package org.bouncycastle.crypto.engines;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.Arrays;
public class GOST3412_2015Engine
implements BlockCipher
{
private static final byte[] PI = new byte[]
{
-4, -18, -35, 17, -49, 110, 49, 22, -5, -60, -6, -38, 35, -59, 4, 77, -23, 119, -16, -37, -109, 46, -103, -70,
23, 54, -15, -69, 20, -51, 95, -63, -7, 24, 101, 90, -30, 92, -17, 33, -127, 28, 60, 66, -117, 1, -114, 79, 5,
-124, 2, -82, -29, 106, -113, -96, 6, 11, -19, -104, 127, -44, -45, 31, -21, 52, 44, 81, -22, -56, 72, -85, -14,
42, 104, -94, -3, 58, -50, -52, -75, 112, 14, 86, 8, 12, 118, 18, -65, 114, 19, 71, -100, -73, 93, -121, 21,
-95, -106, 41, 16, 123, -102, -57, -13, -111, 120, 111, -99, -98, -78, -79, 50, 117, 25, 61, -1, 53, -118, 126,
109, 84, -58, -128, -61, -67, 13, 87, -33, -11, 36, -87, 62, -88, 67, -55, -41, 121, -42, -10, 124, 34, -71,
3, -32, 15, -20, -34, 122, -108, -80, -68, -36, -24, 40, 80, 78, 51, 10, 74, -89, -105, 96, 115, 30, 0, 98, 68,
26, -72, 56, -126, 100, -97, 38, 65, -83, 69, 70, -110, 39, 94, 85, 47, -116, -93, -91, 125, 105, -43, -107,
59, 7, 88, -77, 64, -122, -84, 29, -9, 48, 55, 107, -28, -120, -39, -25, -119, -31, 27, -125, 73, 76, 63, -8,
-2, -115, 83, -86, -112, -54, -40, -123, 97, 32, 113, 103, -92, 45, 43, 9, 91, -53, -101, 37, -48, -66, -27,
108, 82, 89, -90, 116, -46, -26, -12, -76, -64, -47, 102, -81, -62, 57, 75, 99, -74
};
private static final byte[] inversePI = new byte[]{
-91, 45, 50, -113, 14, 48, 56, -64, 84, -26, -98, 57, 85, 126, 82, -111, 100, 3, 87, 90, 28, 96, 7, 24, 33, 114,
-88, -47, 41, -58, -92, 63, -32, 39, -115, 12, -126, -22, -82, -76, -102, 99, 73, -27, 66, -28, 21, -73, -56, 6,
112, -99, 65, 117, 25, -55, -86, -4, 77, -65, 42, 115, -124, -43, -61, -81, 43, -122, -89, -79, -78, 91, 70, -45,
-97, -3, -44, 15, -100, 47, -101, 67, -17, -39, 121, -74, 83, 127, -63, -16, 35, -25, 37, 94, -75, 30, -94, -33,
-90, -2, -84, 34, -7, -30, 74, -68, 53, -54, -18, 120, 5, 107, 81, -31, 89, -93, -14, 113, 86, 17, 106, -119,
-108, 101, -116, -69, 119, 60, 123, 40, -85, -46, 49, -34, -60, 95, -52, -49, 118, 44, -72, -40, 46, 54, -37,
105, -77, 20, -107, -66, 98, -95, 59, 22, 102, -23, 92, 108, 109, -83, 55, 97, 75, -71, -29, -70, -15, -96, -123,
-125, -38, 71, -59, -80, 51, -6, -106, 111, 110, -62, -10, 80, -1, 93, -87, -114, 23, 27, -105, 125, -20, 88, -9,
31, -5, 124, 9, 13, 122, 103, 69, -121, -36, -24, 79, 29, 78, 4, -21, -8, -13, 62, 61, -67, -118, -120, -35, -51,
11, 19, -104, 2, -109, -128, -112, -48, 36, 52, -53, -19, -12, -50, -103, 16, 68, 64, -110, 58, 1, 38, 18, 26,
72, 104, -11, -127, -117, -57, -42, 32, 10, 8, 0, 76, -41, 116
};
private final byte[] lFactors = {
-108, 32, -123, 16, -62, -64, 1, -5, 1, -64, -62, 16, -123, 32, -108, 1
};
protected static final int BLOCK_SIZE = 16;
private int KEY_LENGTH = 32;
private int SUB_LENGTH = KEY_LENGTH / 2;
private byte[][] subKeys = null;
private boolean forEncryption;
private byte[][] _gf_mul = init_gf256_mul_table();
private static byte[][] init_gf256_mul_table()
{
byte[][] mul_table = new byte[256][];
for (int x = 0; x < 256; x++)
{
mul_table[x] = new byte[256];
for (int y = 0; y < 256; y++)
{
mul_table[x][y] = kuz_mul_gf256_slow((byte)x, (byte)y);
}
}
return mul_table;
}
private static byte kuz_mul_gf256_slow(byte a, byte b)
{
byte p = 0;
byte counter;
byte hi_bit_set;
for (counter = 0; counter < 8 && a != 0 && b != 0; counter++)
{
if ((b & 1) != 0)
{
p ^= a;
}
hi_bit_set = (byte)(a & 0x80);
a <<= 1;
if (hi_bit_set != 0)
{
a ^= 0xc3;
}
b >>= 1;
}
return p;
}
public String getAlgorithmName()
{
return "GOST3412_2015";
}
public int getBlockSize()
{
return BLOCK_SIZE;
}
public void init(boolean forEncryption, CipherParameters params)
throws IllegalArgumentException
{
if (params instanceof KeyParameter)
{
this.forEncryption = forEncryption;
generateSubKeys(((KeyParameter)params).getKey());
}
else if (params != null)
{
throw new IllegalArgumentException("invalid parameter passed to GOST3412_2015 init - " + params.getClass().getName());
}
}
private void generateSubKeys(
byte[] userKey)
{
if (userKey.length != KEY_LENGTH)
{
throw new IllegalArgumentException("Key length invalid. Key needs to be 32 byte - 256 bit!!!");
}
subKeys = new byte[10][];
for (int i = 0; i < 10; i++)
{
subKeys[i] = new byte[SUB_LENGTH];
}
byte[] x = new byte[SUB_LENGTH];
byte[] y = new byte[SUB_LENGTH];
for (int i = 0; i < SUB_LENGTH; i++)
{
subKeys[0][i] = x[i] = userKey[i];
subKeys[1][i] = y[i] = userKey[i + SUB_LENGTH];
}
byte[] c = new byte[SUB_LENGTH];
for (int k = 1; k < 5; k++)
{
for (int j = 1; j <= 8; j++)
{
C(c, 8 * (k - 1) + j);
F(c, x, y);
}
System.arraycopy(x, 0, subKeys[2 * k], 0, SUB_LENGTH);
System.arraycopy(y, 0, subKeys[2 * k + 1], 0, SUB_LENGTH);
}
}
private void C(byte[] c, int i)
{
Arrays.clear(c);
c[15] = (byte)i;
L(c);
}
private void F(byte[] k, byte[] a1, byte[] a0)
{
byte[] temp = LSX(k, a1);
X(temp, a0);
System.arraycopy(a1, 0, a0, 0, SUB_LENGTH);
System.arraycopy(temp, 0, a1, 0, SUB_LENGTH);
}
public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
throws DataLengthException, IllegalStateException
{
if (subKeys == null)
{
throw new IllegalStateException("GOST3412_2015 engine not initialised");
}
if ((inOff + BLOCK_SIZE) > in.length)
{
throw new DataLengthException("input buffer too short");
}
if ((outOff + BLOCK_SIZE) > out.length)
{
throw new OutputLengthException("output buffer too short");
}
GOST3412_2015Func(in, inOff, out, outOff);
return BLOCK_SIZE;
}
private void GOST3412_2015Func(
byte[] in,
int inOff,
byte[] out,
int outOff)
{
byte[] block = new byte[BLOCK_SIZE];
System.arraycopy(in, inOff, block, 0, BLOCK_SIZE);
if (forEncryption)
{
for (int i = 0; i < 9; i++)
{
byte[] temp = LSX(subKeys[i], block);
block = Arrays.copyOf(temp, BLOCK_SIZE);
}
X(block, subKeys[9]);
}
else
{
for (int i = 9; i > 0; i--)
{
byte[] temp = XSL(subKeys[i], block);
block = Arrays.copyOf(temp, BLOCK_SIZE);
}
X(block, subKeys[0]);
}
System.arraycopy(block, 0, out, outOff, BLOCK_SIZE);
}
private byte[] LSX(byte[] k, byte[] a)
{
byte[] result = Arrays.copyOf(k, k.length);
X(result, a);
S(result);
L(result);
return result;
}
private byte[] XSL(byte[] k, byte[] a)
{
byte[] result = Arrays.copyOf(k, k.length);
X(result, a);
inverseL(result);
inverseS(result);
return result;
}
private void X(byte[] result, byte[] data)
{
for (int i = 0; i < result.length; i++)
{
result[i] ^= data[i];
}
}
private void S(byte[] data)
{
for (int i = 0; i < data.length; i++)
{
data[i] = PI[unsignedByte(data[i])];
}
}
private void inverseS(byte[] data)
{
for (int i = 0; i < data.length; i++)
{
data[i] = inversePI[unsignedByte(data[i])];
}
}
private int unsignedByte(byte b)
{
return b & 0xFF;
}
private void L(byte[] data)
{
for (int i = 0; i < 16; i++)
{
R(data);
}
}
private void inverseL(byte[] data)
{
for (int i = 0; i < 16; i++)
{
inverseR(data);
}
}
private void R(byte[] data)
{
byte z = l(data);
System.arraycopy(data, 0, data, 1, 15);
data[0] = z;
}
private void inverseR(byte[] data)
{
byte[] temp = new byte[16];
System.arraycopy(data, 1, temp, 0, 15);
temp[15] = data[0];
byte z = l(temp);
System.arraycopy(data, 1, data, 0, 15);
data[15] = z;
}
private byte l(byte[] data)
{
byte x = data[15];
for (int i = 14; i >= 0; i--)
{
x ^= _gf_mul[unsignedByte(data[i])][unsignedByte(lFactors[i])];
}
return x;
}
public void reset()
{
}
}