Crypto++  8.8
Free C++ class library of cryptographic schemes
shark.cpp
1 // shark.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 #include "shark.h"
5 #include "misc.h"
6 #include "modes.h"
7 #include "gf256.h"
8 
9 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
10 # pragma GCC diagnostic ignored "-Wmissing-braces"
11 #endif
12 
13 NAMESPACE_BEGIN(CryptoPP)
14 
15 static word64 SHARKTransform(word64 a)
16 {
17  static const byte iG[8][8] = {
18  {0xe7, 0x30, 0x90, 0x85, 0xd0, 0x4b, 0x91, 0x41},
19  {0x53, 0x95, 0x9b, 0xa5, 0x96, 0xbc, 0xa1, 0x68},
20  {0x02, 0x45, 0xf7, 0x65, 0x5c, 0x1f, 0xb6, 0x52},
21  {0xa2, 0xca, 0x22, 0x94, 0x44, 0x63, 0x2a, 0xa2},
22  {0xfc, 0x67, 0x8e, 0x10, 0x29, 0x75, 0x85, 0x71},
23  {0x24, 0x45, 0xa2, 0xcf, 0x2f, 0x22, 0xc1, 0x0e},
24  {0xa1, 0xf1, 0x71, 0x40, 0x91, 0x27, 0x18, 0xa5},
25  {0x56, 0xf4, 0xaf, 0x32, 0xd2, 0xa4, 0xdc, 0x71}
26  };
27 
28  word64 result=0;
29  GF256 gf256(0xf5);
30  for (unsigned int i=0; i<8; i++)
31  for(unsigned int j=0; j<8; j++)
32  result ^= word64(gf256.Multiply(iG[i][j], GF256::Element(a>>(56-8*j)))) << (56-8*i);
33  return result;
34 }
35 
36 void SHARK::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs &params)
37 {
38  AssertValidKeyLength(keyLen);
39 
40  m_rounds = GetRoundsAndThrowIfInvalid(params, this);
41  m_roundKeys.New(m_rounds+1);
42 
43  // concatenate key enough times to fill a
44  for (unsigned int i=0; i<(m_rounds+1)*8; i++)
45  ((byte *)m_roundKeys.begin())[i] = key[i%keyLen];
46 
47  SHARK::Encryption e;
48  e.InitForKeySetup();
49  byte IV[8] = {0,0,0,0,0,0,0,0};
50  CFB_Mode_ExternalCipher::Encryption cfb(e, IV);
51 
52  cfb.ProcessString((byte *)m_roundKeys.begin(), (m_rounds+1)*8);
53 
54  ConditionalByteReverse(BIG_ENDIAN_ORDER, m_roundKeys.begin(), m_roundKeys.begin(), (m_rounds+1)*8);
55 
56  m_roundKeys[m_rounds] = SHARKTransform(m_roundKeys[m_rounds]);
57 
58  if (!IsForwardTransformation())
59  {
60  unsigned int i;
61 
62  // transform encryption round keys into decryption round keys
63  for (i=0; i<m_rounds/2; i++)
64  std::swap(m_roundKeys[i], m_roundKeys[m_rounds-i]);
65 
66  for (i=1; i<m_rounds; i++)
67  m_roundKeys[i] = SHARKTransform(m_roundKeys[i]);
68  }
69 
70 #if (CRYPTOPP_LITTLE_ENDIAN)
71  m_roundKeys[0] = ByteReverse(m_roundKeys[0]);
72  m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]);
73 #endif
74 }
75 
76 // construct an SHARK_Enc object with fixed round keys, to be used to initialize actual round keys
77 void SHARK::Enc::InitForKeySetup()
78 {
79  m_rounds = DEFAULT_ROUNDS;
80  m_roundKeys.New(DEFAULT_ROUNDS+1);
81 
82  for (unsigned int i=0; i<DEFAULT_ROUNDS; i++)
83  m_roundKeys[i] = cbox[0][i];
84 
85  m_roundKeys[DEFAULT_ROUNDS] = SHARKTransform(cbox[0][DEFAULT_ROUNDS]);
86 
87 #if (CRYPTOPP_LITTLE_ENDIAN)
88  m_roundKeys[0] = ByteReverse(m_roundKeys[0]);
89  m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]);
90 #endif
91 }
92 
93 void SHARK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
94 {
95  CRYPTOPP_ASSERT(IsAlignedOn(inBlock,GetAlignmentOf<word64>()));
96  word64 tmp = *(word64 *)(void *)inBlock ^ m_roundKeys[0];
97 
98  ByteOrder order = GetNativeByteOrder();
99  tmp = cbox[0][GetByte(order, tmp, 0)] ^ cbox[1][GetByte(order, tmp, 1)]
100  ^ cbox[2][GetByte(order, tmp, 2)] ^ cbox[3][GetByte(order, tmp, 3)]
101  ^ cbox[4][GetByte(order, tmp, 4)] ^ cbox[5][GetByte(order, tmp, 5)]
102  ^ cbox[6][GetByte(order, tmp, 6)] ^ cbox[7][GetByte(order, tmp, 7)]
103  ^ m_roundKeys[1];
104 
105  for(unsigned int i=2; i<m_rounds; i++)
106  {
107  tmp = cbox[0][GETBYTE(tmp, 7)] ^ cbox[1][GETBYTE(tmp, 6)]
108  ^ cbox[2][GETBYTE(tmp, 5)] ^ cbox[3][GETBYTE(tmp, 4)]
109  ^ cbox[4][GETBYTE(tmp, 3)] ^ cbox[5][GETBYTE(tmp, 2)]
110  ^ cbox[6][GETBYTE(tmp, 1)] ^ cbox[7][GETBYTE(tmp, 0)]
111  ^ m_roundKeys[i];
112  }
113 
114  PutBlock<byte, BigEndian>(xorBlock, outBlock)
115  (sbox[GETBYTE(tmp, 7)])
116  (sbox[GETBYTE(tmp, 6)])
117  (sbox[GETBYTE(tmp, 5)])
118  (sbox[GETBYTE(tmp, 4)])
119  (sbox[GETBYTE(tmp, 3)])
120  (sbox[GETBYTE(tmp, 2)])
121  (sbox[GETBYTE(tmp, 1)])
122  (sbox[GETBYTE(tmp, 0)]);
123 
124  CRYPTOPP_ASSERT(IsAlignedOn(outBlock,GetAlignmentOf<word64>()));
125  *(word64 *)(void *)outBlock ^= m_roundKeys[m_rounds];
126 }
127 
128 void SHARK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
129 {
130  CRYPTOPP_ASSERT(IsAlignedOn(inBlock,GetAlignmentOf<word64>()));
131  word64 tmp = *(word64 *)(void *)inBlock ^ m_roundKeys[0];
132 
133  ByteOrder order = GetNativeByteOrder();
134  tmp = cbox[0][GetByte(order, tmp, 0)] ^ cbox[1][GetByte(order, tmp, 1)]
135  ^ cbox[2][GetByte(order, tmp, 2)] ^ cbox[3][GetByte(order, tmp, 3)]
136  ^ cbox[4][GetByte(order, tmp, 4)] ^ cbox[5][GetByte(order, tmp, 5)]
137  ^ cbox[6][GetByte(order, tmp, 6)] ^ cbox[7][GetByte(order, tmp, 7)]
138  ^ m_roundKeys[1];
139 
140  for(unsigned int i=2; i<m_rounds; i++)
141  {
142  tmp = cbox[0][GETBYTE(tmp, 7)] ^ cbox[1][GETBYTE(tmp, 6)]
143  ^ cbox[2][GETBYTE(tmp, 5)] ^ cbox[3][GETBYTE(tmp, 4)]
144  ^ cbox[4][GETBYTE(tmp, 3)] ^ cbox[5][GETBYTE(tmp, 2)]
145  ^ cbox[6][GETBYTE(tmp, 1)] ^ cbox[7][GETBYTE(tmp, 0)]
146  ^ m_roundKeys[i];
147  }
148 
149  PutBlock<byte, BigEndian>(xorBlock, outBlock)
150  (sbox[GETBYTE(tmp, 7)])
151  (sbox[GETBYTE(tmp, 6)])
152  (sbox[GETBYTE(tmp, 5)])
153  (sbox[GETBYTE(tmp, 4)])
154  (sbox[GETBYTE(tmp, 3)])
155  (sbox[GETBYTE(tmp, 2)])
156  (sbox[GETBYTE(tmp, 1)])
157  (sbox[GETBYTE(tmp, 0)]);
158 
159  CRYPTOPP_ASSERT(IsAlignedOn(outBlock,GetAlignmentOf<word64>()));
160  *(word64 *)(void *)outBlock ^= m_roundKeys[m_rounds];
161 }
162 
163 NAMESPACE_END
CipherModeFinalTemplate_ExternalCipher
Definition: modes.h:410
GF256
GF(256) with polynomial basis.
Definition: gf256.h:16
NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:327
PutBlock
Access a block of memory.
Definition: misc.h:3016
word64
unsigned long long word64
64-bit unsigned datatype
Definition: config_int.h:101
ByteOrder
ByteOrder
Provides the byte ordering.
Definition: cryptlib.h:148
BIG_ENDIAN_ORDER
@ BIG_ENDIAN_ORDER
byte order is big-endian
Definition: cryptlib.h:152
gf256.h
Classes and functions for schemes over GF(256)
misc.h
Utility functions for the Crypto++ library.
ByteReverse
byte ByteReverse(byte value)
Reverses bytes in a 8-bit value.
Definition: misc.h:2231
IsAlignedOn
bool IsAlignedOn(const void *ptr, unsigned int alignment)
Determines whether ptr is aligned to a minimum value.
Definition: misc.h:1436
ConditionalByteReverse
T ConditionalByteReverse(ByteOrder order, T value)
Reverses bytes in a value depending upon endianness.
Definition: misc.h:2417
GetByte
unsigned int GetByte(ByteOrder order, T value, unsigned int index)
Gets a byte from a value.
Definition: misc.h:2219
GetNativeByteOrder
ByteOrder GetNativeByteOrder()
Returns NativeByteOrder as an enumerated ByteOrder value.
Definition: misc.h:1473
modes.h
Classes for block cipher modes of operation.
CryptoPP
Crypto++ library namespace.
Name::IV
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Definition: argnames.h:21
pch.h
Precompiled header file.
swap
void swap(::SecBlock< T, A > &a, ::SecBlock< T, A > &b)
Swap two SecBlocks.
Definition: secblock.h:1289
shark.h
Classes for the SHARK block cipher.
CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68
Generated on Mon Jun 26 2023 03:35:20 for Crypto++ by doxygen 1.9.1