/* crc32.c -- compute the CRC-32 of a data stream
 * Copyright (C) 1995-2006, 2010, 2011, 2012, 2016 Mark Adler
 * For conditions of distribution and use, see copyright notice in zlib.h
 *
 * Thanks to Rodney Brown <rbrown64@csc.com.au> for his contribution of faster
 * CRC methods: exclusive-oring 32 bits of data at a time, and pre-computing
 * tables for updating the shift register in one step with three exclusive-ors
 * instead of four steps with four exclusive-ors.  This results in about a
 * factor of two increase in speed on a Power PC G4 (PPC7455) using gcc -O3.
 */

/* @(#) $Id$ */

/*
  Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore
  protection on the static variables used to control the first-use generation
  of the crc tables.  Therefore, if you #define DYNAMIC_CRC_TABLE, you should
  first call get_crc_table() to initialize the tables before allowing more than
  one thread to use crc32().

  DYNAMIC_CRC_TABLE and MAKECRCH can be #defined to write out crc32.h.
 */

#ifdef MAKECRCH
#  include <stdio.h>
#  ifndef DYNAMIC_CRC_TABLE
#    define DYNAMIC_CRC_TABLE
#  endif /* !DYNAMIC_CRC_TABLE */
#endif /* MAKECRCH */

#include "zutil.h"      /* for STDC and FAR definitions */

/* Definitions for doing the crc four data bytes at a time. */
#if !defined(NOBYFOUR) && defined(Z_U4)
#  define BYFOUR
#endif
#ifdef BYFOUR
   local unsigned long crc32_little OF((unsigned long,
                        const unsigned char FAR *, z_size_t));
   local unsigned long crc32_big OF((unsigned long,
                        const unsigned char FAR *, z_size_t));
#  define TBLS 8
#else
#  define TBLS 1
#endif /* BYFOUR */

/* Local functions for crc concatenation */
local unsigned long gf2_matrix_times OF((unsigned long *mat,
                                         unsigned long vec));
local void gf2_matrix_square OF((unsigned long *square, unsigned long *mat));
local uLong crc32_combine_ OF((uLong crc1, uLong crc2, z_off64_t len2));


#ifdef DYNAMIC_CRC_TABLE

local volatile int crc_table_empty = 1;
local z_crc_t FAR crc_table[TBLS][256];
local void make_crc_table OF((void));
#ifdef MAKECRCH
   local void write_table OF((FILE *, const z_crc_t FAR *));
#endif /* MAKECRCH */
/*
  Generate tables for a byte-wise 32-bit CRC calculation on the polynomial:
  x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.

  Polynomials over GF(2) are represented in binary, one bit per coefficient,
  with the lowest powers in the most significant bit.  Then adding polynomials
  is just exclusive-or, and multiplying a polynomial by x is a right shift by
  one.  If we call the above polynomial p, and represent a byte as the
  polynomial q, also with the lowest power in the most significant bit (so the
  byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p,
  where a mod b means the remainder after dividing a by b.

  This calculation is done using the shift-register method of multiplying and
  taking the remainder.  The register is initialized to zero, and for each
  incoming bit, x^32 is added mod p to the register if the bit is a one (where
  x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by
  x (which is shifting right by one and adding x^32 mod p if the bit shifted
  out is a one).  We start with the highest power (least significant bit) of
  q and repeat for all eight bits of q.

  The first table is simply the CRC of all possible eight bit values.  This is
  all the information needed to generate CRCs on data a byte at a time for all
  combinations of CRC register values and incoming bytes.  The remaining tables
  allow for word-at-a-time CRC calculation for both big-endian and little-
  endian machines, where a word is four bytes.
*/
local void make_crc_table()
{
    z_crc_t c;
    int n, k;
    z_crc_t poly;                       /* polynomial exclusive-or pattern */
    /* terms of polynomial defining this crc (except x^32): */
    static volatile int first = 1;      /* flag to limit concurrent making */
    static const unsigned char p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26};

    /* See if another task is already doing this (not thread-safe, but better
       than nothing -- significantly reduces duration of vulnerability in
       case the advice about DYNAMIC_CRC_TABLE is ignored) */
    if (first) {
        first = 0;

        /* make exclusive-or pattern from polynomial (0xedb88320UL) */
        poly = 0;
        for (n = 0; n < (int)(sizeof(p)/sizeof(unsigned char)); n++)
            poly |= (z_crc_t)1 << (31 - p[n]);

        /* generate a crc for every 8-bit value */
        for (n = 0; n < 256; n++) {
            c = (z_crc_t)n;
            for (k = 0; k < 8; k++)
                c = c & 1 ? poly ^ (c >> 1) : c >> 1;
            crc_table[0][n] = c;
        }

#ifdef BYFOUR
        /* generate crc for each value followed by one, two, and three zeros,
           and then the byte reversal of those as well as the first table */
        for (n = 0; n < 256; n++) {
            c = crc_table[0][n];
            crc_table[4][n] = ZSWAP32(c);
            for (k = 1; k < 4; k++) {
                c = crc_table[0][c & 0xff] ^ (c >> 8);
                crc_table[k][n] = c;
                crc_table[k + 4][n] = ZSWAP32(c);
            }
        }
#endif /* BYFOUR */

        crc_table_empty = 0;
    }
    else {      /* not first */
        /* wait for the other guy to finish (not efficient, but rare) */
        while (crc_table_empty)
            ;
    }

#ifdef MAKECRCH
    /* write out CRC tables to crc32.h */
    {
        FILE *out;

        out = fopen("crc32.h", "w");
        if (out == NULL) return;
        fprintf(out, "/* crc32.h -- tables for rapid CRC calculation\n");
        fprintf(out, " * Generated automatically by crc32.c\n */\n\n");
        fprintf(out, "local const z_crc_t FAR ");
        fprintf(out, "crc_table[TBLS][256] =\n{\n  {\n");
        write_table(out, crc_table[0]);
#  ifdef BYFOUR
        fprintf(out, "#ifdef BYFOUR\n");
        for (k = 1; k < 8; k++) {
            fprintf(out, "  },\n  {\n");
            write_table(out, crc_table[k]);
        }
        fprintf(out, "#endif\n");
#  endif /* BYFOUR */
        fprintf(out, "  }\n};\n");
        fclose(out);
    }
#endif /* MAKECRCH */
}

#ifdef MAKECRCH
local void write_table(out, table)
    FILE *out;
    const z_crc_t FAR *table;
{
    int n;

    for (n = 0; n < 256; n++)
        fprintf(out, "%s0x%08lxUL%s", n % 5 ? "" : "    ",
                (unsigned long)(table[n]),
                n == 255 ? "\n" : (n % 5 == 4 ? ",\n" : ", "));
}
#endif /* MAKECRCH */

#else /* !DYNAMIC_CRC_TABLE */
/* ========================================================================
 * Tables of CRC-32s of all single-byte values, made by make_crc_table().
 */
#include "crc32.h"
#endif /* DYNAMIC_CRC_TABLE */

/* =========================================================================
 * This function can be used by asm versions of crc32()
 */
const z_crc_t FAR * ZEXPORT get_crc_table()
{
#ifdef DYNAMIC_CRC_TABLE
    if (crc_table_empty)
        make_crc_table();
#endif /* DYNAMIC_CRC_TABLE */
    return (const z_crc_t FAR *)crc_table;
}

/* ========================================================================= */
#define DO1 crc = crc_table[0][((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8)
#define DO8 DO1; DO1; DO1; DO1; DO1; DO1; DO1; DO1

/* ========================================================================= */
unsigned long ZEXPORT crc32_z(crc, buf, len)
    unsigned long crc;
    const unsigned char FAR *buf;
    z_size_t len;
{
    if (buf == Z_NULL) return 0UL;

#ifdef DYNAMIC_CRC_TABLE
    if (crc_table_empty)
        make_crc_table();
#endif /* DYNAMIC_CRC_TABLE */

#ifdef BYFOUR
    if (sizeof(void *) == sizeof(ptrdiff_t)) {
        z_crc_t endian;

        endian = 1;
        if (*((unsigned char *)(&endian)))
            return crc32_little(crc, buf, len);
        else
            return crc32_big(crc, buf, len);
    }
#endif /* BYFOUR */
    crc = crc ^ 0xffffffffUL;
    while (len >= 8) {
        DO8;
        len -= 8;
    }
    if (len) do {
        DO1;
    } while (--len);
    return crc ^ 0xffffffffUL;
}

/* ========================================================================= */
unsigned long ZEXPORT crc32(crc, buf, len)
    unsigned long crc;
    const unsigned char FAR *buf;
    uInt len;
{
    return crc32_z(crc, buf, len);
}

#ifdef BYFOUR

/*
   This BYFOUR code accesses the passed unsigned char * buffer with a 32-bit
   integer pointer type. This violates the strict aliasing rule, where a
   compiler can assume, for optimization purposes, that two pointers to
   fundamentally different types won't ever point to the same memory. This can
   manifest as a problem only if one of the pointers is written to. This code
   only reads from those pointers. So long as this code remains isolated in
   this compilation unit, there won't be a problem. For this reason, this code
   should not be copied and pasted into a compilation unit in which other code
   writes to the buffer that is passed to these routines.
 */

/* ========================================================================= */
#define DOLIT4 c ^= *buf4++; \
        c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \
            crc_table[1][(c >> 16) & 0xff] ^ crc_table[0][c >> 24]
#define DOLIT32 DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4

/* ========================================================================= */
local unsigned long crc32_little(crc, buf, len)
    unsigned long crc;
    const unsigned char FAR *buf;
    z_size_t len;
{
    register z_crc_t c;
    register const z_crc_t FAR *buf4;

    c = (z_crc_t)crc;
    c = ~c;
    while (len && ((ptrdiff_t)buf & 3)) {
        c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8);
        len--;
    }

    buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
    while (len >= 32) {
        DOLIT32;
        len -= 32;
    }
    while (len >= 4) {
        DOLIT4;
        len -= 4;
    }
    buf = (const unsigned char FAR *)buf4;

    if (len) do {
        c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8);
    } while (--len);
    c = ~c;
    return (unsigned long)c;
}

/* ========================================================================= */
#define DOBIG4 c ^= *buf4++; \
        c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
            crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
#define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4

/* ========================================================================= */
local unsigned long crc32_big(crc, buf, len)
    unsigned long crc;
    const unsigned char FAR *buf;
    z_size_t len;
{
    register z_crc_t c;
    register const z_crc_t FAR *buf4;

    c = ZSWAP32((z_crc_t)crc);
    c = ~c;
    while (len && ((ptrdiff_t)buf & 3)) {
        c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8);
        len--;
    }

    buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
    while (len >= 32) {
        DOBIG32;
        len -= 32;
    }
    while (len >= 4) {
        DOBIG4;
        len -= 4;
    }
    buf = (const unsigned char FAR *)buf4;

    if (len) do {
        c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8);
    } while (--len);
    c = ~c;
    return (unsigned long)(ZSWAP32(c));
}

#endif /* BYFOUR */

#define GF2_DIM 32      /* dimension of GF(2) vectors (length of CRC) */

/* ========================================================================= */
local unsigned long gf2_matrix_times(mat, vec)
    unsigned long *mat;
    unsigned long vec;
{
    unsigned long sum;

    sum = 0;
    while (vec) {
        if (vec & 1)
            sum ^= *mat;
        vec >>= 1;
        mat++;
    }
    return sum;
}

/* ========================================================================= */
local void gf2_matrix_square(square, mat)
    unsigned long *square;
    unsigned long *mat;
{
    int n;

    for (n = 0; n < GF2_DIM; n++)
        square[n] = gf2_matrix_times(mat, mat[n]);
}

/* ========================================================================= */
local uLong crc32_combine_(crc1, crc2, len2)
    uLong crc1;
    uLong crc2;
    z_off64_t len2;
{
    int n;
    unsigned long row;
    unsigned long even[GF2_DIM];    /* even-power-of-two zeros operator */
    unsigned long odd[GF2_DIM];     /* odd-power-of-two zeros operator */

    /* degenerate case (also disallow negative lengths) */
    if (len2 <= 0)
        return crc1;

    /* put operator for one zero bit in odd */
    odd[0] = 0xedb88320UL;          /* CRC-32 polynomial */
    row = 1;
    for (n = 1; n < GF2_DIM; n++) {
        odd[n] = row;
        row <<= 1;
    }

    /* put operator for two zero bits in even */
    gf2_matrix_square(even, odd);

    /* put operator for four zero bits in odd */
    gf2_matrix_square(odd, even);

    /* apply len2 zeros to crc1 (first square will put the operator for one
       zero byte, eight zero bits, in even) */
    do {
        /* apply zeros operator for this bit of len2 */
        gf2_matrix_square(even, odd);
        if (len2 & 1)
            crc1 = gf2_matrix_times(even, crc1);
        len2 >>= 1;

        /* if no more bits set, then done */
        if (len2 == 0)
            break;

        /* another iteration of the loop with odd and even swapped */
        gf2_matrix_square(odd, even);
        if (len2 & 1)
            crc1 = gf2_matrix_times(odd, crc1);
        len2 >>= 1;

        /* if no more bits set, then done */
    } while (len2 != 0);

    /* return combined crc */
    crc1 ^= crc2;
    return crc1;
}

/* ========================================================================= */
uLong ZEXPORT crc32_combine(crc1, crc2, len2)
    uLong crc1;
    uLong crc2;
    z_off_t len2;
{
    return crc32_combine_(crc1, crc2, len2);
}

uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
    uLong crc1;
    uLong crc2;
    z_off64_t len2;
{
    return crc32_combine_(crc1, crc2, len2);
}
a id='n320' href='#n320'>320</a>
<a id='n321' href='#n321'>321</a>
<a id='n322' href='#n322'>322</a>
<a id='n323' href='#n323'>323</a>
<a id='n324' href='#n324'>324</a>
<a id='n325' href='#n325'>325</a>
<a id='n326' href='#n326'>326</a>
<a id='n327' href='#n327'>327</a>
<a id='n328' href='#n328'>328</a>
<a id='n329' href='#n329'>329</a>
<a id='n330' href='#n330'>330</a>
<a id='n331' href='#n331'>331</a>
<a id='n332' href='#n332'>332</a>
<a id='n333' href='#n333'>333</a>
<a id='n334' href='#n334'>334</a>
<a id='n335' href='#n335'>335</a>
<a id='n336' href='#n336'>336</a>
<a id='n337' href='#n337'>337</a>
<a id='n338' href='#n338'>338</a>
<a id='n339' href='#n339'>339</a>
<a id='n340' href='#n340'>340</a>
<a id='n341' href='#n341'>341</a>
<a id='n342' href='#n342'>342</a>
<a id='n343' href='#n343'>343</a>
<a id='n344' href='#n344'>344</a>
<a id='n345' href='#n345'>345</a>
<a id='n346' href='#n346'>346</a>
<a id='n347' href='#n347'>347</a>
<a id='n348' href='#n348'>348</a>
<a id='n349' href='#n349'>349</a>
<a id='n350' href='#n350'>350</a>
<a id='n351' href='#n351'>351</a>
<a id='n352' href='#n352'>352</a>
<a id='n353' href='#n353'>353</a>
<a id='n354' href='#n354'>354</a>
<a id='n355' href='#n355'>355</a>
<a id='n356' href='#n356'>356</a>
<a id='n357' href='#n357'>357</a>
<a id='n358' href='#n358'>358</a>
<a id='n359' href='#n359'>359</a>
<a id='n360' href='#n360'>360</a>
<a id='n361' href='#n361'>361</a>
<a id='n362' href='#n362'>362</a>
<a id='n363' href='#n363'>363</a>
<a id='n364' href='#n364'>364</a>
<a id='n365' href='#n365'>365</a>
<a id='n366' href='#n366'>366</a>
<a id='n367' href='#n367'>367</a>
<a id='n368' href='#n368'>368</a>
<a id='n369' href='#n369'>369</a>
<a id='n370' href='#n370'>370</a>
<a id='n371' href='#n371'>371</a>
<a id='n372' href='#n372'>372</a>
<a id='n373' href='#n373'>373</a>
<a id='n374' href='#n374'>374</a>
<a id='n375' href='#n375'>375</a>
<a id='n376' href='#n376'>376</a>
<a id='n377' href='#n377'>377</a>
<a id='n378' href='#n378'>378</a>
</pre></td>
<td class='lines'><pre><code><style>.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="cm">/*</span>
<span class="cm"> Derived from source code of TrueCrypt 7.1a, which is</span>
<span class="cm"> Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed</span>
<span class="cm"> by the TrueCrypt License 3.0.</span>

<span class="cm"> Modifications and additions to the original source code (contained in this file) </span>
<span class="cm"> and all other portions of this file are Copyright (c) 2013-2016 IDRIX</span>
<span class="cm"> and are governed by the Apache License 2.0 the full text of which is</span>
<span class="cm"> contained in the file License.txt included in VeraCrypt binary and source</span>
<span class="cm"> code distribution packages.</span>
<span class="cm">*/</span>

<span class="cp">#include</span> <span class="cpf">&quot;EncryptionModeXTS.h&quot;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&quot;Common/Crypto.h&quot;</span><span class="cp"></span>

<span class="k">namespace</span> <span class="n">VeraCrypt</span>
<span class="p">{</span>
	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">Encrypt</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">EncryptBuffer</span> <span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">length</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">EncryptBuffer</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">startDataUnitNo</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">if_debug</span> <span class="p">(</span><span class="n">ValidateState</span><span class="p">());</span>

		<span class="n">CipherList</span><span class="o">::</span><span class="n">const_iterator</span> <span class="n">iSecondaryCipher</span> <span class="o">=</span> <span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">begin</span><span class="p">();</span>

		<span class="k">for</span> <span class="p">(</span><span class="n">CipherList</span><span class="o">::</span><span class="n">const_iterator</span> <span class="n">iCipher</span> <span class="o">=</span> <span class="n">Ciphers</span><span class="p">.</span><span class="n">begin</span><span class="p">();</span> <span class="n">iCipher</span> <span class="o">!=</span> <span class="n">Ciphers</span><span class="p">.</span><span class="n">end</span><span class="p">();</span> <span class="o">++</span><span class="n">iCipher</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="n">EncryptBufferXTS</span> <span class="p">(</span><span class="o">**</span><span class="n">iCipher</span><span class="p">,</span> <span class="o">**</span><span class="n">iSecondaryCipher</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">length</span><span class="p">,</span> <span class="n">startDataUnitNo</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
			<span class="o">++</span><span class="n">iSecondaryCipher</span><span class="p">;</span>
		<span class="p">}</span>

		<span class="n">assert</span> <span class="p">(</span><span class="n">iSecondaryCipher</span> <span class="o">==</span> <span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">end</span><span class="p">());</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">EncryptBufferXTS</span> <span class="p">(</span><span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">cipher</span><span class="p">,</span> <span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">secondaryCipher</span><span class="p">,</span> <span class="n">byte</span> <span class="o">*</span><span class="n">buffer</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">startDataUnitNo</span><span class="p">,</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">startCipherBlockNo</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">byte</span> <span class="n">finalCarry</span><span class="p">;</span>
		<span class="n">byte</span> <span class="n">whiteningValues</span> <span class="p">[</span><span class="n">ENCRYPTION_DATA_UNIT_SIZE</span><span class="p">];</span>
		<span class="n">byte</span> <span class="n">whiteningValue</span> <span class="p">[</span><span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">];</span>
		<span class="n">byte</span> <span class="n">byteBufUnitNo</span> <span class="p">[</span><span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">];</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValues</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValue</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">bufPtr</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">buffer</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">dataUnitBufPtr</span><span class="p">;</span>
		<span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">startBlock</span> <span class="o">=</span> <span class="n">startCipherBlockNo</span><span class="p">,</span> <span class="n">endBlock</span><span class="p">,</span> <span class="n">block</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="k">const</span> <span class="n">finalInt64WhiteningValuesPtr</span> <span class="o">=</span> <span class="n">whiteningValuesPtr64</span> <span class="o">+</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">)</span> <span class="o">/</span> <span class="k">sizeof</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="p">)</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="n">blockCount</span><span class="p">,</span> <span class="n">dataUnitNo</span><span class="p">;</span>

		<span class="n">startDataUnitNo</span> <span class="o">+=</span> <span class="n">SectorOffset</span><span class="p">;</span>

		<span class="cm">/* The encrypted data unit number (i.e. the resultant ciphertext block) is to be multiplied in the</span>
<span class="cm">		finite field GF(2^128) by j-th power of n, where j is the sequential plaintext/ciphertext block</span>
<span class="cm">		number and n is 2, a primitive element of GF(2^128). This can be (and is) simplified and implemented</span>
<span class="cm">		as a left shift of the preceding whitening value by one bit (with carry propagating). In addition, if</span>
<span class="cm">		the shift of the highest byte results in a carry, 135 is XORed into the lowest byte. The value 135 is</span>
<span class="cm">		derived from the modulus of the Galois Field (x^128+x^7+x^2+x+1). */</span>

		<span class="c1">// Convert the 64-bit data unit number into a little-endian 16-byte array. </span>
		<span class="c1">// Note that as we are converting a 64-bit number into a 16-byte array we can always zero the last 8 bytes.</span>
		<span class="n">dataUnitNo</span> <span class="o">=</span> <span class="n">startDataUnitNo</span><span class="p">;</span>
		<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">)</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">dataUnitNo</span><span class="p">);</span>
		<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>

		<span class="k">if</span> <span class="p">(</span><span class="n">length</span> <span class="o">%</span> <span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">)</span>
			<span class="n">TC_THROW_FATAL_EXCEPTION</span><span class="p">;</span>

		<span class="n">blockCount</span> <span class="o">=</span> <span class="n">length</span> <span class="o">/</span> <span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">;</span>

		<span class="c1">// Process all blocks in the buffer</span>
		<span class="k">while</span> <span class="p">(</span><span class="n">blockCount</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="k">if</span> <span class="p">(</span><span class="n">blockCount</span> <span class="o">&lt;</span> <span class="n">BLOCKS_PER_XTS_DATA_UNIT</span><span class="p">)</span>
				<span class="n">endBlock</span> <span class="o">=</span> <span class="n">startBlock</span> <span class="o">+</span> <span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span><span class="p">)</span> <span class="n">blockCount</span><span class="p">;</span>
			<span class="k">else</span>
				<span class="n">endBlock</span> <span class="o">=</span> <span class="n">BLOCKS_PER_XTS_DATA_UNIT</span><span class="p">;</span>

			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>
			<span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValue</span><span class="p">;</span>

			<span class="c1">// Encrypt the data unit number using the secondary key (in order to generate the first </span>
			<span class="c1">// whitening value for this data unit)</span>
			<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">);</span>
			<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
			<span class="n">secondaryCipher</span><span class="p">.</span><span class="n">EncryptBlock</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">);</span>

			<span class="c1">// Generate subsequent whitening values for blocks in this data unit. Note that all generated 128-bit</span>
			<span class="c1">// whitening values are stored in memory as a sequence of 64-bit integers in reverse order.</span>
			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="k">if</span> <span class="p">(</span><span class="n">block</span> <span class="o">&gt;=</span> <span class="n">startBlock</span><span class="p">)</span>
				<span class="p">{</span>
					<span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span> <span class="o">=</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="o">++</span><span class="p">;</span>
					<span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span> <span class="o">=</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">;</span>
				<span class="p">}</span>
				<span class="k">else</span>
					<span class="n">whiteningValuePtr64</span><span class="o">++</span><span class="p">;</span>

				<span class="c1">// Derive the next whitening value</span>

<span class="cp">#if BYTE_ORDER == LITTLE_ENDIAN</span>

				<span class="c1">// Little-endian platforms</span>

				<span class="n">finalCarry</span> <span class="o">=</span> 
					<span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x8000000000000000ULL</span><span class="p">)</span> <span class="o">?</span>
					<span class="mi">135</span> <span class="o">:</span> <span class="mi">0</span><span class="p">;</span>

				<span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="o">--</span> <span class="o">&lt;&lt;=</span> <span class="mi">1</span><span class="p">;</span>

				<span class="k">if</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x8000000000000000ULL</span><span class="p">)</span>
					<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">|=</span> <span class="mi">1</span><span class="p">;</span>	

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&lt;&lt;=</span> <span class="mi">1</span><span class="p">;</span>
<span class="cp">#else</span>

				<span class="c1">// Big-endian platforms</span>

				<span class="n">finalCarry</span> <span class="o">=</span> 
					<span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x80</span><span class="p">)</span> <span class="o">?</span>
					<span class="mi">135</span> <span class="o">:</span> <span class="mi">0</span><span class="p">;</span>

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="mi">1</span><span class="p">);</span>

				<span class="n">whiteningValuePtr64</span><span class="o">--</span><span class="p">;</span>

				<span class="k">if</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x80</span><span class="p">)</span>
					<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">|=</span> <span class="mh">0x0100000000000000ULL</span><span class="p">;</span>	

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="mi">1</span><span class="p">);</span>
<span class="cp">#endif</span>

				<span class="n">whiteningValue</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">^=</span> <span class="n">finalCarry</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="n">dataUnitBufPtr</span> <span class="o">=</span> <span class="n">bufPtr</span><span class="p">;</span>
			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>

			<span class="c1">// Encrypt all blocks in this data unit</span>

			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="n">startBlock</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="c1">// Pre-whitening</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="c1">// Actual encryption</span>
			<span class="n">cipher</span><span class="p">.</span><span class="n">EncryptBlocks</span> <span class="p">((</span><span class="n">byte</span> <span class="o">*</span><span class="p">)</span> <span class="n">dataUnitBufPtr</span><span class="p">,</span> <span class="n">endBlock</span> <span class="o">-</span> <span class="n">startBlock</span><span class="p">);</span>

			<span class="n">bufPtr</span> <span class="o">=</span> <span class="n">dataUnitBufPtr</span><span class="p">;</span>
			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>

			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="n">startBlock</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="c1">// Post-whitening</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="n">blockCount</span> <span class="o">-=</span> <span class="n">endBlock</span> <span class="o">-</span> <span class="n">startBlock</span><span class="p">;</span>
			<span class="n">startBlock</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
			<span class="n">dataUnitNo</span><span class="o">++</span><span class="p">;</span>
			<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">)</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">dataUnitNo</span><span class="p">);</span>
		<span class="p">}</span>

		<span class="n">FAST_ERASE64</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">,</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">));</span>
		<span class="n">FAST_ERASE64</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">,</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">));</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">EncryptSectorsCurrentThread</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">sectorIndex</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">sectorCount</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">sectorSize</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">EncryptBuffer</span> <span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">sectorCount</span> <span class="o">*</span> <span class="n">sectorSize</span><span class="p">,</span> <span class="n">sectorIndex</span> <span class="o">*</span> <span class="n">sectorSize</span> <span class="o">/</span> <span class="n">ENCRYPTION_DATA_UNIT_SIZE</span><span class="p">);</span>
	<span class="p">}</span>
	
	<span class="kt">size_t</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">GetKeySize</span> <span class="p">()</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="k">if</span> <span class="p">(</span><span class="n">Ciphers</span><span class="p">.</span><span class="n">empty</span><span class="p">())</span>
			<span class="k">throw</span> <span class="n">NotInitialized</span> <span class="p">(</span><span class="n">SRC_POS</span><span class="p">);</span>
		
		<span class="kt">size_t</span> <span class="n">keySize</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
		<span class="n">foreach_ref</span> <span class="p">(</span><span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">cipher</span><span class="p">,</span> <span class="n">SecondaryCiphers</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="n">keySize</span> <span class="o">+=</span> <span class="n">cipher</span><span class="p">.</span><span class="n">GetKeySize</span><span class="p">();</span>
		<span class="p">}</span>

		<span class="k">return</span> <span class="n">keySize</span><span class="p">;</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">Decrypt</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">DecryptBuffer</span> <span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">length</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">DecryptBuffer</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">startDataUnitNo</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">if_debug</span> <span class="p">(</span><span class="n">ValidateState</span><span class="p">());</span>

		<span class="n">CipherList</span><span class="o">::</span><span class="n">const_iterator</span> <span class="n">iSecondaryCipher</span> <span class="o">=</span> <span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">end</span><span class="p">();</span>

		<span class="k">for</span> <span class="p">(</span><span class="n">CipherList</span><span class="o">::</span><span class="n">const_reverse_iterator</span> <span class="n">iCipher</span> <span class="o">=</span> <span class="n">Ciphers</span><span class="p">.</span><span class="n">rbegin</span><span class="p">();</span> <span class="n">iCipher</span> <span class="o">!=</span> <span class="n">Ciphers</span><span class="p">.</span><span class="n">rend</span><span class="p">();</span> <span class="o">++</span><span class="n">iCipher</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="o">--</span><span class="n">iSecondaryCipher</span><span class="p">;</span>
			<span class="n">DecryptBufferXTS</span> <span class="p">(</span><span class="o">**</span><span class="n">iCipher</span><span class="p">,</span> <span class="o">**</span><span class="n">iSecondaryCipher</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">length</span><span class="p">,</span> <span class="n">startDataUnitNo</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span>
		<span class="p">}</span>

		<span class="n">assert</span> <span class="p">(</span><span class="n">iSecondaryCipher</span> <span class="o">==</span> <span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">begin</span><span class="p">());</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">DecryptBufferXTS</span> <span class="p">(</span><span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">cipher</span><span class="p">,</span> <span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">secondaryCipher</span><span class="p">,</span> <span class="n">byte</span> <span class="o">*</span><span class="n">buffer</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">length</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">startDataUnitNo</span><span class="p">,</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">startCipherBlockNo</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">byte</span> <span class="n">finalCarry</span><span class="p">;</span>
		<span class="n">byte</span> <span class="n">whiteningValues</span> <span class="p">[</span><span class="n">ENCRYPTION_DATA_UNIT_SIZE</span><span class="p">];</span>
		<span class="n">byte</span> <span class="n">whiteningValue</span> <span class="p">[</span><span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">];</span>
		<span class="n">byte</span> <span class="n">byteBufUnitNo</span> <span class="p">[</span><span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">];</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValues</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValue</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">bufPtr</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">buffer</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="n">dataUnitBufPtr</span><span class="p">;</span>
		<span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">startBlock</span> <span class="o">=</span> <span class="n">startCipherBlockNo</span><span class="p">,</span> <span class="n">endBlock</span><span class="p">,</span> <span class="n">block</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="o">*</span><span class="k">const</span> <span class="n">finalInt64WhiteningValuesPtr</span> <span class="o">=</span> <span class="n">whiteningValuesPtr64</span> <span class="o">+</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">)</span> <span class="o">/</span> <span class="k">sizeof</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="p">)</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span>
		<span class="n">uint64</span> <span class="n">blockCount</span><span class="p">,</span> <span class="n">dataUnitNo</span><span class="p">;</span>

		<span class="n">startDataUnitNo</span> <span class="o">+=</span> <span class="n">SectorOffset</span><span class="p">;</span>

		<span class="c1">// Convert the 64-bit data unit number into a little-endian 16-byte array. </span>
		<span class="c1">// Note that as we are converting a 64-bit number into a 16-byte array we can always zero the last 8 bytes.</span>
		<span class="n">dataUnitNo</span> <span class="o">=</span> <span class="n">startDataUnitNo</span><span class="p">;</span>
		<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">)</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">dataUnitNo</span><span class="p">);</span>
		<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>

		<span class="k">if</span> <span class="p">(</span><span class="n">length</span> <span class="o">%</span> <span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">)</span>
			<span class="n">TC_THROW_FATAL_EXCEPTION</span><span class="p">;</span>

		<span class="n">blockCount</span> <span class="o">=</span> <span class="n">length</span> <span class="o">/</span> <span class="n">BYTES_PER_XTS_BLOCK</span><span class="p">;</span>

		<span class="c1">// Process all blocks in the buffer</span>
		<span class="k">while</span> <span class="p">(</span><span class="n">blockCount</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="k">if</span> <span class="p">(</span><span class="n">blockCount</span> <span class="o">&lt;</span> <span class="n">BLOCKS_PER_XTS_DATA_UNIT</span><span class="p">)</span>
				<span class="n">endBlock</span> <span class="o">=</span> <span class="n">startBlock</span> <span class="o">+</span> <span class="p">(</span><span class="kt">unsigned</span> <span class="kt">int</span><span class="p">)</span> <span class="n">blockCount</span><span class="p">;</span>
			<span class="k">else</span>
				<span class="n">endBlock</span> <span class="o">=</span> <span class="n">BLOCKS_PER_XTS_DATA_UNIT</span><span class="p">;</span>

			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>
			<span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="p">(</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">whiteningValue</span><span class="p">;</span>

			<span class="c1">// Encrypt the data unit number using the secondary key (in order to generate the first </span>
			<span class="c1">// whitening value for this data unit)</span>
			<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">);</span>
			<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
			<span class="n">secondaryCipher</span><span class="p">.</span><span class="n">EncryptBlock</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">);</span>

			<span class="c1">// Generate subsequent whitening values for blocks in this data unit. Note that all generated 128-bit</span>
			<span class="c1">// whitening values are stored in memory as a sequence of 64-bit integers in reverse order.</span>
			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="k">if</span> <span class="p">(</span><span class="n">block</span> <span class="o">&gt;=</span> <span class="n">startBlock</span><span class="p">)</span>
				<span class="p">{</span>
					<span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span> <span class="o">=</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="o">++</span><span class="p">;</span>
					<span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span> <span class="o">=</span> <span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">;</span>
				<span class="p">}</span>
				<span class="k">else</span>
					<span class="n">whiteningValuePtr64</span><span class="o">++</span><span class="p">;</span>

				<span class="c1">// Derive the next whitening value</span>

<span class="cp">#if BYTE_ORDER == LITTLE_ENDIAN</span>

				<span class="c1">// Little-endian platforms</span>

				<span class="n">finalCarry</span> <span class="o">=</span> 
					<span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x8000000000000000ULL</span><span class="p">)</span> <span class="o">?</span>
					<span class="mi">135</span> <span class="o">:</span> <span class="mi">0</span><span class="p">;</span>

				<span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="o">--</span> <span class="o">&lt;&lt;=</span> <span class="mi">1</span><span class="p">;</span>

				<span class="k">if</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x8000000000000000ULL</span><span class="p">)</span>
					<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">|=</span> <span class="mi">1</span><span class="p">;</span>	

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&lt;&lt;=</span> <span class="mi">1</span><span class="p">;</span>

<span class="cp">#else</span>
				<span class="c1">// Big-endian platforms</span>

				<span class="n">finalCarry</span> <span class="o">=</span> 
					<span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x80</span><span class="p">)</span> <span class="o">?</span>
					<span class="mi">135</span> <span class="o">:</span> <span class="mi">0</span><span class="p">;</span>

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="mi">1</span><span class="p">);</span>

				<span class="n">whiteningValuePtr64</span><span class="o">--</span><span class="p">;</span>

				<span class="k">if</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">&amp;</span> <span class="mh">0x80</span><span class="p">)</span>
					<span class="o">*</span><span class="p">(</span><span class="n">whiteningValuePtr64</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">|=</span> <span class="mh">0x0100000000000000ULL</span><span class="p">;</span>	

				<span class="o">*</span><span class="n">whiteningValuePtr64</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="o">*</span><span class="n">whiteningValuePtr64</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="mi">1</span><span class="p">);</span>
<span class="cp">#endif</span>

				<span class="n">whiteningValue</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">^=</span> <span class="n">finalCarry</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="n">dataUnitBufPtr</span> <span class="o">=</span> <span class="n">bufPtr</span><span class="p">;</span>
			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>

			<span class="c1">// Decrypt blocks in this data unit</span>

			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="n">startBlock</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="n">cipher</span><span class="p">.</span><span class="n">DecryptBlocks</span> <span class="p">((</span><span class="n">byte</span> <span class="o">*</span><span class="p">)</span> <span class="n">dataUnitBufPtr</span><span class="p">,</span> <span class="n">endBlock</span> <span class="o">-</span> <span class="n">startBlock</span><span class="p">);</span>

			<span class="n">bufPtr</span> <span class="o">=</span> <span class="n">dataUnitBufPtr</span><span class="p">;</span>
			<span class="n">whiteningValuesPtr64</span> <span class="o">=</span> <span class="n">finalInt64WhiteningValuesPtr</span><span class="p">;</span>

			<span class="k">for</span> <span class="p">(</span><span class="n">block</span> <span class="o">=</span> <span class="n">startBlock</span><span class="p">;</span> <span class="n">block</span> <span class="o">&lt;</span> <span class="n">endBlock</span><span class="p">;</span> <span class="n">block</span><span class="o">++</span><span class="p">)</span>
			<span class="p">{</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
				<span class="o">*</span><span class="n">bufPtr</span><span class="o">++</span> <span class="o">^=</span> <span class="o">*</span><span class="n">whiteningValuesPtr64</span><span class="o">--</span><span class="p">;</span>
			<span class="p">}</span>

			<span class="n">blockCount</span> <span class="o">-=</span> <span class="n">endBlock</span> <span class="o">-</span> <span class="n">startBlock</span><span class="p">;</span>
			<span class="n">startBlock</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
			<span class="n">dataUnitNo</span><span class="o">++</span><span class="p">;</span>

			<span class="o">*</span><span class="p">((</span><span class="n">uint64</span> <span class="o">*</span><span class="p">)</span> <span class="n">byteBufUnitNo</span><span class="p">)</span> <span class="o">=</span> <span class="n">Endian</span><span class="o">::</span><span class="n">Little</span> <span class="p">(</span><span class="n">dataUnitNo</span><span class="p">);</span>
		<span class="p">}</span>

		<span class="n">FAST_ERASE64</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">,</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValue</span><span class="p">));</span>
		<span class="n">FAST_ERASE64</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">,</span> <span class="k">sizeof</span> <span class="p">(</span><span class="n">whiteningValues</span><span class="p">));</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">DecryptSectorsCurrentThread</span> <span class="p">(</span><span class="n">byte</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">sectorIndex</span><span class="p">,</span> <span class="n">uint64</span> <span class="n">sectorCount</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">sectorSize</span><span class="p">)</span> <span class="k">const</span>
	<span class="p">{</span>
		<span class="n">DecryptBuffer</span> <span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">sectorCount</span> <span class="o">*</span> <span class="n">sectorSize</span><span class="p">,</span> <span class="n">sectorIndex</span> <span class="o">*</span> <span class="n">sectorSize</span> <span class="o">/</span> <span class="n">ENCRYPTION_DATA_UNIT_SIZE</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">SetCiphers</span> <span class="p">(</span><span class="k">const</span> <span class="n">CipherList</span> <span class="o">&amp;</span><span class="n">ciphers</span><span class="p">)</span>
	<span class="p">{</span>
		<span class="n">EncryptionMode</span><span class="o">::</span><span class="n">SetCiphers</span> <span class="p">(</span><span class="n">ciphers</span><span class="p">);</span>

		<span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">clear</span><span class="p">();</span>

		<span class="n">foreach_ref</span> <span class="p">(</span><span class="k">const</span> <span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">cipher</span><span class="p">,</span> <span class="n">ciphers</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">push_back</span> <span class="p">(</span><span class="n">cipher</span><span class="p">.</span><span class="n">GetNew</span><span class="p">());</span>
		<span class="p">}</span>

		<span class="k">if</span> <span class="p">(</span><span class="n">SecondaryKey</span><span class="p">.</span><span class="n">Size</span><span class="p">()</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span>
			<span class="n">SetSecondaryCipherKeys</span><span class="p">();</span>
	<span class="p">}</span>

	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">SetKey</span> <span class="p">(</span><span class="k">const</span> <span class="n">ConstBufferPtr</span> <span class="o">&amp;</span><span class="n">key</span><span class="p">)</span>
	<span class="p">{</span>
		<span class="n">SecondaryKey</span><span class="p">.</span><span class="n">Allocate</span> <span class="p">(</span><span class="n">key</span><span class="p">.</span><span class="n">Size</span><span class="p">());</span>
		<span class="n">SecondaryKey</span><span class="p">.</span><span class="n">CopyFrom</span> <span class="p">(</span><span class="n">key</span><span class="p">);</span>

		<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">SecondaryCiphers</span><span class="p">.</span><span class="n">empty</span><span class="p">())</span>
			<span class="n">SetSecondaryCipherKeys</span><span class="p">();</span>
	<span class="p">}</span>
	
	<span class="kt">void</span> <span class="n">EncryptionModeXTS</span><span class="o">::</span><span class="n">SetSecondaryCipherKeys</span> <span class="p">()</span>
	<span class="p">{</span>
		<span class="kt">size_t</span> <span class="n">keyOffset</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
		<span class="n">foreach_ref</span> <span class="p">(</span><span class="n">Cipher</span> <span class="o">&amp;</span><span class="n">cipher</span><span class="p">,</span> <span class="n">SecondaryCiphers</span><span class="p">)</span>
		<span class="p">{</span>
			<span class="n">cipher</span><span class="p">.</span><span class="n">SetKey</span> <span class="p">(</span><span class="n">SecondaryKey</span><span class="p">.</span><span class="n">GetRange</span> <span class="p">(</span><span class="n">keyOffset</span><span class="p">,</span> <span class="n">cipher</span><span class="p">.</span><span class="n">GetKeySize</span><span class="p">()));</span>
			<span class="n">keyOffset</span> <span class="o">+=</span> <span class="n">cipher</span><span class="p">.</span><span class="n">GetKeySize</span><span class="p">();</span>
		<span class="p">}</span>

		<span class="n">KeySet</span> <span class="o">=</span> <span class="nb">true</span><span class="p">;</span>
	<span class="p">}</span>
<span class="p">}</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
</div> <!-- id=cgit -->
</body></html>