 2, d + m_S[4*i+2]);\

    CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, B::ToEnum(), 3, a ^ m_S[4*i+3]);


            CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SEAL_OUTPUT, 4*4);


            if (i & 1)

            {

                a += n3;

                b += n4;

                c ^= n3;

                d ^= n4;

            }

            else

            {

                a += n1;

                b += n2;

                c ^= n1;

                d ^= n2;

            }

        }


        if (++m_insideCounter == m_iterationsPerCount)

        {

            ++m_outsideCounter;

            m_insideCounter = 0;

        }

    }


    a = b = c = d = n1 = n2 = n3 = n4 = 0;

    p = q = 0;

}


template class SEAL_Policy<BigEndian>;

template class SEAL_Policy<LittleEndian>;


NAMESPACE_END

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:322

NameValuePairs::GetIntValueWithDefault
CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const
Get a named value with type int, with default.
Definition: cryptlib.h:424

SEAL_Policy
SEAL stream cipher operation.
Definition: seal.h:29

SHA1::Transform
static void Transform(HashWordType *digest, const HashWordType *data)
Operate the hash.

SecBlock< word32 >

SecBlock::begin
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition: secblock.h:836

SymmetricCipherFinal
SymmetricCipher implementation.
Definition: strciphr.h:684

word32
unsigned int word32
32-bit unsigned datatype
Definition: config_int.h:62

lword
word64 lword
Large word type.
Definition: config_int.h:158

cpu.h
Functions for CPU features and intrinsics.

BIG_ENDIAN_ORDER
@ BIG_ENDIAN_ORDER
byte order is big-endian
Definition: cryptlib.h:147

misc.h
Utility functions for the Crypto++ library.

IsAlignedOn
bool IsAlignedOn(const void *ptr, unsigned int alignment)
Determines whether ptr is aligned to a minimum value.
Definition: misc.h:1227

GetUserKey
void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen)
Copy bytes in a buffer to an array of elements in big-endian order.
Definition: misc.h:2291

CryptoPP
Crypto++ library namespace.

Name::IV
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Definition: argnames.h:21

pch.h
Precompiled header file.

seal.h
Classes for SEAL stream cipher.

secblock.h
Classes and functions for secure memory allocations.

sha.h
Classes for SHA-1 and SHA-2 family of message digests.

CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH
#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y)
Helper macro to implement OperateKeystream.
Definition: strciphr.h:266

KeystreamOperation
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:88

SEAL_Gamma
Definition: seal.cpp:22

CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68