1/*
2version 20080912
3D. J. Bernstein
4Public domain.
5*/
6
7#include <stdint.h>
8#include <stdlib.h>
9
10#include "crypto_core_hsalsa20.h"
11#include "private/common.h"
12
13#define ROUNDS 20
14#define U32C(v) (v##U)
15
16int
17crypto_core_hsalsa20(unsigned char *out,
18                     const unsigned char *in,
19                     const unsigned char *k,
20                     const unsigned char *c)
21{
22    uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8,
23             x9, x10, x11, x12, x13, x14,  x15;
24    int      i;
25
26    if (c == NULL) {
27        x0 = U32C(0x61707865);
28        x5 = U32C(0x3320646e);
29        x10 = U32C(0x79622d32);
30        x15 = U32C(0x6b206574);
31    } else {
32        x0 = LOAD32_LE(c + 0);
33        x5 = LOAD32_LE(c + 4);
34        x10 = LOAD32_LE(c + 8);
35        x15 = LOAD32_LE(c + 12);
36    }
37    x1 = LOAD32_LE(k + 0);
38    x2 = LOAD32_LE(k + 4);
39    x3 = LOAD32_LE(k + 8);
40    x4 = LOAD32_LE(k + 12);
41    x11 = LOAD32_LE(k + 16);
42    x12 = LOAD32_LE(k + 20);
43    x13 = LOAD32_LE(k + 24);
44    x14 = LOAD32_LE(k + 28);
45    x6 = LOAD32_LE(in + 0);
46    x7 = LOAD32_LE(in + 4);
47    x8 = LOAD32_LE(in + 8);
48    x9 = LOAD32_LE(in + 12);
49
50    for (i = ROUNDS; i > 0; i -= 2) {
51        x4 ^= ROTL32(x0 + x12, 7);
52        x8 ^= ROTL32(x4 + x0, 9);
53        x12 ^= ROTL32(x8 + x4, 13);
54        x0 ^= ROTL32(x12 + x8, 18);
55        x9 ^= ROTL32(x5 + x1, 7);
56        x13 ^= ROTL32(x9 + x5, 9);
57        x1 ^= ROTL32(x13 + x9, 13);
58        x5 ^= ROTL32(x1 + x13, 18);
59        x14 ^= ROTL32(x10 + x6, 7);
60        x2 ^= ROTL32(x14 + x10, 9);
61        x6 ^= ROTL32(x2 + x14, 13);
62        x10 ^= ROTL32(x6 + x2, 18);
63        x3 ^= ROTL32(x15 + x11, 7);
64        x7 ^= ROTL32(x3 + x15, 9);
65        x11 ^= ROTL32(x7 + x3, 13);
66        x15 ^= ROTL32(x11 + x7, 18);
67        x1 ^= ROTL32(x0 + x3, 7);
68        x2 ^= ROTL32(x1 + x0, 9);
69        x3 ^= ROTL32(x2 + x1, 13);
70        x0 ^= ROTL32(x3 + x2, 18);
71        x6 ^= ROTL32(x5 + x4, 7);
72        x7 ^= ROTL32(x6 + x5, 9);
73        x4 ^= ROTL32(x7 + x6, 13);
74        x5 ^= ROTL32(x4 + x7, 18);
75        x11 ^= ROTL32(x10 + x9, 7);
76        x8 ^= ROTL32(x11 + x10, 9);
77        x9 ^= ROTL32(x8 + x11, 13);
78        x10 ^= ROTL32(x9 + x8, 18);
79        x12 ^= ROTL32(x15 + x14, 7);
80        x13 ^= ROTL32(x12 + x15, 9);
81        x14 ^= ROTL32(x13 + x12, 13);
82        x15 ^= ROTL32(x14 + x13, 18);
83    }
84
85    STORE32_LE(out + 0, x0);
86    STORE32_LE(out + 4, x5);
87    STORE32_LE(out + 8, x10);
88    STORE32_LE(out + 12, x15);
89    STORE32_LE(out + 16, x6);
90    STORE32_LE(out + 20, x7);
91    STORE32_LE(out + 24, x8);
92    STORE32_LE(out + 28, x9);
93
94    return 0;
95}
96