trn
/
gfcp
zrcadlo git://github.com/johnsonjh/gfcp


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510
							// Copyright © 2015 Daniel Fu <daniel820313@gmail.com>.
// Copyright © 2019 Loki 'l0k18' Verloren <stalker.loki@protonmail.ch>.
// Copyright © 2020 Gridfinity, LLC. <admin@gridfinity.com>.
// Copyright © 2020 Jeffrey H. Johnson <jeff@gridfinity.com>.
//
// All rights reserved.
//
// All use of this code is governed by the MIT license.
// The complete license is available in the LICENSE file.

package lkcp9 // import "go.gridfinity.dev/lkcp9"

import (
	"crypto/aes"
	"crypto/cipher"
	"hash/fnv"

	"github.com/templexxx/xor"
	"github.com/tjfoc/gmsm/sm4"

	"golang.org/x/crypto/pbkdf2"
	"golang.org/x/crypto/salsa20"
)

const (
	chunk = 64
)

var (
	initialVector = []byte{
		167, 115, 79, 156,
		18, 172, 27, 1,
		164, 21, 242, 193,
		252, 120, 230, 107,
	}
	saltxor = `sH3CIVoF#rWLtJo6`
)

type digest struct {
	h   [5]uint32
	x   [chunk]byte
	nx  int
	len uint64
}

// BlockCrypt defines crypto methods for a given byte slice
type BlockCrypt interface {
	Encrypt(
		dst,
		src []byte,
	)
	Decrypt(
		dst,
		src []byte,
	)
}

type salsa20BlockCrypt struct {
	key [32]byte
}

// NewSalsa20BlockCrypt function
func NewSalsa20BlockCrypt(
	key []byte,
) (
	BlockCrypt,
	error,
) {
	c := new(
		salsa20BlockCrypt,
	)
	copy(
		c.key[:],
		key,
	)
	return c, nil
}

func (
	c *salsa20BlockCrypt,
) Encrypt(
	dst,
	src []byte,
) {
	salsa20.XORKeyStream(
		dst[8:],
		src[8:],
		src[:8],
		&c.key)
	copy(
		dst[:8],
		src[:8],
	)
}

func (
	c *salsa20BlockCrypt,
) Decrypt(
	dst,
	src []byte,
) {
	salsa20.XORKeyStream(
		dst[8:],
		src[8:],
		src[:8],
		&c.key)
	copy(
		dst[:8],
		src[:8],
	)
}

type sm4BlockCrypt struct {
	encbuf [sm4.BlockSize]byte
	decbuf [2 * sm4.BlockSize]byte
	block  cipher.Block
}

// NewSM4BlockCrypt function
func NewSM4BlockCrypt(
	key []byte,
) (
	BlockCrypt,
	error,
) {
	c := new(
		sm4BlockCrypt,
	)
	block, err := sm4.NewCipher(
		key,
	)
	if err != nil {
		return nil, err
	}
	c.block = block
	return c, nil
}

func (
	c *sm4BlockCrypt,
) Encrypt(
	dst,
	src []byte,
) {
	encrypt(
		c.block,
		dst,
		src,
		c.encbuf[:],
	)
}

func (
	c *sm4BlockCrypt,
) Decrypt(
	dst,
	src []byte,
) {
	decrypt(
		c.block,
		dst,
		src,
		c.decbuf[:],
	)
}

type aesBlockCrypt struct {
	encbuf [aes.BlockSize]byte
	decbuf [2 * aes.BlockSize]byte
	block  cipher.Block
}

// NewAESBlockCrypt function
func NewAESBlockCrypt(
	key []byte,
) (
	BlockCrypt,
	error,
) {
	c := new(
		aesBlockCrypt,
	)
	block, err := aes.NewCipher(
		key,
	)
	if err != nil {
		return nil, err
	}
	c.block = block
	return c, nil
}

func (
	c *aesBlockCrypt,
) Encrypt(
	dst,
	src []byte,
) {
	encrypt(
		c.block,
		dst,
		src,
		c.encbuf[:],
	)
}

func (
	c *aesBlockCrypt,
) Decrypt(
	dst,
	src []byte,
) {
	decrypt(
		c.block,
		dst,
		src,
		c.decbuf[:],
	)
}

type simpleXORBlockCrypt struct {
	xortbl []byte
}

// NewSimpleXORBlockCrypt function
func NewSimpleXORBlockCrypt(
	key []byte,
) (
	BlockCrypt,
	error,
) {
	c := new(
		simpleXORBlockCrypt,
	)
	c.xortbl = pbkdf2.Key(
		key,
		[]byte(saltxor),
		32,
		KcpMtuLimit,
		fnv.New128a,
	)
	return c, nil
}

func (
	c *simpleXORBlockCrypt,
) Encrypt(
	dst,
	src []byte,
) {
	xor.Bytes(
		dst,
		src,
		c.xortbl,
	)
}

func (
	c *simpleXORBlockCrypt,
) Decrypt(
	dst,
	src []byte,
) {
	xor.Bytes(
		dst,
		src,
		c.xortbl,
	)
}

type noneBlockCrypt struct{}

// NewNoneBlockCrypt function (null encryption)
func NewNoneBlockCrypt(
	key []byte,
) (
	BlockCrypt,
	error,
) {
	return new(
		noneBlockCrypt,
	), nil
}

func (
	c *noneBlockCrypt,
) Encrypt(
	dst,
	src []byte,
) {
	copy(
		dst,
		src,
	)
}

func (
	c *noneBlockCrypt,
) Decrypt(
	dst,
	src []byte,
) {
	copy(
		dst,
		src,
	)
}

func encrypt(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	switch block.BlockSize() {
	case 8:
		encrypt8(block, dst, src, buf)
	case 16:
		encrypt16(block, dst, src, buf)
	default:
		encryptVariant(block, dst, src, buf)
	}
}

func encrypt8(block cipher.Block, dst, src, buf []byte) {
	tbl := buf[:8]
	block.Encrypt(tbl, initialVector)
	n := len(
		src,
	) / 8
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		s := src[base:][0:64]
		d := dst[base:][0:64]
		xor.BytesSrc1(
			d[0:8],
			s[0:8],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[0:8],
		)
		xor.BytesSrc1(
			d[8:16],
			s[8:16],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[8:16],
		)
		xor.BytesSrc1(
			d[16:24],
			s[16:24],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[16:24],
		)
		xor.BytesSrc1(
			d[24:32],
			s[24:32],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[24:32],
		)
		xor.BytesSrc1(
			d[32:40],
			s[32:40],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[32:40],
		)
		xor.BytesSrc1(
			d[40:48],
			s[40:48],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[40:48],
		)
		xor.BytesSrc1(
			d[48:56],
			s[48:56],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[48:56],
		)
		xor.BytesSrc1(
			d[56:64],
			s[56:64],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[56:64],
		)
		base += 64
	}
	switch left {
	case 7:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 8
		fallthrough
	case 6:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 8
		fallthrough
	case 5:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 8
		fallthrough
	case 4:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 8
		fallthrough
	case 3:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 8
		fallthrough
	case 2:
		xor.BytesSrc1(dst[base:], src[base:], tbl)
		block.Encrypt(tbl, dst[base:])
		base += 8
		fallthrough
	case 1:
		xor.BytesSrc1(dst[base:], src[base:], tbl)
		block.Encrypt(tbl, dst[base:])
		base += 8
		fallthrough
	case 0:
		xor.BytesSrc0(dst[base:], src[base:], tbl)
	}
}

func encrypt16(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	tbl := buf[:16]
	block.Encrypt(
		tbl,
		initialVector,
	)
	n := len(
		src,
	) / 16
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		s := src[base:][0:128]
		d := dst[base:][0:128]
		xor.BytesSrc1(
			d[0:16],
			s[0:16],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[0:16],
		)
		xor.BytesSrc1(
			d[16:32],
			s[16:32],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[16:32],
		)
		xor.BytesSrc1(
			d[32:48],
			s[32:48],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[32:48],
		)
		xor.BytesSrc1(
			d[48:64],
			s[48:64],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[48:64],
		)
		xor.BytesSrc1(
			d[64:80],
			s[64:80],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[64:80],
		)
		xor.BytesSrc1(
			d[80:96],
			s[80:96],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[80:96],
		)
		xor.BytesSrc1(
			d[96:112],
			s[96:112],
			tbl,
		)
		block.Encrypt(
			tbl,
			d[96:112],
		)
		xor.BytesSrc1(
			d[112:128],
			s[112:128],
			tbl,
		)
		block.Encrypt(tbl, d[112:128])
		base += 128
	}
	switch left {
	case 7:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 6:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 5:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 4:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 3:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 2:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 1:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += 16
		fallthrough
	case 0:
		xor.BytesSrc0(dst[base:], src[base:], tbl)
	}
}

func encryptVariant(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	blocksize := block.BlockSize()
	tbl := buf[:blocksize]
	block.Encrypt(
		tbl,
		initialVector,
	)
	n := len(
		src,
	) / blocksize
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
	}
	switch left {
	case 7:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 6:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 5:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 4:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 3:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 2:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 1:
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		block.Encrypt(
			tbl,
			dst[base:],
		)
		base += blocksize
		fallthrough
	case 0:
		xor.BytesSrc0(
			dst[base:],
			src[base:],
			tbl,
		)
	}
}

func decrypt(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	switch block.BlockSize() {
	case 8:
		decrypt8(
			block,
			dst,
			src,
			buf,
		)
	case 16:
		decrypt16(
			block,
			dst,
			src,
			buf,
		)
	default:
		decryptVariant(
			block,
			dst,
			src,
			buf,
		)
	}
}

func decrypt8(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	tbl := buf[0:8]
	next := buf[8:16]
	block.Encrypt(
		tbl,
		initialVector,
	)
	n := len(
		src,
	) / 8
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		s := src[base:][0:64]
		d := dst[base:][0:64]
		block.Encrypt(
			next,
			s[0:8],
		)
		xor.BytesSrc1(
			d[0:8],
			s[0:8],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[8:16],
		)
		xor.BytesSrc1(
			d[8:16],
			s[8:16],
			next,
		)
		block.Encrypt(
			next,
			s[16:24],
		)
		xor.BytesSrc1(
			d[16:24],
			s[16:24],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[24:32],
		)
		xor.BytesSrc1(
			d[24:32],
			s[24:32],
			next,
		)
		block.Encrypt(
			next,
			s[32:40],
		)
		xor.BytesSrc1(
			d[32:40],
			s[32:40],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[40:48],
		)
		xor.BytesSrc1(
			d[40:48],
			s[40:48],
			next,
		)
		block.Encrypt(
			next,
			s[48:56],
		)
		xor.BytesSrc1(
			d[48:56],
			s[48:56],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[56:64],
		)
		xor.BytesSrc1(
			d[56:64],
			s[56:64],
			next,
		)
		base += 64
	}
	switch left {
	case 7:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 8
		fallthrough
	case 6:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 8
		fallthrough
	case 5:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += 8
		fallthrough
	case 4:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 8
		fallthrough
	case 3:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(dst[base:], src[base:], tbl)
		tbl, next = next, tbl
		base += 8
		fallthrough
	case 2:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 8
		fallthrough
	case 1:
		block.Encrypt(next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 8
		fallthrough
	case 0:
		xor.BytesSrc0(
			dst[base:],
			src[base:],
			tbl,
		)
	}
}

func decrypt16(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	tbl := buf[0:16]
	next := buf[16:32]
	block.Encrypt(
		tbl,
		initialVector,
	)
	n := len(
		src,
	) / 16
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		s := src[base:][0:128]
		d := dst[base:][0:128]
		block.Encrypt(
			next,
			s[0:16],
		)
		xor.BytesSrc1(
			d[0:16],
			s[0:16],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[16:32],
		)
		xor.BytesSrc1(
			d[16:32],
			s[16:32],
			next,
		)
		block.Encrypt(
			next,
			s[32:48],
		)
		xor.BytesSrc1(
			d[32:48],
			s[32:48],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[48:64],
		)
		xor.BytesSrc1(
			d[48:64],
			s[48:64],
			next,
		)
		block.Encrypt(
			next,
			s[64:80],
		)
		xor.BytesSrc1(
			d[64:80],
			s[64:80],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[80:96],
		)
		xor.BytesSrc1(
			d[80:96],
			s[80:96],
			next,
		)
		block.Encrypt(
			next,
			s[96:112],
		)
		xor.BytesSrc1(
			d[96:112],
			s[96:112],
			tbl,
		)
		block.Encrypt(
			tbl,
			s[112:128],
		)
		xor.BytesSrc1(
			d[112:128],
			s[112:128],
			next,
		)
		base += 128
	}
	switch left {
	case 7:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 6:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += 16
		fallthrough
	case 5:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 4:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 3:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 2:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 1:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += 16
		fallthrough
	case 0:
		xor.BytesSrc0(
			dst[base:],
			src[base:],
			tbl,
		)
	}
}

func decryptVariant(
	block cipher.Block,
	dst,
	src,
	buf []byte,
) {
	blocksize := block.BlockSize()
	tbl := buf[:blocksize]
	next := buf[blocksize:]
	block.Encrypt(
		tbl,
		initialVector,
	)
	n := len(
		src,
	) / blocksize
	base := 0
	repeat := n / 8
	left := n % 8
	for i := 0; i < repeat; i++ {
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		base += blocksize
		block.Encrypt(
			tbl,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			next,
		)
		base += blocksize
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		base += blocksize
		block.Encrypt(
			tbl,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			next,
		)
		base += blocksize
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		base += blocksize
		block.Encrypt(
			tbl,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			next,
		)
		base += blocksize
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		base += blocksize
		block.Encrypt(
			tbl,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			next,
		)
		base += blocksize
	}

	switch left {
	case 7:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += blocksize
		fallthrough
	case 6:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += blocksize
		fallthrough
	case 5:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl,
			next = next,
			tbl
		base += blocksize
		fallthrough
	case 4:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += blocksize
		fallthrough
	case 3:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += blocksize
		fallthrough
	case 2:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += blocksize
		fallthrough
	case 1:
		block.Encrypt(
			next,
			src[base:],
		)
		xor.BytesSrc1(
			dst[base:],
			src[base:],
			tbl,
		)
		tbl, next = next, tbl
		base += blocksize
		fallthrough
	case 0:
		xor.BytesSrc0(
			dst[base:],
			src[base:],
			tbl,
		)
	}
}