int crypto_aead_decrypt(
unsigned char *m,unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,unsigned long long clen,
const unsigned char *ad,unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k
)
{
unsigned long i,j;
uint8_t plaintextblock[32], ciphertextblock[32];
uint8_t tag[16];
uint8_t check = 0;
uint64_t morus_state[5][4];
if (clen < 16) return -1;
morus_initialization(k, npub, morus_state);
//process the associated data
for (i = 0; (i+32) <= adlen; i += 32)
{
morus_enc_aut_step(ad+i, ciphertextblock, morus_state);
}
// deal with the partial block of associated data
// in this program, we assume that the message length is a multiple of bytes.
if ( (adlen & 0x1f) != 0 )
{
morus_enc_aut_partialblock(ad+i, ciphertextblock, adlen & 0x1f, morus_state);
}
// decrypt the ciphertext
*mlen = clen - 16;
for (i = 0; (i+32) <= *mlen; i += 32)
{
morus_dec_aut_step(m+i, c+i, morus_state);
}
// Deal with the partial block
// In this program, we assume that the message length is a multiple of bytes.
if ( (*mlen & 0x1f) != 0 ) {
morus_dec_aut_partialblock(m+i, c+i, *mlen & 0x1f, morus_state);
}
// we assume that the tag length is a multiple of bytes
// verification
return morus_tag_verification(*mlen, adlen, c, morus_state);
}
int crypto_aead_decrypt(
unsigned char* m,unsigned long long* mlen,
unsigned char* nsec,
const unsigned char* c,unsigned long long clen,
const unsigned char* ad,unsigned long long adlen,
const unsigned char* npub,
const unsigned char* k
)
{
uint8_t ciphertextblock[32] __attribute__((aligned(256)));
uint64_t morus_state[5][4] __attribute__((aligned(256)));
if (clen < 16) return -1;
// Initialization
morus_initialization(k, npub, morus_state);
// Process the associated data
unsigned long long length __attribute((aligned(64))) = adlen / 32;
if (length != 0) {
morus_enc_aut_step_ad(ad, morus_state, &length);
}
// Deal with the partial block of associated data
// In this program, we assume that the message length is a multiple of bytes
if ((adlen & 0x1f) != 0) {
morus_enc_aut_partialblock(ad + (length * 32), ciphertextblock, adlen & 0x1f, morus_state);
}
// Decrypt the ciphertext
*mlen = clen - 16;
length = *mlen / 32;
if (length != 0) {
morus_dec_aut_step_looped(m, c, morus_state, &length);
}
// Deal with the partial block
// In this program, we assume that the message length is a multiple of bytes
if ((*mlen & 0x1f) != 0) {
morus_dec_aut_partialblock(m + (length * 32), c + (length * 32), *mlen & 0x1f, morus_state);
}
// We assume that the tag length is a multiple of bytes
// Verification
return morus_tag_verification(*mlen, adlen, c, morus_state);
}
