Showing 33 of 82 files from the diff.
Other files ignored by Codecov
.editorconfig has changed.
apps/bsum/bsum.c has changed.
.gitignore has changed.
win/bee2.def has changed.

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2015.11.02
8 -
\version 2019.07.08
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -128,58 +128,58 @@
Loading
128 128
void botpHOTPStart(void* state, size_t digit, const octet key[], 
129 129
	size_t key_len)
130 130
{
131 -
	botp_hotp_st* s = (botp_hotp_st*)state;
131 +
	botp_hotp_st* st = (botp_hotp_st*)state;
132 132
	ASSERT(6 <= digit && digit <= 8);
133 -
	ASSERT(memIsDisjoint2(key, key_len, s, botpHOTP_keep()));
134 -
	s->digit = digit;
135 -
	beltHMACStart(s->stack + beltHMAC_keep(), key, key_len);
133 +
	ASSERT(memIsDisjoint2(key, key_len, state, botpHOTP_keep()));
134 +
	st->digit = digit;
135 +
	beltHMACStart(st->stack + beltHMAC_keep(), key, key_len);
136 136
}
137 137
138 138
void botpHOTPStepS(void* state, const octet ctr[8])
139 139
{
140 -
	botp_hotp_st* s = (botp_hotp_st*)state;
141 -
	ASSERT(memIsDisjoint2(ctr, 8, s, botpHOTP_keep()) || ctr == s->ctr);
142 -
	memMove(s->ctr, ctr, 8);
140 +
	botp_hotp_st* st = (botp_hotp_st*)state;
141 +
	ASSERT(memIsDisjoint2(ctr, 8, state, botpHOTP_keep()) || ctr == st->ctr);
142 +
	memMove(st->ctr, ctr, 8);
143 143
}
144 144
145 145
void botpHOTPStepR(char* otp, void* state)
146 146
{
147 -
	botp_hotp_st* s = (botp_hotp_st*)state;
147 +
	botp_hotp_st* st = (botp_hotp_st*)state;
148 148
	// pre
149 -
	ASSERT(memIsDisjoint2(otp, s->digit + 1, state, botpHOTP_keep()) || 
150 -
		otp == s->otp);
149 +
	ASSERT(memIsDisjoint2(otp, st->digit + 1, state, botpHOTP_keep()) || 
150 +
		otp == st->otp);
151 151
	// вычислить имитовставку
152 -
	memCopy(s->stack, s->stack + beltHMAC_keep(), beltHMAC_keep());
153 -
	beltHMACStepA(s->ctr, 8, s->stack);
154 -
	beltHMACStepG(s->mac, s->stack);
152 +
	memCopy(st->stack, st->stack + beltHMAC_keep(), beltHMAC_keep());
153 +
	beltHMACStepA(st->ctr, 8, st->stack);
154 +
	beltHMACStepG(st->mac, st->stack);
155 155
	// построить пароль
156 -
	botpDT(otp, s->digit, s->mac, 32);
156 +
	botpDT(otp, st->digit, st->mac, 32);
157 157
	// инкремент счетчика
158 -
	botpCtrNext(s->ctr);
158 +
	botpCtrNext(st->ctr);
159 159
}
160 160
161 161
bool_t botpHOTPStepV(const char* otp, void* state)
162 162
{
163 -
	botp_hotp_st* s = (botp_hotp_st*)state;
163 +
	botp_hotp_st* st = (botp_hotp_st*)state;
164 164
	// pre
165 165
	ASSERT(strIsValid(otp));
166 166
	ASSERT(memIsDisjoint2(otp, strLen(otp) + 1, state, botpHOTP_keep()));
167 167
	// сохранить счетчик
168 -
	memCopy(s->ctr1, s->ctr, 8);
168 +
	memCopy(st->ctr1, st->ctr, 8);
169 169
	// проверить пароль
170 -
	botpHOTPStepR(s->otp, state);
171 -
	if (strEq(s->otp, otp))
170 +
	botpHOTPStepR(st->otp, state);
171 +
	if (strEq(st->otp, otp))
172 172
		return TRUE;
173 173
	// вернуться к первоначальному счетчику
174 -
	memCopy(s->ctr, s->ctr1, 8);
174 +
	memCopy(st->ctr, st->ctr1, 8);
175 175
	return FALSE;
176 176
}
177 177
178 178
void botpHOTPStepG(octet ctr[8], const void* state)
179 179
{
180 -
	const botp_hotp_st* s = (const botp_hotp_st*)state;
181 -
	ASSERT(memIsDisjoint2(ctr, 8, state, botpHOTP_keep()) || ctr == s->ctr);
182 -
	memMove(ctr, s->ctr, 8);
180 +
	const botp_hotp_st* st = (const botp_hotp_st*)state;
181 +
	ASSERT(memIsDisjoint2(ctr, 8, state, botpHOTP_keep()) || ctr == st->ctr);
182 +
	memMove(ctr, st->ctr, 8);
183 183
}
184 184
185 185
err_t botpHOTPRand(char* otp, size_t digit, const octet key[], size_t key_len, 
@@ -252,39 +252,39 @@
Loading
252 252
void botpTOTPStart(void* state, size_t digit, const octet key[], 
253 253
	size_t key_len)
254 254
{
255 -
	botp_totp_st* s = (botp_totp_st*)state;
255 +
	botp_totp_st* st = (botp_totp_st*)state;
256 256
	ASSERT(6 <= digit && digit <= 8);
257 -
	ASSERT(memIsDisjoint2(key, key_len, s, botpTOTP_keep()));
258 -
	s->digit = digit;
259 -
	beltHMACStart(s->stack + beltHMAC_keep(), key, key_len);
257 +
	ASSERT(memIsDisjoint2(key, key_len, state, botpTOTP_keep()));
258 +
	st->digit = digit;
259 +
	beltHMACStart(st->stack + beltHMAC_keep(), key, key_len);
260 260
}
261 261
262 262
void botpTOTPStepR(char* otp, tm_time_t t, void* state)
263 263
{
264 -
	botp_totp_st* s = (botp_totp_st*)state;
264 +
	botp_totp_st* st = (botp_totp_st*)state;
265 265
	// pre
266 266
	ASSERT(t != TIME_ERR);
267 -
	ASSERT(memIsDisjoint2(otp, s->digit + 1, state, botpHOTP_keep()) || 
268 -
		otp == s->otp);
267 +
	ASSERT(memIsDisjoint2(otp, st->digit + 1, state, botpHOTP_keep()) || 
268 +
		otp == st->otp);
269 269
	// вычислить имитовставку
270 -
	memCopy(s->stack, s->stack + beltHMAC_keep(), beltHMAC_keep());
271 -
	botpTimeToCtr(s->t, t);
272 -
	beltHMACStepA(s->t, 8, s->stack);
273 -
	beltHMACStepG(s->mac, s->stack);
270 +
	memCopy(st->stack, st->stack + beltHMAC_keep(), beltHMAC_keep());
271 +
	botpTimeToCtr(st->t, t);
272 +
	beltHMACStepA(st->t, 8, st->stack);
273 +
	beltHMACStepG(st->mac, st->stack);
274 274
	// построить пароль
275 -
	botpDT(otp, s->digit, s->mac, 32);
275 +
	botpDT(otp, st->digit, st->mac, 32);
276 276
}
277 277
278 278
bool_t botpTOTPStepV(const char* otp, tm_time_t t, void* state)
279 279
{
280 -
	botp_totp_st* s = (botp_totp_st*)state;
280 +
	botp_totp_st* st = (botp_totp_st*)state;
281 281
	// pre
282 282
	ASSERT(strIsValid(otp));
283 283
	ASSERT(t != TIME_ERR);
284 284
	ASSERT(memIsDisjoint2(otp, strLen(otp) + 1, state, botpTOTP_keep()));
285 285
	// вычислить и проверить пароль
286 -
	botpTOTPStepR(s->otp, t, state);
287 -
	return strEq(s->otp, otp);
286 +
	botpTOTPStepR(st->otp, t, state);
287 +
	return strEq(st->otp, otp);
288 288
}
289 289
290 290
err_t botpTOTPRand(char* otp, size_t digit, const octet key[], size_t key_len, 
@@ -375,14 +375,14 @@
Loading
375 375
bool_t botpOCRAStart(void* state, const char* suite, const octet key[], 
376 376
	size_t key_len)
377 377
{
378 -
	botp_ocra_st* s = (botp_ocra_st*)state;
378 +
	botp_ocra_st* st = (botp_ocra_st*)state;
379 379
	const char* suite_save = suite;
380 380
	// pre
381 381
	ASSERT(strIsValid(suite));
382 -
	ASSERT(memIsDisjoint2(suite, strLen(suite) + 1, s, botpOCRA_keep()));
383 -
	ASSERT(memIsDisjoint2(key, key_len, s, botpOCRA_keep()));
382 +
	ASSERT(memIsDisjoint2(suite, strLen(suite) + 1, state, botpOCRA_keep()));
383 +
	ASSERT(memIsDisjoint2(key, key_len, state, botpOCRA_keep()));
384 384
	// подготовить state
385 -
	memSetZero(s, botpOCRA_keep());
385 +
	memSetZero(st, botpOCRA_keep());
386 386
	// разбор suite: префикс
387 387
	if (!strStartsWith(suite, ocra_prefix))
388 388
		return FALSE;
@@ -395,7 +395,7 @@
Loading
395 395
	// разбор suite: digit
396 396
	if (*suite < '4' || *suite > '9')
397 397
		return FALSE;
398 -
	s->digit = (size_t)(*suite++ - '0');
398 +
	st->digit = (size_t)(*suite++ - '0');
399 399
	// разбор suite: DataInput
400 400
	if (*suite++ != ':')
401 401
		return FALSE;
@@ -405,7 +405,7 @@
Loading
405 405
		if (*++suite != '-')
406 406
			return FALSE;
407 407
		++suite;
408 -
		s->ctr_len = 8;
408 +
		st->ctr_len = 8;
409 409
	}
410 410
	// разбор suite: q
411 411
	if (*suite++ != 'Q')
@@ -415,16 +415,16 @@
Loading
415 415
	case 'A':
416 416
	case 'N':
417 417
	case 'H':
418 -
		s->q_type = *suite++;
418 +
		st->q_type = *suite++;
419 419
		break;
420 420
	default:
421 421
		return FALSE;
422 422
	}
423 423
	if (suite[0] < '0' || suite[0] > '9' || suite[1] < '0' || suite[1] > '9')
424 424
		return FALSE;
425 -
	s->q_max = (size_t)(suite[0] - '0');
426 -
	s->q_max *= 10, s->q_max += (size_t)(suite[1] - '0');
427 -
	if (s->q_max < 4 || s->q_max > 64)
425 +
	st->q_max = (size_t)(suite[0] - '0');
426 +
	st->q_max *= 10, st->q_max += (size_t)(suite[1] - '0');
427 +
	if (st->q_max < 4 || st->q_max > 64)
428 428
		return FALSE;
429 429
	suite += 2;
430 430
	// разбор suite: p
@@ -434,22 +434,22 @@
Loading
434 434
		if (strStartsWith(suite, ocra_hbelt))
435 435
		{
436 436
			suite += strLen(ocra_hbelt);
437 -
			s->p_len = 32;
437 +
			st->p_len = 32;
438 438
		}
439 439
		else if (strStartsWith(suite, ocra_sha1))
440 440
		{
441 441
			suite += strLen(ocra_sha1);
442 -
			s->p_len = 20;
442 +
			st->p_len = 20;
443 443
		}
444 444
		else if (strStartsWith(suite, ocra_sha256))
445 445
		{
446 446
			suite += strLen(ocra_sha256);
447 -
			s->p_len = 32;
447 +
			st->p_len = 32;
448 448
		}
449 449
		else if (strStartsWith(suite, ocra_sha512))
450 450
		{
451 451
			suite += strLen(ocra_sha512);
452 -
			s->p_len = 64;
452 +
			st->p_len = 64;
453 453
		}
454 454
		else
455 455
			return FALSE;
@@ -462,10 +462,10 @@
Loading
462 462
			suite[1] < '0' || suite[1] > '9' ||
463 463
			suite[2] < '0' || suite[2] > '9')
464 464
			return FALSE;
465 -
		s->s_len = (size_t)(suite[0] - '0');
466 -
		s->s_len *= 10, s->s_len += (size_t)(suite[1] - '0');
467 -
		s->s_len *= 10, s->s_len += (size_t)(suite[2] - '0');
468 -
		if (s->s_len > 512)
465 +
		st->s_len = (size_t)(suite[0] - '0');
466 +
		st->s_len *= 10, st->s_len += (size_t)(suite[1] - '0');
467 +
		st->s_len *= 10, st->s_len += (size_t)(suite[2] - '0');
468 +
		if (st->s_len > 512)
469 469
			return FALSE;
470 470
		suite += 3;
471 471
	}
@@ -475,24 +475,24 @@
Loading
475 475
		suite += 2;
476 476
		if (*suite < '1' || *suite > '9')
477 477
			return FALSE;
478 -
		s->ts = (size_t)(*suite++ - '0');
478 +
		st->ts = (size_t)(*suite++ - '0');
479 479
		if (*suite >= '0' && *suite <= '9')
480 -
			s->ts *= 10, s->ts += (size_t)(*suite++ - '0');
480 +
			st->ts *= 10, st->ts += (size_t)(*suite++ - '0');
481 481
		switch (*suite++)
482 482
		{
483 483
		case 'S':
484 -
			if (s->ts > 59)
484 +
			if (st->ts > 59)
485 485
				return FALSE;
486 486
			break;
487 487
		case 'M':
488 -
			if (s->ts > 59)
488 +
			if (st->ts > 59)
489 489
				return FALSE;
490 -
			s->ts *= 60;
490 +
			st->ts *= 60;
491 491
			break;
492 492
		case 'H':
493 -
			if (s->ts > 48)
493 +
			if (st->ts > 48)
494 494
				return FALSE;
495 -
			s->ts *= 3600;
495 +
			st->ts *= 3600;
496 496
			break;
497 497
		default:
498 498
			return FALSE;
@@ -502,87 +502,89 @@
Loading
502 502
	if (*suite)
503 503
		return FALSE;
504 504
	// запуск HMAC 
505 -
	beltHMACStart(s->stack + beltHMAC_keep(), key, key_len);
506 -
	beltHMACStepA(suite_save, strLen(suite_save) + 1, s->stack);
505 +
	beltHMACStart(st->stack + beltHMAC_keep(), key, key_len);
506 +
	beltHMACStepA(suite_save, strLen(suite_save) + 1,
507 +
		st->stack + beltHMAC_keep());
507 508
	return TRUE;
508 509
}
509 510
510 511
void botpOCRAStepS(void* state, const octet ctr[8], const octet p[], 
511 512
	const octet s[])
512 513
{
513 -
	botp_ocra_st* ss = (botp_ocra_st*)state;
514 +
	botp_ocra_st* st = (botp_ocra_st*)state;
514 515
	// pre
515 -
	ASSERT(memIsValid(ss, botpOCRA_keep()));
516 +
	ASSERT(memIsValid(state, botpOCRA_keep()));
516 517
	// загрузить сtr
517 -
	if (ss->ctr_len)
518 +
	if (st->ctr_len)
518 519
	{
519 -
		ASSERT(memIsDisjoint2(ctr, 8, ss, botpOCRA_keep()) || ctr == ss->ctr);
520 -
		memMove(ss->ctr, ctr, 8);
520 +
		ASSERT(memIsDisjoint2(ctr, 8, st, botpOCRA_keep()) || ctr == st->ctr);
521 +
		memMove(st->ctr, ctr, 8);
521 522
	}
522 523
	// загрузить p
523 -
	if (ss->p_len)
524 +
	if (st->p_len)
524 525
	{
525 -
		ASSERT(memIsDisjoint2(p, ss->p_len, ss, botpOCRA_keep()) || p == ss->p);
526 -
		memMove(ss->p, p, ss->p_len);
526 +
		ASSERT(memIsDisjoint2(p, st->p_len, st, botpOCRA_keep()) || p == st->p);
527 +
		memMove(st->p, p, st->p_len);
527 528
	}
528 529
	// загрузить s
529 -
	if (ss->s_len)
530 +
	if (st->s_len)
530 531
	{
531 -
		ASSERT(memIsDisjoint2(p, ss->s_len, s, botpOCRA_keep()) || s == ss->s);
532 -
		memMove(ss->s, s, ss->s_len);
532 +
		ASSERT(memIsDisjoint2(p, st->s_len, s, botpOCRA_keep()) || s == st->s);
533 +
		memMove(st->s, s, st->s_len);
533 534
	}
534 535
}
535 536
536 537
void botpOCRAStepR(char* otp, const octet q[], size_t q_len, tm_time_t t, 
537 538
	void* state)
538 539
{
539 -
	botp_ocra_st* s = (botp_ocra_st*)state;
540 +
	botp_ocra_st* st = (botp_ocra_st*)state;
540 541
	// pre
541 -
	ASSERT(memIsDisjoint2(otp, s->digit + 1, state, botpOCRA_keep()) || 
542 -
		otp == s->otp);
543 -
	ASSERT(4 <= q_len && q_len <= 2 * s->q_max);
544 -
	ASSERT(memIsValid(q, q_len));
542 +
	ASSERT(memIsDisjoint2(otp, st->digit + 1, state, botpOCRA_keep()) || 
543 +
		otp == st->otp);
544 +
	ASSERT(4 <= q_len && q_len <= 2 * st->q_max);
545 +
	ASSERT(memIsDisjoint2(q, q_len, state, botpOCRA_keep() || q == st->q));
545 546
	ASSERT(t != TIME_ERR);
546 547
	// вычислить имитовставку
547 -
	memCopy(s->stack, s->stack + beltHMAC_keep(), beltHMAC_keep());
548 -
	if (s->ctr_len)
549 -
		beltHMACStepA(s->ctr, 8, s->stack), botpCtrNext(s->ctr);
550 -
	memSetZero(s->q + q_len, 128 - q_len);
551 -
	beltHMACStepA(s->q, 128, s->stack);
552 -
	if (s->p_len)
553 -
		beltHMACStepA(s->p, s->p_len, s->stack);
554 -
	if (s->s_len)
555 -
		beltHMACStepA(s->s, s->s_len, s->stack);
556 -
	if (s->ts)
557 -
		botpTimeToCtr(s->t, t), beltHMACStepA(s->t, 8, s->stack);
558 -
	beltHMACStepG(s->mac, s->stack);
548 +
	memCopy(st->stack, st->stack + beltHMAC_keep(), beltHMAC_keep());
549 +
	if (st->ctr_len)
550 +
		beltHMACStepA(st->ctr, 8, st->stack), botpCtrNext(st->ctr);
551 +
	memMove(st->q, q, q_len);
552 +
	memSetZero(st->q + q_len, 128 - q_len);
553 +
	beltHMACStepA(st->q, 128, st->stack);
554 +
	if (st->p_len)
555 +
		beltHMACStepA(st->p, st->p_len, st->stack);
556 +
	if (st->s_len)
557 +
		beltHMACStepA(st->s, st->s_len, st->stack);
558 +
	if (st->ts)
559 +
		botpTimeToCtr(st->t, t), beltHMACStepA(st->t, 8, st->stack);
560 +
	beltHMACStepG(st->mac, st->stack);
559 561
	// построить пароль
560 -
	botpDT(otp, s->digit, s->mac, 32);
562 +
	botpDT(otp, st->digit, st->mac, 32);
561 563
}
562 564
563 565
bool_t botpOCRAStepV(const char* otp, const octet q[], size_t q_len, 
564 566
	tm_time_t t, void* state)
565 567
{
566 -
	botp_ocra_st* s = (botp_ocra_st*)state;
568 +
	botp_ocra_st* st = (botp_ocra_st*)state;
567 569
	// pre
568 570
	ASSERT(strIsValid(otp));
569 571
	ASSERT(memIsDisjoint2(otp, strLen(otp) + 1, state, botpOCRA_keep()));
570 572
	// сохранить счетчик
571 -
	memCopy(s->ctr1, s->ctr, 8);
573 +
	memCopy(st->ctr1, st->ctr, 8);
572 574
	// проверить пароль
573 -
	botpOCRAStepR(s->otp, q, q_len, t, state);
574 -
	if (strEq(s->otp, otp))
575 +
	botpOCRAStepR(st->otp, q, q_len, t, state);
576 +
	if (strEq(st->otp, otp))
575 577
		return TRUE;
576 578
	// вернуться к первоначальному счетчику
577 -
	memCopy(s->ctr, s->ctr1, 8);
579 +
	memCopy(st->ctr, st->ctr1, 8);
578 580
	return FALSE;
579 581
}
580 582
581 583
void botpOCRAStepG(octet ctr[8], const void* state)
582 584
{
583 -
	const botp_ocra_st* s = (const botp_ocra_st*)state;
584 -
	ASSERT(memIsDisjoint2(ctr, 8, state, botpOCRA_keep()) || ctr == s->ctr);
585 -
	memMove(ctr, s->ctr, 8);
585 +
	const botp_ocra_st* st = (const botp_ocra_st*)state;
586 +
	ASSERT(memIsDisjoint2(ctr, 8, state, botpOCRA_keep()) || ctr == st->ctr);
587 +
	memMove(ctr, st->ctr, 8);
586 588
}
587 589
588 590
err_t botpOCRARand(char* otp, const char* suite, const octet key[],	

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -45,194 +45,194 @@
Loading
45 45
46 46
void beltHMACStart(void* state, const octet key[], size_t len)
47 47
{
48 -
	belt_hmac_st* s = (belt_hmac_st*)state;
49 -
	ASSERT(memIsDisjoint2(key, len, s, beltHMAC_keep()));
48 +
	belt_hmac_st* st = (belt_hmac_st*)state;
49 +
	ASSERT(memIsDisjoint2(key, len, state, beltHMAC_keep()));
50 50
	// key <- key || 0
51 51
	if (len <= 32)
52 52
	{
53 -
		memCopy(s->block, key, len);
54 -
		memSetZero(s->block + len, 32 - len);
53 +
		memCopy(st->block, key, len);
54 +
		memSetZero(st->block + len, 32 - len);
55 55
#if (OCTET_ORDER == BIG_ENDIAN)
56 -
		beltBlockRevU32(s->block);
57 -
		beltBlockRevU32(s->block + 16);
56 +
		beltBlockRevU32(st->block);
57 +
		beltBlockRevU32(st->block + 16);
58 58
#endif
59 59
	}
60 60
	// key <- beltHash(key)
61 61
	else
62 62
	{
63 -
		beltBlockSetZero(s->ls_in);
64 -
		beltBlockAddBitSizeU32(s->ls_in, len);
65 -
		beltBlockSetZero(s->ls_in + 4);
66 -
		u32From(s->h_in, beltH(), 32);
63 +
		beltBlockSetZero(st->ls_in);
64 +
		beltBlockAddBitSizeU32(st->ls_in, len);
65 +
		beltBlockSetZero(st->ls_in + 4);
66 +
		u32From(st->h_in, beltH(), 32);
67 67
		while (len >= 32)
68 68
		{
69 -
			beltBlockCopy(s->block, key);
70 -
			beltBlockCopy(s->block + 16, key + 16);
69 +
			beltBlockCopy(st->block, key);
70 +
			beltBlockCopy(st->block + 16, key + 16);
71 71
#if (OCTET_ORDER == BIG_ENDIAN)
72 -
			beltBlockRevU32(s->block);
73 -
			beltBlockRevU32(s->block + 16);
72 +
			beltBlockRevU32(st->block);
73 +
			beltBlockRevU32(st->block + 16);
74 74
#endif
75 -
			beltCompr2(s->ls_in + 4, s->h_in, (u32*)s->block, s->stack);
75 +
			beltCompr2(st->ls_in + 4, st->h_in, (u32*)st->block, st->stack);
76 76
			key += 32;
77 77
			len -= 32;
78 78
		}
79 79
		if (len)
80 80
		{
81 -
			memCopy(s->block, key, len);
82 -
			memSetZero(s->block + len, 32 - len);
81 +
			memCopy(st->block, key, len);
82 +
			memSetZero(st->block + len, 32 - len);
83 83
#if (OCTET_ORDER == BIG_ENDIAN)
84 -
			beltBlockRevU32(s->block);
85 -
			beltBlockRevU32(s->block + 16);
84 +
			beltBlockRevU32(st->block);
85 +
			beltBlockRevU32(st->block + 16);
86 86
#endif
87 -
			beltCompr2(s->ls_in + 4, s->h_in, (u32*)s->block, s->stack);
87 +
			beltCompr2(st->ls_in + 4, st->h_in, (u32*)st->block, st->stack);
88 88
		}
89 -
		beltCompr(s->h_in, s->ls_in, s->stack);
90 -
		beltBlockCopy(s->block, s->h_in);
91 -
		beltBlockCopy(s->block + 16, s->h_in + 4);
89 +
		beltCompr(st->h_in, st->ls_in, st->stack);
90 +
		beltBlockCopy(st->block, st->h_in);
91 +
		beltBlockCopy(st->block + 16, st->h_in + 4);
92 92
	}
93 93
	// сформировать key ^ ipad
94 94
	for (len = 0; len < 32; ++len)
95 -
		s->block[len] ^= 0x36;
95 +
		st->block[len] ^= 0x36;
96 96
	// начать внутреннее хэширование
97 -
	beltBlockSetZero(s->ls_in);
98 -
	beltBlockAddBitSizeU32(s->ls_in, 32);
99 -
	beltBlockSetZero(s->ls_in + 4);
100 -
	u32From(s->h_in, beltH(), 32);
101 -
	beltCompr2(s->ls_in + 4, s->h_in, (u32*)s->block, s->stack);
102 -
	s->filled = 0;
97 +
	beltBlockSetZero(st->ls_in);
98 +
	beltBlockAddBitSizeU32(st->ls_in, 32);
99 +
	beltBlockSetZero(st->ls_in + 4);
100 +
	u32From(st->h_in, beltH(), 32);
101 +
	beltCompr2(st->ls_in + 4, st->h_in, (u32*)st->block, st->stack);
102 +
	st->filled = 0;
103 103
	// сформировать key ^ opad [0x36 ^ 0x5C == 0x6A]
104 104
	for (; len--; )
105 -
		s->block[len] ^= 0x6A;
105 +
		st->block[len] ^= 0x6A;
106 106
	// начать внешнее хэширование [будет хэшироваться ровно два блока]
107 -
	beltBlockSetZero(s->ls_out);
108 -
	beltBlockAddBitSizeU32(s->ls_out, 32 * 2);
109 -
	beltBlockSetZero(s->ls_out + 4);
110 -
	u32From(s->h_out, beltH(), 32);
111 -
	beltCompr2(s->ls_out + 4, s->h_out, (u32*)s->block, s->stack);
107 +
	beltBlockSetZero(st->ls_out);
108 +
	beltBlockAddBitSizeU32(st->ls_out, 32 * 2);
109 +
	beltBlockSetZero(st->ls_out + 4);
110 +
	u32From(st->h_out, beltH(), 32);
111 +
	beltCompr2(st->ls_out + 4, st->h_out, (u32*)st->block, st->stack);
112 112
}
113 113
114 114
void beltHMACStepA(const void* buf, size_t count, void* state)
115 115
{
116 -
	belt_hmac_st* s = (belt_hmac_st*)state;
117 -
	ASSERT(memIsDisjoint2(buf, count, s, beltHMAC_keep()));
116 +
	belt_hmac_st* st = (belt_hmac_st*)state;
117 +
	ASSERT(memIsDisjoint2(buf, count, state, beltHMAC_keep()));
118 118
	// обновить длину
119 -
	beltBlockAddBitSizeU32(s->ls_in, count);
119 +
	beltBlockAddBitSizeU32(st->ls_in, count);
120 120
	// есть накопленные данные?
121 -
	if (s->filled)
121 +
	if (st->filled)
122 122
	{
123 -
		if (count < 32 - s->filled)
123 +
		if (count < 32 - st->filled)
124 124
		{
125 -
			memCopy(s->block + s->filled, buf, count);
126 -
			s->filled += count;
125 +
			memCopy(st->block + st->filled, buf, count);
126 +
			st->filled += count;
127 127
			return;
128 128
		}
129 -
		memCopy(s->block + s->filled, buf, 32 - s->filled);
130 -
		count -= 32 - s->filled;
131 -
		buf = (const octet*)buf + 32 - s->filled;
129 +
		memCopy(st->block + st->filled, buf, 32 - st->filled);
130 +
		count -= 32 - st->filled;
131 +
		buf = (const octet*)buf + 32 - st->filled;
132 132
#if (OCTET_ORDER == BIG_ENDIAN)
133 -
		beltBlockRevU32(s->block);
134 -
		beltBlockRevU32(s->block + 16);
133 +
		beltBlockRevU32(st->block);
134 +
		beltBlockRevU32(st->block + 16);
135 135
#endif
136 -
		beltCompr2(s->ls_in + 4, s->h_in, (u32*)s->block, s->stack);
137 -
		s->filled = 0;
136 +
		beltCompr2(st->ls_in + 4, st->h_in, (u32*)st->block, st->stack);
137 +
		st->filled = 0;
138 138
	}
139 139
	// цикл по полным блокам
140 140
	while (count >= 32)
141 141
	{
142 -
		beltBlockCopy(s->block, buf);
143 -
		beltBlockCopy(s->block + 16, (const octet*)buf + 16);
142 +
		beltBlockCopy(st->block, buf);
143 +
		beltBlockCopy(st->block + 16, (const octet*)buf + 16);
144 144
#if (OCTET_ORDER == BIG_ENDIAN)
145 -
		beltBlockRevU32(s->block);
146 -
		beltBlockRevU32(s->block + 16);
145 +
		beltBlockRevU32(st->block);
146 +
		beltBlockRevU32(st->block + 16);
147 147
#endif
148 -
		beltCompr2(s->ls_in + 4, s->h_in, (u32*)s->block, s->stack);
148 +
		beltCompr2(st->ls_in + 4, st->h_in, (u32*)st->block, st->stack);
149 149
		buf = (const octet*)buf + 32;
150 150
		count -= 32;
151 151
	}
152 152
	// неполный блок?
153 153
	if (count)
154 -
		memCopy(s->block, buf, s->filled = count);
154 +
		memCopy(st->block, buf, st->filled = count);
155 155
}
156 156
157 157
static void beltHMACStepG_internal(void* state)
158 158
{
159 -
	belt_hmac_st* s = (belt_hmac_st*)state;
159 +
	belt_hmac_st* st = (belt_hmac_st*)state;
160 160
	// pre
161 -
	ASSERT(memIsValid(s, beltHash_keep()));
162 -
	// создать копии второй части s->ls_in и s->h_in
163 -
	beltBlockCopy(s->s1, s->ls_in + 4);
164 -
	beltBlockCopy(s->h1_in, s->h_in);
165 -
	beltBlockCopy(s->h1_in + 4, s->h_in + 4);
161 +
	ASSERT(memIsValid(state, beltHash_keep()));
162 +
	// создать копии второй части st->ls_in и st->h_in
163 +
	beltBlockCopy(st->s1, st->ls_in + 4);
164 +
	beltBlockCopy(st->h1_in, st->h_in);
165 +
	beltBlockCopy(st->h1_in + 4, st->h_in + 4);
166 166
	// есть необработанные данные?
167 -
	if (s->filled)
167 +
	if (st->filled)
168 168
	{
169 -
		memSetZero(s->block + s->filled, 32 - s->filled);
169 +
		memSetZero(st->block + st->filled, 32 - st->filled);
170 170
#if (OCTET_ORDER == BIG_ENDIAN)
171 -
		beltBlockRevU32(s->block);
172 -
		beltBlockRevU32(s->block + 16);
171 +
		beltBlockRevU32(st->block);
172 +
		beltBlockRevU32(st->block + 16);
173 173
#endif
174 -
		beltCompr2(s->ls_in + 4, s->h1_in, (u32*)s->block, s->stack);
174 +
		beltCompr2(st->ls_in + 4, st->h1_in, (u32*)st->block, st->stack);
175 175
#if (OCTET_ORDER == BIG_ENDIAN)
176 -
		beltBlockRevU32(s->block + 16);
177 -
		beltBlockRevU32(s->block);
176 +
		beltBlockRevU32(st->block + 16);
177 +
		beltBlockRevU32(st->block);
178 178
#endif
179 179
	}
180 180
	// последний блок внутреннего хэширования
181 -
	beltCompr(s->h1_in, s->ls_in, s->stack);
182 -
	// восстановить сохраненную часть s->ls_in
183 -
	beltBlockCopy(s->ls_in + 4, s->s1);
184 -
	// создать копии второй части s->ls_out и s->h_out
185 -
	beltBlockCopy(s->s1, s->ls_out + 4);
186 -
	beltBlockCopy(s->h1_out, s->h_out);
187 -
	beltBlockCopy(s->h1_out + 4, s->h_out + 4);
188 -
	// обработать блок s->h1_in
189 -
	beltCompr2(s->ls_out + 4, s->h1_out, s->h1_in, s->stack);
181 +
	beltCompr(st->h1_in, st->ls_in, st->stack);
182 +
	// восстановить сохраненную часть st->ls_in
183 +
	beltBlockCopy(st->ls_in + 4, st->s1);
184 +
	// создать копии второй части st->ls_out и st->h_out
185 +
	beltBlockCopy(st->s1, st->ls_out + 4);
186 +
	beltBlockCopy(st->h1_out, st->h_out);
187 +
	beltBlockCopy(st->h1_out + 4, st->h_out + 4);
188 +
	// обработать блок st->h1_in
189 +
	beltCompr2(st->ls_out + 4, st->h1_out, st->h1_in, st->stack);
190 190
	// последний блок внешнего хэширования
191 -
	beltCompr(s->h1_out, s->ls_out, s->stack);
192 -
	// восстановить сохраненную часть s->ls_out
193 -
	beltBlockCopy(s->ls_out + 4, s->s1);
191 +
	beltCompr(st->h1_out, st->ls_out, st->stack);
192 +
	// восстановить сохраненную часть st->ls_out
193 +
	beltBlockCopy(st->ls_out + 4, st->s1);
194 194
}
195 195
196 196
void beltHMACStepG(octet mac[32], void* state)
197 197
{
198 -
	belt_hmac_st* s = (belt_hmac_st*)state;
198 +
	belt_hmac_st* st = (belt_hmac_st*)state;
199 199
	ASSERT(memIsValid(mac, 32));
200 200
	beltHMACStepG_internal(state);
201 -
	u32To(mac, 32, s->h1_out);
201 +
	u32To(mac, 32, st->h1_out);
202 202
}
203 203
204 204
void beltHMACStepG2(octet mac[], size_t mac_len, void* state)
205 205
{
206 -
	belt_hmac_st* s = (belt_hmac_st*)state;
206 +
	belt_hmac_st* st = (belt_hmac_st*)state;
207 207
	ASSERT(mac_len <= 32);
208 208
	ASSERT(memIsValid(mac, mac_len));
209 209
	beltHMACStepG_internal(state);
210 -
	u32To(mac, mac_len, s->h1_out);
210 +
	u32To(mac, mac_len, st->h1_out);
211 211
}
212 212
213 213
bool_t beltHMACStepV(const octet mac[32], void* state)
214 214
{
215 -
	belt_hmac_st* s = (belt_hmac_st*)state;
215 +
	belt_hmac_st* st = (belt_hmac_st*)state;
216 216
	ASSERT(memIsValid(mac, 32));
217 217
	beltHMACStepG_internal(state);
218 218
#if (OCTET_ORDER == BIG_ENDIAN)
219 -
	beltBlockRevU32(s->h1_out);
220 -
	beltBlockRevU32(s->h1_out + 4);
219 +
	beltBlockRevU32(st->h1_out);
220 +
	beltBlockRevU32(st->h1_out + 4);
221 221
#endif
222 -
	return memEq(mac, s->h1_out, 32);
222 +
	return memEq(mac, st->h1_out, 32);
223 223
}
224 224
225 225
bool_t beltHMACStepV2(const octet mac[], size_t mac_len, void* state)
226 226
{
227 -
	belt_hmac_st* s = (belt_hmac_st*)state;
227 +
	belt_hmac_st* st = (belt_hmac_st*)state;
228 228
	ASSERT(mac_len <= 32);
229 229
	ASSERT(memIsValid(mac, mac_len));
230 230
	beltHMACStepG_internal(state);
231 231
#if (OCTET_ORDER == BIG_ENDIAN)
232 -
	beltBlockRevU32(s->h1_out);
233 -
	beltBlockRevU32(s->h1_out + 4);
232 +
	beltBlockRevU32(st->h1_out);
233 +
	beltBlockRevU32(st->h1_out + 4);
234 234
#endif
235 -
	return memEq(mac, s->h1_out, mac_len);
235 +
	return memEq(mac, st->h1_out, mac_len);
236 236
}
237 237
238 238
err_t beltHMAC(octet mac[32], const void* src, size_t count,

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file gfp.c
4 4
\brief Prime fields

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file obj.c
4 4
\brief Compound objects

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2017.09.28
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -34,20 +34,20 @@
Loading
34 34
35 35
void beltECBStart(void* state, const octet key[], size_t len)
36 36
{
37 -
	belt_ecb_st* s = (belt_ecb_st*)state;
38 -
	ASSERT(memIsValid(s, beltECB_keep()));
39 -
	beltKeyExpand2(s->key, key, len);
37 +
	belt_ecb_st* st = (belt_ecb_st*)state;
38 +
	ASSERT(memIsValid(state, beltECB_keep()));
39 +
	beltKeyExpand2(st->key, key, len);
40 40
}
41 41
42 42
void beltECBStepE(void* buf, size_t count, void* state)
43 43
{
44 -
	belt_ecb_st* s = (belt_ecb_st*)state;
44 +
	belt_ecb_st* st = (belt_ecb_st*)state;
45 45
	ASSERT(count >= 16);
46 -
	ASSERT(memIsDisjoint2(buf, count, s, beltECB_keep()));
46 +
	ASSERT(memIsDisjoint2(buf, count, state, beltECB_keep()));
47 47
	// цикл по полным блокам
48 48
	while(count >= 16)
49 49
	{
50 -
		beltBlockEncr(buf, s->key);
50 +
		beltBlockEncr(buf, st->key);
51 51
		buf = (octet*)buf + 16;
52 52
		count -= 16;
53 53
	}
@@ -55,19 +55,19 @@
Loading
55 55
	if (count)
56 56
	{
57 57
		memSwap((octet*)buf - 16, buf, count);
58 -
		beltBlockEncr((octet*)buf - 16, s->key);
58 +
		beltBlockEncr((octet*)buf - 16, st->key);
59 59
	}
60 60
}
61 61
62 62
void beltECBStepD(void* buf, size_t count, void* state)
63 63
{
64 -
	belt_ecb_st* s = (belt_ecb_st*)state;
64 +
	belt_ecb_st* st = (belt_ecb_st*)state;
65 65
	ASSERT(count >= 16);
66 -
	ASSERT(memIsDisjoint2(buf, count, s, beltECB_keep()));
66 +
	ASSERT(memIsDisjoint2(buf, count, state, beltECB_keep()));
67 67
	// цикл по полным блокам
68 68
	while(count >= 16)
69 69
	{
70 -
		beltBlockDecr(buf, s->key);
70 +
		beltBlockDecr(buf, st->key);
71 71
		buf = (octet*)buf + 16;
72 72
		count -= 16;
73 73
	}
@@ -75,7 +75,7 @@
Loading
75 75
	if (count)
76 76
	{
77 77
		memSwap((octet*)buf - 16, buf, count);
78 -
		beltBlockDecr((octet*)buf - 16, s->key);
78 +
		beltBlockDecr((octet*)buf - 16, st->key);
79 79
	}
80 80
}
81 81

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file qr.с
4 4
\brief Quotient rings

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file err.c
4 4
\brief Errors

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file mt.c
4 4
\brief Multithreading

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file tm.c
4 4
\brief Time and timers
@@ -80,19 +80,19 @@
Loading
80 80
81 81
tm_ticks_t tmTicks()
82 82
{
83 -
    register tm_ticks_t x;
84 -
    __asm__ volatile (".byte 0x0f, 0x31" : "=A" (x));
85 -
    return x;
83 +
	register tm_ticks_t x;
84 +
	__asm__ volatile (".byte 0x0f, 0x31" : "=A" (x));
85 +
	return x;
86 86
}
87 87
88 88
#else
89 89
90 90
tm_ticks_t tmTicks()
91 91
{
92 -
    register u32 hi;
93 -
    register u32 lo;
94 -
    __asm__ __volatile__ ("rdtsc" : "=a"(lo), "=d"(hi));
95 -
    return (tm_ticks_t)lo | (tm_ticks_t)hi << 32;
92 +
	register u32 hi;
93 +
	register u32 lo;
94 +
	__asm__ __volatile__ ("rdtsc" : "=a"(lo), "=d"(hi));
95 +
	return (tm_ticks_t)lo | (tm_ticks_t)hi << 32;
96 96
}
97 97
98 98
#endif
@@ -119,7 +119,7 @@
Loading
119 119
120 120
tm_ticks_t tmTicks()
121 121
{
122 -
    struct timespec ts;
122 +
	struct timespec ts;
123 123
	tm_ticks_t ticks;
124 124
	if (clock_gettime(CLOCK_MONOTONIC, &ts))
125 125
		return 0;
@@ -131,7 +131,7 @@
Loading
131 131
132 132
tm_ticks_t tmFreq()
133 133
{
134 -
    struct timespec ts;
134 +
	struct timespec ts;
135 135
	tm_ticks_t freq;
136 136
	if (clock_getres(CLOCK_MONOTONIC, &ts) || ts.tv_sec || !ts.tv_nsec)
137 137
		return 0;

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2018.06.28
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -19,24 +19,6 @@
Loading
19 19
#include "bee2/crypto/belt.h"
20 20
#include "belt_lcl.h"
21 21
22 -
/*
23 -
*******************************************************************************
24 -
Умножение на многочлен C(x) = x mod (x^128 + x^7 + x^2 + x + 1)
25 -
26 -
\remark t = (старший бит block ненулевой) ? x^7 + x^2 + x + 1 : 0 [регулярно].
27 -
*******************************************************************************
28 -
*/
29 -
30 -
void beltBlockMulC(u32 block[4])
31 -
{
32 -
	register u32 t = ~((block[3] >> 31) - U32_1) & 0x00000087;
33 -
	block[3] = (block[3] << 1) ^ (block[2] >> 31);
34 -
	block[2] = (block[2] << 1) ^ (block[1] >> 31);
35 -
	block[1] = (block[1] << 1) ^ (block[0] >> 31);
36 -
	block[0] = (block[0] << 1) ^ t;
37 -
	t = 0;
38 -
}
39 -
40 22
/*
41 23
*******************************************************************************
42 24
Шифрование в режиме BDE
@@ -57,26 +39,26 @@
Loading
57 39
void beltBDEStart(void* state, const octet key[], size_t len, 
58 40
	const octet iv[16])
59 41
{
60 -
	belt_bde_st* s = (belt_bde_st*)state;
42 +
	belt_bde_st* st = (belt_bde_st*)state;
61 43
	ASSERT(memIsDisjoint2(iv, 16, state, beltBDE_keep()));
62 -
	beltKeyExpand2(s->key, key, len);
63 -
	u32From(s->s, iv, 16);
64 -
	beltBlockEncr2(s->s, s->key);
44 +
	beltKeyExpand2(st->key, key, len);
45 +
	u32From(st->s, iv, 16);
46 +
	beltBlockEncr2(st->s, st->key);
65 47
}
66 48
67 49
void beltBDEStepE(void* buf, size_t count, void* state)
68 50
{
69 -
	belt_bde_st* s = (belt_bde_st*)state;
51 +
	belt_bde_st* st = (belt_bde_st*)state;
70 52
	ASSERT(count % 16 == 0);
71 53
	ASSERT(memIsDisjoint2(buf, count, state, beltBDE_keep()));
72 54
	// цикл по блокам
73 55
	while(count >= 16)
74 56
	{
75 -
		beltBlockMulC(s->s);
76 -
		u32To(s->block, 16, s->s);
77 -
		beltBlockXor2(buf, s->block);
78 -
		beltBlockEncr(buf, s->key);
79 -
		beltBlockXor2(buf, s->block);
57 +
		beltBlockMulC(st->s);
58 +
		u32To(st->block, 16, st->s);
59 +
		beltBlockXor2(buf, st->block);
60 +
		beltBlockEncr(buf, st->key);
61 +
		beltBlockXor2(buf, st->block);
80 62
		buf = (octet*)buf + 16;
81 63
		count -= 16;
82 64
	}
@@ -84,17 +66,17 @@
Loading
84 66
85 67
void beltBDEStepD(void* buf, size_t count, void* state)
86 68
{
87 -
	belt_bde_st* s = (belt_bde_st*)state;
69 +
	belt_bde_st* st = (belt_bde_st*)state;
88 70
	ASSERT(count % 16 == 0);
89 71
	ASSERT(memIsDisjoint2(buf, count, state, beltBDE_keep()));
90 72
	// цикл по блокам
91 73
	while(count >= 16)
92 74
	{
93 -
		beltBlockMulC(s->s);
94 -
		u32To(s->block, 16, s->s);
95 -
		beltBlockXor2(buf, s->block);
96 -
		beltBlockDecr(buf, s->key);
97 -
		beltBlockXor2(buf, s->block);
75 +
		beltBlockMulC(st->s);
76 +
		u32To(st->block, 16, st->s);
77 +
		beltBlockXor2(buf, st->block);
78 +
		beltBlockDecr(buf, st->key);
79 +
		beltBlockXor2(buf, st->block);
98 80
		buf = (octet*)buf + 16;
99 81
		count -= 16;
100 82
	}
@@ -148,4 +130,4 @@
Loading
148 130
	// завершить
149 131
	blobClose(state);
150 132
	return ERR_OK;
151 -
}

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2017.11.03
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -44,117 +44,117 @@
Loading
44 44
45 45
void beltWBLStart(void* state, const octet key[], size_t len)
46 46
{
47 -
	belt_wbl_st* s = (belt_wbl_st*)state;
47 +
	belt_wbl_st* st = (belt_wbl_st*)state;
48 48
	ASSERT(memIsValid(state, beltWBL_keep()));
49 -
	beltKeyExpand2(s->key, key, len);
50 -
	s->round = 0;
49 +
	beltKeyExpand2(st->key, key, len);
50 +
	st->round = 0;
51 51
}
52 52
53 53
void beltWBLStepEBase(void* buf, size_t count, void* state)
54 54
{
55 -
	belt_wbl_st* s = (belt_wbl_st*)state;
55 +
	belt_wbl_st* st = (belt_wbl_st*)state;
56 56
	word n = ((word)count + 15) / 16;
57 57
	ASSERT(count >= 32);
58 58
	ASSERT(memIsDisjoint2(buf, count, state, beltWBL_keep()));
59 -
	ASSERT(s->round % (2 * n) == 0);
59 +
	ASSERT(st->round % (2 * n) == 0);
60 60
	do
61 61
	{
62 62
		size_t i;
63 63
		// block <- r1 + ... + r_{n-1}
64 -
		beltBlockCopy(s->block, buf);
64 +
		beltBlockCopy(st->block, buf);
65 65
		for (i = 16; i + 16 < count; i += 16)
66 -
			beltBlockXor2(s->block, (octet*)buf + i);
66 +
			beltBlockXor2(st->block, (octet*)buf + i);
67 67
		// r <- ShLo^128(r)
68 68
		memMove(buf, (octet*)buf + 16, count - 16);
69 69
		// r* <- block
70 -
		beltBlockCopy((octet*)buf + count - 16, s->block);
70 +
		beltBlockCopy((octet*)buf + count - 16, st->block);
71 71
		// block <- beltBlockEncr(block) + <round>
72 -
		beltBlockEncr(s->block, s->key);
73 -
		s->round++;
72 +
		beltBlockEncr(st->block, st->key);
73 +
		st->round++;
74 74
#if (OCTET_ORDER == LITTLE_ENDIAN)
75 -
		memXor2(s->block, &s->round, O_PER_W);
75 +
		memXor2(st->block, &st->round, O_PER_W);
76 76
#else // BIG_ENDIAN
77 -
		s->round = wordRev(s->round);
78 -
		memXor2(s->block, &s->round, O_PER_W);
79 -
		s->round = wordRev(s->round);
77 +
		st->round = wordRev(st->round);
78 +
		memXor2(st->block, &st->round, O_PER_W);
79 +
		st->round = wordRev(st->round);
80 80
#endif // OCTET_ORDER
81 81
		// r*_до_сдвига <- r*_до_сдвига + block
82 -
		beltBlockXor2((octet*)buf + count - 32, s->block);
82 +
		beltBlockXor2((octet*)buf + count - 32, st->block);
83 83
	}
84 -
	while (s->round % (2 * n));
84 +
	while (st->round % (2 * n));
85 85
}
86 86
87 87
void beltWBLStepEOpt(void* buf, size_t count, void* state)
88 88
{
89 -
	belt_wbl_st* s = (belt_wbl_st*)state;
89 +
	belt_wbl_st* st = (belt_wbl_st*)state;
90 90
	word n = ((word)count + 15) / 16;
91 91
	size_t i;
92 92
	ASSERT(count >= 32 && count % 16 == 0);
93 93
	ASSERT(memIsDisjoint2(buf, count, state, beltWBL_keep()));
94 94
	// sum <- r1 + ... + r_{n-1}
95 -
	beltBlockCopy(s->sum, buf);
95 +
	beltBlockCopy(st->sum, buf);
96 96
	for (i = 16; i + 16 < count; i += 16)
97 -
		beltBlockXor2(s->sum, (octet*)buf + i);
97 +
		beltBlockXor2(st->sum, (octet*)buf + i);
98 98
	// 2 * n итераций 
99 -
	ASSERT(s->round % (2 * n) == 0);
99 +
	ASSERT(st->round % (2 * n) == 0);
100 100
	// sum будет записываться по смещению i: 
101 101
	// это блок r1 в начале такта и блок r* в конце)
102 102
	i = 0; 
103 103
	do
104 104
	{
105 105
		// block <- beltBlockEncr(sum) + <round>
106 -
		beltBlockCopy(s->block, s->sum);
107 -
		beltBlockEncr(s->block, s->key);
108 -
		s->round++;
106 +
		beltBlockCopy(st->block, st->sum);
107 +
		beltBlockEncr(st->block, st->key);
108 +
		st->round++;
109 109
#if (OCTET_ORDER == LITTLE_ENDIAN)
110 -
		memXor2(s->block, &s->round, O_PER_W);
110 +
		memXor2(st->block, &st->round, O_PER_W);
111 111
#else // BIG_ENDIAN
112 -
		s->round = wordRev(s->round);
113 -
		memXor2(s->block, &s->round, O_PER_W);
114 -
		s->round = wordRev(s->round);
112 +
		st->round = wordRev(st->round);
113 +
		memXor2(st->block, &st->round, O_PER_W);
114 +
		st->round = wordRev(st->round);
115 115
#endif // OCTET_ORDER
116 116
		// r* <- r* + block
117 -
		beltBlockXor2((octet*)buf + (i + count - 16) % count, s->block);
117 +
		beltBlockXor2((octet*)buf + (i + count - 16) % count, st->block);
118 118
		// запомнить sum
119 -
		beltBlockCopy(s->block, s->sum);
119 +
		beltBlockCopy(st->block, st->sum);
120 120
		// пересчитать sum: добавить новое слагаемое
121 -
		beltBlockXor2(s->sum, (octet*)buf + (i + count - 16) % count);
121 +
		beltBlockXor2(st->sum, (octet*)buf + (i + count - 16) % count);
122 122
		// пересчитать sum: исключить старое слагаемое
123 -
		beltBlockXor2(s->sum, (octet*)buf + i);
123 +
		beltBlockXor2(st->sum, (octet*)buf + i);
124 124
		// сохранить sum
125 -
		beltBlockCopy((octet*)buf + i, s->block);
125 +
		beltBlockCopy((octet*)buf + i, st->block);
126 126
		// вперед
127 127
		i = (i + 16) % count;
128 128
	}
129 -
	while (s->round % (2 * n));
129 +
	while (st->round % (2 * n));
130 130
}
131 131
132 132
void beltWBLStepDBase(void* buf, size_t count, void* state)
133 133
{
134 -
	belt_wbl_st* s = (belt_wbl_st*)state;
134 +
	belt_wbl_st* st = (belt_wbl_st*)state;
135 135
	word n = ((word)count + 15) / 16;
136 136
	ASSERT(count >= 32);
137 137
	ASSERT(memIsDisjoint2(buf, count, state, beltWBL_keep()));
138 -
	for (s->round = 2 * n; s->round; --s->round)
138 +
	for (st->round = 2 * n; st->round; --st->round)
139 139
	{
140 140
		size_t i;
141 141
		// block <- r*
142 -
		beltBlockCopy(s->block, (octet*)buf + count - 16);
142 +
		beltBlockCopy(st->block, (octet*)buf + count - 16);
143 143
		// r <- ShHi^128(r)
144 144
		memMove((octet*)buf + 16, buf, count - 16);
145 145
		// r1 <- block
146 -
		beltBlockCopy(buf, s->block);
146 +
		beltBlockCopy(buf, st->block);
147 147
		// block <- beltBlockEncr(block) + <round>
148 -
		beltBlockEncr(s->block, s->key);
148 +
		beltBlockEncr(st->block, st->key);
149 149
#if (OCTET_ORDER == LITTLE_ENDIAN)
150 -
		memXor2(s->block, &s->round, O_PER_W);
150 +
		memXor2(st->block, &st->round, O_PER_W);
151 151
#else // BIG_ENDIAN
152 -
		s->round = wordRev(s->round);
153 -
		memXor2(s->block, &s->round, O_PER_W);
154 -
		s->round = wordRev(s->round);
152 +
		st->round = wordRev(st->round);
153 +
		memXor2(st->block, &st->round, O_PER_W);
154 +
		st->round = wordRev(st->round);
155 155
#endif // OCTET_ORDER
156 156
		// r* <- r* + block
157 -
		beltBlockXor2((octet*)buf + count - 16, s->block);
157 +
		beltBlockXor2((octet*)buf + count - 16, st->block);
158 158
		// r1 <- r1 + r2 + ... + r_{n-1}
159 159
		for (i = 16; i + 16 < count; i += 16)
160 160
			beltBlockXor2(buf, (octet*)buf + i);
@@ -163,37 +163,37 @@
Loading
163 163
164 164
void beltWBLStepDOpt(void* buf, size_t count, void* state)
165 165
{
166 -
	belt_wbl_st* s = (belt_wbl_st*)state;
166 +
	belt_wbl_st* st = (belt_wbl_st*)state;
167 167
	word n = ((word)count + 15) / 16;
168 168
	size_t i;
169 169
	ASSERT(count >= 32 && count % 16 == 0);
170 170
	ASSERT(memIsDisjoint2(buf, count, state, beltWBL_keep()));
171 171
	// sum <- r1 + ... + r_{n-2} (будущая сумма r2 + ... + r_{n-1})
172 -
	beltBlockCopy(s->sum, (octet*)buf);
172 +
	beltBlockCopy(st->sum, (octet*)buf);
173 173
	for (i = 16; i + 32 < count; i += 16)
174 -
		beltBlockXor2(s->sum, (octet*)buf + i);
174 +
		beltBlockXor2(st->sum, (octet*)buf + i);
175 175
	// 2 * n итераций (sum будет записываться по смещению i: 
176 176
	// это блок r* в начале такта и блок r1 в конце)
177 -
	for (s->round = 2 * n, i = count - 16; s->round; --s->round)
177 +
	for (st->round = 2 * n, i = count - 16; st->round; --st->round)
178 178
	{
179 179
		// block <- beltBlockEncr(r*) + <round>
180 -
		beltBlockCopy(s->block, (octet*)buf + i);
181 -
		beltBlockEncr(s->block, s->key);
180 +
		beltBlockCopy(st->block, (octet*)buf + i);
181 +
		beltBlockEncr(st->block, st->key);
182 182
#if (OCTET_ORDER == LITTLE_ENDIAN)
183 -
		memXor2(s->block, &s->round, O_PER_W);
183 +
		memXor2(st->block, &st->round, O_PER_W);
184 184
#else // BIG_ENDIAN
185 -
		s->round = wordRev(s->round);
186 -
		memXor2(s->block, &s->round, O_PER_W);
187 -
		s->round = wordRev(s->round);
185 +
		st->round = wordRev(st->round);
186 +
		memXor2(st->block, &st->round, O_PER_W);
187 +
		st->round = wordRev(st->round);
188 188
#endif // OCTET_ORDER
189 189
		// r* <- r* + block
190 -
		beltBlockXor2((octet*)buf + (i + count - 16) % count, s->block);
190 +
		beltBlockXor2((octet*)buf + (i + count - 16) % count, st->block);
191 191
		// r1 <- pre r* + sum
192 -
		beltBlockXor2((octet*)buf + i, s->sum);
192 +
		beltBlockXor2((octet*)buf + i, st->sum);
193 193
		// пересчитать sum: исключить старое слагаемое
194 -
		beltBlockXor2(s->sum, (octet*)buf + (i + count - 32) % count);
194 +
		beltBlockXor2(st->sum, (octet*)buf + (i + count - 32) % count);
195 195
		// пересчитать sum: добавить новое слагаемое
196 -
		beltBlockXor2(s->sum, (octet*)buf + i);
196 +
		beltBlockXor2(st->sum, (octet*)buf + i);
197 197
		// назад
198 198
		i = (i + count - 16) % count;
199 199
	}
@@ -201,9 +201,9 @@
Loading
201 201
202 202
void beltWBLStepE(void* buf, size_t count, void* state)
203 203
{
204 -
	belt_wbl_st* s = (belt_wbl_st*)state;
205 -
	ASSERT(memIsValid(s, beltWBL_keep()));
206 -
	s->round = 0;
204 +
	belt_wbl_st* st = (belt_wbl_st*)state;
205 +
	ASSERT(memIsValid(state, beltWBL_keep()));
206 +
	st->round = 0;
207 207
	(count % 16 || count < 64) ? 
208 208
		beltWBLStepEBase(buf, count, state) :
209 209
		beltWBLStepEOpt(buf, count, state);
@@ -211,40 +211,39 @@
Loading
211 211
212 212
void beltWBLStepD(void* buf, size_t count, void* state)
213 213
{
214 -
//	(count % 16 || count < 80) ? 
215 -
//		beltWBLStepDBase(buf, count, state) :
216 -
//		beltWBLStepDOpt(buf, count, state);
217 -
		beltWBLStepDBase(buf, count, state);
214 +
	(count % 16 || count < 80) ? 
215 +
		beltWBLStepDBase(buf, count, state) :
216 +
		beltWBLStepDOpt(buf, count, state);
218 217
}
219 218
220 219
void beltWBLStepD2(void* buf1, void* buf2, size_t count, void* state)
221 220
{
222 -
	belt_wbl_st* s = (belt_wbl_st*)state;
221 +
	belt_wbl_st* st = (belt_wbl_st*)state;
223 222
	word n = ((word)count + 15) / 16;
224 223
	// pre
225 224
	ASSERT(count >= 32);
226 225
	ASSERT(memIsDisjoint3(buf1, count - 16, buf2, 16, state, beltWBL_keep()));
227 -
	for (s->round = 2 * n; s->round; --s->round)
226 +
	for (st->round = 2 * n; st->round; --st->round)
228 227
	{
229 228
		size_t i;
230 229
		// block <- r*
231 -
		beltBlockCopy(s->block, buf2);
230 +
		beltBlockCopy(st->block, buf2);
232 231
		// r <- ShHi^128(r)
233 232
		memCopy(buf2, (octet*)buf1 + count - 32, 16);
234 233
		memMove((octet*)buf1 + 16, buf1, count - 32);
235 234
		// r1 <- block
236 -
		beltBlockCopy(buf1, s->block);
235 +
		beltBlockCopy(buf1, st->block);
237 236
		// block <- beltBlockEncr(block) + <round>
238 -
		beltBlockEncr(s->block, s->key);
237 +
		beltBlockEncr(st->block, st->key);
239 238
#if (OCTET_ORDER == LITTLE_ENDIAN)
240 -
		memXor2(s->block, &s->round, O_PER_W);
239 +
		memXor2(st->block, &st->round, O_PER_W);
241 240
#else // BIG_ENDIAN
242 -
		s->round = wordRev(s->round);
243 -
		memXor2(s->block, &s->round, O_PER_W);
244 -
		s->round = wordRev(s->round);
241 +
		st->round = wordRev(st->round);
242 +
		memXor2(st->block, &st->round, O_PER_W);
243 +
		st->round = wordRev(st->round);
245 244
#endif // OCTET_ORDER
246 245
		// r* <- r* + block
247 -
		beltBlockXor2(buf2, s->block);
246 +
		beltBlockXor2(buf2, st->block);
248 247
		// r1 <- r1 + r2 + ... + r_{n-1}
249 248
		for (i = 16; i + 32 < count; i += 16)
250 249
			beltBlockXor2(buf1, (octet*)buf1 + i);

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file blob.c
4 4
\brief Blobs

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -39,56 +39,56 @@
Loading
39 39
void beltCTRStart(void* state, const octet key[], size_t len, 
40 40
	const octet iv[16])
41 41
{
42 -
	belt_ctr_st* s = (belt_ctr_st*)state;
42 +
	belt_ctr_st* st = (belt_ctr_st*)state;
43 43
	ASSERT(memIsDisjoint2(iv, 16, state, beltCTR_keep()));
44 -
	beltKeyExpand2(s->key, key, len);
45 -
	u32From(s->ctr, iv, 16);
46 -
	beltBlockEncr2(s->ctr, s->key);
47 -
	s->reserved = 0;
44 +
	beltKeyExpand2(st->key, key, len);
45 +
	u32From(st->ctr, iv, 16);
46 +
	beltBlockEncr2(st->ctr, st->key);
47 +
	st->reserved = 0;
48 48
}
49 49
50 50
void beltCTRStepE(void* buf, size_t count, void* state)
51 51
{
52 -
	belt_ctr_st* s = (belt_ctr_st*)state;
52 +
	belt_ctr_st* st = (belt_ctr_st*)state;
53 53
	ASSERT(memIsDisjoint2(buf, count, state, beltCTR_keep()));
54 54
	// есть резерв гаммы?
55 -
	if (s->reserved)
55 +
	if (st->reserved)
56 56
	{
57 -
		if (s->reserved >= count)
57 +
		if (st->reserved >= count)
58 58
		{
59 -
			memXor2(buf, s->block + 16 - s->reserved, count);
60 -
			s->reserved -= count;
59 +
			memXor2(buf, st->block + 16 - st->reserved, count);
60 +
			st->reserved -= count;
61 61
			return;
62 62
		}
63 -
		memXor2(buf, s->block + 16 - s->reserved, s->reserved);
64 -
		count -= s->reserved;
65 -
		buf = (octet*)buf + s->reserved;
66 -
		s->reserved = 0;
63 +
		memXor2(buf, st->block + 16 - st->reserved, st->reserved);
64 +
		count -= st->reserved;
65 +
		buf = (octet*)buf + st->reserved;
66 +
		st->reserved = 0;
67 67
	}
68 68
	// цикл по полным блокам
69 69
	while (count >= 16)
70 70
	{
71 -
		beltBlockIncU32(s->ctr);
72 -
		beltBlockCopy(s->block, s->ctr);
73 -
		beltBlockEncr2((u32*)s->block, s->key);
71 +
		beltBlockIncU32(st->ctr);
72 +
		beltBlockCopy(st->block, st->ctr);
73 +
		beltBlockEncr2((u32*)st->block, st->key);
74 74
#if (OCTET_ORDER == BIG_ENDIAN)
75 -
		beltBlockRevU32(s->block);
75 +
		beltBlockRevU32(st->block);
76 76
#endif
77 -
		beltBlockXor2(buf, s->block);
77 +
		beltBlockXor2(buf, st->block);
78 78
		buf = (octet*)buf + 16;
79 79
		count -= 16;
80 80
	}
81 81
	// неполный блок?
82 82
	if (count)
83 83
	{
84 -
		beltBlockIncU32(s->ctr);
85 -
		beltBlockCopy(s->block, s->ctr);
86 -
		beltBlockEncr2((u32*)s->block, s->key);
84 +
		beltBlockIncU32(st->ctr);
85 +
		beltBlockCopy(st->block, st->ctr);
86 +
		beltBlockEncr2((u32*)st->block, st->key);
87 87
#if (OCTET_ORDER == BIG_ENDIAN)
88 -
		beltBlockRevU32(s->block);
88 +
		beltBlockRevU32(st->block);
89 89
#endif
90 -
		memXor2(buf, s->block, count);
91 -
		s->reserved = 16 - count;
90 +
		memXor2(buf, st->block, count);
91 +
		st->reserved = 16 - count;
92 92
	}
93 93
}
94 94
@@ -115,4 +115,3 @@
Loading
115 115
	blobClose(state);
116 116
	return ERR_OK;
117 117
}
118 -

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2018.09.01
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -37,39 +37,39 @@
Loading
37 37
38 38
void beltSDEStart(void* state, const octet key[], size_t len)
39 39
{
40 -
	belt_sde_st* s = (belt_sde_st*)state;
40 +
	belt_sde_st* st = (belt_sde_st*)state;
41 41
	ASSERT(memIsValid(state, beltSDE_keep()));
42 -
	beltWBLStart(s->wbl, key, len);
42 +
	beltWBLStart(st->wbl, key, len);
43 43
}
44 44
45 45
void beltSDEStepE(void* buf, size_t count, const octet iv[16], void* state)
46 46
{
47 -
	belt_sde_st* s = (belt_sde_st*)state;
47 +
	belt_sde_st* st = (belt_sde_st*)state;
48 48
	ASSERT(count % 16 == 0 && count >= 16);
49 49
	ASSERT(memIsDisjoint2(buf, count, state, beltSDE_keep()));
50 50
	ASSERT(memIsValid(iv, 16));
51 51
	// зашифровать синхропосылку
52 -
	memCopy(s->s, iv, 16);
53 -
	beltBlockEncr(s->s, s->wbl->key);
52 +
	memCopy(st->s, iv, 16);
53 +
	beltBlockEncr(st->s, st->wbl->key);
54 54
	// каскад XEX
55 -
	beltBlockXor2(buf, s->s);
56 -
	beltWBLStepE(buf, count, s->wbl);
57 -
	beltBlockXor2(buf, s->s);
55 +
	beltBlockXor2(buf, st->s);
56 +
	beltWBLStepE(buf, count, st->wbl);
57 +
	beltBlockXor2(buf, st->s);
58 58
}
59 59
60 60
void beltSDEStepD(void* buf, size_t count, const octet iv[16], void* state)
61 61
{
62 -
	belt_sde_st* s = (belt_sde_st*)state;
62 +
	belt_sde_st* st = (belt_sde_st*)state;
63 63
	ASSERT(count % 16 == 0 && count >= 32);
64 64
	ASSERT(memIsDisjoint2(buf, count, state, beltSDE_keep()));
65 65
	ASSERT(memIsValid(iv, 16));
66 66
	// зашифровать синхропосылку
67 -
	memCopy(s->s, iv, 16);
68 -
	beltBlockEncr(s->s, s->wbl->key);
67 +
	memCopy(st->s, iv, 16);
68 +
	beltBlockEncr(st->s, st->wbl->key);
69 69
	// каскад XEX
70 -
	beltBlockXor2(buf, s->s);
71 -
	beltWBLStepD(buf, count, s->wbl);
72 -
	beltBlockXor2(buf, s->s);
70 +
	beltBlockXor2(buf, st->s);
71 +
	beltWBLStepD(buf, count, st->wbl);
72 +
	beltBlockXor2(buf, st->s);
73 73
}
74 74
75 75
err_t beltSDEEncr(void* dest, const void* src, size_t count,
@@ -120,4 +120,4 @@
Loading
120 120
	// завершить
121 121
	blobClose(state);
122 122
	return ERR_OK;
123 -
}

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file prng.c
4 4
\brief Pseudorandom number generators

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -47,42 +47,42 @@
Loading
47 47
48 48
void beltMACStart(void* state, const octet key[], size_t len)
49 49
{
50 -
	belt_mac_st* s = (belt_mac_st*)state;
50 +
	belt_mac_st* st = (belt_mac_st*)state;
51 51
	ASSERT(memIsValid(state, beltMAC_keep()));
52 -
	beltKeyExpand2(s->key, key, len);
53 -
	beltBlockSetZero(s->s);
54 -
	beltBlockSetZero(s->r);
55 -
	beltBlockEncr2(s->r, s->key);
56 -
	s->filled = 0;
52 +
	beltKeyExpand2(st->key, key, len);
53 +
	beltBlockSetZero(st->s);
54 +
	beltBlockSetZero(st->r);
55 +
	beltBlockEncr2(st->r, st->key);
56 +
	st->filled = 0;
57 57
}
58 58
59 59
void beltMACStepA(const void* buf, size_t count, void* state)
60 60
{
61 -
	belt_mac_st* s = (belt_mac_st*)state;
61 +
	belt_mac_st* st = (belt_mac_st*)state;
62 62
	ASSERT(memIsDisjoint2(buf, count, state, beltMAC_keep()));
63 63
	// накопить полный блок
64 -
	if (s->filled < 16)
64 +
	if (st->filled < 16)
65 65
	{
66 -
		if (count <= 16 - s->filled)
66 +
		if (count <= 16 - st->filled)
67 67
		{
68 -
			memCopy(s->block + s->filled, buf, count);
69 -
			s->filled += count;
68 +
			memCopy(st->block + st->filled, buf, count);
69 +
			st->filled += count;
70 70
			return;
71 71
		}
72 -
		memCopy(s->block + s->filled, buf, 16 - s->filled);
73 -
		count -= 16 - s->filled;
74 -
		buf = (const octet*)buf + 16 - s->filled;
75 -
		s->filled = 16;
72 +
		memCopy(st->block + st->filled, buf, 16 - st->filled);
73 +
		count -= 16 - st->filled;
74 +
		buf = (const octet*)buf + 16 - st->filled;
75 +
		st->filled = 16;
76 76
	}
77 77
	// цикл по полным блокам
78 78
	while (count >= 16)
79 79
	{
80 80
#if (OCTET_ORDER == BIG_ENDIAN)
81 -
		beltBlockRevU32(s->block);
81 +
		beltBlockRevU32(st->block);
82 82
#endif
83 -
		beltBlockXor2(s->s, s->block);
84 -
		beltBlockEncr2(s->s, s->key);
85 -
		beltBlockCopy(s->block, buf);
83 +
		beltBlockXor2(st->s, st->block);
84 +
		beltBlockEncr2(st->s, st->key);
85 +
		beltBlockCopy(st->block, buf);
86 86
		buf = (const octet*)buf + 16;
87 87
		count -= 16;
88 88
	}
@@ -90,94 +90,94 @@
Loading
90 90
	if (count)
91 91
	{
92 92
#if (OCTET_ORDER == BIG_ENDIAN)
93 -
		beltBlockRevU32(s->block);
93 +
		beltBlockRevU32(st->block);
94 94
#endif
95 -
		beltBlockXor2(s->s, s->block);
96 -
		beltBlockEncr2(s->s, s->key);
97 -
		memCopy(s->block, buf, count);
98 -
		s->filled = count;
95 +
		beltBlockXor2(st->s, st->block);
96 +
		beltBlockEncr2(st->s, st->key);
97 +
		memCopy(st->block, buf, count);
98 +
		st->filled = count;
99 99
	}
100 100
}
101 101
102 102
static void beltMACStepG_internal(void* state)
103 103
{
104 -
	belt_mac_st* s = (belt_mac_st*)state;
104 +
	belt_mac_st* st = (belt_mac_st*)state;
105 105
	ASSERT(memIsValid(state, beltMAC_keep()));
106 106
	// полный блок?
107 -
	if (s->filled == 16)
107 +
	if (st->filled == 16)
108 108
	{
109 109
#if (OCTET_ORDER == BIG_ENDIAN)
110 -
		beltBlockRevU32(s->block);
110 +
		beltBlockRevU32(st->block);
111 111
#endif
112 -
		beltBlockXor(s->mac, s->s, s->block);
113 -
		s->mac[0] ^= s->r[1];
114 -
		s->mac[1] ^= s->r[2];
115 -
		s->mac[2] ^= s->r[3];
116 -
		s->mac[3] ^= s->r[0] ^ s->r[1];
112 +
		beltBlockXor(st->mac, st->s, st->block);
113 +
		st->mac[0] ^= st->r[1];
114 +
		st->mac[1] ^= st->r[2];
115 +
		st->mac[2] ^= st->r[3];
116 +
		st->mac[3] ^= st->r[0] ^ st->r[1];
117 117
#if (OCTET_ORDER == BIG_ENDIAN)
118 -
		beltBlockRevU32(s->block);
118 +
		beltBlockRevU32(st->block);
119 119
#endif
120 120
	}
121 121
	// неполный (в т.ч. пустой) блок?
122 122
	else
123 123
	{
124 -
		s->block[s->filled] = 0x80;
125 -
		memSetZero(s->block + s->filled + 1, 16 - s->filled - 1);
124 +
		st->block[st->filled] = 0x80;
125 +
		memSetZero(st->block + st->filled + 1, 16 - st->filled - 1);
126 126
#if (OCTET_ORDER == BIG_ENDIAN)
127 -
		beltBlockRevU32(s->block);
127 +
		beltBlockRevU32(st->block);
128 128
#endif
129 -
		beltBlockXor(s->mac, s->s, s->block);
130 -
		s->mac[0] ^= s->r[0] ^ s->r[3];
131 -
		s->mac[1] ^= s->r[0];
132 -
		s->mac[2] ^= s->r[1];
133 -
		s->mac[3] ^= s->r[2];
129 +
		beltBlockXor(st->mac, st->s, st->block);
130 +
		st->mac[0] ^= st->r[0] ^ st->r[3];
131 +
		st->mac[1] ^= st->r[0];
132 +
		st->mac[2] ^= st->r[1];
133 +
		st->mac[3] ^= st->r[2];
134 134
#if (OCTET_ORDER == BIG_ENDIAN)
135 -
		beltBlockRevU32(s->block);
135 +
		beltBlockRevU32(st->block);
136 136
#endif
137 137
	}
138 -
	beltBlockEncr2(s->mac, s->key);
138 +
	beltBlockEncr2(st->mac, st->key);
139 139
}
140 140
141 141
void beltMACStepG(octet mac[8], void* state)
142 142
{
143 -
	belt_mac_st* s = (belt_mac_st*)state;
143 +
	belt_mac_st* st = (belt_mac_st*)state;
144 144
	ASSERT(memIsValid(mac, 8));
145 -
	beltMACStepG_internal(s);
146 -
	u32To(mac, 8, s->mac);
145 +
	beltMACStepG_internal(state);
146 +
	u32To(mac, 8, st->mac);
147 147
}
148 148
149 149
void beltMACStepG2(octet mac[], size_t mac_len, void* state)
150 150
{
151 -
	belt_mac_st* s = (belt_mac_st*)state;
151 +
	belt_mac_st* st = (belt_mac_st*)state;
152 152
	ASSERT(mac_len <= 8);
153 153
	ASSERT(memIsValid(mac, mac_len));
154 -
	beltMACStepG_internal(s);
155 -
	u32To(mac, mac_len, s->mac);
154 +
	beltMACStepG_internal(state);
155 +
	u32To(mac, mac_len, st->mac);
156 156
}
157 157
158 158
bool_t beltMACStepV(const octet mac[8], void* state)
159 159
{
160 -
	belt_mac_st* s = (belt_mac_st*)state;
160 +
	belt_mac_st* st = (belt_mac_st*)state;
161 161
	ASSERT(memIsValid(mac, 8));
162 -
	beltMACStepG_internal(s);
162 +
	beltMACStepG_internal(state);
163 163
#if (OCTET_ORDER == BIG_ENDIAN)
164 -
	s->mac[0] = u32Rev(s->mac[0]);
165 -
	s->mac[1] = u32Rev(s->mac[1]);
164 +
	st->mac[0] = u32Rev(st->mac[0]);
165 +
	st->mac[1] = u32Rev(st->mac[1]);
166 166
#endif
167 -
	return memEq(mac, s->mac, 8);
167 +
	return memEq(mac, st->mac, 8);
168 168
}
169 169
170 170
bool_t beltMACStepV2(const octet mac[], size_t mac_len, void* state)
171 171
{
172 -
	belt_mac_st* s = (belt_mac_st*)state;
172 +
	belt_mac_st* st = (belt_mac_st*)state;
173 173
	ASSERT(mac_len <= 8);
174 174
	ASSERT(memIsValid(mac, mac_len));
175 -
	beltMACStepG_internal(s);
175 +
	beltMACStepG_internal(st);
176 176
#if (OCTET_ORDER == BIG_ENDIAN)
177 -
	s->mac[0] = u32Rev(s->mac[0]);
178 -
	s->mac[1] = u32Rev(s->mac[1]);
177 +
	st->mac[0] = u32Rev(st->mac[0]);
178 +
	st->mac[1] = u32Rev(st->mac[1]);
179 179
#endif
180 -
	return memEq(mac, s->mac, mac_len);
180 +
	return memEq(mac, st->mac, mac_len);
181 181
}
182 182
183 183
err_t beltMAC(octet mac[8], const void* src, size_t count,
@@ -202,4 +202,3 @@
Loading
202 202
	blobClose(state);
203 203
	return ERR_OK;
204 204
}
205 -

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -38,88 +38,88 @@
Loading
38 38
void beltCFBStart(void* state, const octet key[], size_t len, 
39 39
	const octet iv[16])
40 40
{
41 -
	belt_cfb_st* s = (belt_cfb_st*)state;
41 +
	belt_cfb_st* st = (belt_cfb_st*)state;
42 42
	ASSERT(memIsDisjoint2(iv, 16, state, beltCFB_keep()));
43 -
	beltKeyExpand2(s->key, key, len);
44 -
	beltBlockCopy(s->block, iv);
45 -
	s->reserved = 0;
43 +
	beltKeyExpand2(st->key, key, len);
44 +
	beltBlockCopy(st->block, iv);
45 +
	st->reserved = 0;
46 46
}
47 47
48 48
void beltCFBStepE(void* buf, size_t count, void* state)
49 49
{
50 -
	belt_cfb_st* s = (belt_cfb_st*)state;
50 +
	belt_cfb_st* st = (belt_cfb_st*)state;
51 51
	ASSERT(memIsDisjoint2(buf, count, state, beltCFB_keep()));
52 52
	// есть резерв гаммы?
53 -
	if (s->reserved)
53 +
	if (st->reserved)
54 54
	{
55 -
		if (s->reserved >= count)
55 +
		if (st->reserved >= count)
56 56
		{
57 -
			memXor2(s->block + 16 - s->reserved, buf, count);
58 -
			memCopy(buf, s->block + 16 - s->reserved, count);
59 -
			s->reserved -= count;
57 +
			memXor2(st->block + 16 - st->reserved, buf, count);
58 +
			memCopy(buf, st->block + 16 - st->reserved, count);
59 +
			st->reserved -= count;
60 60
			return;
61 61
		}
62 -
		memXor2(s->block + 16 - s->reserved, buf, s->reserved);
63 -
		memCopy(buf, s->block + 16 - s->reserved, s->reserved);
64 -
		count -= s->reserved;
65 -
		buf = (octet*)buf + s->reserved;
66 -
		s->reserved = 0;
62 +
		memXor2(st->block + 16 - st->reserved, buf, st->reserved);
63 +
		memCopy(buf, st->block + 16 - st->reserved, st->reserved);
64 +
		count -= st->reserved;
65 +
		buf = (octet*)buf + st->reserved;
66 +
		st->reserved = 0;
67 67
	}
68 68
	// цикл по полным блокам
69 69
	while (count >= 16)
70 70
	{
71 -
		beltBlockEncr(s->block, s->key);
72 -
		beltBlockXor2(s->block, buf);
73 -
		beltBlockCopy(buf, s->block);
71 +
		beltBlockEncr(st->block, st->key);
72 +
		beltBlockXor2(st->block, buf);
73 +
		beltBlockCopy(buf, st->block);
74 74
		buf = (octet*)buf + 16;
75 75
		count -= 16;
76 76
	}
77 77
	// неполный блок?
78 78
	if (count)
79 79
	{
80 -
		beltBlockEncr(s->block, s->key);
81 -
		memXor2(s->block, buf, count);
82 -
		memCopy(buf, s->block, count);
83 -
		s->reserved = 16 - count;
80 +
		beltBlockEncr(st->block, st->key);
81 +
		memXor2(st->block, buf, count);
82 +
		memCopy(buf, st->block, count);
83 +
		st->reserved = 16 - count;
84 84
	}
85 85
}
86 86
87 87
void beltCFBStepD(void* buf, size_t count, void* state)
88 88
{
89 -
	belt_cfb_st* s = (belt_cfb_st*)state;
89 +
	belt_cfb_st* st = (belt_cfb_st*)state;
90 90
	ASSERT(memIsDisjoint2(buf, count, state, beltCFB_keep()));
91 91
	// есть резерв гаммы?
92 -
	if (s->reserved)
92 +
	if (st->reserved)
93 93
	{
94 -
		if (s->reserved >= count)
94 +
		if (st->reserved >= count)
95 95
		{
96 -
			memXor2(buf, s->block + 16 - s->reserved, count);
97 -
			memXor2(s->block + 16 - s->reserved, buf, count);
98 -
			s->reserved -= count;
96 +
			memXor2(buf, st->block + 16 - st->reserved, count);
97 +
			memXor2(st->block + 16 - st->reserved, buf, count);
98 +
			st->reserved -= count;
99 99
			return;
100 100
		}
101 -
		memXor2(buf, s->block + 16 - s->reserved, s->reserved);
102 -
		memXor2(s->block + 16 - s->reserved, buf, s->reserved);
103 -
		count -= s->reserved;
104 -
		buf = (octet*)buf + s->reserved;
105 -
		s->reserved = 0;
101 +
		memXor2(buf, st->block + 16 - st->reserved, st->reserved);
102 +
		memXor2(st->block + 16 - st->reserved, buf, st->reserved);
103 +
		count -= st->reserved;
104 +
		buf = (octet*)buf + st->reserved;
105 +
		st->reserved = 0;
106 106
	}
107 107
	// цикл по полным блокам
108 108
	while (count >= 16)
109 109
	{
110 -
		beltBlockEncr(s->block, s->key);
111 -
		beltBlockXor2(buf, s->block);
112 -
		beltBlockXor2(s->block, buf);
110 +
		beltBlockEncr(st->block, st->key);
111 +
		beltBlockXor2(buf, st->block);
112 +
		beltBlockXor2(st->block, buf);
113 113
		buf = (octet*)buf + 16;
114 114
		count -= 16;
115 115
	}
116 116
	// неполный блок?
117 117
	if (count)
118 118
	{
119 -
		beltBlockEncr(s->block, s->key);
120 -
		memXor2(buf, s->block, count);
121 -
		memXor2(s->block, buf, count);
122 -
		s->reserved = 16 - count;
119 +
		beltBlockEncr(st->block, st->key);
120 +
		memXor2(buf, st->block, count);
121 +
		memXor2(st->block, buf, count);
122 +
		st->reserved = 16 - count;
123 123
	}
124 124
}
125 125

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file util.c
4 4
\brief Utilities

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file oid.c
4 4
\brief Object identifiers

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -38,23 +38,23 @@
Loading
38 38
void beltCBCStart(void* state, const octet key[], size_t len, 
39 39
	const octet iv[16])
40 40
{
41 -
	belt_cbc_st* s = (belt_cbc_st*)state;
41 +
	belt_cbc_st* st = (belt_cbc_st*)state;
42 42
	ASSERT(memIsDisjoint2(iv, 16, state, beltCBC_keep()));
43 -
	beltKeyExpand2(s->key, key, len);
44 -
	beltBlockCopy(s->block, iv);
43 +
	beltKeyExpand2(st->key, key, len);
44 +
	beltBlockCopy(st->block, iv);
45 45
}
46 46
47 47
void beltCBCStepE(void* buf, size_t count, void* state)
48 48
{
49 -
	belt_cbc_st* s = (belt_cbc_st*)state;
49 +
	belt_cbc_st* st = (belt_cbc_st*)state;
50 50
	ASSERT(count >= 16);
51 51
	ASSERT(memIsDisjoint2(buf, count, state, beltCBC_keep()));
52 52
	// цикл по полным блокам
53 53
	while(count >= 16)
54 54
	{
55 -
		beltBlockXor2(s->block, buf);
56 -
		beltBlockEncr(s->block, s->key);
57 -
		beltBlockCopy(buf, s->block);
55 +
		beltBlockXor2(st->block, buf);
56 +
		beltBlockEncr(st->block, st->key);
57 +
		beltBlockCopy(buf, st->block);
58 58
		buf = (octet*)buf + 16;
59 59
		count -= 16;
60 60
	}
@@ -62,23 +62,23 @@
Loading
62 62
	if (count)
63 63
	{
64 64
		memSwap((octet*)buf - 16, buf, count);
65 -
		memXor2((octet*)buf - 16, s->block, count);
66 -
		beltBlockEncr((octet*)buf - 16, s->key);
65 +
		memXor2((octet*)buf - 16, st->block, count);
66 +
		beltBlockEncr((octet*)buf - 16, st->key);
67 67
	}
68 68
}
69 69
70 70
void beltCBCStepD(void* buf, size_t count, void* state)
71 71
{
72 -
	belt_cbc_st* s = (belt_cbc_st*)state;
72 +
	belt_cbc_st* st = (belt_cbc_st*)state;
73 73
	ASSERT(count >= 16);
74 74
	ASSERT(memIsDisjoint2(buf, count, state, beltCBC_keep()));
75 75
	// цикл по полным блокам
76 76
	while(count >= 32 || count == 16)
77 77
	{
78 -
		beltBlockCopy(s->block2, buf);
79 -
		beltBlockDecr(buf, s->key);
80 -
		beltBlockXor2(buf, s->block);
81 -
		beltBlockCopy(s->block, s->block2);
78 +
		beltBlockCopy(st->block2, buf);
79 +
		beltBlockDecr(buf, st->key);
80 +
		beltBlockXor2(buf, st->block);
81 +
		beltBlockCopy(st->block, st->block2);
82 82
		buf = (octet*)buf + 16;
83 83
		count -= 16;
84 84
	}
@@ -86,11 +86,11 @@
Loading
86 86
	if (count)
87 87
	{
88 88
		ASSERT(16 < count && count < 32);
89 -
		beltBlockDecr(buf, s->key);
89 +
		beltBlockDecr(buf, st->key);
90 90
		memSwap(buf, (octet*)buf + 16, count - 16);
91 91
		memXor2((octet*)buf + 16, buf, count - 16);
92 -
		beltBlockDecr(buf, s->key);
93 -
		beltBlockXor2(buf, s->block);
92 +
		beltBlockDecr(buf, st->key);
93 +
		beltBlockXor2(buf, st->block);
94 94
	}
95 95
}
96 96
@@ -143,4 +143,3 @@
Loading
143 143
	blobClose(state);
144 144
	return ERR_OK;
145 145
}
146 -

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file g12s.c
4 4
\brief GOST R 34.10-94 (Russia): digital signature algorithms
@@ -387,7 +387,7 @@
Loading
387 387
	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
388 388
	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
389 389
	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
390 -
};                                
390 +
};
391 391
392 392
static const octet _paramsetA512_b[] = {
393 393
	0x60, 0xC7, 0x71, 0x5A, 0x78, 0x90, 0x31, 0x50,
@@ -488,7 +488,7 @@
Loading
488 488
static const octet _paramsetB512_xP[] = {
489 489
	0x02, 
490 490
};
491 -
                                                                                                                                                                
491 +
492 492
static const octet _paramsetB512_yP[] = {
493 493
	0xBD, 0x41, 0xFE, 0x80, 0x07, 0x34, 0x21, 0x7E,
494 494
	0xEC, 0xEE, 0x4C, 0xF9, 0x55, 0x10, 0x04, 0x28,

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -16,44 +16,28 @@
Loading
16 16
#include "bee2/core/mem.h"
17 17
#include "bee2/core/util.h"
18 18
#include "bee2/crypto/belt.h"
19 -
#include "bee2/math/pp.h"
20 19
#include "bee2/math/ww.h"
21 20
#include "belt_lcl.h"
22 21
23 22
/*
24 23
*******************************************************************************
25 24
Шифрование и имитозащита данных (DWP)
25 +
26 +
\remark Режим get-then-continue реализован, но пока не рекомендован
27 +
(вплоть до завершения оценки надежности).
26 28
*******************************************************************************
27 29
*/
28 30
29 -
static void beltPolyMul(word c[], const word a[], const word b[], void* stack)
30 -
{
31 -
	const size_t n = W_OF_B(128);
32 -
	word* prod = (word*)stack;
33 -
	stack = prod + 2 * n;
34 -
	// умножить
35 -
	ppMul(prod, a, n, b, n, stack);
36 -
	// привести по модулю
37 -
	ppRedBelt(prod);
38 -
	wwCopy(c, prod, n);
39 -
}
40 -
41 -
static size_t beltPolyMul_deep()
42 -
{
43 -
	const size_t n = W_OF_B(128);
44 -
	return O_OF_W(2 * n) + ppMul_deep(n, n);
45 -
}
46 -
47 31
typedef struct
48 32
{
49 -
	belt_ctr_st ctr[1];			/*< состояние функций CTR */
50 -
	word r[W_OF_B(128)];		/*< переменная r */
51 -
	word s[W_OF_B(128)];		/*< переменная s (имитовставка) */
52 -
	word len[W_OF_B(128)];		/*< обработано открытых||критических данных */
53 -
	octet block[16];			/*< блок данных */
54 -
	size_t filled;				/*< накоплено октетов в блоке */
55 -
	octet mac[8];				/*< имитовставка для StepV */
56 -
	octet stack[];				/*< стек умножения */
33 +
	belt_ctr_st ctr[1];		/*< состояние функций CTR */
34 +
	word r[W_OF_B(128)];	/*< переменная r */
35 +
	word t[W_OF_B(128)];	/*< переменная t */
36 +
	word t1[W_OF_B(128)];	/*< копия t/имитовставка */
37 +
	word len[W_OF_B(128)];	/*< обработано открытых || критических данных */
38 +
	octet block[16];		/*< блок данных */
39 +
	size_t filled;			/*< накоплено октетов в блоке */
40 +
	octet stack[];			/*< стек умножения */
57 41
} belt_dwp_st;
58 42
59 43
size_t beltDWP_keep()
@@ -64,21 +48,21 @@
Loading
64 48
void beltDWPStart(void* state, const octet key[], size_t len, 
65 49
	const octet iv[16])
66 50
{
67 -
	belt_dwp_st* s = (belt_dwp_st*)state;
51 +
	belt_dwp_st* st = (belt_dwp_st*)state;
68 52
	ASSERT(memIsDisjoint2(iv, 16, state, beltDWP_keep()));
69 53
	// настроить CTR
70 -
	beltCTRStart(s->ctr, key, len, iv);
54 +
	beltCTRStart(st->ctr, key, len, iv);
71 55
	// установить r, s
72 -
	beltBlockCopy(s->r, s->ctr->ctr);
73 -
	beltBlockEncr2((u32*)s->r, s->ctr->key);
56 +
	beltBlockCopy(st->r, st->ctr->ctr);
57 +
	beltBlockEncr2((u32*)st->r, st->ctr->key);
74 58
#if (OCTET_ORDER == BIG_ENDIAN && B_PER_W != 32)
75 -
	beltBlockRevU32(s->r);
76 -
	beltBlockRevW(s->r);
59 +
	beltBlockRevU32(st->r);
60 +
	beltBlockRevW(st->r);
77 61
#endif
78 -
	wwFrom(s->s, beltH(), 16);
62 +
	wwFrom(st->t, beltH(), 16);
79 63
	// обнулить счетчики
80 -
	memSetZero(s->len, sizeof(s->len));
81 -
	s->filled = 0;
64 +
	memSetZero(st->len, sizeof(st->len));
65 +
	st->filled = 0;
82 66
}
83 67
84 68
void beltDWPStepE(void* buf, size_t count, void* state)
@@ -88,100 +72,100 @@
Loading
88 72
89 73
void beltDWPStepI(const void* buf, size_t count, void* state)
90 74
{
91 -
	belt_dwp_st* s = (belt_dwp_st*)state;
75 +
	belt_dwp_st* st = (belt_dwp_st*)state;
92 76
	ASSERT(memIsDisjoint2(buf, count, state, beltDWP_keep()));
93 77
	// критические данные не обрабатывались?
94 -
	ASSERT(count == 0 || beltHalfBlockIsZero(s->len + W_OF_B(64)));
78 +
	ASSERT(count == 0 || beltHalfBlockIsZero(st->len + W_OF_B(64)));
95 79
	// обновить длину
96 -
	beltHalfBlockAddBitSizeW(s->len, count);
80 +
	beltHalfBlockAddBitSizeW(st->len, count);
97 81
	// есть накопленные данные?
98 -
	if (s->filled)
82 +
	if (st->filled)
99 83
	{
100 -
		if (count < 16 - s->filled)
84 +
		if (count < 16 - st->filled)
101 85
		{
102 -
			memCopy(s->block + s->filled, buf, count);
103 -
			s->filled += count;
86 +
			memCopy(st->block + st->filled, buf, count);
87 +
			st->filled += count;
104 88
			return;
105 89
		}
106 -
		memCopy(s->block + s->filled, buf, 16 - s->filled);
107 -
		count -= 16 - s->filled;
108 -
		buf = (const octet*)buf + 16 - s->filled;
90 +
		memCopy(st->block + st->filled, buf, 16 - st->filled);
91 +
		count -= 16 - st->filled;
92 +
		buf = (const octet*)buf + 16 - st->filled;
109 93
#if (OCTET_ORDER == BIG_ENDIAN)
110 -
		beltBlockRevW(s->block);
94 +
		beltBlockRevW(st->block);
111 95
#endif
112 -
		beltBlockXor2(s->s, s->block);
113 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
114 -
		s->filled = 0;
96 +
		beltBlockXor2(st->t, st->block);
97 +
		beltPolyMul(st->t, st->t, st->r, st->stack);
98 +
		st->filled = 0;
115 99
	}
116 100
	// цикл по полным блокам
117 101
	while (count >= 16)
118 102
	{
119 -
		beltBlockCopy(s->block, buf);
103 +
		beltBlockCopy(st->block, buf);
120 104
#if (OCTET_ORDER == BIG_ENDIAN)
121 -
		beltBlockRevW(s->block);
105 +
		beltBlockRevW(st->block);
122 106
#endif
123 -
		beltBlockXor2(s->s, s->block);
124 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
107 +
		beltBlockXor2(st->t, st->block);
108 +
		beltPolyMul(st->t, st->t, st->r, st->stack);
125 109
		buf = (const octet*)buf + 16;
126 110
		count -= 16;
127 111
	}
128 112
	// неполный блок?
129 113
	if (count)
130 -
		memCopy(s->block, buf, s->filled = count);
114 +
		memCopy(st->block, buf, st->filled = count);
131 115
}
132 116
133 117
void beltDWPStepA(const void* buf, size_t count, void* state)
134 118
{
135 -
	belt_dwp_st* s = (belt_dwp_st*)state;
119 +
	belt_dwp_st* st = (belt_dwp_st*)state;
136 120
	ASSERT(memIsDisjoint2(buf, count, state, beltDWP_keep()));
137 121
	// первый непустой фрагмент критических данных?
138 122
	// есть необработанные открытые данные?
139 -
	if (count && beltHalfBlockIsZero(s->len + W_OF_B(64)) && s->filled)
123 +
	if (count && beltHalfBlockIsZero(st->len + W_OF_B(64)) && st->filled)
140 124
	{
141 -
		memSetZero(s->block + s->filled, 16 - s->filled);
125 +
		memSetZero(st->block + st->filled, 16 - st->filled);
142 126
#if (OCTET_ORDER == BIG_ENDIAN)
143 -
		beltBlockRevW(s->block);
127 +
		beltBlockRevW(st->block);
144 128
#endif
145 -
		beltBlockXor2(s->s, s->block);
146 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
147 -
		s->filled = 0;
129 +
		beltBlockXor2(st->t, st->block);
130 +
		beltPolyMul(st->t, st->t, st->r, st->stack);
131 +
		st->filled = 0;
148 132
	}
149 133
	// обновить длину
150 -
	beltHalfBlockAddBitSizeW(s->len + W_OF_B(64), count);
134 +
	beltHalfBlockAddBitSizeW(st->len + W_OF_B(64), count);
151 135
	// есть накопленные данные?
152 -
	if (s->filled)
136 +
	if (st->filled)
153 137
	{
154 -
		if (count < 16 - s->filled)
138 +
		if (count < 16 - st->filled)
155 139
		{
156 -
			memCopy(s->block + s->filled, buf, count);
157 -
			s->filled += count;
140 +
			memCopy(st->block + st->filled, buf, count);
141 +
			st->filled += count;
158 142
			return;
159 143
		}
160 -
		memCopy(s->block + s->filled, buf, 16 - s->filled);
161 -
		count -= 16 - s->filled;
162 -
		buf = (const octet*)buf + 16 - s->filled;
144 +
		memCopy(st->block + st->filled, buf, 16 - st->filled);
145 +
		count -= 16 - st->filled;
146 +
		buf = (const octet*)buf + 16 - st->filled;
163 147
#if (OCTET_ORDER == BIG_ENDIAN)
164 -
		beltBlockRevW(s->block);
148 +
		beltBlockRevW(st->block);
165 149
#endif
166 -
		beltBlockXor2(s->s, s->block);
167 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
168 -
		s->filled = 0;
150 +
		beltBlockXor2(st->t, st->block);
151 +
		beltPolyMul(st->t, st->t, st->r, st->stack);
152 +
		st->filled = 0;
169 153
	}
170 154
	// цикл по полным блокам
171 155
	while (count >= 16)
172 156
	{
173 -
		beltBlockCopy(s->block, buf);
157 +
		beltBlockCopy(st->block, buf);
174 158
#if (OCTET_ORDER == BIG_ENDIAN)
175 -
		beltBlockRevW(s->block);
159 +
		beltBlockRevW(st->block);
176 160
#endif
177 -
		beltBlockXor2(s->s, s->block);
178 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
161 +
		beltBlockXor2(st->t, st->block);
162 +
		beltPolyMul(st->t, st->t, st->r, st->stack);
179 163
		buf = (const octet*)buf + 16;
180 164
		count -= 16;
181 165
	}
182 166
	// неполный блок?
183 167
	if (count)
184 -
		memCopy(s->block, buf, s->filled = count);
168 +
		memCopy(st->block, buf, st->filled = count);
185 169
}
186 170
187 171
void beltDWPStepD(void* buf, size_t count, void* state)
@@ -191,47 +175,41 @@
Loading
191 175
192 176
static void beltDWPStepG_internal(void* state)
193 177
{
194 -
	belt_dwp_st* s = (belt_dwp_st*)state;
178 +
	belt_dwp_st* st = (belt_dwp_st*)state;
195 179
	ASSERT(memIsValid(state, beltDWP_keep()));
196 -
	// есть накопленные данные?
197 -
	if (s->filled)
180 +
	// создать копию t и завершить обработку данных
181 +
	if (st->filled)
198 182
	{
199 -
		memSetZero(s->block + s->filled, 16 - s->filled);
200 -
#if (OCTET_ORDER == BIG_ENDIAN)
201 -
		beltBlockRevW(s->block);
202 -
#endif
203 -
		beltBlockXor2(s->s, s->block);
204 -
		beltPolyMul(s->s, s->s, s->r, s->stack);
205 -
		s->filled = 0;
183 +
		memSetZero(st->block + st->filled, 16 - st->filled);
184 +
		wwFrom(st->t1, st->block, 16);
185 +
		beltBlockXor2(st->t1, st->t);
186 +
		beltPolyMul(st->t1, st->t1, st->r, st->stack);
206 187
	}
188 +
	else
189 +
		memCopy(st->t1, st->t, 16);
207 190
	// обработать блок длины
208 -
	beltBlockXor2(s->s, s->len);
209 -
	beltPolyMul(s->s, s->s, s->r, s->stack);
210 -
#if (OCTET_ORDER == BIG_ENDIAN && B_PER_W != 32)
211 -
	beltBlockRevW(s->s);
212 -
	beltBlockRevU32(s->s);
191 +
	beltBlockXor2(st->t1, st->len);
192 +
	beltPolyMul(st->t1, st->t1, st->r, st->stack);
193 +
#if (OCTET_ORDER == BIG_ENDIAN)
194 +
	beltBlockRevW(st->t1);
213 195
#endif
214 -
	beltBlockEncr2((u32*)s->s, s->ctr->key);
196 +
	beltBlockEncr((octet*)st->t1, st->ctr->key);
215 197
}
216 198
217 199
void beltDWPStepG(octet mac[8], void* state)
218 200
{
219 -
	belt_dwp_st* s = (belt_dwp_st*)state;
201 +
	belt_dwp_st* st = (belt_dwp_st*)state;
220 202
	ASSERT(memIsValid(mac, 8));
221 203
	beltDWPStepG_internal(state);
222 -
	u32To(mac, 8, (u32*)s->s);
204 +
	memCopy(mac, st->t1, 8);
223 205
}
224 206
225 207
bool_t beltDWPStepV(const octet mac[8], void* state)
226 208
{
227 -
	belt_dwp_st* s = (belt_dwp_st*)state;
209 +
	belt_dwp_st* st = (belt_dwp_st*)state;
228 210
	ASSERT(memIsValid(mac, 8));
229 211
	beltDWPStepG_internal(state);
230 -
#if (OCTET_ORDER == BIG_ENDIAN)
231 -
	s->s[0] = u32Rev(s->s[0]);
232 -
	s->s[1] = u32Rev(s->s[1]);
233 -
#endif
234 -
	return memEq(mac, s->s, 8);
212 +
	return memEq(mac, st->t1, 8);
235 213
}
236 214
237 215
err_t beltDWPWrap(void* dest, octet mac[8], const void* src1, size_t count1,
@@ -297,4 +275,3 @@
Loading
297 275
	blobClose(state);
298 276
	return ERR_OK;
299 277
}
300 -

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file gf2.c
4 4
\brief Binary fields

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.20
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -15,11 +15,13 @@
Loading
15 15
#include "bee2/core/u32.h"
16 16
#include "bee2/core/util.h"
17 17
#include "bee2/crypto/belt.h"
18 +
#include "bee2/math/pp.h"
19 +
#include "bee2/math/ww.h"
18 20
#include "belt_lcl.h"
19 21
20 22
/*
21 23
*******************************************************************************
22 -
Арифметика
24 +
Арифметика чисел
23 25
*******************************************************************************
24 26
*/
25 27
@@ -85,3 +87,45 @@
Loading
85 87
#endif // B_PER_W
86 88
	carry = 0;
87 89
}
90 +
91 +
/*
92 +
*******************************************************************************
93 +
Арифметика многочленов
94 +
*******************************************************************************
95 +
*/
96 +
97 +
void beltPolyMul(word c[], const word a[], const word b[], void* stack)
98 +
{
99 +
	const size_t n = W_OF_B(128);
100 +
	word* prod = (word*)stack;
101 +
	stack = prod + 2 * n;
102 +
	// умножить
103 +
	ppMul(prod, a, n, b, n, stack);
104 +
	// привести по модулю
105 +
	ppRedBelt(prod);
106 +
	wwCopy(c, prod, n);
107 +
}
108 +
109 +
size_t beltPolyMul_deep()
110 +
{
111 +
	const size_t n = W_OF_B(128);
112 +
	return O_OF_W(2 * n) + ppMul_deep(n, n);
113 +
}
114 +
115 +
/*
116 +
*******************************************************************************
117 +
Умножение на многочлен C(x) = x mod (x^128 + x^7 + x^2 + x + 1)
118 +
119 +
\remark t = (старший бит block ненулевой) ? x^7 + x^2 + x + 1 : 0 [регулярно].
120 +
*******************************************************************************
121 +
*/
122 +
123 +
void beltBlockMulC(u32 block[4])
124 +
{
125 +
	register u32 t = ~((block[3] >> 31) - U32_1) & 0x00000087;
126 +
	block[3] = (block[3] << 1) ^ (block[2] >> 31);
127 +
	block[2] = (block[2] << 1) ^ (block[1] >> 31);
128 +
	block[1] = (block[1] << 1) ^ (block[0] >> 31);
129 +
	block[0] = (block[0] << 1) ^ t;
130 +
	t = 0;
131 +
}

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file brng.c
4 4
\brief STB 34.101.47 (brng): algorithms of pseudorandom number generation
@@ -219,7 +219,7 @@
Loading
219 219
		memCopy(s->iv_buf, iv, iv_len);
220 220
		s->iv = s->iv_buf;
221 221
	}
222 -
    else
222 +
	else
223 223
		s->iv = iv;
224 224
	// обработать key
225 225
	beltHMACStart(s->state_ex + beltHMAC_keep(), key, key_len);

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file str.c
4 4
\brief Strings

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file rng.c
4 4
\brief Entropy sources and random number generators

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -41,33 +41,33 @@
Loading
41 41
void beltKRPStart(void* state, const octet key[], size_t len, 
42 42
	const octet level[12])
43 43
{
44 -
	belt_krp_st* s = (belt_krp_st*)state;
45 -
	ASSERT(memIsDisjoint2(level, 12, s, beltKRP_keep()));
44 +
	belt_krp_st* st = (belt_krp_st*)state;
45 +
	ASSERT(memIsDisjoint2(level, 12, state, beltKRP_keep()));
46 46
	// block <- ... || level || ...
47 -
	u32From(s->block + 1, level, 12);
47 +
	u32From(st->block + 1, level, 12);
48 48
	// сохранить ключ
49 -
	beltKeyExpand2(s->key, key, s->len = len);
49 +
	beltKeyExpand2(st->key, key, st->len = len);
50 50
}
51 51
52 52
void beltKRPStepG(octet key_[], size_t key_len, const octet header[16],
53 53
	void* state)
54 54
{
55 -
	belt_krp_st* s = (belt_krp_st*)state;
55 +
	belt_krp_st* st = (belt_krp_st*)state;
56 56
	// pre
57 -
	ASSERT(memIsValid(s, beltKRP_keep()));
57 +
	ASSERT(memIsValid(state, beltKRP_keep()));
58 58
	ASSERT(key_len == 16 || key_len == 24 || key_len == 32);
59 -
	ASSERT(key_len <= s->len);
60 -
	ASSERT(memIsDisjoint2(key_, key_len, s, beltKRP_keep()));
61 -
	ASSERT(memIsDisjoint2(header, 16, s, beltKRP_keep()));
62 -
	// полностью определить s->block
63 -
	u32From(s->block, beltH() + 4 * (s->len - 16) + 2 * (key_len - 16), 4);
64 -
	u32From(s->block + 4, header, 16);
59 +
	ASSERT(key_len <= st->len);
60 +
	ASSERT(memIsDisjoint2(key_, key_len, state, beltKRP_keep()));
61 +
	ASSERT(memIsDisjoint2(header, 16, state, beltKRP_keep()));
62 +
	// полностью определить st->block
63 +
	u32From(st->block, beltH() + 4 * (st->len - 16) + 2 * (key_len - 16), 4);
64 +
	u32From(st->block + 4, header, 16);
65 65
	// применить belt-compr2
66 -
	beltBlockCopy(s->key_new, s->key);
67 -
	beltBlockCopy(s->key_new + 4, s->key + 4);
68 -
	beltCompr(s->key_new, s->block, s->stack);
66 +
	beltBlockCopy(st->key_new, st->key);
67 +
	beltBlockCopy(st->key_new + 4, st->key + 4);
68 +
	beltCompr(st->key_new, st->block, st->stack);
69 69
	// выгрузить ключ
70 -
	u32To(key_, key_len, s->key_new);
70 +
	u32To(key_, key_len, st->key_new);
71 71
}
72 72
73 73
err_t beltKRP(octet dest[], size_t m, const octet src[], size_t n,

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2017.09.28
8 -
\version 2019.06.26
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -41,7 +41,7 @@
Loading
41 41
Аргумент ceil() на предпоследнем шаге можно записать следующим образом:
42 42
\code
43 43
	count * (4764 k (8^k + 9 4^k mod + 9 2^k mod^2 + mod^3) - 
44 -
               2291(11 8^k + 27 4^k mod - 27 2^k mod^2 - 11 mod^3)) / 
44 +
			   2291(11 8^k + 27 4^k mod - 27 2^k mod^2 - 11 mod^3)) / 
45 45
	304896 * (8^k + 9 4^k mod + 9 2^k mod^2 + mod^3)
46 46
\endcode
47 47
@@ -278,7 +278,7 @@
Loading
278 278
к beltKWPStepE(). Для корректной работы перед каждым обращением в состоянии
279 279
механизма KWP сбрасывается счетчик тактов:
280 280
\code
281 -
	s->kwp->round = 0;
281 +
	st->kwp->round = 0;
282 282
\endcode
283 283
*******************************************************************************
284 284
*/
@@ -305,106 +305,106 @@
Loading
305 305
void beltFMTStart(void* state, u32 mod, size_t count, const octet key[], 
306 306
	size_t len)
307 307
{
308 -
	belt_fmt_st* s = (belt_fmt_st*)state;
308 +
	belt_fmt_st* st = (belt_fmt_st*)state;
309 309
	ASSERT(2 <= mod && mod <= 65536);
310 310
	ASSERT(2 <= count && count <= 600);
311 311
	ASSERT(memIsValid(state, beltFMT_keep(mod, count)));
312 312
	// инициализировать состояние
313 -
	beltWBLStart(s->wbl, key, len);
314 -
	s->mod = mod;
315 -
	s->n1 = (count + 1) / 2;
316 -
	s->n2 = count / 2;
317 -
	s->b1 = beltFMTCalcB(mod, s->n1);
318 -
	s->b2 = beltFMTCalcB(mod, s->n2);
313 +
	beltWBLStart(st->wbl, key, len);
314 +
	st->mod = mod;
315 +
	st->n1 = (count + 1) / 2;
316 +
	st->n2 = count / 2;
317 +
	st->b1 = beltFMTCalcB(mod, st->n1);
318 +
	st->b2 = beltFMTCalcB(mod, st->n2);
319 319
#if (OCTET_ORDER == LITTLE_ENDIAN)
320 -
	((u16*)s->iv)[0] = (u16)mod;
321 -
	((u16*)s->iv)[1] = (u16)count;
320 +
	((u16*)st->iv)[0] = (u16)mod;
321 +
	((u16*)st->iv)[1] = (u16)count;
322 322
#else
323 -
	((u16*)s->iv)[0] = u16Rev((u16)mod);
324 -
	((u16*)s->iv)[1] = u16Rev((u16)count);
323 +
	((u16*)st->iv)[0] = u16Rev((u16)mod);
324 +
	((u16*)st->iv)[1] = u16Rev((u16)count);
325 325
#endif
326 -
	memCopy(s->iv + 20, s->iv, 4);
326 +
	memCopy(st->iv + 20, st->iv, 4);
327 327
}
328 328
329 329
void beltFMTStepE(u16 buf[], const octet iv[16], void* state)
330 330
{
331 -
	belt_fmt_st* s = (belt_fmt_st*)state;
331 +
	belt_fmt_st* st = (belt_fmt_st*)state;
332 332
	size_t i;
333 333
	ASSERT(memIsValid(state, sizeof(belt_fmt_st)));
334 -
	ASSERT(memIsValid(state, beltFMT_keep(s->mod, s->n1 + s->n2)));
334 +
	ASSERT(memIsValid(state, beltFMT_keep(st->mod, st->n1 + st->n2)));
335 335
	ASSERT(memIsNullOrValid(iv, 16));
336 -
	ASSERT(memIsValid(buf, 2 * s->n1 + 2 * s->n2));
336 +
	ASSERT(memIsValid(buf, 2 * st->n1 + 2 * st->n2));
337 337
	// подготовить синхропосылку
338 338
	if (iv)
339 -
		memCopy(s->iv + 4, iv, 16);
339 +
		memCopy(st->iv + 4, iv, 16);
340 340
	else
341 -
		memSetZero(s->iv + 4, 16);
341 +
		memSetZero(st->iv + 4, 16);
342 342
	// такты
343 343
	for (i = 0; i < 3; ++i)
344 344
	{
345 345
		// первая половинка
346 -
		beltStr2Bin(s->buf, s->b2, s->mod, buf + s->n1, s->n2);
347 -
		memCopy(s->buf + s->b2 * 8, beltH() + 8 * i, 4);
348 -
		memCopy(s->buf + s->b2 * 8 + 4, s->iv + 8 * i, 4);
349 -
		if (s->b2 == 1)
350 -
			beltBlockEncr(s->buf, s->wbl->key);
351 -
		else if (s->b2 == 2)
352 -
			belt32BlockEncr(s->buf, s->wbl->key);
346 +
		beltStr2Bin(st->buf, st->b2, st->mod, buf + st->n1, st->n2);
347 +
		memCopy(st->buf + st->b2 * 8, beltH() + 8 * i, 4);
348 +
		memCopy(st->buf + st->b2 * 8 + 4, st->iv + 8 * i, 4);
349 +
		if (st->b2 == 1)
350 +
			beltBlockEncr(st->buf, st->wbl->key);
351 +
		else if (st->b2 == 2)
352 +
			belt32BlockEncr(st->buf, st->wbl->key);
353 353
		else
354 -
			beltWBLStepE(s->buf, 8 * s->b2 + 8, s->wbl);
355 -
		beltBin2StrAdd(s->mod, buf, s->n1, s->buf, s->b2 + 1);
354 +
			beltWBLStepE(st->buf, 8 * st->b2 + 8, st->wbl);
355 +
		beltBin2StrAdd(st->mod, buf, st->n1, st->buf, st->b2 + 1);
356 356
		// вторая половинка
357 -
		beltStr2Bin(s->buf, s->b1, s->mod, buf, s->n1);
358 -
		memCopy(s->buf + s->b1 * 8, beltH() + 8 * i + 4, 4);
359 -
		memCopy(s->buf + s->b1 * 8 + 4, s->iv + 8 * i + 4, 4);
360 -
		if (s->b1 == 1)
361 -
			beltBlockEncr(s->buf, s->wbl->key);
362 -
		else if (s->b1 == 2)
363 -
			belt32BlockEncr(s->buf, s->wbl->key);
357 +
		beltStr2Bin(st->buf, st->b1, st->mod, buf, st->n1);
358 +
		memCopy(st->buf + st->b1 * 8, beltH() + 8 * i + 4, 4);
359 +
		memCopy(st->buf + st->b1 * 8 + 4, st->iv + 8 * i + 4, 4);
360 +
		if (st->b1 == 1)
361 +
			beltBlockEncr(st->buf, st->wbl->key);
362 +
		else if (st->b1 == 2)
363 +
			belt32BlockEncr(st->buf, st->wbl->key);
364 364
		else
365 -
			beltWBLStepE(s->buf, 8 * s->b1 + 8, s->wbl);
366 -
		beltBin2StrAdd(s->mod, buf + s->n1, s->n2, s->buf, s->b1 + 1);
365 +
			beltWBLStepE(st->buf, 8 * st->b1 + 8, st->wbl);
366 +
		beltBin2StrAdd(st->mod, buf + st->n1, st->n2, st->buf, st->b1 + 1);
367 367
	}
368 368
}
369 369
370 370
void beltFMTStepD(u16 buf[], const octet iv[16], void* state)
371 371
{
372 -
	belt_fmt_st* s = (belt_fmt_st*)state;
372 +
	belt_fmt_st* st = (belt_fmt_st*)state;
373 373
	size_t i;
374 374
	ASSERT(memIsValid(state, sizeof(belt_fmt_st)));
375 -
	ASSERT(memIsValid(state, beltFMT_keep(s->mod, s->n1 + s->n2)));
375 +
	ASSERT(memIsValid(state, beltFMT_keep(st->mod, st->n1 + st->n2)));
376 376
	ASSERT(memIsNullOrValid(iv, 16));
377 -
	ASSERT(memIsValid(buf, 2 * s->n1 + 2 * s->n2));
377 +
	ASSERT(memIsValid(buf, 2 * st->n1 + 2 * st->n2));
378 378
	// подготовить синхропосылку
379 379
	if (iv)
380 -
		memCopy(s->iv + 4, iv, 16);
380 +
		memCopy(st->iv + 4, iv, 16);
381 381
	else
382 -
		memSetZero(s->iv + 4, 16);
382 +
		memSetZero(st->iv + 4, 16);
383 383
	// такты
384 384
	for (i = 3; i--;)
385 385
	{
386 386
		// вторая половинка
387 -
		beltStr2Bin(s->buf, s->b1, s->mod, buf, s->n1);
388 -
		memCopy(s->buf + s->b1 * 8, beltH() + 8 * i + 4, 4);
389 -
		memCopy(s->buf + s->b1 * 8 + 4, s->iv + 8 * i + 4, 4);
390 -
		if (s->b1 == 1)
391 -
			beltBlockEncr(s->buf, s->wbl->key);
392 -
		else if (s->b1 == 2)
393 -
			belt32BlockEncr(s->buf, s->wbl->key);
387 +
		beltStr2Bin(st->buf, st->b1, st->mod, buf, st->n1);
388 +
		memCopy(st->buf + st->b1 * 8, beltH() + 8 * i + 4, 4);
389 +
		memCopy(st->buf + st->b1 * 8 + 4, st->iv + 8 * i + 4, 4);
390 +
		if (st->b1 == 1)
391 +
			beltBlockEncr(st->buf, st->wbl->key);
392 +
		else if (st->b1 == 2)
393 +
			belt32BlockEncr(st->buf, st->wbl->key);
394 394
		else
395 -
			beltWBLStepE(s->buf, 8 * s->b1 + 8, s->wbl);
396 -
		beltBin2StrSub(s->mod, buf + s->n1, s->n2, s->buf, s->b1 + 1);
395 +
			beltWBLStepE(st->buf, 8 * st->b1 + 8, st->wbl);
396 +
		beltBin2StrSub(st->mod, buf + st->n1, st->n2, st->buf, st->b1 + 1);
397 397
		// первая половинка
398 -
		beltStr2Bin(s->buf, s->b2, s->mod, buf + s->n1, s->n2);
399 -
		memCopy(s->buf + s->b2 * 8, beltH() + 8 * i, 4);
400 -
		memCopy(s->buf + s->b2 * 8 + 4, s->iv + 8 * i, 4);
401 -
		if (s->b2 == 1)
402 -
			beltBlockEncr(s->buf, s->wbl->key);
403 -
		else if (s->b2 == 2)
404 -
			belt32BlockEncr(s->buf, s->wbl->key);
398 +
		beltStr2Bin(st->buf, st->b2, st->mod, buf + st->n1, st->n2);
399 +
		memCopy(st->buf + st->b2 * 8, beltH() + 8 * i, 4);
400 +
		memCopy(st->buf + st->b2 * 8 + 4, st->iv + 8 * i, 4);
401 +
		if (st->b2 == 1)
402 +
			beltBlockEncr(st->buf, st->wbl->key);
403 +
		else if (st->b2 == 2)
404 +
			belt32BlockEncr(st->buf, st->wbl->key);
405 405
		else
406 -
			beltWBLStepE(s->buf, 8 * s->b2 + 8, s->wbl);
407 -
		beltBin2StrSub(s->mod, buf, s->n1, s->buf, s->b2 + 1);
406 +
			beltWBLStepE(st->buf, 8 * st->b2 + 8, st->wbl);
407 +
		beltBin2StrSub(st->mod, buf, st->n1, st->buf, st->b2 + 1);
408 408
	}	
409 409
}
410 410

@@ -1,4 +1,4 @@
Loading
1 -
/*
1 +
/*
2 2
*******************************************************************************
3 3
\file zm.с
4 4
\brief Quotient rings of integers modulo m

@@ -5,7 +5,7 @@
Loading
5 5
\project bee2 [cryptographic library]
6 6
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 7
\created 2012.12.18
8 -
\version 2019.07.09
8 +
\version 2020.03.24
9 9
\license This program is released under the GNU General Public License 
10 10
version 3. See Copyright Notices in bee2/info.h.
11 11
*******************************************************************************
@@ -43,129 +43,129 @@
Loading
43 43
44 44
void beltHashStart(void* state)
45 45
{
46 -
	belt_hash_st* s = (belt_hash_st*)state;
47 -
	ASSERT(memIsValid(s, beltHash_keep()));
46 +
	belt_hash_st* st = (belt_hash_st*)state;
47 +
	ASSERT(memIsValid(state, beltHash_keep()));
48 48
	// len || s <- 0
49 -
	beltBlockSetZero(s->ls);
50 -
	beltBlockSetZero(s->ls + 4);
49 +
	beltBlockSetZero(st->ls);
50 +
	beltBlockSetZero(st->ls + 4);
51 51
	// h <- B194...0D
52 -
	u32From(s->h, beltH(), 32);
52 +
	u32From(st->h, beltH(), 32);
53 53
	// нет накопленнных данных
54 -
	s->filled = 0;
54 +
	st->filled = 0;
55 55
}
56 56
57 57
void beltHashStepH(const void* buf, size_t count, void* state)
58 58
{
59 -
	belt_hash_st* s = (belt_hash_st*)state;
60 -
	ASSERT(memIsDisjoint2(buf, count, s, beltHash_keep()));
59 +
	belt_hash_st* st = (belt_hash_st*)state;
60 +
	ASSERT(memIsDisjoint2(buf, count, state, beltHash_keep()));
61 61
	// обновить длину
62 -
	beltBlockAddBitSizeU32(s->ls, count);
62 +
	beltBlockAddBitSizeU32(st->ls, count);
63 63
	// есть накопленные данные?
64 -
	if (s->filled)
64 +
	if (st->filled)
65 65
	{
66 -
		if (count < 32 - s->filled)
66 +
		if (count < 32 - st->filled)
67 67
		{
68 -
			memCopy(s->block + s->filled, buf, count);
69 -
			s->filled += count;
68 +
			memCopy(st->block + st->filled, buf, count);
69 +
			st->filled += count;
70 70
			return;
71 71
		}
72 -
		memCopy(s->block + s->filled, buf, 32 - s->filled);
73 -
		count -= 32 - s->filled;
74 -
		buf = (const octet*)buf + 32 - s->filled;
72 +
		memCopy(st->block + st->filled, buf, 32 - st->filled);
73 +
		count -= 32 - st->filled;
74 +
		buf = (const octet*)buf + 32 - st->filled;
75 75
#if (OCTET_ORDER == BIG_ENDIAN)
76 -
		beltBlockRevU32(s->block);
77 -
		beltBlockRevU32(s->block + 16);
76 +
		beltBlockRevU32(st->block);
77 +
		beltBlockRevU32(st->block + 16);
78 78
#endif
79 -
		beltCompr2(s->ls + 4, s->h, (u32*)s->block, s->stack);
80 -
		s->filled = 0;
79 +
		beltCompr2(st->ls + 4, st->h, (u32*)st->block, st->stack);
80 +
		st->filled = 0;
81 81
	}
82 82
	// цикл по полным блокам
83 83
	while (count >= 32)
84 84
	{
85 -
		beltBlockCopy(s->block, buf);
86 -
		beltBlockCopy(s->block + 16, (const octet*)buf + 16);
85 +
		beltBlockCopy(st->block, buf);
86 +
		beltBlockCopy(st->block + 16, (const octet*)buf + 16);
87 87
#if (OCTET_ORDER == BIG_ENDIAN)
88 -
		beltBlockRevU32(s->block);
89 -
		beltBlockRevU32(s->block + 16);
88 +
		beltBlockRevU32(st->block);
89 +
		beltBlockRevU32(st->block + 16);
90 90
#endif
91 -
		beltCompr2(s->ls + 4, s->h, (u32*)s->block, s->stack);
91 +
		beltCompr2(st->ls + 4, st->h, (u32*)st->block, st->stack);
92 92
		buf = (const octet*)buf + 32;
93 93
		count -= 32;
94 94
	}
95 95
	// неполный блок?
96 96
	if (count)
97 -
		memCopy(s->block, buf, s->filled = count);
97 +
		memCopy(st->block, buf, st->filled = count);
98 98
}
99 99
100 100
static void beltHashStepG_internal(void* state)
101 101
{
102 -
	belt_hash_st* s = (belt_hash_st*)state;
102 +
	belt_hash_st* st = (belt_hash_st*)state;
103 103
	// pre
104 -
	ASSERT(memIsValid(s, beltHash_keep()));
105 -
	// создать копии второй части s->ls и s->h
106 -
	beltBlockCopy(s->s1, s->ls + 4);
107 -
	beltBlockCopy(s->h1, s->h);
108 -
	beltBlockCopy(s->h1 + 4, s->h + 4);
104 +
	ASSERT(memIsValid(state, beltHash_keep()));
105 +
	// создать копии второй части st->ls и st->h
106 +
	beltBlockCopy(st->s1, st->ls + 4);
107 +
	beltBlockCopy(st->h1, st->h);
108 +
	beltBlockCopy(st->h1 + 4, st->h + 4);
109 109
	// есть необработанные данные?
110 -
	if (s->filled)
110 +
	if (st->filled)
111 111
	{
112 -
		memSetZero(s->block + s->filled, 32 - s->filled);
112 +
		memSetZero(st->block + st->filled, 32 - st->filled);
113 113
#if (OCTET_ORDER == BIG_ENDIAN)
114 -
		beltBlockRevU32(s->block);
115 -
		beltBlockRevU32(s->block + 16);
114 +
		beltBlockRevU32(st->block);
115 +
		beltBlockRevU32(st->block + 16);
116 116
#endif
117 -
		beltCompr2(s->ls + 4, s->h1, (u32*)s->block, s->stack);
117 +
		beltCompr2(st->ls + 4, st->h1, (u32*)st->block, st->stack);
118 118
#if (OCTET_ORDER == BIG_ENDIAN)
119 -
		beltBlockRevU32(s->block + 16);
120 -
		beltBlockRevU32(s->block);
119 +
		beltBlockRevU32(st->block + 16);
120 +
		beltBlockRevU32(st->block);
121 121
#endif
122 122
	}
123 123
	// последний блок
124 -
	beltCompr(s->h1, s->ls, s->stack);
125 -
	// восстановить сохраненную часть s->ls
126 -
	beltBlockCopy(s->ls + 4, s->s1);
124 +
	beltCompr(st->h1, st->ls, st->stack);
125 +
	// восстановить сохраненную часть st->ls
126 +
	beltBlockCopy(st->ls + 4, st->s1);
127 127
}
128 128
129 129
void beltHashStepG(octet hash[32], void* state)
130 130
{
131 -
	belt_hash_st* s = (belt_hash_st*)state;
131 +
	belt_hash_st* st = (belt_hash_st*)state;
132 132
	ASSERT(memIsValid(hash, 32));
133 133
	beltHashStepG_internal(state);
134 -
	u32To(hash, 32, s->h1);
134 +
	u32To(hash, 32, st->h1);
135 135
}
136 136
137 137
void beltHashStepG2(octet hash[], size_t hash_len, void* state)
138 138
{
139 -
	belt_hash_st* s = (belt_hash_st*)state;
139 +
	belt_hash_st* st = (belt_hash_st*)state;
140 140
	ASSERT(hash_len <= 32);
141 141
	ASSERT(memIsValid(hash, hash_len));
142 142
	beltHashStepG_internal(state);
143 -
	u32To(hash, hash_len, s->h1);
143 +
	u32To(hash, hash_len, st->h1);
144 144
}
145 145
146 146
bool_t beltHashStepV(const octet hash[32], void* state)
147 147
{
148 -
	belt_hash_st* s = (belt_hash_st*)state;
148 +
	belt_hash_st* st = (belt_hash_st*)state;
149 149
	ASSERT(memIsValid(hash, 32));
150 150
	beltHashStepG_internal(state);
151 151
#if (OCTET_ORDER == BIG_ENDIAN)
152 -
	beltBlockRevU32(s->h1);
153 -
	beltBlockRevU32(s->h1 + 4);
152 +
	beltBlockRevU32(st->h1);
153 +
	beltBlockRevU32(st->h1 + 4);
154 154
#endif
155 -
	return memEq(hash, s->h1, 32);
155 +
	return memEq(hash, st->h1, 32);
156 156
}
157 157
158 158
bool_t beltHashStepV2(const octet hash[], size_t hash_len, void* state)
159 159
{
160 -
	belt_hash_st* s = (belt_hash_st*)state;
160 +
	belt_hash_st* st = (belt_hash_st*)state;
161 161
	ASSERT(hash_len <= 32);
162 162
	ASSERT(memIsValid(hash, hash_len));
163 163
	beltHashStepG_internal(state);
164 164
#if (OCTET_ORDER == BIG_ENDIAN)
165 -
	beltBlockRevU32(s->h1);
166 -
	beltBlockRevU32(s->h1 + 4);
165 +
	beltBlockRevU32(st->h1);
166 +
	beltBlockRevU32(st->h1 + 4);
167 167
#endif
168 -
	return memEq(hash, s->h1, hash_len);
168 +
	return memEq(hash, st->h1, hash_len);
169 169
}
170 170
171 171
err_t beltHash(octet hash[32], const void* src, size_t count)

@@ -149,7 +149,7 @@
Loading
149 149
}
150 150
151 151
void FAST(zzRedBarr)(word a[], const word mod[], size_t n, 
152 -
    const word barr_param[], void* stack)
152 +
	const word barr_param[], void* stack)
153 153
{
154 154
	// переменные в stack
155 155
	word* q = (word*)stack;
@@ -171,7 +171,7 @@
Loading
171 171
}
172 172
173 173
void SAFE(zzRedBarr)(word a[], const word mod[], size_t n, 
174 -
    const word barr_param[], void* stack)
174 +
	const word barr_param[], void* stack)
175 175
{
176 176
	register word w;
177 177
	size_t i;

@@ -0,0 +1,321 @@
Loading
1 +
/*
2 +
*******************************************************************************
3 +
\file belt_che.c
4 +
\brief STB 34.101.31 (belt): CHE (Ctr-Hash-Encrypt) authenticated encryption
5 +
\project bee2 [cryptographic library]
6 +
\author (C) Sergey Agievich [agievich@{bsu.by|gmail.com}]
7 +
\created 2020.03.20
8 +
\version 2020.03.24
9 +
\license This program is released under the GNU General Public License 
10 +
version 3. See Copyright Notices in bee2/info.h.
11 +
*******************************************************************************
12 +
*/
13 +
14 +
#include "bee2/core/blob.h"
15 +
#include "bee2/core/err.h"
16 +
#include "bee2/core/mem.h"
17 +
#include "bee2/core/util.h"
18 +
#include "bee2/crypto/belt.h"
19 +
#include "bee2/math/ww.h"
20 +
#include "belt_lcl.h"
21 +
22 +
/*
23 +
*******************************************************************************
24 +
Аутентифицированное шифрование данных (CHE)
25 +
26 +
\remark Режим get-then-continue реализован, но пока не рекомендован
27 +
(вплоть до завершения оценки надежности).
28 +
*******************************************************************************
29 +
*/
30 +
31 +
typedef struct
32 +
{
33 +
	u32 key[8];				/*< форматированный ключ */
34 +
	u32 ctr[4];				/*< счетчик */
35 +
	word s[W_OF_B(128)];	/*< переменная s */
36 +
	word t[W_OF_B(128)];	/*< переменная t */
37 +
	word t1[W_OF_B(128)];	/*< копия t/имитовставка */
38 +
	word len[W_OF_B(128)];	/*< обработано открытых || критических данных */
39 +
	octet block[16];		/*< блок аутентифицируемых данных */
40 +
	octet block1[16];		/*< блок гаммы */
41 +
	size_t filled;			/*< накоплено октетов в block */
42 +
	size_t reserved;		/*< резерв октетов гаммы */
43 +
	octet stack[];			/*< стек умножения */
44 +
} belt_che_st;
45 +
46 +
size_t beltCHE_keep()
47 +
{
48 +
	return sizeof(belt_che_st) + beltPolyMul_deep();
49 +
}
50 +
51 +
void beltCHEStart(void* state, const octet key[], size_t len, 
52 +
	const octet iv[16])
53 +
{
54 +
	belt_che_st* st = (belt_che_st*)state;
55 +
	ASSERT(memIsDisjoint2(iv, 16, state, beltCHE_keep()));
56 +
	// разобрать key и iv
57 +
	beltKeyExpand2(st->key, key, len);
58 +
	beltBlockCopy(st->s, iv);
59 +
	beltBlockEncr((octet*)st->s, st->key);
60 +
	u32From(st->ctr, st->s, 16);
61 +
#if (OCTET_ORDER == BIG_ENDIAN)
62 +
	beltBlockRevW(st->s);
63 +
#endif
64 +
	// подготовить t
65 +
	wwFrom(st->t, beltH(), 16);
66 +
	// обнулить счетчики
67 +
	memSetZero(st->len, sizeof(st->len));
68 +
	st->reserved = 0;
69 +
	st->filled = 0;
70 +
}
71 +
72 +
void beltCHEStepE(void* buf, size_t count, void* state)
73 +
{
74 +
	belt_che_st* st = (belt_che_st*)state;
75 +
	ASSERT(memIsDisjoint2(buf, count, state, beltCHE_keep()));
76 +
	// есть резерв гаммы?
77 +
	if (st->reserved)
78 +
	{
79 +
		if (st->reserved >= count)
80 +
		{
81 +
			memXor2(buf, st->block1 + 16 - st->reserved, count);
82 +
			st->reserved -= count;
83 +
			return;
84 +
		}
85 +
		memXor2(buf, st->block1 + 16 - st->reserved, st->reserved);
86 +
		count -= st->reserved;
87 +
		buf = (octet*)buf + st->reserved;
88 +
		st->reserved = 0;
89 +
	}
90 +
	// цикл по полным блокам
91 +
	while (count >= 16)
92 +
	{
93 +
		beltBlockMulC(st->ctr), st->ctr[0] ^= 0x00000001;
94 +
		beltBlockCopy(st->block1, st->ctr);
95 +
		beltBlockEncr2((u32*)st->block1, st->key);
96 +
#if (OCTET_ORDER == BIG_ENDIAN)
97 +
		beltBlockRevU32(st->block1);
98 +
#endif
99 +
		beltBlockXor2(buf, st->block1);
100 +
		buf = (octet*)buf + 16;
101 +
		count -= 16;
102 +
	}
103 +
	// неполный блок?
104 +
	if (count)
105 +
	{
106 +
		beltBlockMulC(st->ctr), st->ctr[0] ^= 0x00000001;
107 +
		beltBlockCopy(st->block1, st->ctr);
108 +
		beltBlockEncr2((u32*)st->block1, st->key);
109 +
#if (OCTET_ORDER == BIG_ENDIAN)
110 +
		beltBlockRevU32(st->block1);
111 +
#endif
112 +
		memXor2(buf, st->block1, count);
113 +
		st->reserved = 16 - count;
114 +
	}
115 +
}
116 +
117 +
void beltCHEStepI(const void* buf, size_t count, void* state)
118 +
{
119 +
	belt_che_st* st = (belt_che_st*)state;
120 +
	ASSERT(memIsDisjoint2(buf, count, state, beltCHE_keep()));
121 +
	// критические данные не обрабатывались?
122 +
	ASSERT(count == 0 || beltHalfBlockIsZero(st->len + W_OF_B(64)));
123 +
	// обновить длину
124 +
	beltHalfBlockAddBitSizeW(st->len, count);
125 +
	// есть накопленные данные?
126 +
	if (st->filled)
127 +
	{
128 +
		if (count < 16 - st->filled)
129 +
		{
130 +
			memCopy(st->block + st->filled, buf, count);
131 +
			st->filled += count;
132 +
			return;
133 +
		}
134 +
		memCopy(st->block + st->filled, buf, 16 - st->filled);
135 +
		count -= 16 - st->filled;
136 +
		buf = (const octet*)buf + 16 - st->filled;
137 +
#if (OCTET_ORDER == BIG_ENDIAN)
138 +
		beltBlockRevW(st->block);
139 +
#endif
140 +
		beltBlockXor2(st->t, st->block);
141 +
		beltPolyMul(st->t, st->t, st->s, st->stack);
142 +
		st->filled = 0;
143 +
	}
144 +
	// цикл по полным блокам
145 +
	while (count >= 16)
146 +
	{
147 +
		beltBlockCopy(st->block, buf);
148 +
#if (OCTET_ORDER == BIG_ENDIAN)
149 +
		beltBlockRevW(st->block);
150 +
#endif
151 +
		beltBlockXor2(st->t, st->block);
152 +
		beltPolyMul(st->t, st->t, st->s, st->stack);
153 +
		buf = (const octet*)buf + 16;
154 +
		count -= 16;
155 +
	}
156 +
	// неполный блок?
157 +
	if (count)
158 +
		memCopy(st->block, buf, st->filled = count);
159 +
}
160 +
161 +
void beltCHEStepA(const void* buf, size_t count, void* state)
162 +
{
163 +
	belt_che_st* st = (belt_che_st*)state;
164 +
	ASSERT(memIsDisjoint2(buf, count, state, beltCHE_keep()));
165 +
	// первый непустой фрагмент критических данных?
166 +
	// есть необработанные открытые данные?
167 +
	if (count && beltHalfBlockIsZero(st->len + W_OF_B(64)) && st->filled)
168 +
	{
169 +
		memSetZero(st->block + st->filled, 16 - st->filled);
170 +
#if (OCTET_ORDER == BIG_ENDIAN)
171 +
		beltBlockRevW(st->block);
172 +
#endif
173 +
		beltBlockXor2(st->t, st->block);
174 +
		beltPolyMul(st->t, st->t, st->s, st->stack);
175 +
		st->filled = 0;
176 +
	}
177 +
	// обновить длину
178 +
	beltHalfBlockAddBitSizeW(st->len + W_OF_B(64), count);
179 +
	// есть накопленные данные?
180 +
	if (st->filled)
181 +
	{
182 +
		if (count < 16 - st->filled)
183 +
		{
184 +
			memCopy(st->block + st->filled, buf, count);
185 +
			st->filled += count;
186 +
			return;
187 +
		}
188 +
		memCopy(st->block + st->filled, buf, 16 - st->filled);
189 +
		count -= 16 - st->filled;
190 +
		buf = (const octet*)buf + 16 - st->filled;
191 +
#if (OCTET_ORDER == BIG_ENDIAN)
192 +
		beltBlockRevW(st->block);
193 +
#endif
194 +
		beltBlockXor2(st->t, st->block);
195 +
		beltPolyMul(st->t, st->t, st->s, st->stack);
196 +
		st->filled = 0;
197 +
	}
198 +
	// цикл по полным блокам
199 +
	while (count >= 16)
200 +
	{
201 +
		beltBlockCopy(st->block, buf);
202 +
#if (OCTET_ORDER == BIG_ENDIAN)
203 +
		beltBlockRevW(st->block);
204 +
#endif
205 +
		beltBlockXor2(st->t, st->block);
206 +
		beltPolyMul(st->t, st->t, st->s, st->stack);
207 +
		buf = (const octet*)buf + 16;
208 +
		count -= 16;
209 +
	}
210 +
	// неполный блок?
211 +
	if (count)
212 +
		memCopy(st->block, buf, st->filled = count);
213 +
}
214 +
215 +
void beltCHEStepD(void* buf, size_t count, void* state)
216 +
{
217 +
	beltCHEStepE(buf, count, state);
218 +
}
219 +
220 +
static void beltCHEStepG_internal(void* state)
221 +
{
222 +
	belt_che_st* st = (belt_che_st*)state;
223 +
	ASSERT(memIsValid(state, beltCHE_keep()));
224 +
	// создать копию t и завершить обработку данных
225 +
	if (st->filled)
226 +
	{
227 +
		memSetZero(st->block + st->filled, 16 - st->filled);
228 +
		wwFrom(st->t1, st->block, 16);
229 +
		beltBlockXor2(st->t1, st->t);
230 +
		beltPolyMul(st->t1, st->t1, st->s, st->stack);
231 +
	}
232 +
	else
233 +
		memCopy(st->t1, st->t, 16);
234 +
	// обработать блок длины
235 +
	beltBlockXor2(st->t1, st->len);
236 +
	beltPolyMul(st->t1, st->t1, st->s, st->stack);
237 +
#if (OCTET_ORDER == BIG_ENDIAN)
238 +
	beltBlockRevW(st->t1);
239 +
#endif
240 +
	beltBlockEncr((octet*)st->t1, st->key);
241 +
}
242 +
243 +
void beltCHEStepG(octet mac[8], void* state)
244 +
{
245 +
	belt_che_st* st = (belt_che_st*)state;
246 +
	ASSERT(memIsValid(mac, 8));
247 +
	beltCHEStepG_internal(state);
248 +
	memCopy(mac, st->t1, 8);
249 +
}
250 +
251 +
bool_t beltCHEStepV(const octet mac[8], void* state)
252 +
{
253 +
	belt_che_st* st = (belt_che_st*)state;
254 +
	ASSERT(memIsValid(mac, 8));
255 +
	beltCHEStepG_internal(state);
256 +
	return memEq(mac, st->t1, 8);
257 +
}
258 +
259 +
err_t beltCHEWrap(void* dest, octet mac[8], const void* src1, size_t count1,
260 +
	const void* src2, size_t count2, const octet key[], size_t len,
261 +
	const octet iv[16])
262 +
{
263 +
	void* state;
264 +
	// проверить входные данные
265 +
	if (len != 16 && len != 24 && len != 32 ||
266 +
		!memIsValid(src1, count1) ||
267 +
		!memIsValid(src2, count2) ||
268 +
		!memIsValid(key, len) ||
269 +
		!memIsValid(iv, 16) ||
270 +
		!memIsValid(dest, count1) ||
271 +
		!memIsValid(mac, 8))
272 +
		return ERR_BAD_INPUT;
273 +
	// создать состояние
274 +
	state = blobCreate(beltCHE_keep());
275 +
	if (state == 0)
276 +
		return ERR_OUTOFMEMORY;
277 +
	// установить защиту (I перед E из-за разрешенного пересечения src2 и dest)
278 +
	beltCHEStart(state, key, len, iv);
279 +
	beltCHEStepI(src2, count2, state);
280 +
	memMove(dest, src1, count1);
281 +
	beltCHEStepE(dest, count1, state);
282 +
	beltCHEStepA(dest, count1, state);
283 +
	beltCHEStepG(mac, state);
284 +
	// завершить
285 +
	blobClose(state);
286 +
	return ERR_OK;
287 +
}
288 +
289 +
err_t beltCHEUnwrap(void* dest, const void* src1, size_t count1,
290 +
	const void* src2, size_t count2, const octet mac[8], const octet key[],
291 +
	size_t len, const octet iv[16])
292 +
{
293 +
	void* state;
294 +
	// проверить входные данные
295 +
	if (len != 16 && len != 24 && len != 32 ||
296 +
		!memIsValid(src1, count1) ||
297 +
		!memIsValid(src2, count2) ||
298 +
		!memIsValid(mac, 8) ||
299 +
		!memIsValid(key, len) ||
300 +
		!memIsValid(iv, 16) ||
301 +
		!memIsValid(dest, count1))
302 +
		return ERR_BAD_INPUT;
303 +
	// создать состояние
304 +
	state = blobCreate(beltDWP_keep());
305 +
	if (state == 0)
306 +
		return ERR_OUTOFMEMORY;
307 +
	// снять защиту
308 +
	beltCHEStart(state, key, len, iv);
309 +
	beltCHEStepI(src2, count2, state);
310 +
	beltCHEStepA(src1, count1, state);
311 +
	if (!beltCHEStepV(mac, state))
312 +
	{
313 +
		blobClose(state);
314 +
		return ERR_BAD_MAC;
315 +
	}
316 +
	memMove(dest, src1, count1);
317 +
	beltCHEStepD(dest, count1, state);
318 +
	// завершить
319 +
	blobClose(state);
320 +
	return ERR_OK;
321 +
}
Files Coverage
src 84.51%
Project Totals (65 files) 84.51%