Am Montag, 1. Januar 2018, 00:46:40 CET schrieb Eric Biggers:
Hi Eric,
>
> -static void salsa20_wordtobyte(u8 output[64], const u32 input[16])
> +static void salsa20_block(u32 *state, u32 *stream)
Shouldn't stream be __le32? This could get rid of the type casting further
down.
> {
> u32 x[16];
> int i;
>
> - memcpy(x, input, sizeof(x));
> - for (i = 20; i > 0; i -= 2) {
> + memcpy(x, state, sizeof(x));
> +
> + for (i = 0; i < 20; i += 2) {
> x[ 4] ^= rol32((x[ 0] + x[12]), 7);
> x[ 8] ^= rol32((x[ 4] + x[ 0]), 9);
> x[12] ^= rol32((x[ 8] + x[ 4]), 13);
> @@ -95,145 +73,135 @@ static void salsa20_wordtobyte(u8 output[64], const
> u32 input[16]) x[14] ^= rol32((x[13] + x[12]), 13);
> x[15] ^= rol32((x[14] + x[13]), 18);
> }
> - for (i = 0; i < 16; ++i)
> - x[i] += input[i];
> - for (i = 0; i < 16; ++i)
> - U32TO8_LITTLE(output + 4 * i,x[i]);
> -}
>
> -static const char sigma[16] = "expand 32-byte k";
> -static const char tau[16] = "expand 16-byte k";
> + for (i = 0; i < 16; i++)
> + stream[i] = (__force u32)cpu_to_le32(x[i] + state[i]);
> +
> + if (++state[8] == 0)
> + state[9]++;
> +}
>
> -static void salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32
> kbytes) +static void salsa20_docrypt(u32 *state, u8 *dst, const u8 *src,
> + unsigned int bytes)
> {
> - const char *constants;
> + u32 stream[SALSA20_BLOCK_SIZE / sizeof(u32)];
dto, __le32?
Ciao
Stephan
