Gost_BS_MAA.cpp


// CryptLib Project

/* CryptLib library for RusRoute firewall and other projects of
 * Andrey A. Moiseenko / IE Moiseenko A.A. (Russia)
 * e-mail: support@maasoftware.ru, maa2002@mail.ru
 * web: http://maasoftware.ru, http://maasoftware.com, http://maasoft.ru, http://maasoft.org
 * Author's full name: Andrey Alekseevitch Moiseenko
 * (russian name: Моисеенко Андрей Алексеевич)
 */

// CryptLib/Gost_BS_MAA.cpp

/* Copyright (C) 2002-2024 Andrey A. Moiseenko (support@maasoftware.ru)
 * All rights reserved.
 *
 * This library contains the basic cryptography function,
 * prime numbers checks and generator, random number generator,
 * Mantgomery exponent, symmetric GOST and asymmetric RSA-like.
 * This file is GOST chiper implementation given from 
 * the book Bruce Schneier "Applied Cryptography" with changes of
 * Andrey A. Moiseenko (support@maasoftware.ru).
 * This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
 *
 * Copyright remains Andrey A. Moiseenko, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Andrey A. Moiseenko should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    This product includes software developed by Andrey A. Moiseenko (support@maasoftware.ru)
 *
 * THIS SOFTWARE IS PROVIDED BY ANDREY A. MOISEENKO ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include "stdafx.h"
//#include "perm.h"
#include "temp.h"

//#ifdef _WIN32
#define register
//#endif

#ifndef TOOLSLIB_LITTLE_ENDIAN
#define BIG_ENDIAN_ALGO
#define be_bswap32 my_htonl_le
#define be_bswap16 my_htons_le
#endif

/*
//#define LE_BE_TEST
#ifdef LE_BE_TEST
#define BIG_ENDIAN_ALGO
#define be_bswap32 my_htonl_le
#define be_bswap16 my_htons_le
#endif
*/

//CGostBsMaa gGostBsMaa;

void GostMain() noexcept;

// GOST
//

//typedef  unsigned   long   u4;
typedef  _dword   u4;
typedef  unsigned  char  byte;

#ifdef        alpha      //  Any  other   64-bit  machines?
typedef  unsigned  int  word32;
#else
//typedef unsigned long word32;
typedef _dword word32;
#endif

#if 0
struct gost_ctx
{
    //u4   k[8];
    //   Constant   s-boxes   --  set   up   in   gost_init().
    //
    // Брюс Шнайдер:
    // char  k87[256],k65[256],k43[256],k21[256];
    //
    // Моисеенко Андрей:
    // unsigned char  k87[256],k65[256],k43[256],k21[256];
    //

    _dword k87[256], k65[256], k43[256], k21[256];
    unsigned char StaticKey[32];

    gost_ctx() noexcept;
    ~gost_ctx();

    word32
#ifdef _WIN32
    //_fastcall
#endif
    //f(_dword x) const noexcept { return k87[x >> 24 & 255] | k65[x >> 16 & 255] | k43[x >> 8 & 255] | k21[x & 255]; }
    f(_dword x) const noexcept { return k21[x & 255] | k43[x >> 8 & 255] | k65[x >> 16 & 255] | k87[x >> 24 & 255]; }

    void gostcrypt(const _dword* key, _dword *d) const noexcept;
    void gostcrypt16(const _dword * key, _dword *d) const noexcept;
    void gostdecrypt(const _dword * key, _dword * d) const noexcept;
    void gost_enc(const _dword * key, _dword *, int) const noexcept;
    void gost_dec(const _dword * key, _dword *, int) const noexcept;
    //void  gost_key(gost_ctx *, u4 *);

    // High level functions
    void Encrypt(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt) const noexcept;
    void Decrypt(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt) const noexcept;
    void Imito(const _dword* Key, const _dword* pIn, size_t Size, _dword* ImitoValue, const _dword* Salt, const void* End) const noexcept;
};
#endif
#ifdef _WIN32
#ifndef _WIN64

/*
static word32 __declspec(naked) _fastcall // edx = x, ecx = c
    F(const gost_ctx* c, word32 x) noexcept
    {
        // return k87[x >> 24 & 255] | k65[x >> 16 & 255] | k43[x >> 8 & 255] | k21[x & 255];
    __asm
    {
        push esi
        push ebx
        push ecx
        mov esi, ecx // dword ptr[esp + 10h] // для word32 __declspec(naked) F(const gost_ctx * c, word32 x) noexcept
        mov ecx, edx // dword ptr[esp + 14h] // для word32 __declspec(naked) F(const gost_ctx * c, word32 x) noexcept
        xor ebx, ebx
        mov bl, cl
        mov eax, dword ptr[esi + 3 * 400h + 4 * ebx]
        shr ecx, 8
        mov bl, cl
        or eax, dword ptr[esi + 2 * 400h + 4 * ebx]
        shr ecx, 8
        mov bl, cl
        or eax, dword ptr[esi + 400h + 4 * ebx]
        shr ecx, 8
        mov bl, cl
        or eax, dword ptr[esi + 4 * ebx]
        pop ecx
        pop ebx
        pop esi
        ret
    }
        //return c->k87[x >> 24 & 255] | c->k65[x >> 16 & 255] | c->k43[x >> 8 & 255] | c->k21[x & 255]; 
    }
#define f(x) F(this, x)
*/
#endif
#endif
//#define FFF(n, tt) x = tt, n ^= k87[x >> 24 & 255] | k65[x >> 16 & 255] | k43[x >> 8 & 255] | k21[x & 255];

/*   Note:     encrypt  and  decrypt   expect   full   blocks—padding  blocks   is
                        caller's   responsibility.      All  bulk  encryption   is  done   in
                        ECB  node by   these  calls.      Other  modes  may  be  added  easily
                        enough.
*/
gost_ctx::gost_ctx() noexcept
{
    int   i;
#if 1
    // permutation block from Bruce Schneier "Applied Cryptography" book (possible for Sberbank)
    const byte k8[16] = { 14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7 };
    const byte k7[16] = { 15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10 };
    const byte k6[16] = { 10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8 };
    const byte k5[16] = {  7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15 };
    const byte k4[16] = {  2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9 };
    const byte k3[16] = { 12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11 };
    const byte k2[16] = {  4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1 };
    const byte k1[16] = { 13,  2,  8,  4,  6, 15, 11,  1,  10, 9,  3, 14,  5,  0, 12,  7 };
#else
    // the other permutation block, git clone https://github.com/faddistr/GOST28147.git
    const byte k8[16] = {  4,  2, 15,  5,  9,  1,  0,  8, 14,  3, 11, 12, 13,  7, 10,  6 };
    const byte k7[16] = { 12,  9, 15, 14,  8,  1,  3, 10,  2,  7,  4, 13,  6,  0, 11,  5 };
    const byte k6[16] = { 13,  8, 14, 12,  7,  3,  9, 10,  1,  5,  2,  4,  6, 15,  0, 11 };
    const byte k5[16] = { 14,  9, 11,  2,  5, 15,  7,  1,  0, 13, 12,  6, 10,  4,  3,  8 };
    const byte k4[16] = {  3, 14,  5,  9,  6,  8,  0, 13, 10, 11,  7, 12,  2,  1, 15,  4 };
    const byte k3[16] = {  8, 15,  6, 11,  1,  9, 12,  5, 13,  3,  7, 10,  0, 14,  2,  4 };
    const byte k2[16] = {  9, 11, 12,  0,  3,  6,  7,  5,  4,  8, 14, 15,  1, 10,  2, 13 };
    const byte k1[16] = { 12,  6,  5,  2, 11,  0,  9, 13,  3, 14,  7, 10, 15,  4,  1,  8 };
#endif

    for (i = 0; i < 256; i++)
    {
        k87[i] = (k8[i >> 4] << 4 | k7[i & 15]) << 24;
        k65[i] = (k6[i >> 4] << 4 | k5[i & 15]) << 16;
        k43[i] = (k4[i >> 4] << 4 | k3[i & 15]) << 8;
        k21[i] = (k2[i >> 4] << 4 | k1[i & 15]);

        k87[i] = k87[i] << 11 | k87[i] >> (32 - 11);
        k65[i] = k65[i] << 11 | k65[i] >> (32 - 11);
        k43[i] = k43[i] << 11 | k43[i] >> (32 - 11);
        k21[i] = k21[i] << 11 | k21[i] >> (32 - 11);
    }

    for (i = 0; i < 32; i++)
    {
        StaticKey[i] = i + 1;
    }
}
gost_ctx::~gost_ctx()
{
    memset(k87, 0, sizeof(k87));
    memset(k65, 0, sizeof(k65));
    memset(k43, 0, sizeof(k43));
    memset(k21, 0, sizeof(k21));
    memset(StaticKey, 0, 32);
}

/*word32 gost_ctx::f(word32 x) const noexcept
{
     //return k87[x >> 24 & 255] | k65[x >> 16 & 255] | k43[x >> 8 & 255] | k21[x & 255];
     
     //x = k87[x >> 24 & 255] | k65[x >> 16 & 255] | k43[x >> 8 & 255] | k21[x & 255];
     //   Rotate   left   11  bits
     //return  x << 11 | x >> (32 - 11);
}
*/

void gost_ctx::gostcrypt(const u4* key, word32* d) const noexcept
{
    register  word32  n1, n2;   //   As named in the GOST
    n1 = d[0];
    n2 = d[1];

    // Instead of swapping halves, swap names each round
#ifdef FFF
    register word32 x;
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[3]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[7]);
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[6]); FFF(n1, n2 + key[7]);
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[6]); FFF(n1, n2 + key[7]);
    FFF(n2, n1 + key[7]); FFF(n1, n2 + key[6]);
    FFF(n2, n1 + key[5]); FFF(n1, n2 + key[4]);
    FFF(n2, n1 + key[3]); FFF(n1, n2 + key[2]);
    FFF(n2, n1 + key[1]); FFF(n1, n2 + key[0]);
#else
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
    n2 ^= f(n1 + key[7]);  n1 ^= f(n2 + key[6]);
    n2 ^= f(n1 + key[5]);  n1 ^= f(n2 + key[4]);
    n2 ^= f(n1 + key[3]);  n1 ^= f(n2 + key[2]);
    n2 ^= f(n1 + key[1]);  n1 ^= f(n2 + key[0]);
#endif

    d[0] = n2;
    d[1] = n1;
}
void gost_ctx::gostcrypt16(const u4 * key, word32 *d) const noexcept
{
    register  word32  n1, n2;   //   As naned in the GOST
    n1 = d[0];
    n2 = d[1];

    // Instead of swapping halves, swap names each round
#ifdef FFF
    register word32 x;
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[6]); FFF(n1, n2 + key[7]);
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[6]); FFF(n1, n2 + key[7]);
#else
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
#endif

    d[0] = n2;
    d[1] = n1;
}

void gost_ctx::gostdecrypt(const u4 * key, u4 *d) const noexcept
{
    register word32 n1, n2;   // As naned in the GOST
    n1 = d[0];
    n2 = d[1];

#ifdef FFF
    register word32 x;
    FFF(n2, n1 + key[0]); FFF(n1, n2 + key[1]);
    FFF(n2, n1 + key[2]); FFF(n1, n2 + key[3]);
    FFF(n2, n1 + key[4]); FFF(n1, n2 + key[5]);
    FFF(n2, n1 + key[6]); FFF(n1, n2 + key[7]);
    FFF(n2, n1 + key[7]); FFF(n1, n2 + key[6]);
    FFF(n2, n1 + key[5]); FFF(n1, n2 + key[4]);
    FFF(n2, n1 + key[3]); FFF(n1, n2 + key[2]);
    FFF(n2, n1 + key[1]); FFF(n1, n2 + key[0]);
    FFF(n2, n1 + key[7]); FFF(n1, n2 + key[6]);
    FFF(n2, n1 + key[5]); FFF(n1, n2 + key[4]);
    FFF(n2, n1 + key[3]); FFF(n1, n2 + key[2]);
    FFF(n2, n1 + key[1]); FFF(n1, n2 + key[0]);
    FFF(n2, n1 + key[7]); FFF(n1, n2 + key[6]);
    FFF(n2, n1 + key[5]); FFF(n1, n2 + key[4]);
    FFF(n2, n1 + key[3]); FFF(n1, n2 + key[2]);
    FFF(n2, n1 + key[1]); FFF(n1, n2 + key[0]);
#else
    n2 ^= f(n1 + key[0]);  n1 ^= f(n2 + key[1]);
    n2 ^= f(n1 + key[2]);  n1 ^= f(n2 + key[3]);
    n2 ^= f(n1 + key[4]);  n1 ^= f(n2 + key[5]);
    n2 ^= f(n1 + key[6]);  n1 ^= f(n2 + key[7]);
    n2 ^= f(n1 + key[7]);  n1 ^= f(n2 + key[6]);
    n2 ^= f(n1 + key[5]);  n1 ^= f(n2 + key[4]);
    n2 ^= f(n1 + key[3]);  n1 ^= f(n2 + key[2]);
    n2 ^= f(n1 + key[1]);  n1 ^= f(n2 + key[0]);
    n2 ^= f(n1 + key[7]);  n1 ^= f(n2 + key[6]);
    n2 ^= f(n1 + key[5]);  n1 ^= f(n2 + key[4]);
    n2 ^= f(n1 + key[3]);  n1 ^= f(n2 + key[2]);
    n2 ^= f(n1 + key[1]);  n1 ^= f(n2 + key[0]);
    n2 ^= f(n1 + key[7]);  n1 ^= f(n2 + key[6]);
    n2 ^= f(n1 + key[5]);  n1 ^= f(n2 + key[4]);
    n2 ^= f(n1 + key[3]);  n1 ^= f(n2 + key[2]);
    n2 ^= f(n1 + key[1]);  n1 ^= f(n2 + key[0]);
#endif

    d[0] = n2;
    d[1] = n1;
}

void gost_ctx::gost_enc(const u4 * key, u4 *d, int blocks) const noexcept
{
    int i;
    for (i=0; i < blocks; i++)
    {
        gostcrypt(key, d);
        d+=2;
    }
}

void gost_ctx::gost_dec(const u4 * key, u4 *d, int blocks) const noexcept
{
    int i;
    for (i=0; i < blocks; i++)
    {
        gostdecrypt(key, d);
        d+=2;
    }
}

// high level Encrypt function // gamma with feedack
// Key - 32 bytes, Salt - 8 bytes, OutSalt - 8 bytes, Size in bytes
void gost_ctx::Encrypt(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt) const noexcept
{
    Key = Key ? Key : (const _dword*)StaticKey;
#ifdef BIG_ENDIAN_ALGO
    _dword hKey[8];
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = be_bswap32(Key[j]);
    }
    Key = hKey;
#endif
    pOut = pOut ? pOut : (_dword*)pIn;
#ifdef BIG_ENDIAN_ALGO
    _dword n12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
#else
    _dword n12[2] = { Salt[0], Salt[1] };
#endif

    for (size_t i = (Size >> 3); i--; )
    {
        gostcrypt(Key, n12);
        
#ifdef BIG_ENDIAN_ALGO
        *pOut++ = be_bswap32(n12[0] ^= be_bswap32(*pIn++));
        *pOut++ = be_bswap32(n12[1] ^= be_bswap32(*pIn++));
#else
        *pOut++ = (n12[0] ^= *pIn++);
        *pOut++ = (n12[1] ^= *pIn++);
#endif
    }
    if  (Size & 7)
    {
        _dword t[2] = { 0, 0 };
        memcpy(t, pIn, Size & 7);
        gostcrypt(Key, n12);
#ifdef BIG_ENDIAN_ALGO
        n12[0] ^= be_bswap32(t[0]);
        n12[1] ^= be_bswap32(t[1]);
#else
        n12[0] ^= t[0];
        n12[1] ^= t[1];
#endif
        memcpy(pOut, n12, Size & 7);
        t[1] = t[0] = 0;
    }
    if  (OutSalt)
    {
#ifdef BIG_ENDIAN_ALGO
        OutSalt[0] = be_bswap32(n12[0]);
        OutSalt[1] = be_bswap32(n12[1]);
#else
        OutSalt[0] = n12[0];
        OutSalt[1] = n12[1];
#endif
    }
#ifdef BIG_ENDIAN_ALGO
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = 0;
    }
#endif
}

// DecryptXX.OutSalt == EncryptXX.OutSalt <== if (Size % 8 == 0)

// high level Decrypt function // gamma with feedack
// Key - 32 bytes, Salt - 8 bytes, OutSalt - 8 bytes, Size in bytes
void gost_ctx::Decrypt(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt) const noexcept
{
    Key = Key ? Key : (const _dword*)StaticKey;
#ifdef BIG_ENDIAN_ALGO
    _dword hKey[8];
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = be_bswap32(Key[j]);
    }
    Key = hKey;
#endif
    pOut = pOut ? pOut : (_dword*)pIn;
#ifdef BIG_ENDIAN_ALGO
    _dword n12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
#else
    _dword n12[2] = { Salt[0], Salt[1] };
#endif
    _dword N12[2];

    for (size_t i = (Size >> 3); i--; )
    {
        gostcrypt((u4*)Key, (word32*)n12);
        
#ifdef BIG_ENDIAN_ALGO
        *pOut++ = be_bswap32(n12[0] ^ (N12[0] = be_bswap32(*pIn++)));
        *pOut++ = be_bswap32(n12[1] ^ (N12[1] = be_bswap32(*pIn++)));
#else
        *pOut++ = n12[0] ^ (N12[0] = *pIn++);
        *pOut++ = n12[1] ^ (N12[1] = *pIn++);
#endif

        n12[0] = N12[0];
        n12[1] = N12[1];
    }
    if  (Size & 7)
    {
        _dword t[2] = { 0, 0 };
        memcpy(t, pIn, Size & 7);
        gostcrypt((u4*)Key, (word32*)n12);
#ifdef BIG_ENDIAN_ALGO
        t[0] = be_bswap32(n12[0] ^ (N12[0] = be_bswap32(t[0])));
        t[1] = be_bswap32(n12[1] ^ (N12[1] = be_bswap32(t[1])));
#else
        t[0] = n12[0] ^ (N12[0] = t[0]);
        t[1] = n12[1] ^ (N12[1] = t[1]);
#endif
        n12[0] = N12[0];
        n12[1] = N12[1];
        memcpy(pOut, t, Size & 7);
        t[1] = t[0] = 0;
    }
    if  (OutSalt)
    {
#ifdef BIG_ENDIAN_ALGO
        OutSalt[0] = be_bswap32(n12[0]);
        OutSalt[1] = be_bswap32(n12[1]);
#else
        OutSalt[0] = n12[0];
        OutSalt[1] = n12[1];
#endif
    }
#ifdef BIG_ENDIAN_ALGO
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = 0;
    }
#endif
}

// high level Imito function
void gost_ctx::Imito(const _dword* Key, const _dword* pIn, size_t Size, _dword* ImitoValue, const _dword* Salt, const _dword* End) const noexcept
{
    Key = Key ? Key : (const _dword*)StaticKey;
#ifdef BIG_ENDIAN_ALGO
    _dword hKey[8];
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = be_bswap32(Key[j]);
    }
    Key = hKey;
#endif
    _dword n12[2], t[2];
    if  (Salt)
    {
#ifdef BIG_ENDIAN_ALGO
        n12[0] = be_bswap32(Salt[0]);
        n12[1] = be_bswap32(Salt[1]);
#else
        n12[0] = Salt[0];
        n12[1] = Salt[1];
#endif
    }
    else
    {
        n12[1] = n12[0] = 0;
    }

    for (size_t i = (Size >> 3); i--; )
    {
#ifdef BIG_ENDIAN_ALGO
        n12[0] ^= be_bswap32(*pIn++);
        n12[1] ^= be_bswap32(*pIn++);
#else
        n12[0] ^= *pIn++;
        n12[1] ^= *pIn++;
#endif
        gostcrypt16(Key, n12);
    }
    if  (Size & 7)
    {
        if  (End)
        {
            t[0] = End[0];
            t[1] = End[1];
        }
        else
        {
            t[0] = t[1] = 0;
        }
        memcpy(t, pIn, Size & 7);
#ifdef BIG_ENDIAN_ALGO
        n12[0] ^= be_bswap32(t[0]);
        n12[1] ^= be_bswap32(t[1]);
#else
        n12[0] ^= t[0];
        n12[1] ^= t[1];
#endif
        gostcrypt16(Key, n12);
        t[0] = t[1] = 0;
    }
#ifdef BIG_ENDIAN_ALGO
    ImitoValue[0] = be_bswap32(n12[0]);
    ImitoValue[1] = be_bswap32(n12[1]);
#else
    ImitoValue[0] = n12[0];
    ImitoValue[1] = n12[1];
#endif
#ifdef BIG_ENDIAN_ALGO
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = 0;
    }
#endif
}

// high level Encrypt function // gamma with feedack
// Key - 32 bytes, Salt - 8 bytes, OutSalt - 8 bytes, Size in bytes
void gost_ctx::EncryptImito(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt, _dword* ImitoValue, const _dword* End) const noexcept
{
    Key = Key ? Key : (const _dword*)StaticKey;
#ifdef BIG_ENDIAN_ALGO
    _dword hKey[8];
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = be_bswap32(Key[j]);
    }
    Key = hKey;
#endif
    pOut = pOut ? pOut : (_dword*)pIn;
#ifdef BIG_ENDIAN_ALGO
    _dword n12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
    _dword i12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
#else
    _dword n12[2] = { Salt[0], Salt[1] };
    _dword i12[2] = { Salt[0], Salt[1] };
#endif

    for (size_t i = (Size >> 3); i--; )
    {
#ifdef BIG_ENDIAN_ALGO
        i12[0] ^= be_bswap32(pIn[0]);
        i12[1] ^= be_bswap32(pIn[1]);
#else
        i12[0] ^= pIn[0];
        i12[1] ^= pIn[1];
#endif
        gostcrypt16(Key, i12);
        gostcrypt(Key, n12);
#ifdef BIG_ENDIAN_ALGO
        *pOut++ = be_bswap32(n12[0] ^= be_bswap32(*pIn++));
        *pOut++ = be_bswap32(n12[1] ^= be_bswap32(*pIn++));
#else
        *pOut++ = (n12[0] ^= *pIn++);
        *pOut++ = (n12[1] ^= *pIn++);
#endif
    }
    if (Size & 7)
    {
        _dword t[2];
        if (End)
        {
            //memcpy(t, End, sizeof(t));
            t[0] = End[0];
            t[1] = End[1];
        }
        else
        {
            t[1] = t[0] = 0;
        }
        memcpy(t, pIn, Size & 7);
#ifdef BIG_ENDIAN_ALGO
        i12[0] ^= be_bswap32(t[0]);
        i12[1] ^= be_bswap32(t[1]);
#else
        i12[0] ^= t[0];
        i12[1] ^= t[1];
#endif
        gostcrypt16(Key, i12);
        //-----------------------
        t[1] = t[0] = 0;
        memcpy(t, pIn, Size & 7);
        gostcrypt(Key, n12);
#ifdef BIG_ENDIAN_ALGO
        n12[0] ^= be_bswap32(t[0]);
        n12[1] ^= be_bswap32(t[1]);
#else
        n12[0] ^= t[0];
        n12[1] ^= t[1];
#endif
        memcpy(pOut, n12, Size & 7);
        t[1] = t[0] = 0;
    }
#ifdef BIG_ENDIAN_ALGO
    ImitoValue[0] = be_bswap32(i12[0]);
    ImitoValue[1] = be_bswap32(i12[1]);
    if (OutSalt)
    {
        OutSalt[0] = be_bswap32(n12[0]);
        OutSalt[1] = be_bswap32(n12[1]);
    }
#else
    ImitoValue[0] = i12[0];
    ImitoValue[1] = i12[1];
    if (OutSalt)
    {
        OutSalt[0] = n12[0];
        OutSalt[1] = n12[1];
    }
#endif
#ifdef BIG_ENDIAN_ALGO
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = 0;
    }
#endif
}

// DecryptXX.OutSalt == EncryptXX.OutSalt <== if (Size % 8 == 0)

void gost_ctx::DecryptImito(const _dword* Key, const _dword* pIn, size_t Size, const _dword* Salt, _dword* pOut, _dword* OutSalt, _dword* ImitoValue, const _dword* End) const noexcept
{
    Key = Key ? Key : (const _dword*)StaticKey;
#ifdef BIG_ENDIAN_ALGO
    _dword hKey[8];
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = be_bswap32(Key[j]);
    }
    Key = hKey;
#endif
    pOut = pOut ? pOut : (_dword*)pIn;
#ifdef BIG_ENDIAN_ALGO
    _dword n12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
    _dword i12[2] = { be_bswap32(Salt[0]), be_bswap32(Salt[1]) };
#else
    _dword n12[2] = { Salt[0], Salt[1] };
    _dword i12[2] = { Salt[0], Salt[1] };
#endif
    _dword N12[2];

    for (size_t i = (Size >> 3); i--; )
    {
        gostcrypt((u4*)Key, (word32*)n12);

#ifdef BIG_ENDIAN_ALGO
        pOut[0] = be_bswap32(n12[0] ^ (N12[0] = be_bswap32(*pIn++)));
        pOut[1] = be_bswap32(n12[1] ^ (N12[1] = be_bswap32(*pIn++)));
#else
        pOut[0] = n12[0] ^ (N12[0] = *pIn++);
        pOut[1] = n12[1] ^ (N12[1] = *pIn++);
#endif

        n12[0] = N12[0];
        n12[1] = N12[1];

#ifdef BIG_ENDIAN_ALGO
        i12[0] ^= be_bswap32(*pOut++);
        i12[1] ^= be_bswap32(*pOut++);
#else
        i12[0] ^= *pOut++;
        i12[1] ^= *pOut++;
#endif
        gostcrypt16(Key, i12);
    }
    if (Size & 7)
    {
        _dword t[2] = { 0, 0 };
        memcpy(t, pIn, Size & 7);
        gostcrypt((u4*)Key, (word32*)n12);
#ifdef BIG_ENDIAN_ALGO
        t[0] = be_bswap32(n12[0] ^ (N12[0] = be_bswap32(t[0])));
        t[1] = be_bswap32(n12[1] ^ (N12[1] = be_bswap32(t[1])));
#else
        t[0] = n12[0] ^ (N12[0] = t[0]);
        t[1] = n12[1] ^ (N12[1] = t[1]);
#endif
        n12[0] = N12[0];
        n12[1] = N12[1];
        memcpy(pOut, t, Size & 7);
        //-----------------------
        if (End)
        {
            //memcpy(t, End, sizeof(t));
            t[0] = End[0];
            t[1] = End[1];
        }
        else
        {
            t[1] = t[0] = 0;
        }
        memcpy(t, pOut, Size & 7);
#ifdef BIG_ENDIAN_ALGO
        i12[0] ^= be_bswap32(t[0]);
        i12[1] ^= be_bswap32(t[1]);
#else
        i12[0] ^= t[0];
        i12[1] ^= t[1];
#endif
        gostcrypt16(Key, i12);
        t[1] = t[0] = 0;
    }
#ifdef BIG_ENDIAN_ALGO
    ImitoValue[0] = be_bswap32(i12[0]);
    ImitoValue[1] = be_bswap32(i12[1]);
    if (OutSalt)
    {
        OutSalt[0] = be_bswap32(n12[0]);
        OutSalt[1] = be_bswap32(n12[1]);
    }
#else
    ImitoValue[0] = i12[0];
    ImitoValue[1] = i12[1];
    if (OutSalt)
    {
        OutSalt[0] = n12[0];
        OutSalt[1] = n12[1];
    }
#endif
#ifdef BIG_ENDIAN_ALGO
    for (int j = 0; j < 8; j++)
    {
        hKey[j] = 0;
    }
#endif
}


/*
void  gost_key(gost_ctx   *c,   u4   *k)
{
        int  i;
        for(i=0;i<8;i++)  c->k[i]=k[i];
}
*/

/*
void  gost_init(gost_ctx *c)
{
        kboxinit(c);
}
*/

/*
void gost_destroy(gost_ctx *c)
{
        //memset(c->k, 0, 32);
        memset(c->StaticKey, 0, 32);
}
*/

CGostBsMaa::CGostBsMaa() noexcept
{
    /*
    m_gc = TL_NEW gost_ctx;
    if   (!m_gc)
    {
        throw 1;
    }
    */
    ////gost_init(m_gc);
}

CGostBsMaa::~CGostBsMaa()
{
    ////gost_destroy(m_gc);
    //delete m_gc;
}
#ifdef _WIN32
#ifndef _WIN64

#ifdef f
#undef f
#endif

#endif
#endif
/*
-------------------------------------------------------------------------------------------------------
    Need opt like https://www.securitylab.ru/analytics/480357.php  07:21 / 25 Марта, 2016
-------------------------------------------------------------------------------------------------------
https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/
-------------------------------------------------------------------------------------------------------
Скоростное поточное шифрование. 08:59 / 24 Января, 2013 https://www.securitylab.ru/analytics/436620.php

Основной цикл шифрования на SSE в восемь потоков.
SSE0, SSE1, SSE6, SSE7 содержат поочередно накопители1 и накопители2 (восемь накопителей по 4 байта каждый)
Сначала готовятся индексные регистры для работы коммутатора
Пример кода не оптимизирован по быстродействию, но максимально удобен для понимания.
Ключи шифрования находятся в ОП, но можно и загружать в неиспользуемые регистры процессора (MMX).

Use64

 macro zxmm kl
 {
 ;/////подготовка блока замен 1 накопитель
 vpsrlq xmm3,xmm5,4;
 pand xmm5,[esp+080h]; технологическая маска выделения младших тетрад
 pand xmm3,[esp+080h]; технологическая маска выделения младших тетрад
 ;/////замена 1-2байт -м.т. 3-4байт с.т.
 vpblendw xmm2,xmm3,xmm5,055h;
 ;/////замена 1-2байт - с.т. 3-4байт м.т.
 pblendw xmm5,xmm3,0aah;
 ;/////////блок замен 1-2 байты - 1 накопитель
 vpshufb xmm15,xmm8,xmm2;
 pand xmm15,[esp];
 vpshufb xmm14,xmm9,xmm2;
 pand xmm14,[esp+20h];
 por xmm14,xmm15;
 ;/////////блок замен 3-4 байты - 1 накопитель
 vpshufb xmm12,xmm10,xmm5;
 pand xmm12,[esp+40h];
 por xmm12,xmm14;
 vpshufb xmm13,xmm11,xmm5;
 pand xmm13,[esp+60h];
 ;/////подготовка блока замен -2 накопитель
 vpsrlq xmm3,xmm4,4;
 pand xmm4,[esp+80h];
 pand xmm3,[esp+080h];
 ;/////замена 1-2байт -м.т. 3-4байт с.т.
 vpblendw xmm2,xmm3,xmm4,055h;
 ;/////замена 1-2байт - с.т. 3-4байт м.т.
 pblendw xmm4,xmm3,0aah;
 ;/////////блок замен 1-2 байты - 2 накопитель
 vpshufb xmm14,xmm8,xmm2;
 pand xmm14,[esp];
 vpshufb xmm15,xmm9,xmm2;
 pand xmm15,[esp+20h];
 por xmm14,xmm15;
 ;/////////блок замен 3-4 байты - 2 накопитель
 vpshufb xmm3,xmm10,xmm4;
 pand xmm3,[esp+40h];
 por xmm14,xmm3;
 vpshufb xmm15,xmm11,xmm4;
 pand xmm15,[esp+60h];
 }

 ;///////////////////////////////тестовый модуль 1 проход


 macro c1 kl;
 {
 zxmm kl;
 ;/////циклический сдвиг на 11 влево - 1 накопитель
 por xmm13,xmm12;
 vpslld xmm12,xmm13,11;
 psrld xmm13,21;
 xorps xmm7,xmm12;
 xorps xmm7,xmm13; суммирование заполнение1 1 накопитель
 vpaddd xmm5,xmm7,[esp+100h+kl*32]; сложить заполнение с ключом
 ;/////циклический сдвиг на 11 влево - 2 накопитель
 por xmm15,xmm14;
 vpslld xmm14,xmm15,11;
 psrld xmm15,21;
 xorps xmm1,xmm14;
 xorps xmm1,xmm15; суммирование заполнение1 2 накопитель
 vpaddd xmm4,xmm1,[esp+120h+kl*32]; сложить заполнение с ключом
 }

 ;///////////////////////////////тестовый модуль 2 проход
 macro c2 kl;
 {
 zxmm kl;
 ;/////циклический сдвиг на 11 влево - 1 накопитель
 por xmm13,xmm12;
 vpslld xmm12,xmm13,11;
 psrld xmm13,21;
 xorps xmm6,xmm12;
 xorps xmm6,xmm13; суммирование заполнение 0 1 накопитель
 vpaddd xmm5,xmm6,[esp+100h+kl*32]; сложить заполнение с ключом
 ;/////циклический сдвиг на 11 влево - 2 накопитель
 por xmm15,xmm14;
 vpslld xmm14,xmm15,11;
 psrld xmm15,21;
 xorps xmm0,xmm14;
 xorps xmm0,xmm15; суммирование заполнение 0 2 накопитель
 vpaddd xmm4,xmm0,[esp+120h+kl*32]; сложить заполнение с ключом
 }

-------------------------------------------------------------------------------------------------------
    Need opt like https://www.securitylab.ru/analytics/480357.php  07:21 / 25 Марта, 2016
    Skylake: регистры УММ

Для перехода на регистры УММ пришлось в ассемблерном коде изменить только тип регистров, для чего поменять в названиях регистров букву «Х» на букву «У».
После чего скорость преобразования увеличилась вдвое автоматически.
Но вдвое, это существенно меньше, чем заветные 1гбайт/сек., потому пришлось еще «немного» оптимизировать алгоритм. Теперь он выглядит для одного вычислительного потока так (всего потоков два):

     ;ymm12-ymm15 - регистры хранения блоков замен
     ; ymm11 - маска сборки байт
     ; ymm5 - маска старших тетрад
     ; ymm0,ymm1 -  регистры чередующихся накопителей первого потока
     ; ymm2-ymm4 -  регистры промежуточных вычислений первого потока

     ;/////подготовка блока замен

      vpsrlw ymm2,ymm0,4;                старшие тетрады в младшие
       vpand ymm2,ymm2,ymm5;             сбросить старшие тетрады
        vpand ymm0,ymm0,ymm5;            сбросить старшие тетрады

     ;////////////////совместить выборку актуальных тетрад

     vpblendw ymm3,ymm0,ymm2,0aah;    замена 1-2байт м.тетрады и 3-4байт с.тетрады
      vpblendw ymm0,ymm0,ymm2,055h;   замена 1-2байт с.тетрады и 3-4байт м.тетрады

     ;////////////блок замен

      vpshufb ymm4,ymm12,ymm3;