void rc6_decrypt(unsigned int *ct) // Function to decrypt ciphertext
{
unsigned int A, B, C, D, t, u, x;
int i, j;
char op='D';
A = ct[0];
B = ct[1];
C = ct[2];
D = ct[3];
C -= S[2 * r + 3];
A -= S[2 * r + 2];
for (i = 2 * r; i >= 2; i -= 2)
{
x = D;
D = C;
C = B;
B = A;
A = x;
u = ROTL(D * (2 * D + 1), lgw);
t = ROTL(B * (2 * B + 1), lgw);
C = ROTR(C - S[i + 1], t) ^ u;
A = ROTR(A - S[i], u) ^ t;
}
D -= S[1];
B -= S[0];
pt[0] = A;
pt[1] = B;
pt[2] = C;
pt[3] = D;
output(pt,op);
}
void RC5decrypt(word32 const *in, word32 *out, word32 *key)
{
register word32 a, b;
int i;
a = *in;
b = *(in+1);
key += KR(rounds);
//fprintf(stderr,"a=%X, b=%X\n",a,b);
for (i = 0; i < rounds; i++) {
b -= *--key;
//fprintf(stderr, "b_res = %X\n", b);
b = ROTR(b, a&ANDVAL) ^ a;
//fprintf(stderr, "b_rot = %X\n", b);
//b = b ^ a;
//fprintf(stderr, "b_xor = %X\n\n", b);
a -= *--key;
fprintf(stderr, "a_res = %X\n", a);
a = ROTR(a, b&ANDVAL) ^ b;
fprintf(stderr, "a_rot = %X\n\n", a);
//fprintf(stderr,"a=%X, b=%X\n",a,b);
}
b -= *--key;
a -= *--key;
*out = a;
*(out+1) = b;
}
void rc6_block_decrypt(unsigned int *ct, unsigned int *pt)
{
unsigned int A, B, C, D, t, u, x;
int i, j;
A = ct[0];
B = ct[1];
C = ct[2];
D = ct[3];
C -= S[2 * r + 3];
A -= S[2 * r + 2];
for (i = 2 * r; i >= 2; i -= 2)
{
x = D;
D = C;
C = B;
B = A;
A = x;
u = ROTL(D * (2 * D + 1), lgw);
t = ROTL(B * (2 * B + 1), lgw);
C = ROTR(C - S[i + 1], t) ^ u;
A = ROTR(A - S[i], u) ^ t;
}
D -= S[1];
B -= S[0];
pt[0] = A;
pt[1] = B;
pt[2] = C;
pt[3] = D;
}
void RC6Decryption::ProcessBlock(const byte *in, byte *out) const
{
const RC6_WORD *sptr = sTable+sTable.size;
RC6_WORD a, b, c, d, t, u;
GETBLOCK(in, a, b, c, d);
sptr -= 2;
c -= sptr[1];
a -= sptr[0];
for (unsigned i=0; i < r; i++)
{
sptr -= 2;
t = a; a = d; d = c; c = b; b = t;
u = ROTL(d*(2*d+1), 5);
t = ROTL(b*(2*b+1), 5);
c = ROTR(c-sptr[1], t) ^ u;
a = ROTR(a-sptr[0], u) ^ t;
}
sptr -= 2;
d -= sTable[1];
b -= sTable[0];
PUTBLOCK(out, a, b, c, d);
}
void RC5_DECRYPT(WORD *ct, WORD *pt) /* 2 WORD input ct/output pt */
{ WORD i, B=ct[1], A=ct[0];
for (i=r; i>0; i--)
{ B = ROTR(B-S[2*i+1],A)^A;
A = ROTR(A-S[2*i],B)^B;
}
pt[1] = B-S[1]; pt[0] = A-S[0];
}
// address: 0x40bf17
void _start(unsigned int param1, int param2, int param3, __size32 param4) {
unsigned int ch; // r13
int ecx; // r25
ch = ((param2 | -29) ^ param1);
ecx = (param3 & 0xffff00ff | (param2 | -29) * 256) & 0xffff00ff | ch * 256;
if (ROLFLAGS32(ROTLC(ROTR(param4)), ROTR(param4), ecx) || ROLFLAGS32(ROTLC(ROTR(param4)), ROTR(param4), ecx)) {
}
}
void L2Inv(uint8_t *data){//; Inverse Linear Layer: L2
uint8_t temp[2];//movw t0, s4//; t1:t0 = s5:s4//movw t2, s4//; t3:t2 = s5:s4
temp[0] = ROTR(data[4]);//lsr t0//ror t2
temp[1] = ROTR(data[5]);//lsr t1//ror t3
temp[1] ^= temp[0];//eor t3, t2
data[5] ^= temp[1];//eor s5, t3
data[4] = ROTR(temp[1]);//mov s4, t3//lsr t3//ror s4
data[4] ^= temp[0];//eor s4, t2
data[4] = SWAP(data[4]);//swap s4
}
void L1Inv(uint8_t *data){//; Inverse Linear Layer: L1
uint8_t temp[2];//movw t0, s2; t1:t0 = s3:s2; movw t2, s2; t3:t2 = s3:s2
temp[0] = ROTR(data[2]);//lsr t0//ror t2
temp[1] = ROTR(data[3]);//lsr t1//ror t3
temp[1] ^= temp[0];//eor t3, t2
data[3] ^= temp[1];//eor s3, t3
data[3] = SWAP(data[3]);//swap s3
data[2] = ROTR(temp[1]);//mov s2, t3; lsr t3; ror s2
data[2] ^= temp[0];//eor s2, t2
}
//加密
void Decrypt6(PRCContext pContext,
unsigned long* pA,
unsigned long* pB,
unsigned long* pC,
unsigned long* pD)
{
unsigned long i,w,t,u,t1;
register unsigned long a = *pA;
register unsigned long b = *pB;
register unsigned long c = *pC;
register unsigned long d = *pD;
w = pContext->nWordSizeBit;
c -= pContext->pSubKey[2 * pContext->nRound + 3];
a -= pContext->pSubKey[2 * pContext->nRound + 2];
for (i=pContext->nRound; i>=1; i--)
{
//printf("i=%d,%u,%u,%u,%u\r\n",i,a,b,c,d);
//逆置换
//FR(&a,&b,&c,&d);
///*
t1 = d;
d = c;
c = b;
b = a;
a = t1;
//*/
//计算u的值,移位数;加密时使用d做为唯一参与计算的数
u = d * (2 * d + 1);
u = ROTL(u,pContext->nShiftCount,w);
//根据b计算t的值
t = b * (2 * b + 1);
t = ROTL(t,pContext->nShiftCount,w);
//printf("i=%d,%u,%u,%u,%u,%u,%u\r\n",i,a,b,c,d,t,u);
c -= pContext->pSubKey[2 * i + 1];
c = ROTR((c),t,w);
c ^= u;
a -= pContext->pSubKey[2 * i];
a = ROTR((a),u,w);
a ^= t;
}
//printf("=============================================\r\n");
//按照rc5算法分布的密钥,2*r+2已经到达数组末尾
//表示rc6最少要比rc5再多产生一组密钥
d -= pContext->pSubKey[1];
b -= pContext->pSubKey[0];
*pA = a;
*pB = b;
*pC = c;
*pD = d;
}
void
Decrypt32SPAndCopyAligned(
unsigned char *desData,
unsigned char *srcData,
unsigned int uiDataLength,
unsigned char *pDecryptIR
)
{
register xuint32* pDataPtr;
register xuint32 dwBuf;
#ifdef __LITTLE_ENDIAN_BYTEORDER
register xuint32 dwDecryptIR = (pDecryptIR[3]) + (pDecryptIR[0]<<8) + (pDecryptIR[1]<<16) + (pDecryptIR[2]<<24);
#else
register xuint32 dwDecryptIR = (pDecryptIR[3]<<24) + (pDecryptIR[0]<<16) + (pDecryptIR[1]<<8) + (pDecryptIR[2]);
#endif
register xuint32* toPtr;
register xuint32* desPtr;
toPtr = (xuint32*)(srcData + uiDataLength);
for(pDataPtr = (xuint32*)srcData, desPtr = (xuint32*)desData; pDataPtr < toPtr; pDataPtr++, desPtr++) {
dwBuf = dwDecryptIR ^ (*pDataPtr);
#ifdef __LITTLE_ENDIAN_BYTEORDER
*desPtr = ROTR(dwBuf, 8);
#else
*desPtr = ROTL(dwBuf, 8);
#endif
}
}
void
Encrypt32SPAligned(
unsigned char *pData,
unsigned int uiDataLength,
unsigned char *pEncryptIR
)
{
#ifdef __LITTLE_ENDIAN_BYTEORDER
register xuint32 dwEncryptIR = (pEncryptIR[0]) + (pEncryptIR[1]<<8) + (pEncryptIR[2]<<16) + (pEncryptIR[3]<<24);
#else
register xuint32 dwEncryptIR = (pEncryptIR[0]<<24) + (pEncryptIR[1]<<16) + (pEncryptIR[2]<<8) + (pEncryptIR[3]);
#endif
register xuint32* pDataPtr;
register xuint32 dwBuf;
register xuint32* toPtr = (xuint32*)(pData + uiDataLength);
for(pDataPtr = (xuint32*) pData; pDataPtr < toPtr; pDataPtr++) {
#ifdef __LITTLE_ENDIAN_BYTEORDER
dwBuf = ROTL(*pDataPtr, 8);
*pDataPtr = dwEncryptIR ^ dwBuf;
*pDataPtr = (*pDataPtr)^(0xff00ff00);
#else
dwBuf = ROTR(*pDataPtr, 8);
*pDataPtr = dwEncryptIR ^ dwBuf;
*pDataPtr = (*pDataPtr)^(0x00ff00ff);
#endif
}
}
void
Decrypt32SPAndCopySrcUnaligned(
unsigned char *desData,
unsigned char *srcData,
unsigned int uiDataLength,
unsigned char *pDecryptIR
)
{
register xuchar * pDataPtr;
register xuint32 dwBuf;
#ifdef __LITTLE_ENDIAN_BYTEORDER
register xuint32 dwDecryptIR = (pDecryptIR[3]) + (pDecryptIR[0]<<8) + (pDecryptIR[1]<<16) + (pDecryptIR[2]<<24);
#else
register xuint32 dwDecryptIR = (pDecryptIR[3]<<24) + (pDecryptIR[0]<<16) + (pDecryptIR[1]<<8) + (pDecryptIR[2]);
#endif
register xuchar* toPtr;
register xuint32* desPtr;
toPtr = srcData + uiDataLength;
for(pDataPtr = srcData, desPtr = (xuint32*)desData; pDataPtr < toPtr; pDataPtr+=4, desPtr++) {
#ifdef __LITTLE_ENDIAN_BYTEORDER
dwBuf = dwDecryptIR ^ (pDataPtr[0] + (pDataPtr[1]<<8) + (pDataPtr[2]<<16) + (pDataPtr[3]<<24));
*desPtr = ROTR(dwBuf, 8);
#elif __BIG_ENDIAN_BYTEORDER
dwBuf = dwDecryptIR ^ ((pDataPtr[0]<<24) + (pDataPtr[1]<<16) + (pDataPtr[2]<<8) + pDataPtr[3]);
*desPtr = ROTL(dwBuf, 8);
#endif
}
}
static uint8_t md2_perm(uint8_t i)
{
i = i * K1;
i = ROTR(i, R);
i ^= X;
i = i * K2;
return i;
}
//rc5解密
void Decrypt5(PRCContext pContext,
unsigned long* pA,
unsigned long* pB)
{
unsigned long i,w;
register unsigned long a = *pA;
register unsigned long b = *pB;
w = pContext->nWordSizeBit;
for (i=pContext->nRound; i>=1; i--)
{
b -= pContext->pSubKey[2 * i + 1];
b = ROTR(b,a,w) ^ a;
a -= pContext->pSubKey[2 * i];
a = ROTR(a,b,w) ^ b;
}
a -= pContext->pSubKey[0];
b -= pContext->pSubKey[1];
*pA = a;
*pB = b;
}
void L2(uint8_t *data){//; Linear Layer: L2
uint8_t temp[2];
data[4] = SWAP(data[4]);//swap s4
//movw t0, s4//; t1:t0 = s5:s4//movw t2, s4//; t3:t2 = s5:s4
temp[0] = ROTL(data[4]);//lsl t0//rol t2
temp[1] = ROTR(data[5]);//lsr t1//ror t3
data[4] ^= temp[1];//eor s4, t3
temp[1] = data[4];//mov t0, s4
data[4] ^= temp[0];//eor s4, t2
data[5] ^= temp[1];//eor s5, t0
}
void L1(uint8_t *data){//; Linear Layer: L1
uint8_t temp[2];
data[3] = SWAP(data[3]);//swap s3
//movw t0, s2; t1:t0 = s3:s2; movw t2, s2; t3:t2 = s3:s2 --> no need
temp[0] = ROTL(data[2]);//lsl t0 ; rol t2 --> t2 kees 1-bit left rotated value of s2
temp[1] = ROTR(data[3]);//lsr t1 ; ror t3 --> t3 kees 1-bit right rotated value of s3
data[2] ^= temp[1];//eor s2, t3
temp[1] = data[2];//mov t0, s2
data[2] ^= temp[0];//eor s2, t2
data[3] ^= temp[1];//eor s3, t0
}
/* Sym tab hash function */
static unsigned int ComputeHash(char *string, int size)
{
unsigned int len = strlen(string), rv;
char *pe = len + string;
unsigned char blank = ' ';
rv = len | blank;
while (len--)
{
unsigned char cback = (unsigned char)(*--pe) | blank;
rv = ROTR(rv, 2) ^ cback;
}
return (rv % size);
}
/**6、 解密函数
解密函数
*/
void Decipher(TWOBYTEINT* In,TWOBYTEINT* Out,TWOBYTEINT* S)
{
int i=0,j;
TWOBYTEINT X,Y;
for(j=0;j<NoOfData;j+=2)
{
X = In[j];
Y = In[j+1];
for(i=r;i>0;i--)
{
// Y = ROTR(Y-S[2*i+1],X)^X; //相减,循环移位,异或
// X = ROTR(X-S[2*i],Y)^Y;
// Y = ROTR(Y-S[2*i+1],X)^X; //相减,循环移位,异或
// X = ROTR(X-S[2*i],Y)^Y;
// 改为(对数据进行强制转换):
Y = ROTR((unsigned short int)(Y-S[2*i+1]),X)^X;
X = ROTR((unsigned short int)(X-S[2*i]),Y)^Y;
}
Out[j]=X - S[0];
Out[j+1]=Y - S[1]; //明文
}
}
void rc6_block_decrypt(unsigned int *ct, unsigned int *pt, int block_count, RC6KEY S)
{
unsigned int A, B, C, D, t, u, x;
int i;
while(block_count > 0)
{
A = ct[0];
B = ct[1];
C = ct[2];
D = ct[3];
C -= S[2 * r + 3];
A -= S[2 * r + 2];
for(i = 2 * r; i >= 2; i -= 2)
{
x = D;
D = C;
C = B;
B = A;
A = x;
u = ROTL(D * (2 * D + 1), lgw);
t = ROTL(B * (2 * B + 1), lgw);
C = ROTR(C - S[i + 1], t) ^ u;
A = ROTR(A - S[i], u) ^ t;
}
D -= S[1];
B -= S[0];
pt[0] = A;
pt[1] = B;
pt[2] = C;
pt[3] = D;
block_count--;
ct++;
pt++;
}
}
void encrypt(word * x, const word * k)
{
unsigned int i;
word rk0 = k[0];
word rk1 = k[1];
for (i = 0; i < ROUNDS; i++) {
rk0 += CONST;
rk1 -= CONST;
x[0] ^= rk0;
x[0] += x[1];
x[0] = ROTL(x[0], x[1]);
x[1] = ROTR(x[1], x[0]);
x[1] -= x[0];
x[1] ^= rk1;
}
rk0 = x[0];
x[0] = x[1];
x[1] = rk0;
}
static inline
uint32_t Sigma0(uint32_t x)
{
return ROTR(2, x) ^ ROTR(13, x) ^ ROTR(22, x);
}
static inline
uint32_t Sigma1(uint32_t x)
{
return ROTR(6, x) ^ ROTR(11, x) ^ ROTR(25, x);
}
static inline
uint32_t sigma0(uint32_t x)
{
return ROTR(7, x) ^ ROTR(18, x) ^ SHR(3, x);
}
static inline
uint32_t sigma1(uint32_t x)
{
return ROTR(17, x) ^ ROTR(19, x) ^ SHR(10, x);
}
static inline u64
Sum1 (u64 x)
{
return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41));
}
static inline u64
Sum0 (u64 x)
{
return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39));
}
inline vecu16_t SIG0(vecu16_t x)
{
return ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22);
}
inline vecu16_t SIG1(vecu16_t x)
{
return ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25);
}
void SHA256Block (struct sha256 * sha256, void const * memory)
{
static const uint32_t K [sizeof (sha256->block)] =
{
0x428A2F98,
0x71374491,
0xB5C0FBCF,
0xE9B5DBA5,
0x3956C25B,
0x59F111F1,
0x923F82A4,
0xAB1C5ED5,
0xD807AA98,
0x12835B01,
0x243185BE,
0x550C7DC3,
0x72BE5D74,
0x80DEB1FE,
0x9BDC06A7,
0xC19BF174,
0xE49B69C1,
0xEFBE4786,
0x0FC19DC6,
0x240CA1CC,
0x2DE92C6F,
0x4A7484AA,
0x5CB0A9DC,
0x76F988DA,
0x983E5152,
0xA831C66D,
0xB00327C8,
0xBF597FC7,
0xC6E00BF3,
0xD5A79147,
0x06CA6351,
0x14292967,
0x27B70A85,
0x2E1B2138,
0x4D2C6DFC,
0x53380D13,
0x650A7354,
0x766A0ABB,
0x81C2C92E,
0x92722C85,
0xA2BFE8A1,
0xA81A664B,
0xC24B8B70,
0xC76C51A3,
0xD192E819,
0xD6990624,
0xF40E3585,
0x106AA070,
0x19A4C116,
0x1E376C08,
0x2748774C,
0x34B0BCB5,
0x391C0CB3,
0x4ED8AA4A,
0x5B9CCA4F,
0x682E6FF3,
0x748F82EE,
0x78A5636F,
0x84C87814,
0x8CC70208,
0x90BEFFFA,
0xA4506CEB,
0xBEF9A3F7,
0xC67178F2
};
unsigned pass;
unsigned word;
uint32_t H [sizeof (sha256->state)/sizeof (uint32_t)];
uint32_t W [sizeof (sha256->block)];
uint8_t * buffer = (uint8_t *)(memory);
for (word = 0; word < 16; word++)
{
W [word] = 0;
W [word] |= (uint32_t)(*buffer++) << 24;
W [word] |= (uint32_t)(*buffer++) << 16;
W [word] |= (uint32_t)(*buffer++) << 8;
W [word] |= (uint32_t)(*buffer++) << 0;;
}
for (word = word; word < sizeof (sha256->block); word++)
{
uint32_t s0 = ROTR (W [word-15], 7) ^ ROTR (W [word-15], 18) ^ SHR (W [word-15], 3);
uint32_t s1 = ROTR (W [word- 2], 17) ^ ROTR (W [word- 2], 19) ^ SHR (W [word- 2], 10);
W [word] = W [word - 16] + s0 + W [word - 7] + s1;
}
for (word = 0; word < (sizeof (sha256->state) / sizeof (uint32_t)); word++)
{
H [word] = sha256->state [word];
}
for (pass = 0; pass < sizeof (sha256->block); pass++)
{
uint32_t s2 = ROTR (H [0], 2) ^ ROTR (H [0], 13) ^ ROTR (H [0], 22);
uint32_t maj = (H [0] & H [1]) ^ (H [0] & H [2]) ^ (H [1] & H [2]);
uint32_t t2 = s2 + maj;
uint32_t s3 = ROTR (H [4], 6) ^ ROTR (H [4], 11) ^ ROTR (H [4], 25);
uint32_t ch = (H [4] & H [5]) ^ ((~ H [4]) & H [6]);
uint32_t t1 = H [7] + s3 + ch + K [pass] + W [pass];
for (word = (sizeof (sha256->state) / sizeof (uint32_t)) - 1; word > 0; word--)
{
H [word] = H [word-1];
}
H [0] = t1 + t2;
H [4] += t1;
}
for (word = 0; word < (sizeof (sha256->state) / sizeof (uint32_t)); word++)
{
sha256->state [word] += H [word];
}
return;
}
void phs_upd_state(phs_ctx_t *ctx) {
uint32_t *state = (uint32_t*) ctx->state;
uint8_t idx_perm[PHS_F_COUNT];
uint8_t idx;
uint32_t tgt_addr;
uint32_t res;
for (uint32_t i = 0; i < ctx->inner_rounds; i++) {
Dprintf("DEBUG: Starting inner round %d...", i);
for (uint32_t j = 0; j < ctx->state_words; j++) {
/* Retrieve state value of current round and ensure that the value
* is modified with each inner round. We use the "res" value, as
* the intermediate result is used to continue the sequence in the
* inner loop.
*/
res = state[j];
res = ROTR(res, i % 32);
tgt_addr = res % ctx->state_words;
Dprintf("DEBUG: pos = %" PRIu32 ", tgt_addr = %" PRIu32 "\n", j, tgt_addr);
/* We execute a sequence of PHS_F_COUNT functions as one iteration,
* which corresponds to one of all PHS_F_COUNT! possible permutations
* of the functions.
* This ensures that the "block" is executed in constant time,
* regardless of the target platform. It also ensures constant time
* between two memory accesses.
*/
/* Reset permutation index */
for (uint8_t i = 0; i < PHS_F_COUNT; i++) {
idx_perm[i] = i;
}
/* Execute a specific sequence (permutation) using all functions */
for (uint8_t k = 0; k < PHS_F_COUNT; k++) {
/* Derive the function index from the intermediate result in constant
* time for each step.
*
* 1) It reads the value "idx" at position r(i) from the array "perm"
* 2) It reads the value "tmp" at position PHS_F_COUNT-k from the array "perm"
* 3) It overwrites the value at position r(i) with "tmp"
*
* Example: n = 7, init perm = [0, 1, 2, 3, 4, 5, 6], 0 <= r(i) < n-i in step i
* Step 0: r(0) = 4, idx = perm[4] = 4, new perm = [0, 1, 2, 3, 6, 5| 6]
* Step 1: r(1) = 5, idx = perm[5] = 5, new perm = [0, 1, 2, 3, 6| 5, 6]
* Step 2: r(2) = 2, idx = perm[2] = 2, new perm = [0, 1, 6, 3| 6, 5, 6]
* Step 3: r(3) = 2, idx = perm[2] = 6, new perm = [0, 1, 3| 3, 6, 5, 6]
* Step 4: r(4) = 0, idx = perm[0] = 0, new perm = [3, 1| 3, 3, 6, 5, 6]
* Step 5: r(5) = 1, idx = perm[1] = 1, new perm = [3| 1, 3, 3, 6, 5, 6]
* Step 6: r(6) = 0, idx = perm[0] = 3, new perm = [3, 1, 3, 3, 6, 5, 6]
*
* Please note that we can optimize this step in C by just changing the
* pointers...
*/
idx = idx_perm[res % (PHS_F_COUNT-k)];
idx_perm[res % (PHS_F_COUNT-k)] = idx_perm[PHS_F_COUNT-k-1];
Dprintf("DEBUG: >> using idx = %d, coming from pos %d\n", idx, (res % (PHS_F_COUNT-k)));
/* Evaluate function idx for res */
res = F(idx, res);
/* *********** Begin DEBUG-only statistics *********** */
#ifdef PHC_DEBUG_STATISTICS
/* increase counters */
cnt_idx[idx]++;
#endif
/* *********** End DEBUG-only statistics *********** */
/* debug output */
Dprintf("DEBUG: >> k = %02d, idx = %d, res = %08" PRIx32 "\n", k, idx, res);
}
/* XOR the result of the sequence to the target value */
state[tgt_addr] ^= res;
/* *********** Begin DEBUG-only statistics *********** */
#ifdef PHC_DEBUG_STATISTICS
cnt_tgt_addr[tgt_addr]++;
#endif
/* *********** End DEBUG-only statistics *********** */
}
}
}
