chacha.c (554491ffbdcfe51993d5b436a9bbca7aba388dd3) chacha.c (c1e80940f3b4030df0aaed73028053af057e476d)
1/*
2chacha-merged.c version 20080118
3D. J. Bernstein
4Public domain.
5*/
6
7/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
8
9#include <sys/cdefs.h>
10__FBSDID("$FreeBSD$");
11
12#include <sys/param.h>
13#include <sys/types.h>
14
15#include <crypto/chacha20/chacha.h>
16
1/*
2chacha-merged.c version 20080118
3D. J. Bernstein
4Public domain.
5*/
6
7/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
8
9#include <sys/cdefs.h>
10__FBSDID("$FreeBSD$");
11
12#include <sys/param.h>
13#include <sys/types.h>
14
15#include <crypto/chacha20/chacha.h>
16
17
18typedef uint8_t u8;
19typedef uint32_t u32;
20
21typedef struct chacha_ctx chacha_ctx;
22
23#define U8C(v) (v##U)
24#define U32C(v) (v##U)
25

--- 26 unchanged lines hidden (view full) ---

52 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
53 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
54 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
55 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
56
57static const char sigma[16] = "expand 32-byte k";
58static const char tau[16] = "expand 16-byte k";
59
17typedef uint8_t u8;
18typedef uint32_t u32;
19
20typedef struct chacha_ctx chacha_ctx;
21
22#define U8C(v) (v##U)
23#define U32C(v) (v##U)
24

--- 26 unchanged lines hidden (view full) ---

51 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
52 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
53 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
54 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
55
56static const char sigma[16] = "expand 32-byte k";
57static const char tau[16] = "expand 16-byte k";
58
60void
59LOCAL void
61chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
62{
63 const char *constants;
64
65 x->input[4] = U8TO32_LITTLE(k + 0);
66 x->input[5] = U8TO32_LITTLE(k + 4);
67 x->input[6] = U8TO32_LITTLE(k + 8);
68 x->input[7] = U8TO32_LITTLE(k + 12);

--- 8 unchanged lines hidden (view full) ---

77 x->input[10] = U8TO32_LITTLE(k + 8);
78 x->input[11] = U8TO32_LITTLE(k + 12);
79 x->input[0] = U8TO32_LITTLE(constants + 0);
80 x->input[1] = U8TO32_LITTLE(constants + 4);
81 x->input[2] = U8TO32_LITTLE(constants + 8);
82 x->input[3] = U8TO32_LITTLE(constants + 12);
83}
84
60chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
61{
62 const char *constants;
63
64 x->input[4] = U8TO32_LITTLE(k + 0);
65 x->input[5] = U8TO32_LITTLE(k + 4);
66 x->input[6] = U8TO32_LITTLE(k + 8);
67 x->input[7] = U8TO32_LITTLE(k + 12);

--- 8 unchanged lines hidden (view full) ---

76 x->input[10] = U8TO32_LITTLE(k + 8);
77 x->input[11] = U8TO32_LITTLE(k + 12);
78 x->input[0] = U8TO32_LITTLE(constants + 0);
79 x->input[1] = U8TO32_LITTLE(constants + 4);
80 x->input[2] = U8TO32_LITTLE(constants + 8);
81 x->input[3] = U8TO32_LITTLE(constants + 12);
82}
83
85void
84LOCAL void
86chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
87{
88 x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
89 x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
90 x->input[14] = U8TO32_LITTLE(iv + 0);
91 x->input[15] = U8TO32_LITTLE(iv + 4);
92}
93
85chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
86{
87 x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
88 x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
89 x->input[14] = U8TO32_LITTLE(iv + 0);
90 x->input[15] = U8TO32_LITTLE(iv + 4);
91}
92
94void
93LOCAL void
95chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
96{
97 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
98 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
99 u8 *ctarget = NULL;
100 u8 tmp[64];
101 u_int i;
102

--- 61 unchanged lines hidden (view full) ---

164 x9 = PLUS(x9,j9);
165 x10 = PLUS(x10,j10);
166 x11 = PLUS(x11,j11);
167 x12 = PLUS(x12,j12);
168 x13 = PLUS(x13,j13);
169 x14 = PLUS(x14,j14);
170 x15 = PLUS(x15,j15);
171
94chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
95{
96 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
97 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
98 u8 *ctarget = NULL;
99 u8 tmp[64];
100 u_int i;
101

--- 61 unchanged lines hidden (view full) ---

163 x9 = PLUS(x9,j9);
164 x10 = PLUS(x10,j10);
165 x11 = PLUS(x11,j11);
166 x12 = PLUS(x12,j12);
167 x13 = PLUS(x13,j13);
168 x14 = PLUS(x14,j14);
169 x15 = PLUS(x15,j15);
170
171#ifndef KEYSTREAM_ONLY
172 x0 = XOR(x0,U8TO32_LITTLE(m + 0));
173 x1 = XOR(x1,U8TO32_LITTLE(m + 4));
174 x2 = XOR(x2,U8TO32_LITTLE(m + 8));
175 x3 = XOR(x3,U8TO32_LITTLE(m + 12));
176 x4 = XOR(x4,U8TO32_LITTLE(m + 16));
177 x5 = XOR(x5,U8TO32_LITTLE(m + 20));
178 x6 = XOR(x6,U8TO32_LITTLE(m + 24));
179 x7 = XOR(x7,U8TO32_LITTLE(m + 28));
180 x8 = XOR(x8,U8TO32_LITTLE(m + 32));
181 x9 = XOR(x9,U8TO32_LITTLE(m + 36));
182 x10 = XOR(x10,U8TO32_LITTLE(m + 40));
183 x11 = XOR(x11,U8TO32_LITTLE(m + 44));
184 x12 = XOR(x12,U8TO32_LITTLE(m + 48));
185 x13 = XOR(x13,U8TO32_LITTLE(m + 52));
186 x14 = XOR(x14,U8TO32_LITTLE(m + 56));
187 x15 = XOR(x15,U8TO32_LITTLE(m + 60));
172 x0 = XOR(x0,U8TO32_LITTLE(m + 0));
173 x1 = XOR(x1,U8TO32_LITTLE(m + 4));
174 x2 = XOR(x2,U8TO32_LITTLE(m + 8));
175 x3 = XOR(x3,U8TO32_LITTLE(m + 12));
176 x4 = XOR(x4,U8TO32_LITTLE(m + 16));
177 x5 = XOR(x5,U8TO32_LITTLE(m + 20));
178 x6 = XOR(x6,U8TO32_LITTLE(m + 24));
179 x7 = XOR(x7,U8TO32_LITTLE(m + 28));
180 x8 = XOR(x8,U8TO32_LITTLE(m + 32));
181 x9 = XOR(x9,U8TO32_LITTLE(m + 36));
182 x10 = XOR(x10,U8TO32_LITTLE(m + 40));
183 x11 = XOR(x11,U8TO32_LITTLE(m + 44));
184 x12 = XOR(x12,U8TO32_LITTLE(m + 48));
185 x13 = XOR(x13,U8TO32_LITTLE(m + 52));
186 x14 = XOR(x14,U8TO32_LITTLE(m + 56));
187 x15 = XOR(x15,U8TO32_LITTLE(m + 60));
188#endif
188
189 j12 = PLUSONE(j12);
190 if (!j12) {
191 j13 = PLUSONE(j13);
192 /* stopping at 2^70 bytes per nonce is user's responsibility */
193 }
194
195 U32TO8_LITTLE(c + 0,x0);

--- 18 unchanged lines hidden (view full) ---

214 for (i = 0;i < bytes;++i) ctarget[i] = c[i];
215 }
216 x->input[12] = j12;
217 x->input[13] = j13;
218 return;
219 }
220 bytes -= 64;
221 c += 64;
189
190 j12 = PLUSONE(j12);
191 if (!j12) {
192 j13 = PLUSONE(j13);
193 /* stopping at 2^70 bytes per nonce is user's responsibility */
194 }
195
196 U32TO8_LITTLE(c + 0,x0);

--- 18 unchanged lines hidden (view full) ---

215 for (i = 0;i < bytes;++i) ctarget[i] = c[i];
216 }
217 x->input[12] = j12;
218 x->input[13] = j13;
219 return;
220 }
221 bytes -= 64;
222 c += 64;
223#ifndef KEYSTREAM_ONLY
222 m += 64;
224 m += 64;
225#endif
223 }
224}
226 }
227}