1 
2 #include <stdint.h>
3 #include <stdlib.h>
4 
5 #include "crypto_core_salsa20.h"
6 #include "crypto_core_salsa2012.h"
7 #include "crypto_core_salsa208.h"
8 #include "private/common.h"
9 
10 static void
11 crypto_core_salsa(unsigned char *out, const unsigned char *in,
12                   const unsigned char *k, const unsigned char *c,
13                   const int rounds)
14 {
15     uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14,
16         x15;
17     uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14,
18         j15;
19     int i;
20 
21     j0  = x0  = 0x61707865;
22     j5  = x5  = 0x3320646e;
23     j10 = x10 = 0x79622d32;
24     j15 = x15 = 0x6b206574;
25     if (c != NULL) {
26         j0  = x0  = LOAD32_LE(c + 0);
27         j5  = x5  = LOAD32_LE(c + 4);
28         j10 = x10 = LOAD32_LE(c + 8);
29         j15 = x15 = LOAD32_LE(c + 12);
30     }
31     j1  = x1  = LOAD32_LE(k + 0);
32     j2  = x2  = LOAD32_LE(k + 4);
33     j3  = x3  = LOAD32_LE(k + 8);
34     j4  = x4  = LOAD32_LE(k + 12);
35     j11 = x11 = LOAD32_LE(k + 16);
36     j12 = x12 = LOAD32_LE(k + 20);
37     j13 = x13 = LOAD32_LE(k + 24);
38     j14 = x14 = LOAD32_LE(k + 28);
39 
40     j6  = x6  = LOAD32_LE(in + 0);
41     j7  = x7  = LOAD32_LE(in + 4);
42     j8  = x8  = LOAD32_LE(in + 8);
43     j9  = x9  = LOAD32_LE(in + 12);
44 
45     for (i = 0; i < rounds; i += 2) {
46         x4  ^= ROTL32(x0  + x12, 7);
47         x8  ^= ROTL32(x4  + x0, 9);
48         x12 ^= ROTL32(x8  + x4, 13);
49         x0  ^= ROTL32(x12 + x8, 18);
50         x9  ^= ROTL32(x5  + x1, 7);
51         x13 ^= ROTL32(x9  + x5, 9);
52         x1  ^= ROTL32(x13 + x9, 13);
53         x5  ^= ROTL32(x1  + x13, 18);
54         x14 ^= ROTL32(x10 + x6, 7);
55         x2  ^= ROTL32(x14 + x10, 9);
56         x6  ^= ROTL32(x2  + x14, 13);
57         x10 ^= ROTL32(x6  + x2, 18);
58         x3  ^= ROTL32(x15 + x11, 7);
59         x7  ^= ROTL32(x3  + x15, 9);
60         x11 ^= ROTL32(x7  + x3, 13);
61         x15 ^= ROTL32(x11 + x7, 18);
62         x1  ^= ROTL32(x0  + x3, 7);
63         x2  ^= ROTL32(x1  + x0, 9);
64         x3  ^= ROTL32(x2  + x1, 13);
65         x0  ^= ROTL32(x3  + x2, 18);
66         x6  ^= ROTL32(x5  + x4, 7);
67         x7  ^= ROTL32(x6  + x5, 9);
68         x4  ^= ROTL32(x7  + x6, 13);
69         x5  ^= ROTL32(x4  + x7, 18);
70         x11 ^= ROTL32(x10 + x9, 7);
71         x8  ^= ROTL32(x11 + x10, 9);
72         x9  ^= ROTL32(x8  + x11, 13);
73         x10 ^= ROTL32(x9  + x8, 18);
74         x12 ^= ROTL32(x15 + x14, 7);
75         x13 ^= ROTL32(x12 + x15, 9);
76         x14 ^= ROTL32(x13 + x12, 13);
77         x15 ^= ROTL32(x14 + x13, 18);
78     }
79     STORE32_LE(out + 0,  x0  + j0);
80     STORE32_LE(out + 4,  x1  + j1);
81     STORE32_LE(out + 8,  x2  + j2);
82     STORE32_LE(out + 12, x3  + j3);
83     STORE32_LE(out + 16, x4  + j4);
84     STORE32_LE(out + 20, x5  + j5);
85     STORE32_LE(out + 24, x6  + j6);
86     STORE32_LE(out + 28, x7  + j7);
87     STORE32_LE(out + 32, x8  + j8);
88     STORE32_LE(out + 36, x9  + j9);
89     STORE32_LE(out + 40, x10 + j10);
90     STORE32_LE(out + 44, x11 + j11);
91     STORE32_LE(out + 48, x12 + j12);
92     STORE32_LE(out + 52, x13 + j13);
93     STORE32_LE(out + 56, x14 + j14);
94     STORE32_LE(out + 60, x15 + j15);
95 }
96 
97 int
98 crypto_core_salsa20(unsigned char *out, const unsigned char *in,
99                     const unsigned char *k, const unsigned char *c)
100 {
101     crypto_core_salsa(out, in, k, c, 20);
102     return 0;
103 }
104 
105 size_t
106 crypto_core_salsa20_outputbytes(void)
107 {
108     return crypto_core_salsa20_OUTPUTBYTES;
109 }
110 
111 size_t
112 crypto_core_salsa20_inputbytes(void)
113 {
114     return crypto_core_salsa20_INPUTBYTES;
115 }
116 
117 size_t
118 crypto_core_salsa20_keybytes(void)
119 {
120     return crypto_core_salsa20_KEYBYTES;
121 }
122 
123 size_t
124 crypto_core_salsa20_constbytes(void)
125 {
126     return crypto_core_salsa20_CONSTBYTES;
127 }
128 
129 #ifndef MINIMAL
130 
131 int
132 crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
133                       const unsigned char *k, const unsigned char *c)
134 {
135     crypto_core_salsa(out, in, k, c, 12);
136     return 0;
137 }
138 
139 size_t
140 crypto_core_salsa2012_outputbytes(void)
141 {
142     return crypto_core_salsa2012_OUTPUTBYTES;
143 }
144 
145 size_t
146 crypto_core_salsa2012_inputbytes(void)
147 {
148     return crypto_core_salsa2012_INPUTBYTES;
149 }
150 
151 size_t
152 crypto_core_salsa2012_keybytes(void)
153 {
154     return crypto_core_salsa2012_KEYBYTES;
155 }
156 
157 size_t
158 crypto_core_salsa2012_constbytes(void)
159 {
160     return crypto_core_salsa2012_CONSTBYTES;
161 }
162 
163 int
164 crypto_core_salsa208(unsigned char *out, const unsigned char *in,
165                      const unsigned char *k, const unsigned char *c)
166 {
167     crypto_core_salsa(out, in, k, c, 8);
168     return 0;
169 }
170 
171 size_t
172 crypto_core_salsa208_outputbytes(void)
173 {
174     return crypto_core_salsa208_OUTPUTBYTES;
175 }
176 
177 size_t
178 crypto_core_salsa208_inputbytes(void)
179 {
180     return crypto_core_salsa208_INPUTBYTES;
181 }
182 
183 size_t
184 crypto_core_salsa208_keybytes(void)
185 {
186     return crypto_core_salsa208_KEYBYTES;
187 }
188 
189 size_t
190 crypto_core_salsa208_constbytes(void)
191 {
192     return crypto_core_salsa208_CONSTBYTES;
193 }
194 
195 #endif
196