zuc.c
Go to the documentation of this file.
1 /**
2  * @file zuc.c
3  * @brief ZUC stream cipher (ZUC-128 and ZUC-256)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * ZUC-128 is a word-oriented stream cipher. It takes a 128-bit initial key and
30  * a 128-bit initialization vector (IV) as input, and outputs a key stream of
31  * 32-bit words. This key stream can be used for encryption/decryption. ZUC-256
32  * is the successor of ZUC-128. It works with a 256-bit key and a 128 or 184-bit
33  * initialization vector (IV)
34  *
35  * @author Oryx Embedded SARL (www.oryx-embedded.com)
36  * @version 2.5.4
37  **/
38 
39 //Switch to the appropriate trace level
40 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
41 
42 //Dependencies
43 #include "core/crypto.h"
44 #include "cipher/zuc.h"
45 
46 //Check crypto library configuration
47 #if (ZUC_SUPPORT == ENABLED)
48 
49 //Addition modulo (2^31 - 1)
50 #define ADD31(x, a, b) \
51 { \
52  x = (a) + (b); \
53  x = (x) + ((x) >> 31); \
54  x &= 0x7FFFFFFF; \
55 }
56 
57 //Multiplication by 2^n over GF(2^31 - 1)
58 #define MUL31(x, a, n) \
59 { \
60  x = ((a) << (n)) | ((a) >> (31 - (n))); \
61  x &= 0x7FFFFFFF; \
62 }
63 
64 //Shift operation
65 #define SHIFT496(s, s16) \
66 { \
67  s[0] = s[1]; \
68  s[1] = s[2]; \
69  s[2] = s[3]; \
70  s[3] = s[4]; \
71  s[4] = s[5]; \
72  s[5] = s[6]; \
73  s[6] = s[7]; \
74  s[7] = s[8]; \
75  s[8] = s[9]; \
76  s[9] = s[10]; \
77  s[10] = s[11]; \
78  s[11] = s[12]; \
79  s[12] = s[13]; \
80  s[13] = s[14]; \
81  s[14] = s[15]; \
82  s[15] = s16; \
83 }
84 
85 //Linear feedback shift register (initialization mode)
86 #define LFSR_WITH_INIT_MODE(s, u) \
87 { \
88  uint32_t s16; \
89  uint32_t temp; \
90  s16 = s[0]; \
91  MUL31(temp, s[0], 8); \
92  ADD31(s16, s16, temp); \
93  MUL31(temp, s[4], 20); \
94  ADD31(s16, s16, temp); \
95  MUL31(temp, s[10], 21); \
96  ADD31(s16, s16, temp); \
97  MUL31(temp, s[13], 17); \
98  ADD31(s16, s16, temp); \
99  MUL31(temp, s[15], 15); \
100  ADD31(s16, s16, temp); \
101  ADD31(s16, s16, u); \
102  SHIFT496(s, s16); \
103 }
104 
105 //Linear feedback shift register (working mode)
106 #define LFSR_WITH_WORKING_MODE(s) \
107 { \
108  uint32_t s16; \
109  uint32_t temp; \
110  s16 = s[0]; \
111  MUL31(temp, s[0], 8); \
112  ADD31(s16, s16, temp); \
113  MUL31(temp, s[4], 20); \
114  ADD31(s16, s16, temp); \
115  MUL31(temp, s[10], 21); \
116  ADD31(s16, s16, temp); \
117  MUL31(temp, s[13], 17); \
118  ADD31(s16, s16, temp); \
119  MUL31(temp, s[15], 15); \
120  ADD31(s16, s16, temp); \
121  SHIFT496(s, s16); \
122 }
123 
124 //Bit-reorganization
125 #define BIT_REORGANIZATION(x0, x1, x2, x3, s) \
126 { \
127  x0 = ((s[15] << 1) & 0xFFFF0000) | (s[14] & 0xFFFF); \
128  x1 = ((s[11] << 16) & 0xFFFF0000) | ((s[9] >> 15) & 0xFFFF); \
129  x2 = ((s[7] << 16) & 0xFFFF0000) | ((s[5] >> 15) & 0xFFFF); \
130  x3 = ((s[2] << 16) & 0xFFFF0000) | ((s[0] >> 15) & 0xFFFF); \
131 }
132 
133 //S-box S
134 #define S(x) ((uint32_t) s1[(x) & 0xFF] | \
135  ((uint32_t) s0[((x) >> 8) & 0xFF] << 8) | \
136  ((uint32_t) s1[((x) >> 16) & 0xFF] << 16) | \
137  ((uint32_t) s0[((x) >> 24) & 0xFF] << 24))
138 
139 //Linear transforms L1 and L2
140 #define L1(x) ((x) ^ ROL32(x, 2) ^ ROL32(x, 10) ^ ROL32(x, 18) ^ ROL32(x, 24))
141 #define L2(x) ((x) ^ ROL32(x, 8) ^ ROL32(x, 14) ^ ROL32(x, 22) ^ ROL32(x, 30))
142 
143 //Nonlinear function F
144 #define F(w, x0, x1, x2, r1, r2) \
145 { \
146  uint32_t w1; \
147  uint32_t w2; \
148  uint32_t temp; \
149  w = ((x0) ^ (r1)) + (r2); \
150  w1 = (r1) + (x1); \
151  w2 = (r2) ^ (x2); \
152  temp = (w1 << 16) | (w2 >> 16); \
153  temp = L1(temp); \
154  r1 = S(temp); \
155  temp = (w2 << 16) | (w1 >> 16); \
156  temp = L2(temp); \
157  r2 = S(temp); \
158 }
159 
160 //Key loading (ZUC-128)
161 #define LOAD1(a, b, c) (((uint32_t) (a) << 23) | \
162  ((uint32_t) (b) << 8) | (uint32_t) (c))
163 
164 //Key loading (ZUC-256)
165 #define LOAD2(a, b, c, d) (((uint32_t) (a) << 23) | \
166  ((uint32_t) ((b) & 0x7F) << 16) | \
167  ((uint32_t) (c) << 8) | (uint32_t) (d))
168 
169 //Constant D (ZUC-128)
170 static const uint16_t d1[16] =
171 {
172  0x44D7, 0x26BC, 0x626B, 0x135E, 0x5789, 0x35E2, 0x7135, 0x09AF,
173  0x4D78, 0x2F13, 0x6BC4, 0x1AF1, 0x5E26, 0x3C4D, 0x789A, 0x47AC
174 };
175 
176 //Constant D (ZUC-256 with 128-bit IV)
177 static const uint8_t d2[16] =
178 {
179  0x64, 0x43, 0x7B, 0x2A, 0x11, 0x05, 0x51, 0x42, 0x1A, 0x31, 0x18, 0x66, 0x14, 0x2E, 0x01, 0x5C
180 };
181 
182 //Constant D (ZUC-256 with 184-bit IV)
183 static const uint8_t d3[16] =
184 {
185  0x22, 0x2F, 0x24, 0x2A, 0x6D, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x52, 0x10, 0x30
186 };
187 
188 //S-box S0
189 static const uint8_t s0[256] =
190 {
191  0x3E, 0x72, 0x5B, 0x47, 0xCA, 0xE0, 0x00, 0x33, 0x04, 0xD1, 0x54, 0x98, 0x09, 0xB9, 0x6D, 0xCB,
192  0x7B, 0x1B, 0xF9, 0x32, 0xAF, 0x9D, 0x6A, 0xA5, 0xB8, 0x2D, 0xFC, 0x1D, 0x08, 0x53, 0x03, 0x90,
193  0x4D, 0x4E, 0x84, 0x99, 0xE4, 0xCE, 0xD9, 0x91, 0xDD, 0xB6, 0x85, 0x48, 0x8B, 0x29, 0x6E, 0xAC,
194  0xCD, 0xC1, 0xF8, 0x1E, 0x73, 0x43, 0x69, 0xC6, 0xB5, 0xBD, 0xFD, 0x39, 0x63, 0x20, 0xD4, 0x38,
195  0x76, 0x7D, 0xB2, 0xA7, 0xCF, 0xED, 0x57, 0xC5, 0xF3, 0x2C, 0xBB, 0x14, 0x21, 0x06, 0x55, 0x9B,
196  0xE3, 0xEF, 0x5E, 0x31, 0x4F, 0x7F, 0x5A, 0xA4, 0x0D, 0x82, 0x51, 0x49, 0x5F, 0xBA, 0x58, 0x1C,
197  0x4A, 0x16, 0xD5, 0x17, 0xA8, 0x92, 0x24, 0x1F, 0x8C, 0xFF, 0xD8, 0xAE, 0x2E, 0x01, 0xD3, 0xAD,
198  0x3B, 0x4B, 0xDA, 0x46, 0xEB, 0xC9, 0xDE, 0x9A, 0x8F, 0x87, 0xD7, 0x3A, 0x80, 0x6F, 0x2F, 0xC8,
199  0xB1, 0xB4, 0x37, 0xF7, 0x0A, 0x22, 0x13, 0x28, 0x7C, 0xCC, 0x3C, 0x89, 0xC7, 0xC3, 0x96, 0x56,
200  0x07, 0xBF, 0x7E, 0xF0, 0x0B, 0x2B, 0x97, 0x52, 0x35, 0x41, 0x79, 0x61, 0xA6, 0x4C, 0x10, 0xFE,
201  0xBC, 0x26, 0x95, 0x88, 0x8A, 0xB0, 0xA3, 0xFB, 0xC0, 0x18, 0x94, 0xF2, 0xE1, 0xE5, 0xE9, 0x5D,
202  0xD0, 0xDC, 0x11, 0x66, 0x64, 0x5C, 0xEC, 0x59, 0x42, 0x75, 0x12, 0xF5, 0x74, 0x9C, 0xAA, 0x23,
203  0x0E, 0x86, 0xAB, 0xBE, 0x2A, 0x02, 0xE7, 0x67, 0xE6, 0x44, 0xA2, 0x6C, 0xC2, 0x93, 0x9F, 0xF1,
204  0xF6, 0xFA, 0x36, 0xD2, 0x50, 0x68, 0x9E, 0x62, 0x71, 0x15, 0x3D, 0xD6, 0x40, 0xC4, 0xE2, 0x0F,
205  0x8E, 0x83, 0x77, 0x6B, 0x25, 0x05, 0x3F, 0x0C, 0x30, 0xEA, 0x70, 0xB7, 0xA1, 0xE8, 0xA9, 0x65,
206  0x8D, 0x27, 0x1A, 0xDB, 0x81, 0xB3, 0xA0, 0xF4, 0x45, 0x7A, 0x19, 0xDF, 0xEE, 0x78, 0x34, 0x60
207 };
208 
209 //S-box S1
210 static const uint8_t s1[256] =
211 {
212  0x55, 0xC2, 0x63, 0x71, 0x3B, 0xC8, 0x47, 0x86, 0x9F, 0x3C, 0xDA, 0x5B, 0x29, 0xAA, 0xFD, 0x77,
213  0x8C, 0xC5, 0x94, 0x0C, 0xA6, 0x1A, 0x13, 0x00, 0xE3, 0xA8, 0x16, 0x72, 0x40, 0xF9, 0xF8, 0x42,
214  0x44, 0x26, 0x68, 0x96, 0x81, 0xD9, 0x45, 0x3E, 0x10, 0x76, 0xC6, 0xA7, 0x8B, 0x39, 0x43, 0xE1,
215  0x3A, 0xB5, 0x56, 0x2A, 0xC0, 0x6D, 0xB3, 0x05, 0x22, 0x66, 0xBF, 0xDC, 0x0B, 0xFA, 0x62, 0x48,
216  0xDD, 0x20, 0x11, 0x06, 0x36, 0xC9, 0xC1, 0xCF, 0xF6, 0x27, 0x52, 0xBB, 0x69, 0xF5, 0xD4, 0x87,
217  0x7F, 0x84, 0x4C, 0xD2, 0x9C, 0x57, 0xA4, 0xBC, 0x4F, 0x9A, 0xDF, 0xFE, 0xD6, 0x8D, 0x7A, 0xEB,
218  0x2B, 0x53, 0xD8, 0x5C, 0xA1, 0x14, 0x17, 0xFB, 0x23, 0xD5, 0x7D, 0x30, 0x67, 0x73, 0x08, 0x09,
219  0xEE, 0xB7, 0x70, 0x3F, 0x61, 0xB2, 0x19, 0x8E, 0x4E, 0xE5, 0x4B, 0x93, 0x8F, 0x5D, 0xDB, 0xA9,
220  0xAD, 0xF1, 0xAE, 0x2E, 0xCB, 0x0D, 0xFC, 0xF4, 0x2D, 0x46, 0x6E, 0x1D, 0x97, 0xE8, 0xD1, 0xE9,
221  0x4D, 0x37, 0xA5, 0x75, 0x5E, 0x83, 0x9E, 0xAB, 0x82, 0x9D, 0xB9, 0x1C, 0xE0, 0xCD, 0x49, 0x89,
222  0x01, 0xB6, 0xBD, 0x58, 0x24, 0xA2, 0x5F, 0x38, 0x78, 0x99, 0x15, 0x90, 0x50, 0xB8, 0x95, 0xE4,
223  0xD0, 0x91, 0xC7, 0xCE, 0xED, 0x0F, 0xB4, 0x6F, 0xA0, 0xCC, 0xF0, 0x02, 0x4A, 0x79, 0xC3, 0xDE,
224  0xA3, 0xEF, 0xEA, 0x51, 0xE6, 0x6B, 0x18, 0xEC, 0x1B, 0x2C, 0x80, 0xF7, 0x74, 0xE7, 0xFF, 0x21,
225  0x5A, 0x6A, 0x54, 0x1E, 0x41, 0x31, 0x92, 0x35, 0xC4, 0x33, 0x07, 0x0A, 0xBA, 0x7E, 0x0E, 0x34,
226  0x88, 0xB1, 0x98, 0x7C, 0xF3, 0x3D, 0x60, 0x6C, 0x7B, 0xCA, 0xD3, 0x1F, 0x32, 0x65, 0x04, 0x28,
227  0x64, 0xBE, 0x85, 0x9B, 0x2F, 0x59, 0x8A, 0xD7, 0xB0, 0x25, 0xAC, 0xAF, 0x12, 0x03, 0xE2, 0xF2
228 };
229 
230 
231 /**
232  * @brief Initialize ZUC context using the supplied key and IV
233  * @param[in] context Pointer to the ZUC context to initialize
234  * @param[in] key Pointer to the key
235  * @param[in] keyLen Length of the key
236  * @param[in] iv Pointer to the initialization vector
237  * @param[in] ivLen Length of the initialization vector
238  * @return Error code
239  **/
240 
241 error_t zucInit(ZucContext *context, const uint8_t *key, size_t keyLen,
242  const uint8_t *iv, size_t ivLen)
243 {
244  uint_t i;
245  uint32_t w;
246  uint32_t x0;
247  uint32_t x1;
248  uint32_t x2;
249  uint32_t x3;
250 
251  //Check parameters
252  if(context == NULL || key == NULL || iv == NULL)
253  return ERROR_INVALID_PARAMETER;
254 
255  //Initialize variables
256  context->ks = 0;
257  context->n = 0;
258 
259  //Check the length of the key and IV
260  if(keyLen == 16 && ivLen == 16)
261  {
262  //Load the key, IV and constants into the LFSR (ZUC-128)
263  context->s[0] = LOAD1(key[0], d1[0], iv[0]);
264  context->s[1] = LOAD1(key[1], d1[1], iv[1]);
265  context->s[2] = LOAD1(key[2], d1[2], iv[2]);
266  context->s[3] = LOAD1(key[3], d1[3], iv[3]);
267  context->s[4] = LOAD1(key[4], d1[4], iv[4]);
268  context->s[5] = LOAD1(key[5], d1[5], iv[5]);
269  context->s[6] = LOAD1(key[6], d1[6], iv[6]);
270  context->s[7] = LOAD1(key[7], d1[7], iv[7]);
271  context->s[8] = LOAD1(key[8], d1[8], iv[8]);
272  context->s[9] = LOAD1(key[9], d1[9], iv[9]);
273  context->s[10] = LOAD1(key[10], d1[10], iv[10]);
274  context->s[11] = LOAD1(key[11], d1[11], iv[11]);
275  context->s[12] = LOAD1(key[12], d1[12], iv[12]);
276  context->s[13] = LOAD1(key[13], d1[13], iv[13]);
277  context->s[14] = LOAD1(key[14], d1[14], iv[14]);
278  context->s[15] = LOAD1(key[15], d1[15], iv[15]);
279  }
280  else if(keyLen == 32 && ivLen == 16)
281  {
282  //Load the key, IV and constants into the LFSR (ZUC-256 with 128-bit IV)
283  context->s[0] = LOAD2(key[0], d2[0], key[16], key[24]);
284  context->s[1] = LOAD2(key[1], d2[1], key[17], key[25]);
285  context->s[2] = LOAD2(key[2], d2[2], key[18], key[26]);
286  context->s[3] = LOAD2(key[3], d2[3], key[19], key[27]);
287  context->s[4] = LOAD2(key[4], d2[4], key[20], key[28]);
288  context->s[5] = LOAD2(key[5], d2[5], key[21], key[29]);
289  context->s[6] = LOAD2(key[6], d2[6], key[22], key[30]);
290  context->s[7] = LOAD2(key[7], d2[7], iv[0], iv[8]);
291  context->s[8] = LOAD2(key[8], d2[8], iv[1], iv[9]);
292  context->s[9] = LOAD2(key[9], d2[9], iv[2], iv[10]);
293  context->s[10] = LOAD2(key[10], d2[10], iv[3], iv[11]);
294  context->s[11] = LOAD2(key[11], d2[11], iv[4], iv[12]);
295  context->s[12] = LOAD2(key[12], d2[12], iv[5], iv[13]);
296  context->s[13] = LOAD2(key[13], d2[13], iv[6], iv[14]);
297  context->s[14] = LOAD2(key[14], d2[14], iv[7], iv[15]);
298  context->s[15] = LOAD2(key[15], d2[15], key[23], key[31]);
299  }
300  else if(keyLen == 32 && ivLen == 25)
301  {
302  //Load the key, IV and constants into the LFSR (ZUC-256 with 184-bit IV)
303  context->s[0] = LOAD2(key[0], d3[0], key[21], key[16]);
304  context->s[1] = LOAD2(key[1], d3[1], key[22], key[17]);
305  context->s[2] = LOAD2(key[2], d3[2], key[23], key[18]);
306  context->s[3] = LOAD2(key[3], d3[3], key[24], key[19]);
307  context->s[4] = LOAD2(key[4], d3[4], key[25], key[20]);
308  context->s[5] = LOAD2(iv[0], d3[5] | (iv[17] & 0x3F), key[5], key[26]);
309  context->s[6] = LOAD2(iv[1], d3[6] | (iv[18] & 0x3F), key[6], key[27]);
310  context->s[7] = LOAD2(iv[10], d3[7] | (iv[19] & 0x3F), key[7], iv[2]);
311  context->s[8] = LOAD2(key[8], d3[8] | (iv[20] & 0x3F), iv[3], iv[11]);
312  context->s[9] = LOAD2(key[9], d3[9] | (iv[21] & 0x3F), iv[12], iv[4]);
313  context->s[10] = LOAD2(iv[5], d3[10] | (iv[22] & 0x3F), key[10], key[28]);
314  context->s[11] = LOAD2(key[11], d3[11] | (iv[23] & 0x3F), iv[6], iv[13]);
315  context->s[12] = LOAD2(key[12], d3[12] | (iv[24] & 0x3F), iv[7], iv[14]);
316  context->s[13] = LOAD2(key[13], d3[13], iv[15], iv[8]);
317  context->s[14] = LOAD2(key[14], d3[14] | ((key[31] >> 4) & 0x0F), iv[16], iv[9]);
318  context->s[15] = LOAD2(key[15], d3[15] | (key[31] & 0x0F), key[30], key[29]);
319  }
320  else
321  {
322  //Report an error
323  return ERROR_INVALID_PARAMETER;
324  }
325 
326  //Set the 32-bit memory cells R1 and R2 to be all 0
327  context->r1 = 0;
328  context->r2 = 0;
329 
330  //Then the cipher runs the following operations 32 times
331  for(i = 0; i < 32; i++)
332  {
333  BIT_REORGANIZATION(x0, x1, x2, x3, context->s);
334  F(w, x0, x1, x2, context->r1, context->r2);
335  w >>= 1;
336  LFSR_WITH_INIT_MODE(context->s, w);
337  }
338 
339  //After the initialization stage, the algorithm moves into the working
340  //stage. At the working stage, the algorithm executes the following
341  //operations once, and discards the output w of F
342  BIT_REORGANIZATION(x0, x1, x2, x3, context->s);
343  F(w, x0, x1, x2, context->r1, context->r2);
344  LFSR_WITH_WORKING_MODE(context->s);
345 
346  //Successful initialization
347  return NO_ERROR;
348 }
349 
350 
351 /**
352  * @brief Generate key stream
353  * @param[in] context Pointer to the ZUC context
354  * @param[in] output Pointer to the resulting key stream (optional)
355  * @param[in] length Number of 32-bit words to be generate
356  **/
357 
358 void zucGenerateKeyStream(ZucContext *context, uint32_t *output,
359  size_t length)
360 {
361  uint_t i;
362  uint32_t z;
363  uint32_t x0;
364  uint32_t x1;
365  uint32_t x2;
366  uint32_t x3;
367 
368  //Produce key stream words
369  for(i = 0; i < length; i++)
370  {
371  //For each iteration, the following operations are executed once, and
372  //a 32-bit word Z is produced as an output
373  BIT_REORGANIZATION(x0, x1, x2, x3, context->s);
374  F(z, x0, x1, x2, context->r1, context->r2);
375  z ^= x3;
376  LFSR_WITH_WORKING_MODE(context->s);
377 
378  //Valid output pointer?
379  if(output != NULL)
380  {
381  output[i] = z;
382  }
383  }
384 }
385 
386 
387 /**
388  * @brief Encrypt/decrypt data with the ZUC algorithm
389  * @param[in] context Pointer to the ZUC context
390  * @param[in] input Pointer to the data to encrypt/decrypt (optional)
391  * @param[in] output Pointer to the resulting data (optional)
392  * @param[in] length Length of the input data
393  **/
394 
395 void zucCipher(ZucContext *context, const uint8_t *input, uint8_t *output,
396  size_t length)
397 {
398  size_t i;
399 
400  //Encryption loop
401  for(i = 0; i < length; i++)
402  {
403  //Generate one 32-bit word of key stream when necessary
404  if(context->n == 0 || context->n >= 4)
405  {
406  zucGenerateKeyStream(context, &context->ks, 1);
407  context->n = 0;
408  }
409 
410  //Valid output pointer?
411  if(output != NULL)
412  {
413  //Valid input pointer?
414  if(input != NULL)
415  {
416  //XOR the input data with the key stream
417  output[i] = input[i] ^ ((context->ks >> 24) & 0xFF);
418  }
419  else
420  {
421  //Output the key stream
422  output[i] = (context->ks >> 24) & 0xFF;
423  }
424  }
425 
426  //Get the next byte from the 32-bit word
427  context->ks <<= 8;
428  context->n++;
429  }
430 }
431 
432 
433 /**
434  * @brief Release ZUC context
435  * @param[in] context Pointer to the ZUC context
436  **/
437 
438 void zucDeinit(ZucContext *context)
439 {
440  //Clear ZUC context
441  osMemset(context, 0, sizeof(ZucContext));
442 }
443 
444 #endif
LOAD1
#define LOAD1(a, b, c)
Definition: zuc.c:161
ZucContext::r2
uint32_t r2
Definition: zuc.h:50
LOAD2
#define LOAD2(a, b, c, d)
Definition: zuc.c:165
ZucContext::ks
uint32_t ks
Definition: zuc.h:52
zuc.h
ZUC stream cipher (ZUC-128 and ZUC-256)
LFSR_WITH_INIT_MODE
#define LFSR_WITH_INIT_MODE(s, u)
Definition: zuc.c:86
F
#define F(w, x0, x1, x2, r1, r2)
Definition: zuc.c:144
ZucContext::s
uint32_t s[16]
Definition: zuc.h:51
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
zucInit
error_t zucInit(ZucContext *context, const uint8_t *key, size_t keyLen, const uint8_t *iv, size_t ivLen)
Initialize ZUC context using the supplied key and IV.
Definition: zuc.c:241
error_t
error_t
Error codes.
Definition: error.h:43
ZucContext::r1
uint32_t r1
Definition: zuc.h:49
crypto.h
General definitions for cryptographic algorithms.
iv
uint8_t iv[]
Definition: ike.h:1659
BIT_REORGANIZATION
#define BIT_REORGANIZATION(x0, x1, x2, x3, s)
Definition: zuc.c:125
LFSR_WITH_WORKING_MODE
#define LFSR_WITH_WORKING_MODE(s)
Definition: zuc.c:106
length
uint8_t length
Definition: tcp.h:375
ZucContext::n
size_t n
Definition: zuc.h:53
z
uint8_t z
Definition: dns_common.h:194
ZucContext
ZUC algorithm context.
Definition: zuc.h:48
zucGenerateKeyStream
void zucGenerateKeyStream(ZucContext *context, uint32_t *output, size_t length)
Generate key stream.
Definition: zuc.c:358
zucCipher
void zucCipher(ZucContext *context, const uint8_t *input, uint8_t *output, size_t length)
Encrypt/decrypt data with the ZUC algorithm.
Definition: zuc.c:395
zucDeinit
void zucDeinit(ZucContext *context)
Release ZUC context.
Definition: zuc.c:438
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44