diff options
Diffstat (limited to 'src/libcryptobox/chacha20/ref.c')
-rw-r--r-- | src/libcryptobox/chacha20/ref.c | 135 |
1 files changed, 73 insertions, 62 deletions
diff --git a/src/libcryptobox/chacha20/ref.c b/src/libcryptobox/chacha20/ref.c index 905e76c83..ee646dbf3 100644 --- a/src/libcryptobox/chacha20/ref.c +++ b/src/libcryptobox/chacha20/ref.c @@ -10,36 +10,37 @@ typedef guint32 chacha_int32; /* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */ static chacha_int32 -U8TO32(const unsigned char *p) { - return - (((chacha_int32)(p[0]) ) | - ((chacha_int32)(p[1]) << 8) | - ((chacha_int32)(p[2]) << 16) | - ((chacha_int32)(p[3]) << 24)); +U8TO32(const unsigned char *p) +{ + return (((chacha_int32) (p[0])) | + ((chacha_int32) (p[1]) << 8) | + ((chacha_int32) (p[2]) << 16) | + ((chacha_int32) (p[3]) << 24)); } /* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */ static void -U32TO8(unsigned char *p, chacha_int32 v) { - p[0] = (v ) & 0xff; - p[1] = (v >> 8) & 0xff; +U32TO8(unsigned char *p, chacha_int32 v) +{ + p[0] = (v) &0xff; + p[1] = (v >> 8) & 0xff; p[2] = (v >> 16) & 0xff; p[3] = (v >> 24) & 0xff; } /* 32 bit left rotate */ static chacha_int32 -ROTL32(chacha_int32 x, int k) { +ROTL32(chacha_int32 x, int k) +{ return ((x << k) | (x >> (32 - k))) & 0xffffffff; } /* "expand 32-byte k", as 4 little endian 32-bit unsigned integers */ -static const chacha_int32 chacha_constants[4] = { - 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 -}; +static const chacha_int32 chacha_constants[4] = { + 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; -void -chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigned char *out, size_t bytes) { +void chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigned char *out, size_t bytes) +{ chacha_int32 x[16], j[12]; chacha_int32 t; unsigned char *ctarget = out, tmp[64]; @@ -89,26 +90,34 @@ chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigne x[14] = j[10]; x[15] = j[11]; - #define quarter(a,b,c,d) \ - a += b; t = d^a; d = ROTL32(t,16); \ - c += d; t = b^c; b = ROTL32(t,12); \ - a += b; t = d^a; d = ROTL32(t, 8); \ - c += d; t = b^c; b = ROTL32(t, 7); +#define quarter(a, b, c, d) \ + a += b; \ + t = d ^ a; \ + d = ROTL32(t, 16); \ + c += d; \ + t = b ^ c; \ + b = ROTL32(t, 12); \ + a += b; \ + t = d ^ a; \ + d = ROTL32(t, 8); \ + c += d; \ + t = b ^ c; \ + b = ROTL32(t, 7); - #define doubleround() \ - quarter( x[0], x[4], x[8],x[12]) \ - quarter( x[1], x[5], x[9],x[13]) \ - quarter( x[2], x[6],x[10],x[14]) \ - quarter( x[3], x[7],x[11],x[15]) \ - quarter( x[0], x[5],x[10],x[15]) \ - quarter( x[1], x[6],x[11],x[12]) \ - quarter( x[2], x[7], x[8],x[13]) \ - quarter( x[3], x[4], x[9],x[14]) +#define doubleround() \ + quarter(x[0], x[4], x[8], x[12]) \ + quarter(x[1], x[5], x[9], x[13]) \ + quarter(x[2], x[6], x[10], x[14]) \ + quarter(x[3], x[7], x[11], x[15]) \ + quarter(x[0], x[5], x[10], x[15]) \ + quarter(x[1], x[6], x[11], x[12]) \ + quarter(x[2], x[7], x[8], x[13]) \ + quarter(x[3], x[4], x[9], x[14]) i = r; do { doubleround() - i -= 2; + i -= 2; } while (i); x[0] += chacha_constants[0]; @@ -129,16 +138,16 @@ chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigne x[15] += j[11]; if (in) { - U32TO8(out + 0, x[0] ^ U8TO32(in + 0)); - U32TO8(out + 4, x[1] ^ U8TO32(in + 4)); - U32TO8(out + 8, x[2] ^ U8TO32(in + 8)); - U32TO8(out + 12, x[3] ^ U8TO32(in + 12)); - U32TO8(out + 16, x[4] ^ U8TO32(in + 16)); - U32TO8(out + 20, x[5] ^ U8TO32(in + 20)); - U32TO8(out + 24, x[6] ^ U8TO32(in + 24)); - U32TO8(out + 28, x[7] ^ U8TO32(in + 28)); - U32TO8(out + 32, x[8] ^ U8TO32(in + 32)); - U32TO8(out + 36, x[9] ^ U8TO32(in + 36)); + U32TO8(out + 0, x[0] ^ U8TO32(in + 0)); + U32TO8(out + 4, x[1] ^ U8TO32(in + 4)); + U32TO8(out + 8, x[2] ^ U8TO32(in + 8)); + U32TO8(out + 12, x[3] ^ U8TO32(in + 12)); + U32TO8(out + 16, x[4] ^ U8TO32(in + 16)); + U32TO8(out + 20, x[5] ^ U8TO32(in + 20)); + U32TO8(out + 24, x[6] ^ U8TO32(in + 24)); + U32TO8(out + 28, x[7] ^ U8TO32(in + 28)); + U32TO8(out + 32, x[8] ^ U8TO32(in + 32)); + U32TO8(out + 36, x[9] ^ U8TO32(in + 36)); U32TO8(out + 40, x[10] ^ U8TO32(in + 40)); U32TO8(out + 44, x[11] ^ U8TO32(in + 44)); U32TO8(out + 48, x[12] ^ U8TO32(in + 48)); @@ -146,17 +155,18 @@ chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigne U32TO8(out + 56, x[14] ^ U8TO32(in + 56)); U32TO8(out + 60, x[15] ^ U8TO32(in + 60)); in += 64; - } else { - U32TO8(out + 0, x[0]); - U32TO8(out + 4, x[1]); - U32TO8(out + 8, x[2]); - U32TO8(out + 12, x[3]); - U32TO8(out + 16, x[4]); - U32TO8(out + 20, x[5]); - U32TO8(out + 24, x[6]); - U32TO8(out + 28, x[7]); - U32TO8(out + 32, x[8]); - U32TO8(out + 36, x[9]); + } + else { + U32TO8(out + 0, x[0]); + U32TO8(out + 4, x[1]); + U32TO8(out + 8, x[2]); + U32TO8(out + 12, x[3]); + U32TO8(out + 16, x[4]); + U32TO8(out + 20, x[5]); + U32TO8(out + 24, x[6]); + U32TO8(out + 28, x[7]); + U32TO8(out + 32, x[8]); + U32TO8(out + 36, x[9]); U32TO8(out + 40, x[10]); U32TO8(out + 44, x[11]); U32TO8(out + 48, x[12]); @@ -171,7 +181,8 @@ chacha_blocks_ref(chacha_state_internal *state, const unsigned char *in, unsigne j[9]++; if (bytes <= 64) { - if (bytes < 64) for (i = 0; i < bytes; i++) ctarget[i] = out[i]; + if (bytes < 64) + for (i = 0; i < bytes; i++) ctarget[i] = out[i]; /* store the counter back to the state */ U32TO8(state->s + 32, j[8]); @@ -186,8 +197,8 @@ cleanup: rspamd_explicit_memzero(j, sizeof(j)); } -void -hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds) { +void hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned char out[32], size_t rounds) +{ chacha_int32 x[16]; chacha_int32 t; @@ -210,7 +221,7 @@ hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned ch do { doubleround() - rounds -= 2; + rounds -= 2; } while (rounds); /* indices for the chacha constant */ @@ -226,13 +237,13 @@ hchacha_ref(const unsigned char key[32], const unsigned char iv[16], unsigned ch U32TO8(out + 28, x[15]); } -void -chacha_clear_state_ref(chacha_state_internal *state) { - rspamd_explicit_memzero (state, 48); +void chacha_clear_state_ref(chacha_state_internal *state) +{ + rspamd_explicit_memzero(state, 48); } -void -chacha_ref(const chacha_key *key, const chacha_iv *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds) { +void chacha_ref(const chacha_key *key, const chacha_iv *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds) +{ chacha_state_internal state; size_t i; for (i = 0; i < 32; i++) @@ -246,8 +257,8 @@ chacha_ref(const chacha_key *key, const chacha_iv *iv, const unsigned char *in, chacha_clear_state_ref(&state); } -void -xchacha_ref(const chacha_key *key, const chacha_iv24 *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds) { +void xchacha_ref(const chacha_key *key, const chacha_iv24 *iv, const unsigned char *in, unsigned char *out, size_t inlen, size_t rounds) +{ chacha_state_internal state; size_t i; hchacha_ref(key->b, iv->b, &state.s[0], rounds); |