1
2#include <stdint.h>
3#include <stdlib.h>
4
5#include "crypto_core_salsa20.h"
6#include "crypto_core_salsa2012.h"
7#include "crypto_core_salsa208.h"
8#include "private/common.h"
9
10static void
11crypto_core_salsa(unsigned char *out, const unsigned char *in,
12                  const unsigned char *k, const unsigned char *c,
13                  const int rounds)
14{
15    uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14,
16        x15;
17    uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14,
18        j15;
19    int i;
20
21    j0  = x0  = 0x61707865;
22    j5  = x5  = 0x3320646e;
23    j10 = x10 = 0x79622d32;
24    j15 = x15 = 0x6b206574;
25    if (c != NULL) {
26        j0  = x0  = LOAD32_LE(c + 0);
27        j5  = x5  = LOAD32_LE(c + 4);
28        j10 = x10 = LOAD32_LE(c + 8);
29        j15 = x15 = LOAD32_LE(c + 12);
30    }
31    j1  = x1  = LOAD32_LE(k + 0);
32    j2  = x2  = LOAD32_LE(k + 4);
33    j3  = x3  = LOAD32_LE(k + 8);
34    j4  = x4  = LOAD32_LE(k + 12);
35    j11 = x11 = LOAD32_LE(k + 16);
36    j12 = x12 = LOAD32_LE(k + 20);
37    j13 = x13 = LOAD32_LE(k + 24);
38    j14 = x14 = LOAD32_LE(k + 28);
39
40    j6  = x6  = LOAD32_LE(in + 0);
41    j7  = x7  = LOAD32_LE(in + 4);
42    j8  = x8  = LOAD32_LE(in + 8);
43    j9  = x9  = LOAD32_LE(in + 12);
44
45    for (i = 0; i < rounds; i += 2) {
46        x4  ^= ROTL32(x0  + x12, 7);
47        x8  ^= ROTL32(x4  + x0, 9);
48        x12 ^= ROTL32(x8  + x4, 13);
49        x0  ^= ROTL32(x12 + x8, 18);
50        x9  ^= ROTL32(x5  + x1, 7);
51        x13 ^= ROTL32(x9  + x5, 9);
52        x1  ^= ROTL32(x13 + x9, 13);
53        x5  ^= ROTL32(x1  + x13, 18);
54        x14 ^= ROTL32(x10 + x6, 7);
55        x2  ^= ROTL32(x14 + x10, 9);
56        x6  ^= ROTL32(x2  + x14, 13);
57        x10 ^= ROTL32(x6  + x2, 18);
58        x3  ^= ROTL32(x15 + x11, 7);
59        x7  ^= ROTL32(x3  + x15, 9);
60        x11 ^= ROTL32(x7  + x3, 13);
61        x15 ^= ROTL32(x11 + x7, 18);
62        x1  ^= ROTL32(x0  + x3, 7);
63        x2  ^= ROTL32(x1  + x0, 9);
64        x3  ^= ROTL32(x2  + x1, 13);
65        x0  ^= ROTL32(x3  + x2, 18);
66        x6  ^= ROTL32(x5  + x4, 7);
67        x7  ^= ROTL32(x6  + x5, 9);
68        x4  ^= ROTL32(x7  + x6, 13);
69        x5  ^= ROTL32(x4  + x7, 18);
70        x11 ^= ROTL32(x10 + x9, 7);
71        x8  ^= ROTL32(x11 + x10, 9);
72        x9  ^= ROTL32(x8  + x11, 13);
73        x10 ^= ROTL32(x9  + x8, 18);
74        x12 ^= ROTL32(x15 + x14, 7);
75        x13 ^= ROTL32(x12 + x15, 9);
76        x14 ^= ROTL32(x13 + x12, 13);
77        x15 ^= ROTL32(x14 + x13, 18);
78    }
79    STORE32_LE(out + 0,  x0  + j0);
80    STORE32_LE(out + 4,  x1  + j1);
81    STORE32_LE(out + 8,  x2  + j2);
82    STORE32_LE(out + 12, x3  + j3);
83    STORE32_LE(out + 16, x4  + j4);
84    STORE32_LE(out + 20, x5  + j5);
85    STORE32_LE(out + 24, x6  + j6);
86    STORE32_LE(out + 28, x7  + j7);
87    STORE32_LE(out + 32, x8  + j8);
88    STORE32_LE(out + 36, x9  + j9);
89    STORE32_LE(out + 40, x10 + j10);
90    STORE32_LE(out + 44, x11 + j11);
91    STORE32_LE(out + 48, x12 + j12);
92    STORE32_LE(out + 52, x13 + j13);
93    STORE32_LE(out + 56, x14 + j14);
94    STORE32_LE(out + 60, x15 + j15);
95}
96
97int
98crypto_core_salsa20(unsigned char *out, const unsigned char *in,
99                    const unsigned char *k, const unsigned char *c)
100{
101    crypto_core_salsa(out, in, k, c, 20);
102    return 0;
103}
104
105size_t
106crypto_core_salsa20_outputbytes(void)
107{
108    return crypto_core_salsa20_OUTPUTBYTES;
109}
110
111size_t
112crypto_core_salsa20_inputbytes(void)
113{
114    return crypto_core_salsa20_INPUTBYTES;
115}
116
117size_t
118crypto_core_salsa20_keybytes(void)
119{
120    return crypto_core_salsa20_KEYBYTES;
121}
122
123size_t
124crypto_core_salsa20_constbytes(void)
125{
126    return crypto_core_salsa20_CONSTBYTES;
127}
128
129#ifndef MINIMAL
130
131int
132crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
133                      const unsigned char *k, const unsigned char *c)
134{
135    crypto_core_salsa(out, in, k, c, 12);
136    return 0;
137}
138
139size_t
140crypto_core_salsa2012_outputbytes(void)
141{
142    return crypto_core_salsa2012_OUTPUTBYTES;
143}
144
145size_t
146crypto_core_salsa2012_inputbytes(void)
147{
148    return crypto_core_salsa2012_INPUTBYTES;
149}
150
151size_t
152crypto_core_salsa2012_keybytes(void)
153{
154    return crypto_core_salsa2012_KEYBYTES;
155}
156
157size_t
158crypto_core_salsa2012_constbytes(void)
159{
160    return crypto_core_salsa2012_CONSTBYTES;
161}
162
163int
164crypto_core_salsa208(unsigned char *out, const unsigned char *in,
165                     const unsigned char *k, const unsigned char *c)
166{
167    crypto_core_salsa(out, in, k, c, 8);
168    return 0;
169}
170
171size_t
172crypto_core_salsa208_outputbytes(void)
173{
174    return crypto_core_salsa208_OUTPUTBYTES;
175}
176
177size_t
178crypto_core_salsa208_inputbytes(void)
179{
180    return crypto_core_salsa208_INPUTBYTES;
181}
182
183size_t
184crypto_core_salsa208_keybytes(void)
185{
186    return crypto_core_salsa208_KEYBYTES;
187}
188
189size_t
190crypto_core_salsa208_constbytes(void)
191{
192    return crypto_core_salsa208_CONSTBYTES;
193}
194
195#endif
196