Refactor on Engines around xor

gefeili · gefeili · commit 63916346a1fe · 2025-01-28T10:52:15.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java
@@ -2,6 +2,8 @@
 
 import java.util.Arrays;
 
+import org.bouncycastle.util.Bytes;
+
 /**
  * Elephant AEAD v2, based on the current round 3 submission, https://www.esat.kuleuven.be/cosic/elephant/
  * Reference C implementation: https://github.com/TimBeyne/Elephant
@@ -283,14 +285,6 @@ private void lfsr_step()
         System.arraycopy(current_mask, 1, next_mask, 0, BlockSize - 1);
     }
 
-    private void xor_block(byte[] state, byte[] block, int bOff, int size)
-    {
-        for (int i = 0; i < size; ++i)
-        {
-            state[i] ^= block[i + bOff];
-        }
-    }
-
     @Override
     protected void init(byte[] k, byte[] iv)
         throws IllegalArgumentException
@@ -349,13 +343,13 @@ private void computerCipherBlock(byte[] input, int inOff, int blockSize, byte[]
     {
         System.arraycopy(npub, 0, buffer, 0, IV_SIZE);
         Arrays.fill(buffer, IV_SIZE, BlockSize, (byte)0);
-        xor_block(buffer, current_mask, 0, BlockSize);
-        xor_block(buffer, next_mask, 0, BlockSize);
+        Bytes.xorTo(BlockSize, current_mask, buffer);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
         instance.permutation(buffer);
-        xor_block(buffer, current_mask, 0, BlockSize);
-        xor_block(buffer, next_mask, 0, BlockSize);
+        Bytes.xorTo(BlockSize, current_mask, buffer);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
 
-        xor_block(buffer, input, inOff, blockSize);
+        Bytes.xorTo(blockSize, input, inOff, buffer);
         System.arraycopy(buffer, 0, output, outOff, blockSize);
     }
 
@@ -370,20 +364,20 @@ private void swapMasks()
     private void absorbAAD()
     {
         processAADBytes(buffer);
-        xor_block(buffer, next_mask, 0, BlockSize);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
         instance.permutation(buffer);
-        xor_block(buffer, next_mask, 0, BlockSize);
-        xor_block(tag_buffer, buffer, 0, BlockSize);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
+        Bytes.xorTo(BlockSize, buffer, tag_buffer);
     }
 
     private void absorbCiphertext()
     {
-        xor_block(buffer, previous_mask, 0, BlockSize);
-        xor_block(buffer, next_mask, 0, BlockSize);
+        Bytes.xorTo(BlockSize, previous_mask, buffer);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
         instance.permutation(buffer);
-        xor_block(buffer, previous_mask, 0, BlockSize);
-        xor_block(buffer, next_mask, 0, BlockSize);
-        xor_block(tag_buffer, buffer, 0, BlockSize);
+        Bytes.xorTo(BlockSize, previous_mask, buffer);
+        Bytes.xorTo(BlockSize, next_mask, buffer);
+        Bytes.xorTo(BlockSize, buffer, tag_buffer);
     }
 
     protected void processFinalBlock(byte[] output, int outOff)
@@ -396,9 +390,9 @@ protected void processFinalBlock(byte[] output, int outOff)
         int nb_it = Math.max(nblocks_c + 1, nblocks_ad - 1);
         processBytes(m_buf, output, outOff, nb_it, nblocks_m, nblocks_c, mlen, nblocks_ad);
         mac = new byte[MAC_SIZE];
-        xor_block(tag_buffer, expanded_key, 0, BlockSize);
+        Bytes.xorTo(BlockSize, expanded_key, tag_buffer);
         instance.permutation(tag_buffer);
-        xor_block(tag_buffer, expanded_key, 0, BlockSize);
+        Bytes.xorTo(BlockSize, expanded_key, tag_buffer);
         System.arraycopy(tag_buffer, 0, mac, 0, MAC_SIZE);
     }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/GiftCofbEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/GiftCofbEngine.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.engines;
 
+import org.bouncycastle.util.Bytes;
+
 /**
  * GIFT-COFB v1.1, based on the current round 3 submission, https://www.isical.ac.in/~lightweight/COFB/
  * Reference C implementation: https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-submissions/elephant.zip
@@ -114,20 +116,9 @@ private void giftb128(byte[] P, byte[] K, byte[] C)
         C[15] = (byte)(S[3]);
     }
 
-    private void xor_block(byte[] d, int dOff, byte[] s1, byte[] s2, int s2Off, int no_of_bytes)
-    {
-        for (int i = 0; i < no_of_bytes; i++)
-        {
-            d[i + dOff] = (byte)(s1[i] ^ s2[i + s2Off]);
-        }
-    }
-
     private void xor_topbar_block(byte[] d, byte[] s1, byte[] s2)
     {
-        for (int i = 0; i < 8; i++)
-        {
-            d[i] = (byte)(s1[i] ^ s2[i]);
-        }
+        Bytes.xor(8, s1, s2, d);
         System.arraycopy(s1, 8, d, 8, 8);
     }
 
@@ -148,10 +139,7 @@ private void triple_half_block(byte[] d, byte[] s)
     {
         byte[] tmp = new byte[8];
         double_half_block(tmp, s);
-        for (int i = 0; i < 8; i++)
-        {
-            d[i] = (byte)(s[i] ^ tmp[i]);
-        }
+        Bytes.xor(8, s, tmp, d);
     }
 
     private void pho1(byte[] d, byte[] Y, byte[] M, int mOff, int no_of_bytes)
@@ -182,18 +170,19 @@ else if (no_of_bytes < 16)
         }
         tmp[15] = (byte)((Y[7] & 0xFF) << 1 | (Y[0] & 0xFF) >>> 7);
         System.arraycopy(tmp, 0, Y, 0, 16);
-        xor_block(d, 0, Y, tmpM, 0, 16);
+        Bytes.xor(16, Y, tmpM, d);
     }
 
     private void pho(byte[] Y, byte[] M, int mOff, byte[] X, byte[] C, int cOff, int no_of_bytes)
     {
-        xor_block(C, cOff, Y, M, mOff, no_of_bytes);
+        Bytes.xor(no_of_bytes, Y, M, mOff, C, cOff);
         pho1(X, Y, M, mOff, no_of_bytes);
     }
 
     private void phoprime(byte[] Y, byte[] C, int cOff, byte[] X, byte[] M, int mOff, int no_of_bytes)
     {
-        xor_block(M, mOff, Y, C, cOff, no_of_bytes);
+        Bytes.xor(no_of_bytes, Y, C, cOff, M, mOff);
+        //xor_block(M, mOff, Y, C, cOff, no_of_bytes);
         pho1(X, Y, M, mOff, no_of_bytes);
     }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java
@@ -338,9 +338,9 @@ public ISAPAEAD_K()
         public void init()
         {
             k16 = new short[k.length >> 1];
-            byteToShort(k, k16, k16.length);
+            Pack.littleEndianToShort(k, 0, k16, 0, k16.length);
             iv16 = new short[npub.length >> 1];
-            byteToShort(npub, iv16, iv16.length);
+            Pack.littleEndianToShort(npub, 0, iv16, 0, iv16.length);
             //reset();
         }
 
@@ -428,11 +428,11 @@ public void processMACFinal(byte[] input, int inOff, int len, byte[] tag)
             SX[len >> 1] ^= 0x80 << ((len & 1) << 3);
             PermuteRoundsHX(SX, E, C);
             // Derive K*
-            shortToByte(SX, tag);
+            Pack.shortToLittleEndian(SX, 0, 8, tag, 0);
             isap_rk(ISAP_IV2_16, tag, KEY_SIZE, SX, KEY_SIZE, C);
             // Squeeze tag
             PermuteRoundsHX(SX, E, C);
-            shortToByte(SX, tag);
+            Pack.shortToLittleEndian(SX, 0, 8, tag, 0);
         }
 
         public void processEncBlock(byte[] input, int inOff, byte[] output, int outOff)
@@ -462,22 +462,6 @@ private void byteToShortXor(byte[] input, int inOff, short[] output, int outLen)
             }
         }
 
-        private void byteToShort(byte[] input, short[] output, int outLen)
-        {
-            for (int i = 0; i < outLen; ++i)
-            {
-                output[i] = Pack.littleEndianToShort(input, (i << 1));
-            }
-        }
-
-        private void shortToByte(short[] input, byte[] output)
-        {
-            for (int i = 0; i < 8; ++i)
-            {
-                Pack.shortToLittleEndian(input[i], output, (i << 1));
-            }
-        }
-
         protected void rounds12X(short[] SX, short[] E, short[] C)
         {
             prepareThetaX(SX, C);
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RomulusEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RomulusEngine.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.crypto.engines;
 
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Bytes;
 
 /**
  * Romulus v1.3, based on the current round 3 submission, https://romulusae.github.io/romulus/
@@ -274,10 +275,7 @@ public void processBufferAAD(byte[] input, int inOff)
         {
             if (twist)
             {
-                for (int i = 0; i < 16; i++)
-                {
-                    mac_s[i] = (byte)(mac_s[i] ^ input[inOff + i]);
-                }
+                Bytes.xorTo(MAC_SIZE, input, inOff, mac_s);
             }
             else
             {
@@ -301,10 +299,7 @@ else if (m_aadPos != 0)
                 m_aad[BlockSize - 1] = (byte)(m_aadPos & 0x0f);
                 if (twist)
                 {
-                    for (int i = 0; i < BlockSize; i++)
-                    {
-                        mac_s[i] = (byte)(mac_s[i] ^ m_aad[i]);
-                    }
+                    Bytes.xorTo(BlockSize, m_aad, mac_s);
                 }
                 else
                 {
@@ -374,10 +369,7 @@ public void processBufferAAD(byte[] input, int inOff)
         {
             if (twist)
             {
-                for (int i = 0; i < AD_BLK_LEN_HALF; i++)
-                {
-                    s[i] = (byte)(s[i] ^ input[inOff + i]);
-                }
+                Bytes.xorTo(AD_BLK_LEN_HALF, input, inOff, s);
             }
             else
             {
@@ -397,10 +389,7 @@ public void processFinalAAD()
                 pad(m_aad, 0, mp, AD_BLK_LEN_HALF, len8);
                 if (twist)
                 {
-                    for (int i = 0; i < AD_BLK_LEN_HALF; i++)
-                    {
-                        s[i] = (byte)(s[i] ^ mp[i]);
-                    }
+                    Bytes.xorTo(AD_BLK_LEN_HALF, mp, s);
                 }
                 else
                 {
@@ -483,10 +472,7 @@ public void processFinalBlock(byte[] output, int outOff)
                 int len8 = Math.min(m_bufPos, 16);
                 System.arraycopy(npub, 0, S, 0, 16);
                 block_cipher(S, Z, T, 0, CNT, (byte)64);
-                for (int i = 0; i < len8; i++)
-                {
-                    output[i + outOff] = (byte)((m_buf[i]) ^ S[i]);
-                }
+                Bytes.xor(len8, m_buf, S, output, outOff);
                 System.arraycopy(npub, 0, S, 0, 16);
 
                 lfsr_gf56(CNT);
@@ -587,10 +573,7 @@ public void processBufferEncrypt(byte[] input, int inOff, byte[] output, int out
         {
             System.arraycopy(npub, 0, S, 0, 16);
             block_cipher(S, Z, T, 0, CNT, (byte)64);
-            for (int i = 0; i < AD_BLK_LEN_HALF; i++)
-            {
-                output[i + outOff] = (byte)((input[i + inOff]) ^ S[i]);
-            }
+            Bytes.xor(AD_BLK_LEN_HALF, S, input, inOff, output, outOff);
             System.arraycopy(npub, 0, S, 0, 16);
             block_cipher(S, Z, T, 0, CNT, (byte)65);
             System.arraycopy(S, 0, Z, 0, 16);
@@ -615,10 +598,7 @@ public void processBufferDecrypt(byte[] input, int inOff, byte[] output, int out
         {
             System.arraycopy(npub, 0, S, 0, 16);
             block_cipher(S, Z, T, 0, CNT, (byte)64);
-            for (int i = 0; i < AD_BLK_LEN_HALF; i++)
-            {
-                output[i + outOff] = (byte)((input[i + inOff]) ^ S[i]);
-            }
+            Bytes.xor(AD_BLK_LEN_HALF, S, input, inOff, output, outOff);
             System.arraycopy(npub, 0, S, 0, 16);
             block_cipher(S, Z, T, 0, CNT, (byte)65);
             System.arraycopy(S, 0, Z, 0, 16);
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.crypto.engines;
 
 import org.bouncycastle.crypto.digests.SparkleDigest;
+import org.bouncycastle.util.Bytes;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java
@@ -1,6 +1,7 @@
 package org.bouncycastle.crypto.engines;
 
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Bytes;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
 
@@ -95,10 +96,8 @@ private void encrypt(byte[] input, int inOff, int len, byte[] output, int outOff
             System.arraycopy(input, inOff, P, 0, splitLen);
             Up(null, 0, Cu); /* Up without extract */
             /* Extract from Up and Add */
-            for (int i = 0; i < splitLen; i++)
-            {
-                output[outOff + i] = (byte)(input[inOff++] ^ state[i]);
-            }
+            Bytes.xor(splitLen, state, input, inOff, output, outOff);
+            inOff += splitLen;
             Down(P, 0, splitLen, 0x00);
             Cu = 0x00;
             outOff += splitLen;
@@ -116,10 +115,8 @@ private void decrypt(byte[] input, int inOff, int len, byte[] output, int outOff
             splitLen = Math.min(len, BlockSize); /* use Rkout instead of Rsqueeze, this function is only called in keyed mode */
             Up(null, 0, Cu); /* Up without extract */
             /* Extract from Up and Add */
-            for (int i = 0; i < splitLen; i++)
-            {
-                output[outOff + i] = (byte)(input[inOff++] ^ state[i]);
-            }
+            Bytes.xor(splitLen, state, input, inOff, output, outOff);
+            inOff += splitLen;
             Down(output, outOff, splitLen, 0x00);
             Cu = 0x00;
             outOff += splitLen;
diff --git a/core/src/main/java/org/bouncycastle/util/Bytes.java b/core/src/main/java/org/bouncycastle/util/Bytes.java
@@ -24,6 +24,22 @@ public static void xor(int len, byte[] x, int xOff, byte[] y, int yOff, byte[] z
         }
     }
 
+    public static void xor(int len, byte[] x, byte[] y, byte[] z, int zOff)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            z[zOff++] = (byte)(x[i] ^ y[i]);
+        }
+    }
+
+    public static void xor(int len, byte[] x, byte[] y, int yOff, byte[] z, int zOff)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            z[zOff++] = (byte)(x[i] ^ y[yOff++]);
+        }
+    }
+
     public static void xorTo(int len, byte[] x, byte[] z)
     {
         for (int i = 0; i < len; ++i)
diff --git a/core/src/main/java/org/bouncycastle/util/Pack.java b/core/src/main/java/org/bouncycastle/util/Pack.java
@@ -175,6 +175,15 @@ public static short littleEndianToShort(byte[] bs, int off)
         return (short)n;
     }
 
+    public static void littleEndianToShort(byte[] bs, int bOff, short[] ns, int nOff, int count)
+    {
+        for (int i = 0; i < count; ++i)
+        {
+            ns[nOff + i] = littleEndianToShort(bs, bOff);
+            bOff += 2;
+        }
+    }
+
     public static int littleEndianToInt(byte[] bs, int off)
     {
         int n = bs[off] & 0xff;
@@ -245,6 +254,14 @@ public static void shortToLittleEndian(short n, byte[] bs, int off)
         bs[++off] = (byte)(n >>> 8);
     }
 
+    public static void shortToLittleEndian(short[] ns, int nsOff, int nsLen, byte[] bs, int bsOff)
+    {
+        for (int i = 0; i < nsLen; ++i)
+        {
+            shortToLittleEndian(ns[nsOff + i], bs, bsOff);
+            bsOff += 2;
+        }
+    }
 
     public static byte[] shortToBigEndian(short n)
     {

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`package org.bouncycastle.crypto.engines;`
`2`	`2`
	`3`	`+import org.bouncycastle.util.Bytes;`
	`4`	`+`
`3`	`5`	`/**`
`4`	`6`	`* GIFT-COFB v1.1, based on the current round 3 submission, https://www.isical.ac.in/~lightweight/COFB/`
`5`	`7`	`* Reference C implementation: https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-submissions/elephant.zip`
`@@ -114,20 +116,9 @@ private void giftb128(byte[] P, byte[] K, byte[] C)`
`114`	`116`	`C[15] = (byte)(S[3]);`
`115`	`117`	`}`
`116`	`118`
`117`		`- private void xor_block(byte[] d, int dOff, byte[] s1, byte[] s2, int s2Off, int no_of_bytes)`
`118`		`- {`
`119`		`- for (int i = 0; i < no_of_bytes; i++)`
`120`		`- {`
`121`		`- d[i + dOff] = (byte)(s1[i] ^ s2[i + s2Off]);`
`122`		`- }`
`123`		`- }`
`124`		`-`
`125`	`119`	`private void xor_topbar_block(byte[] d, byte[] s1, byte[] s2)`
`126`	`120`	`{`
`127`		`- for (int i = 0; i < 8; i++)`
`128`		`- {`
`129`		`- d[i] = (byte)(s1[i] ^ s2[i]);`
`130`		`- }`
	`121`	`+ Bytes.xor(8, s1, s2, d);`
`131`	`122`	`System.arraycopy(s1, 8, d, 8, 8);`
`132`	`123`	`}`
`133`	`124`
`@@ -148,10 +139,7 @@ private void triple_half_block(byte[] d, byte[] s)`
`148`	`139`	`{`
`149`	`140`	`byte[] tmp = new byte[8];`
`150`	`141`	`double_half_block(tmp, s);`
`151`		`- for (int i = 0; i < 8; i++)`
`152`		`- {`
`153`		`- d[i] = (byte)(s[i] ^ tmp[i]);`
`154`		`- }`
	`142`	`+ Bytes.xor(8, s, tmp, d);`
`155`	`143`	`}`
`156`	`144`
`157`	`145`	`private void pho1(byte[] d, byte[] Y, byte[] M, int mOff, int no_of_bytes)`
`@@ -182,18 +170,19 @@ else if (no_of_bytes < 16)`
`182`	`170`	`}`
`183`	`171`	`tmp[15] = (byte)((Y[7] & 0xFF) << 1 \| (Y[0] & 0xFF) >>> 7);`
`184`	`172`	`System.arraycopy(tmp, 0, Y, 0, 16);`
`185`		`- xor_block(d, 0, Y, tmpM, 0, 16);`
	`173`	`+ Bytes.xor(16, Y, tmpM, d);`
`186`	`174`	`}`
`187`	`175`
`188`	`176`	`private void pho(byte[] Y, byte[] M, int mOff, byte[] X, byte[] C, int cOff, int no_of_bytes)`
`189`	`177`	`{`
`190`		`- xor_block(C, cOff, Y, M, mOff, no_of_bytes);`
	`178`	`+ Bytes.xor(no_of_bytes, Y, M, mOff, C, cOff);`
`191`	`179`	`pho1(X, Y, M, mOff, no_of_bytes);`
`192`	`180`	`}`
`193`	`181`
`194`	`182`	`private void phoprime(byte[] Y, byte[] C, int cOff, byte[] X, byte[] M, int mOff, int no_of_bytes)`
`195`	`183`	`{`
`196`		`- xor_block(M, mOff, Y, C, cOff, no_of_bytes);`
	`184`	`+ Bytes.xor(no_of_bytes, Y, C, cOff, M, mOff);`
	`185`	`+ //xor_block(M, mOff, Y, C, cOff, no_of_bytes);`
`197`	`186`	`pho1(X, Y, M, mOff, no_of_bytes);`
`198`	`187`	`}`
`199`	`188`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`package org.bouncycastle.crypto.engines;`
`2`	`2`
`3`	`3`	`import org.bouncycastle.util.Arrays;`
	`4`	`+import org.bouncycastle.util.Bytes;`
`4`	`5`
`5`	`6`	`/**`
`6`	`7`	`* Romulus v1.3, based on the current round 3 submission, https://romulusae.github.io/romulus/`
`@@ -274,10 +275,7 @@ public void processBufferAAD(byte[] input, int inOff)`
`274`	`275`	`{`
`275`	`276`	`if (twist)`
`276`	`277`	`{`
`277`		`- for (int i = 0; i < 16; i++)`
`278`		`- {`
`279`		`- mac_s[i] = (byte)(mac_s[i] ^ input[inOff + i]);`
`280`		`- }`
	`278`	`+ Bytes.xorTo(MAC_SIZE, input, inOff, mac_s);`
`281`	`279`	`}`
`282`	`280`	`else`
`283`	`281`	`{`
`@@ -301,10 +299,7 @@ else if (m_aadPos != 0)`
`301`	`299`	`m_aad[BlockSize - 1] = (byte)(m_aadPos & 0x0f);`
`302`	`300`	`if (twist)`
`303`	`301`	`{`
`304`		`- for (int i = 0; i < BlockSize; i++)`
`305`		`- {`
`306`		`- mac_s[i] = (byte)(mac_s[i] ^ m_aad[i]);`
`307`		`- }`
	`302`	`+ Bytes.xorTo(BlockSize, m_aad, mac_s);`
`308`	`303`	`}`
`309`	`304`	`else`
`310`	`305`	`{`
`@@ -374,10 +369,7 @@ public void processBufferAAD(byte[] input, int inOff)`
`374`	`369`	`{`
`375`	`370`	`if (twist)`
`376`	`371`	`{`
`377`		`- for (int i = 0; i < AD_BLK_LEN_HALF; i++)`
`378`		`- {`
`379`		`- s[i] = (byte)(s[i] ^ input[inOff + i]);`
`380`		`- }`
	`372`	`+ Bytes.xorTo(AD_BLK_LEN_HALF, input, inOff, s);`
`381`	`373`	`}`
`382`	`374`	`else`
`383`	`375`	`{`
`@@ -397,10 +389,7 @@ public void processFinalAAD()`
`397`	`389`	`pad(m_aad, 0, mp, AD_BLK_LEN_HALF, len8);`
`398`	`390`	`if (twist)`
`399`	`391`	`{`
`400`		`- for (int i = 0; i < AD_BLK_LEN_HALF; i++)`
`401`		`- {`
`402`		`- s[i] = (byte)(s[i] ^ mp[i]);`
`403`		`- }`
	`392`	`+ Bytes.xorTo(AD_BLK_LEN_HALF, mp, s);`
`404`	`393`	`}`
`405`	`394`	`else`
`406`	`395`	`{`
`@@ -483,10 +472,7 @@ public void processFinalBlock(byte[] output, int outOff)`
`483`	`472`	`int len8 = Math.min(m_bufPos, 16);`
`484`	`473`	`System.arraycopy(npub, 0, S, 0, 16);`
`485`	`474`	`block_cipher(S, Z, T, 0, CNT, (byte)64);`
`486`		`- for (int i = 0; i < len8; i++)`
`487`		`- {`
`488`		`- output[i + outOff] = (byte)((m_buf[i]) ^ S[i]);`
`489`		`- }`
	`475`	`+ Bytes.xor(len8, m_buf, S, output, outOff);`
`490`	`476`	`System.arraycopy(npub, 0, S, 0, 16);`
`491`	`477`
`492`	`478`	`lfsr_gf56(CNT);`
`@@ -587,10 +573,7 @@ public void processBufferEncrypt(byte[] input, int inOff, byte[] output, int out`
`587`	`573`	`{`
`588`	`574`	`System.arraycopy(npub, 0, S, 0, 16);`
`589`	`575`	`block_cipher(S, Z, T, 0, CNT, (byte)64);`
`590`		`- for (int i = 0; i < AD_BLK_LEN_HALF; i++)`
`591`		`- {`
`592`		`- output[i + outOff] = (byte)((input[i + inOff]) ^ S[i]);`
`593`		`- }`
	`576`	`+ Bytes.xor(AD_BLK_LEN_HALF, S, input, inOff, output, outOff);`
`594`	`577`	`System.arraycopy(npub, 0, S, 0, 16);`
`595`	`578`	`block_cipher(S, Z, T, 0, CNT, (byte)65);`
`596`	`579`	`System.arraycopy(S, 0, Z, 0, 16);`
`@@ -615,10 +598,7 @@ public void processBufferDecrypt(byte[] input, int inOff, byte[] output, int out`
`615`	`598`	`{`
`616`	`599`	`System.arraycopy(npub, 0, S, 0, 16);`
`617`	`600`	`block_cipher(S, Z, T, 0, CNT, (byte)64);`
`618`		`- for (int i = 0; i < AD_BLK_LEN_HALF; i++)`
`619`		`- {`
`620`		`- output[i + outOff] = (byte)((input[i + inOff]) ^ S[i]);`
`621`		`- }`
	`601`	`+ Bytes.xor(AD_BLK_LEN_HALF, S, input, inOff, output, outOff);`
`622`	`602`	`System.arraycopy(npub, 0, S, 0, 16);`
`623`	`603`	`block_cipher(S, Z, T, 0, CNT, (byte)65);`
`624`	`604`	`System.arraycopy(S, 0, Z, 0, 16);`