static int stream_ref_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, const unsigned char *k) { unsigned char in[16]; unsigned char block[64]; unsigned char kcopy[32]; unsigned int i; unsigned int u; if (!mlen) { return 0; } for (i = 0; i < 32; i++) { kcopy[i] = k[i]; } for (i = 0; i < 8; i++) { in[i] = n[i]; } for (i = 8; i < 16; i++) { in[i] = (unsigned char) (ic & 0xff); ic >>= 8; } while (mlen >= 64) { crypto_core_salsa20(block, in, kcopy, NULL); for (i = 0; i < 64; i++) { c[i] = m[i] ^ block[i]; } u = 1; for (i = 8; i < 16; i++) { u += (unsigned int) in[i]; in[i] = u; u >>= 8; } mlen -= 64; c += 64; m += 64; } if (mlen) { crypto_core_salsa20(block, in, kcopy, NULL); for (i = 0; i < (unsigned int) mlen; i++) { c[i] = m[i] ^ block[i]; } } sodium_memzero(block, sizeof block); sodium_memzero(kcopy, sizeof kcopy); return 0; }
/*it seems to start 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91 ,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25 ,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65 ,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80 ,0x30,0x9e,0x64,0x5a,0x74,0xe9,0xe0,0xa6 ,0x0d,0x82,0x43,0xac,0xd9,0x17,0x7a,0xb5 ,0x1a,0x1b,0xeb,0x8d,0x5a,0x2f,0x5d,0x70 I've verified that this is the same thing output from crypto_stream_xsalsa20(*,*,nonce,firstkey); */ void test_salsa20core() { unsigned char secondkey[32] = { 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9 ,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88 ,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9 ,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4 }; unsigned char noncesuffix[8] = { 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37 }; unsigned char c[16] = { 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33 ,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b }; unsigned char in[16] = { 0 } ; unsigned char outputblock[64]; int i; for (i = 0;i < 8;++i) in[i] = noncesuffix[i]; do { do { crypto_core_salsa20(outputblock,in,secondkey,c); for (i = 0;i < 64;++i) { if (i > 0) printf(","); else printf(" "); printf("0x%02x",(unsigned int) outputblock[i]); if (i % 8 == 7) printf("\n"); } } while (++in[8]); } while (++in[9]); }
static int stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) { unsigned char in[16]; unsigned char block[64]; unsigned char kcopy[32]; unsigned int i; unsigned int u; if (!clen) { return 0; } for (i = 0; i < 32; i++) { kcopy[i] = k[i]; } for (i = 0; i < 8; i++) { in[i] = n[i]; } for (i = 8; i < 16; i++) { in[i] = 0; } while (clen >= 64) { crypto_core_salsa20(c, in, kcopy, NULL); u = 1; for (i = 8; i < 16; i++) { u += (unsigned int) in[i]; in[i] = u; u >>= 8; } clen -= 64; c += 64; } if (clen) { crypto_core_salsa20(block, in, kcopy, NULL); for (i = 0; i < (unsigned int) clen; i++) { c[i] = block[i]; } } sodium_memzero(block, sizeof block); sodium_memzero(kcopy, sizeof kcopy); return 0; }
int crypto_stream_salsa20_xor( unsigned char *c, const unsigned char *m,crypto_uint16 mlen, const unsigned char *n,const unsigned char *k ) { unsigned char z[16],x[64],u[8],i; for(i=0;i<8;i++) { z[i] = n[i]; z[i+8] = 0; u[i] = 0; } u[0] = 1; while (mlen >= 64) { if(m) { crypto_core_salsa20(x,z,k,sigma); for(i=0;i<64;i++) c[i] = m[i] ^ x[i]; } else crypto_core_salsa20(c,z,k,sigma); bigint_add(z+8,z+8,u,8); mlen -= 64; c += 64; if (m) m += 64; } if (mlen) { crypto_core_salsa20(x,z,k,sigma); if(m) for(i=0;i<mlen;i++) c[i] = x[i] ^ m[i]; else for(i=0;i<mlen;i++) c[i] = x[i]; } return 0; }
int crypto_stream( unsigned char *c,unsigned long long clen, const unsigned char *n, const unsigned char *k ) { unsigned char in[16]; unsigned char block[64]; unsigned char kcopy[32]; unsigned int i; unsigned int u; if (!clen) return 0; for (i = 0;i < 32;++i) kcopy[i] = k[i]; for (i = 0;i < 8;++i) in[i] = n[i]; for (i = 8;i < 16;++i) in[i] = 0; while (clen >= 64) { crypto_core_salsa20(c,in,kcopy,sigma); u = 1; for (i = 8;i < 16;++i) { u += (unsigned int) in[i]; in[i] = u; u >>= 8; } clen -= 64; c += 64; } if (clen) { crypto_core_salsa20(block,in,kcopy,sigma); for (i = 0;i < (unsigned int) clen;++i) c[i] = block[i]; } sodium_memzero(block, sizeof block); sodium_memzero(kcopy, sizeof kcopy); return 0; }
int crypto_stream( unsigned char *c,unsigned long long clen, const unsigned char *n, const unsigned char *k ) { unsigned char in[16]; unsigned char block[64]; unsigned long long i; unsigned int u; if (!clen) return 0; for (i = 0;i < 8;++i) in[i] = n[i]; for (i = 8;i < 16;++i) in[i] = 0; while (clen >= 64) { crypto_core_salsa20(c,in,k,sigma); u = 1; for (i = 8;i < 16;++i) { u += (unsigned int) in[i]; in[i] = u; u >>= 8; } clen -= 64; c += 64; } if (clen) { crypto_core_salsa20(block,in,k,sigma); for (i = 0;i < clen;++i) c[i] = block[i]; } return 0; }
int main(void) { int i; crypto_core_salsa20(out, in, k, c); for (i = 0; i < 64; ++i) { if (i > 0) { printf(","); } else { printf(" "); } printf("%3d", (unsigned int)out[i]); if (i % 8 == 7) { printf("\n"); } } return 0; }