static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
char tmp[2 * mdlen];
sha512_context md;
if(keylen <= mdlen) {
memcpy(tmp, key, keylen);
memset(tmp + keylen, 0, mdlen - keylen);
} else {
if(sha512(key, keylen, tmp) != 0)
return false;
}
if(sha512_init(&md) != 0)
return false;
// ipad
memxor(tmp, 0x36, mdlen);
if(sha512_update(&md, tmp, mdlen) != 0)
return false;
// message
if(sha512_update(&md, msg, msglen) != 0)
return false;
if(sha512_final(&md, tmp + mdlen) != 0)
return false;
// opad
memxor(tmp, 0x36 ^ 0x5c, mdlen);
if(sha512(tmp, sizeof tmp, out) != 0)
return false;
return true;
}
bool nnobRevealOblivBit(ProtocolDesc* pd, NnobProtocolDesc* npd, bool* output,
OblivBit* input)
{
bool success = true;
nnob_key_t inputMac;
bool inputBit;
if(pd->thisParty==1)
{
osend(pd, 2, input->nnob.shareAndMac.mac, NNOB_KEY_BYTES);
osend(pd, 2, &input->nnob.shareAndMac.share, 1);
orecv(pd, 2, inputMac, NNOB_KEY_BYTES);
orecv(pd, 2, &inputBit, 1);
if(inputBit) memxor(inputMac, npd->globalDelta, NNOB_KEY_BYTES);
success&=memcmp(inputMac, input->nnob.key.key,NNOB_KEY_BYTES)==0?true:false;
}
else
{
orecv(pd, 1, inputMac, NNOB_KEY_BYTES);
orecv(pd, 1, &inputBit, 1);
if(inputBit) memxor(inputMac, npd->globalDelta, NNOB_KEY_BYTES);
success&=memcmp(inputMac, input->nnob.key.key,NNOB_KEY_BYTES)==0?true:false;
osend(pd, 1, input->nnob.shareAndMac.mac, NNOB_KEY_BYTES);
osend(pd, 1, &input->nnob.shareAndMac.share, 1);
}
*output = inputBit^input->nnob.shareAndMac.share;
assert(success);
return success;
}
void twister_small_nextBlock(twister_state_t* ctx, void* msg){
uint8_t tmp[8][8];
/* round 1 */
memcpy(tmp, ctx->s, 64);
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
memxor(ctx->s, tmp, 64);
/* round 2 */
memcpy(tmp, ctx->s, 64);
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
memxor(ctx->s, tmp, 64);
/* round 3 */
memcpy(tmp, ctx->s, 64);
twister_mini_round(ctx, msg);
msg = ((uint8_t*)msg) + 8;
twister_mini_round(ctx, msg);
twister_blank_round(ctx);
memxor(ctx->s, tmp, 64);
ctx->length_counter_b += 512;
}
END_TEST
START_TEST(test_memxor_aligned)
{
uint64_t a = 0, b = 0;
chunk_t ca, cb;
int i;
ca = chunk_from_thing(a);
cb = chunk_from_thing(b);
for (i = 0; i < 8; i++)
{
cb.ptr[i] = i + 1;
}
/* 64-bit aligned */
memxor(ca.ptr, cb.ptr, 8);
ck_assert(a == b);
/* 32-bit aligned source */
a = 0;
memxor(ca.ptr, cb.ptr + 4, 4);
ck_assert(chunk_equals(ca, chunk_from_chars(0x05, 0x06, 0x07, 0x08,
0x00, 0x00, 0x00, 0x00)));
/* 16-bit aligned source */
a = 0;
memxor(ca.ptr, cb.ptr + 2, 6);
ck_assert(chunk_equals(ca, chunk_from_chars(0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x00, 0x00)));
/* 8-bit aligned source */
a = 0;
memxor(ca.ptr, cb.ptr + 1, 7);
ck_assert(chunk_equals(ca, chunk_from_chars(0x02, 0x03, 0x04, 0x05,
0x06, 0x07, 0x08, 0x00)));
}
/* If input is not a integral number of blocks, the final block is
padded with zeros, no length field or anything like that. That's
pretty broken, since it means that "$100" and "$100\0" always have
the same checksum, but I think that's how it's supposed to work. */
uint32_t
des_cbc_cksum(const uint8_t *src, des_cblock *dst,
long length, des_key_schedule ctx,
const_des_cblock *iv)
{
/* FIXME: I'm not entirely sure how this function is supposed to
* work, in particular what it should return, and if iv can be
* modified. */
uint8_t block[DES_BLOCK_SIZE];
memcpy(block, *iv, DES_BLOCK_SIZE);
while (length >= DES_BLOCK_SIZE)
{
memxor(block, src, DES_BLOCK_SIZE);
nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
src += DES_BLOCK_SIZE;
length -= DES_BLOCK_SIZE;
}
if (length > 0)
{
memxor(block, src, length);
nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
}
memcpy(*dst, block, DES_BLOCK_SIZE);
return LE_READ_UINT32(block + 4);
}
void cscipher_enc(void* buffer, const cscipher_ctx_t* ctx){
uint8_t i,j,k;
uint8_t tmp[8];
for(i=0; i<8; ++i){
#if DEBUG
cli_putstr("\r\nDBG: round ");
cli_hexdump(&i, 1);
cli_putstr(" buffer:");
cli_hexdump(buffer, 8);
#endif
for(j=0; j<3; ++j){
if(j==0){
memxor(buffer, ctx->keys[i], 8);
}else{
memxor(buffer, round_const+((j==1)?0:8), 8);
}
for(k=0; k<4; ++k){
((uint16_t*)tmp)[k] = m(((uint16_t*)buffer)[k]);
}
for(k=0; k<4; ++k){
((uint8_t*)buffer)[k] = tmp[2*k];
((uint8_t*)buffer)[k+4] = tmp[2*k+1];
}
}
}
memxor(buffer, ctx->keys[8], 8);
}
static int
wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
const void *key, size_t key_size, const void *text,
size_t text_size, void *digest)
{
if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256)
{
unsigned char *pad;
unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
unsigned char hkey[MAX_SHA_DIGEST_SIZE];
unsigned int digest_size = _gnutls_hmac_get_algo_len (algo);
if (key_size > SHA1_DATA_SIZE)
{
wrap_padlock_hash_fast (algo, key, key_size, hkey);
key = hkey;
key_size = digest_size;
}
pad = gnutls_malloc (text_size + SHA1_DATA_SIZE);
if (pad == NULL)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
memset (pad, IPAD, SHA1_DATA_SIZE);
memxor (pad, key, key_size);
memcpy (&pad[SHA1_DATA_SIZE], text, text_size);
wrap_padlock_hash_fast (algo, pad, text_size + SHA1_DATA_SIZE,
&pad2[SHA1_DATA_SIZE]);
gnutls_free (pad);
memset (pad2, OPAD, SHA1_DATA_SIZE);
memxor (pad2, key, key_size);
wrap_padlock_hash_fast (algo, pad2, digest_size + SHA1_DATA_SIZE,
digest);
}
else
{
struct padlock_hmac_ctx ctx;
int ret;
ret = _hmac_ctx_init (algo, &ctx);
if (ret < 0)
return gnutls_assert_val (ret);
ctx.algo = algo;
wrap_padlock_hmac_setkey (&ctx, key, key_size);
wrap_padlock_hmac_update (&ctx, text, text_size);
wrap_padlock_hmac_output (&ctx, digest, ctx.length);
}
return 0;
}
/*
Ripara un singolo settore:
in file guasto
sec file contenente il blocco di sicurezza
nsec numero di settori componenti il blocco di sicurezza
sector settore guasto
force se rigenerare anche un settore recuperabile solo in parte
*/
int repair_sector(FILE* in, FILE* sec, ULONG nsec, ULONG sector, char force)
{
int err = EFIO_ALL_OK;
char xorblock[SECTOR];
ULONG pos, i = sector%nsec; /* Posizione del settore guasto relativa al blocco di appartenenza */
USHORT crc, crc2;
long size, start=sector*SECTOR;
pos = ftell(in);
size = filesize(in);
memset(xorblock,0,SECTOR);
/* Prepara la lettura del primo settore */
fseek(in,(long)i*SECTOR,SEEK_SET);
for (;;)
{
char buf[SECTOR];
size_t read;
/* Ignora il settore da riparare */
if ( ftell(in) == start )
{
fseek(in,(long)nsec*SECTOR,SEEK_CUR);
fseek(sec,(long)nsec*sizeof(USHORT),SEEK_CUR);
continue;
}
/* Aggiunge il corrispondente settore dal blocco di sicurezza */
/* dopo aver elaborato i settori sani */
if (size <= ftell(in))
{
fseek(sec,0,SEEK_END);
fseek(sec,(long)-(nsec-i)*SECTOR,SEEK_CUR);
read = fread(buf,1,SECTOR,sec);
memxor(xorblock,buf,read);
break;
}
read = fread(buf,1,SECTOR,in);
if (ferror(in)) return EFIO_READ_SECTOR;
memxor(xorblock,buf,read);
fseek(in,(long)(nsec-1)*SECTOR,SEEK_CUR);
}
/* Determina se la riparazione è possibile, confrontando i CRC del settore originale e di quello rigenerato */
crc = crc16_for_block(0,xorblock,(start+SECTOR > size)? size-start : SECTOR);
fseek(sec,(long)sizeof(HEADER)+sector*sizeof(USHORT),SEEK_SET);
fread(&crc2,sizeof(USHORT),1,sec);
if (crc!=crc2) err = EFIO_CANT_REPAIR;
if (err==EFIO_CANT_REPAIR && !force) goto fine;
if (err==EFIO_CANT_REPAIR && force) err=EFIO_FORCED_REPAIR;
fseek(in,start,SEEK_SET);
/* Se il settore finale è incompleto (piuttosto comune!), scrive solo la parte mancante */
fwrite(xorblock,(start+SECTOR > size)? size-start : SECTOR,1,in);
if (ferror(in)) return EFIO_WRITE_SECTOR;
/* Riporta il puntatore dove repair_file l'aveva lasciato... */
fine:
fseek(in,pos,SEEK_SET);
return err;
}
void bcal_eax_ctx2tag(void *dest, uint16_t length_b, bcal_eax_ctx_t *ctx){
uint8_t tmp[ctx->blocksize_B];
if(ctx->header_set==0){
bcal_cmac_lastBlock(&(ctx->htag), NULL, 0);
}
bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->htag));
memxor(ctx->nonce, tmp, ctx->blocksize_B);
bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->ctag));
memxor(ctx->nonce, tmp, ctx->blocksize_B);
memcpy(dest, ctx->nonce, (length_b+7)/8);
}
void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
uint16_t blocksize_b;
blocksize_b = ctx->blocksize_B*8;
while(length_b>=blocksize_b){
bcal_cmac_nextBlock(ctx, block);
block = (uint8_t*)block + ctx->blocksize_B;
length_b -= blocksize_b;
}
if(ctx->last_set==0){
memxor(ctx->accu, block, (length_b+7)/8);
memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
}else{
int
hmac_sha256 (const void *key, size_t keylen,
const void *in, size_t inlen, void *resbuf)
{
struct sha256_ctx inner;
struct sha256_ctx outer;
char optkeybuf[32];
char block[64];
char innerhash[32];
/* Reduce the key's size, so that it becomes <= 64 bytes large. */
if (keylen > 64)
{
struct sha256_ctx keyhash;
sha256_init_ctx (&keyhash);
sha256_process_bytes (key, keylen, &keyhash);
sha256_finish_ctx (&keyhash, optkeybuf);
key = optkeybuf;
keylen = 32;
}
/* Compute INNERHASH from KEY and IN. */
sha256_init_ctx (&inner);
memset (block, IPAD, sizeof (block));
memxor (block, key, keylen);
sha256_process_block (block, 64, &inner);
sha256_process_bytes (in, inlen, &inner);
sha256_finish_ctx (&inner, innerhash);
/* Compute result from KEY and INNERHASH. */
sha256_init_ctx (&outer);
memset (block, OPAD, sizeof (block));
memxor (block, key, keylen);
sha256_process_block (block, 64, &outer);
sha256_process_bytes (innerhash, 32, &outer);
sha256_finish_ctx (&outer, resbuf);
return 0;
}
void present_generic_enc(void* buffer, uint8_t* ctx, uint8_t ksize_B,
void(*update)(uint8_t*, uint8_t)){
uint8_t i,j,tmp[8], k[ksize_B];
memcpy(k, ctx, ksize_B);
memxor(buffer, k, 8);
for(i=1; i<32; ++i){
j = 7;
do{
tmp[j] = present_sbox(((uint8_t*)buffer)[j]);
}while(j--);
present_p(buffer, tmp);
update(k, i);
memxor(buffer, k, 8);
}
}
void bcal_cbc_decNext(void *block, bcal_cbc_ctx_t *ctx){
uint8_t tmp[ctx->blocksize_B];
memcpy(tmp, block, ctx->blocksize_B);
bcal_cipher_dec(block, &(ctx->cctx));
memxor(block, ctx->prev_block, ctx->blocksize_B);
memcpy(ctx->prev_block, tmp, ctx->blocksize_B);
}
int
drbg_aes_reseed(struct drbg_aes_ctx *ctx,
unsigned entropy_size, const uint8_t * entropy,
unsigned add_size, const uint8_t * add)
{
uint8_t tmp[DRBG_AES_SEED_SIZE];
unsigned len = 0;
if (add_size > DRBG_AES_SEED_SIZE || entropy_size != DRBG_AES_SEED_SIZE)
return 0;
if (add_size <= DRBG_AES_SEED_SIZE && add_size > 0) {
memcpy(tmp, add, add_size);
len = add_size;
}
if (len != DRBG_AES_SEED_SIZE)
memset(&tmp[len], 0, DRBG_AES_SEED_SIZE - len);
memxor(tmp, entropy, entropy_size);
drbg_aes_update(ctx, tmp);
return 1;
}
void raptor_decoder::at_Desymbol_process(elim_stack *_mtr_op, long long _mtr_op_size, byte **cdc, byte **erc1, int _SYMBOL_SIZE, int _M, int _N, byte **_intermid_index)
{
for (int i=0,p=0; i<_M; ++i)
{
(i<_M-_N) ? memset((byte*)(cdc[i]), 0, _SYMBOL_SIZE*sizeof(byte)) : memcpy( (byte*)(cdc[i]), (byte*)(erc1[p++]), _SYMBOL_SIZE*sizeof(byte) );
_intermid_index[i]=(byte*)(cdc[i]);
}
for(int i=0;i<_mtr_op_size;++i)
{
byte *tempo = NULL;
short int opr0=_mtr_op[i].opr;
short int opr1=_mtr_op[i].addr1;
short int opr2=_mtr_op[i].addr2;
if(opr0==eliml)
{
memxor((byte*)(_intermid_index[opr2]),(byte*)(_intermid_index[opr1]),_SYMBOL_SIZE);
}
if(_mtr_op[i].opr==chpos)
{
tempo = (byte*)(_intermid_index[opr2]);
_intermid_index[opr2] = (byte*)(_intermid_index[opr1]);
_intermid_index[opr1] = (byte*)(tempo);
}
}
return ;
}
void cscipher_init(const void* key, cscipher_ctx_t* ctx){
uint8_t tmp_key[16], tmp[8];
uint8_t i,j,k,t=0;
memcpy(tmp_key, key, 16);
for(i=0; i<9; ++i){
#if DEBUG
cli_putstr("\r\nDBG: round ");
cli_hexdump(&i, 1);
cli_putstr(" key state:");
cli_hexdump(tmp_key, 16);
#endif
memcpy(tmp, tmp_key+(((i&1)==0)?0:8), 8);
memxor(tmp, ks_const+8*i, 8);
for(j=0; j<8; ++j){
tmp[j] = P(tmp[j]);
}
for(j=0; j<8; ++j){
for(k=0; k<8; ++k){
t<<=1;
t |= tmp[k]>>7;
tmp[k]<<=1;
}
tmp_key[j+(((i&1)==0)?8:0)] ^= t;
}
memcpy(ctx->keys[i], tmp_key+(((i&1)==0)?8:0), 8);
}
}
void cubehash_nextBlock(cubehash_ctx_t *ctx, void *block){
uint8_t i;
memxor(ctx->a, block, ctx->blocksize_B);
for(i=0; i<ctx->rounds; ++i){
cubehash_round(ctx);
}
}
void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx){
uint8_t tmp[ctx->blocksize_B];
memcpy(tmp, ctx->in_block, ctx->blocksize_B);
bcal_cipher_enc(tmp, &(ctx->cctx));
memxor(block, tmp, ctx->blocksize_B);
ctx->inc_func(ctx->in_block, ctx->blocksize_B);
}
static void
prf_iterate(u_int8_t *r, const u_int8_t *P, size_t Plen,
const u_int8_t *S, size_t Slen, size_t c, size_t ind)
{
int first_time = 1;
size_t i;
size_t datalen;
ssize_t tmplen;
u_int8_t *data;
u_int8_t tmp[128];
data = emalloc(Slen + 4);
(void)memcpy(data, S, Slen);
be32enc(data + Slen, ind);
datalen = Slen + 4;
for (i=0; i < c; i++) {
tmplen = hmac("sha1", P, Plen, data, datalen, tmp, sizeof(tmp));
assert(tmplen == PRF_BLOCKLEN);
if (first_time) {
(void)memcpy(r, tmp, PRF_BLOCKLEN);
first_time = 0;
} else
memxor(r, tmp, PRF_BLOCKLEN);
(void)memcpy(data, tmp, PRF_BLOCKLEN);
datalen = PRF_BLOCKLEN;
}
free(data);
}
static void
prf_iterate(u_int8_t *r, const u_int8_t *P, size_t Plen,
const u_int8_t *S, size_t Slen, size_t c, size_t ind)
{
int first_time = 1;
size_t i;
size_t datalen;
unsigned int tmplen;
u_int8_t *data;
u_int8_t tmp[EVP_MAX_MD_SIZE];
data = emalloc(Slen + 4);
(void)memcpy(data, S, Slen);
be32enc(data + Slen, ind);
datalen = Slen + 4;
for (i=0; i < c; i++) {
(void)HMAC(EVP_sha1(), P, Plen, data, datalen, tmp, &tmplen);
assert(tmplen == PRF_BLOCKLEN);
if (first_time) {
(void)memcpy(r, tmp, PRF_BLOCKLEN);
first_time = 0;
} else
memxor(r, tmp, PRF_BLOCKLEN);
(void)memcpy(data, tmp, PRF_BLOCKLEN);
datalen = PRF_BLOCKLEN;
}
free(data);
}
static void
test_memxor (const uint8_t *a, const uint8_t *b, const uint8_t *c,
size_t size, unsigned align_dst, unsigned align_src)
{
uint8_t dst_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t src_buf[MAX_SIZE + ALIGN_SIZE + 1];
uint8_t *dst = set_align (dst_buf, align_dst);
uint8_t *src = set_align (src_buf, align_src);
if (verbose)
fprintf(stderr, "size = %d, align_dst = %d, align_src = %d\n",
(int) size, align_dst, align_src);
memcpy (dst, a, size);
dst[-1] = 17;
dst[size] = 17;
memcpy (src, b, size);
memxor (dst, src, size);
ASSERT (MEMEQ (size, dst, c));
ASSERT (dst[-1] == 17);
ASSERT (dst[size] == 17);
}
void debugPrintXor(const char* a, const char* b, int len)
{
char* out = malloc(len);
memcpy(out, a, len);
memxor(out, b, len);
debugPrintHex(out,len);
free(out);
}
void raptor_decoder::GEcalculate(long long **AA, int _K, int _L, int _N, int _M, int _SYMBOL_SIZE, int r, byte** _intermid_index)
{//GEcalculate(Aw, erc1, _SYMBOL_SIZE, r);Aw:matrix build before: (_N+S+H) * _L, erc1: _N * _SYMBOL_SIZE
const int lenth_row_L=INT_CEIL64(_L);
int P=0;
long long *temp = new long long[lenth_row_L];
byte *tempo = NULL;
int base_zero_line=0;
int i=0;
for (int jj=0; jj<_L; jj++)
{
tempo=NULL;
memset((long long*)temp,0,lenth_row_L*sizeof(long long));
for(i=jj; (i<_M) && (!GET_MATRIX_ij(AA,i,jj)); ++i);
if (i==_M){
error = 4;
continue;
}//all is 0, non-mark matrix
base_zero_line=i;
for(i=0;i<base_zero_line;++i)
{
if( GET_MATRIX_ij(AA,i,jj) )
{
memxor((byte*)(_intermid_index[i]),(byte*)(_intermid_index[base_zero_line]),_SYMBOL_SIZE);
memxor((long long *)(AA[i]),(long long*)(AA[base_zero_line]),lenth_row_L*sizeof(long long));
}
}
for(++i;i<_M;++i)
{
if( GET_MATRIX_ij(AA,i,jj) )
{
memxor((byte*)(_intermid_index[i]),(byte*)(_intermid_index[base_zero_line]),_SYMBOL_SIZE);
memxor((char *)(AA[i]),(char*)(AA[base_zero_line]),lenth_row_L*sizeof(long long));
}
}
memcpy((long long*)temp,(long long *)(AA[jj]),lenth_row_L*sizeof(long long));
memcpy((long long*)(AA[jj]),(long long*)(AA[base_zero_line]),lenth_row_L*sizeof(long long));
memcpy((long long*)(AA[base_zero_line]),(long long*)temp,lenth_row_L*sizeof(long long));
tempo = (byte*)(_intermid_index[jj]);
_intermid_index[jj] = (byte*)(_intermid_index[base_zero_line]);
_intermid_index[base_zero_line] = (byte*)(tempo);
}
SAFE_DELETE_ARR(temp);
//discarded _M-_L rows to get the result
return ;
}
void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx){
uint8_t tmp[ctx->blocksize_B];
memcpy(tmp, ctx->in_block, ctx->blocksize_B);
bcal_cipher_enc(tmp, &(ctx->cctx));
memxor(block, tmp, ctx->size_B);
memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B);
memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, block, ctx->size_B);
}
void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
if(ctx->last_set){
memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
bcal_cipher_enc(ctx->accu, &(ctx->cctx));
}
memcpy(ctx->lastblock, block, ctx->blocksize_B);
ctx->last_set=1;
}
void groestl_small_nextBlock(groestl_small_ctx_t* ctx, const void* block){
uint8_t tmp1[64], tmp2[64];
/* for(i=0; i<8; ++i){
for(j=0; j<8; ++j){
tmp1[j*8+i] = ((uint8_t*)block)[i*8+j];
}
}
*/
memcpy(tmp1, block, 64);
memcpy(tmp2, tmp1, 64);
memxor(tmp1, ctx->h, 64);
groestl_small_rounds(tmp1, 0);
groestl_small_rounds(tmp2, 1);
memxor(ctx->h, tmp1, 64);
memxor(ctx->h, tmp2, 64);
ctx->counter++;
}
void present_generic_dec(void* buffer, uint8_t* ctx, uint8_t ksize_B,
void(*update)(uint8_t*, uint8_t)){
uint8_t j,tmp[8], k[ksize_B];
uint8_t i;
memcpy(k, ctx + ksize_B, ksize_B);
memxor(buffer, k, 8);
i = 31;
do{
present_p(tmp, buffer);
present_p(buffer, tmp);
j = 7;
do{
((uint8_t*)buffer)[j] = present_sbox_inv(((uint8_t*)buffer)[j]);
}while(j--);
update(k, i);
memxor(buffer, k, 8);
}while(--i);
}
void ubi1024_nextBlock(ubi1024_ctx_t* ctx, const void* block){
threefish1024_ctx_t tfctx;
ctx->tweak.v64[0] += UBI1024_BLOCKSIZE_B;
threefish1024_init(ctx->g, ctx->tweak.v8, &tfctx);
memcpy(ctx->g, block, UBI1024_BLOCKSIZE_B);
threefish1024_enc(ctx->g, &tfctx);
memxor(ctx->g, block, UBI1024_BLOCKSIZE_B);
ctx->tweak.v8[15] &= (uint8_t)~0x40;
}
static
void blake_small_expand(uint32_t* v, const blake_small_ctx_t* ctx){
uint8_t i;
memcpy(v, ctx->h, 8*4);
for(i=0; i<8; ++i){
v[8+i] = pgm_read_dword(&(blake_c[i]));
}
memxor((uint8_t*)v+8, ctx->s, 4*4);
}
static
void blake_large_expand(uint64_t *v, const blake_large_ctx_t *ctx){
uint8_t i;
memcpy(v, ctx->h, 8*8);
for(i=0; i<8; ++i){
v[8+i] = pgm_read_qword(&(blake_c[i]));
}
memxor((uint8_t*)v+8, ctx->s, 4*8);
}
