static void salsa20_encrypt_bytes(struct salsa20_ctx *ctx, u8 *dst,
const u8 *src, unsigned int bytes)
{
u8 buf[64];
if (dst != src)
memcpy(dst, src, bytes);
while (bytes) {
salsa20_wordtobyte(buf, ctx->input);
ctx->input[8] = PLUSONE(ctx->input[8]);
if (!ctx->input[8])
ctx->input[9] = PLUSONE(ctx->input[9]);
if (bytes <= 64) {
crypto_xor(dst, buf, bytes);
return;
}
crypto_xor(dst, buf, 64);
bytes -= 64;
dst += 64;
}
}
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x_, const u8 *m_,u8 *c_,u32 bytes)
{
int i;
u32* x = (u32*)&x_->input;
u8* out = c_;
const u8* m = m_;
#if defined(__AVX512F__)
#include "u16.h"
#endif
#if defined(__AVX2__)
#include "u8.h"
#endif
#if 1
#include "u4.h"
#endif
#if 1
#include "u1.h"
#endif
if (!bytes) return;
u8 output[64];
for (;;) {
salsa20_wordtobyte_tr(output,x);
x[tr[8]] = PLUSONE(x[tr[8]]);
if (!x[tr[8]]) {
x[tr[9]] = PLUSONE(x[tr[9]]);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
if (bytes <= 64) {
for (i = 0;i < bytes;++i) out[i] = m[i] ^ output[i];
return;
}
for (i = 0;i < 64;++i) out[i] = m[i] ^ output[i];
bytes -= 64;
out += 64;
m += 64;
}
}
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
{
u8 output[64];
unsigned int i;
if (!bytes) return;
for (;;) {
salsa20_wordtobyte(output,x->input);
x->input[8] = PLUSONE(x->input[8]);
if (!x->input[8]) {
x->input[9] = PLUSONE(x->input[9]);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
if (bytes <= 64) {
for (i = 0;i < bytes;++i) c[i] = m[i] ^ output[i];
return;
}
for (i = 0;i < 64;++i) c[i] = m[i] ^ output[i];
bytes -= 64;
c += 64;
m += 64;
}
}
void chacha_encrypt_bytes(u32 *x,const byte *m,byte *c,u32 bytes)
{
byte output[64];
int i;
if (!bytes) return;
for (;;) {
salsa20_wordtobyte(output,x);
x[12] = PLUSONE(x[12]);
if (!x[12]) {
x[13] = PLUSONE(x[13]);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
if (bytes <= 64) {
for (i = 0;i < bytes;++i) c[i] = m[i] ^ output[i];
return;
}
for (i = 0;i < 64;++i) c[i] = m[i] ^ output[i];
bytes -= 64;
c += 64;
m += 64;
}
}
void ECRYPT_Salsa::ECRYPT_encrypt_bytes(void *xa,const u8 *m,u8 *c,u32 bytes)
{
SALSA_ctx* x = (SALSA_ctx*)xa;
u8 output[64];
int i;
if (!bytes) return;
for (;;) {
salsa20_wordtobyte(output,x->input, numRounds);
x->input[8] = PLUSONE(x->input[8]);
if (!x->input[8]) {
x->input[9] = PLUSONE(x->input[9]);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
if (bytes <= 64) {
for (i = 0;i < bytes;++i) c[i] = m[i] ^ output[i];
return;
}
for (i = 0;i < 64;++i) c[i] = m[i] ^ output[i];
bytes -= 64;
c += 64;
m += 64;
}
}
void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
{
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget;
u8 tmp[64];
int i;
if (!bytes) return;
j0 = x->input[0];
j1 = x->input[1];
j2 = x->input[2];
j3 = x->input[3];
j4 = x->input[4];
j5 = x->input[5];
j6 = x->input[6];
j7 = x->input[7];
j8 = x->input[8];
j9 = x->input[9];
j10 = x->input[10];
j11 = x->input[11];
j12 = x->input[12];
j13 = x->input[13];
j14 = x->input[14];
j15 = x->input[15];
for (;;) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) tmp[i] = m[i];
m = tmp;
ctarget = c;
c = tmp;
}
x0 = j0;
x1 = j1;
x2 = j2;
x3 = j3;
x4 = j4;
x5 = j5;
x6 = j6;
x7 = j7;
x8 = j8;
x9 = j9;
x10 = j10;
x11 = j11;
x12 = j12;
x13 = j13;
x14 = j14;
x15 = j15;
for (i = 8;i > 0;i -= 2) {
x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
}
x0 = PLUS(x0,j0);
x1 = PLUS(x1,j1);
x2 = PLUS(x2,j2);
x3 = PLUS(x3,j3);
x4 = PLUS(x4,j4);
x5 = PLUS(x5,j5);
x6 = PLUS(x6,j6);
x7 = PLUS(x7,j7);
x8 = PLUS(x8,j8);
x9 = PLUS(x9,j9);
x10 = PLUS(x10,j10);
x11 = PLUS(x11,j11);
x12 = PLUS(x12,j12);
x13 = PLUS(x13,j13);
x14 = PLUS(x14,j14);
x15 = PLUS(x15,j15);
x0 = XOR(x0,U8TO32_LITTLE(m + 0));
x1 = XOR(x1,U8TO32_LITTLE(m + 4));
x2 = XOR(x2,U8TO32_LITTLE(m + 8));
x3 = XOR(x3,U8TO32_LITTLE(m + 12));
x4 = XOR(x4,U8TO32_LITTLE(m + 16));
x5 = XOR(x5,U8TO32_LITTLE(m + 20));
x6 = XOR(x6,U8TO32_LITTLE(m + 24));
x7 = XOR(x7,U8TO32_LITTLE(m + 28));
x8 = XOR(x8,U8TO32_LITTLE(m + 32));
x9 = XOR(x9,U8TO32_LITTLE(m + 36));
x10 = XOR(x10,U8TO32_LITTLE(m + 40));
x11 = XOR(x11,U8TO32_LITTLE(m + 44));
x12 = XOR(x12,U8TO32_LITTLE(m + 48));
x13 = XOR(x13,U8TO32_LITTLE(m + 52));
x14 = XOR(x14,U8TO32_LITTLE(m + 56));
x15 = XOR(x15,U8TO32_LITTLE(m + 60));
j8 = PLUSONE(j8);
if (!j8) {
j9 = PLUSONE(j9);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
U32TO8_LITTLE(c + 0,x0);
U32TO8_LITTLE(c + 4,x1);
U32TO8_LITTLE(c + 8,x2);
U32TO8_LITTLE(c + 12,x3);
U32TO8_LITTLE(c + 16,x4);
U32TO8_LITTLE(c + 20,x5);
U32TO8_LITTLE(c + 24,x6);
U32TO8_LITTLE(c + 28,x7);
U32TO8_LITTLE(c + 32,x8);
U32TO8_LITTLE(c + 36,x9);
U32TO8_LITTLE(c + 40,x10);
U32TO8_LITTLE(c + 44,x11);
U32TO8_LITTLE(c + 48,x12);
U32TO8_LITTLE(c + 52,x13);
U32TO8_LITTLE(c + 56,x14);
U32TO8_LITTLE(c + 60,x15);
if (bytes <= 64) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
}
x->input[8] = j8;
x->input[9] = j9;
return;
}
bytes -= 64;
c += 64;
m += 64;
}
}
static void
_salsa20_block(int rounds, uint32_t *input, uint8_t *output)
{
uint32_t x0, x1, x2, x3, x4, x5, x6, x7;
uint32_t x8, x9, x10, x11, x12, x13, x14, x15;
uint8_t i;
x0 = input[0];
x1 = input[1];
x2 = input[2];
x3 = input[3];
x4 = input[4];
x5 = input[5];
x6 = input[6];
x7 = input[7];
x8 = input[8];
x9 = input[9];
x10 = input[10];
x11 = input[11];
x12 = input[12];
x13 = input[13];
x14 = input[14];
x15 = input[15];
for (i = rounds; i > 0; i -= 2) {
/* Column round */
x4 = XOR ( x4, ROTATE (PLUS ( x0,x12), 7));
x8 = XOR ( x8, ROTATE (PLUS ( x4, x0), 9));
x12 = XOR (x12, ROTATE (PLUS ( x8, x4),13));
x0 = XOR ( x0, ROTATE (PLUS (x12, x8),18));
x9 = XOR ( x9, ROTATE (PLUS ( x5, x1), 7));
x13 = XOR (x13, ROTATE (PLUS ( x9, x5), 9));
x1 = XOR ( x1, ROTATE (PLUS (x13, x9),13));
x5 = XOR ( x5, ROTATE (PLUS ( x1,x13),18));
x14 = XOR (x14, ROTATE (PLUS (x10, x6), 7));
x2 = XOR ( x2, ROTATE (PLUS (x14,x10), 9));
x6 = XOR ( x6, ROTATE (PLUS ( x2,x14),13));
x10 = XOR (x10, ROTATE (PLUS ( x6, x2),18));
x3 = XOR ( x3, ROTATE (PLUS (x15,x11), 7));
x7 = XOR ( x7, ROTATE (PLUS ( x3,x15), 9));
x11 = XOR (x11, ROTATE (PLUS ( x7, x3),13));
x15 = XOR (x15, ROTATE (PLUS (x11, x7),18));
/* Row round */
x1 = XOR ( x1, ROTATE (PLUS ( x0, x3), 7));
x2 = XOR ( x2, ROTATE (PLUS ( x1, x0), 9));
x3 = XOR ( x3, ROTATE (PLUS ( x2, x1),13));
x0 = XOR ( x0, ROTATE (PLUS ( x3, x2),18));
x6 = XOR ( x6, ROTATE (PLUS ( x5, x4), 7));
x7 = XOR ( x7, ROTATE (PLUS ( x6, x5), 9));
x4 = XOR ( x4, ROTATE (PLUS ( x7, x6),13));
x5 = XOR ( x5, ROTATE (PLUS ( x4, x7),18));
x11 = XOR (x11, ROTATE (PLUS (x10, x9), 7));
x8 = XOR ( x8, ROTATE (PLUS (x11,x10), 9));
x9 = XOR ( x9, ROTATE (PLUS ( x8,x11),13));
x10 = XOR (x10, ROTATE (PLUS ( x9, x8),18));
x12 = XOR (x12, ROTATE (PLUS (x15,x14), 7));
x13 = XOR (x13, ROTATE (PLUS (x12,x15), 9));
x14 = XOR (x14, ROTATE (PLUS (x13,x12),13));
x15 = XOR (x15, ROTATE (PLUS (x14,x13),18));
}
x0 = PLUS (x0, input[0]);
x1 = PLUS (x1, input[1]);
x2 = PLUS (x2, input[2]);
x3 = PLUS (x3, input[3]);
x4 = PLUS (x4, input[4]);
x5 = PLUS (x5, input[5]);
x6 = PLUS (x6, input[6]);
x7 = PLUS (x7, input[7]);
x8 = PLUS (x8, input[8]);
x9 = PLUS (x9, input[9]);
x10 = PLUS (x10, input[10]);
x11 = PLUS (x11, input[11]);
x12 = PLUS (x12, input[12]);
x13 = PLUS (x13, input[13]);
x14 = PLUS (x14, input[14]);
x15 = PLUS (x15, input[15]);
U32TO8_LITTLE (output + 0, x0);
U32TO8_LITTLE (output + 4, x1);
U32TO8_LITTLE (output + 8, x2);
U32TO8_LITTLE (output + 12, x3);
U32TO8_LITTLE (output + 16, x4);
U32TO8_LITTLE (output + 20, x5);
U32TO8_LITTLE (output + 24, x6);
U32TO8_LITTLE (output + 28, x7);
U32TO8_LITTLE (output + 32, x8);
U32TO8_LITTLE (output + 36, x9);
U32TO8_LITTLE (output + 40, x10);
U32TO8_LITTLE (output + 44, x11);
U32TO8_LITTLE (output + 48, x12);
U32TO8_LITTLE (output + 52, x13);
U32TO8_LITTLE (output + 56, x14);
U32TO8_LITTLE (output + 60, x15);
/* Increment block counter */
input[8] = PLUSONE (input[8]);
if (!input[8]) {
input[9] = PLUSONE (input[9]);
/* stopping at 2^70 bytes per nonce is user's responsibility */
}
}