github.com/geph-official/geph2@v0.22.6-0.20210211030601-f527cb59b0df/libs/kcp-go/crypt.go (about) 1 package kcp 2 3 import ( 4 "crypto/aes" 5 "crypto/cipher" 6 "crypto/des" 7 "crypto/sha1" 8 9 "github.com/templexxx/xor" 10 "github.com/tjfoc/gmsm/sm4" 11 12 "golang.org/x/crypto/blowfish" 13 "golang.org/x/crypto/cast5" 14 "golang.org/x/crypto/pbkdf2" 15 "golang.org/x/crypto/salsa20" 16 "golang.org/x/crypto/tea" 17 "golang.org/x/crypto/twofish" 18 "golang.org/x/crypto/xtea" 19 ) 20 21 var ( 22 initialVector = []byte{167, 115, 79, 156, 18, 172, 27, 1, 164, 21, 242, 193, 252, 120, 230, 107} 23 saltxor = `sH3CIVoF#rWLtJo6` 24 ) 25 26 // BlockCrypt defines encryption/decryption methods for a given byte slice. 27 // Notes on implementing: the data to be encrypted contains a builtin 28 // nonce at the first 16 bytes 29 type BlockCrypt interface { 30 // Encrypt encrypts the whole block in src into dst. 31 // Dst and src may point at the same memory. 32 Encrypt(dst, src []byte) 33 34 // Decrypt decrypts the whole block in src into dst. 35 // Dst and src may point at the same memory. 36 Decrypt(dst, src []byte) 37 } 38 39 type salsa20BlockCrypt struct { 40 key [32]byte 41 } 42 43 // NewSalsa20BlockCrypt https://en.wikipedia.org/wiki/Salsa20 44 func NewSalsa20BlockCrypt(key []byte) (BlockCrypt, error) { 45 c := new(salsa20BlockCrypt) 46 copy(c.key[:], key) 47 return c, nil 48 } 49 50 func (c *salsa20BlockCrypt) Encrypt(dst, src []byte) { 51 salsa20.XORKeyStream(dst[8:], src[8:], src[:8], &c.key) 52 copy(dst[:8], src[:8]) 53 } 54 func (c *salsa20BlockCrypt) Decrypt(dst, src []byte) { 55 salsa20.XORKeyStream(dst[8:], src[8:], src[:8], &c.key) 56 copy(dst[:8], src[:8]) 57 } 58 59 type sm4BlockCrypt struct { 60 encbuf [sm4.BlockSize]byte 61 decbuf [2 * sm4.BlockSize]byte 62 block cipher.Block 63 } 64 65 // NewSM4BlockCrypt https://github.com/tjfoc/gmsm/tree/master/sm4 66 func NewSM4BlockCrypt(key []byte) (BlockCrypt, error) { 67 c := new(sm4BlockCrypt) 68 block, err := sm4.NewCipher(key) 69 if err != nil { 70 return nil, err 71 } 72 c.block = block 73 return c, nil 74 } 75 76 func (c *sm4BlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 77 func (c *sm4BlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 78 79 type twofishBlockCrypt struct { 80 encbuf [twofish.BlockSize]byte 81 decbuf [2 * twofish.BlockSize]byte 82 block cipher.Block 83 } 84 85 // NewTwofishBlockCrypt https://en.wikipedia.org/wiki/Twofish 86 func NewTwofishBlockCrypt(key []byte) (BlockCrypt, error) { 87 c := new(twofishBlockCrypt) 88 block, err := twofish.NewCipher(key) 89 if err != nil { 90 return nil, err 91 } 92 c.block = block 93 return c, nil 94 } 95 96 func (c *twofishBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 97 func (c *twofishBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 98 99 type tripleDESBlockCrypt struct { 100 encbuf [des.BlockSize]byte 101 decbuf [2 * des.BlockSize]byte 102 block cipher.Block 103 } 104 105 // NewTripleDESBlockCrypt https://en.wikipedia.org/wiki/Triple_DES 106 func NewTripleDESBlockCrypt(key []byte) (BlockCrypt, error) { 107 c := new(tripleDESBlockCrypt) 108 block, err := des.NewTripleDESCipher(key) 109 if err != nil { 110 return nil, err 111 } 112 c.block = block 113 return c, nil 114 } 115 116 func (c *tripleDESBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 117 func (c *tripleDESBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 118 119 type cast5BlockCrypt struct { 120 encbuf [cast5.BlockSize]byte 121 decbuf [2 * cast5.BlockSize]byte 122 block cipher.Block 123 } 124 125 // NewCast5BlockCrypt https://en.wikipedia.org/wiki/CAST-128 126 func NewCast5BlockCrypt(key []byte) (BlockCrypt, error) { 127 c := new(cast5BlockCrypt) 128 block, err := cast5.NewCipher(key) 129 if err != nil { 130 return nil, err 131 } 132 c.block = block 133 return c, nil 134 } 135 136 func (c *cast5BlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 137 func (c *cast5BlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 138 139 type blowfishBlockCrypt struct { 140 encbuf [blowfish.BlockSize]byte 141 decbuf [2 * blowfish.BlockSize]byte 142 block cipher.Block 143 } 144 145 // NewBlowfishBlockCrypt https://en.wikipedia.org/wiki/Blowfish_(cipher) 146 func NewBlowfishBlockCrypt(key []byte) (BlockCrypt, error) { 147 c := new(blowfishBlockCrypt) 148 block, err := blowfish.NewCipher(key) 149 if err != nil { 150 return nil, err 151 } 152 c.block = block 153 return c, nil 154 } 155 156 func (c *blowfishBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 157 func (c *blowfishBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 158 159 type aesBlockCrypt struct { 160 encbuf [aes.BlockSize]byte 161 decbuf [2 * aes.BlockSize]byte 162 block cipher.Block 163 } 164 165 // NewAESBlockCrypt https://en.wikipedia.org/wiki/Advanced_Encryption_Standard 166 func NewAESBlockCrypt(key []byte) (BlockCrypt, error) { 167 c := new(aesBlockCrypt) 168 block, err := aes.NewCipher(key) 169 if err != nil { 170 return nil, err 171 } 172 c.block = block 173 return c, nil 174 } 175 176 func (c *aesBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 177 func (c *aesBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 178 179 type teaBlockCrypt struct { 180 encbuf [tea.BlockSize]byte 181 decbuf [2 * tea.BlockSize]byte 182 block cipher.Block 183 } 184 185 // NewTEABlockCrypt https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm 186 func NewTEABlockCrypt(key []byte) (BlockCrypt, error) { 187 c := new(teaBlockCrypt) 188 block, err := tea.NewCipherWithRounds(key, 16) 189 if err != nil { 190 return nil, err 191 } 192 c.block = block 193 return c, nil 194 } 195 196 func (c *teaBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 197 func (c *teaBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 198 199 type xteaBlockCrypt struct { 200 encbuf [xtea.BlockSize]byte 201 decbuf [2 * xtea.BlockSize]byte 202 block cipher.Block 203 } 204 205 // NewXTEABlockCrypt https://en.wikipedia.org/wiki/XTEA 206 func NewXTEABlockCrypt(key []byte) (BlockCrypt, error) { 207 c := new(xteaBlockCrypt) 208 block, err := xtea.NewCipher(key) 209 if err != nil { 210 return nil, err 211 } 212 c.block = block 213 return c, nil 214 } 215 216 func (c *xteaBlockCrypt) Encrypt(dst, src []byte) { encrypt(c.block, dst, src, c.encbuf[:]) } 217 func (c *xteaBlockCrypt) Decrypt(dst, src []byte) { decrypt(c.block, dst, src, c.decbuf[:]) } 218 219 type simpleXORBlockCrypt struct { 220 xortbl []byte 221 } 222 223 // NewSimpleXORBlockCrypt simple xor with key expanding 224 func NewSimpleXORBlockCrypt(key []byte) (BlockCrypt, error) { 225 c := new(simpleXORBlockCrypt) 226 c.xortbl = pbkdf2.Key(key, []byte(saltxor), 32, mtuLimit, sha1.New) 227 return c, nil 228 } 229 230 func (c *simpleXORBlockCrypt) Encrypt(dst, src []byte) { xor.Bytes(dst, src, c.xortbl) } 231 func (c *simpleXORBlockCrypt) Decrypt(dst, src []byte) { xor.Bytes(dst, src, c.xortbl) } 232 233 type noneBlockCrypt struct{} 234 235 // NewNoneBlockCrypt does nothing but copying 236 func NewNoneBlockCrypt(key []byte) (BlockCrypt, error) { 237 return new(noneBlockCrypt), nil 238 } 239 240 func (c *noneBlockCrypt) Encrypt(dst, src []byte) { copy(dst, src) } 241 func (c *noneBlockCrypt) Decrypt(dst, src []byte) { copy(dst, src) } 242 243 // packet encryption with local CFB mode 244 func encrypt(block cipher.Block, dst, src, buf []byte) { 245 switch block.BlockSize() { 246 case 8: 247 encrypt8(block, dst, src, buf) 248 case 16: 249 encrypt16(block, dst, src, buf) 250 default: 251 encryptVariant(block, dst, src, buf) 252 } 253 } 254 255 // optimized encryption for the ciphers which works in 8-bytes 256 func encrypt8(block cipher.Block, dst, src, buf []byte) { 257 tbl := buf[:8] 258 block.Encrypt(tbl, initialVector) 259 n := len(src) / 8 260 base := 0 261 repeat := n / 8 262 left := n % 8 263 for i := 0; i < repeat; i++ { 264 s := src[base:][0:64] 265 d := dst[base:][0:64] 266 // 1 267 xor.BytesSrc1(d[0:8], s[0:8], tbl) 268 block.Encrypt(tbl, d[0:8]) 269 // 2 270 xor.BytesSrc1(d[8:16], s[8:16], tbl) 271 block.Encrypt(tbl, d[8:16]) 272 // 3 273 xor.BytesSrc1(d[16:24], s[16:24], tbl) 274 block.Encrypt(tbl, d[16:24]) 275 // 4 276 xor.BytesSrc1(d[24:32], s[24:32], tbl) 277 block.Encrypt(tbl, d[24:32]) 278 // 5 279 xor.BytesSrc1(d[32:40], s[32:40], tbl) 280 block.Encrypt(tbl, d[32:40]) 281 // 6 282 xor.BytesSrc1(d[40:48], s[40:48], tbl) 283 block.Encrypt(tbl, d[40:48]) 284 // 7 285 xor.BytesSrc1(d[48:56], s[48:56], tbl) 286 block.Encrypt(tbl, d[48:56]) 287 // 8 288 xor.BytesSrc1(d[56:64], s[56:64], tbl) 289 block.Encrypt(tbl, d[56:64]) 290 base += 64 291 } 292 293 switch left { 294 case 7: 295 xor.BytesSrc1(dst[base:], src[base:], tbl) 296 block.Encrypt(tbl, dst[base:]) 297 base += 8 298 fallthrough 299 case 6: 300 xor.BytesSrc1(dst[base:], src[base:], tbl) 301 block.Encrypt(tbl, dst[base:]) 302 base += 8 303 fallthrough 304 case 5: 305 xor.BytesSrc1(dst[base:], src[base:], tbl) 306 block.Encrypt(tbl, dst[base:]) 307 base += 8 308 fallthrough 309 case 4: 310 xor.BytesSrc1(dst[base:], src[base:], tbl) 311 block.Encrypt(tbl, dst[base:]) 312 base += 8 313 fallthrough 314 case 3: 315 xor.BytesSrc1(dst[base:], src[base:], tbl) 316 block.Encrypt(tbl, dst[base:]) 317 base += 8 318 fallthrough 319 case 2: 320 xor.BytesSrc1(dst[base:], src[base:], tbl) 321 block.Encrypt(tbl, dst[base:]) 322 base += 8 323 fallthrough 324 case 1: 325 xor.BytesSrc1(dst[base:], src[base:], tbl) 326 block.Encrypt(tbl, dst[base:]) 327 base += 8 328 fallthrough 329 case 0: 330 xor.BytesSrc0(dst[base:], src[base:], tbl) 331 } 332 } 333 334 // optimized encryption for the ciphers which works in 16-bytes 335 func encrypt16(block cipher.Block, dst, src, buf []byte) { 336 tbl := buf[:16] 337 block.Encrypt(tbl, initialVector) 338 n := len(src) / 16 339 base := 0 340 repeat := n / 8 341 left := n % 8 342 for i := 0; i < repeat; i++ { 343 s := src[base:][0:128] 344 d := dst[base:][0:128] 345 // 1 346 xor.BytesSrc1(d[0:16], s[0:16], tbl) 347 block.Encrypt(tbl, d[0:16]) 348 // 2 349 xor.BytesSrc1(d[16:32], s[16:32], tbl) 350 block.Encrypt(tbl, d[16:32]) 351 // 3 352 xor.BytesSrc1(d[32:48], s[32:48], tbl) 353 block.Encrypt(tbl, d[32:48]) 354 // 4 355 xor.BytesSrc1(d[48:64], s[48:64], tbl) 356 block.Encrypt(tbl, d[48:64]) 357 // 5 358 xor.BytesSrc1(d[64:80], s[64:80], tbl) 359 block.Encrypt(tbl, d[64:80]) 360 // 6 361 xor.BytesSrc1(d[80:96], s[80:96], tbl) 362 block.Encrypt(tbl, d[80:96]) 363 // 7 364 xor.BytesSrc1(d[96:112], s[96:112], tbl) 365 block.Encrypt(tbl, d[96:112]) 366 // 8 367 xor.BytesSrc1(d[112:128], s[112:128], tbl) 368 block.Encrypt(tbl, d[112:128]) 369 base += 128 370 } 371 372 switch left { 373 case 7: 374 xor.BytesSrc1(dst[base:], src[base:], tbl) 375 block.Encrypt(tbl, dst[base:]) 376 base += 16 377 fallthrough 378 case 6: 379 xor.BytesSrc1(dst[base:], src[base:], tbl) 380 block.Encrypt(tbl, dst[base:]) 381 base += 16 382 fallthrough 383 case 5: 384 xor.BytesSrc1(dst[base:], src[base:], tbl) 385 block.Encrypt(tbl, dst[base:]) 386 base += 16 387 fallthrough 388 case 4: 389 xor.BytesSrc1(dst[base:], src[base:], tbl) 390 block.Encrypt(tbl, dst[base:]) 391 base += 16 392 fallthrough 393 case 3: 394 xor.BytesSrc1(dst[base:], src[base:], tbl) 395 block.Encrypt(tbl, dst[base:]) 396 base += 16 397 fallthrough 398 case 2: 399 xor.BytesSrc1(dst[base:], src[base:], tbl) 400 block.Encrypt(tbl, dst[base:]) 401 base += 16 402 fallthrough 403 case 1: 404 xor.BytesSrc1(dst[base:], src[base:], tbl) 405 block.Encrypt(tbl, dst[base:]) 406 base += 16 407 fallthrough 408 case 0: 409 xor.BytesSrc0(dst[base:], src[base:], tbl) 410 } 411 } 412 413 func encryptVariant(block cipher.Block, dst, src, buf []byte) { 414 blocksize := block.BlockSize() 415 tbl := buf[:blocksize] 416 block.Encrypt(tbl, initialVector) 417 n := len(src) / blocksize 418 base := 0 419 repeat := n / 8 420 left := n % 8 421 for i := 0; i < repeat; i++ { 422 // 1 423 xor.BytesSrc1(dst[base:], src[base:], tbl) 424 block.Encrypt(tbl, dst[base:]) 425 base += blocksize 426 427 // 2 428 xor.BytesSrc1(dst[base:], src[base:], tbl) 429 block.Encrypt(tbl, dst[base:]) 430 base += blocksize 431 432 // 3 433 xor.BytesSrc1(dst[base:], src[base:], tbl) 434 block.Encrypt(tbl, dst[base:]) 435 base += blocksize 436 437 // 4 438 xor.BytesSrc1(dst[base:], src[base:], tbl) 439 block.Encrypt(tbl, dst[base:]) 440 base += blocksize 441 442 // 5 443 xor.BytesSrc1(dst[base:], src[base:], tbl) 444 block.Encrypt(tbl, dst[base:]) 445 base += blocksize 446 447 // 6 448 xor.BytesSrc1(dst[base:], src[base:], tbl) 449 block.Encrypt(tbl, dst[base:]) 450 base += blocksize 451 452 // 7 453 xor.BytesSrc1(dst[base:], src[base:], tbl) 454 block.Encrypt(tbl, dst[base:]) 455 base += blocksize 456 457 // 8 458 xor.BytesSrc1(dst[base:], src[base:], tbl) 459 block.Encrypt(tbl, dst[base:]) 460 base += blocksize 461 } 462 463 switch left { 464 case 7: 465 xor.BytesSrc1(dst[base:], src[base:], tbl) 466 block.Encrypt(tbl, dst[base:]) 467 base += blocksize 468 fallthrough 469 case 6: 470 xor.BytesSrc1(dst[base:], src[base:], tbl) 471 block.Encrypt(tbl, dst[base:]) 472 base += blocksize 473 fallthrough 474 case 5: 475 xor.BytesSrc1(dst[base:], src[base:], tbl) 476 block.Encrypt(tbl, dst[base:]) 477 base += blocksize 478 fallthrough 479 case 4: 480 xor.BytesSrc1(dst[base:], src[base:], tbl) 481 block.Encrypt(tbl, dst[base:]) 482 base += blocksize 483 fallthrough 484 case 3: 485 xor.BytesSrc1(dst[base:], src[base:], tbl) 486 block.Encrypt(tbl, dst[base:]) 487 base += blocksize 488 fallthrough 489 case 2: 490 xor.BytesSrc1(dst[base:], src[base:], tbl) 491 block.Encrypt(tbl, dst[base:]) 492 base += blocksize 493 fallthrough 494 case 1: 495 xor.BytesSrc1(dst[base:], src[base:], tbl) 496 block.Encrypt(tbl, dst[base:]) 497 base += blocksize 498 fallthrough 499 case 0: 500 xor.BytesSrc0(dst[base:], src[base:], tbl) 501 } 502 } 503 504 // decryption 505 func decrypt(block cipher.Block, dst, src, buf []byte) { 506 switch block.BlockSize() { 507 case 8: 508 decrypt8(block, dst, src, buf) 509 case 16: 510 decrypt16(block, dst, src, buf) 511 default: 512 decryptVariant(block, dst, src, buf) 513 } 514 } 515 516 func decrypt8(block cipher.Block, dst, src, buf []byte) { 517 tbl := buf[0:8] 518 next := buf[8:16] 519 block.Encrypt(tbl, initialVector) 520 n := len(src) / 8 521 base := 0 522 repeat := n / 8 523 left := n % 8 524 for i := 0; i < repeat; i++ { 525 s := src[base:][0:64] 526 d := dst[base:][0:64] 527 // 1 528 block.Encrypt(next, s[0:8]) 529 xor.BytesSrc1(d[0:8], s[0:8], tbl) 530 // 2 531 block.Encrypt(tbl, s[8:16]) 532 xor.BytesSrc1(d[8:16], s[8:16], next) 533 // 3 534 block.Encrypt(next, s[16:24]) 535 xor.BytesSrc1(d[16:24], s[16:24], tbl) 536 // 4 537 block.Encrypt(tbl, s[24:32]) 538 xor.BytesSrc1(d[24:32], s[24:32], next) 539 // 5 540 block.Encrypt(next, s[32:40]) 541 xor.BytesSrc1(d[32:40], s[32:40], tbl) 542 // 6 543 block.Encrypt(tbl, s[40:48]) 544 xor.BytesSrc1(d[40:48], s[40:48], next) 545 // 7 546 block.Encrypt(next, s[48:56]) 547 xor.BytesSrc1(d[48:56], s[48:56], tbl) 548 // 8 549 block.Encrypt(tbl, s[56:64]) 550 xor.BytesSrc1(d[56:64], s[56:64], next) 551 base += 64 552 } 553 554 switch left { 555 case 7: 556 block.Encrypt(next, src[base:]) 557 xor.BytesSrc1(dst[base:], src[base:], tbl) 558 tbl, next = next, tbl 559 base += 8 560 fallthrough 561 case 6: 562 block.Encrypt(next, src[base:]) 563 xor.BytesSrc1(dst[base:], src[base:], tbl) 564 tbl, next = next, tbl 565 base += 8 566 fallthrough 567 case 5: 568 block.Encrypt(next, src[base:]) 569 xor.BytesSrc1(dst[base:], src[base:], tbl) 570 tbl, next = next, tbl 571 base += 8 572 fallthrough 573 case 4: 574 block.Encrypt(next, src[base:]) 575 xor.BytesSrc1(dst[base:], src[base:], tbl) 576 tbl, next = next, tbl 577 base += 8 578 fallthrough 579 case 3: 580 block.Encrypt(next, src[base:]) 581 xor.BytesSrc1(dst[base:], src[base:], tbl) 582 tbl, next = next, tbl 583 base += 8 584 fallthrough 585 case 2: 586 block.Encrypt(next, src[base:]) 587 xor.BytesSrc1(dst[base:], src[base:], tbl) 588 tbl, next = next, tbl 589 base += 8 590 fallthrough 591 case 1: 592 block.Encrypt(next, src[base:]) 593 xor.BytesSrc1(dst[base:], src[base:], tbl) 594 tbl, next = next, tbl 595 base += 8 596 fallthrough 597 case 0: 598 xor.BytesSrc0(dst[base:], src[base:], tbl) 599 } 600 } 601 602 func decrypt16(block cipher.Block, dst, src, buf []byte) { 603 tbl := buf[0:16] 604 next := buf[16:32] 605 block.Encrypt(tbl, initialVector) 606 n := len(src) / 16 607 base := 0 608 repeat := n / 8 609 left := n % 8 610 for i := 0; i < repeat; i++ { 611 s := src[base:][0:128] 612 d := dst[base:][0:128] 613 // 1 614 block.Encrypt(next, s[0:16]) 615 xor.BytesSrc1(d[0:16], s[0:16], tbl) 616 // 2 617 block.Encrypt(tbl, s[16:32]) 618 xor.BytesSrc1(d[16:32], s[16:32], next) 619 // 3 620 block.Encrypt(next, s[32:48]) 621 xor.BytesSrc1(d[32:48], s[32:48], tbl) 622 // 4 623 block.Encrypt(tbl, s[48:64]) 624 xor.BytesSrc1(d[48:64], s[48:64], next) 625 // 5 626 block.Encrypt(next, s[64:80]) 627 xor.BytesSrc1(d[64:80], s[64:80], tbl) 628 // 6 629 block.Encrypt(tbl, s[80:96]) 630 xor.BytesSrc1(d[80:96], s[80:96], next) 631 // 7 632 block.Encrypt(next, s[96:112]) 633 xor.BytesSrc1(d[96:112], s[96:112], tbl) 634 // 8 635 block.Encrypt(tbl, s[112:128]) 636 xor.BytesSrc1(d[112:128], s[112:128], next) 637 base += 128 638 } 639 640 switch left { 641 case 7: 642 block.Encrypt(next, src[base:]) 643 xor.BytesSrc1(dst[base:], src[base:], tbl) 644 tbl, next = next, tbl 645 base += 16 646 fallthrough 647 case 6: 648 block.Encrypt(next, src[base:]) 649 xor.BytesSrc1(dst[base:], src[base:], tbl) 650 tbl, next = next, tbl 651 base += 16 652 fallthrough 653 case 5: 654 block.Encrypt(next, src[base:]) 655 xor.BytesSrc1(dst[base:], src[base:], tbl) 656 tbl, next = next, tbl 657 base += 16 658 fallthrough 659 case 4: 660 block.Encrypt(next, src[base:]) 661 xor.BytesSrc1(dst[base:], src[base:], tbl) 662 tbl, next = next, tbl 663 base += 16 664 fallthrough 665 case 3: 666 block.Encrypt(next, src[base:]) 667 xor.BytesSrc1(dst[base:], src[base:], tbl) 668 tbl, next = next, tbl 669 base += 16 670 fallthrough 671 case 2: 672 block.Encrypt(next, src[base:]) 673 xor.BytesSrc1(dst[base:], src[base:], tbl) 674 tbl, next = next, tbl 675 base += 16 676 fallthrough 677 case 1: 678 block.Encrypt(next, src[base:]) 679 xor.BytesSrc1(dst[base:], src[base:], tbl) 680 tbl, next = next, tbl 681 base += 16 682 fallthrough 683 case 0: 684 xor.BytesSrc0(dst[base:], src[base:], tbl) 685 } 686 } 687 688 func decryptVariant(block cipher.Block, dst, src, buf []byte) { 689 blocksize := block.BlockSize() 690 tbl := buf[:blocksize] 691 next := buf[blocksize:] 692 block.Encrypt(tbl, initialVector) 693 n := len(src) / blocksize 694 base := 0 695 repeat := n / 8 696 left := n % 8 697 for i := 0; i < repeat; i++ { 698 // 1 699 block.Encrypt(next, src[base:]) 700 xor.BytesSrc1(dst[base:], src[base:], tbl) 701 base += blocksize 702 703 // 2 704 block.Encrypt(tbl, src[base:]) 705 xor.BytesSrc1(dst[base:], src[base:], next) 706 base += blocksize 707 708 // 3 709 block.Encrypt(next, src[base:]) 710 xor.BytesSrc1(dst[base:], src[base:], tbl) 711 base += blocksize 712 713 // 4 714 block.Encrypt(tbl, src[base:]) 715 xor.BytesSrc1(dst[base:], src[base:], next) 716 base += blocksize 717 718 // 5 719 block.Encrypt(next, src[base:]) 720 xor.BytesSrc1(dst[base:], src[base:], tbl) 721 base += blocksize 722 723 // 6 724 block.Encrypt(tbl, src[base:]) 725 xor.BytesSrc1(dst[base:], src[base:], next) 726 base += blocksize 727 728 // 7 729 block.Encrypt(next, src[base:]) 730 xor.BytesSrc1(dst[base:], src[base:], tbl) 731 base += blocksize 732 733 // 8 734 block.Encrypt(tbl, src[base:]) 735 xor.BytesSrc1(dst[base:], src[base:], next) 736 base += blocksize 737 } 738 739 switch left { 740 case 7: 741 block.Encrypt(next, src[base:]) 742 xor.BytesSrc1(dst[base:], src[base:], tbl) 743 tbl, next = next, tbl 744 base += blocksize 745 fallthrough 746 case 6: 747 block.Encrypt(next, src[base:]) 748 xor.BytesSrc1(dst[base:], src[base:], tbl) 749 tbl, next = next, tbl 750 base += blocksize 751 fallthrough 752 case 5: 753 block.Encrypt(next, src[base:]) 754 xor.BytesSrc1(dst[base:], src[base:], tbl) 755 tbl, next = next, tbl 756 base += blocksize 757 fallthrough 758 case 4: 759 block.Encrypt(next, src[base:]) 760 xor.BytesSrc1(dst[base:], src[base:], tbl) 761 tbl, next = next, tbl 762 base += blocksize 763 fallthrough 764 case 3: 765 block.Encrypt(next, src[base:]) 766 xor.BytesSrc1(dst[base:], src[base:], tbl) 767 tbl, next = next, tbl 768 base += blocksize 769 fallthrough 770 case 2: 771 block.Encrypt(next, src[base:]) 772 xor.BytesSrc1(dst[base:], src[base:], tbl) 773 tbl, next = next, tbl 774 base += blocksize 775 fallthrough 776 case 1: 777 block.Encrypt(next, src[base:]) 778 xor.BytesSrc1(dst[base:], src[base:], tbl) 779 tbl, next = next, tbl 780 base += blocksize 781 fallthrough 782 case 0: 783 xor.BytesSrc0(dst[base:], src[base:], tbl) 784 } 785 }