[PATCH 2/4] gost28147: simplify internal code

dbaryshkov at gmail.com dbaryshkov at gmail.com
Tue Nov 12 14:50:03 CET 2019


From: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

* cipher/gost28147.c (gost_val, _gost_encrypt_data): don't use gost
  context internally
* cipher/gost28147.c (gost_encrypt_block, gost_decrypt_block,
  _gcry_gost_enc_data): adapt to internal changes.

--
This saves us one memcpy in _gcry_gost_enc_data(), thus speeding up
GOST R 34.11-94.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
---
 cipher/gost28147.c | 103 ++++++++++++++++++++++-----------------------
 1 file changed, 51 insertions(+), 52 deletions(-)

diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index 1b8ab7aebfba..85d398d7b7de 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -61,40 +61,38 @@ gost_setkey (void *c, const byte *key, unsigned keylen,
 }
 
 static u32
-gost_val (GOST28147_context *ctx, u32 cm1, int subkey)
+gost_val (u32 subkey, u32 cm1, const u32 *sbox)
 {
-  cm1 += ctx->key[subkey];
-  cm1 = ctx->sbox[0*256 + ((cm1 >>  0) & 0xff)] |
-        ctx->sbox[1*256 + ((cm1 >>  8) & 0xff)] |
-        ctx->sbox[2*256 + ((cm1 >> 16) & 0xff)] |
-        ctx->sbox[3*256 + ((cm1 >> 24) & 0xff)];
+  cm1 += subkey;
+  cm1 = sbox[0*256 + ((cm1 >>  0) & 0xff)] |
+        sbox[1*256 + ((cm1 >>  8) & 0xff)] |
+        sbox[2*256 + ((cm1 >> 16) & 0xff)] |
+        sbox[3*256 + ((cm1 >> 24) & 0xff)];
   return cm1;
 }
 
 static unsigned int
-_gost_encrypt_data (void *c, u32 *o1, u32 *o2, u32 n1, u32 n2)
+_gost_encrypt_data (const u32 *sbox, const u32 *key, u32 *o1, u32 *o2, u32 n1, u32 n2)
 {
-  GOST28147_context *ctx = c;
-
-  n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
-  n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
-  n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
-  n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
-
-  n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
-  n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
-  n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
-  n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
-
-  n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
-  n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
-  n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
-  n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
-
-  n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
-  n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
-  n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
-  n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
+  n2 ^= gost_val (key[0], n1, sbox); n1 ^= gost_val (key[1], n2, sbox);
+  n2 ^= gost_val (key[2], n1, sbox); n1 ^= gost_val (key[3], n2, sbox);
+  n2 ^= gost_val (key[4], n1, sbox); n1 ^= gost_val (key[5], n2, sbox);
+  n2 ^= gost_val (key[6], n1, sbox); n1 ^= gost_val (key[7], n2, sbox);
+
+  n2 ^= gost_val (key[0], n1, sbox); n1 ^= gost_val (key[1], n2, sbox);
+  n2 ^= gost_val (key[2], n1, sbox); n1 ^= gost_val (key[3], n2, sbox);
+  n2 ^= gost_val (key[4], n1, sbox); n1 ^= gost_val (key[5], n2, sbox);
+  n2 ^= gost_val (key[6], n1, sbox); n1 ^= gost_val (key[7], n2, sbox);
+
+  n2 ^= gost_val (key[0], n1, sbox); n1 ^= gost_val (key[1], n2, sbox);
+  n2 ^= gost_val (key[2], n1, sbox); n1 ^= gost_val (key[3], n2, sbox);
+  n2 ^= gost_val (key[4], n1, sbox); n1 ^= gost_val (key[5], n2, sbox);
+  n2 ^= gost_val (key[6], n1, sbox); n1 ^= gost_val (key[7], n2, sbox);
+
+  n2 ^= gost_val (key[7], n1, sbox); n1 ^= gost_val (key[6], n2, sbox);
+  n2 ^= gost_val (key[5], n1, sbox); n1 ^= gost_val (key[4], n2, sbox);
+  n2 ^= gost_val (key[3], n1, sbox); n1 ^= gost_val (key[2], n2, sbox);
+  n2 ^= gost_val (key[1], n1, sbox); n1 ^= gost_val (key[0], n2, sbox);
 
   *o1 = n2;
   *o2 = n1;
@@ -114,7 +112,7 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
   n1 = buf_get_le32 (inbuf);
   n2 = buf_get_le32 (inbuf+4);
 
-  burn = _gost_encrypt_data(ctx, &n1, &n2, n1, n2);
+  burn = _gost_encrypt_data(ctx->sbox, ctx->key, &n1, &n2, n1, n2);
 
   buf_put_le32 (outbuf+0, n1);
   buf_put_le32 (outbuf+4, n2);
@@ -125,12 +123,12 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
 unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key,
     u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro)
 {
+  const u32 *sbox;
   if (cryptopro)
-    c->sbox = sbox_CryptoPro_3411;
+    sbox = sbox_CryptoPro_3411;
   else
-    c->sbox = sbox_test_3411;
-  memcpy (c->key, key, 8*4);
-  return _gost_encrypt_data (c, o1, o2, n1, n2) + 7 * sizeof(void *);
+    sbox = sbox_test_3411;
+  return _gost_encrypt_data (sbox, key, o1, o2, n1, n2) + 7 * sizeof(void *);
 }
 
 static unsigned int
@@ -138,29 +136,30 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
 {
   GOST28147_context *ctx = c;
   u32 n1, n2;
+  const u32 *sbox = ctx->sbox;
 
   n1 = buf_get_le32 (inbuf);
   n2 = buf_get_le32 (inbuf+4);
 
-  n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
-  n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
-  n2 ^= gost_val (ctx, n1, 4); n1 ^= gost_val (ctx, n2, 5);
-  n2 ^= gost_val (ctx, n1, 6); n1 ^= gost_val (ctx, n2, 7);
-
-  n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
-  n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
-  n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
-  n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
-
-  n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
-  n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
-  n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
-  n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
-
-  n2 ^= gost_val (ctx, n1, 7); n1 ^= gost_val (ctx, n2, 6);
-  n2 ^= gost_val (ctx, n1, 5); n1 ^= gost_val (ctx, n2, 4);
-  n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
-  n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
+  n2 ^= gost_val (ctx->key[0], n1, sbox); n1 ^= gost_val (ctx->key[1], n2, sbox);
+  n2 ^= gost_val (ctx->key[2], n1, sbox); n1 ^= gost_val (ctx->key[3], n2, sbox);
+  n2 ^= gost_val (ctx->key[4], n1, sbox); n1 ^= gost_val (ctx->key[5], n2, sbox);
+  n2 ^= gost_val (ctx->key[6], n1, sbox); n1 ^= gost_val (ctx->key[7], n2, sbox);
+
+  n2 ^= gost_val (ctx->key[7], n1, sbox); n1 ^= gost_val (ctx->key[6], n2, sbox);
+  n2 ^= gost_val (ctx->key[5], n1, sbox); n1 ^= gost_val (ctx->key[4], n2, sbox);
+  n2 ^= gost_val (ctx->key[3], n1, sbox); n1 ^= gost_val (ctx->key[2], n2, sbox);
+  n2 ^= gost_val (ctx->key[1], n1, sbox); n1 ^= gost_val (ctx->key[0], n2, sbox);
+
+  n2 ^= gost_val (ctx->key[7], n1, sbox); n1 ^= gost_val (ctx->key[6], n2, sbox);
+  n2 ^= gost_val (ctx->key[5], n1, sbox); n1 ^= gost_val (ctx->key[4], n2, sbox);
+  n2 ^= gost_val (ctx->key[3], n1, sbox); n1 ^= gost_val (ctx->key[2], n2, sbox);
+  n2 ^= gost_val (ctx->key[1], n1, sbox); n1 ^= gost_val (ctx->key[0], n2, sbox);
+
+  n2 ^= gost_val (ctx->key[7], n1, sbox); n1 ^= gost_val (ctx->key[6], n2, sbox);
+  n2 ^= gost_val (ctx->key[5], n1, sbox); n1 ^= gost_val (ctx->key[4], n2, sbox);
+  n2 ^= gost_val (ctx->key[3], n1, sbox); n1 ^= gost_val (ctx->key[2], n2, sbox);
+  n2 ^= gost_val (ctx->key[1], n1, sbox); n1 ^= gost_val (ctx->key[0], n2, sbox);
 
   buf_put_le32 (outbuf+0, n2);
   buf_put_le32 (outbuf+4, n1);
-- 
2.24.0




More information about the Gcrypt-devel mailing list