release/src/router/libsodium/src/libsodium/crypto_core/salsa20/ref/core_salsa20.c

   1 /*
   2 version 20080912
   3 D. J. Bernstein
   4 Public domain.
   5 */
   6
   7 #include "api.h"
   8
   9 #define ROUNDS 20
  10
  11 typedef unsigned int uint32;
  12
  13 static uint32 rotate(uint32 u,int c)
  14 {
  15   return (u << c) | (u >> (32 - c));
  16 }
  17
  18 static uint32 load_littleendian(const unsigned char *x)
  19 {
  20   return
  21       (uint32) (x[0]) \
  22   | (((uint32) (x[1])) << 8) \
  23   | (((uint32) (x[2])) << 16) \
  24   | (((uint32) (x[3])) << 24)
  25   ;
  26 }
  27
  28 static void store_littleendian(unsigned char *x,uint32 u)
  29 {
  30   x[0] = u; u >>= 8;
  31   x[1] = u; u >>= 8;
  32   x[2] = u; u >>= 8;
  33   x[3] = u;
  34 }
  35
  36 int crypto_core(
  37         unsigned char *out,
  38   const unsigned char *in,
  39   const unsigned char *k,
  40   const unsigned char *c
  41 )
  42 {
  43   uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
  44   uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
  45   int i;
  46
  47   j0 = x0 = load_littleendian(c + 0);
  48   j1 = x1 = load_littleendian(k + 0);
  49   j2 = x2 = load_littleendian(k + 4);
  50   j3 = x3 = load_littleendian(k + 8);
  51   j4 = x4 = load_littleendian(k + 12);
  52   j5 = x5 = load_littleendian(c + 4);
  53   j6 = x6 = load_littleendian(in + 0);
  54   j7 = x7 = load_littleendian(in + 4);
  55   j8 = x8 = load_littleendian(in + 8);
  56   j9 = x9 = load_littleendian(in + 12);
  57   j10 = x10 = load_littleendian(c + 8);
  58   j11 = x11 = load_littleendian(k + 16);
  59   j12 = x12 = load_littleendian(k + 20);
  60   j13 = x13 = load_littleendian(k + 24);
  61   j14 = x14 = load_littleendian(k + 28);
  62   j15 = x15 = load_littleendian(c + 12);
  63
  64   for (i = ROUNDS;i > 0;i -= 2) {
  65      x4 ^= rotate( x0+x12, 7);
  66      x8 ^= rotate( x4+ x0, 9);
  67     x12 ^= rotate( x8+ x4,13);
  68      x0 ^= rotate(x12+ x8,18);
  69      x9 ^= rotate( x5+ x1, 7);
  70     x13 ^= rotate( x9+ x5, 9);
  71      x1 ^= rotate(x13+ x9,13);
  72      x5 ^= rotate( x1+x13,18);
  73     x14 ^= rotate(x10+ x6, 7);
  74      x2 ^= rotate(x14+x10, 9);
  75      x6 ^= rotate( x2+x14,13);
  76     x10 ^= rotate( x6+ x2,18);
  77      x3 ^= rotate(x15+x11, 7);
  78      x7 ^= rotate( x3+x15, 9);
  79     x11 ^= rotate( x7+ x3,13);
  80     x15 ^= rotate(x11+ x7,18);
  81      x1 ^= rotate( x0+ x3, 7);
  82      x2 ^= rotate( x1+ x0, 9);
  83      x3 ^= rotate( x2+ x1,13);
  84      x0 ^= rotate( x3+ x2,18);
  85      x6 ^= rotate( x5+ x4, 7);
  86      x7 ^= rotate( x6+ x5, 9);
  87      x4 ^= rotate( x7+ x6,13);
  88      x5 ^= rotate( x4+ x7,18);
  89     x11 ^= rotate(x10+ x9, 7);
  90      x8 ^= rotate(x11+x10, 9);
  91      x9 ^= rotate( x8+x11,13);
  92     x10 ^= rotate( x9+ x8,18);
  93     x12 ^= rotate(x15+x14, 7);
  94     x13 ^= rotate(x12+x15, 9);
  95     x14 ^= rotate(x13+x12,13);
  96     x15 ^= rotate(x14+x13,18);
  97   }
  98
  99   x0 += j0;
 100   x1 += j1;
 101   x2 += j2;
 102   x3 += j3;
 103   x4 += j4;
 104   x5 += j5;
 105   x6 += j6;
 106   x7 += j7;
 107   x8 += j8;
 108   x9 += j9;
 109   x10 += j10;
 110   x11 += j11;
 111   x12 += j12;
 112   x13 += j13;
 113   x14 += j14;
 114   x15 += j15;
 115
 116   store_littleendian(out + 0,x0);
 117   store_littleendian(out + 4,x1);
 118   store_littleendian(out + 8,x2);
 119   store_littleendian(out + 12,x3);
 120   store_littleendian(out + 16,x4);
 121   store_littleendian(out + 20,x5);
 122   store_littleendian(out + 24,x6);
 123   store_littleendian(out + 28,x7);
 124   store_littleendian(out + 32,x8);
 125   store_littleendian(out + 36,x9);
 126   store_littleendian(out + 40,x10);
 127   store_littleendian(out + 44,x11);
 128   store_littleendian(out + 48,x12);
 129   store_littleendian(out + 52,x13);
 130   store_littleendian(out + 56,x14);
 131   store_littleendian(out + 60,x15);
 132
 133   return 0;
 134 }