mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21061 Commits
28 Branches
Tree: 6b2b416718
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6b2b416718'
${ noResults }
rspamd/src/libcryptobox/chacha20/ref.c

ref.c 6.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272 
  1. #include "config.h"

  2. #include "chacha.h"

  3. #include "cryptobox.h"

  4. 

  5. #if defined(HAVE_INT32)

  6. typedef uint32_t chacha_int32;

  7. #else

  8. typedef uint32_t chacha_int32;

  9. #endif

  10. 

  11. /* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */

  12. static chacha_int32

  13. U8TO32(const unsigned char *p)

  14. {

  15. 	return (((chacha_int32) (p[0])) |

  16. 			((chacha_int32) (p[1]) << 8) |

  17. 			((chacha_int32) (p[2]) << 16) |

  18. 			((chacha_int32) (p[3]) << 24));

  19. }

  20. 

  21. /* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */

  22. static void

  23. U32TO8(unsigned char *p, chacha_int32 v)

  24. {

  25. 	p[0] = (v) &0xff;

  26. 	p[1] = (v >> 8) & 0xff;

  27. 	p[2] = (v >> 16) & 0xff;

  28. 	p[3] = (v >> 24) & 0xff;

  29. }

  30. 

  31. /* 32 bit left rotate */

  32. static chacha_int32

  33. ROTL32(chacha_int32 x, int k)

  34. {

  35. 	return ((x << k) | (x >> (32 - k))) & 0xffffffff;

  36. }

  37. 

  38. /* "expand 32-byte k", as 4 little endian 32-bit unsigned integers */

  39. static const chacha_int32 chacha_constants[4] = {

  40. 	0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};

  41. 

  42. void chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigned char *out, size_t bytes)

  43. {

  44. 	chacha_int32 x[16], j[12];

  45. 	chacha_int32 t;

  46. 	unsigned char *ctarget = out, tmp[64];

  47. 	size_t i, r;

  48. 

  49. 	if (!bytes) return;

  50. 

  51. 	j[0] = U8TO32(state->s + 0);

  52. 	j[1] = U8TO32(state->s + 4);

  53. 	j[2] = U8TO32(state->s + 8);

  54. 	j[3] = U8TO32(state->s + 12);

  55. 	j[4] = U8TO32(state->s + 16);

  56. 	j[5] = U8TO32(state->s + 20);

  57. 	j[6] = U8TO32(state->s + 24);

  58. 	j[7] = U8TO32(state->s + 28);

  59. 	j[8] = U8TO32(state->s + 32);

  60. 	j[9] = U8TO32(state->s + 36);

  61. 	j[10] = U8TO32(state->s + 40);

  62. 	j[11] = U8TO32(state->s + 44);

  63. 

  64. 	r = state->rounds;

  65. 

  66. 	for (;;) {

  67. 		if (bytes < 64) {

  68. 			if (in) {

  69. 				for (i = 0; i < bytes; i++) tmp[i] = in[i];

  70. 				in = tmp;

  71. 			}

  72. 			ctarget = out;

  73. 			out = tmp;

  74. 		}

  75. 

  76. 		x[0] = chacha_constants[0];

  77. 		x[1] = chacha_constants[1];

  78. 		x[2] = chacha_constants[2];

  79. 		x[3] = chacha_constants[3];

  80. 		x[4] = j[0];

  81. 		x[5] = j[1];

  82. 		x[6] = j[2];

  83. 		x[7] = j[3];

  84. 		x[8] = j[4];

  85. 		x[9] = j[5];

  86. 		x[10] = j[6];

  87. 		x[11] = j[7];

  88. 		x[12] = j[8];

  89. 		x[13] = j[9];

  90. 		x[14] = j[10];

  91. 		x[15] = j[11];

  92. 

  93. #define quarter(a, b, c, d) \

  94. 	a += b;                 \

  95. 	t = d ^ a;              \

  96. 	d = ROTL32(t, 16);      \

  97. 	c += d;                 \

  98. 	t = b ^ c;              \

  99. 	b = ROTL32(t, 12);      \

  100. 	a += b;                 \

  101. 	t = d ^ a;              \

  102. 	d = ROTL32(t, 8);       \

  103. 	c += d;                 \

  104. 	t = b ^ c;              \

  105. 	b = ROTL32(t, 7);

  106. 

  107. #define doubleround()                                        \

  108. 	quarter(x[0], x[4], x[8], x[12])                         \

  109. 		quarter(x[1], x[5], x[9], x[13])                     \

  110. 			quarter(x[2], x[6], x[10], x[14])                \

  111. 				quarter(x[3], x[7], x[11], x[15])            \

  112. 					quarter(x[0], x[5], x[10], x[15])        \

  113. 						quarter(x[1], x[6], x[11], x[12])    \

  114. 							quarter(x[2], x[7], x[8], x[13]) \

  115. 								quarter(x[3], x[4], x[9], x[14])

  116. 

  117. 		i = r;

  118. 		do {

  119. 			doubleround()

  120. 				i -= 2;

  121. 		} while (i);

  122. 

  123. 		x[0] += chacha_constants[0];

  124. 		x[1] += chacha_constants[1];

  125. 		x[2] += chacha_constants[2];

  126. 		x[3] += chacha_constants[3];

  127. 		x[4] += j[0];

  128. 		x[5] += j[1];

  129. 		x[6] += j[2];

  130. 		x[7] += j[3];

  131. 		x[8] += j[4];

  132. 		x[9] += j[5];

  133. 		x[10] += j[6];

  134. 		x[11] += j[7];

  135. 		x[12] += j[8];

  136. 		x[13] += j[9];

  137. 		x[14] += j[10];

  138. 		x[15] += j[11];

  139. 

  140. 		if (in) {

  141. 			U32TO8(out + 0, x[0] ^ U8TO32(in + 0));

  142. 			U32TO8(out + 4, x[1] ^ U8TO32(in + 4));

  143. 			U32TO8(out + 8, x[2] ^ U8TO32(in + 8));

  144. 			U32TO8(out + 12, x[3] ^ U8TO32(in + 12));

  145. 			U32TO8(out + 16, x[4] ^ U8TO32(in + 16));

  146. 			U32TO8(out + 20, x[5] ^ U8TO32(in + 20));

  147. 			U32TO8(out + 24, x[6] ^ U8TO32(in + 24));

  148. 			U32TO8(out + 28, x[7] ^ U8TO32(in + 28));

  149. 			U32TO8(out + 32, x[8] ^ U8TO32(in + 32));

  150. 			U32TO8(out + 36, x[9] ^ U8TO32(in + 36));

  151. 			U32TO8(out + 40, x[10] ^ U8TO32(in + 40));

  152. 			U32TO8(out + 44, x[11] ^ U8TO32(in + 44));

  153. 			U32TO8(out + 48, x[12] ^ U8TO32(in + 48));

  154. 			U32TO8(out + 52, x[13] ^ U8TO32(in + 52));

  155. 			U32TO8(out + 56, x[14] ^ U8TO32(in + 56));

  156. 			U32TO8(out + 60, x[15] ^ U8TO32(in + 60));

  157. 			in += 64;

  158. 		}

  159. 		else {

  160. 			U32TO8(out + 0, x[0]);

  161. 			U32TO8(out + 4, x[1]);

  162. 			U32TO8(out + 8, x[2]);

  163. 			U32TO8(out + 12, x[3]);

  164. 			U32TO8(out + 16, x[4]);

  165. 			U32TO8(out + 20, x[5]);

  166. 			U32TO8(out + 24, x[6]);

  167. 			U32TO8(out + 28, x[7]);

  168. 			U32TO8(out + 32, x[8]);

  169. 			U32TO8(out + 36, x[9]);

  170. 			U32TO8(out + 40, x[10]);

  171. 			U32TO8(out + 44, x[11]);

  172. 			U32TO8(out + 48, x[12]);

  173. 			U32TO8(out + 52, x[13]);

  174. 			U32TO8(out + 56, x[14]);

  175. 			U32TO8(out + 60, x[15]);

  176. 		}

  177. 

  178. 		/* increment the 64 bit counter, split in to two 32 bit halves */

  179. 		j[8]++;

  180. 		if (!j[8])

  181. 			j[9]++;

  182. 

  183. 		if (bytes <= 64) {

  184. 			if (bytes < 64)

  185. 				for (i = 0; i < bytes; i++) ctarget[i] = out[i];

  186. 

  187. 			/* store the counter back to the state */

  188. 			U32TO8(state->s + 32, j[8]);

  189. 			U32TO8(state->s + 36, j[9]);

  190. 			goto cleanup;

  191. 		}

  192. 		bytes -= 64;

  193. 		out += 64;

  194. 	}

  195. 

  196. cleanup:

  197. 	rspamd_explicit_memzero(j, sizeof(j));

  198. }

  199. 

  200. void hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds)

  201. {

  202. 	chacha_int32 x[16];

  203. 	chacha_int32 t;

  204. 

  205. 	x[0] = chacha_constants[0];

  206. 	x[1] = chacha_constants[1];

  207. 	x[2] = chacha_constants[2];

  208. 	x[3] = chacha_constants[3];

  209. 	x[4] = U8TO32(key + 0);

  210. 	x[5] = U8TO32(key + 4);

  211. 	x[6] = U8TO32(key + 8);

  212. 	x[7] = U8TO32(key + 12);

  213. 	x[8] = U8TO32(key + 16);

  214. 	x[9] = U8TO32(key + 20);

  215. 	x[10] = U8TO32(key + 24);

  216. 	x[11] = U8TO32(key + 28);

  217. 	x[12] = U8TO32(iv + 0);

  218. 	x[13] = U8TO32(iv + 4);

  219. 	x[14] = U8TO32(iv + 8);

  220. 	x[15] = U8TO32(iv + 12);

  221. 

  222. 	do {

  223. 		doubleround()

  224. 			rounds -= 2;

  225. 	} while (rounds);

  226. 

  227. 	/* indices for the chacha constant */

  228. 	U32TO8(out + 0, x[0]);

  229. 	U32TO8(out + 4, x[1]);

  230. 	U32TO8(out + 8, x[2]);

  231. 	U32TO8(out + 12, x[3]);

  232. 

  233. 	/* indices for the iv */

  234. 	U32TO8(out + 16, x[12]);

  235. 	U32TO8(out + 20, x[13]);

  236. 	U32TO8(out + 24, x[14]);

  237. 	U32TO8(out + 28, x[15]);

  238. }

  239. 

  240. void chacha_clear_state_ref(chacha_state_internal *state)

  241. {

  242. 	rspamd_explicit_memzero(state, 48);

  243. }

  244. 

  245. void chacha_ref(const chacha_key *key, const chacha_iv *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds)

  246. {

  247. 	chacha_state_internal state;

  248. 	size_t i;

  249. 	for (i = 0; i < 32; i++)

  250. 		state.s[i + 0] = key->b[i];

  251. 	for (i = 0; i < 8; i++)

  252. 		state.s[i + 32] = 0;

  253. 	for (i = 0; i < 8; i++)

  254. 		state.s[i + 40] = iv->b[i];

  255. 	state.rounds = rounds;

  256. 	chacha_blocks_ref(&state, in, out, inlen);

  257. 	chacha_clear_state_ref(&state);

  258. }

  259. 

  260. void xchacha_ref(const chacha_key *key, const chacha_iv24 *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds)

  261. {

  262. 	chacha_state_internal state;

  263. 	size_t i;

  264. 	hchacha_ref(key->b, iv->b, &state.s[0], rounds);

  265. 	for (i = 0; i < 8; i++)

  266. 		state.s[i + 32] = 0;

  267. 	for (i = 0; i < 8; i++)

  268. 		state.s[i + 40] = iv->b[i + 16];

  269. 	state.rounds = rounds;

  270. 	chacha_blocks_ref(&state, in, out, inlen);

  271. 	chacha_clear_state_ref(&state);

  272. }