4 static inline void ocb_block(TF_UNIT_TYPE *x, int tag)
6 TF_UNIT_TYPE c = (x[0] >> (TF_UNIT_BITS-1));
10 for (i = 0; i < TF_NR_BLOCK_UNITS-1; i++)
11 x[i] = ((x[i] << 1) | (x[i+1] >> (TF_UNIT_BITS-1)));
12 x[TF_NR_BLOCK_UNITS-1] = ((x[i-1] << 1) ^ (c*IRR_POLY_CONST));
15 _tag: for (i = 0; i < TF_NR_BLOCK_UNITS-1; i++)
16 x[i] ^= ((x[i] << 1) | (x[i+1] >> (TF_UNIT_BITS-1)));
17 x[TF_NR_BLOCK_UNITS-1] ^= ((x[i-1] << 1) ^ (c*IRR_POLY_CONST));
20 static void ocb_encrypt(const void *key, void *ctr, void *out, void *tag, const void *in, size_t sz)
22 const TF_BYTE_TYPE *uin = in;
23 TF_BYTE_TYPE *uout = out, *s, *d;
24 TF_UNIT_TYPE x[TF_NR_BLOCK_UNITS], y[TF_NR_BLOCK_UNITS];
25 TF_UNIT_TYPE tctr[TF_NR_BLOCK_UNITS], c[TF_NR_BLOCK_UNITS];
26 TF_UNIT_TYPE *uctr = ctr, *utag = tag;
27 const TF_UNIT_TYPE *ukey = key;
30 tf_encrypt_rawblk(tctr, uctr, ukey);
32 memcpy(c, tag, TF_BLOCK_SIZE);
33 data_to_words(c, TF_BLOCK_SIZE);
36 if (sl >= TF_BLOCK_SIZE) {
38 memcpy(x, uin, TF_BLOCK_SIZE);
40 data_to_words(x, TF_BLOCK_SIZE);
42 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
44 if (tag) for (i = 0; i < TF_NR_BLOCK_UNITS; i++) c[i] ^= x[i];
45 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
46 tf_encrypt_rawblk(y, x, ukey);
47 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= tctr[i];
49 data_to_words(y, TF_BLOCK_SIZE);
50 memcpy(uout, y, TF_BLOCK_SIZE);
51 uout += TF_BLOCK_SIZE;
52 } while ((sl -= TF_BLOCK_SIZE) >= TF_BLOCK_SIZE);
56 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
58 memset(x, 0, TF_BLOCK_SIZE);
59 x[TF_NR_BLOCK_UNITS-1] = (TF_TO_BITS(sl));
60 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
61 tf_encrypt_rawblk(y, x, ukey);
65 s = (TF_BYTE_TYPE *)x; d = (TF_BYTE_TYPE *)y;
66 memcpy(s+sl, d+sl, TF_BLOCK_SIZE-sl);
67 if (tag) for (i = 0; i < TF_NR_BLOCK_UNITS; i++) c[i] ^= x[i];
68 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= y[i];
77 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] = tctr[i] ^ c[i];
78 tf_encrypt_rawblk(y, x, ukey);
79 data_to_words(y, TF_BLOCK_SIZE);
80 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) utag[i] ^= y[i];
82 _done: memset(tctr, 0, TF_BLOCK_SIZE);
83 memset(c, 0, TF_BLOCK_SIZE);
84 memset(x, 0, TF_BLOCK_SIZE);
85 memset(y, 0, TF_BLOCK_SIZE);
88 void tf_ocb_encrypt(const void *key, void *ctr, void *out, void *tag, const void *in, size_t sz, size_t bpi)
90 const TF_BYTE_TYPE *uin = in;
91 TF_BYTE_TYPE *uout = out;
92 size_t sl = sz, sx = TF_BLOCKS_TO_BYTES(bpi);
96 ocb_encrypt(key, ctr, uout, tag, uin, sx);
99 } while ((sl -= sx) >= sx);
102 if (sl) ocb_encrypt(key, ctr, uout, tag, uin, sl);
105 static void ocb_decrypt(const void *key, void *ctr, void *out, void *tag, const void *in, size_t sz)
107 const TF_BYTE_TYPE *uin = in;
108 TF_BYTE_TYPE *uout = out;
109 TF_UNIT_TYPE x[TF_NR_BLOCK_UNITS], y[TF_NR_BLOCK_UNITS];
110 TF_UNIT_TYPE tctr[TF_NR_BLOCK_UNITS], c[TF_NR_BLOCK_UNITS];
111 TF_UNIT_TYPE *uctr = ctr, *utag = tag;
112 const TF_UNIT_TYPE *ukey = key;
115 tf_encrypt_rawblk(tctr, uctr, ukey);
117 memcpy(c, tag, TF_BLOCK_SIZE);
118 data_to_words(c, TF_BLOCK_SIZE);
121 if (sl >= TF_BLOCK_SIZE) {
123 memcpy(x, uin, TF_BLOCK_SIZE);
124 uin += TF_BLOCK_SIZE;
125 data_to_words(x, TF_BLOCK_SIZE);
127 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
129 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
130 tf_decrypt_rawblk(y, x, ukey);
131 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= tctr[i];
132 if (tag) for (i = 0; i < TF_NR_BLOCK_UNITS; i++) c[i] ^= y[i];
134 data_to_words(y, TF_BLOCK_SIZE);
135 memcpy(uout, y, TF_BLOCK_SIZE);
136 uout += TF_BLOCK_SIZE;
137 } while ((sl -= TF_BLOCK_SIZE) >= TF_BLOCK_SIZE);
141 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
143 memset(x, 0, TF_BLOCK_SIZE);
144 x[TF_NR_BLOCK_UNITS-1] = (TF_TO_BITS(sl));
145 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
146 tf_encrypt_rawblk(y, x, ukey);
148 memset(x, 0, TF_BLOCK_SIZE);
150 data_to_words(x, sl);
151 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= y[i];
152 if (tag) for (i = 0; i < TF_NR_BLOCK_UNITS; i++) c[i] ^= x[i];
154 data_to_words(x, sl);
158 if (!tag) goto _done;
161 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] = tctr[i] ^ c[i];
162 tf_encrypt_rawblk(y, x, ukey);
163 data_to_words(y, TF_BLOCK_SIZE);
164 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) utag[i] ^= y[i];
166 _done: memset(tctr, 0, TF_BLOCK_SIZE);
167 memset(c, 0, TF_BLOCK_SIZE);
168 memset(x, 0, TF_BLOCK_SIZE);
169 memset(y, 0, TF_BLOCK_SIZE);
172 void tf_ocb_decrypt(const void *key, void *ctr, void *out, void *tag, const void *in, size_t sz, size_t bpi)
174 const TF_BYTE_TYPE *uin = in;
175 TF_BYTE_TYPE *uout = out;
176 size_t sl = sz, sx = TF_BLOCKS_TO_BYTES(bpi);
180 ocb_decrypt(key, ctr, uout, tag, uin, sx);
183 } while ((sl -= sx) >= sx);
186 if (sl) ocb_decrypt(key, ctr, uout, tag, uin, sl);