Crypto++
shark.cpp
1 // shark.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 #include "shark.h"
5 #include "misc.h"
6 #include "modes.h"
7 #include "gf256.h"
8 
9 NAMESPACE_BEGIN(CryptoPP)
10 
11 static word64 SHARKTransform(word64 a)
12 {
13  static const byte iG[8][8] = {
14  0xe7, 0x30, 0x90, 0x85, 0xd0, 0x4b, 0x91, 0x41,
15  0x53, 0x95, 0x9b, 0xa5, 0x96, 0xbc, 0xa1, 0x68,
16  0x02, 0x45, 0xf7, 0x65, 0x5c, 0x1f, 0xb6, 0x52,
17  0xa2, 0xca, 0x22, 0x94, 0x44, 0x63, 0x2a, 0xa2,
18  0xfc, 0x67, 0x8e, 0x10, 0x29, 0x75, 0x85, 0x71,
19  0x24, 0x45, 0xa2, 0xcf, 0x2f, 0x22, 0xc1, 0x0e,
20  0xa1, 0xf1, 0x71, 0x40, 0x91, 0x27, 0x18, 0xa5,
21  0x56, 0xf4, 0xaf, 0x32, 0xd2, 0xa4, 0xdc, 0x71,
22  };
23 
24  word64 result=0;
25  GF256 gf256(0xf5);
26  for (unsigned int i=0; i<8; i++)
27  for(unsigned int j=0; j<8; j++)
28  result ^= word64(gf256.Multiply(iG[i][j], GF256::Element(a>>(56-8*j)))) << (56-8*i);
29  return result;
30 }
31 
32 void SHARK::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const NameValuePairs &params)
33 {
34  AssertValidKeyLength(keyLen);
35 
36  m_rounds = GetRoundsAndThrowIfInvalid(params, this);
37  m_roundKeys.New(m_rounds+1);
38 
39  // concatenate key enought times to fill a
40  for (unsigned int i=0; i<(m_rounds+1)*8; i++)
41  ((byte *)m_roundKeys.begin())[i] = key[i%keyLen];
42 
44  e.InitForKeySetup();
45  byte IV[8] = {0,0,0,0,0,0,0,0};
47 
48  cfb.ProcessString((byte *)m_roundKeys.begin(), (m_rounds+1)*8);
49 
50  ConditionalByteReverse(BIG_ENDIAN_ORDER, m_roundKeys.begin(), m_roundKeys.begin(), (m_rounds+1)*8);
51 
52  m_roundKeys[m_rounds] = SHARKTransform(m_roundKeys[m_rounds]);
53 
54  if (!IsForwardTransformation())
55  {
56  unsigned int i;
57 
58  // transform encryption round keys into decryption round keys
59  for (i=0; i<m_rounds/2; i++)
60  std::swap(m_roundKeys[i], m_roundKeys[m_rounds-i]);
61 
62  for (i=1; i<m_rounds; i++)
63  m_roundKeys[i] = SHARKTransform(m_roundKeys[i]);
64  }
65 
66 #ifdef IS_LITTLE_ENDIAN
67  m_roundKeys[0] = ByteReverse(m_roundKeys[0]);
68  m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]);
69 #endif
70 }
71 
72 // construct an SHARK_Enc object with fixed round keys, to be used to initialize actual round keys
73 void SHARK::Enc::InitForKeySetup()
74 {
75  m_rounds = DEFAULT_ROUNDS;
76  m_roundKeys.New(DEFAULT_ROUNDS+1);
77 
78  for (unsigned int i=0; i<DEFAULT_ROUNDS; i++)
79  m_roundKeys[i] = cbox[0][i];
80 
81  m_roundKeys[DEFAULT_ROUNDS] = SHARKTransform(cbox[0][DEFAULT_ROUNDS]);
82 
83 #ifdef IS_LITTLE_ENDIAN
84  m_roundKeys[0] = ByteReverse(m_roundKeys[0]);
85  m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]);
86 #endif
87 }
88 
89 typedef word64 ArrayOf256Word64s[256];
90 
91 template <const byte *sbox, const ArrayOf256Word64s *cbox>
92 struct SharkProcessAndXorBlock{ // VC60 workaround: problem with template functions
93 inline SharkProcessAndXorBlock(const word64 *roundKeys, unsigned int rounds, const byte *inBlock, const byte *xorBlock, byte *outBlock)
94 {
95  word64 tmp = *(word64 *)inBlock ^ roundKeys[0];
96 
97  ByteOrder order = GetNativeByteOrder();
98  tmp = cbox[0][GetByte(order, tmp, 0)] ^ cbox[1][GetByte(order, tmp, 1)]
99  ^ cbox[2][GetByte(order, tmp, 2)] ^ cbox[3][GetByte(order, tmp, 3)]
100  ^ cbox[4][GetByte(order, tmp, 4)] ^ cbox[5][GetByte(order, tmp, 5)]
101  ^ cbox[6][GetByte(order, tmp, 6)] ^ cbox[7][GetByte(order, tmp, 7)]
102  ^ roundKeys[1];
103 
104  for(unsigned int i=2; i<rounds; i++)
105  {
106  tmp = cbox[0][GETBYTE(tmp, 7)] ^ cbox[1][GETBYTE(tmp, 6)]
107  ^ cbox[2][GETBYTE(tmp, 5)] ^ cbox[3][GETBYTE(tmp, 4)]
108  ^ cbox[4][GETBYTE(tmp, 3)] ^ cbox[5][GETBYTE(tmp, 2)]
109  ^ cbox[6][GETBYTE(tmp, 1)] ^ cbox[7][GETBYTE(tmp, 0)]
110  ^ roundKeys[i];
111  }
112 
113  PutBlock<byte, BigEndian>(xorBlock, outBlock)
114  (sbox[GETBYTE(tmp, 7)])
115  (sbox[GETBYTE(tmp, 6)])
116  (sbox[GETBYTE(tmp, 5)])
117  (sbox[GETBYTE(tmp, 4)])
118  (sbox[GETBYTE(tmp, 3)])
119  (sbox[GETBYTE(tmp, 2)])
120  (sbox[GETBYTE(tmp, 1)])
121  (sbox[GETBYTE(tmp, 0)]);
122 
123  *(word64 *)outBlock ^= roundKeys[rounds];
124 }};
125 
126 void SHARK::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
127 {
128  SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock);
129 }
130 
131 void SHARK::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
132 {
133  SharkProcessAndXorBlock<sbox, cbox>(m_roundKeys, m_rounds, inBlock, xorBlock, outBlock);
134 }
135 
136 NAMESPACE_END
GF(256) with polynomial basis.
Definition: gf256.h:9
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Definition: argnames.h:16
interface for retrieving values given their names
Definition: cryptlib.h:225