4 static inline void xts_mult_x(TF_UNIT_TYPE *x)
8 for (i = t = 0; i < TF_NR_BLOCK_UNITS; i++) {
9 tt = x[i] >> (TF_UNIT_BITS-1);
10 x[i] = ((x[i] << 1) | t) & ((TF_UNIT_TYPE)~0);
13 if (tt) x[0] ^= IRR_POLY_CONST;
16 static void xts_encrypt(const void *keyx, const void *keyz, void *ctr, void *out, const void *in, size_t sz)
18 const TF_BYTE_TYPE *uin = in;
19 TF_BYTE_TYPE *uout = out;
20 TF_UNIT_TYPE x[TF_NR_BLOCK_UNITS], y[TF_NR_BLOCK_UNITS];
21 TF_UNIT_TYPE tctr[TF_NR_BLOCK_UNITS];
22 TF_UNIT_TYPE *uctr = ctr;
23 const TF_UNIT_TYPE *ukeyx = keyx, *ukeyz = keyz;
26 tf_encrypt_rawblk(tctr, uctr, ukeyz);
28 if (sl >= (TF_BLOCK_SIZE * 2)) {
30 _last: memcpy(x, uin, TF_BLOCK_SIZE);
32 data_to_words(x, TF_BLOCK_SIZE);
34 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
35 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] = x[i] ^ tctr[i];
36 tf_encrypt_rawblk(x, y, ukeyx);
37 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
41 data_to_words(x, TF_BLOCK_SIZE);
42 memcpy(uout, x, TF_BLOCK_SIZE);
43 uout += TF_BLOCK_SIZE;
44 } while ((sl -= TF_BLOCK_SIZE) >= (TF_BLOCK_SIZE * 2));
48 if (sl-TF_BLOCK_SIZE == 0) goto _last;
49 if (sl < TF_BLOCK_SIZE) {
50 memset(x, 0, TF_BLOCK_SIZE);
52 data_to_words(x, TF_BLOCK_SIZE);
54 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
55 tf_encrypt_rawblk(y, uctr, ukeyx);
56 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= x[i];
58 data_to_words(y, TF_BLOCK_SIZE);
64 memcpy(x, uin, TF_BLOCK_SIZE);
66 data_to_words(x, TF_BLOCK_SIZE);
68 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
69 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] = x[i] ^ tctr[i];
70 tf_encrypt_rawblk(x, y, ukeyx);
71 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
73 memcpy(y, x, TF_BLOCK_SIZE);
78 tf_encrypt_rawblk(tctr, uctr, ukeyz);
83 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
84 tf_encrypt_rawblk(x, x, ukeyx);
85 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
87 data_to_words(x, TF_BLOCK_SIZE);
88 memcpy(uout, x, TF_BLOCK_SIZE);
89 uout += TF_BLOCK_SIZE;
91 data_to_words(y, TF_BLOCK_SIZE);
95 _done: memset(tctr, 0, TF_BLOCK_SIZE);
96 memset(x, 0, TF_BLOCK_SIZE);
97 memset(y, 0, TF_BLOCK_SIZE);
100 void tf_xts_encrypt(const void *keyx, const void *keyz, void *ctr, void *out, const void *in, size_t sz, size_t bpi)
102 const TF_BYTE_TYPE *uin = in;
103 TF_BYTE_TYPE *uout = out;
104 size_t sl = sz, sx = TF_BLOCKS_TO_BYTES(bpi);
108 xts_encrypt(keyx, keyz, ctr, uout, uin, sx);
111 } while ((sl -= sx) >= sx);
114 if (sl) xts_encrypt(keyx, keyz, ctr, uout, uin, sl);
117 static void xts_decrypt(const void *keyx, const void *keyz, void *ctr, void *out, const void *in, size_t sz)
119 const TF_BYTE_TYPE *uin = in;
120 TF_BYTE_TYPE *uout = out, *s, *d;
121 TF_UNIT_TYPE x[TF_NR_BLOCK_UNITS], y[TF_NR_BLOCK_UNITS];
122 TF_UNIT_TYPE tctr[TF_NR_BLOCK_UNITS], zctr[TF_NR_BLOCK_UNITS];
123 TF_UNIT_TYPE *uctr = ctr;
124 const TF_UNIT_TYPE *ukeyx = keyx, *ukeyz = keyz;
127 tf_encrypt_rawblk(tctr, uctr, ukeyz);
129 if (sl >= (TF_BLOCK_SIZE * 2)) {
131 _last: memcpy(x, uin, TF_BLOCK_SIZE);
132 uin += TF_BLOCK_SIZE;
133 data_to_words(x, TF_BLOCK_SIZE);
135 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
136 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] = x[i] ^ tctr[i];
137 tf_decrypt_rawblk(x, y, ukeyx);
138 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
142 data_to_words(x, TF_BLOCK_SIZE);
143 memcpy(uout, x, TF_BLOCK_SIZE);
144 uout += TF_BLOCK_SIZE;
145 } while ((sl -= TF_BLOCK_SIZE) >= (TF_BLOCK_SIZE * 2));
149 if (sl-TF_BLOCK_SIZE == 0) goto _last;
150 if (sl < TF_BLOCK_SIZE) {
151 memset(x, 0, TF_BLOCK_SIZE);
153 data_to_words(x, TF_BLOCK_SIZE);
155 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
156 tf_encrypt_rawblk(y, uctr, ukeyx);
157 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= x[i];
159 data_to_words(y, TF_BLOCK_SIZE);
165 memcpy(x, uin, TF_BLOCK_SIZE);
166 uin += TF_BLOCK_SIZE;
167 data_to_words(x, TF_BLOCK_SIZE);
169 ctr_inc(uctr, TF_NR_BLOCK_UNITS);
170 memcpy(zctr, tctr, TF_BLOCK_SIZE);
173 tf_encrypt_rawblk(tctr, uctr, ukeyz);
175 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
176 tf_decrypt_rawblk(x, x, ukeyx);
177 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) x[i] ^= tctr[i];
181 data_to_words(y, sl);
183 s = (TF_BYTE_TYPE *)y;
184 d = (TF_BYTE_TYPE *)x;
185 memcpy(s+sl, d+sl, TF_BLOCK_SIZE-sl);
186 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= zctr[i];
187 tf_decrypt_rawblk(y, y, ukeyx);
188 for (i = 0; i < TF_NR_BLOCK_UNITS; i++) y[i] ^= zctr[i];
190 data_to_words(y, TF_BLOCK_SIZE);
191 memcpy(uout, y, TF_BLOCK_SIZE);
192 uout += TF_BLOCK_SIZE;
194 data_to_words(x, TF_BLOCK_SIZE);
198 _done: memset(tctr, 0, TF_BLOCK_SIZE);
199 memset(zctr, 0, TF_BLOCK_SIZE);
200 memset(x, 0, TF_BLOCK_SIZE);
201 memset(y, 0, TF_BLOCK_SIZE);
204 void tf_xts_decrypt(const void *keyx, const void *keyz, void *ctr, void *out, const void *in, size_t sz, size_t bpi)
206 const TF_BYTE_TYPE *uin = in;
207 TF_BYTE_TYPE *uout = out;
208 size_t sl = sz, sx = TF_BLOCKS_TO_BYTES(bpi);
212 xts_decrypt(keyx, keyz, ctr, uout, uin, sx);
215 } while ((sl -= sx) >= sx);
218 if (sl) xts_decrypt(keyx, keyz, ctr, uout, uin, sl);