Bug Summary

File:crypto/cast.c
Warning:line 81, column 10
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name cast.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -target-feature +retpoline-external-thunk -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/legacy-dpm -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu13 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/inc -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/inc/pmfw_if -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D SUSPEND -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/scan/2024-01-11-110808-61670-1 -x c /usr/src/sys/crypto/cast.c
1/* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $ */
2
3/*
4 * CAST-128 in C
5 * Written by Steve Reid <sreid@sea-to-sky.net>
6 * 100% Public Domain - no warranty
7 * Released 1997.10.11
8 */
9
10#include <sys/types.h>
11#include <sys/systm.h>
12#include <crypto/cast.h>
13#include <crypto/castsb.h>
14
15/* Macros to access 8-bit bytes out of a 32-bit word */
16#define U_INT8_Ta(x)( (u_int8_t) (x>>24) ) ( (u_int8_t) (x>>24) )
17#define U_INT8_Tb(x)( (u_int8_t) ((x>>16)&255) ) ( (u_int8_t) ((x>>16)&255) )
18#define U_INT8_Tc(x)( (u_int8_t) ((x>>8)&255) ) ( (u_int8_t) ((x>>8)&255) )
19#define U_INT8_Td(x)( (u_int8_t) ((x)&255) ) ( (u_int8_t) ((x)&255) )
20
21/* Circular left shift */
22#define ROL(x, n)( ((x)<<(n)) | ((x)>>(32-(n))) ) ( ((x)<<(n)) | ((x)>>(32-(n))) )
23
24/* CAST-128 uses three different round functions */
25#define F1(l, r, i)t = ( ((key->xkey[i] + r)<<(key->xkey[i+16])) | (
(key->xkey[i] + r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&255) )];
\
26 t = ROL(key->xkey[i] + r, key->xkey[i+16])( ((key->xkey[i] + r)<<(key->xkey[i+16])) | ((key
->xkey[i] + r)>>(32-(key->xkey[i+16]))) )
; \
27 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] ^ cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) - \
28 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) + cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
29#define F2(l, r, i)t = ( ((key->xkey[i] ^ r)<<(key->xkey[i+16])) | (
(key->xkey[i] ^ r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&255) )];
\
30 t = ROL(key->xkey[i] ^ r, key->xkey[i+16])( ((key->xkey[i] ^ r)<<(key->xkey[i+16])) | ((key
->xkey[i] ^ r)>>(32-(key->xkey[i+16]))) )
; \
31 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] - cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) + \
32 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) ^ cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
33#define F3(l, r, i)t = ( ((key->xkey[i] - r)<<(key->xkey[i+16])) | (
(key->xkey[i] - r)>>(32-(key->xkey[i+16]))) ); l ^=
((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[( (u_int8_t
) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t) ((t>>
8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&255) )];
\
34 t = ROL(key->xkey[i] - r, key->xkey[i+16])( ((key->xkey[i] - r)<<(key->xkey[i+16])) | ((key
->xkey[i] - r)>>(32-(key->xkey[i+16]))) )
; \
35 l ^= ((cast_sbox1[U_INT8_Ta(t)( (u_int8_t) (t>>24) )] + cast_sbox2[U_INT8_Tb(t)( (u_int8_t) ((t>>16)&255) )]) ^ \
36 cast_sbox3[U_INT8_Tc(t)( (u_int8_t) ((t>>8)&255) )]) - cast_sbox4[U_INT8_Td(t)( (u_int8_t) ((t)&255) )];
37
38
39/***** Encryption Function *****/
40
41void
42cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
43{
44 u_int32_t t, l, r;
45
46 /* Get inblock into l,r */
47 l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
48 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
49 r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
50 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
51 /* Do the work */
52 F1(l, r, 0)t = ( ((key->xkey[0] + r)<<(key->xkey[0 +16])) | (
(key->xkey[0] + r)>>(32-(key->xkey[0 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
53 F2(r, l, 1)t = ( ((key->xkey[1] ^ l)<<(key->xkey[1 +16])) | (
(key->xkey[1] ^ l)>>(32-(key->xkey[1 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
54 F3(l, r, 2)t = ( ((key->xkey[2] - r)<<(key->xkey[2 +16])) | (
(key->xkey[2] - r)>>(32-(key->xkey[2 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
55 F1(r, l, 3)t = ( ((key->xkey[3] + l)<<(key->xkey[3 +16])) | (
(key->xkey[3] + l)>>(32-(key->xkey[3 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
56 F2(l, r, 4)t = ( ((key->xkey[4] ^ r)<<(key->xkey[4 +16])) | (
(key->xkey[4] ^ r)>>(32-(key->xkey[4 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
57 F3(r, l, 5)t = ( ((key->xkey[5] - l)<<(key->xkey[5 +16])) | (
(key->xkey[5] - l)>>(32-(key->xkey[5 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
58 F1(l, r, 6)t = ( ((key->xkey[6] + r)<<(key->xkey[6 +16])) | (
(key->xkey[6] + r)>>(32-(key->xkey[6 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
59 F2(r, l, 7)t = ( ((key->xkey[7] ^ l)<<(key->xkey[7 +16])) | (
(key->xkey[7] ^ l)>>(32-(key->xkey[7 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
60 F3(l, r, 8)t = ( ((key->xkey[8] - r)<<(key->xkey[8 +16])) | (
(key->xkey[8] - r)>>(32-(key->xkey[8 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
61 F1(r, l, 9)t = ( ((key->xkey[9] + l)<<(key->xkey[9 +16])) | (
(key->xkey[9] + l)>>(32-(key->xkey[9 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
62 F2(l, r, 10)t = ( ((key->xkey[10] ^ r)<<(key->xkey[10 +16])) |
((key->xkey[10] ^ r)>>(32-(key->xkey[10 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
63 F3(r, l, 11)t = ( ((key->xkey[11] - l)<<(key->xkey[11 +16])) |
((key->xkey[11] - l)>>(32-(key->xkey[11 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
64 /* Only do full 16 rounds if key length > 80 bits */
65 if (key->rounds > 12) {
66 F1(l, r, 12)t = ( ((key->xkey[12] + r)<<(key->xkey[12 +16])) |
((key->xkey[12] + r)>>(32-(key->xkey[12 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
67 F2(r, l, 13)t = ( ((key->xkey[13] ^ l)<<(key->xkey[13 +16])) |
((key->xkey[13] ^ l)>>(32-(key->xkey[13 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
68 F3(l, r, 14)t = ( ((key->xkey[14] - r)<<(key->xkey[14 +16])) |
((key->xkey[14] - r)>>(32-(key->xkey[14 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
69 F1(r, l, 15)t = ( ((key->xkey[15] + l)<<(key->xkey[15 +16])) |
((key->xkey[15] + l)>>(32-(key->xkey[15 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
70 }
71 /* Put l,r into outblock */
72 outblock[0] = U_INT8_Ta(r)( (u_int8_t) (r>>24) );
73 outblock[1] = U_INT8_Tb(r)( (u_int8_t) ((r>>16)&255) );
74 outblock[2] = U_INT8_Tc(r)( (u_int8_t) ((r>>8)&255) );
75 outblock[3] = U_INT8_Td(r)( (u_int8_t) ((r)&255) );
76 outblock[4] = U_INT8_Ta(l)( (u_int8_t) (l>>24) );
77 outblock[5] = U_INT8_Tb(l)( (u_int8_t) ((l>>16)&255) );
78 outblock[6] = U_INT8_Tc(l)( (u_int8_t) ((l>>8)&255) );
79 outblock[7] = U_INT8_Td(l)( (u_int8_t) ((l)&255) );
80 /* Wipe clean */
81 t = l = r = 0;
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
82}
83
84
85/***** Decryption Function *****/
86
87void
88cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
89{
90 u_int32_t t, l, r;
91
92 /* Get inblock into l,r */
93 r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
94 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
95 l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
96 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
97 /* Do the work */
98 /* Only do full 16 rounds if key length > 80 bits */
99 if (key->rounds > 12) {
100 F1(r, l, 15)t = ( ((key->xkey[15] + l)<<(key->xkey[15 +16])) |
((key->xkey[15] + l)>>(32-(key->xkey[15 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
101 F3(l, r, 14)t = ( ((key->xkey[14] - r)<<(key->xkey[14 +16])) |
((key->xkey[14] - r)>>(32-(key->xkey[14 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
102 F2(r, l, 13)t = ( ((key->xkey[13] ^ l)<<(key->xkey[13 +16])) |
((key->xkey[13] ^ l)>>(32-(key->xkey[13 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
103 F1(l, r, 12)t = ( ((key->xkey[12] + r)<<(key->xkey[12 +16])) |
((key->xkey[12] + r)>>(32-(key->xkey[12 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
104 }
105 F3(r, l, 11)t = ( ((key->xkey[11] - l)<<(key->xkey[11 +16])) |
((key->xkey[11] - l)>>(32-(key->xkey[11 +16]))) )
; r ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
106 F2(l, r, 10)t = ( ((key->xkey[10] ^ r)<<(key->xkey[10 +16])) |
((key->xkey[10] ^ r)>>(32-(key->xkey[10 +16]))) )
; l ^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2
[( (u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
107 F1(r, l, 9)t = ( ((key->xkey[9] + l)<<(key->xkey[9 +16])) | (
(key->xkey[9] + l)>>(32-(key->xkey[9 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
108 F3(l, r, 8)t = ( ((key->xkey[8] - r)<<(key->xkey[8 +16])) | (
(key->xkey[8] - r)>>(32-(key->xkey[8 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
109 F2(r, l, 7)t = ( ((key->xkey[7] ^ l)<<(key->xkey[7 +16])) | (
(key->xkey[7] ^ l)>>(32-(key->xkey[7 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
110 F1(l, r, 6)t = ( ((key->xkey[6] + r)<<(key->xkey[6 +16])) | (
(key->xkey[6] + r)>>(32-(key->xkey[6 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
111 F3(r, l, 5)t = ( ((key->xkey[5] - l)<<(key->xkey[5 +16])) | (
(key->xkey[5] - l)>>(32-(key->xkey[5 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
112 F2(l, r, 4)t = ( ((key->xkey[4] ^ r)<<(key->xkey[4 +16])) | (
(key->xkey[4] ^ r)>>(32-(key->xkey[4 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
113 F1(r, l, 3)t = ( ((key->xkey[3] + l)<<(key->xkey[3 +16])) | (
(key->xkey[3] + l)>>(32-(key->xkey[3 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
114 F3(l, r, 2)t = ( ((key->xkey[2] - r)<<(key->xkey[2 +16])) | (
(key->xkey[2] - r)>>(32-(key->xkey[2 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] + cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) ^ cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) - cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
115 F2(r, l, 1)t = ( ((key->xkey[1] ^ l)<<(key->xkey[1 +16])) | (
(key->xkey[1] ^ l)>>(32-(key->xkey[1 +16]))) ); r
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] - cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) + cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) ^ cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
116 F1(l, r, 0)t = ( ((key->xkey[0] + r)<<(key->xkey[0 +16])) | (
(key->xkey[0] + r)>>(32-(key->xkey[0 +16]))) ); l
^= ((cast_sbox1[( (u_int8_t) (t>>24) )] ^ cast_sbox2[(
(u_int8_t) ((t>>16)&255) )]) - cast_sbox3[( (u_int8_t
) ((t>>8)&255) )]) + cast_sbox4[( (u_int8_t) ((t)&
255) )];
;
117 /* Put l,r into outblock */
118 outblock[0] = U_INT8_Ta(l)( (u_int8_t) (l>>24) );
119 outblock[1] = U_INT8_Tb(l)( (u_int8_t) ((l>>16)&255) );
120 outblock[2] = U_INT8_Tc(l)( (u_int8_t) ((l>>8)&255) );
121 outblock[3] = U_INT8_Td(l)( (u_int8_t) ((l)&255) );
122 outblock[4] = U_INT8_Ta(r)( (u_int8_t) (r>>24) );
123 outblock[5] = U_INT8_Tb(r)( (u_int8_t) ((r>>16)&255) );
124 outblock[6] = U_INT8_Tc(r)( (u_int8_t) ((r>>8)&255) );
125 outblock[7] = U_INT8_Td(r)( (u_int8_t) ((r)&255) );
126 /* Wipe clean */
127 t = l = r = 0;
128}
129
130
131/***** Key Schedule *****/
132
133void
134cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
135{
136 u_int32_t t[4], z[4], x[4];
137 int i;
138
139 /* Set number of rounds to 12 or 16, depending on key length */
140 key->rounds = (keybytes <= 10 ? 12 : 16);
141
142 /* Copy key to workspace x */
143 for (i = 0; i < 4; i++) {
144 x[i] = 0;
145 if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
146 if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
147 if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
148 if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
149 }
150 /* Generate 32 subkeys, four at a time */
151 for (i = 0; i < 32; i+=4) {
152 switch (i & 4) {
153 case 0:
154 t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )] ^
155 cast_sbox6[U_INT8_Td(x[3])( (u_int8_t) ((x[3])&255) )] ^
156 cast_sbox7[U_INT8_Ta(x[3])( (u_int8_t) (x[3]>>24) )] ^
157 cast_sbox8[U_INT8_Tc(x[3])( (u_int8_t) ((x[3]>>8)&255) )] ^
158 cast_sbox7[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
159 t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])( (u_int8_t) (z[0]>>24) )] ^
160 cast_sbox6[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )] ^
161 cast_sbox7[U_INT8_Tb(z[0])( (u_int8_t) ((z[0]>>16)&255) )] ^
162 cast_sbox8[U_INT8_Td(z[0])( (u_int8_t) ((z[0])&255) )] ^
163 cast_sbox8[U_INT8_Tc(x[2])( (u_int8_t) ((x[2]>>8)&255) )];
164 t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])( (u_int8_t) ((z[1])&255) )] ^
165 cast_sbox6[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )] ^
166 cast_sbox7[U_INT8_Tb(z[1])( (u_int8_t) ((z[1]>>16)&255) )] ^
167 cast_sbox8[U_INT8_Ta(z[1])( (u_int8_t) (z[1]>>24) )] ^
168 cast_sbox5[U_INT8_Tb(x[2])( (u_int8_t) ((x[2]>>16)&255) )];
169 t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])( (u_int8_t) ((z[2]>>8)&255) )] ^
170 cast_sbox6[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )] ^
171 cast_sbox7[U_INT8_Td(z[2])( (u_int8_t) ((z[2])&255) )] ^
172 cast_sbox8[U_INT8_Ta(z[2])( (u_int8_t) (z[2]>>24) )] ^
173 cast_sbox6[U_INT8_Td(x[2])( (u_int8_t) ((x[2])&255) )];
174 break;
175 case 4:
176 t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])( (u_int8_t) ((z[1]>>16)&255) )] ^
177 cast_sbox6[U_INT8_Td(z[1])( (u_int8_t) ((z[1])&255) )] ^
178 cast_sbox7[U_INT8_Ta(z[1])( (u_int8_t) (z[1]>>24) )] ^
179 cast_sbox8[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )] ^
180 cast_sbox7[U_INT8_Ta(z[0])( (u_int8_t) (z[0]>>24) )];
181 t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])( (u_int8_t) (x[0]>>24) )] ^
182 cast_sbox6[U_INT8_Tc(x[0])( (u_int8_t) ((x[0]>>8)&255) )] ^
183 cast_sbox7[U_INT8_Tb(x[0])( (u_int8_t) ((x[0]>>16)&255) )] ^
184 cast_sbox8[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )] ^
185 cast_sbox8[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
186 t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )] ^
187 cast_sbox6[U_INT8_Tc(x[1])( (u_int8_t) ((x[1]>>8)&255) )] ^
188 cast_sbox7[U_INT8_Tb(x[1])( (u_int8_t) ((x[1]>>16)&255) )] ^
189 cast_sbox8[U_INT8_Ta(x[1])( (u_int8_t) (x[1]>>24) )] ^
190 cast_sbox5[U_INT8_Tb(z[0])( (u_int8_t) ((z[0]>>16)&255) )];
191 t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])( (u_int8_t) ((x[2]>>8)&255) )] ^
192 cast_sbox6[U_INT8_Tb(x[2])( (u_int8_t) ((x[2]>>16)&255) )] ^
193 cast_sbox7[U_INT8_Td(x[2])( (u_int8_t) ((x[2])&255) )] ^
194 cast_sbox8[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )] ^
195 cast_sbox6[U_INT8_Td(z[0])( (u_int8_t) ((z[0])&255) )];
196 break;
197 }
198 switch (i & 12) {
199 case 0:
200 case 12:
201 key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])( (u_int8_t) (t[2]>>24) )] ^
202 cast_sbox6[U_INT8_Tb(t[2])( (u_int8_t) ((t[2]>>16)&255) )] ^
203 cast_sbox7[U_INT8_Td(t[1])( (u_int8_t) ((t[1])&255) )] ^
204 cast_sbox8[U_INT8_Tc(t[1])( (u_int8_t) ((t[1]>>8)&255) )];
205 key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])( (u_int8_t) ((t[2]>>8)&255) )] ^
206 cast_sbox6[U_INT8_Td(t[2])( (u_int8_t) ((t[2])&255) )] ^
207 cast_sbox7[U_INT8_Tb(t[1])( (u_int8_t) ((t[1]>>16)&255) )] ^
208 cast_sbox8[U_INT8_Ta(t[1])( (u_int8_t) (t[1]>>24) )];
209 key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])( (u_int8_t) (t[3]>>24) )] ^
210 cast_sbox6[U_INT8_Tb(t[3])( (u_int8_t) ((t[3]>>16)&255) )] ^
211 cast_sbox7[U_INT8_Td(t[0])( (u_int8_t) ((t[0])&255) )] ^
212 cast_sbox8[U_INT8_Tc(t[0])( (u_int8_t) ((t[0]>>8)&255) )];
213 key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])( (u_int8_t) ((t[3]>>8)&255) )] ^
214 cast_sbox6[U_INT8_Td(t[3])( (u_int8_t) ((t[3])&255) )] ^
215 cast_sbox7[U_INT8_Tb(t[0])( (u_int8_t) ((t[0]>>16)&255) )] ^
216 cast_sbox8[U_INT8_Ta(t[0])( (u_int8_t) (t[0]>>24) )];
217 break;
218 case 4:
219 case 8:
220 key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])( (u_int8_t) ((t[0])&255) )] ^
221 cast_sbox6[U_INT8_Tc(t[0])( (u_int8_t) ((t[0]>>8)&255) )] ^
222 cast_sbox7[U_INT8_Ta(t[3])( (u_int8_t) (t[3]>>24) )] ^
223 cast_sbox8[U_INT8_Tb(t[3])( (u_int8_t) ((t[3]>>16)&255) )];
224 key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])( (u_int8_t) ((t[0]>>16)&255) )] ^
225 cast_sbox6[U_INT8_Ta(t[0])( (u_int8_t) (t[0]>>24) )] ^
226 cast_sbox7[U_INT8_Tc(t[3])( (u_int8_t) ((t[3]>>8)&255) )] ^
227 cast_sbox8[U_INT8_Td(t[3])( (u_int8_t) ((t[3])&255) )];
228 key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])( (u_int8_t) ((t[1])&255) )] ^
229 cast_sbox6[U_INT8_Tc(t[1])( (u_int8_t) ((t[1]>>8)&255) )] ^
230 cast_sbox7[U_INT8_Ta(t[2])( (u_int8_t) (t[2]>>24) )] ^
231 cast_sbox8[U_INT8_Tb(t[2])( (u_int8_t) ((t[2]>>16)&255) )];
232 key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])( (u_int8_t) ((t[1]>>16)&255) )] ^
233 cast_sbox6[U_INT8_Ta(t[1])( (u_int8_t) (t[1]>>24) )] ^
234 cast_sbox7[U_INT8_Tc(t[2])( (u_int8_t) ((t[2]>>8)&255) )] ^
235 cast_sbox8[U_INT8_Td(t[2])( (u_int8_t) ((t[2])&255) )];
236 break;
237 }
238 switch (i & 12) {
239 case 0:
240 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
241 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )];
242 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )];
243 key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])( (u_int8_t) (z[3]>>24) )];
244 break;
245 case 4:
246 key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
247 key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )];
248 key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )];
249 key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )];
250 break;
251 case 8:
252 key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])( (u_int8_t) ((z[2]>>16)&255) )];
253 key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])( (u_int8_t) (z[3]>>24) )];
254 key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])( (u_int8_t) ((z[0]>>8)&255) )];
255 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])( (u_int8_t) ((z[1]>>8)&255) )];
256 break;
257 case 12:
258 key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])( (u_int8_t) ((x[0])&255) )];
259 key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])( (u_int8_t) ((x[1])&255) )];
260 key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])( (u_int8_t) (x[2]>>24) )];
261 key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])( (u_int8_t) ((x[3]>>16)&255) )];
262 break;
263 }
264 if (i >= 16) {
265 key->xkey[i+0] &= 31;
266 key->xkey[i+1] &= 31;
267 key->xkey[i+2] &= 31;
268 key->xkey[i+3] &= 31;
269 }
270 }
271 /* Wipe clean */
272 explicit_bzero(t, sizeof(t));
273 explicit_bzero(x, sizeof(x));
274 explicit_bzero(z, sizeof(z));
275}
276
277/* Made in Canada */