gost_grasshopper_core.c

   1 /*
   2  * Maxim Tishkov 2016
   3  * This file is distributed under the same license as OpenSSL
   4  */
   5
   6 #if defined(__cplusplus)
   7 extern "C" {
   8 #endif
   9
  10 #include "gost_grasshopper_core.h"
  11 #include "gost_grasshopper_math.h"
  12 #include "gost_grasshopper_precompiled.h"
  13 #include "gost_grasshopper_defines.h"
  14
  15 static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t* w) {
  16     uint8_t x;
  17                 unsigned int j;
  18                 int i;
  19
  20     // 16 rounds
  21     for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) {
  22
  23         // An LFSR with 16 elements from GF(2^8)
  24         x = w->b[15];    // since lvec[15] = 1
  25
  26         for (i = 14; i >= 0; i--) {
  27             w->b[i + 1] = w->b[i];
  28             x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]);
  29         }
  30         w->b[0] = x;
  31     }
  32 }
  33
  34 static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t* w) {
  35     uint8_t x;
  36                 unsigned int j;
  37                 int i;
  38
  39     // 16 rounds
  40     for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) {
  41
  42         x = w->b[0];
  43         for (i = 0; i < 15; i++) {
  44             w->b[i] = w->b[i + 1];
  45             x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]);
  46         }
  47         w->b[15] = x;
  48     }
  49 }
  50
  51 // key setup
  52
  53 void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) {
  54     grasshopper_w128_t c, x, y, z;
  55                 int i;
  56
  57     for (i = 0; i < 16; i++) {
  58         // this will be have to changed for little-endian systems
  59         x.b[i] = key->k.b[i];
  60         y.b[i] = key->k.b[i + 16];
  61     }
  62
  63     grasshopper_copy128(&subkeys->k[0], &x);
  64     grasshopper_copy128(&subkeys->k[1], &y);
  65
  66     for (i = 1; i <= 32; i++) {
  67
  68         // C Value
  69         grasshopper_zero128(&c);
  70         c.b[15] = (uint8_t) i;        // load round in lsb
  71         grasshopper_l(&c);
  72
  73         grasshopper_plus128(&z, &x, &c);
  74         grasshopper_convert128(&z, grasshopper_pi);
  75         grasshopper_l(&z);
  76         grasshopper_append128(&z, &y);
  77
  78         grasshopper_copy128(&y, &x);
  79         grasshopper_copy128(&x, &z);
  80
  81         if ((i & 7) == 0) {
  82             int k = i >> 2;
  83             grasshopper_copy128(&subkeys->k[k], &x);
  84             grasshopper_copy128(&subkeys->k[k + 1], &y);
  85         }
  86     }
  87
  88     // security++
  89     grasshopper_zero128(&c);
  90     grasshopper_zero128(&x);
  91     grasshopper_zero128(&y);
  92     grasshopper_zero128(&z);
  93 }
  94
  95 void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) {
  96                 int i;
  97     grasshopper_set_encrypt_key(subkeys, key);
  98
  99     for (i = 1; i < 10; i++) {
 100         grasshopper_l_inv(&subkeys->k[i]);
 101     }
 102 }
 103
 104 void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
 105                                grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
 106                 int i;
 107     grasshopper_copy128(target, source);
 108
 109     for (i = 0; i < 9; i++) {
 110         grasshopper_append128(target, &subkeys->k[i]);
 111         grasshopper_append128multi(buffer, target, grasshopper_pil_enc128);
 112     }
 113
 114     grasshopper_append128(target, &subkeys->k[9]);
 115 }
 116
 117 void grasshopper_encrypt_block2(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
 118                                 grasshopper_w128_t* target) {
 119     grasshopper_w128_t buffer;
 120     grasshopper_encrypt_block(subkeys, source, target, &buffer);
 121     grasshopper_zero128(&buffer);
 122 }
 123
 124 void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
 125                                grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
 126                 int i;
 127     grasshopper_copy128(target, source);
 128
 129     grasshopper_append128multi(buffer, target, grasshopper_l_dec128);
 130
 131     for (i = 9; i > 1; i--) {
 132         grasshopper_append128(target, &subkeys->k[i]);
 133         grasshopper_append128multi(buffer, target, grasshopper_pil_dec128);
 134     }
 135
 136     grasshopper_append128(target, &subkeys->k[1]);
 137     grasshopper_convert128(target, grasshopper_pi_inv);
 138     grasshopper_append128(target, &subkeys->k[0]);
 139 }
 140
 141 void grasshopper_decrypt_block2(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
 142                                 grasshopper_w128_t* target) {
 143     grasshopper_w128_t buffer;
 144     grasshopper_decrypt_block(subkeys, source, target, &buffer);
 145     grasshopper_zero128(&buffer);
 146 }
 147
 148 #if defined(__cplusplus)
 149 }
 150 #endif