xref: /freebsd/sys/contrib/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20_ref2.c (revision 3611ec604864a7d4dcc9a3ea898c80eb35eef8a0) 
1 /*
2 version 20080912
3 D. J. Bernstein
4 Public domain.
5 */
6 
7 #include <stdint.h>
8 #include <stdlib.h>
9 
10 #include "crypto_core_hsalsa20.h"
11 #include "private/common.h"
12 
13 #define ROUNDS 20
14 #define U32C(v) (v##U)
15 
16 int
crypto_core_hsalsa20(unsigned char * out,const unsigned char * in,const unsigned char * k,const unsigned char * c)17 crypto_core_hsalsa20(unsigned char *out,
18                      const unsigned char *in,
19                      const unsigned char *k,
20                      const unsigned char *c)
21 {
22     uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8,
23              x9, x10, x11, x12, x13, x14,  x15;
24     int      i;
25 
26     if (c == NULL) {
27         x0 = U32C(0x61707865);
28         x5 = U32C(0x3320646e);
29         x10 = U32C(0x79622d32);
30         x15 = U32C(0x6b206574);
31     } else {
32         x0 = LOAD32_LE(c + 0);
33         x5 = LOAD32_LE(c + 4);
34         x10 = LOAD32_LE(c + 8);
35         x15 = LOAD32_LE(c + 12);
36     }
37     x1 = LOAD32_LE(k + 0);
38     x2 = LOAD32_LE(k + 4);
39     x3 = LOAD32_LE(k + 8);
40     x4 = LOAD32_LE(k + 12);
41     x11 = LOAD32_LE(k + 16);
42     x12 = LOAD32_LE(k + 20);
43     x13 = LOAD32_LE(k + 24);
44     x14 = LOAD32_LE(k + 28);
45     x6 = LOAD32_LE(in + 0);
46     x7 = LOAD32_LE(in + 4);
47     x8 = LOAD32_LE(in + 8);
48     x9 = LOAD32_LE(in + 12);
49 
50     for (i = ROUNDS; i > 0; i -= 2) {
51         x4 ^= ROTL32(x0 + x12, 7);
52         x8 ^= ROTL32(x4 + x0, 9);
53         x12 ^= ROTL32(x8 + x4, 13);
54         x0 ^= ROTL32(x12 + x8, 18);
55         x9 ^= ROTL32(x5 + x1, 7);
56         x13 ^= ROTL32(x9 + x5, 9);
57         x1 ^= ROTL32(x13 + x9, 13);
58         x5 ^= ROTL32(x1 + x13, 18);
59         x14 ^= ROTL32(x10 + x6, 7);
60         x2 ^= ROTL32(x14 + x10, 9);
61         x6 ^= ROTL32(x2 + x14, 13);
62         x10 ^= ROTL32(x6 + x2, 18);
63         x3 ^= ROTL32(x15 + x11, 7);
64         x7 ^= ROTL32(x3 + x15, 9);
65         x11 ^= ROTL32(x7 + x3, 13);
66         x15 ^= ROTL32(x11 + x7, 18);
67         x1 ^= ROTL32(x0 + x3, 7);
68         x2 ^= ROTL32(x1 + x0, 9);
69         x3 ^= ROTL32(x2 + x1, 13);
70         x0 ^= ROTL32(x3 + x2, 18);
71         x6 ^= ROTL32(x5 + x4, 7);
72         x7 ^= ROTL32(x6 + x5, 9);
73         x4 ^= ROTL32(x7 + x6, 13);
74         x5 ^= ROTL32(x4 + x7, 18);
75         x11 ^= ROTL32(x10 + x9, 7);
76         x8 ^= ROTL32(x11 + x10, 9);
77         x9 ^= ROTL32(x8 + x11, 13);
78         x10 ^= ROTL32(x9 + x8, 18);
79         x12 ^= ROTL32(x15 + x14, 7);
80         x13 ^= ROTL32(x12 + x15, 9);
81         x14 ^= ROTL32(x13 + x12, 13);
82         x15 ^= ROTL32(x14 + x13, 18);
83     }
84 
85     STORE32_LE(out + 0, x0);
86     STORE32_LE(out + 4, x5);
87     STORE32_LE(out + 8, x10);
88     STORE32_LE(out + 12, x15);
89     STORE32_LE(out + 16, x6);
90     STORE32_LE(out + 20, x7);
91     STORE32_LE(out + 24, x8);
92     STORE32_LE(out + 28, x9);
93 
94     return 0;
95 }
96