encrypt data using HC-128 via WolfSSL

# generated using capa explorer for IDA Pro
rule:
  meta:
    name: encrypt data using HC-128 via WolfSSL
    namespace: data-manipulation/encryption/hc-128
    authors:
      - blaine.stancill@mandiant.com
    scopes:
      static: basic block
      dynamic: unsupported  # requires characteristic, mnemonic features
    att&ck:
      - Defense Evasion::Obfuscated Files or Information [T1027]
    mbc:
      - Defense Evasion::Obfuscated Files or Information::Encryption-Standard Algorithm [E1027.m05]
      - Cryptography::Encrypt Data::HC-128 [C0027.006]
    references:
      - https://github.com/wolfSSL/wolfssl/blob/6694775d4b8c22e7411ec69e8a2b516f107b97ef/wolfcrypt/src/hc128.c
    examples:
      - 91B08896FBDA9EDB8B6F93A6BC811EC6:0x180003562
  features:
    - and:
      - characteristic: nzxor
      - number: 0x17 = 23 from line 153, tem0 = rotrFixed((ctx->T[(v)]),23);
      - number: 0xA = 10 from line 154, tem1 = rotrFixed((ctx->X[(c)]),10);
      - number: 0x8 = 8 from line 155, tem2 = rotrFixed((ctx->X[(b)]),8);
      - or:
        - number: 0x3FC = Compiler optimized size used in ANDs for the 1024 sized buffer
        - number: 0x3FF = 0x3FF from line 105, ctx->counter1024 = (ctx->counter1024 + 16) & 0x3ff;
      - or:
        - count(mnemonic(rol)): 48
        - count(mnemonic(ror)): 48