3 * This file is distributed under the same license as OpenSSL
6 #if defined(__cplusplus)
10 #include "gost_grasshopper_core.h"
11 #include "gost_grasshopper_math.h"
12 #include "gost_grasshopper_precompiled.h"
13 #include "gost_grasshopper_defines.h"
15 static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t* w) {
21 for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) {
23 // An LFSR with 16 elements from GF(2^8)
24 x = w->b[15]; // since lvec[15] = 1
26 for (i = 14; i >= 0; i--) {
27 w->b[i + 1] = w->b[i];
28 x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]);
34 static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t* w) {
40 for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) {
43 for (i = 0; i < 15; i++) {
44 w->b[i] = w->b[i + 1];
45 x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]);
53 void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) {
54 grasshopper_w128_t c, x, y, z;
57 for (i = 0; i < 16; i++) {
58 // this will be have to changed for little-endian systems
60 y.b[i] = key->k.b[i + 16];
63 grasshopper_copy128(&subkeys->k[0], &x);
64 grasshopper_copy128(&subkeys->k[1], &y);
66 for (i = 1; i <= 32; i++) {
69 grasshopper_zero128(&c);
70 c.b[15] = (uint8_t) i; // load round in lsb
73 grasshopper_plus128(&z, &x, &c);
74 grasshopper_convert128(&z, grasshopper_pi);
76 grasshopper_append128(&z, &y);
78 grasshopper_copy128(&y, &x);
79 grasshopper_copy128(&x, &z);
83 grasshopper_copy128(&subkeys->k[k], &x);
84 grasshopper_copy128(&subkeys->k[k + 1], &y);
89 grasshopper_zero128(&c);
90 grasshopper_zero128(&x);
91 grasshopper_zero128(&y);
92 grasshopper_zero128(&z);
95 void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) {
97 grasshopper_set_encrypt_key(subkeys, key);
99 for (i = 1; i < 10; i++) {
100 grasshopper_l_inv(&subkeys->k[i]);
104 void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
105 grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
107 grasshopper_copy128(target, source);
109 for (i = 0; i < 9; i++) {
110 grasshopper_append128(target, &subkeys->k[i]);
111 grasshopper_append128multi(buffer, target, grasshopper_pil_enc128);
114 grasshopper_append128(target, &subkeys->k[9]);
117 void grasshopper_encrypt_block2(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
118 grasshopper_w128_t* target) {
119 grasshopper_w128_t buffer;
120 grasshopper_encrypt_block(subkeys, source, target, &buffer);
121 grasshopper_zero128(&buffer);
124 void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
125 grasshopper_w128_t* target, grasshopper_w128_t* buffer) {
127 grasshopper_copy128(target, source);
129 grasshopper_append128multi(buffer, target, grasshopper_l_dec128);
131 for (i = 9; i > 1; i--) {
132 grasshopper_append128(target, &subkeys->k[i]);
133 grasshopper_append128multi(buffer, target, grasshopper_pil_dec128);
136 grasshopper_append128(target, &subkeys->k[1]);
137 grasshopper_convert128(target, grasshopper_pi_inv);
138 grasshopper_append128(target, &subkeys->k[0]);
141 void grasshopper_decrypt_block2(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source,
142 grasshopper_w128_t* target) {
143 grasshopper_w128_t buffer;
144 grasshopper_decrypt_block(subkeys, source, target, &buffer);
145 grasshopper_zero128(&buffer);
148 #if defined(__cplusplus)