internal static byte[] _finalize(ref UInt64[] state, UInt64ArrayAsBytes k, byte rounds, short tagsizebits)
{
byte[] lastblock = new byte [NORX_CapacitySizeBytes];
state[15] ^= 0x08UL; // 'tag' domain
_F(ref state, rounds);
state[12] ^= k.uint64[0];
state[13] ^= k.uint64[1];
state[14] ^= k.uint64[2];
state[15] ^= k.uint64[3];
_F(ref state, rounds);
state[12] ^= k.uint64[0];
state[13] ^= k.uint64[1];
state[14] ^= k.uint64[2];
state[15] ^= k.uint64[3];
Buffer.BlockCopy(state, 12 * sizeof(UInt64), lastblock, 0, tagsizebits / 8);
state.Initialize(); // zero out some memory
state[0] ^= state[1]; // prevent compiler from optimizing out the zeroing
k.uint64.Initialize();
k.bytes[0] ^= k.bytes[1]; // prevent compiler from optimizing out the zeroing
lastblock[0] ^= k.bytes[0];
return(lastblock);
}
public static UInt64[] _init(byte[] Key, byte[] Nonce, byte Rounds, // l
byte Parallelism, // p
short TagSizeBits) // t
{
// Fill state with Key, Nonce, Constants { n0, n1, n2, n3, k0, k1, k2, k3, u8, u9, u10, u11, u12, u13, u14, u15}
UInt64ArrayAsBytes state = new UInt64ArrayAsBytes(16);
if (Nonce != null)
{
Buffer.BlockCopy(Nonce, 0, state.bytes, 0, 4 * sizeof(UInt64));
}
UInt64ArrayAsBytes k = new UInt64ArrayAsBytes(Key); // this is used again after the F process, so keep a copy
Buffer.BlockCopy(Key, 0, state.bytes, 32, 4 * sizeof(UInt64));
Buffer.BlockCopy(INIT_CONST, 0, state.bytes, 64, 8 * sizeof(UInt64));
state.uint64[12] ^= 64;
state.uint64[13] ^= Rounds;
state.uint64[14] ^= Parallelism;
state.uint64[15] ^= (UInt64)TagSizeBits;
_F(ref state.uint64, Rounds);
state.uint64[12] ^= k.uint64[0];
state.uint64[13] ^= k.uint64[1];
state.uint64[14] ^= k.uint64[2];
state.uint64[15] ^= k.uint64[3];
return(state.uint64);
}
internal static byte[] _encrypt_block(ref UInt64[] state, byte[] payload_segment, byte rounds)
{
state[15] ^= 0x02UL;
_F(ref state, rounds);
UInt64ArrayAsBytes output = new UInt64ArrayAsBytes(state);
UInt64ArrayAsBytes pl = new UInt64ArrayAsBytes(payload_segment);
for (int i = 0; i < 16; i++)
{
output.uint64[i] ^= pl.uint64[i];
}
state = output.uint64;
return(output.bytes);
}
