chacha.c (554491ffbdcfe51993d5b436a9bbca7aba388dd3) | chacha.c (c1e80940f3b4030df0aaed73028053af057e476d) |
---|---|
1/* 2chacha-merged.c version 20080118 3D. J. Bernstein 4Public domain. 5*/ 6 7/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ 8 9#include <sys/cdefs.h> 10__FBSDID("$FreeBSD$"); 11 12#include <sys/param.h> 13#include <sys/types.h> 14 15#include <crypto/chacha20/chacha.h> 16 | 1/* 2chacha-merged.c version 20080118 3D. J. Bernstein 4Public domain. 5*/ 6 7/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */ 8 9#include <sys/cdefs.h> 10__FBSDID("$FreeBSD$"); 11 12#include <sys/param.h> 13#include <sys/types.h> 14 15#include <crypto/chacha20/chacha.h> 16 |
17 | |
18typedef uint8_t u8; 19typedef uint32_t u32; 20 21typedef struct chacha_ctx chacha_ctx; 22 23#define U8C(v) (v##U) 24#define U32C(v) (v##U) 25 --- 26 unchanged lines hidden (view full) --- 52 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ 53 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ 54 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ 55 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); 56 57static const char sigma[16] = "expand 32-byte k"; 58static const char tau[16] = "expand 16-byte k"; 59 | 17typedef uint8_t u8; 18typedef uint32_t u32; 19 20typedef struct chacha_ctx chacha_ctx; 21 22#define U8C(v) (v##U) 23#define U32C(v) (v##U) 24 --- 26 unchanged lines hidden (view full) --- 51 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ 52 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ 53 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ 54 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); 55 56static const char sigma[16] = "expand 32-byte k"; 57static const char tau[16] = "expand 16-byte k"; 58 |
60void | 59LOCAL void |
61chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) 62{ 63 const char *constants; 64 65 x->input[4] = U8TO32_LITTLE(k + 0); 66 x->input[5] = U8TO32_LITTLE(k + 4); 67 x->input[6] = U8TO32_LITTLE(k + 8); 68 x->input[7] = U8TO32_LITTLE(k + 12); --- 8 unchanged lines hidden (view full) --- 77 x->input[10] = U8TO32_LITTLE(k + 8); 78 x->input[11] = U8TO32_LITTLE(k + 12); 79 x->input[0] = U8TO32_LITTLE(constants + 0); 80 x->input[1] = U8TO32_LITTLE(constants + 4); 81 x->input[2] = U8TO32_LITTLE(constants + 8); 82 x->input[3] = U8TO32_LITTLE(constants + 12); 83} 84 | 60chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) 61{ 62 const char *constants; 63 64 x->input[4] = U8TO32_LITTLE(k + 0); 65 x->input[5] = U8TO32_LITTLE(k + 4); 66 x->input[6] = U8TO32_LITTLE(k + 8); 67 x->input[7] = U8TO32_LITTLE(k + 12); --- 8 unchanged lines hidden (view full) --- 76 x->input[10] = U8TO32_LITTLE(k + 8); 77 x->input[11] = U8TO32_LITTLE(k + 12); 78 x->input[0] = U8TO32_LITTLE(constants + 0); 79 x->input[1] = U8TO32_LITTLE(constants + 4); 80 x->input[2] = U8TO32_LITTLE(constants + 8); 81 x->input[3] = U8TO32_LITTLE(constants + 12); 82} 83 |
85void | 84LOCAL void |
86chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) 87{ 88 x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); 89 x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); 90 x->input[14] = U8TO32_LITTLE(iv + 0); 91 x->input[15] = U8TO32_LITTLE(iv + 4); 92} 93 | 85chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) 86{ 87 x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); 88 x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); 89 x->input[14] = U8TO32_LITTLE(iv + 0); 90 x->input[15] = U8TO32_LITTLE(iv + 4); 91} 92 |
94void | 93LOCAL void |
95chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) 96{ 97 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; 98 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; 99 u8 *ctarget = NULL; 100 u8 tmp[64]; 101 u_int i; 102 --- 61 unchanged lines hidden (view full) --- 164 x9 = PLUS(x9,j9); 165 x10 = PLUS(x10,j10); 166 x11 = PLUS(x11,j11); 167 x12 = PLUS(x12,j12); 168 x13 = PLUS(x13,j13); 169 x14 = PLUS(x14,j14); 170 x15 = PLUS(x15,j15); 171 | 94chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) 95{ 96 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; 97 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; 98 u8 *ctarget = NULL; 99 u8 tmp[64]; 100 u_int i; 101 --- 61 unchanged lines hidden (view full) --- 163 x9 = PLUS(x9,j9); 164 x10 = PLUS(x10,j10); 165 x11 = PLUS(x11,j11); 166 x12 = PLUS(x12,j12); 167 x13 = PLUS(x13,j13); 168 x14 = PLUS(x14,j14); 169 x15 = PLUS(x15,j15); 170 |
171#ifndef KEYSTREAM_ONLY |
|
172 x0 = XOR(x0,U8TO32_LITTLE(m + 0)); 173 x1 = XOR(x1,U8TO32_LITTLE(m + 4)); 174 x2 = XOR(x2,U8TO32_LITTLE(m + 8)); 175 x3 = XOR(x3,U8TO32_LITTLE(m + 12)); 176 x4 = XOR(x4,U8TO32_LITTLE(m + 16)); 177 x5 = XOR(x5,U8TO32_LITTLE(m + 20)); 178 x6 = XOR(x6,U8TO32_LITTLE(m + 24)); 179 x7 = XOR(x7,U8TO32_LITTLE(m + 28)); 180 x8 = XOR(x8,U8TO32_LITTLE(m + 32)); 181 x9 = XOR(x9,U8TO32_LITTLE(m + 36)); 182 x10 = XOR(x10,U8TO32_LITTLE(m + 40)); 183 x11 = XOR(x11,U8TO32_LITTLE(m + 44)); 184 x12 = XOR(x12,U8TO32_LITTLE(m + 48)); 185 x13 = XOR(x13,U8TO32_LITTLE(m + 52)); 186 x14 = XOR(x14,U8TO32_LITTLE(m + 56)); 187 x15 = XOR(x15,U8TO32_LITTLE(m + 60)); | 172 x0 = XOR(x0,U8TO32_LITTLE(m + 0)); 173 x1 = XOR(x1,U8TO32_LITTLE(m + 4)); 174 x2 = XOR(x2,U8TO32_LITTLE(m + 8)); 175 x3 = XOR(x3,U8TO32_LITTLE(m + 12)); 176 x4 = XOR(x4,U8TO32_LITTLE(m + 16)); 177 x5 = XOR(x5,U8TO32_LITTLE(m + 20)); 178 x6 = XOR(x6,U8TO32_LITTLE(m + 24)); 179 x7 = XOR(x7,U8TO32_LITTLE(m + 28)); 180 x8 = XOR(x8,U8TO32_LITTLE(m + 32)); 181 x9 = XOR(x9,U8TO32_LITTLE(m + 36)); 182 x10 = XOR(x10,U8TO32_LITTLE(m + 40)); 183 x11 = XOR(x11,U8TO32_LITTLE(m + 44)); 184 x12 = XOR(x12,U8TO32_LITTLE(m + 48)); 185 x13 = XOR(x13,U8TO32_LITTLE(m + 52)); 186 x14 = XOR(x14,U8TO32_LITTLE(m + 56)); 187 x15 = XOR(x15,U8TO32_LITTLE(m + 60)); |
188#endif |
|
188 189 j12 = PLUSONE(j12); 190 if (!j12) { 191 j13 = PLUSONE(j13); 192 /* stopping at 2^70 bytes per nonce is user's responsibility */ 193 } 194 195 U32TO8_LITTLE(c + 0,x0); --- 18 unchanged lines hidden (view full) --- 214 for (i = 0;i < bytes;++i) ctarget[i] = c[i]; 215 } 216 x->input[12] = j12; 217 x->input[13] = j13; 218 return; 219 } 220 bytes -= 64; 221 c += 64; | 189 190 j12 = PLUSONE(j12); 191 if (!j12) { 192 j13 = PLUSONE(j13); 193 /* stopping at 2^70 bytes per nonce is user's responsibility */ 194 } 195 196 U32TO8_LITTLE(c + 0,x0); --- 18 unchanged lines hidden (view full) --- 215 for (i = 0;i < bytes;++i) ctarget[i] = c[i]; 216 } 217 x->input[12] = j12; 218 x->input[13] = j13; 219 return; 220 } 221 bytes -= 64; 222 c += 64; |
223#ifndef KEYSTREAM_ONLY |
|
222 m += 64; | 224 m += 64; |
225#endif |
|
223 } 224} | 226 } 227} |