void morus_stateupdate(const uint64_t* msgblk, uint64_t state[][4]) // call it as fun(state)
{
uint64_t temp,temp1;
state[0][0] ^= state[3][0]; state[0][1] ^= state[3][1]; state[0][2] ^= state[3][2]; state[0][3] ^= state[3][3];
temp = state[3][3]; state[3][3] = state[3][2]; state[3][2] = state[3][1]; state[3][1] = state[3][0]; state[3][0] = temp;
state[0][0] ^= state[1][0] & state[2][0]; state[0][1] ^= state[1][1] & state[2][1]; state[0][2] ^= state[1][2] & state[2][2]; state[0][3] ^= state[1][3] & state[2][3];
state[0][0] = rotl(state[0][0],n1); state[0][1] = rotl(state[0][1],n1); state[0][2] = rotl(state[0][2],n1); state[0][3] = rotl(state[0][3],n1);
state[1][0] ^= msgblk[0]; state[1][1] ^= msgblk[1]; state[1][2] ^= msgblk[2]; state[1][3] ^= msgblk[3];
state[1][0] ^= state[4][0]; state[1][1] ^= state[4][1]; state[1][2] ^= state[4][2]; state[1][3] ^= state[4][3];
temp = state[4][3]; state[4][3] = state[4][1]; state[4][1] = temp;
temp1= state[4][2]; state[4][2] = state[4][0]; state[4][0] = temp1;
state[1][0] ^= (state[2][0] & state[3][0]); state[1][1] ^= (state[2][1] & state[3][1]); state[1][2] ^= (state[2][2] & state[3][2]); state[1][3] ^= (state[2][3] & state[3][3]);
state[1][0] = rotl(state[1][0],n2); state[1][1] = rotl(state[1][1],n2); state[1][2] = rotl(state[1][2],n2); state[1][3] = rotl(state[1][3],n2);
state[2][0] ^= msgblk[0]; state[2][1] ^= msgblk[1]; state[2][2] ^= msgblk[2]; state[2][3] ^= msgblk[3];
state[2][0] ^= state[0][0]; state[2][1] ^= state[0][1]; state[2][2] ^= state[0][2]; state[2][3] ^= state[0][3];
temp = state[0][0]; state[0][0] = state[0][1]; state[0][1] = state[0][2]; state[0][2] = state[0][3]; state[0][3] = temp;
state[2][0] ^= state[3][0] & state[4][0]; state[2][1] ^= state[3][1] & state[4][1]; state[2][2] ^= state[3][2] & state[4][2]; state[2][3] ^= state[3][3] & state[4][3];
state[2][0] = rotl(state[2][0],n3); state[2][1] = rotl(state[2][1],n3); state[2][2] = rotl(state[2][2],n3); state[2][3] = rotl(state[2][3],n3);
state[3][0] ^= msgblk[0]; state[3][1] ^= msgblk[1]; state[3][2] ^= msgblk[2]; state[3][3] ^= msgblk[3];
state[3][0] ^= state[1][0]; state[3][1] ^= state[1][1]; state[3][2] ^= state[1][2]; state[3][3] ^= state[1][3];
temp = state[1][3]; state[1][3] = state[1][1]; state[1][1] = temp;
temp1= state[1][2]; state[1][2] = state[1][0]; state[1][0] = temp1;
state[3][0] ^= state[4][0] & state[0][0]; state[3][1] ^= state[4][1] & state[0][1]; state[3][2] ^= state[4][2] & state[0][2]; state[3][3] ^= state[4][3] & state[0][3];
state[3][0] = rotl(state[3][0],n4); state[3][1] = rotl(state[3][1],n4); state[3][2] = rotl(state[3][2],n4); state[3][3] = rotl(state[3][3],n4);
state[4][0] ^= msgblk[0]; state[4][1] ^= msgblk[1]; state[4][2] ^= msgblk[2]; state[4][3] ^= msgblk[3];
state[4][0] ^= state[2][0]; state[4][1] ^= state[2][1]; state[4][2] ^= state[2][2]; state[4][3] ^= state[2][3];
temp = state[2][3]; state[2][3] = state[2][2]; state[2][2] = state[2][1]; state[2][1] = state[2][0]; state[2][0] = temp;
state[4][0] ^= state[0][0] & state[1][0]; state[4][1] ^= state[0][1] & state[1][1]; state[4][2] ^= state[0][2] & state[1][2]; state[4][3] ^= state[0][3] & state[1][3];
state[4][0] = rotl(state[4][0],n5); state[4][1] = rotl(state[4][1],n5); state[4][2] = rotl(state[4][2],n5); state[4][3] = rotl(state[4][3],n5);
}
void des_decipher(word32 *output, word32 L, word32 R, DESContext *sched) {
word32 swap, s0246, s1357;
IP(L, R);
L = rotl(L, 1);
R = rotl(R, 1);
L ^= f(R, sched->k0246[15], sched->k1357[15]);
R ^= f(L, sched->k0246[14], sched->k1357[14]);
L ^= f(R, sched->k0246[13], sched->k1357[13]);
R ^= f(L, sched->k0246[12], sched->k1357[12]);
L ^= f(R, sched->k0246[11], sched->k1357[11]);
R ^= f(L, sched->k0246[10], sched->k1357[10]);
L ^= f(R, sched->k0246[ 9], sched->k1357[ 9]);
R ^= f(L, sched->k0246[ 8], sched->k1357[ 8]);
L ^= f(R, sched->k0246[ 7], sched->k1357[ 7]);
R ^= f(L, sched->k0246[ 6], sched->k1357[ 6]);
L ^= f(R, sched->k0246[ 5], sched->k1357[ 5]);
R ^= f(L, sched->k0246[ 4], sched->k1357[ 4]);
L ^= f(R, sched->k0246[ 3], sched->k1357[ 3]);
R ^= f(L, sched->k0246[ 2], sched->k1357[ 2]);
L ^= f(R, sched->k0246[ 1], sched->k1357[ 1]);
R ^= f(L, sched->k0246[ 0], sched->k1357[ 0]);
L = rotl(L, 31);
R = rotl(R, 31);
swap = L; L = R; R = swap;
FP(L, R);
output[0] = L;
output[1] = R;
}
void Encrypt(uint8_t *block, uint8_t *roundKeys)
{
uint32_t* blk = (uint32_t*) block;
uint32_t* rk = (uint32_t*) roundKeys;
int8_t i;
for (i = 0; i < NUMBER_OF_ROUNDS; i += 4, rk += 4) {
blk[3] = rotr((blk[2] ^ RK(rk, 3)) + (blk[3] ^ RK(rk, 1)), 3);
blk[2] = rotr((blk[1] ^ RK(rk, 2)) + (blk[2] ^ RK(rk, 1)), 5);
blk[1] = rotl((blk[0] ^ RK(rk, 0)) + (blk[1] ^ RK(rk, 1)), 9);
rk += 4;
blk[0] = rotr((blk[3] ^ RK(rk, 3)) + (blk[0] ^ RK(rk, 1)), 3);
blk[3] = rotr((blk[2] ^ RK(rk, 2)) + (blk[3] ^ RK(rk, 1)), 5);
blk[2] = rotl((blk[1] ^ RK(rk, 0)) + (blk[2] ^ RK(rk, 1)), 9);
rk += 4;
blk[1] = rotr((blk[0] ^ RK(rk, 3)) + (blk[1] ^ RK(rk, 1)), 3);
blk[0] = rotr((blk[3] ^ RK(rk, 2)) + (blk[0] ^ RK(rk, 1)), 5);
blk[3] = rotl((blk[2] ^ RK(rk, 0)) + (blk[3] ^ RK(rk, 1)), 9);
rk += 4;
blk[2] = rotr((blk[1] ^ RK(rk, 3)) + (blk[2] ^ RK(rk, 1)), 3);
blk[1] = rotr((blk[0] ^ RK(rk, 2)) + (blk[1] ^ RK(rk, 1)), 5);
blk[0] = rotl((blk[3] ^ RK(rk, 0)) + (blk[0] ^ RK(rk, 1)), 9);
}
}
int rnd(SHA3Context* ctx, int ir) {
int x,y;
// theta
for (x = 0; x < 5; ++x) {
ctx->C[x] = ctx->A[0][x] ^ ctx->A[1][x] ^ ctx->A[2][x] ^ ctx->A[3][x] ^ ctx->A[4][x];
}
// rho + pi
for (x = 0; x < 5; ++x) {
ctx->D[x] = ctx->C[mod5(x-1)] ^ rotl(ctx->C[mod5(x+1)], 1);
for (y = 0; y < 5; ++y) {
ctx->A[y][x] = rotl(ctx->A[y][x] ^ ctx->D[x], rho_offsets[y][x]);
ctx->B[y][x] = ctx->A[x][pi_x[x][y]];
}
}
// chi
for (x = 0; x < 5; ++x) {
for (y = 0; y < 5; ++y) {
ctx->A[y][x] = ctx->B[y][x] ^ (ctx->B[y][mod5(x+1)] ^ ONE) & ctx->B[y][mod5(x+2)];
}
}
// iota
ctx->A[0][0] ^= RC[ir];
return 1;
}
void
rleft(void)
{
if(canfit(rotl(piece))) {
setpiece(rotl(piece));
drawpiece();
flushimage(display, 1);
}
}
static void unscramble_quadrupel(uint32_t *quad, uint32_t key)
{
uint32_t tmp[4];
memcpy(tmp, quad, 4 * WORD_SIZE);
quad[1] = tmp[0] ^ (rotl(key + key_byte(key, 3), rot_amount_from_key(key, 0)));
quad[2] = tmp[3] ^ (rotl(quad[1] + key_byte(key, 2), rot_amount_from_key(key, 1)));
quad[3] = tmp[1] ^ (rotl(quad[2] + key_byte(key, 1), rot_amount_from_key(key, 3)));
quad[0] = tmp[2] ^ (rotl(quad[3] + key_byte(key, 0), rot_amount_from_key(key, 2)));
}
UINT64 Random(void) {
// Implemented after xoroshiro128plus.c
if (!Random_a && !Random_b) {
RandomSeedAuto();
}
UINT64 a = Random_a, b = Random_b, r = a + b;
b ^= a;
Random_a = rotl(a, 55) ^ b ^ (b << 14);
Random_b = rotl(b, 36);
return r;
}
Node *rebalance(Node *x) {
x->u();
if (x->l->h > 1 + x->r->h){
if (x->l->l->h < x->l->r->h) x->l = rotl(x->l);
x = rotr(x);
}
else if (x->r->h > 1 + x->l->h){
if (x->r->r->h < x->r->l->h) x->r = rotr(x->r);
x = rotl(x);
}
return x;
}
static struct node* balance(struct node* n) {
int d = delta(n);
if (d < -1) {
if (delta(n->right) > 0)
n->right = rotr(n->right);
return rotl(n);
} else if (d > 1) {
if (delta(n->left) < 0)
n->left = rotl(n->left);
return rotr(n);
}
updateheight(n);
return n;
}
Node *rebalance(Node *x) {
x->u();
if (x->l->h > 1 + x->r->h) {
12
if (x->l->l->h < x->l->r->h) x->l = rotl(x->l);
x = rotr(x);
} else if (x->r->h > 1 + x->l->h) {
uint32_t
f (uint32_t a, uint32_t b)
{
b = rotl (a, b & 31);
return b;
}
/* Sets RC5 key */
static int
rc5_set_key(struct cipher_context *cx, const u8 *key, int key_len,
int atomic)
{
struct rc5_ctx *ctx;
const u32 *in_key = (const u32 *)key;
u32 i, j, k, A, B, L[C], c;
ctx = (struct rc5_ctx *) cx->keyinfo;
if (key_len != 16 && key_len != 24 && key_len != 32)
return -EINVAL; /* unsupported key length */
cx->key_length = key_len;
key_len *= 8;
c = key_len / W;
/* init L */
for (i = 0; i < C; i++) {
L[i] = 0;
}
for (i = 0; i < (key_len / W); i++) {
L[i] = le32_to_cpu (in_key[i]);
}
/* initialize expanded key array */
ctx->xk[0] = 0xb7e15163;
for (i = 1; i < TABSIZE; i++) {
ctx->xk[i] = ctx->xk[i - 1] + 0x9e3779b9;
}
/* mix L and key array (S) */
A = B = 0;
i = j = 0;
for (k = 0; k < (3 * TABSIZE); k++) {
A = ctx->xk[i] = rotl(ctx->xk[i] + A + B, 3);
B = L[j] = rotl(L[j] + (A + B), A + B);
i = (i + 1) % TABSIZE;
j = (j + 1) % c;
}
return 0;
}
static void scramble_block(struct piscine *pisc, uint32_t swap_seed)
{
uint8_t i = 0;
do {
swap_quadrupel(pisc->w_buf, i, ((~i) ^ swap_seed) & 0xF);
swap_seed = rotl(swap_seed, 3);
i++;
} while (i != 16);
}
static void unscramble_block(struct piscine *pisc, uint32_t swap_seed)
{
swap_seed = rotl(swap_seed, 16);
uint8_t i = 16;
do {
i--;
swap_seed = rotr(swap_seed, 3);
swap_quadrupel(pisc->w_buf, i, ((~i) ^ swap_seed) & 0xF);
} while (i != 0);
}
// one step of decryption: it decrypts a 32-byte block
void morus_dec_aut_step(uint8_t *plaintextblock,
const uint8_t *ciphertextblock, uint64_t state[][4])
{
uint64_t temp,temp1;
//decryption
((uint64_t*)plaintextblock)[0] = ((uint64_t*)ciphertextblock)[0] ^ state[0][0] ^ state[1][1] ^ (state[2][0] & state[3][0]);
((uint64_t*)plaintextblock)[1] = ((uint64_t*)ciphertextblock)[1] ^ state[0][1] ^ state[1][2] ^ (state[2][1] & state[3][1]);
((uint64_t*)plaintextblock)[2] = ((uint64_t*)ciphertextblock)[2] ^ state[0][2] ^ state[1][3] ^ (state[2][2] & state[3][2]);
((uint64_t*)plaintextblock)[3] = ((uint64_t*)ciphertextblock)[3] ^ state[0][3] ^ state[1][0] ^ (state[2][3] & state[3][3]);
state[0][0] ^= state[3][0]; state[0][1] ^= state[3][1]; state[0][2] ^= state[3][2]; state[0][3] ^= state[3][3];
temp = state[3][3]; state[3][3] = state[3][2]; state[3][2] = state[3][1]; state[3][1] = state[3][0]; state[3][0] = temp;
state[0][0] ^= state[1][0] & state[2][0]; state[0][1] ^= state[1][1] & state[2][1]; state[0][2] ^= state[1][2] & state[2][2]; state[0][3] ^= state[1][3] & state[2][3];
state[0][0] = rotl(state[0][0],n1); state[0][1] = rotl(state[0][1],n1); state[0][2] = rotl(state[0][2],n1); state[0][3] = rotl(state[0][3],n1);
state[1][0] ^= ((uint64_t*)plaintextblock)[0]; state[1][1] ^= ((uint64_t*)plaintextblock)[1]; state[1][2] ^= ((uint64_t*)plaintextblock)[2]; state[1][3] ^= ((uint64_t*)plaintextblock)[3];
state[1][0] ^= state[4][0]; state[1][1] ^= state[4][1]; state[1][2] ^= state[4][2]; state[1][3] ^= state[4][3];
temp = state[4][3]; state[4][3] = state[4][1]; state[4][1] = temp;
temp1= state[4][2]; state[4][2] = state[4][0]; state[4][0] = temp1;
state[1][0] ^= (state[2][0] & state[3][0]); state[1][1] ^= (state[2][1] & state[3][1]); state[1][2] ^= (state[2][2] & state[3][2]); state[1][3] ^= (state[2][3] & state[3][3]);
state[1][0] = rotl(state[1][0],n2); state[1][1] = rotl(state[1][1],n2); state[1][2] = rotl(state[1][2],n2); state[1][3] = rotl(state[1][3],n2);
state[2][0] ^= ((uint64_t*)plaintextblock)[0]; state[2][1] ^= ((uint64_t*)plaintextblock)[1]; state[2][2] ^= ((uint64_t*)plaintextblock)[2]; state[2][3] ^= ((uint64_t*)plaintextblock)[3];
state[2][0] ^= state[0][0]; state[2][1] ^= state[0][1]; state[2][2] ^= state[0][2]; state[2][3] ^= state[0][3];
temp = state[0][0]; state[0][0] = state[0][1]; state[0][1] = state[0][2]; state[0][2] = state[0][3]; state[0][3] = temp;
state[2][0] ^= state[3][0] & state[4][0]; state[2][1] ^= state[3][1] & state[4][1]; state[2][2] ^= state[3][2] & state[4][2]; state[2][3] ^= state[3][3] & state[4][3];
state[2][0] = rotl(state[2][0],n3); state[2][1] = rotl(state[2][1],n3); state[2][2] = rotl(state[2][2],n3); state[2][3] = rotl(state[2][3],n3);
state[3][0] ^= ((uint64_t*)plaintextblock)[0]; state[3][1] ^= ((uint64_t*)plaintextblock)[1]; state[3][2] ^= ((uint64_t*)plaintextblock)[2]; state[3][3] ^= ((uint64_t*)plaintextblock)[3];
state[3][0] ^= state[1][0]; state[3][1] ^= state[1][1]; state[3][2] ^= state[1][2]; state[3][3] ^= state[1][3];
temp = state[1][3]; state[1][3] = state[1][1]; state[1][1] = temp;
temp1= state[1][2]; state[1][2] = state[1][0]; state[1][0] = temp1;
state[3][0] ^= state[4][0] & state[0][0]; state[3][1] ^= state[4][1] & state[0][1]; state[3][2] ^= state[4][2] & state[0][2]; state[3][3] ^= state[4][3] & state[0][3];
state[3][0] = rotl(state[3][0],n4); state[3][1] = rotl(state[3][1],n4); state[3][2] = rotl(state[3][2],n4); state[3][3] = rotl(state[3][3],n4);
state[4][0] ^= ((uint64_t*)plaintextblock)[0]; state[4][1] ^= ((uint64_t*)plaintextblock)[1]; state[4][2] ^= ((uint64_t*)plaintextblock)[2]; state[4][3] ^= ((uint64_t*)plaintextblock)[3];
state[4][0] ^= state[2][0]; state[4][1] ^= state[2][1]; state[4][2] ^= state[2][2]; state[4][3] ^= state[2][3];
temp = state[2][3]; state[2][3] = state[2][2]; state[2][2] = state[2][1]; state[2][1] = state[2][0]; state[2][0] = temp;
state[4][0] ^= state[0][0] & state[1][0]; state[4][1] ^= state[0][1] & state[1][1]; state[4][2] ^= state[0][2] & state[1][2]; state[4][3] ^= state[0][3] & state[1][3];
state[4][0] = rotl(state[4][0],n5); state[4][1] = rotl(state[4][1],n5); state[4][2] = rotl(state[4][2],n5); state[4][3] = rotl(state[4][3],n5);
}
bool Rotl :: execute () {
bool changed = false;
unsigned int mask;
Word tmp;
tmp = Word(rotl(this->source->g_word(), this->bits),
rotl(this->source->g_mask(), this->bits));
mask = this->result->g_mask();
this->result->take_bits(tmp);
if (mask != this->result->g_mask())
changed = true;
tmp = Word(rotr(this->result->g_word(), this->bits),
rotr(this->result->g_mask(), this->bits));
mask = this->source->g_mask();
this->source->take_bits(tmp);
if (mask != this->source->g_mask())
changed = true;
return changed;
}
SAFER::SAFER(const byte *userkey_1, const byte *userkey_2, unsigned nof_rounds, bool strengthened)
: keySchedule(1 + BLOCKSIZE * (1 + 2 * nof_rounds))
{
unsigned int i, j;
byte *key = keySchedule;
SecByteBlock ka(BLOCKSIZE + 1), kb(BLOCKSIZE + 1);
if (MAX_ROUNDS < nof_rounds)
nof_rounds = MAX_ROUNDS;
*key++ = (unsigned char)nof_rounds;
ka[BLOCKSIZE] = 0;
kb[BLOCKSIZE] = 0;
for (j = 0; j < BLOCKSIZE; j++)
{
ka[BLOCKSIZE] ^= ka[j] = rotl(userkey_1[j], 5U);
kb[BLOCKSIZE] ^= kb[j] = *key++ = userkey_2[j];
}
for (i = 1; i <= nof_rounds; i++)
{
for (j = 0; j < BLOCKSIZE + 1; j++)
{
ka[j] = rotl(ka[j], 6U);
kb[j] = rotl(kb[j], 6U);
}
for (j = 0; j < BLOCKSIZE; j++)
if (strengthened)
*key++ = (ka[(j + 2 * i - 1) % (BLOCKSIZE + 1)]
+ exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF;
else
*key++ = (ka[j] + exp_tab[exp_tab[18 * i + j + 1]]) & 0xFF;
for (j = 0; j < BLOCKSIZE; j++)
if (strengthened)
*key++ = (kb[(j + 2 * i) % (BLOCKSIZE + 1)]
+ exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF;
else
*key++ = (kb[j] + exp_tab[exp_tab[18 * i + j + 10]]) & 0xFF;
}
}
void insert(int k)
{
int x;
if (root == 0) {
left[0] = right[0] = parent[0] = height[0] = key[0] = count[0] = 0;
left[1] = right[1] = parent[1] = 0;
count[1] = height[1] = total = root = 1;
key[1] = k;
return;
}
for (total++, x = root;;) {
if (k < key[x]) {
if (left[x] == 0) {
left[x] = total;
break;
}
x = left[x];
} else if (k > key[x]) {
if (right[x] == 0) {
right[x] = total;
break;
}
x = right[x];
} else {
for (; x != 0; x = parent[x])
count[x]++;
return;
}
}
parent[total] = x;
x = total;
key[x] = k;
left[x] = 0;
right[x] = 0;
count[x] = 1;
height[x] = 1;
for (x = parent[x]; x != 0; x = parent[x]) {
count[x]++;
height[x] = max(height[left[x]], height[right[x]]) + 1;
if (height[left[x]] < (height[right[x]] - 1))
x = rotl(x);
else if (height[right[x]] < (height[left[x]] - 1))
x = rotr(x);
}
}
void Encrypt(uint8_t *block, uint8_t *roundKeys)
{
uint32_t* blk = (uint32_t*) block;
uint32_t* rk = (uint32_t*) roundKeys;
int8_t i;
uint32_t b0 = blk[0];
uint32_t b1 = blk[1];
uint32_t b2 = blk[2];
uint32_t b3 = blk[3];
for (i = 0; i < NUMBER_OF_ROUNDS; i += 4, rk += 4) {
b3 = rotr((b2 ^ RK(rk, 3)) + (b3 ^ RK(rk, 1)), 3);
b2 = rotr((b1 ^ RK(rk, 2)) + (b2 ^ RK(rk, 1)), 5);
b1 = rotl((b0 ^ RK(rk, 0)) + (b1 ^ RK(rk, 1)), 9);
rk += 4;
b0 = rotr((b3 ^ RK(rk, 3)) + (b0 ^ RK(rk, 1)), 3);
b3 = rotr((b2 ^ RK(rk, 2)) + (b3 ^ RK(rk, 1)), 5);
b2 = rotl((b1 ^ RK(rk, 0)) + (b2 ^ RK(rk, 1)), 9);
rk += 4;
b1 = rotr((b0 ^ RK(rk, 3)) + (b1 ^ RK(rk, 1)), 3);
b0 = rotr((b3 ^ RK(rk, 2)) + (b0 ^ RK(rk, 1)), 5);
b3 = rotl((b2 ^ RK(rk, 0)) + (b3 ^ RK(rk, 1)), 9);
rk += 4;
b2 = rotr((b1 ^ RK(rk, 3)) + (b2 ^ RK(rk, 1)), 3);
b1 = rotr((b0 ^ RK(rk, 2)) + (b1 ^ RK(rk, 1)), 5);
b0 = rotl((b3 ^ RK(rk, 0)) + (b0 ^ RK(rk, 1)), 9);
}
blk[0] = b0;
blk[1] = b1;
blk[2] = b2;
blk[3] = b3;
}
int rc6_set_key(struct cipher_context *cx, const unsigned char *key, int key_len,
int atomic)
{ u32 *in_key = (u32 *)key;
/* l_key - storage for the key schedule */
u32 *l_key = cx->keyinfo;
u32 i, j, k, a, b, l[8], t;
if (key_len != 16 && key_len != 24 && key_len != 32)
return -EINVAL; /* unsupported key length */
key_len *= 8;
l_key[0] = 0xb7e15163;
for(k = 1; k < 44; ++k)
l_key[k] = l_key[k - 1] + 0x9e3779b9;
for(k = 0; k < key_len / 32; ++k)
l[k] = in_key[k];
t = (key_len / 32) - 1;
a = b = i = j = 0;
for(k = 0; k < 132; ++k)
{ a = rotl(l_key[i] + a + b, 3); b += a;
b = rotl(l[j] + b, b);
l_key[i] = a; l[j] = b;
i = (i == 43 ? 0 : i + 1);
j = (j == t ? 0 : j + 1);
}
return 0;
};
void RunEncryptionKeySchedule(uint8_t *key, uint8_t *roundKeys)
{
uint32_t ri = 0;
int32_t i;
uint32_t T[4];
uint32_t* rk = (uint32_t*) roundKeys;
memcpy(T, key, KEY_SIZE);
for(i = 0; i < NUMBER_OF_ROUNDS; ++i) {
uint32_t tmp = rotl(READ_RAM_DATA_DOUBLE_WORD(DELTA[i & 3]), i);
T[0] = rotl(T[0] + tmp, 1);
T[1] = rotl(T[1] + rotl(tmp, 1), 3);
T[2] = rotl(T[2] + rotl(tmp, 2), 6);
T[3] = rotl(T[3] + rotl(tmp, 3), 11);
rk[ri++] = T[0]; // rk0
rk[ri++] = T[1]; // rk1, rk3, rk5
rk[ri++] = T[2]; // rk2
rk[ri++] = T[3]; // rk4
}
}
void Decrypt(uint8_t *block, uint8_t *roundKeys)
{
uint32_t* blk = (uint32_t*) block;
uint32_t* rk = (uint32_t*) roundKeys;
int8_t i;
uint32_t b0 = blk[0];
uint32_t b1 = blk[1];
uint32_t b2 = blk[2];
uint32_t b3 = blk[3];
for (i = NUMBER_OF_ROUNDS - 1, rk += 92; i >= 0; i -= 4, rk -= 4) {
b0 = (rotr(b0, 9) - (b3 ^ RK(rk, 0))) ^ RK(rk, 1);
b1 = (rotl(b1, 5) - (b0 ^ RK(rk, 2))) ^ RK(rk, 1);
b2 = (rotl(b2, 3) - (b1 ^ RK(rk, 3))) ^ RK(rk, 1);
rk -= 4;
b3 = (rotr(b3, 9) - (b2 ^ RK(rk, 0))) ^ RK(rk, 1);
b0 = (rotl(b0, 5) - (b3 ^ RK(rk, 2))) ^ RK(rk, 1);
b1 = (rotl(b1, 3) - (b0 ^ RK(rk, 3))) ^ RK(rk, 1);
rk -= 4;
b2 = (rotr(b2, 9) - (b1 ^ RK(rk, 0))) ^ RK(rk, 1);
b3 = (rotl(b3, 5) - (b2 ^ RK(rk, 2))) ^ RK(rk, 1);
b0 = (rotl(b0, 3) - (b3 ^ RK(rk, 3))) ^ RK(rk, 1);
rk -= 4;
b1 = (rotr(b1, 9) - (b0 ^ RK(rk, 0))) ^ RK(rk, 1);
b2 = (rotl(b2, 5) - (b1 ^ RK(rk, 2))) ^ RK(rk, 1);
b3 = (rotl(b3, 3) - (b2 ^ RK(rk, 3))) ^ RK(rk, 1);
}
blk[0] = b0;
blk[1] = b1;
blk[2] = b2;
blk[3] = b3;
}
0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f,
0xaf9eb3db, 0x29c9ed2a, 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, 0x77079103, 0xdea03af6,
0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2,
0xf3e0eb5b, 0xd6cc9876, 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, 0xb5676e69, 0x9bd3ddda,
0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6,
0xb657c34d, 0x4edfd282, 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
}
};
#define f1(y,x,kr,km) \
t = rotl(km + x, kr); \
u = s_box[0][byte(t,3)]; \
u ^= s_box[1][byte(t,2)]; \
u -= s_box[2][byte(t,1)]; \
u += s_box[3][byte(t,0)]; \
y ^= u
#define f2(y,x,kr,km) \
t = rotl(km ^ x, kr); \
u = s_box[0][byte(t,3)]; \
u -= s_box[1][byte(t,2)]; \
u += s_box[2][byte(t,1)]; \
u ^= s_box[3][byte(t,0)]; \
y ^= u
#define f3(y,x,kr,km) \
static uint32_t f1(const uint32_t D, const uint8_t Kr, const uint32_t Km) {
uint32_t I = rotl((Km + D), Kr);
return ((S1[byte(I, 0)] ^ S2[byte(I, 1)]) - S3[byte(I, 2)]) + S4[byte(I, 3)];
}
static uint32_t f2(const uint32_t D, const uint8_t Kr, const uint32_t Km) {
uint32_t I = rotl((Km ^ D), Kr);
return ((S1[byte(I, 0)] - S2[byte(I, 1)]) + S3[byte(I, 2)]) ^ S4[byte(I, 3)];
}
static void shs_transform(sha3 *sh)
{
int i,j,k;
mr_unsign64 C[5],D[5],B[5][5];
for (k=0;k<SHA3_ROUNDS;k++)
{
C[0]=sh->S[0][0]^sh->S[0][1]^sh->S[0][2]^sh->S[0][3]^sh->S[0][4];
C[1]=sh->S[1][0]^sh->S[1][1]^sh->S[1][2]^sh->S[1][3]^sh->S[1][4];
C[2]=sh->S[2][0]^sh->S[2][1]^sh->S[2][2]^sh->S[2][3]^sh->S[2][4];
C[3]=sh->S[3][0]^sh->S[3][1]^sh->S[3][2]^sh->S[3][3]^sh->S[3][4];
C[4]=sh->S[4][0]^sh->S[4][1]^sh->S[4][2]^sh->S[4][3]^sh->S[4][4];
D[0]=C[4]^rotl(C[1],1);
D[1]=C[0]^rotl(C[2],1);
D[2]=C[1]^rotl(C[3],1);
D[3]=C[2]^rotl(C[4],1);
D[4]=C[3]^rotl(C[0],1);
for (i=0;i<5;i++)
for (j=0;j<5;j++)
sh->S[i][j]^=D[i]; /* let the compiler unroll it! */
B[0][0]=sh->S[0][0];
B[1][3]=rotl(sh->S[0][1],36);
B[2][1]=rotl(sh->S[0][2],3);
B[3][4]=rotl(sh->S[0][3],41);
B[4][2]=rotl(sh->S[0][4],18);
B[0][2]=rotl(sh->S[1][0],1);
B[1][0]=rotl(sh->S[1][1],44);
B[2][3]=rotl(sh->S[1][2],10);
B[3][1]=rotl(sh->S[1][3],45);
B[4][4]=rotl(sh->S[1][4],2);
B[0][4]=rotl(sh->S[2][0],62);
B[1][2]=rotl(sh->S[2][1],6);
B[2][0]=rotl(sh->S[2][2],43);
B[3][3]=rotl(sh->S[2][3],15);
B[4][1]=rotl(sh->S[2][4],61);
B[0][1]=rotl(sh->S[3][0],28);
B[1][4]=rotl(sh->S[3][1],55);
B[2][2]=rotl(sh->S[3][2],25);
B[3][0]=rotl(sh->S[3][3],21);
B[4][3]=rotl(sh->S[3][4],56);
B[0][3]=rotl(sh->S[4][0],27);
B[1][1]=rotl(sh->S[4][1],20);
B[2][4]=rotl(sh->S[4][2],39);
B[3][2]=rotl(sh->S[4][3],8);
B[4][0]=rotl(sh->S[4][4],14);
for (i=0;i<5;i++)
for (j=0;j<5;j++)
sh->S[i][j]=B[i][j]^(~B[(i+1)%5][j]&B[(i+2)%5][j]);
sh->S[0][0]^=RC[k];
}
}
static uint32_t f3(const uint32_t D, const uint8_t Kr, const uint32_t Km) {
uint32_t I = rotl((Km - D), Kr);
return ((S1[byte(I, 0)] + S2[byte(I, 1)]) ^ S3[byte(I, 2)]) - S4[byte(I, 3)];
}
