static int
stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n, uint64_t ic,
const unsigned char *k)
{
unsigned char in[16];
unsigned char block[64];
unsigned char kcopy[32];
unsigned int i;
unsigned int u;
if (!mlen) {
return 0;
}
for (i = 0; i < 32; i++) {
kcopy[i] = k[i];
}
for (i = 0; i < 8; i++) {
in[i] = n[i];
}
for (i = 8; i < 16; i++) {
in[i] = (unsigned char) (ic & 0xff);
ic >>= 8;
}
while (mlen >= 64) {
crypto_core_salsa20(block, in, kcopy, NULL);
for (i = 0; i < 64; i++) {
c[i] = m[i] ^ block[i];
}
u = 1;
for (i = 8; i < 16; i++) {
u += (unsigned int) in[i];
in[i] = u;
u >>= 8;
}
mlen -= 64;
c += 64;
m += 64;
}
if (mlen) {
crypto_core_salsa20(block, in, kcopy, NULL);
for (i = 0; i < (unsigned int) mlen; i++) {
c[i] = m[i] ^ block[i];
}
}
sodium_memzero(block, sizeof block);
sodium_memzero(kcopy, sizeof kcopy);
return 0;
}
/*it seems to start
0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
,0x30,0x9e,0x64,0x5a,0x74,0xe9,0xe0,0xa6
,0x0d,0x82,0x43,0xac,0xd9,0x17,0x7a,0xb5
,0x1a,0x1b,0xeb,0x8d,0x5a,0x2f,0x5d,0x70
I've verified that this is the same thing output from
crypto_stream_xsalsa20(*,*,nonce,firstkey);
*/
void test_salsa20core() {
unsigned char secondkey[32] = {
0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
};
unsigned char noncesuffix[8] = {
0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
};
unsigned char c[16] = {
0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b };
unsigned char in[16] = { 0 } ;
unsigned char outputblock[64];
int i;
for (i = 0;i < 8;++i) in[i] = noncesuffix[i];
do {
do {
crypto_core_salsa20(outputblock,in,secondkey,c);
for (i = 0;i < 64;++i) {
if (i > 0) printf(","); else printf(" ");
printf("0x%02x",(unsigned int) outputblock[i]);
if (i % 8 == 7) printf("\n");
}
} while (++in[8]);
} while (++in[9]);
}
static int
stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
const unsigned char *k)
{
unsigned char in[16];
unsigned char block[64];
unsigned char kcopy[32];
unsigned int i;
unsigned int u;
if (!clen) {
return 0;
}
for (i = 0; i < 32; i++) {
kcopy[i] = k[i];
}
for (i = 0; i < 8; i++) {
in[i] = n[i];
}
for (i = 8; i < 16; i++) {
in[i] = 0;
}
while (clen >= 64) {
crypto_core_salsa20(c, in, kcopy, NULL);
u = 1;
for (i = 8; i < 16; i++) {
u += (unsigned int) in[i];
in[i] = u;
u >>= 8;
}
clen -= 64;
c += 64;
}
if (clen) {
crypto_core_salsa20(block, in, kcopy, NULL);
for (i = 0; i < (unsigned int) clen; i++) {
c[i] = block[i];
}
}
sodium_memzero(block, sizeof block);
sodium_memzero(kcopy, sizeof kcopy);
return 0;
}
int crypto_stream_salsa20_xor(
unsigned char *c,
const unsigned char *m,crypto_uint16 mlen,
const unsigned char *n,const unsigned char *k
)
{
unsigned char z[16],x[64],u[8],i;
for(i=0;i<8;i++)
{
z[i] = n[i];
z[i+8] = 0;
u[i] = 0;
}
u[0] = 1;
while (mlen >= 64)
{
if(m)
{
crypto_core_salsa20(x,z,k,sigma);
for(i=0;i<64;i++)
c[i] = m[i] ^ x[i];
}
else
crypto_core_salsa20(c,z,k,sigma);
bigint_add(z+8,z+8,u,8);
mlen -= 64;
c += 64;
if (m) m += 64;
}
if (mlen)
{
crypto_core_salsa20(x,z,k,sigma);
if(m)
for(i=0;i<mlen;i++)
c[i] = x[i] ^ m[i];
else
for(i=0;i<mlen;i++)
c[i] = x[i];
}
return 0;
}
int crypto_stream(
unsigned char *c,unsigned long long clen,
const unsigned char *n,
const unsigned char *k
)
{
unsigned char in[16];
unsigned char block[64];
unsigned char kcopy[32];
unsigned int i;
unsigned int u;
if (!clen) return 0;
for (i = 0;i < 32;++i) kcopy[i] = k[i];
for (i = 0;i < 8;++i) in[i] = n[i];
for (i = 8;i < 16;++i) in[i] = 0;
while (clen >= 64) {
crypto_core_salsa20(c,in,kcopy,sigma);
u = 1;
for (i = 8;i < 16;++i) {
u += (unsigned int) in[i];
in[i] = u;
u >>= 8;
}
clen -= 64;
c += 64;
}
if (clen) {
crypto_core_salsa20(block,in,kcopy,sigma);
for (i = 0;i < (unsigned int) clen;++i) c[i] = block[i];
}
sodium_memzero(block, sizeof block);
sodium_memzero(kcopy, sizeof kcopy);
return 0;
}
int crypto_stream(
unsigned char *c,unsigned long long clen,
const unsigned char *n,
const unsigned char *k
)
{
unsigned char in[16];
unsigned char block[64];
unsigned long long i;
unsigned int u;
if (!clen) return 0;
for (i = 0;i < 8;++i) in[i] = n[i];
for (i = 8;i < 16;++i) in[i] = 0;
while (clen >= 64) {
crypto_core_salsa20(c,in,k,sigma);
u = 1;
for (i = 8;i < 16;++i) {
u += (unsigned int) in[i];
in[i] = u;
u >>= 8;
}
clen -= 64;
c += 64;
}
if (clen) {
crypto_core_salsa20(block,in,k,sigma);
for (i = 0;i < clen;++i) c[i] = block[i];
}
return 0;
}
int main(void)
{
int i;
crypto_core_salsa20(out, in, k, c);
for (i = 0; i < 64; ++i) {
if (i > 0) {
printf(",");
} else {
printf(" ");
}
printf("%3d", (unsigned int)out[i]);
if (i % 8 == 7) {
printf("\n");
}
}
return 0;
}
