int norx_aead_decrypt(
unsigned char *m, size_t *mlen,
const unsigned char *a, size_t alen,
const unsigned char *c, size_t clen,
const unsigned char *z, size_t zlen,
const unsigned char *nonce,
const unsigned char *key
)
{
const __m256i K = LOADU(key);
__m256i A, B, C, D;
if (clen < BYTES(NORX_T)) { return -1; }
*mlen = clen - BYTES(NORX_T);
INITIALISE(A, B, C, D, nonce, K);
ABSORB_DATA(A, B, C, D, a, alen, HEADER_TAG);
DECRYPT_DATA(A, B, C, D, m, c, clen - BYTES(NORX_T));
ABSORB_DATA(A, B, C, D, z, zlen, TRAILER_TAG);
FINALISE(A, B, C, D, K);
/* Verify tag */
D = _mm256_cmpeq_epi8(D, LOADU(c + clen - BYTES(NORX_T)));
return (((_mm256_movemask_epi8(D) & 0xFFFFFFFFULL) + 1) >> 32) - 1;
}
int
buffer_node_state(struct node *node, int full,
const struct sockaddr_in6 *sin6, struct interface *interface)
{
int buflen = full ? 20 + node->datalen : 20;
unsigned char buf[buflen];
int i = 0;
long long orig_delay =
(now.tv_sec - node->orig_time.tv_sec) * 1000LL +
((long long)now.tv_nsec - node->orig_time.tv_nsec + 999999) / 1000000;
BYTES(node->id, 4);
LONG(node->seqno);
LONG((unsigned)orig_delay);
BYTES(node->datahash, 8);
if(full) {
BYTES(node->data, node->datalen);
}
assert(i == buflen);
debugf("-> NODE-STATE %s%s\n",
format_32(node->id),
full && interface ? " (full, multicast)" :
full ? " (full)" :
interface ? " (multicast)" : "");
return buffer_tlv(5, buf, buflen, sin6, interface);
}
/********************
class scalarsettypedecl
********************/
scalarsettypedecl::scalarsettypedecl(expr * l, int lb)
:typedecl(), named(FALSE), lexname(NULL), useless(TRUE)
{
if (Error.CondError(!type_equal(l->gettype(), inttype),
"Only scalarsets of integer size allowed.") ||
Error.CondError(!l->hasvalue(), "Scalarset size must be constants.")
) {
left = lb;
right = lb;
numbits = 1;
if (!args->no_compression) {
bitsalloc = numbits;
} else {
bitsalloc = BYTES(numbits);
if (left < 0 || right > 254 || numbits > 8)
bitsalloc = 32;
}
mu_type = (left < 0 || right > 254 || numbits > 8 ?
"mu__long" : "mu__byte");
idvalues = symtab->declare(new lexid(tsprintf("scalarset_%u_v_error",
scalarset_type_int++),
0), new constdecl(lb++, this));
// it is not set as scalarset variable because it is of size 1.
// structure = typedecl::ScalarsetVariable;
scalarsetlist = NULL; // to be set when declaring ID : typeExpr
} else {
// setting size, numbits, left and right
// const 0 is used for undefined value --> 0. lb, ... . ub
int size = l->getvalue();
if (size < 1)
Error.Error("Scalarset size must be greater than zero.");
numbits = CeilLog2(l->getvalue() + 1);
left = lb;
right = left + size - 1;
if (!args->no_compression) {
bitsalloc = numbits;
} else {
if (numbits > 31)
Error.Error("Internal error, range is too large");
bitsalloc = BYTES(numbits);
if (left < 0 || right > 254 || numbits > 8)
bitsalloc = 32;
}
mu_type = (left < 0 || right > 254 || numbits > 8 ?
"mu__long" : "mu__byte");
// set id strings
// name may be changed if it is later explicitly given a type name
int value = left;
for (int i = 1; i <= size; i++) {
symtab->declare(new lexid(tsprintf("scalarset_%u_v%u",
scalarset_type_int, i), 0),
new constdecl(value++, this));
}
idvalues = symtab->getscope();
if (size > 1) // scalarset of size 1 is treated as normal enum
structure = typedecl::ScalarsetVariable;
scalarsetlist = NULL; // to be set when declaring ID : typeExpr
}
}
int norx_aead_decrypt(
unsigned char *m, size_t *mlen,
const unsigned char *a, size_t alen,
const unsigned char *c, size_t clen,
const unsigned char *z, size_t zlen,
const unsigned char *nonce,
const unsigned char *key
)
{
const uint32x4_t K = LOADU(key);
uint32x4_t A, B, C, D;
if(clen < BYTES(NORX_T)) { return -1; }
*mlen = clen - BYTES(NORX_T);
INITIALISE(A, B, C, D, nonce, K);
ABSORB_DATA(A, B, C, D, a, alen, HEADER_TAG);
DECRYPT_DATA(A, B, C, D, m, c, clen - BYTES(NORX_T));
ABSORB_DATA(A, B, C, D, z, zlen, TRAILER_TAG);
FINALISE(A, B, C, D, K);
/* Verify tag */
D = vceqq_u32(D, LOADU(c + clen - BYTES(NORX_T)));
return 0xFFFFFFFF == (vgetq_lane_u32(D, 0) & vgetq_lane_u32(D, 1) & vgetq_lane_u32(D, 2) & vgetq_lane_u32(D, 3)) ? 0 : -1;
}
int norx_aead_decrypt(
unsigned char *m, size_t *mlen,
const unsigned char *a, size_t alen,
const unsigned char *c, size_t clen,
const unsigned char *z, size_t zlen,
const unsigned char *nonce,
const unsigned char *key
)
{
const __m128i K = LOADU(key);
__m128i S[4];
if (clen < BYTES(NORX_T)) { return -1; }
*mlen = clen - BYTES(NORX_T);
INITIALISE(S, nonce, K);
ABSORB_DATA(S, a, alen, HEADER_TAG);
DECRYPT_DATA(S, m, c, clen - BYTES(NORX_T));
ABSORB_DATA(S, z, zlen, TRAILER_TAG);
FINALISE(S, K);
/* Verify tag */
S[3] = _mm_cmpeq_epi8(S[3], LOADU(c + clen - BYTES(NORX_T)));
return (((_mm_movemask_epi8(S[3]) & 0xFFFFU) + 1) >> 16) - 1;
}
static MRS_INLINE void mrs_decrypt_lastblock(mrs_state_t state, unsigned char * out, const unsigned char * in, size_t inlen)
{
size_t i;
mrs_word_t * S = state->S;
uint8_t lastblock[BYTES(MRS_R)];
mrs_permute(state);
for(i = 0; i < WORDS(MRS_R); ++i)
{
STORE(lastblock + i * BYTES(MRS_W), S[i]);
}
/* undo padding */
memcpy(lastblock, in, inlen);
/*lastblock[inlen] ^= 0x01;
lastblock[BYTES(MRS_R) - 1] ^= 0x80;*/
for (i = 0; i < WORDS(MRS_R); ++i)
{
const mrs_word_t c = LOAD(lastblock + i * BYTES(MRS_W));
STORE(lastblock + i * BYTES(MRS_W), S[i] ^ c);
S[i] = c;
}
memcpy(out, lastblock, inlen);
#if defined(MRS_DEBUG)
printf("DECRYPTING LASTBLOCK:\n");
print_bytes(lastblock, BYTES(MRS_R));
printf("STATE:\n");
print_state(state->S);
#endif
burn(lastblock, 0, sizeof lastblock);
}
void mrs_absorb_lastblock(mrs_state_t state, const unsigned char * in, size_t inlen)
{
uint8_t lastblock[BYTES(MRS_B)];
mrs_pad(lastblock, sizeof lastblock, in, inlen);
mrs_absorb_block(state, lastblock);
burn(lastblock, 0, BYTES(MRS_B));
}
void mrs_finalise(mrs_state_t state, size_t hlen, size_t mlen, unsigned char * tag)
{
mrs_word_t * S = state->S;
uint8_t lastblock[BYTES(MRS_R)];
size_t i;
/* finalise state */
mrs_permute(state);
S[0] ^= hlen;
S[1] ^= mlen;
mrs_permute(state);
/* extract tag */
for (i = 0; i < WORDS(MRS_R); ++i)
{
STORE(lastblock + i * BYTES(MRS_W), S[i]);
}
memcpy(tag, lastblock, BYTES(MRS_T));
#if defined(MRS_DEBUG)
printf("FINALISED:\n");
print_state(state->S);
#endif
burn(lastblock, 0, BYTES(MRS_R));
}
static NORX_INLINE void norx_pad(uint8_t *out, const uint8_t *in, const size_t inlen)
{
memset(out, 0, BYTES(RATE));
memcpy(out, in, inlen);
out[inlen] = 0x01;
out[BYTES(RATE) - 1] |= 0x80;
}
int norx_aead_decrypt(
unsigned char *m, size_t *mlen,
const unsigned char *a, size_t alen,
const unsigned char *c, size_t clen,
const unsigned char *z, size_t zlen,
const unsigned char *nonce,
const unsigned char *key
)
{
uint64x2_t S[8];
uint32x4_t T[2];
if (clen < BYTES(NORX_T)) { return -1; }
*mlen = clen - BYTES(NORX_T);
INITIALISE(S, nonce, key);
ABSORB_DATA(S, a, alen, HEADER_TAG);
DECRYPT_DATA(S, m, c, clen - BYTES(NORX_T));
ABSORB_DATA(S, z, zlen, TRAILER_TAG);
FINALISE(S);
/* Verify tag */
T[0] = vceqq_u32(U64TOU32(S[0]), U8TOU32( vld1q_u8((uint8_t *)(c + clen - BYTES(NORX_T) )) ));
T[1] = vceqq_u32(U64TOU32(S[1]), U8TOU32( vld1q_u8((uint8_t *)(c + clen - BYTES(NORX_T)/2)) ));
T[0] = vandq_u32(T[0], T[1]);
return 0xFFFFFFFFFFFFFFFFULL == (vgetq_lane_u64(U32TOU64(T[0]), 0) & vgetq_lane_u64(U32TOU64(T[0]), 1)) ? 0 : -1;
}
static NORX_INLINE void norx_decrypt_lastblock(norx_state_t state, uint8_t *out, const uint8_t * in, size_t inlen)
{
norx_word_t * S = state->S;
uint8_t lastblock[BYTES(NORX_R)];
size_t i;
S[15] ^= PAYLOAD_TAG;
norx_permute(state);
for(i = 0; i < WORDS(NORX_R); ++i) {
STORE(lastblock + i * BYTES(NORX_W), S[i]);
}
memcpy(lastblock, in, inlen);
lastblock[inlen] ^= 0x01;
lastblock[BYTES(NORX_R) - 1] ^= 0x80;
for (i = 0; i < WORDS(NORX_R); ++i) {
const norx_word_t c = LOAD(lastblock + i * BYTES(NORX_W));
STORE(lastblock + i * BYTES(NORX_W), S[i] ^ c);
S[i] = c;
}
memcpy(out, lastblock, inlen);
burn(lastblock, 0, sizeof lastblock);
}
static MRS_INLINE void mrs_encrypt_lastblock(mrs_state_t state, unsigned char * out, const unsigned char * in, size_t inlen)
{
uint8_t lastblock[BYTES(MRS_R)];
mrs_pad(lastblock, sizeof lastblock, in, inlen);
mrs_encrypt_block(state, lastblock, lastblock);
memcpy(out, lastblock, inlen);
burn(lastblock, 0, BYTES(MRS_R));
}
static NORX_INLINE void norx_decrypt_lastblock(norx_state_t state, uint8_t *out, const uint8_t * in, size_t inlen)
{
norx_word_t * S = state->S;
uint8_t b[BYTES(NORX_W)];
size_t i, j;
norx_inject_tag(state, PAYLOAD_TAG);
norx_permutation(state);
/* Undo padding */
S[inlen / BYTES(NORX_W)] ^= 0x01ULL << ((inlen % BYTES(NORX_W)) * 8);
S[WORDS(RATE) - 1] ^= 0x80ULL << (((BYTES(RATE) - 1) % BYTES(NORX_W)) * 8);
for(i = 0; inlen >= BYTES(NORX_W); ++i)
{
norx_word_t c = LOAD(in);
STORE(out, S[i] ^ c);
S[i] = c;
inlen -= BYTES(NORX_W);
in += BYTES(NORX_W);
out += BYTES(NORX_W);
}
STORE(b, S[i]);
for(j = 0; j < inlen; ++j)
{
uint8_t c = in[j];
out[j] = b[j] ^ c;
b[j] = c;
}
S[i] = LOAD(b);
}
int
format_my_state(unsigned char *buf, int buflen)
{
int i = 0, j, k;
for(j = 0; j < numneighs; j++) {
CHECK(12);
SHORT(8);
SHORT(12);
BYTES(neighs[j].id, 4);
LONG(neighs[j].eid);
LONG(neighs[j].interface->ifindex);
PAD();
}
CHECK(11);
SHORT(32);
SHORT(12);
SHORT(0x100);
SHORT(0);
BYTES("SHNCPD/0", 8);
PAD();
for(j = 0; j < numinterfaces; j++) {
for(k = 0; k < interfaces[j].numassigned; k++) {
const struct assigned_prefix *aa = &interfaces[j].assigned[k];
int pbytes = (aa->assigned.plen + 7) / 8;
if(aa->published) {
assert(aa->assigned.plen > 0);
CHECK(10 + pbytes);
SHORT(35);
SHORT(6 + pbytes);
LONG(interfaces[j].ifindex);
BYTE((aa->assigned.prio & 0x0F));
BYTE(aa->assigned.plen);
BYTES(&aa->assigned.p, pbytes);
PAD();
}
if(!IN6_IS_ADDR_UNSPECIFIED(&aa->assigned_address)) {
CHECK(24);
SHORT(36);
SHORT(20);
LONG(interfaces[j].ifindex);
BYTES(&aa->assigned_address, 16);
PAD();
}
}
}
return i;
fail:
return -1;
}
void mrs_absorb_data(mrs_state_t state, const unsigned char * in, size_t inlen)
{
while (inlen >= BYTES(MRS_B))
{
mrs_absorb_block(state, in);
inlen -= BYTES(MRS_B);
in += BYTES(MRS_B);
}
if(inlen > 0) {
mrs_absorb_lastblock(state, in, inlen);
}
}
void mrs_decrypt_data(mrs_state_t state, unsigned char * out, const unsigned char * in, size_t inlen)
{
while (inlen >= BYTES(MRS_R))
{
mrs_decrypt_block(state, out, in);
inlen -= BYTES(MRS_R);
in += BYTES(MRS_R);
out += BYTES(MRS_R);
}
if(inlen > 0) {
mrs_decrypt_lastblock(state, out, in, inlen);
}
}
static NORX_INLINE void norx_encrypt_block(norx_state_t state, uint8_t *out, const uint8_t * in)
{
size_t i;
norx_word_t * S = state->S;
S[15] ^= PAYLOAD_TAG;
norx_permute(state);
for (i = 0; i < WORDS(NORX_R); ++i) {
S[i] ^= LOAD(in + i * BYTES(NORX_W));
STORE(out + i * BYTES(NORX_W), S[i]);
}
}
status init_set(set *p_S, int size)
{
int numbytes, i;
numbytes = (size + BYTESIZE - 1) / BYTESIZE;
BYTES(p_S) = (char *) malloc(numbytes);
if (BYTES(p_S) == NULL)
return ERROR;
SIZE(p_S) = numbytes * BYTESIZE;
for (i=0; i<numbytes; i++)
BYTES(p_S)[i] = 0;
return OK;
}
void norx_encrypt_msg(norx_state_t state, unsigned char *out, const unsigned char * in, size_t inlen)
{
if(inlen > 0)
{
norx_state_t lane[NORX_D];
uint8_t emptyblock[BYTES(RATE)];
size_t i, j;
/* Initialize states + branch */
for(i = 0; i < NORX_D; ++i)
{
memcpy(lane[i], state, sizeof lane[i]);
norx_branch(lane[i], i);
}
/* parallel payload processing */
for(i = 0; inlen >= BYTES(RATE); ++i)
{
norx_encrypt_block(lane[i%NORX_D], out, in);
inlen -= BYTES(RATE);
out += BYTES(RATE);
in += BYTES(RATE);
}
norx_encrypt_lastblock(lane[i++%NORX_D], out, in, inlen);
/* Pad remaining blocks */
norx_pad(emptyblock, emptyblock, 0);
for(j = 0; j < (NORX_D-1); ++j, ++i)
{
norx_absorb(lane[i%NORX_D], emptyblock, PAYLOAD_TAG);
}
/* Merge */
memset(state, 0, sizeof(norx_state_t));
for(i = 0; i < NORX_D; ++i)
{
#if defined(NORX_DEBUG)
printf("End of payload processing (lane %lu) \n", i);
norx_print_state(lane[i]);
#endif
norx_merge(state, lane[i]);
burn(lane[i], 0, sizeof(norx_state_t));
}
#if defined(NORX_DEBUG)
printf("End of merging:\n");
norx_print_state(state);
#endif
}
}
static void bufgrow (Buffer * b, int len)
{
if (len > b->size)
{
b->mem = realloc (b->mem, BYTES (len));
b->size = len;
}
if (len > b->len)
{
memset (OFFSET (b->mem, b->len), 0, BYTES (len - b->len));
b->len = len;
}
}
int writeGrainTableData(const SparseExtentHeader * header, u_int32_t * grainTable, const size_t numgte, FILE * fd)
{
size_t numgts = numGTs(BYTES(header->capacity));
size_t gt0offset = GT0Offset(numgts);
int returner = 0;
VPRINT("Writing redundant grain tables\n");
fseek(fd, BYTES(header->rgdOffset + gt0offset), SEEK_SET);
returner += fwrite((void*)grainTable, sizeof(u_int32_t), numgte, fd);
VPRINT("Writing grain tables\n");
fseek(fd, BYTES(header->gdOffset + gt0offset), SEEK_SET);
returner += fwrite((void*)grainTable, sizeof(u_int32_t), numgte, fd);
return returner;
}
static NORX_INLINE void norx_decrypt_block(norx_state_t state, uint8_t *out, const uint8_t * in)
{
norx_word_t * S = state->S;
size_t i;
norx_inject_tag(state, PAYLOAD_TAG);
norx_permutation(state);
for (i = 0; i < WORDS(RATE); ++i)
{
const norx_word_t c = LOAD(in + i * BYTES(NORX_W));
STORE(out + i * BYTES(NORX_W), S[i] ^ c);
S[i] = c;
}
}
void norx_decrypt_msg(norx_state_t state, unsigned char *out, const unsigned char * in, size_t inlen)
{
if(inlen > 0)
{
while (inlen >= BYTES(RATE))
{
norx_decrypt_block(state, out, in);
inlen -= BYTES(RATE);
in += BYTES(RATE);
out += BYTES(RATE);
}
norx_decrypt_lastblock(state, out, in, inlen);
}
}
void norx_output_tag(norx_state_t state, unsigned char * tag)
{
norx_word_t * S = state->S;
uint8_t lastblock[BYTES(RATE)];
size_t i;
norx_finalize(state);
for (i = 0; i < WORDS(RATE); ++i)
STORE(lastblock + i * BYTES(NORX_W), S[i]);
memcpy(tag, lastblock, BYTES(NORX_A));
burn(lastblock, 0, BYTES(RATE)); /* burn full state dump */
burn(state, 0, sizeof(norx_state_t)); /* at this point we can also burn the state */
}
static inline ip6_addr
get_ip6_px(const void *p, uint plen)
{
ip6_addr addr = IPA_NONE;
memcpy(&addr, p, BYTES(plen));
return ip6_ntoh(addr);
}
status set_insert(set *p_S, int element)
{
if (element < 0 || element >= SIZE(p_S))
return ERROR;
BYTES(p_S)[element/BYTESIZE] |= bit[element%BYTESIZE];
return OK;
}
static NORX_INLINE void norx_encrypt_lastblock(norx_state_t state, uint8_t *out, const uint8_t * in, size_t inlen)
{
uint8_t lastblock[BYTES(RATE)];
norx_pad(lastblock, in, inlen);
norx_encrypt_block(state, lastblock, lastblock);
memcpy(out, lastblock, inlen);
}
bool set_member(set *p_S, int element)
{
if (element < 0 || element >= SIZE(p_S))
return FALSE;
return (BYTES(p_S)[element/BYTESIZE] & bit[element%BYTESIZE])
? TRUE
: FALSE;
}
void norx_process_trailer(norx_state_t state, const unsigned char * in, size_t inlen)
{
if(inlen > 0)
{
uint8_t lastblock[BYTES(RATE)];
while (inlen >= BYTES(RATE))
{
norx_absorb(state, in, TRAILER_TAG);
inlen -= BYTES(RATE);
in += BYTES(RATE);
}
norx_pad(lastblock, in, inlen);
norx_absorb(state, lastblock, TRAILER_TAG);
}
}
static MRS_INLINE void mrs_absorb_block(mrs_state_t state, const unsigned char * in)
{
size_t i;
mrs_word_t * S = state->S;
mrs_permute(state);
for (i = 0; i < WORDS(MRS_B); ++i)
{
S[i] ^= LOAD(in + i * BYTES(MRS_W));
}
#if defined(MRS_DEBUG)
printf("ABSORBING BLOCK:\n");
print_bytes(in, BYTES(MRS_B));
printf("STATE:\n");
print_state(state->S);
#endif
}
