2 * Implementation of the ICE encryption algorithm.
4 * Written by Matthew Kwan - July 1996
12 /* Structure of a single round subkey */
13 typedef unsigned long ICE_SUBKEY[3];
16 /* Internal structure of the ICE_KEY structure */
17 struct ice_key_struct {
20 ICE_SUBKEY *ik_keysched;
24 static unsigned long ice_sbox[4][1024];
25 static int ice_sboxes_initialised = 0;
28 /* Modulo values for the S-boxes */
29 static const int ice_smod[4][4] = {
33 {397, 425, 395, 505}};
35 /* XOR values for the S-boxes */
36 static const int ice_sxor[4][4] = {
37 {0x83, 0x85, 0x9b, 0xcd},
38 {0xcc, 0xa7, 0xad, 0x41},
39 {0x4b, 0x2e, 0xd4, 0x33},
40 {0xea, 0xcb, 0x2e, 0x04}};
42 /* Expanded permutation values for the P-box */
43 static const unsigned long ice_pbox[32] = {
44 0x00000001, 0x00000080, 0x00000400, 0x00002000,
45 0x00080000, 0x00200000, 0x01000000, 0x40000000,
46 0x00000008, 0x00000020, 0x00000100, 0x00004000,
47 0x00010000, 0x00800000, 0x04000000, 0x20000000,
48 0x00000004, 0x00000010, 0x00000200, 0x00008000,
49 0x00020000, 0x00400000, 0x08000000, 0x10000000,
50 0x00000002, 0x00000040, 0x00000800, 0x00001000,
51 0x00040000, 0x00100000, 0x02000000, 0x80000000};
53 /* The key rotation schedule */
54 static const int ice_keyrot[16] = {
55 0, 1, 2, 3, 2, 1, 3, 0,
56 1, 3, 2, 0, 3, 1, 0, 2};
60 * Galois Field multiplication of a by b, modulo m.
61 * Just like arithmetic multiplication, except that additions and
62 * subtractions are replaced by XOR.
67 register unsigned int a,
68 register unsigned int b,
69 register unsigned int m
71 register unsigned int res = 0;
89 * Galois Field exponentiation.
90 * Raise the base to the power of 7, modulo m.
95 register unsigned int b,
98 register unsigned int x;
103 x = gf_mult (b, b, m);
104 x = gf_mult (b, x, m);
105 x = gf_mult (x, x, m);
106 return (gf_mult (b, x, m));
111 * Carry out the ICE 32-bit P-box permutation.
116 register unsigned long x
118 register unsigned long res = 0;
119 register const unsigned long *pbox = ice_pbox;
133 * Initialise the ICE S-boxes.
134 * This only has to be done once.
138 ice_sboxes_init (void)
142 for (i=0; i<1024; i++) {
143 int col = (i >> 1) & 0xff;
144 int row = (i & 0x1) | ((i & 0x200) >> 8);
147 x = gf_exp7 (col ^ ice_sxor[0][row], ice_smod[0][row]) << 24;
148 ice_sbox[0][i] = ice_perm32 (x);
150 x = gf_exp7 (col ^ ice_sxor[1][row], ice_smod[1][row]) << 16;
151 ice_sbox[1][i] = ice_perm32 (x);
153 x = gf_exp7 (col ^ ice_sxor[2][row], ice_smod[2][row]) << 8;
154 ice_sbox[2][i] = ice_perm32 (x);
156 x = gf_exp7 (col ^ ice_sxor[3][row], ice_smod[3][row]);
157 ice_sbox[3][i] = ice_perm32 (x);
163 * Create a new ICE key.
172 if (!ice_sboxes_initialised) {
174 ice_sboxes_initialised = 1;
177 if ((ik = (ICE_KEY *) malloc (sizeof (ICE_KEY))) == NULL)
185 ik->ik_rounds = n * 16;
188 if ((ik->ik_keysched = (ICE_SUBKEY *) malloc (ik->ik_rounds
189 * sizeof (ICE_SUBKEY))) == NULL) {
199 * Destroy an ICE key.
200 * Zero out the memory to prevent snooping.
212 for (i=0; i<ik->ik_rounds; i++)
214 ik->ik_keysched[i][j] = 0;
216 ik->ik_rounds = ik->ik_size = 0;
218 if (ik->ik_keysched != NULL)
219 free (ik->ik_keysched);
226 * The single round ICE f function.
231 register unsigned long p,
234 unsigned long tl, tr; /* Expanded 40-bit values */
235 unsigned long al, ar; /* Salted expanded 40-bit values */
237 /* Left half expansion */
238 tl = ((p >> 16) & 0x3ff) | (((p >> 14) | (p << 18)) & 0xffc00);
240 /* Right half expansion */
241 tr = (p & 0x3ff) | ((p << 2) & 0xffc00);
243 /* Perform the salt permutation */
244 /* al = (tr & sk[2]) | (tl & ~sk[2]); */
245 /* ar = (tl & sk[2]) | (tr & ~sk[2]); */
246 al = sk[2] & (tl ^ tr);
250 al ^= sk[0]; /* XOR with the subkey */
253 /* S-box lookup and permutation */
254 return (ice_sbox[0][al >> 10] | ice_sbox[1][al & 0x3ff]
255 | ice_sbox[2][ar >> 10] | ice_sbox[3][ar & 0x3ff]);
260 * Encrypt a block of 8 bytes of data with the given ICE key.
266 const unsigned char *ptext,
270 register unsigned long l, r;
272 l = (((unsigned long) ptext[0]) << 24)
273 | (((unsigned long) ptext[1]) << 16)
274 | (((unsigned long) ptext[2]) << 8) | ptext[3];
275 r = (((unsigned long) ptext[4]) << 24)
276 | (((unsigned long) ptext[5]) << 16)
277 | (((unsigned long) ptext[6]) << 8) | ptext[7];
279 for (i = 0; i < ik->ik_rounds; i += 2) {
280 l ^= ice_f (r, ik->ik_keysched[i]);
281 r ^= ice_f (l, ik->ik_keysched[i + 1]);
284 for (i = 0; i < 4; i++) {
285 ctext[3 - i] = r & 0xff;
286 ctext[7 - i] = l & 0xff;
295 * Decrypt a block of 8 bytes of data with the given ICE key.
301 const unsigned char *ctext,
305 register unsigned long l, r;
307 l = (((unsigned long) ctext[0]) << 24)
308 | (((unsigned long) ctext[1]) << 16)
309 | (((unsigned long) ctext[2]) << 8) | ctext[3];
310 r = (((unsigned long) ctext[4]) << 24)
311 | (((unsigned long) ctext[5]) << 16)
312 | (((unsigned long) ctext[6]) << 8) | ctext[7];
314 for (i = ik->ik_rounds - 1; i > 0; i -= 2) {
315 l ^= ice_f (r, ik->ik_keysched[i]);
316 r ^= ice_f (l, ik->ik_keysched[i - 1]);
319 for (i = 0; i < 4; i++) {
320 ptext[3 - i] = r & 0xff;
321 ptext[7 - i] = l & 0xff;
330 * Set 8 rounds [n, n+7] of the key schedule of an ICE key.
334 ice_key_sched_build (
342 for (i=0; i<8; i++) {
344 register int kr = keyrot[i];
345 ICE_SUBKEY *isk = &ik->ik_keysched[n + i];
350 for (j=0; j<15; j++) {
352 unsigned long *curr_sk = &(*isk)[j % 3];
354 for (k=0; k<4; k++) {
355 unsigned short *curr_kb = &kb[(kr + k) & 3];
356 register int bit = *curr_kb & 1;
358 *curr_sk = (*curr_sk << 1) | bit;
359 *curr_kb = (*curr_kb >> 1) | ((bit ^ 1) << 15);
367 * Set the key schedule of an ICE key.
373 const unsigned char *key
377 if (ik->ik_rounds == 8) {
378 unsigned short kb[4];
381 kb[3 - i] = (key[i*2] << 8) | key[i*2 + 1];
383 ice_key_sched_build (ik, kb, 0, ice_keyrot);
387 for (i = 0; i < ik->ik_size; i++) {
389 unsigned short kb[4];
392 kb[3 - j] = (key[i*8 + j*2] << 8) | key[i*8 + j*2 + 1];
394 ice_key_sched_build (ik, kb, i*8, ice_keyrot);
395 ice_key_sched_build (ik, kb, ik->ik_rounds - 8 - i*8,
402 * Return the key size, in bytes.
409 return (ik->ik_size * 8);
414 * Return the block size, in bytes.