def SEQ(self, M, bitlen=None):
pad = Nullpadding(3072)
B = [
struct.unpack('>48Q', X) for X in pad.iterblocks(M, bitlen=bitlen)
]
j = len(B)
z = 0
d, keylen, L, r = self.size, self.keylen, self.L, self.rounds
V = Bits(d, 12) // Bits(keylen, 8) // Bits(0, 16) // Bits(
z, 4) // Bits(L, 8) // Bits(r, 12) // Bits(0, 4)
C = Poly(0, 64, dim=16)
W = Poly(Q, 64, dim=89) // Poly(self.K, 64)
W.dim = 89
W[24] = V
U = (self.L + 1) << 56
for i in range(j):
if i == (j - 1):
V[20:36] = pad.padcnt
V[36:40] = Bits(1, 4)
W[24] = V
W[23] = U + i
W[25:41] = C
W[41:89] = B[i]
C = self.f(W)
h = concat(list(C)[::-1])
h.size = self.size
return pack(h, '>L')
def _keysched(prekey):
keys = []
k = 8
for r in range(35,2,-1):
Kr = concat(prekey[k:k+4])
k+=4
keys.append(_S(r%8,Kr))
assert len(keys)==33
return keys
def _Linv(X):
assert X.size==128
X = X.split(32)
X[2] = ror(X[2],22)
X[0] = ror(X[0],5)
X[2] = X[2]^X[3]^(X[1]<<7)
X[0] = X[0]^X[1]^X[3]
X[3] = ror(X[3],7)
X[1] = ror(X[1],1)
X[3] = X[3]^X[2]^(X[0]<<3)
X[1] = X[1]^X[0]^X[2]
X[2] = ror(X[2],3)
X[0] = ror(X[0],13)
return concat(X)
def _Sinv(i,X):
assert 0<=i<8
assert X.size==128
boxes = [
[13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2],
[ 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0],
[12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7],
[ 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1],
[ 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1],
[ 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0],
[15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11],
[ 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2],
]
Sx = [Bits(boxes[i][x],4) for x in _IP(X).split(4)]
return _FP(concat(Sx))
def _S(i,X):
assert 0<=i<8
assert X.size==128
boxes = [
[ 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12],
[15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4],
[ 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2],
[ 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14],
[ 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13],
[15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1],
[ 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0],
[ 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6],
]
Sx = [Bits(boxes[i][x],4) for x in _IP(X).split(4)]
return _FP(concat(Sx))
def PAR(self,l,M,bitlen=None):
pad = Nullpadding(4096)
B = [struct.unpack('>64Q',X) for X in pad.iterblocks(M,bitlen=bitlen)]
j = len(B)
z = 1 if j==1 else 0
d,keylen,L,r = self.size,self.keylen,self.L,self.rounds
V = Bits(d,12)//Bits(keylen,8)//Bits(0,16)//Bits(z,4)//Bits(L,8)//Bits(r,12)//Bits(0,4)
C = []
W = Poly(Q,64)//Poly(self.K,64)
W.dim = 89
W[24] = V
for i in range(j):
if i==(j-1):
V[20:36]=pad.padcnt
W[24] = V
U = (l<<56)+i
W[23] = U
W[25:89] = B[i]
C.append(self.f(W))
Ml = concat(C)
return b''.join((pack(c,'>L') for c in Ml))
def SEQ(self,M,bitlen=None):
pad = Nullpadding(3072)
B = [struct.unpack('>48Q',X) for X in pad.iterblocks(M,bitlen=bitlen)]
j = len(B)
z = 0
d,keylen,L,r = self.size,self.keylen,self.L,self.rounds
V = Bits(d,12)//Bits(keylen,8)//Bits(0,16)//Bits(z,4)//Bits(L,8)//Bits(r,12)//Bits(0,4)
C = Poly(0,64,dim=16)
W = Poly(Q,64,dim=89)//Poly(self.K,64)
W.dim = 89
W[24] = V
U = (self.L+1)<<56
for i in range(j):
if i==(j-1):
V[20:36]=pad.padcnt
V[36:40]=Bits(1,4)
W[24] = V
W[23] = U+i
W[25:41] = C
W[41:89] = B[i]
C = self.f(W)
h = concat(list(C)[::-1])
h.size = self.size
return pack(h,'>L')
def PAR(self, l, M, bitlen=None):
pad = Nullpadding(4096)
B = [
struct.unpack('>64Q', X) for X in pad.iterblocks(M, bitlen=bitlen)
]
j = len(B)
z = 1 if j == 1 else 0
d, keylen, L, r = self.size, self.keylen, self.L, self.rounds
V = Bits(d, 12) // Bits(keylen, 8) // Bits(0, 16) // Bits(
z, 4) // Bits(L, 8) // Bits(r, 12) // Bits(0, 4)
C = []
W = Poly(Q, 64) // Poly(self.K, 64)
W.dim = 89
W[24] = V
for i in range(j):
if i == (j - 1):
V[20:36] = pad.padcnt
W[24] = V
U = (l << 56) + i
W[23] = U
W[25:89] = B[i]
C.append(self.f(W))
Ml = concat(C)
return b''.join((pack(c, '>L') for c in Ml))
def AddRoundKey(self, state, w):
state[:] = state ^ concat(w)