1 2 #include <stdint.h> 3 #include <stdlib.h> 4 5 #include "crypto_core_salsa20.h" 6 #include "crypto_core_salsa2012.h" 7 #include "crypto_core_salsa208.h" 8 #include "private/common.h" 9 10 static void 11 crypto_core_salsa(unsigned char *out, const unsigned char *in, 12 const unsigned char *k, const unsigned char *c, 13 const int rounds) 14 { 15 uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, 16 x15; 17 uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, 18 j15; 19 int i; 20 21 j0 = x0 = 0x61707865; 22 j5 = x5 = 0x3320646e; 23 j10 = x10 = 0x79622d32; 24 j15 = x15 = 0x6b206574; 25 if (c != NULL) { 26 j0 = x0 = LOAD32_LE(c + 0); 27 j5 = x5 = LOAD32_LE(c + 4); 28 j10 = x10 = LOAD32_LE(c + 8); 29 j15 = x15 = LOAD32_LE(c + 12); 30 } 31 j1 = x1 = LOAD32_LE(k + 0); 32 j2 = x2 = LOAD32_LE(k + 4); 33 j3 = x3 = LOAD32_LE(k + 8); 34 j4 = x4 = LOAD32_LE(k + 12); 35 j11 = x11 = LOAD32_LE(k + 16); 36 j12 = x12 = LOAD32_LE(k + 20); 37 j13 = x13 = LOAD32_LE(k + 24); 38 j14 = x14 = LOAD32_LE(k + 28); 39 40 j6 = x6 = LOAD32_LE(in + 0); 41 j7 = x7 = LOAD32_LE(in + 4); 42 j8 = x8 = LOAD32_LE(in + 8); 43 j9 = x9 = LOAD32_LE(in + 12); 44 45 for (i = 0; i < rounds; i += 2) { 46 x4 ^= ROTL32(x0 + x12, 7); 47 x8 ^= ROTL32(x4 + x0, 9); 48 x12 ^= ROTL32(x8 + x4, 13); 49 x0 ^= ROTL32(x12 + x8, 18); 50 x9 ^= ROTL32(x5 + x1, 7); 51 x13 ^= ROTL32(x9 + x5, 9); 52 x1 ^= ROTL32(x13 + x9, 13); 53 x5 ^= ROTL32(x1 + x13, 18); 54 x14 ^= ROTL32(x10 + x6, 7); 55 x2 ^= ROTL32(x14 + x10, 9); 56 x6 ^= ROTL32(x2 + x14, 13); 57 x10 ^= ROTL32(x6 + x2, 18); 58 x3 ^= ROTL32(x15 + x11, 7); 59 x7 ^= ROTL32(x3 + x15, 9); 60 x11 ^= ROTL32(x7 + x3, 13); 61 x15 ^= ROTL32(x11 + x7, 18); 62 x1 ^= ROTL32(x0 + x3, 7); 63 x2 ^= ROTL32(x1 + x0, 9); 64 x3 ^= ROTL32(x2 + x1, 13); 65 x0 ^= ROTL32(x3 + x2, 18); 66 x6 ^= ROTL32(x5 + x4, 7); 67 x7 ^= ROTL32(x6 + x5, 9); 68 x4 ^= ROTL32(x7 + x6, 13); 69 x5 ^= ROTL32(x4 + x7, 18); 70 x11 ^= ROTL32(x10 + x9, 7); 71 x8 ^= ROTL32(x11 + x10, 9); 72 x9 ^= ROTL32(x8 + x11, 13); 73 x10 ^= ROTL32(x9 + x8, 18); 74 x12 ^= ROTL32(x15 + x14, 7); 75 x13 ^= ROTL32(x12 + x15, 9); 76 x14 ^= ROTL32(x13 + x12, 13); 77 x15 ^= ROTL32(x14 + x13, 18); 78 } 79 STORE32_LE(out + 0, x0 + j0); 80 STORE32_LE(out + 4, x1 + j1); 81 STORE32_LE(out + 8, x2 + j2); 82 STORE32_LE(out + 12, x3 + j3); 83 STORE32_LE(out + 16, x4 + j4); 84 STORE32_LE(out + 20, x5 + j5); 85 STORE32_LE(out + 24, x6 + j6); 86 STORE32_LE(out + 28, x7 + j7); 87 STORE32_LE(out + 32, x8 + j8); 88 STORE32_LE(out + 36, x9 + j9); 89 STORE32_LE(out + 40, x10 + j10); 90 STORE32_LE(out + 44, x11 + j11); 91 STORE32_LE(out + 48, x12 + j12); 92 STORE32_LE(out + 52, x13 + j13); 93 STORE32_LE(out + 56, x14 + j14); 94 STORE32_LE(out + 60, x15 + j15); 95 } 96 97 int 98 crypto_core_salsa20(unsigned char *out, const unsigned char *in, 99 const unsigned char *k, const unsigned char *c) 100 { 101 crypto_core_salsa(out, in, k, c, 20); 102 return 0; 103 } 104 105 size_t 106 crypto_core_salsa20_outputbytes(void) 107 { 108 return crypto_core_salsa20_OUTPUTBYTES; 109 } 110 111 size_t 112 crypto_core_salsa20_inputbytes(void) 113 { 114 return crypto_core_salsa20_INPUTBYTES; 115 } 116 117 size_t 118 crypto_core_salsa20_keybytes(void) 119 { 120 return crypto_core_salsa20_KEYBYTES; 121 } 122 123 size_t 124 crypto_core_salsa20_constbytes(void) 125 { 126 return crypto_core_salsa20_CONSTBYTES; 127 } 128 129 #ifndef MINIMAL 130 131 int 132 crypto_core_salsa2012(unsigned char *out, const unsigned char *in, 133 const unsigned char *k, const unsigned char *c) 134 { 135 crypto_core_salsa(out, in, k, c, 12); 136 return 0; 137 } 138 139 size_t 140 crypto_core_salsa2012_outputbytes(void) 141 { 142 return crypto_core_salsa2012_OUTPUTBYTES; 143 } 144 145 size_t 146 crypto_core_salsa2012_inputbytes(void) 147 { 148 return crypto_core_salsa2012_INPUTBYTES; 149 } 150 151 size_t 152 crypto_core_salsa2012_keybytes(void) 153 { 154 return crypto_core_salsa2012_KEYBYTES; 155 } 156 157 size_t 158 crypto_core_salsa2012_constbytes(void) 159 { 160 return crypto_core_salsa2012_CONSTBYTES; 161 } 162 163 int 164 crypto_core_salsa208(unsigned char *out, const unsigned char *in, 165 const unsigned char *k, const unsigned char *c) 166 { 167 crypto_core_salsa(out, in, k, c, 8); 168 return 0; 169 } 170 171 size_t 172 crypto_core_salsa208_outputbytes(void) 173 { 174 return crypto_core_salsa208_OUTPUTBYTES; 175 } 176 177 size_t 178 crypto_core_salsa208_inputbytes(void) 179 { 180 return crypto_core_salsa208_INPUTBYTES; 181 } 182 183 size_t 184 crypto_core_salsa208_keybytes(void) 185 { 186 return crypto_core_salsa208_KEYBYTES; 187 } 188 189 size_t 190 crypto_core_salsa208_constbytes(void) 191 { 192 return crypto_core_salsa208_CONSTBYTES; 193 } 194 195 #endif 196