Botan 3.5.0
Crypto and TLS for C&
gost_28147.cpp
Go to the documentation of this file.
1/*
2* GOST 28147-89
3* (C) 1999-2009,2011 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/gost_28147.h>
9
10#include <botan/exceptn.h>
11#include <botan/internal/fmt.h>
12#include <botan/internal/loadstor.h>
13#include <botan/internal/rotate.h>
14
15namespace Botan {
16
17uint8_t GOST_28147_89_Params::sbox_entry(size_t row, size_t col) const {
18 const uint8_t x = m_sboxes[4 * col + (row / 2)];
19 return (row % 2 == 0) ? (x >> 4) : (x & 0x0F);
20}
21
22uint8_t GOST_28147_89_Params::sbox_pair(size_t row, size_t col) const {
23 const uint8_t x = m_sboxes[4 * (col % 16) + row];
24 const uint8_t y = m_sboxes[4 * (col / 16) + row];
25 return (x >> 4) | (y << 4);
26}
27
28GOST_28147_89_Params::GOST_28147_89_Params(std::string_view n) : m_name(n) {
29 // Encoded in the packed fromat from RFC 4357
30
31 // GostR3411_94_TestParamSet (OID 1.2.643.2.2.31.0)
32 static const uint8_t GOST_R_3411_TEST_PARAMS[64] = {
33 0x4E, 0x57, 0x64, 0xD1, 0xAB, 0x8D, 0xCB, 0xBF, 0x94, 0x1A, 0x7A, 0x4D, 0x2C, 0xD1, 0x10, 0x10,
34 0xD6, 0xA0, 0x57, 0x35, 0x8D, 0x38, 0xF2, 0xF7, 0x0F, 0x49, 0xD1, 0x5A, 0xEA, 0x2F, 0x8D, 0x94,
35 0x62, 0xEE, 0x43, 0x09, 0xB3, 0xF4, 0xA6, 0xA2, 0x18, 0xC6, 0x98, 0xE3, 0xC1, 0x7C, 0xE5, 0x7E,
36 0x70, 0x6B, 0x09, 0x66, 0xF7, 0x02, 0x3C, 0x8B, 0x55, 0x95, 0xBF, 0x28, 0x39, 0xB3, 0x2E, 0xCC};
37
38 // GostR3411-94-CryptoProParamSet (OID 1.2.643.2.2.31.1)
39 static const uint8_t GOST_R_3411_CRYPTOPRO_PARAMS[64] = {
40 0xA5, 0x74, 0x77, 0xD1, 0x4F, 0xFA, 0x66, 0xE3, 0x54, 0xC7, 0x42, 0x4A, 0x60, 0xEC, 0xB4, 0x19,
41 0x82, 0x90, 0x9D, 0x75, 0x1D, 0x4F, 0xC9, 0x0B, 0x3B, 0x12, 0x2F, 0x54, 0x79, 0x08, 0xA0, 0xAF,
42 0xD1, 0x3E, 0x1A, 0x38, 0xC7, 0xB1, 0x81, 0xC6, 0xE6, 0x56, 0x05, 0x87, 0x03, 0x25, 0xEB, 0xFE,
43 0x9C, 0x6D, 0xF8, 0x6D, 0x2E, 0xAB, 0xDE, 0x20, 0xBA, 0x89, 0x3C, 0x92, 0xF8, 0xD3, 0x53, 0xBC};
44
45 if(m_name == "R3411_94_TestParam") {
46 m_sboxes = GOST_R_3411_TEST_PARAMS;
47 } else if(m_name == "R3411_CryptoPro") {
48 m_sboxes = GOST_R_3411_CRYPTOPRO_PARAMS;
49 } else {
50 throw Invalid_Argument(fmt("GOST_28147_89_Params: Unknown sbox params '{}'", m_name));
51 }
52}
53
54/*
55* GOST Constructor
56*/
58 m_SBOX(1024), m_name(fmt("GOST-28147-89({})", param.param_name())) {
59 // Convert the parallel 4x4 sboxes into larger word-based sboxes
60
61 for(size_t i = 0; i != 256; ++i) {
62 m_SBOX[i] = rotl<11, uint32_t>(param.sbox_pair(0, i));
63 m_SBOX[i + 256] = rotl<19, uint32_t>(param.sbox_pair(1, i));
64 m_SBOX[i + 512] = rotl<27, uint32_t>(param.sbox_pair(2, i));
65 m_SBOX[i + 768] = rotl<3, uint32_t>(param.sbox_pair(3, i));
66 }
67}
68
69std::string GOST_28147_89::name() const {
70 return m_name;
71}
72
73namespace {
74
75/*
76* Two rounds of GOST
77*/
78template <size_t R1, size_t R2>
79void GOST_ROUND2(uint32_t& N1, uint32_t& N2, const std::vector<uint32_t>& S, const secure_vector<uint32_t>& EK) {
80 const uint32_t T0 = N1 + EK[R1];
81 N2 ^= S[get_byte<3>(T0)] | S[get_byte<2>(T0) + 256] | S[get_byte<1>(T0) + 512] | S[get_byte<0>(T0) + 768];
82
83 const uint32_t T1 = N2 + EK[R2];
84 N1 ^= S[get_byte<3>(T1)] | S[get_byte<2>(T1) + 256] | S[get_byte<1>(T1) + 512] | S[get_byte<0>(T1) + 768];
85}
86
87} // namespace
88
89/*
90* GOST Encryption
91*/
92void GOST_28147_89::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const {
94
95 for(size_t i = 0; i != blocks; ++i) {
96 uint32_t N1 = load_le<uint32_t>(in, 0);
97 uint32_t N2 = load_le<uint32_t>(in, 1);
98
99 for(size_t j = 0; j != 3; ++j) {
100 GOST_ROUND2<0, 1>(N1, N2, m_SBOX, m_EK);
101 GOST_ROUND2<2, 3>(N1, N2, m_SBOX, m_EK);
102 GOST_ROUND2<4, 5>(N1, N2, m_SBOX, m_EK);
103 GOST_ROUND2<6, 7>(N1, N2, m_SBOX, m_EK);
104 }
105
106 GOST_ROUND2<7, 6>(N1, N2, m_SBOX, m_EK);
107 GOST_ROUND2<5, 4>(N1, N2, m_SBOX, m_EK);
108 GOST_ROUND2<3, 2>(N1, N2, m_SBOX, m_EK);
109 GOST_ROUND2<1, 0>(N1, N2, m_SBOX, m_EK);
110
111 store_le(out, N2, N1);
112
113 in += BLOCK_SIZE;
114 out += BLOCK_SIZE;
115 }
116}
117
118/*
119* GOST Decryption
120*/
121void GOST_28147_89::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const {
123
124 for(size_t i = 0; i != blocks; ++i) {
125 uint32_t N1 = load_le<uint32_t>(in, 0);
126 uint32_t N2 = load_le<uint32_t>(in, 1);
127
128 GOST_ROUND2<0, 1>(N1, N2, m_SBOX, m_EK);
129 GOST_ROUND2<2, 3>(N1, N2, m_SBOX, m_EK);
130 GOST_ROUND2<4, 5>(N1, N2, m_SBOX, m_EK);
131 GOST_ROUND2<6, 7>(N1, N2, m_SBOX, m_EK);
132
133 for(size_t j = 0; j != 3; ++j) {
134 GOST_ROUND2<7, 6>(N1, N2, m_SBOX, m_EK);
135 GOST_ROUND2<5, 4>(N1, N2, m_SBOX, m_EK);
136 GOST_ROUND2<3, 2>(N1, N2, m_SBOX, m_EK);
137 GOST_ROUND2<1, 0>(N1, N2, m_SBOX, m_EK);
138 }
139
140 store_le(out, N2, N1);
141 in += BLOCK_SIZE;
142 out += BLOCK_SIZE;
143 }
144}
145
147 return !m_EK.empty();
148}
149
150/*
151* GOST Key Schedule
152*/
153void GOST_28147_89::key_schedule(std::span<const uint8_t> key) {
154 m_EK.resize(8);
155 for(size_t i = 0; i != 8; ++i) {
156 m_EK[i] = load_le<uint32_t>(key.data(), i);
157 }
158}
159
161 zap(m_EK);
162}
163
164} // namespace Botan
uint8_t sbox_pair(size_t row, size_t col) const
uint8_t sbox_entry(size_t row, size_t col) const
GOST_28147_89_Params(std::string_view name="R3411_94_TestParam")
void clear() override
void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override
std::string name() const override
GOST_28147_89(const GOST_28147_89_Params &params)
bool has_keying_material() const override
void assert_key_material_set() const
Definition sym_algo.h:139
constexpr uint8_t get_byte(T input)
Definition loadstor.h:75
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:117
constexpr T rotl(T input)
Definition rotate.h:21
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:698
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:458
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61