arnaucube
/
derosuite
mirror of https://github.com/arnaucube/derosuite.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
1 Branch
0 Tags
68 MiB
Tree: 222cdca240
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '222cdca240'
${ noResults }
derosuite/vendor/github.com/aead/skein/threefish/threefish1024_ref.go

557 lines
14 KiB
Raw Normal View History

Status update release 1
6 years ago
  1. // Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
  2. // Use of this source code is governed by a license that can be
  3. // found in the LICENSE file.
  5. package threefish
  7. func (t *threefish1024) Encrypt(dst, src []byte) {
  8. var block [16]uint64
  10. bytesToBlock1024(&block, src)
  12. Encrypt1024(&block, &(t.keys), &(t.tweak))
  14. block1024ToBytes(dst, &block)
  15. }
  17. func (t *threefish1024) Decrypt(dst, src []byte) {
  18. var block [16]uint64
  20. bytesToBlock1024(&block, src)
  22. Decrypt1024(&block, &(t.keys), &(t.tweak))
  24. block1024ToBytes(dst, &block)
  25. }
  27. func newCipher1024(tweak *[TweakSize]byte, key []byte) *threefish1024 {
  28. c := new(threefish1024)
  30. c.tweak[0] = uint64(tweak[0]) | uint64(tweak[1])<<8 | uint64(tweak[2])<<16 | uint64(tweak[3])<<24 |
  31. uint64(tweak[4])<<32 | uint64(tweak[5])<<40 | uint64(tweak[6])<<48 | uint64(tweak[7])<<56
  33. c.tweak[1] = uint64(tweak[8]) | uint64(tweak[9])<<8 | uint64(tweak[10])<<16 | uint64(tweak[11])<<24 |
  34. uint64(tweak[12])<<32 | uint64(tweak[13])<<40 | uint64(tweak[14])<<48 | uint64(tweak[15])<<56
  36. c.tweak[2] = c.tweak[0] ^ c.tweak[1]
  38. for i := range c.keys[:16] {
  39. j := i * 8
  40. c.keys[i] = uint64(key[j]) | uint64(key[j+1])<<8 | uint64(key[j+2])<<16 | uint64(key[j+3])<<24 |
  41. uint64(key[j+4])<<32 | uint64(key[j+5])<<40 | uint64(key[j+6])<<48 | uint64(key[j+7])<<56
  42. }
  43. c.keys[16] = C240 ^ c.keys[0] ^ c.keys[1] ^ c.keys[2] ^ c.keys[3] ^ c.keys[4] ^ c.keys[5] ^ c.keys[6] ^
  44. c.keys[7] ^ c.keys[8] ^ c.keys[9] ^ c.keys[10] ^ c.keys[11] ^ c.keys[12] ^ c.keys[13] ^ c.keys[14] ^ c.keys[15]
  46. return c
  47. }
  49. // Encrypt1024 encrypts the 16 words of block using the expanded 1024 bit key and
  50. // the 128 bit tweak. The keys[16] must be keys[0] xor keys[1] xor ... keys[15] xor C240.
  51. // The tweak[2] must be tweak[0] xor tweak[1].
  52. func Encrypt1024(block *[16]uint64, keys *[17]uint64, tweak *[3]uint64) {
  53. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  54. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  55. b8, b9, b10, b11 := block[8], block[9], block[10], block[11]
  56. b12, b13, b14, b15 := block[12], block[13], block[14], block[15]
  58. for r := 0; r < 19; r++ {
  59. b0 += keys[r%17]
  60. b1 += keys[(r+1)%17]
  61. b2 += keys[(r+2)%17]
  62. b3 += keys[(r+3)%17]
  63. b4 += keys[(r+4)%17]
  64. b5 += keys[(r+5)%17]
  65. b6 += keys[(r+6)%17]
  66. b7 += keys[(r+7)%17]
  67. b8 += keys[(r+8)%17]
  68. b9 += keys[(r+9)%17]
  69. b10 += keys[(r+10)%17]
  70. b11 += keys[(r+11)%17]
  71. b12 += keys[(r+12)%17]
  72. b13 += keys[(r+13)%17] + tweak[r%3]
  73. b14 += keys[(r+14)%17] + tweak[(r+1)%3]
  74. b15 += keys[(r+15)%17] + uint64(r)
  76. b0 += b1
  77. b1 = ((b1 << 24) | (b1 >> (64 - 24))) ^ b0
  78. b2 += b3
  79. b3 = ((b3 << 13) | (b3 >> (64 - 13))) ^ b2
  80. b4 += b5
  81. b5 = ((b5 << 8) | (b5 >> (64 - 8))) ^ b4
  82. b6 += b7
  83. b7 = ((b7 << 47) | (b7 >> (64 - 47))) ^ b6
  84. b8 += b9
  85. b9 = ((b9 << 8) | (b9 >> (64 - 8))) ^ b8
  86. b10 += b11
  87. b11 = ((b11 << 17) | (b11 >> (64 - 17))) ^ b10
  88. b12 += b13
  89. b13 = ((b13 << 22) | (b13 >> (64 - 22))) ^ b12
  90. b14 += b15
  91. b15 = ((b15 << 37) | (b15 >> (64 - 37))) ^ b14
  93. b0 += b9
  94. b9 = ((b9 << 38) | (b9 >> (64 - 38))) ^ b0
  95. b2 += b13
  96. b13 = ((b13 << 19) | (b13 >> (64 - 19))) ^ b2
  97. b6 += b11
  98. b11 = ((b11 << 10) | (b11 >> (64 - 10))) ^ b6
  99. b4 += b15
  100. b15 = ((b15 << 55) | (b15 >> (64 - 55))) ^ b4
  101. b10 += b7
  102. b7 = ((b7 << 49) | (b7 >> (64 - 49))) ^ b10
  103. b12 += b3
  104. b3 = ((b3 << 18) | (b3 >> (64 - 18))) ^ b12
  105. b14 += b5
  106. b5 = ((b5 << 23) | (b5 >> (64 - 23))) ^ b14
  107. b8 += b1
  108. b1 = ((b1 << 52) | (b1 >> (64 - 52))) ^ b8
  110. b0 += b7
  111. b7 = ((b7 << 33) | (b7 >> (64 - 33))) ^ b0
  112. b2 += b5
  113. b5 = ((b5 << 4) | (b5 >> (64 - 4))) ^ b2
  114. b4 += b3
  115. b3 = ((b3 << 51) | (b3 >> (64 - 51))) ^ b4
  116. b6 += b1
  117. b1 = ((b1 << 13) | (b1 >> (64 - 13))) ^ b6
  118. b12 += b15
  119. b15 = ((b15 << 34) | (b15 >> (64 - 34))) ^ b12
  120. b14 += b13
  121. b13 = ((b13 << 41) | (b13 >> (64 - 41))) ^ b14
  122. b8 += b11
  123. b11 = ((b11 << 59) | (b11 >> (64 - 59))) ^ b8
  124. b10 += b9
  125. b9 = ((b9 << 17) | (b9 >> (64 - 17))) ^ b10
  127. b0 += b15
  128. b15 = ((b15 << 5) | (b15 >> (64 - 5))) ^ b0
  129. b2 += b11
  130. b11 = ((b11 << 20) | (b11 >> (64 - 20))) ^ b2
  131. b6 += b13
  132. b13 = ((b13 << 48) | (b13 >> (64 - 48))) ^ b6
  133. b4 += b9
  134. b9 = ((b9 << 41) | (b9 >> (64 - 41))) ^ b4
  135. b14 += b1
  136. b1 = ((b1 << 47) | (b1 >> (64 - 47))) ^ b14
  137. b8 += b5
  138. b5 = ((b5 << 28) | (b5 >> (64 - 28))) ^ b8
  139. b10 += b3
  140. b3 = ((b3 << 16) | (b3 >> (64 - 16))) ^ b10
  141. b12 += b7
  142. b7 = ((b7 << 25) | (b7 >> (64 - 25))) ^ b12
  144. r++
  146. b0 += keys[r%17]
  147. b1 += keys[(r+1)%17]
  148. b2 += keys[(r+2)%17]
  149. b3 += keys[(r+3)%17]
  150. b4 += keys[(r+4)%17]
  151. b5 += keys[(r+5)%17]
  152. b6 += keys[(r+6)%17]
  153. b7 += keys[(r+7)%17]
  154. b8 += keys[(r+8)%17]
  155. b9 += keys[(r+9)%17]
  156. b10 += keys[(r+10)%17]
  157. b11 += keys[(r+11)%17]
  158. b12 += keys[(r+12)%17]
  159. b13 += keys[(r+13)%17] + tweak[r%3]
  160. b14 += keys[(r+14)%17] + tweak[(r+1)%3]
  161. b15 += keys[(r+15)%17] + uint64(r)
  163. b0 += b1
  164. b1 = ((b1 << 41) | (b1 >> (64 - 41))) ^ b0
  165. b2 += b3
  166. b3 = ((b3 << 9) | (b3 >> (64 - 9))) ^ b2
  167. b4 += b5
  168. b5 = ((b5 << 37) | (b5 >> (64 - 37))) ^ b4
  169. b6 += b7
  170. b7 = ((b7 << 31) | (b7 >> (64 - 31))) ^ b6
  171. b8 += b9
  172. b9 = ((b9 << 12) | (b9 >> (64 - 12))) ^ b8
  173. b10 += b11
  174. b11 = ((b11 << 47) | (b11 >> (64 - 47))) ^ b10
  175. b12 += b13
  176. b13 = ((b13 << 44) | (b13 >> (64 - 44))) ^ b12
  177. b14 += b15
  178. b15 = ((b15 << 30) | (b15 >> (64 - 30))) ^ b14
  180. b0 += b9
  181. b9 = ((b9 << 16) | (b9 >> (64 - 16))) ^ b0
  182. b2 += b13
  183. b13 = ((b13 << 34) | (b13 >> (64 - 34))) ^ b2
  184. b6 += b11
  185. b11 = ((b11 << 56) | (b11 >> (64 - 56))) ^ b6
  186. b4 += b15
  187. b15 = ((b15 << 51) | (b15 >> (64 - 51))) ^ b4
  188. b10 += b7
  189. b7 = ((b7 << 4) | (b7 >> (64 - 4))) ^ b10
  190. b12 += b3
  191. b3 = ((b3 << 53) | (b3 >> (64 - 53))) ^ b12
  192. b14 += b5
  193. b5 = ((b5 << 42) | (b5 >> (64 - 42))) ^ b14
  194. b8 += b1
  195. b1 = ((b1 << 41) | (b1 >> (64 - 41))) ^ b8
  197. b0 += b7
  198. b7 = ((b7 << 31) | (b7 >> (64 - 31))) ^ b0
  199. b2 += b5
  200. b5 = ((b5 << 44) | (b5 >> (64 - 44))) ^ b2
  201. b4 += b3
  202. b3 = ((b3 << 47) | (b3 >> (64 - 47))) ^ b4
  203. b6 += b1
  204. b1 = ((b1 << 46) | (b1 >> (64 - 46))) ^ b6
  205. b12 += b15
  206. b15 = ((b15 << 19) | (b15 >> (64 - 19))) ^ b12
  207. b14 += b13
  208. b13 = ((b13 << 42) | (b13 >> (64 - 42))) ^ b14
  209. b8 += b11
  210. b11 = ((b11 << 44) | (b11 >> (64 - 44))) ^ b8
  211. b10 += b9
  212. b9 = ((b9 << 25) | (b9 >> (64 - 25))) ^ b10
  214. b0 += b15
  215. b15 = ((b15 << 9) | (b15 >> (64 - 9))) ^ b0
  216. b2 += b11
  217. b11 = ((b11 << 48) | (b11 >> (64 - 48))) ^ b2
  218. b6 += b13
  219. b13 = ((b13 << 35) | (b13 >> (64 - 35))) ^ b6
  220. b4 += b9
  221. b9 = ((b9 << 52) | (b9 >> (64 - 52))) ^ b4
  222. b14 += b1
  223. b1 = ((b1 << 23) | (b1 >> (64 - 23))) ^ b14
  224. b8 += b5
  225. b5 = ((b5 << 31) | (b5 >> (64 - 31))) ^ b8
  226. b10 += b3
  227. b3 = ((b3 << 37) | (b3 >> (64 - 37))) ^ b10
  228. b12 += b7
  229. b7 = ((b7 << 20) | (b7 >> (64 - 20))) ^ b12
  230. }
  232. b0 += keys[3]
  233. b1 += keys[4]
  234. b2 += keys[5]
  235. b3 += keys[6]
  236. b4 += keys[7]
  237. b5 += keys[8]
  238. b6 += keys[9]
  239. b7 += keys[10]
  240. b8 += keys[11]
  241. b9 += keys[12]
  242. b10 += keys[13]
  243. b11 += keys[14]
  244. b12 += keys[15]
  245. b13 += keys[16] + tweak[2]
  246. b14 += keys[0] + tweak[0]
  247. b15 += keys[1] + 20
  249. block[0], block[1], block[2], block[3] = b0, b1, b2, b3
  250. block[4], block[5], block[6], block[7] = b4, b5, b6, b7
  251. block[8], block[9], block[10], block[11] = b8, b9, b10, b11
  252. block[12], block[13], block[14], block[15] = b12, b13, b14, b15
  253. }
  255. // Decrypt1024 decrypts the 16 words of block using the expanded 1024 bit key and
  256. // the 128 bit tweak. The keys[16] must be keys[0] xor keys[1] xor ... keys[15] xor C240.
  257. // The tweak[2] must be tweak[0] xor tweak[1].
  258. func Decrypt1024(block *[16]uint64, keys *[17]uint64, tweak *[3]uint64) {
  259. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  260. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  261. b8, b9, b10, b11 := block[8], block[9], block[10], block[11]
  262. b12, b13, b14, b15 := block[12], block[13], block[14], block[15]
  264. var tmp uint64
  265. for r := 20; r > 1; r-- {
  266. b0 -= keys[r%17]
  267. b1 -= keys[(r+1)%17]
  268. b2 -= keys[(r+2)%17]
  269. b3 -= keys[(r+3)%17]
  270. b4 -= keys[(r+4)%17]
  271. b5 -= keys[(r+5)%17]
  272. b6 -= keys[(r+6)%17]
  273. b7 -= keys[(r+7)%17]
  274. b8 -= keys[(r+8)%17]
  275. b9 -= keys[(r+9)%17]
  276. b10 -= keys[(r+10)%17]
  277. b11 -= keys[(r+11)%17]
  278. b12 -= keys[(r+12)%17]
  279. b13 -= keys[(r+13)%17] + tweak[r%3]
  280. b14 -= keys[(r+14)%17] + tweak[(r+1)%3]
  281. b15 -= keys[(r+15)%17] + uint64(r)
  283. tmp = b7 ^ b12
  284. b7 = (tmp >> 20) | (tmp << (64 - 20))
  285. b12 -= b7
  286. tmp = b3 ^ b10
  287. b3 = (tmp >> 37) | (tmp << (64 - 37))
  288. b10 -= b3
  289. tmp = b5 ^ b8
  290. b5 = (tmp >> 31) | (tmp << (64 - 31))
  291. b8 -= b5
  292. tmp = b1 ^ b14
  293. b1 = (tmp >> 23) | (tmp << (64 - 23))
  294. b14 -= b1
  295. tmp = b9 ^ b4
  296. b9 = (tmp >> 52) | (tmp << (64 - 52))
  297. b4 -= b9
  298. tmp = b13 ^ b6
  299. b13 = (tmp >> 35) | (tmp << (64 - 35))
  300. b6 -= b13
  301. tmp = b11 ^ b2
  302. b11 = (tmp >> 48) | (tmp << (64 - 48))
  303. b2 -= b11
  304. tmp = b15 ^ b0
  305. b15 = (tmp >> 9) | (tmp << (64 - 9))
  306. b0 -= b15
  308. tmp = b9 ^ b10
  309. b9 = (tmp >> 25) | (tmp << (64 - 25))
  310. b10 -= b9
  311. tmp = b11 ^ b8
  312. b11 = (tmp >> 44) | (tmp << (64 - 44))
  313. b8 -= b11
  314. tmp = b13 ^ b14
  315. b13 = (tmp >> 42) | (tmp << (64 - 42))
  316. b14 -= b13
  317. tmp = b15 ^ b12
  318. b15 = (tmp >> 19) | (tmp << (64 - 19))
  319. b12 -= b15
  320. tmp = b1 ^ b6
  321. b1 = (tmp >> 46) | (tmp << (64 - 46))
  322. b6 -= b1
  323. tmp = b3 ^ b4
  324. b3 = (tmp >> 47) | (tmp << (64 - 47))
  325. b4 -= b3
  326. tmp = b5 ^ b2
  327. b5 = (tmp >> 44) | (tmp << (64 - 44))
  328. b2 -= b5
  329. tmp = b7 ^ b0
  330. b7 = (tmp >> 31) | (tmp << (64 - 31))
  331. b0 -= b7
  333. tmp = b1 ^ b8
  334. b1 = (tmp >> 41) | (tmp << (64 - 41))
  335. b8 -= b1
  336. tmp = b5 ^ b14
  337. b5 = (tmp >> 42) | (tmp << (64 - 42))
  338. b14 -= b5
  339. tmp = b3 ^ b12
  340. b3 = (tmp >> 53) | (tmp << (64 - 53))
  341. b12 -= b3
  342. tmp = b7 ^ b10
  343. b7 = (tmp >> 4) | (tmp << (64 - 4))
  344. b10 -= b7
  345. tmp = b15 ^ b4
  346. b15 = (tmp >> 51) | (tmp << (64 - 51))
  347. b4 -= b15
  348. tmp = b11 ^ b6
  349. b11 = (tmp >> 56) | (tmp << (64 - 56))
  350. b6 -= b11
  351. tmp = b13 ^ b2
  352. b13 = (tmp >> 34) | (tmp << (64 - 34))
  353. b2 -= b13
  354. tmp = b9 ^ b0
  355. b9 = (tmp >> 16) | (tmp << (64 - 16))
  356. b0 -= b9
  358. tmp = b15 ^ b14
  359. b15 = (tmp >> 30) | (tmp << (64 - 30))
  360. b14 -= b15
  361. tmp = b13 ^ b12
  362. b13 = (tmp >> 44) | (tmp << (64 - 44))
  363. b12 -= b13
  364. tmp = b11 ^ b10
  365. b11 = (tmp >> 47) | (tmp << (64 - 47))
  366. b10 -= b11
  367. tmp = b9 ^ b8
  368. b9 = (tmp >> 12) | (tmp << (64 - 12))
  369. b8 -= b9
  370. tmp = b7 ^ b6
  371. b7 = (tmp >> 31) | (tmp << (64 - 31))
  372. b6 -= b7
  373. tmp = b5 ^ b4
  374. b5 = (tmp >> 37) | (tmp << (64 - 37))
  375. b4 -= b5
  376. tmp = b3 ^ b2
  377. b3 = (tmp >> 9) | (tmp << (64 - 9))
  378. b2 -= b3
  379. tmp = b1 ^ b0
  380. b1 = (tmp >> 41) | (tmp << (64 - 41))
  381. b0 -= b1
  383. r--
  385. b0 -= keys[r%17]
  386. b1 -= keys[(r+1)%17]
  387. b2 -= keys[(r+2)%17]
  388. b3 -= keys[(r+3)%17]
  389. b4 -= keys[(r+4)%17]
  390. b5 -= keys[(r+5)%17]
  391. b6 -= keys[(r+6)%17]
  392. b7 -= keys[(r+7)%17]
  393. b8 -= keys[(r+8)%17]
  394. b9 -= keys[(r+9)%17]
  395. b10 -= keys[(r+10)%17]
  396. b11 -= keys[(r+11)%17]
  397. b12 -= keys[(r+12)%17]
  398. b13 -= keys[(r+13)%17] + tweak[r%3]
  399. b14 -= keys[(r+14)%17] + tweak[(r+1)%3]
  400. b15 -= keys[(r+15)%17] + uint64(r)
  402. tmp = b7 ^ b12
  403. b7 = (tmp >> 25) | (tmp << (64 - 25))
  404. b12 -= b7
  405. tmp = b3 ^ b10
  406. b3 = (tmp >> 16) | (tmp << (64 - 16))
  407. b10 -= b3
  408. tmp = b5 ^ b8
  409. b5 = (tmp >> 28) | (tmp << (64 - 28))
  410. b8 -= b5
  411. tmp = b1 ^ b14
  412. b1 = (tmp >> 47) | (tmp << (64 - 47))
  413. b14 -= b1
  414. tmp = b9 ^ b4
  415. b9 = (tmp >> 41) | (tmp << (64 - 41))
  416. b4 -= b9
  417. tmp = b13 ^ b6
  418. b13 = (tmp >> 48) | (tmp << (64 - 48))
  419. b6 -= b13
  420. tmp = b11 ^ b2
  421. b11 = (tmp >> 20) | (tmp << (64 - 20))
  422. b2 -= b11
  423. tmp = b15 ^ b0
  424. b15 = (tmp >> 5) | (tmp << (64 - 5))
  425. b0 -= b15
  427. tmp = b9 ^ b10
  428. b9 = (tmp >> 17) | (tmp << (64 - 17))
  429. b10 -= b9
  430. tmp = b11 ^ b8
  431. b11 = (tmp >> 59) | (tmp << (64 - 59))
  432. b8 -= b11
  433. tmp = b13 ^ b14
  434. b13 = (tmp >> 41) | (tmp << (64 - 41))
  435. b14 -= b13
  436. tmp = b15 ^ b12
  437. b15 = (tmp >> 34) | (tmp << (64 - 34))
  438. b12 -= b15
  439. tmp = b1 ^ b6
  440. b1 = (tmp >> 13) | (tmp << (64 - 13))
  441. b6 -= b1
  442. tmp = b3 ^ b4
  443. b3 = (tmp >> 51) | (tmp << (64 - 51))
  444. b4 -= b3
  445. tmp = b5 ^ b2
  446. b5 = (tmp >> 4) | (tmp << (64 - 4))
  447. b2 -= b5
  448. tmp = b7 ^ b0
  449. b7 = (tmp >> 33) | (tmp << (64 - 33))
  450. b0 -= b7
  452. tmp = b1 ^ b8
  453. b1 = (tmp >> 52) | (tmp << (64 - 52))
  454. b8 -= b1
  455. tmp = b5 ^ b14
  456. b5 = (tmp >> 23) | (tmp << (64 - 23))
  457. b14 -= b5
  458. tmp = b3 ^ b12
  459. b3 = (tmp >> 18) | (tmp << (64 - 18))
  460. b12 -= b3
  461. tmp = b7 ^ b10
  462. b7 = (tmp >> 49) | (tmp << (64 - 49))
  463. b10 -= b7
  464. tmp = b15 ^ b4
  465. b15 = (tmp >> 55) | (tmp << (64 - 55))
  466. b4 -= b15
  467. tmp = b11 ^ b6
  468. b11 = (tmp >> 10) | (tmp << (64 - 10))
  469. b6 -= b11
  470. tmp = b13 ^ b2
  471. b13 = (tmp >> 19) | (tmp << (64 - 19))
  472. b2 -= b13
  473. tmp = b9 ^ b0
  474. b9 = (tmp >> 38) | (tmp << (64 - 38))
  475. b0 -= b9
  477. tmp = b15 ^ b14
  478. b15 = (tmp >> 37) | (tmp << (64 - 37))
  479. b14 -= b15
  480. tmp = b13 ^ b12
  481. b13 = (tmp >> 22) | (tmp << (64 - 22))
  482. b12 -= b13
  483. tmp = b11 ^ b10
  484. b11 = (tmp >> 17) | (tmp << (64 - 17))
  485. b10 -= b11
  486. tmp = b9 ^ b8
  487. b9 = (tmp >> 8) | (tmp << (64 - 8))
  488. b8 -= b9
  489. tmp = b7 ^ b6
  490. b7 = (tmp >> 47) | (tmp << (64 - 47))
  491. b6 -= b7
  492. tmp = b5 ^ b4
  493. b5 = (tmp >> 8) | (tmp << (64 - 8))
  494. b4 -= b5
  495. tmp = b3 ^ b2
  496. b3 = (tmp >> 13) | (tmp << (64 - 13))
  497. b2 -= b3
  498. tmp = b1 ^ b0
  499. b1 = (tmp >> 24) | (tmp << (64 - 24))
  500. b0 -= b1
  501. }
  503. b0 -= keys[0]
  504. b1 -= keys[1]
  505. b2 -= keys[2]
  506. b3 -= keys[3]
  507. b4 -= keys[4]
  508. b5 -= keys[5]
  509. b6 -= keys[6]
  510. b7 -= keys[7]
  511. b8 -= keys[8]
  512. b9 -= keys[9]
  513. b10 -= keys[10]
  514. b11 -= keys[11]
  515. b12 -= keys[12]
  516. b13 -= keys[13] + tweak[0]
  517. b14 -= keys[14] + tweak[1]
  518. b15 -= keys[15]
  520. block[0], block[1], block[2], block[3] = b0, b1, b2, b3
  521. block[4], block[5], block[6], block[7] = b4, b5, b6, b7
  522. block[8], block[9], block[10], block[11] = b8, b9, b10, b11
  523. block[12], block[13], block[14], block[15] = b12, b13, b14, b15
  524. }
  526. // UBI1024 does a Threefish1024 encryption of the given block using
  527. // the chain values hVal and the tweak.
  528. // The chain values are updated through hVal[i] = block[i] ^ Enc(block)[i]
  529. func UBI1024(block *[16]uint64, hVal *[17]uint64, tweak *[3]uint64) {
  530. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  531. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  532. b8, b9, b10, b11 := block[8], block[9], block[10], block[11]
  533. b12, b13, b14, b15 := block[12], block[13], block[14], block[15]
  535. hVal[16] = C240 ^ hVal[0] ^ hVal[1] ^ hVal[2] ^ hVal[3] ^ hVal[4] ^ hVal[5] ^ hVal[6] ^ hVal[7] ^
  536. hVal[8] ^ hVal[9] ^ hVal[10] ^ hVal[11] ^ hVal[12] ^ hVal[13] ^ hVal[14] ^ hVal[15]
  537. tweak[2] = tweak[0] ^ tweak[1]
  539. Encrypt1024(block, hVal, tweak)
  541. hVal[0] = block[0] ^ b0
  542. hVal[1] = block[1] ^ b1
  543. hVal[2] = block[2] ^ b2
  544. hVal[3] = block[3] ^ b3
  545. hVal[4] = block[4] ^ b4
  546. hVal[5] = block[5] ^ b5
  547. hVal[6] = block[6] ^ b6
  548. hVal[7] = block[7] ^ b7
  549. hVal[8] = block[8] ^ b8
  550. hVal[9] = block[9] ^ b9
  551. hVal[10] = block[10] ^ b10
  552. hVal[11] = block[11] ^ b11
  553. hVal[12] = block[12] ^ b12
  554. hVal[13] = block[13] ^ b13
  555. hVal[14] = block[14] ^ b14
  556. hVal[15] = block[15] ^ b15
  557. }