Bug Summary

File:crypto/cast.c
Warning:line 127, column 2
Value stored to 't' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name cast.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -target-feature +retpoline-external-thunk -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/legacy-dpm -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu13 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/inc -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc/pmfw_if -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D SUSPEND -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/scan/2024-01-11-110808-61670-1 -x c /usr/src/sys/crypto/cast.c
1/* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $ */
2
3/*
4 * CAST-128 in C
5 * Written by Steve Reid <sreid@sea-to-sky.net>
6 * 100% Public Domain - no warranty
7 * Released 1997.10.11
8 */
9
10#include <sys/types.h>
11#include <sys/systm.h>
12#include <crypto/cast.h>
13#include <crypto/castsb.h>
14
15/* Macros to access 8-bit bytes out of a 32-bit word */
16#define U_INT8_Ta(x)( (u_int8_t) (x>>24) ) ( (u_int8_t) (x>>24) )
17#define U_INT8_Tb(x)( (u_int8_t) ((x>>16)&255) ) ( (u_int8_t) ((x>>16)&255) )
18#define U_INT8_Tc(x)( (u_int8_t) ((x>>8)&255) ) ( (u_int8_t) ((x>>8)&255) )
19#define U_INT8_Td(x)( (u_int8_t) ((x)&255) ) ( (u_int8_t) ((x)&255) )
20
21/* Circular left shift */
22#define ROL(x, n)( ((x)<<(n)) | ((x)>>(32-(n))) ) ( ((x)<<(n)) | ((x)>>(32-(n))) )
23
24/* CAST-128 uses three different round functions */
25#define F1(l, r, i)t = ( ((key->xkey[i] + r)<<(key->xkey[i+16])) | (
(key->xkey[i] + r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&255) )]; \
26 t = ROL(key->xkey[i] + r, key->xkey[i+16])( ((key->xkey[i] + r)<<(key->xkey[i+16])) | ((key
->xkey[i] + r)>>(32-(key->xkey[i+16]))) ); \
27 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] ^ cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) - \
28 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) + cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
29#define F2(l, r, i)t = ( ((key->xkey[i] ^ r)<<(key->xkey[i+16])) | (
(key->xkey[i] ^ r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&255) )]; \
30 t = ROL(key->xkey[i] ^ r, key->xkey[i+16])( ((key->xkey[i] ^ r)<<(key->xkey[i+16])) | ((key
->xkey[i] ^ r)>>(32-(key->xkey[i+16]))) ); \
31 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] - cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) + \
32 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) ^ cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
33#define F3(l, r, i)t = ( ((key->xkey[i] - r)<<(key->xkey[i+16])) | (
(key->xkey[i] - r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&255) )]; \
34 t = ROL(key->xkey[i] - r, key->xkey[i+16])( ((key->xkey[i] - r)<<(key->xkey[i+16])) | ((key
->xkey[i] - r)>>(32-(key->xkey[i+16]))) ); \
35 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] + cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) ^ \
36 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) - cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
37
38
39/***** Encryption Function *****/
40
41void
42cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
43{
44 u_int32_t t, l, r;
45
46 /* Get inblock into l,r */
47 l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
48 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
49 r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
50 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
51 /* Do the work */
52 F1(l, r, 0)t = ( ((key->xkey[0] + r)<<(key->xkey[0 +16])) | (
(key->xkey[0] + r)>>(32-(key->xkey[0 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
53 F2(r, l, 1)t = ( ((key->xkey[1] ^ l)<<(key->xkey[1 +16])) | (
(key->xkey[1] ^ l)>>(32-(key->xkey[1 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
54 F3(l, r, 2)t = ( ((key->xkey[2] - r)<<(key->xkey[2 +16])) | (
(key->xkey[2] - r)>>(32-(key->xkey[2 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
55 F1(r, l, 3)t = ( ((key->xkey[3] + l)<<(key->xkey[3 +16])) | (
(key->xkey[3] + l)>>(32-(key->xkey[3 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
56 F2(l, r, 4)t = ( ((key->xkey[4] ^ r)<<(key->xkey[4 +16])) | (
(key->xkey[4] ^ r)>>(32-(key->xkey[4 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
57 F3(r, l, 5)t = ( ((key->xkey[5] - l)<<(key->xkey[5 +16])) | (
(key->xkey[5] - l)>>(32-(key->xkey[5 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
58 F1(l, r, 6)t = ( ((key->xkey[6] + r)<<(key->xkey[6 +16])) | (
(key->xkey[6] + r)>>(32-(key->xkey[6 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
59 F2(r, l, 7)t = ( ((key->xkey[7] ^ l)<<(key->xkey[7 +16])) | (
(key->xkey[7] ^ l)>>(32-(key->xkey[7 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
60 F3(l, r, 8)t = ( ((key->xkey[8] - r)<<(key->xkey[8 +16])) | (
(key->xkey[8] - r)>>(32-(key->xkey[8 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
61 F1(r, l, 9)t = ( ((key->xkey[9] + l)<<(key->xkey[9 +16])) | (
(key->xkey[9] + l)>>(32-(key->xkey[9 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
62 F2(l, r, 10)t = ( ((key->xkey[10] ^ r)<<(key->xkey[10 +16])) |
((key->xkey[10] ^ r)>>(32-(key->xkey[10 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
63 F3(r, l, 11)t = ( ((key->xkey[11] - l)<<(key->xkey[11 +16])) |
((key->xkey[11] - l)>>(32-(key->xkey[11 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
64 /* Only do full 16 rounds if key length > 80 bits */
65 if (key->rounds > 12) {
66 F1(l, r, 12)t = ( ((key->xkey[12] + r)<<(key->xkey[12 +16])) |
((key->xkey[12] + r)>>(32-(key->xkey[12 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
67 F2(r, l, 13)t = ( ((key->xkey[13] ^ l)<<(key->xkey[13 +16])) |
((key->xkey[13] ^ l)>>(32-(key->xkey[13 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
68 F3(l, r, 14)t = ( ((key->xkey[14] - r)<<(key->xkey[14 +16])) |
((key->xkey[14] - r)>>(32-(key->xkey[14 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
69 F1(r, l, 15)t = ( ((key->xkey[15] + l)<<(key->xkey[15 +16])) |
((key->xkey[15] + l)>>(32-(key->xkey[15 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
70 }
71 /* Put l,r into outblock */
72 outblock[0] = U_INT8_Ta(r)( (u_int8_t) (r>>24) );
73 outblock[1] = U_INT8_Tb(r)( (u_int8_t) ((r>>16)&255) );
74 outblock[2] = U_INT8_Tc(r)( (u_int8_t) ((r>>8)&255) );
75 outblock[3] = U_INT8_Td(r)( (u_int8_t) ((r)&255) );
76 outblock[4] = U_INT8_Ta(l)( (u_int8_t) (l>>24) );
77 outblock[5] = U_INT8_Tb(l)( (u_int8_t) ((l>>16)&255) );
78 outblock[6] = U_INT8_Tc(l)( (u_int8_t) ((l>>8)&255) );
79 outblock[7] = U_INT8_Td(l)( (u_int8_t) ((l)&255) );
80 /* Wipe clean */
81 t = l = r = 0;
82}
83
84
85/***** Decryption Function *****/
86
87void
88cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
89{
90 u_int32_t t, l, r;
91
92 /* Get inblock into l,r */
93 r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
94 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
95 l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
96 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
97 /* Do the work */
98 /* Only do full 16 rounds if key length > 80 bits */
99 if (key->rounds > 12) {
100 F1(r, l, 15)t = ( ((key->xkey[15] + l)<<(key->xkey[15 +16])) |
((key->xkey[15] + l)>>(32-(key->xkey[15 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
101 F3(l, r, 14)t = ( ((key->xkey[14] - r)<<(key->xkey[14 +16])) |
((key->xkey[14] - r)>>(32-(key->xkey[14 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
102 F2(r, l, 13)t = ( ((key->xkey[13] ^ l)<<(key->xkey[13 +16])) |
((key->xkey[13] ^ l)>>(32-(key->xkey[13 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
103 F1(l, r, 12)t = ( ((key->xkey[12] + r)<<(key->xkey[12 +16])) |
((key->xkey[12] + r)>>(32-(key->xkey[12 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
104 }
105 F3(r, l, 11)t = ( ((key->xkey[11] - l)<<(key->xkey[11 +16])) |
((key->xkey[11] - l)>>(32-(key->xkey[11 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
106 F2(l, r, 10)t = ( ((key->xkey[10] ^ r)<<(key->xkey[10 +16])) |
((key->xkey[10] ^ r)>>(32-(key->xkey[10 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
107 F1(r, l, 9)t = ( ((key->xkey[9] + l)<<(key->xkey[9 +16])) | (
(key->xkey[9] + l)>>(32-(key->xkey[9 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
108 F3(l, r, 8)t = ( ((key->xkey[8] - r)<<(key->xkey[8 +16])) | (
(key->xkey[8] - r)>>(32-(key->xkey[8 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
109 F2(r, l, 7)t = ( ((key->xkey[7] ^ l)<<(key->xkey[7 +16])) | (
(key->xkey[7] ^ l)>>(32-(key->xkey[7 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
110 F1(l, r, 6)t = ( ((key->xkey[6] + r)<<(key->xkey[6 +16])) | (
(key->xkey[6] + r)>>(32-(key->xkey[6 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
111 F3(r, l, 5)t = ( ((key->xkey[5] - l)<<(key->xkey[5 +16])) | (
(key->xkey[5] - l)>>(32-(key->xkey[5 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
112 F2(l, r, 4)t = ( ((key->xkey[4] ^ r)<<(key->xkey[4 +16])) | (
(key->xkey[4] ^ r)>>(32-(key->xkey[4 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
113 F1(r, l, 3)t = ( ((key->xkey[3] + l)<<(key->xkey[3 +16])) | (
(key->xkey[3] + l)>>(32-(key->xkey[3 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
114 F3(l, r, 2)t = ( ((key->xkey[2] - r)<<(key->xkey[2 +16])) | (
(key->xkey[2] - r)>>(32-(key->xkey[2 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];;
115 F2(r, l, 1)t = ( ((key->xkey[1] ^ l)<<(key->xkey[1 +16])) | (
(key->xkey[1] ^ l)>>(32-(key->xkey[1 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];;
116 F1(l, r, 0)t = ( ((key->xkey[0] + r)<<(key->xkey[0 +16])) | (
(key->xkey[0] + r)>>(32-(key->xkey[0 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];;
117 /* Put l,r into outblock */
118 outblock[0] = U_INT8_Ta(l)( (u_int8_t) (l>>24) );
119 outblock[1] = U_INT8_Tb(l)( (u_int8_t) ((l>>16)&255) );
120 outblock[2] = U_INT8_Tc(l)( (u_int8_t) ((l>>8)&255) );
121 outblock[3] = U_INT8_Td(l)( (u_int8_t) ((l)&255) );
122 outblock[4] = U_INT8_Ta(r)( (u_int8_t) (r>>24) );
123 outblock[5] = U_INT8_Tb(r)( (u_int8_t) ((r>>16)&255) );
124 outblock[6] = U_INT8_Tc(r)( (u_int8_t) ((r>>8)&255) );
125 outblock[7] = U_INT8_Td(r)( (u_int8_t) ((r)&255) );
126 /* Wipe clean */
127 t = l = r = 0;
Value stored to 't' is never read
128}
129
130
131/***** Key Schedule *****/
132
133void
134cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
135{
136 u_int32_t t[4], z[4], x[4];
137 int i;
138
139 /* Set number of rounds to 12 or 16, depending on key length */
140 key->rounds = (keybytes <= 10 ? 12 : 16);
141
142 /* Copy key to workspace x */
143 for (i = 0; i < 4; i++) {
144 x[i] = 0;
145 if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
146 if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
147 if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
148 if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
149 }
150 /* Generate 32 subkeys, four at a time */
151 for (i = 0; i < 32; i+=4) {
152 switch (i & 4) {
153 case 0:
154 t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )] ^
155 cast_sbox6[U_INT8_Td(x[3])( (u_int8_t) ((x[3])&255) )] ^
156 cast_sbox7[U_INT8_Ta(x[3])( (u_int8_t) (x[3]>>24) )] ^
157 cast_sbox8[U_INT8_Tc(x[3])( (u_int8_t) ((x[3]>>8)&255) )] ^
158 cast_sbox7[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
159 t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])( (u_int8_t) (z[0]>>24) )] ^
160 cast_sbox6[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )] ^
161 cast_sbox7[U_INT8_Tb(z[0])( (u_int8_t) ((z[0]>>16)&255) )] ^
162 cast_sbox8[U_INT8_Td(z[0])( (u_int8_t) ((z[0])&255) )] ^
163 cast_sbox8[U_INT8_Tc(x[2])( (u_int8_t) ((x[2]>>8)&255) )];
164 t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])( (u_int8_t) ((z[1])&255) )] ^
165 cast_sbox6[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )] ^
166 cast_sbox7[U_INT8_Tb(z[1])( (u_int8_t) ((z[1]>>16)&255) )] ^
167 cast_sbox8[U_INT8_Ta(z[1])( (u_int8_t) (z[1]>>24) )] ^
168 cast_sbox5[U_INT8_Tb(x[2])( (u_int8_t) ((x[2]>>16)&255) )];
169 t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])( (u_int8_t) ((z[2]>>8)&255) )] ^
170 cast_sbox6[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )] ^
171 cast_sbox7[U_INT8_Td(z[2])( (u_int8_t) ((z[2])&255) )] ^
172 cast_sbox8[U_INT8_Ta(z[2])( (u_int8_t) (z[2]>>24) )] ^
173 cast_sbox6[U_INT8_Td(x[2])( (u_int8_t) ((x[2])&255) )];
174 break;
175 case 4:
176 t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])( (u_int8_t) ((z[1]>>16)&255) )] ^
177 cast_sbox6[U_INT8_Td(z[1])( (u_int8_t) ((z[1])&255) )] ^
178 cast_sbox7[U_INT8_Ta(z[1])( (u_int8_t) (z[1]>>24) )] ^
179 cast_sbox8[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )] ^
180 cast_sbox7[U_INT8_Ta(z[0])( (u_int8_t) (z[0]>>24) )];
181 t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])( (u_int8_t) (x[0]>>24) )] ^
182 cast_sbox6[U_INT8_Tc(x[0])( (u_int8_t) ((x[0]>>8)&255) )] ^
183 cast_sbox7[U_INT8_Tb(x[0])( (u_int8_t) ((x[0]>>16)&255) )] ^
184 cast_sbox8[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )] ^
185 cast_sbox8[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
186 t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )] ^
187 cast_sbox6[U_INT8_Tc(x[1])( (u_int8_t) ((x[1]>>8)&255) )] ^
188 cast_sbox7[U_INT8_Tb(x[1])( (u_int8_t) ((x[1]>>16)&255) )] ^
189 cast_sbox8[U_INT8_Ta(x[1])( (u_int8_t) (x[1]>>24) )] ^
190 cast_sbox5[U_INT8_Tb(z[0])( (u_int8_t) ((z[0]>>16)&255) )];
191 t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])( (u_int8_t) ((x[2]>>8)&255) )] ^
192 cast_sbox6[U_INT8_Tb(x[2])( (u_int8_t) ((x[2]>>16)&255) )] ^
193 cast_sbox7[U_INT8_Td(x[2])( (u_int8_t) ((x[2])&255) )] ^
194 cast_sbox8[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )] ^
195 cast_sbox6[U_INT8_Td(z[0])( (u_int8_t) ((z[0])&255) )];
196 break;
197 }
198 switch (i & 12) {
199 case 0:
200 case 12:
201 key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])( (u_int8_t) (t[2]>>24) )] ^
202 cast_sbox6[U_INT8_Tb(t[2])( (u_int8_t) ((t[2]>>16)&255) )] ^
203 cast_sbox7[U_INT8_Td(t[1])( (u_int8_t) ((t[1])&255) )] ^
204 cast_sbox8[U_INT8_Tc(t[1])( (u_int8_t) ((t[1]>>8)&255) )];
205 key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])( (u_int8_t) ((t[2]>>8)&255) )] ^
206 cast_sbox6[U_INT8_Td(t[2])( (u_int8_t) ((t[2])&255) )] ^
207 cast_sbox7[U_INT8_Tb(t[1])( (u_int8_t) ((t[1]>>16)&255) )] ^
208 cast_sbox8[U_INT8_Ta(t[1])( (u_int8_t) (t[1]>>24) )];
209 key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])( (u_int8_t) (t[3]>>24) )] ^
210 cast_sbox6[U_INT8_Tb(t[3])( (u_int8_t) ((t[3]>>16)&255) )] ^
211 cast_sbox7[U_INT8_Td(t[0])( (u_int8_t) ((t[0])&255) )] ^
212 cast_sbox8[U_INT8_Tc(t[0])( (u_int8_t) ((t[0]>>8)&255) )];
213 key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])( (u_int8_t) ((t[3]>>8)&255) )] ^
214 cast_sbox6[U_INT8_Td(t[3])( (u_int8_t) ((t[3])&255) )] ^
215 cast_sbox7[U_INT8_Tb(t[0])( (u_int8_t) ((t[0]>>16)&255) )] ^
216 cast_sbox8[U_INT8_Ta(t[0])( (u_int8_t) (t[0]>>24) )];
217 break;
218 case 4:
219 case 8:
220 key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])( (u_int8_t) ((t[0])&255) )] ^
221 cast_sbox6[U_INT8_Tc(t[0])( (u_int8_t) ((t[0]>>8)&255) )] ^
222 cast_sbox7[U_INT8_Ta(t[3])( (u_int8_t) (t[3]>>24) )] ^
223 cast_sbox8[U_INT8_Tb(t[3])( (u_int8_t) ((t[3]>>16)&255) )];
224 key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])( (u_int8_t) ((t[0]>>16)&255) )] ^
225 cast_sbox6[U_INT8_Ta(t[0])( (u_int8_t) (t[0]>>24) )] ^
226 cast_sbox7[U_INT8_Tc(t[3])( (u_int8_t) ((t[3]>>8)&255) )] ^
227 cast_sbox8[U_INT8_Td(t[3])( (u_int8_t) ((t[3])&255) )];
228 key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])( (u_int8_t) ((t[1])&255) )] ^
229 cast_sbox6[U_INT8_Tc(t[1])( (u_int8_t) ((t[1]>>8)&255) )] ^
230 cast_sbox7[U_INT8_Ta(t[2])( (u_int8_t) (t[2]>>24) )] ^
231 cast_sbox8[U_INT8_Tb(t[2])( (u_int8_t) ((t[2]>>16)&255) )];
232 key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])( (u_int8_t) ((t[1]>>16)&255) )] ^
233 cast_sbox6[U_INT8_Ta(t[1])( (u_int8_t) (t[1]>>24) )] ^
234 cast_sbox7[U_INT8_Tc(t[2])( (u_int8_t) ((t[2]>>8)&255) )] ^
235 cast_sbox8[U_INT8_Td(t[2])( (u_int8_t) ((t[2])&255) )];
236 break;
237 }
238 switch (i & 12) {
239 case 0:
240 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
241 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )];
242 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )];
243 key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])( (u_int8_t) (z[3]>>24) )];
244 break;
245 case 4:
246 key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
247 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )];
248 key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )];
249 key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )];
250 break;
251 case 8:
252 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )];
253 key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])( (u_int8_t) (z[3]>>24) )];
254 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
255 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )];
256 break;
257 case 12:
258 key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )];
259 key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )];
260 key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
261 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )];
262 break;
263 }
264 if (i >= 16) {
265 key->xkey[i+0] &= 31;
266 key->xkey[i+1] &= 31;
267 key->xkey[i+2] &= 31;
268 key->xkey[i+3] &= 31;
269 }
270 }
271 /* Wipe clean */
272 explicit_bzero(t, sizeof(t));
273 explicit_bzero(x, sizeof(x));
274 explicit_bzero(z, sizeof(z));
275}
276
277/* Made in Canada */