gost_kuznyechik 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9acd134bce781a159a6702613170b746ef341d98
+  data.tar.gz: 25166fd7f79c1a9fa783750830e4fbc55df37610
+SHA512:
+  metadata.gz: 87bfbf4b5d60966a38ee6f1c09705b7485aa6f1929067cc224ef221919a92fe5fc7b890bbb9a94bc9e015f35a4fe823430e5065504479bd03c08d9246bec5bfd
+  data.tar.gz: f00685df931f39e65b18b8977ccbdaf0e9a098a0a9a5a3235e555f5d8ac7d92a50bbda79e5e484941fa7dc8741f7125b07f9a74f18afe4f383d2aaae8d7635bd

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.4.5
+before_install: gem install bundler -v 2.0.1

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in gost_kuznyechik.gemspec
+gemspec
+
+gem 'minitest-reporters', '1.2.0'

data/Gemfile.lock

@@ -0,0 +1,31 @@
+PATH
+  remote: .
+  specs:
+    gost_kuznyechik (0.1.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ansi (1.5.0)
+    builder (3.2.3)
+    minitest (5.11.3)
+    minitest-reporters (1.2.0)
+      ansi
+      builder
+      minitest (>= 5.0)
+      ruby-progressbar
+    rake (10.5.0)
+    ruby-progressbar (1.10.0)
+
+PLATFORMS
+  x64-mingw32
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  gost_kuznyechik!
+  minitest (~> 5.0)
+  minitest-reporters (= 1.2.0)
+  rake (~> 10.0)
+
+BUNDLED WITH
+   2.0.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 vblazhnov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,167 @@
+# GostKuznyechik
+
+GOST R 34.12/13-2015 (Kuznyechik) block cipher algorithms for ECB, CBC, CTR, OFB, CFB, OMAC, CTR-ACPKM, OMAC-ACPKM modes and key export/import algorithms.
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'gost_kuznyechik'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install gost_kuznyechik
+
+## Usage
+
+```ruby
+require 'gost_kuznyechik'
+include GostKuznyechik
+
+BlockSize = Kuznyechik::BlockLengthInBytes
+
+# GOST R 34.13-2015 Kuznyechik test data
+SelfTestGostKMasterKeyData = [ 
+  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 
+	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+  0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 
+	0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
+].pack('C*').freeze
+
+SelfTestGostKPlainText = [ 
+  0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 
+	0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
+  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a,
+  0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 
+	0x99, 0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x00,
+  0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 
+	0xaa, 0xbb, 0xcc, 0xee, 0xff, 0x0a, 0x00, 0x11
+].pack('C*').freeze
+
+key = SelfTestGostKMasterKeyData
+plain_text = SelfTestGostKPlainText
+
+# ECB mode
+SelfTestGostKEcbEncText = [
+  0x7f, 0x67, 0x9d, 0x90, 0xbe, 0xbc, 0x24, 0x30, 
+	0x5a, 0x46, 0x8d, 0x42, 0xb9, 0xd4, 0xed, 0xcd,
+  0xb4, 0x29, 0x91, 0x2c, 0x6e, 0x00, 0x32, 0xf9, 
+	0x28, 0x54, 0x52, 0xd7, 0x67, 0x18, 0xd0, 0x8b,
+  0xf0, 0xca, 0x33, 0x54, 0x9d, 0x24, 0x7c, 0xee, 
+	0xf3, 0xf5, 0xa5, 0x31, 0x3b, 0xd4, 0xb1, 0x57,
+  0xd0, 0xb0, 0x9c, 0xcd, 0xe8, 0x30, 0xb9, 0xeb, 
+	0x3a, 0x02, 0xc4, 0xc5, 0xaa, 0x8a, 0xda, 0x98
+].pack('C*').freeze
+encrypted_test = SelfTestGostKEcbEncText
+
+encrypted_text = KuznyechikEcb.new(key).encrypt(plain_text)
+puts "ECB encrypted_text == encrypted_test: #{encrypted_text == encrypted_test}" 
+    
+decrypted_text = KuznyechikEcb.new(key).decrypt(encrypted_test)
+puts "ECB decrypted_text == plain_text: #{decrypted_text == plain_text}" 
+
+# OMAC mode
+SelfTestGostKMacValue = [
+  0x33, 0x6f, 0x4d, 0x29, 0x60, 0x59, 0xfb, 0xe3
+].pack('C*').freeze
+mac_test = SelfTestGostKMacValue
+
+mac = KuznyechikOmac.new(key, mac_test.length).update(plain_text).final
+puts "OMAC mac == mac_test: #{mac == mac_test}" 
+
+# CTR mode
+SelfTestGostKCtrSV = [
+  0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xce, 0xf0, 
+	0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf0, 0x01, 0x12
+].pack('C*').freeze
+iv = SelfTestGostKCtrSV
+
+SelfTestGostKCtrEncText = [
+  0xf1, 0x95, 0xd8, 0xbe, 0xc1, 0x0e, 0xd1, 0xdb, 
+	0xd5, 0x7b, 0x5f, 0xa2, 0x40, 0xbd, 0xa1, 0xb8,
+  0x85, 0xee, 0xe7, 0x33, 0xf6, 0xa1, 0x3e, 0x5d, 
+	0xf3, 0x3c, 0xe4, 0xb3, 0x3c, 0x45, 0xde, 0xe4,
+  0xa5, 0xea, 0xe8, 0x8b, 0xe6, 0x35, 0x6e, 0xd3, 
+	0xd5, 0xe8, 0x77, 0xf1, 0x35, 0x64, 0xa3, 0xa5,
+  0xcb, 0x91, 0xfa, 0xb1, 0xf2, 0x0c, 0xba, 0xb6, 
+	0xd1, 0xc6, 0xd1, 0x58, 0x20, 0xbd, 0xba, 0x73
+].pack('C*').freeze
+encrypted_test = SelfTestGostKCtrEncText
+
+encrypted_text = KuznyechikCtr.new(key, iv, BlockSize).encrypt(plain_text)
+puts "CTR encrypted_text == encrypted_test: #{encrypted_text == encrypted_test}"
+
+# CTR multi-part usage    
+text_len = plain_text.length
+ctx = KuznyechikCtr.new(key, iv, BlockSize)
+decrypted_text = ctx.decrypt(encrypted_test[0...text_len/3]) +
+  ctx.decrypt(encrypted_test[text_len/3..-1])
+puts "CTR decrypted_text == plain_text: #{decrypted_text == plain_text}" 
+
+# Key export/import (TC 26 KExp15/KImp15)
+TC26_K = [ 
+	0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 
+	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+	0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 
+	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF 
+].pack('C*').freeze
+TC26_Kmac = [
+	0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 
+	0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F 
+].pack('C*').freeze
+TC26_Kenc = [ 
+	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 
+	0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 
+	0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 
+	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
+].pack('C*').freeze
+TC26_IV_K = [
+	0x09, 0x09, 0x47, 0x2D, 0xD9, 0xF2, 0x6B, 0xE8
+].pack('C*').freeze
+TC26_Kexp_K = [
+	0xE3, 0x61, 0x84, 0xE8, 0x4E, 0x8D, 0x73, 0x6F, 
+	0xF3, 0x6C, 0xC2, 0xE5, 0xAE, 0x06, 0x5D, 0xC6, 
+	0x56, 0xB2, 0x3C, 0x20, 0xF5, 0x49, 0xB0, 0x2F, 
+	0xDF, 0xF8, 0x8E, 0x1F, 0x3F, 0x30, 0xD8, 0xC2, 
+	0x9A, 0x53, 0xF3, 0xCA, 0x55, 0x4D, 0xBA, 0xD8, 
+	0x0D, 0xE1, 0x52, 0xB9, 0xA4, 0x62, 0x5B, 0x32
+].pack('C*').freeze
+
+key = TC26_K
+key_mac = TC26_Kmac
+key_enc = TC26_Kenc
+iv = TC26_IV_K
+key_exp_test = TC26_Kexp_K
+
+key_exp = KuznyechikKeyExpImp::export(key, key_mac, key_enc, iv)
+puts "Key Export key_exp == key_exp_test: #{key_exp == key_exp_test}"
+
+imp_key = KuznyechikKeyExpImp::import(key_exp_test, key_mac, key_enc, iv)
+puts "Key Import imp_key == key: #{imp_key == key}"
+```
+
+For other cipher modes see test samples in /test/gost_kuznyechik_test.rb please.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/vblazhnovgit/gost_kuznyechik.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "gost_kuznyechik"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gost_kuznyechik.gemspec

@@ -0,0 +1,38 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "gost_kuznyechik/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "gost_kuznyechik"
+  spec.version       = GostKuznyechik::VERSION
+  spec.authors       = ["vblazhnovgit"]
+  spec.email         = ["vblazhnov@yandex.ru"]
+
+  spec.summary       = %q{Kuznyechik block ciphers}
+  spec.description   = %q{GOST R 34.12/13-2015 (Kuznyechik) block cipher algorithms for ECB, CBC, CTR, OFB, CFB, OMAC, CTR-ACPKM and OMAC-ACPKM modes.}
+  spec.homepage      = "https://github.com/vblazhnovgit/gost_kuznyechik.git"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org/"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+end

data/lib/gost_kuznyechik.rb

@@ -0,0 +1,15 @@
+require "gost_kuznyechik/version"
+
+module GostKuznyechik
+  require "gost_kuznyechik/kuznyechik"
+  require "gost_kuznyechik/kuznyechik_tables"
+  require "gost_kuznyechik/kuznyechik_ecb"
+  require "gost_kuznyechik/kuznyechik_omac"
+  require "gost_kuznyechik/kuznyechik_ctr"
+  require "gost_kuznyechik/kuznyechik_ofb"
+  require "gost_kuznyechik/kuznyechik_cfb"
+  require "gost_kuznyechik/kuznyechik_cbc"
+  require "gost_kuznyechik/kuznyechik_ctr_acpkm"
+  require "gost_kuznyechik/kuznyechik_omac_acpkm"
+  require "gost_kuznyechik/kuznyechik_key_exp_imp"
+end

data/lib/gost_kuznyechik/kuznyechik.rb

@@ -0,0 +1,249 @@
+module GostKuznyechik
+  # Base abstract class
+  class Kuznyechik
+    # class constants
+    BlockLengthInBytes = 16
+    NumberOfRounds = 10
+    NumberOfRoundsInKeySchedule = 8
+    KeyLengthInBytes = 32
+    MaxIvLength = BlockLengthInBytes*16
+
+    # 's' stands for native-endian byte order but 'n' stands for network (big-endian) byte order
+    BigEndian = [1].pack('s') == [1].pack('n')
+       
+    protected
+    
+    def self.printBytes(bytes, line_size = 16)
+      bytes.unpack('H*')[0].scan(/.{1,#{line_size}}/).each{|s| puts(s)}
+    end  
+    
+    def self.zeroBytes(n)
+      ("\x00"*n).force_encoding('BINARY')
+    end
+
+    def self.zeroBlock
+      ("\x00"*BlockLengthInBytes).force_encoding('BINARY')
+    end
+    
+    # n - 64-bit number
+    def self.funcS(n)
+      uint64ToUint8(n).unpack('C*').map{|b| PiTable[b]}.pack('C*').unpack('Q*')[0]
+    end
+    
+    def self.funcInvS(n)
+      uint64ToUint8(n).unpack('C*').map{|b| InvPiTable[b]}.pack('C*').unpack('Q*')[0]
+    end
+
+    def self.keyToNumbers(key)
+      inkey = key.scan(/.{8}/m).map{|k| k.unpack('Q*')[0]}
+    end
+    
+    def self.expandEncryptKeys(inkey)  
+      roundKeys = inkey.dup
+      constantIndex = 0
+      (2...NumberOfRounds).step(2) do |iNextKey|
+        roundKeys += roundKeys[-4..-1]
+        (0...NumberOfRoundsInKeySchedule).each do |iFeistel|
+          funcF(constantIndex, roundKeys, iNextKey * 2)      
+          constantIndex += 1
+        end
+      end
+      roundKeys
+    end
+    
+    def self.expandDecryptKeys(inkey)
+      roundKeys = expandEncryptKeys(inkey)
+      cache = [0, 0]
+      (1..8).each do |i|
+        cache[0] = roundKeys[2 * i]
+        cache[1] = roundKeys[2 * i + 1]
+        cache[0] = funcS(cache[0])
+        cache[1] = funcS(cache[1])
+        pair = funcInvLS(cache)
+        roundKeys[2 * i] = pair[0]
+        roundKeys[2 * i + 1] = pair[1]     
+      end
+      roundKeys
+    end
+    
+    def self.funcF(constantIndex, roundKeys, index)
+      temp1 = []
+      temp1 << (roundKeys[index] ^ RoundConstLeft[constantIndex]);
+      temp1 << (roundKeys[index+1] ^ RoundConstRight[constantIndex]);     
+      temp2 = funcLS(temp1)
+      roundKeys[index+2] ^= temp2[0];
+      roundKeys[index+3] ^= temp2[1];
+      swapBlocks(roundKeys, index);    
+    end
+    
+    def self.funcLS(input)
+      # To little-endian
+      na = []
+      ns = uint64ToUint8BE(input[0]).reverse
+      na += ns.unpack('C*')
+      ns = uint64ToUint8BE(input[1]).reverse
+      na += ns.unpack('C*')
+      left = 0
+      right = 0
+      na.each_with_index do |v, i|
+        left ^= PrecLSTableLeft[i][v]
+        right ^= PrecLSTableRight[i][v]
+      end
+      [left, right]
+    end
+    
+    def self.funcInvLS(input)
+      # To little-endian
+      na = []
+      ns = uint64ToUint8BE(input[0]).reverse
+      na += ns.unpack('C*')
+      ns = uint64ToUint8BE(input[1]).reverse
+      na += ns.unpack('C*')
+      left = 0
+      right = 0
+      na.each_with_index do |v, i|
+        left ^= PrecInvLSTableLeft[i][v]
+        right ^= PrecInvLSTableRight[i][v]
+      end
+      [left, right]
+    end
+    
+    # roundKeys - array of 64-bit numbers
+    # index - points to left[0] number
+    # index+2 - points to right[0] number
+    # swaps left[0..1] block with right[0..1] block 
+    def self.swapBlocks(roundKeys, index)
+      roundKeys[index] ^= roundKeys[index+2]
+      roundKeys[index+1] ^= roundKeys[index+3]
+
+      roundKeys[index+2] ^= roundKeys[index]
+      roundKeys[index+3] ^= roundKeys[index+1]
+
+      roundKeys[index] ^= roundKeys[index+2]
+      roundKeys[index+1] ^= roundKeys[index+3]
+    end
+
+    # Unload 64-bit number to 8-byte string
+    # (big-endian, adding leading zeroes)
+    def self.uint64ToUint8BE(n)
+      str = n.to_s(16) # big-endian
+      len = str.length
+      # add leading zeroes
+      str.insert(0, '0'*(16 - len)) if len < 16
+      # To byte string
+      bytes = [str].pack('H*')
+    end 
+    
+    # Unload 64-bit number to 8-byte string
+    # (native-endian, adding leading zeroes)
+    def self.uint64ToUint8(n)
+      bytes = uint64ToUint8BE(n)    
+      bytes.reverse! unless BigEndian   
+      bytes
+    end
+    
+    # Unpacks 8-byte string to 64-bit number 
+    # (native-endian)
+    def self.uint8ToUint64(bytes)
+      bytes.unpack('Q*')[0]
+    end
+    
+    # block - 16-byte String
+    def self.encryptBlock(block, keys)
+      pair = block.scan(/.{8}/m)
+      data = []
+      # Format 'Q*' unpacks byte string using native byte order
+      data << pair[0].unpack('Q*')[0]
+      data << pair[1].unpack('Q*')[0]
+      
+      cache = [0, 0]
+      (0...(NumberOfRounds - 1)).each do |round|
+          cache[0] = data[0] ^ keys[2 * round]
+          cache[1] = data[1] ^ keys[2 * round + 1]
+          data = funcLS(cache)
+      end
+      
+      data[0] ^= keys[2 * (NumberOfRounds - 1)]
+      data[1] ^= keys[2 * (NumberOfRounds - 1) + 1];
+      
+      output = uint64ToUint8(data[0]) + uint64ToUint8(data[1])
+      output
+    end
+    
+    def self.decryptBlock(block, keys)
+      pair = block.scan(/.{8}/m)
+      data = []
+      # Format 'Q*' unpacks byte string using native byte order
+      data << pair[0].unpack('Q*')[0]
+      data << pair[1].unpack('Q*')[0]
+      round = NumberOfRounds - 1
+      # round == 9
+      data[0] ^= keys[2 * round]
+      data[1] ^= keys[2 * round + 1] 
+      round -= 1
+      # round == 8
+      data[0] = funcS(data[0])
+      data[1] = funcS(data[1])    
+      cache = funcInvLS(data)
+      data = funcInvLS(cache)
+      cache[0] = data[0] ^ keys[2 * round]
+      cache[1] = data[1] ^ keys[2 * round + 1]
+      round -= 1
+      # round = 7    
+      (NumberOfRounds - 3).downto(1) do |i|
+          data = funcInvLS(cache)
+          cache[0] = data[0] ^ keys[2 * round]
+          cache[1] = data[1] ^ keys[2 * round + 1]
+          round -= 1
+      end
+      # round == 0
+      cache[0] = funcInvS(cache[0])
+      cache[1] = funcInvS(cache[1])
+      data[0] = cache[0] ^ keys[2 * round]
+      data[1] = cache[1] ^ keys[2 * round + 1]
+      
+      output = uint64ToUint8(data[0]) + uint64ToUint8(data[1])
+      output
+    end
+    
+    # Increment CTR counter
+    def self.incrementModulo(counter, size)
+      lastIndex = size - 1
+      (0...size).each do |i|
+        if counter[lastIndex - i].ord > 0xfe then  
+          counter[lastIndex - i] = (counter[lastIndex - i].ord - 0xff).chr  
+        else 
+          counter[lastIndex - i] = (counter[lastIndex - i].ord + 1).chr 
+          break 
+        end  
+      end
+      counter
+    end
+
+    # block - byte string  
+    def self.shiftLeftOne(block)
+      (0...(BlockLengthInBytes-1)).each do |i|
+        ri1 = block[i+1].ord
+        ri = block[i].ord << 1
+        ri &= 0xfe
+        ri |= (ri1 >> 7) & 0x1
+        block[i] = ri.chr
+      end
+      ri = block[BlockLengthInBytes-1].ord << 1
+      block[BlockLengthInBytes-1] = (ri & 0xfe).chr
+      block
+    end
+    
+    def self.padd(incomplete_block)
+      padding_len = BlockLengthInBytes - (incomplete_block.length % BlockLengthInBytes)
+      padded_block = incomplete_block.dup
+      padded_block += 0x80.chr
+      padding_len -= 1
+      if padding_len > 0 then
+        padded_block += 0.chr * padding_len
+      end
+      padded_block
+    end
+      
+  end
+end