arnaucube
/
derosuite
mirror of https://github.com/arnaucube/derosuite.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
1 Branch
0 Tags
68 MiB
Tree: 222cdca240
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '222cdca240'
${ noResults }
derosuite/vendor/github.com/aead/skein/threefish/threefish512_ref.go

329 lines
7.6 KiB
Raw Normal View History

Status update release 1
6 years ago
  1. // Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
  2. // Use of this source code is governed by a license that can be
  3. // found in the LICENSE file.
  5. package threefish
  7. func (t *threefish512) Encrypt(dst, src []byte) {
  8. var block [8]uint64
  10. bytesToBlock512(&block, src)
  12. Encrypt512(&block, &(t.keys), &(t.tweak))
  14. block512ToBytes(dst, &block)
  15. }
  17. func (t *threefish512) Decrypt(dst, src []byte) {
  18. var block [8]uint64
  20. bytesToBlock512(&block, src)
  22. Decrypt512(&block, &(t.keys), &(t.tweak))
  24. block512ToBytes(dst, &block)
  25. }
  27. func newCipher512(tweak *[TweakSize]byte, key []byte) *threefish512 {
  28. c := new(threefish512)
  30. c.tweak[0] = uint64(tweak[0]) | uint64(tweak[1])<<8 | uint64(tweak[2])<<16 | uint64(tweak[3])<<24 |
  31. uint64(tweak[4])<<32 | uint64(tweak[5])<<40 | uint64(tweak[6])<<48 | uint64(tweak[7])<<56
  33. c.tweak[1] = uint64(tweak[8]) | uint64(tweak[9])<<8 | uint64(tweak[10])<<16 | uint64(tweak[11])<<24 |
  34. uint64(tweak[12])<<32 | uint64(tweak[13])<<40 | uint64(tweak[14])<<48 | uint64(tweak[15])<<56
  36. c.tweak[2] = c.tweak[0] ^ c.tweak[1]
  38. for i := range c.keys[:8] {
  39. j := i * 8
  40. c.keys[i] = uint64(key[j]) | uint64(key[j+1])<<8 | uint64(key[j+2])<<16 | uint64(key[j+3])<<24 |
  41. uint64(key[j+4])<<32 | uint64(key[j+5])<<40 | uint64(key[j+6])<<48 | uint64(key[j+7])<<56
  42. }
  43. c.keys[8] = C240 ^ c.keys[0] ^ c.keys[1] ^ c.keys[2] ^ c.keys[3] ^ c.keys[4] ^ c.keys[5] ^ c.keys[6] ^ c.keys[7]
  45. return c
  46. }
  48. // Encrypt512 encrypts the 8 words of block using the expanded 512 bit key and
  49. // the 128 bit tweak. The keys[8] must be keys[0] xor keys[1] xor ... keys[8] xor C240.
  50. // The tweak[2] must be tweak[0] xor tweak[1].
  51. func Encrypt512(block *[8]uint64, keys *[9]uint64, tweak *[3]uint64) {
  52. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  53. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  55. for r := 0; r < 17; r++ {
  56. b0 += keys[r%9]
  57. b1 += keys[(r+1)%9]
  58. b2 += keys[(r+2)%9]
  59. b3 += keys[(r+3)%9]
  60. b4 += keys[(r+4)%9]
  61. b5 += keys[(r+5)%9] + tweak[r%3]
  62. b6 += keys[(r+6)%9] + tweak[(r+1)%3]
  63. b7 += keys[(r+7)%9] + uint64(r)
  65. b0 += b1
  66. b1 = (b1<<46 | b1>>(64-46)) ^ b0
  67. b2 += b3
  68. b3 = (b3<<36 | b3>>(64-36)) ^ b2
  69. b4 += b5
  70. b5 = (b5<<19 | b5>>(64-19)) ^ b4
  71. b6 += b7
  72. b7 = (b7<<37 | b7>>(64-37)) ^ b6
  74. b2 += b1
  75. b1 = (b1<<33 | b1>>(64-33)) ^ b2
  76. b4 += b7
  77. b7 = (b7<<27 | b7>>(64-27)) ^ b4
  78. b6 += b5
  79. b5 = (b5<<14 | b5>>(64-14)) ^ b6
  80. b0 += b3
  81. b3 = (b3<<42 | b3>>(64-42)) ^ b0
  83. b4 += b1
  84. b1 = (b1<<17 | b1>>(64-17)) ^ b4
  85. b6 += b3
  86. b3 = (b3<<49 | b3>>(64-49)) ^ b6
  87. b0 += b5
  88. b5 = (b5<<36 | b5>>(64-36)) ^ b0
  89. b2 += b7
  90. b7 = (b7<<39 | b7>>(64-39)) ^ b2
  92. b6 += b1
  93. b1 = (b1<<44 | b1>>(64-44)) ^ b6
  94. b0 += b7
  95. b7 = (b7<<9 | b7>>(64-9)) ^ b0
  96. b2 += b5
  97. b5 = (b5<<54 | b5>>(64-54)) ^ b2
  98. b4 += b3
  99. b3 = (b3<<56 | b3>>(64-56)) ^ b4
  101. r++
  103. b0 += keys[r%9]
  104. b1 += keys[(r+1)%9]
  105. b2 += keys[(r+2)%9]
  106. b3 += keys[(r+3)%9]
  107. b4 += keys[(r+4)%9]
  108. b5 += keys[(r+5)%9] + tweak[r%3]
  109. b6 += keys[(r+6)%9] + tweak[(r+1)%3]
  110. b7 += keys[(r+7)%9] + uint64(r)
  112. b0 += b1
  113. b1 = (b1<<39 | b1>>(64-39)) ^ b0
  114. b2 += b3
  115. b3 = (b3<<30 | b3>>(64-30)) ^ b2
  116. b4 += b5
  117. b5 = (b5<<34 | b5>>(64-34)) ^ b4
  118. b6 += b7
  119. b7 = (b7<<24 | b7>>(64-24)) ^ b6
  121. b2 += b1
  122. b1 = (b1<<13 | b1>>(64-13)) ^ b2
  123. b4 += b7
  124. b7 = (b7<<50 | b7>>(64-50)) ^ b4
  125. b6 += b5
  126. b5 = (b5<<10 | b5>>(64-10)) ^ b6
  127. b0 += b3
  128. b3 = (b3<<17 | b3>>(64-17)) ^ b0
  130. b4 += b1
  131. b1 = (b1<<25 | b1>>(64-25)) ^ b4
  132. b6 += b3
  133. b3 = (b3<<29 | b3>>(64-29)) ^ b6
  134. b0 += b5
  135. b5 = (b5<<39 | b5>>(64-39)) ^ b0
  136. b2 += b7
  137. b7 = (b7<<43 | b7>>(64-43)) ^ b2
  139. b6 += b1
  140. b1 = (b1<<8 | b1>>(64-8)) ^ b6
  141. b0 += b7
  142. b7 = (b7<<35 | b7>>(64-35)) ^ b0
  143. b2 += b5
  144. b5 = (b5<<56 | b5>>(64-56)) ^ b2
  145. b4 += b3
  146. b3 = (b3<<22 | b3>>(64-22)) ^ b4
  147. }
  149. b0 += keys[0]
  150. b1 += keys[1]
  151. b2 += keys[2]
  152. b3 += keys[3]
  153. b4 += keys[4]
  154. b5 += keys[5] + tweak[0]
  155. b6 += keys[6] + tweak[1]
  156. b7 += keys[7] + 18
  158. block[0], block[1], block[2], block[3] = b0, b1, b2, b3
  159. block[4], block[5], block[6], block[7] = b4, b5, b6, b7
  160. }
  162. // Decrypt512 decrypts the 8 words of block using the expanded 512 bit key and
  163. // the 128 bit tweak. The keys[8] must be keys[0] xor keys[1] xor ... keys[8] xor C240.
  164. // The tweak[2] must be tweak[0] xor tweak[1].
  165. func Decrypt512(block *[8]uint64, keys *[9]uint64, tweak *[3]uint64) {
  166. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  167. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  169. var tmp uint64
  170. for r := 18; r > 1; r-- {
  171. b0 -= keys[r%9]
  172. b1 -= keys[(r+1)%9]
  173. b2 -= keys[(r+2)%9]
  174. b3 -= keys[(r+3)%9]
  175. b4 -= keys[(r+4)%9]
  176. b5 -= keys[(r+5)%9] + tweak[r%3]
  177. b6 -= keys[(r+6)%9] + tweak[(r+1)%3]
  178. b7 -= keys[(r+7)%9] + uint64(r)
  180. tmp = b3 ^ b4
  181. b3 = tmp>>22 | tmp<<(64-22)
  182. b4 -= b3
  183. tmp = b5 ^ b2
  184. b5 = tmp>>56 | tmp<<(64-56)
  185. b2 -= b5
  186. tmp = b7 ^ b0
  187. b7 = tmp>>35 | tmp<<(64-35)
  188. b0 -= b7
  189. tmp = b1 ^ b6
  190. b1 = tmp>>8 | tmp<<(64-8)
  191. b6 -= b1
  193. tmp = b7 ^ b2
  194. b7 = tmp>>43 | tmp<<(64-43)
  195. b2 -= b7
  196. tmp = b5 ^ b0
  197. b5 = tmp>>39 | tmp<<(64-39)
  198. b0 -= b5
  199. tmp = b3 ^ b6
  200. b3 = tmp>>29 | tmp<<(64-29)
  201. b6 -= b3
  202. tmp = b1 ^ b4
  203. b1 = tmp>>25 | tmp<<(64-25)
  204. b4 -= b1
  206. tmp = b3 ^ b0
  207. b3 = tmp>>17 | tmp<<(64-17)
  208. b0 -= b3
  209. tmp = b5 ^ b6
  210. b5 = tmp>>10 | tmp<<(64-10)
  211. b6 -= b5
  212. tmp = b7 ^ b4
  213. b7 = tmp>>50 | tmp<<(64-50)
  214. b4 -= b7
  215. tmp = b1 ^ b2
  216. b1 = tmp>>13 | tmp<<(64-13)
  217. b2 -= b1
  219. tmp = b7 ^ b6
  220. b7 = tmp>>24 | tmp<<(64-24)
  221. b6 -= b7
  222. tmp = b5 ^ b4
  223. b5 = tmp>>34 | tmp<<(64-34)
  224. b4 -= b5
  225. tmp = b3 ^ b2
  226. b3 = tmp>>30 | tmp<<(64-30)
  227. b2 -= b3
  228. tmp = b1 ^ b0
  229. b1 = tmp>>39 | tmp<<(64-39)
  230. b0 -= b1
  232. r--
  234. b0 -= keys[r%9]
  235. b1 -= keys[(r+1)%9]
  236. b2 -= keys[(r+2)%9]
  237. b3 -= keys[(r+3)%9]
  238. b4 -= keys[(r+4)%9]
  239. b5 -= keys[(r+5)%9] + tweak[r%3]
  240. b6 -= keys[(r+6)%9] + tweak[(r+1)%3]
  241. b7 -= keys[(r+7)%9] + uint64(r)
  243. tmp = b3 ^ b4
  244. b3 = tmp>>56 | tmp<<(64-56)
  245. b4 -= b3
  246. tmp = b5 ^ b2
  247. b5 = tmp>>54 | tmp<<(64-54)
  248. b2 -= b5
  249. tmp = b7 ^ b0
  250. b7 = tmp>>9 | tmp<<(64-9)
  251. b0 -= b7
  252. tmp = b1 ^ b6
  253. b1 = tmp>>44 | tmp<<(64-44)
  254. b6 -= b1
  256. tmp = b7 ^ b2
  257. b7 = tmp>>39 | tmp<<(64-39)
  258. b2 -= b7
  259. tmp = b5 ^ b0
  260. b5 = tmp>>36 | tmp<<(64-36)
  261. b0 -= b5
  262. tmp = b3 ^ b6
  263. b3 = tmp>>49 | tmp<<(64-49)
  264. b6 -= b3
  265. tmp = b1 ^ b4
  266. b1 = tmp>>17 | tmp<<(64-17)
  267. b4 -= b1
  269. tmp = b3 ^ b0
  270. b3 = tmp>>42 | tmp<<(64-42)
  271. b0 -= b3
  272. tmp = b5 ^ b6
  273. b5 = tmp>>14 | tmp<<(64-14)
  274. b6 -= b5
  275. tmp = b7 ^ b4
  276. b7 = tmp>>27 | tmp<<(64-27)
  277. b4 -= b7
  278. tmp = b1 ^ b2
  279. b1 = tmp>>33 | tmp<<(64-33)
  280. b2 -= b1
  282. tmp = b7 ^ b6
  283. b7 = tmp>>37 | tmp<<(64-37)
  284. b6 -= b7
  285. tmp = b5 ^ b4
  286. b5 = tmp>>19 | tmp<<(64-19)
  287. b4 -= b5
  288. tmp = b3 ^ b2
  289. b3 = tmp>>36 | tmp<<(64-36)
  290. b2 -= b3
  291. tmp = b1 ^ b0
  292. b1 = tmp>>46 | tmp<<(64-46)
  293. b0 -= b1
  294. }
  296. b0 -= keys[0]
  297. b1 -= keys[1]
  298. b2 -= keys[2]
  299. b3 -= keys[3]
  300. b4 -= keys[4]
  301. b5 -= keys[5] + tweak[0]
  302. b6 -= keys[6] + tweak[1]
  303. b7 -= keys[7]
  305. block[0], block[1], block[2], block[3] = b0, b1, b2, b3
  306. block[4], block[5], block[6], block[7] = b4, b5, b6, b7
  307. }
  309. // UBI512 does a Threefish512 encryption of the given block using
  310. // the chain values hVal and the tweak.
  311. // The chain values are updated through hVal[i] = block[i] ^ Enc(block)[i]
  312. func UBI512(block *[8]uint64, hVal *[9]uint64, tweak *[3]uint64) {
  313. b0, b1, b2, b3 := block[0], block[1], block[2], block[3]
  314. b4, b5, b6, b7 := block[4], block[5], block[6], block[7]
  316. hVal[8] = C240 ^ hVal[0] ^ hVal[1] ^ hVal[2] ^ hVal[3] ^ hVal[4] ^ hVal[5] ^ hVal[6] ^ hVal[7]
  317. tweak[2] = tweak[0] ^ tweak[1]
  319. Encrypt512(block, hVal, tweak)
  321. hVal[0] = block[0] ^ b0
  322. hVal[1] = block[1] ^ b1
  323. hVal[2] = block[2] ^ b2
  324. hVal[3] = block[3] ^ b3
  325. hVal[4] = block[4] ^ b4
  326. hVal[5] = block[5] ^ b5
  327. hVal[6] = block[6] ^ b6
  328. hVal[7] = block[7] ^ b7
  329. }