void rc6_decrypt(unsigned int *ct) // Function to decrypt ciphertext { unsigned int A, B, C, D, t, u, x; int i, j; char op='D'; A = ct[0]; B = ct[1]; C = ct[2]; D = ct[3]; C -= S[2 * r + 3]; A -= S[2 * r + 2]; for (i = 2 * r; i >= 2; i -= 2) { x = D; D = C; C = B; B = A; A = x; u = ROTL(D * (2 * D + 1), lgw); t = ROTL(B * (2 * B + 1), lgw); C = ROTR(C - S[i + 1], t) ^ u; A = ROTR(A - S[i], u) ^ t; } D -= S[1]; B -= S[0]; pt[0] = A; pt[1] = B; pt[2] = C; pt[3] = D; output(pt,op); }
void RC5decrypt(word32 const *in, word32 *out, word32 *key) { register word32 a, b; int i; a = *in; b = *(in+1); key += KR(rounds); //fprintf(stderr,"a=%X, b=%X\n",a,b); for (i = 0; i < rounds; i++) { b -= *--key; //fprintf(stderr, "b_res = %X\n", b); b = ROTR(b, a&ANDVAL) ^ a; //fprintf(stderr, "b_rot = %X\n", b); //b = b ^ a; //fprintf(stderr, "b_xor = %X\n\n", b); a -= *--key; fprintf(stderr, "a_res = %X\n", a); a = ROTR(a, b&ANDVAL) ^ b; fprintf(stderr, "a_rot = %X\n\n", a); //fprintf(stderr,"a=%X, b=%X\n",a,b); } b -= *--key; a -= *--key; *out = a; *(out+1) = b; }
void rc6_block_decrypt(unsigned int *ct, unsigned int *pt) { unsigned int A, B, C, D, t, u, x; int i, j; A = ct[0]; B = ct[1]; C = ct[2]; D = ct[3]; C -= S[2 * r + 3]; A -= S[2 * r + 2]; for (i = 2 * r; i >= 2; i -= 2) { x = D; D = C; C = B; B = A; A = x; u = ROTL(D * (2 * D + 1), lgw); t = ROTL(B * (2 * B + 1), lgw); C = ROTR(C - S[i + 1], t) ^ u; A = ROTR(A - S[i], u) ^ t; } D -= S[1]; B -= S[0]; pt[0] = A; pt[1] = B; pt[2] = C; pt[3] = D; }
void RC6Decryption::ProcessBlock(const byte *in, byte *out) const { const RC6_WORD *sptr = sTable+sTable.size; RC6_WORD a, b, c, d, t, u; GETBLOCK(in, a, b, c, d); sptr -= 2; c -= sptr[1]; a -= sptr[0]; for (unsigned i=0; i < r; i++) { sptr -= 2; t = a; a = d; d = c; c = b; b = t; u = ROTL(d*(2*d+1), 5); t = ROTL(b*(2*b+1), 5); c = ROTR(c-sptr[1], t) ^ u; a = ROTR(a-sptr[0], u) ^ t; } sptr -= 2; d -= sTable[1]; b -= sTable[0]; PUTBLOCK(out, a, b, c, d); }
void RC5_DECRYPT(WORD *ct, WORD *pt) /* 2 WORD input ct/output pt */ { WORD i, B=ct[1], A=ct[0]; for (i=r; i>0; i--) { B = ROTR(B-S[2*i+1],A)^A; A = ROTR(A-S[2*i],B)^B; } pt[1] = B-S[1]; pt[0] = A-S[0]; }
// address: 0x40bf17 void _start(unsigned int param1, int param2, int param3, __size32 param4) { unsigned int ch; // r13 int ecx; // r25 ch = ((param2 | -29) ^ param1); ecx = (param3 & 0xffff00ff | (param2 | -29) * 256) & 0xffff00ff | ch * 256; if (ROLFLAGS32(ROTLC(ROTR(param4)), ROTR(param4), ecx) || ROLFLAGS32(ROTLC(ROTR(param4)), ROTR(param4), ecx)) { } }
void L2Inv(uint8_t *data){//; Inverse Linear Layer: L2 uint8_t temp[2];//movw t0, s4//; t1:t0 = s5:s4//movw t2, s4//; t3:t2 = s5:s4 temp[0] = ROTR(data[4]);//lsr t0//ror t2 temp[1] = ROTR(data[5]);//lsr t1//ror t3 temp[1] ^= temp[0];//eor t3, t2 data[5] ^= temp[1];//eor s5, t3 data[4] = ROTR(temp[1]);//mov s4, t3//lsr t3//ror s4 data[4] ^= temp[0];//eor s4, t2 data[4] = SWAP(data[4]);//swap s4 }
void L1Inv(uint8_t *data){//; Inverse Linear Layer: L1 uint8_t temp[2];//movw t0, s2; t1:t0 = s3:s2; movw t2, s2; t3:t2 = s3:s2 temp[0] = ROTR(data[2]);//lsr t0//ror t2 temp[1] = ROTR(data[3]);//lsr t1//ror t3 temp[1] ^= temp[0];//eor t3, t2 data[3] ^= temp[1];//eor s3, t3 data[3] = SWAP(data[3]);//swap s3 data[2] = ROTR(temp[1]);//mov s2, t3; lsr t3; ror s2 data[2] ^= temp[0];//eor s2, t2 }
//加密 void Decrypt6(PRCContext pContext, unsigned long* pA, unsigned long* pB, unsigned long* pC, unsigned long* pD) { unsigned long i,w,t,u,t1; register unsigned long a = *pA; register unsigned long b = *pB; register unsigned long c = *pC; register unsigned long d = *pD; w = pContext->nWordSizeBit; c -= pContext->pSubKey[2 * pContext->nRound + 3]; a -= pContext->pSubKey[2 * pContext->nRound + 2]; for (i=pContext->nRound; i>=1; i--) { //printf("i=%d,%u,%u,%u,%u\r\n",i,a,b,c,d); //逆置换 //FR(&a,&b,&c,&d); ///* t1 = d; d = c; c = b; b = a; a = t1; //*/ //计算u的值,移位数;加密时使用d做为唯一参与计算的数 u = d * (2 * d + 1); u = ROTL(u,pContext->nShiftCount,w); //根据b计算t的值 t = b * (2 * b + 1); t = ROTL(t,pContext->nShiftCount,w); //printf("i=%d,%u,%u,%u,%u,%u,%u\r\n",i,a,b,c,d,t,u); c -= pContext->pSubKey[2 * i + 1]; c = ROTR((c),t,w); c ^= u; a -= pContext->pSubKey[2 * i]; a = ROTR((a),u,w); a ^= t; } //printf("=============================================\r\n"); //按照rc5算法分布的密钥,2*r+2已经到达数组末尾 //表示rc6最少要比rc5再多产生一组密钥 d -= pContext->pSubKey[1]; b -= pContext->pSubKey[0]; *pA = a; *pB = b; *pC = c; *pD = d; }
void Decrypt32SPAndCopyAligned( unsigned char *desData, unsigned char *srcData, unsigned int uiDataLength, unsigned char *pDecryptIR ) { register xuint32* pDataPtr; register xuint32 dwBuf; #ifdef __LITTLE_ENDIAN_BYTEORDER register xuint32 dwDecryptIR = (pDecryptIR[3]) + (pDecryptIR[0]<<8) + (pDecryptIR[1]<<16) + (pDecryptIR[2]<<24); #else register xuint32 dwDecryptIR = (pDecryptIR[3]<<24) + (pDecryptIR[0]<<16) + (pDecryptIR[1]<<8) + (pDecryptIR[2]); #endif register xuint32* toPtr; register xuint32* desPtr; toPtr = (xuint32*)(srcData + uiDataLength); for(pDataPtr = (xuint32*)srcData, desPtr = (xuint32*)desData; pDataPtr < toPtr; pDataPtr++, desPtr++) { dwBuf = dwDecryptIR ^ (*pDataPtr); #ifdef __LITTLE_ENDIAN_BYTEORDER *desPtr = ROTR(dwBuf, 8); #else *desPtr = ROTL(dwBuf, 8); #endif } }
void Encrypt32SPAligned( unsigned char *pData, unsigned int uiDataLength, unsigned char *pEncryptIR ) { #ifdef __LITTLE_ENDIAN_BYTEORDER register xuint32 dwEncryptIR = (pEncryptIR[0]) + (pEncryptIR[1]<<8) + (pEncryptIR[2]<<16) + (pEncryptIR[3]<<24); #else register xuint32 dwEncryptIR = (pEncryptIR[0]<<24) + (pEncryptIR[1]<<16) + (pEncryptIR[2]<<8) + (pEncryptIR[3]); #endif register xuint32* pDataPtr; register xuint32 dwBuf; register xuint32* toPtr = (xuint32*)(pData + uiDataLength); for(pDataPtr = (xuint32*) pData; pDataPtr < toPtr; pDataPtr++) { #ifdef __LITTLE_ENDIAN_BYTEORDER dwBuf = ROTL(*pDataPtr, 8); *pDataPtr = dwEncryptIR ^ dwBuf; *pDataPtr = (*pDataPtr)^(0xff00ff00); #else dwBuf = ROTR(*pDataPtr, 8); *pDataPtr = dwEncryptIR ^ dwBuf; *pDataPtr = (*pDataPtr)^(0x00ff00ff); #endif } }
void Decrypt32SPAndCopySrcUnaligned( unsigned char *desData, unsigned char *srcData, unsigned int uiDataLength, unsigned char *pDecryptIR ) { register xuchar * pDataPtr; register xuint32 dwBuf; #ifdef __LITTLE_ENDIAN_BYTEORDER register xuint32 dwDecryptIR = (pDecryptIR[3]) + (pDecryptIR[0]<<8) + (pDecryptIR[1]<<16) + (pDecryptIR[2]<<24); #else register xuint32 dwDecryptIR = (pDecryptIR[3]<<24) + (pDecryptIR[0]<<16) + (pDecryptIR[1]<<8) + (pDecryptIR[2]); #endif register xuchar* toPtr; register xuint32* desPtr; toPtr = srcData + uiDataLength; for(pDataPtr = srcData, desPtr = (xuint32*)desData; pDataPtr < toPtr; pDataPtr+=4, desPtr++) { #ifdef __LITTLE_ENDIAN_BYTEORDER dwBuf = dwDecryptIR ^ (pDataPtr[0] + (pDataPtr[1]<<8) + (pDataPtr[2]<<16) + (pDataPtr[3]<<24)); *desPtr = ROTR(dwBuf, 8); #elif __BIG_ENDIAN_BYTEORDER dwBuf = dwDecryptIR ^ ((pDataPtr[0]<<24) + (pDataPtr[1]<<16) + (pDataPtr[2]<<8) + pDataPtr[3]); *desPtr = ROTL(dwBuf, 8); #endif } }
static uint8_t md2_perm(uint8_t i) { i = i * K1; i = ROTR(i, R); i ^= X; i = i * K2; return i; }
//rc5解密 void Decrypt5(PRCContext pContext, unsigned long* pA, unsigned long* pB) { unsigned long i,w; register unsigned long a = *pA; register unsigned long b = *pB; w = pContext->nWordSizeBit; for (i=pContext->nRound; i>=1; i--) { b -= pContext->pSubKey[2 * i + 1]; b = ROTR(b,a,w) ^ a; a -= pContext->pSubKey[2 * i]; a = ROTR(a,b,w) ^ b; } a -= pContext->pSubKey[0]; b -= pContext->pSubKey[1]; *pA = a; *pB = b; }
void L2(uint8_t *data){//; Linear Layer: L2 uint8_t temp[2]; data[4] = SWAP(data[4]);//swap s4 //movw t0, s4//; t1:t0 = s5:s4//movw t2, s4//; t3:t2 = s5:s4 temp[0] = ROTL(data[4]);//lsl t0//rol t2 temp[1] = ROTR(data[5]);//lsr t1//ror t3 data[4] ^= temp[1];//eor s4, t3 temp[1] = data[4];//mov t0, s4 data[4] ^= temp[0];//eor s4, t2 data[5] ^= temp[1];//eor s5, t0 }
void L1(uint8_t *data){//; Linear Layer: L1 uint8_t temp[2]; data[3] = SWAP(data[3]);//swap s3 //movw t0, s2; t1:t0 = s3:s2; movw t2, s2; t3:t2 = s3:s2 --> no need temp[0] = ROTL(data[2]);//lsl t0 ; rol t2 --> t2 kees 1-bit left rotated value of s2 temp[1] = ROTR(data[3]);//lsr t1 ; ror t3 --> t3 kees 1-bit right rotated value of s3 data[2] ^= temp[1];//eor s2, t3 temp[1] = data[2];//mov t0, s2 data[2] ^= temp[0];//eor s2, t2 data[3] ^= temp[1];//eor s3, t0 }
/* Sym tab hash function */ static unsigned int ComputeHash(char *string, int size) { unsigned int len = strlen(string), rv; char *pe = len + string; unsigned char blank = ' '; rv = len | blank; while (len--) { unsigned char cback = (unsigned char)(*--pe) | blank; rv = ROTR(rv, 2) ^ cback; } return (rv % size); }
/**6、 解密函数 解密函数 */ void Decipher(TWOBYTEINT* In,TWOBYTEINT* Out,TWOBYTEINT* S) { int i=0,j; TWOBYTEINT X,Y; for(j=0;j<NoOfData;j+=2) { X = In[j]; Y = In[j+1]; for(i=r;i>0;i--) { // Y = ROTR(Y-S[2*i+1],X)^X; //相减,循环移位,异或 // X = ROTR(X-S[2*i],Y)^Y; // Y = ROTR(Y-S[2*i+1],X)^X; //相减,循环移位,异或 // X = ROTR(X-S[2*i],Y)^Y; // 改为(对数据进行强制转换): Y = ROTR((unsigned short int)(Y-S[2*i+1]),X)^X; X = ROTR((unsigned short int)(X-S[2*i]),Y)^Y; } Out[j]=X - S[0]; Out[j+1]=Y - S[1]; //明文 } }
void rc6_block_decrypt(unsigned int *ct, unsigned int *pt, int block_count, RC6KEY S) { unsigned int A, B, C, D, t, u, x; int i; while(block_count > 0) { A = ct[0]; B = ct[1]; C = ct[2]; D = ct[3]; C -= S[2 * r + 3]; A -= S[2 * r + 2]; for(i = 2 * r; i >= 2; i -= 2) { x = D; D = C; C = B; B = A; A = x; u = ROTL(D * (2 * D + 1), lgw); t = ROTL(B * (2 * B + 1), lgw); C = ROTR(C - S[i + 1], t) ^ u; A = ROTR(A - S[i], u) ^ t; } D -= S[1]; B -= S[0]; pt[0] = A; pt[1] = B; pt[2] = C; pt[3] = D; block_count--; ct++; pt++; } }
void encrypt(word * x, const word * k) { unsigned int i; word rk0 = k[0]; word rk1 = k[1]; for (i = 0; i < ROUNDS; i++) { rk0 += CONST; rk1 -= CONST; x[0] ^= rk0; x[0] += x[1]; x[0] = ROTL(x[0], x[1]); x[1] = ROTR(x[1], x[0]); x[1] -= x[0]; x[1] ^= rk1; } rk0 = x[0]; x[0] = x[1]; x[1] = rk0; }
static inline uint32_t Sigma0(uint32_t x) { return ROTR(2, x) ^ ROTR(13, x) ^ ROTR(22, x); }
static inline uint32_t Sigma1(uint32_t x) { return ROTR(6, x) ^ ROTR(11, x) ^ ROTR(25, x); }
static inline uint32_t sigma0(uint32_t x) { return ROTR(7, x) ^ ROTR(18, x) ^ SHR(3, x); }
static inline uint32_t sigma1(uint32_t x) { return ROTR(17, x) ^ ROTR(19, x) ^ SHR(10, x); }
static inline u64 Sum1 (u64 x) { return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41)); }
static inline u64 Sum0 (u64 x) { return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39)); }
inline vecu16_t SIG0(vecu16_t x) { return ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22); }
inline vecu16_t SIG1(vecu16_t x) { return ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25); }
void SHA256Block (struct sha256 * sha256, void const * memory) { static const uint32_t K [sizeof (sha256->block)] = { 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2 }; unsigned pass; unsigned word; uint32_t H [sizeof (sha256->state)/sizeof (uint32_t)]; uint32_t W [sizeof (sha256->block)]; uint8_t * buffer = (uint8_t *)(memory); for (word = 0; word < 16; word++) { W [word] = 0; W [word] |= (uint32_t)(*buffer++) << 24; W [word] |= (uint32_t)(*buffer++) << 16; W [word] |= (uint32_t)(*buffer++) << 8; W [word] |= (uint32_t)(*buffer++) << 0;; } for (word = word; word < sizeof (sha256->block); word++) { uint32_t s0 = ROTR (W [word-15], 7) ^ ROTR (W [word-15], 18) ^ SHR (W [word-15], 3); uint32_t s1 = ROTR (W [word- 2], 17) ^ ROTR (W [word- 2], 19) ^ SHR (W [word- 2], 10); W [word] = W [word - 16] + s0 + W [word - 7] + s1; } for (word = 0; word < (sizeof (sha256->state) / sizeof (uint32_t)); word++) { H [word] = sha256->state [word]; } for (pass = 0; pass < sizeof (sha256->block); pass++) { uint32_t s2 = ROTR (H [0], 2) ^ ROTR (H [0], 13) ^ ROTR (H [0], 22); uint32_t maj = (H [0] & H [1]) ^ (H [0] & H [2]) ^ (H [1] & H [2]); uint32_t t2 = s2 + maj; uint32_t s3 = ROTR (H [4], 6) ^ ROTR (H [4], 11) ^ ROTR (H [4], 25); uint32_t ch = (H [4] & H [5]) ^ ((~ H [4]) & H [6]); uint32_t t1 = H [7] + s3 + ch + K [pass] + W [pass]; for (word = (sizeof (sha256->state) / sizeof (uint32_t)) - 1; word > 0; word--) { H [word] = H [word-1]; } H [0] = t1 + t2; H [4] += t1; } for (word = 0; word < (sizeof (sha256->state) / sizeof (uint32_t)); word++) { sha256->state [word] += H [word]; } return; }
void phs_upd_state(phs_ctx_t *ctx) { uint32_t *state = (uint32_t*) ctx->state; uint8_t idx_perm[PHS_F_COUNT]; uint8_t idx; uint32_t tgt_addr; uint32_t res; for (uint32_t i = 0; i < ctx->inner_rounds; i++) { Dprintf("DEBUG: Starting inner round %d...", i); for (uint32_t j = 0; j < ctx->state_words; j++) { /* Retrieve state value of current round and ensure that the value * is modified with each inner round. We use the "res" value, as * the intermediate result is used to continue the sequence in the * inner loop. */ res = state[j]; res = ROTR(res, i % 32); tgt_addr = res % ctx->state_words; Dprintf("DEBUG: pos = %" PRIu32 ", tgt_addr = %" PRIu32 "\n", j, tgt_addr); /* We execute a sequence of PHS_F_COUNT functions as one iteration, * which corresponds to one of all PHS_F_COUNT! possible permutations * of the functions. * This ensures that the "block" is executed in constant time, * regardless of the target platform. It also ensures constant time * between two memory accesses. */ /* Reset permutation index */ for (uint8_t i = 0; i < PHS_F_COUNT; i++) { idx_perm[i] = i; } /* Execute a specific sequence (permutation) using all functions */ for (uint8_t k = 0; k < PHS_F_COUNT; k++) { /* Derive the function index from the intermediate result in constant * time for each step. * * 1) It reads the value "idx" at position r(i) from the array "perm" * 2) It reads the value "tmp" at position PHS_F_COUNT-k from the array "perm" * 3) It overwrites the value at position r(i) with "tmp" * * Example: n = 7, init perm = [0, 1, 2, 3, 4, 5, 6], 0 <= r(i) < n-i in step i * Step 0: r(0) = 4, idx = perm[4] = 4, new perm = [0, 1, 2, 3, 6, 5| 6] * Step 1: r(1) = 5, idx = perm[5] = 5, new perm = [0, 1, 2, 3, 6| 5, 6] * Step 2: r(2) = 2, idx = perm[2] = 2, new perm = [0, 1, 6, 3| 6, 5, 6] * Step 3: r(3) = 2, idx = perm[2] = 6, new perm = [0, 1, 3| 3, 6, 5, 6] * Step 4: r(4) = 0, idx = perm[0] = 0, new perm = [3, 1| 3, 3, 6, 5, 6] * Step 5: r(5) = 1, idx = perm[1] = 1, new perm = [3| 1, 3, 3, 6, 5, 6] * Step 6: r(6) = 0, idx = perm[0] = 3, new perm = [3, 1, 3, 3, 6, 5, 6] * * Please note that we can optimize this step in C by just changing the * pointers... */ idx = idx_perm[res % (PHS_F_COUNT-k)]; idx_perm[res % (PHS_F_COUNT-k)] = idx_perm[PHS_F_COUNT-k-1]; Dprintf("DEBUG: >> using idx = %d, coming from pos %d\n", idx, (res % (PHS_F_COUNT-k))); /* Evaluate function idx for res */ res = F(idx, res); /* *********** Begin DEBUG-only statistics *********** */ #ifdef PHC_DEBUG_STATISTICS /* increase counters */ cnt_idx[idx]++; #endif /* *********** End DEBUG-only statistics *********** */ /* debug output */ Dprintf("DEBUG: >> k = %02d, idx = %d, res = %08" PRIx32 "\n", k, idx, res); } /* XOR the result of the sequence to the target value */ state[tgt_addr] ^= res; /* *********** Begin DEBUG-only statistics *********** */ #ifdef PHC_DEBUG_STATISTICS cnt_tgt_addr[tgt_addr]++; #endif /* *********** End DEBUG-only statistics *********** */ } } }