Cryptomeria c2 Spec
Cryptomeria c2 Spec
Cryptomeria c2 Spec
Intel Corporation International Business Machines Corporation Matsushita Electric Industrial Co., Ltd. Toshiba Corporation
Notice
THIS DOCUMENT IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. IBM, Intel, MEI, and Toshiba disclaim all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express or implied, by estoppel or otherwise, to any intellectual property rights are granted herein. Implementations of the cryptographic functions described in this specification may be subject to export control by the United States, Japanese, and/or other governments. Copyright 1999-2003 by International Business Machines Corporation, Intel Corporation, Matsushita Electric Industrial Co., Ltd., and Toshiba Corporation. Third-party brands and names are the property of their respective owners.
Intellectual Property
Implementation of this specification requires a license from the 4C Entity, LLC.
Contact Information
The URL for the 4C Entity, LLC web site is http://www.4Centity.com.
Page 2
4C Entity, LLC
Introduction
The Cryptomeria Cipher (C2) is a Feistel network-based block cipher designed for use in the area of digital entertainment content protection. The cipher was designed for cryptographic robustness, efficiency when implemented in software, and small size when implemented in hardware. The C2 cipher has the following basic characteristics:
Input Block Size Output Block Size Input Key Size Number of Rounds
This document contains a description of the cipher algorithm, provided as code written in the C programming language. Four functions are provided, which define the ciphers four basic modes of operation, as follows: C2_E: C2_D: Encryption in Electronic Codebook (ECB) Mode, as defined in ISO 8372 or ISO/IEC 10116 Decryption in ECB Mode
C2_ECBC: Encryption in Converted Cipher Block Chaining (C-CBC) Mode C2_DCBC: Decryption in C-CBC Mode
Unless explicitly noted otherwise, the functions assume big-endian ordering for multiple-byte values, meaning that byte 0 is the most significant byte.
4C Entity, LLC
Page 3
Prologue
/* This source assumes a Big Endian machine (most significant byte first), where the "long" is 32 bits: */ typedef unsigned long WORD32; typedef unsigned char BYTE; /* Logical left rotate macros: */ #define lrot8(x,n) (((x)<<(n))|((x)>>(8-(n)))) #define lrot32(x,n) (((WORD32)(x)<<(n))|((WORD32)(x)>>(32-(n)))) /* The secret constant is available under license from the 4C Entity, LLC. */ extern const BYTE SecretConstant[256]; /* The cipher has 10 rounds: */ #define MaxRound 10 /* F is the Feistel round function: */ static WORD32 F(WORD32 data, WORD32 key) { WORD32 t; BYTE v[4], u; /* Key Insersion */ t = data+key; /* Secret Constant */ v[3] = (BYTE)((t>>24)&0xff); v[2] = (BYTE)((t>>16)&0xff); v[1] = (BYTE)((t>> 8)&0xff); v[0] = SecretConstant[t&0xff]; u = v[0]^0x65; v[1] ^= lrot8(u,1); u = v[0]^0x2b; v[2] ^= lrot8(u,5); u = v[0]^0xc9; v[3] ^= lrot8(u,2); /* Rotate */ t = ((WORD32)v[3]<<24)|((WORD32)v[2]<<16)|((WORD32)v[1]<<8)|(WORD32)v[0]; t ^= lrot32(t,9) ^ lrot32(t,22); return t; }
Page 4
4C Entity, LLC
4C Entity, LLC
Page 5
Page 6
4C Entity, LLC
/* Output */ *inout++ = L; *inout++ = R; /* Subsequent blocks after the first use a truncated key schedule: */ keyRound = 2; } return; }
4C Entity, LLC
Page 7
t = L; L = R; R = t; // swap cancel /* Output */ *inout++ = L; *inout++ = R; /* Subsequent blocks after the first use a truncated key schedule: */ keyRound = 2; } return; }
Page 8
4C Entity, LLC
C2 Block Cipher Specification Revision 1.0 This page is left intentionally blank.
4C Entity, LLC
Page 9