File: | src/libexec/ld.so/chacha_private.h |
Warning: | line 118, column 40 Assigned value is garbage or undefined |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: util.c,v 1.49 2022/01/08 06:49:41 guenther Exp $ */ | |||
2 | ||||
3 | /* | |||
4 | * Copyright (c) 1998 Per Fogelstrom, Opsycon AB | |||
5 | * | |||
6 | * Redistribution and use in source and binary forms, with or without | |||
7 | * modification, are permitted provided that the following conditions | |||
8 | * are met: | |||
9 | * 1. Redistributions of source code must retain the above copyright | |||
10 | * notice, this list of conditions and the following disclaimer. | |||
11 | * 2. Redistributions in binary form must reproduce the above copyright | |||
12 | * notice, this list of conditions and the following disclaimer in the | |||
13 | * documentation and/or other materials provided with the distribution. | |||
14 | * | |||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS | |||
16 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |||
17 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | |||
19 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
20 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||
21 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
22 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||
23 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||
24 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||
25 | * SUCH DAMAGE. | |||
26 | * | |||
27 | */ | |||
28 | ||||
29 | #include <sys/types.h> | |||
30 | #include <syslog.h> | |||
31 | ||||
32 | #include "syscall.h" | |||
33 | #include "util.h" | |||
34 | #include "resolve.h" | |||
35 | #define KEYSTREAM_ONLY | |||
36 | #include "chacha_private.h" | |||
37 | ||||
38 | #ifndef _RET_PROTECTOR1 | |||
39 | /* | |||
40 | * Stack protector dummies. | |||
41 | * Ideally, a scheme to compile these stubs from libc should be used, but | |||
42 | * this would end up dragging too much code from libc here. | |||
43 | */ | |||
44 | long __guard_local __dso_hidden__attribute__((__visibility__("hidden"))) __attribute__((section(".openbsd.randomdata"))); | |||
45 | ||||
46 | void __stack_smash_handler(char [], int); | |||
47 | ||||
48 | void | |||
49 | __stack_smash_handler(char func[], int damaged) | |||
50 | { | |||
51 | char message[256]; | |||
52 | ||||
53 | /* <10> indicates LOG_CRIT */ | |||
54 | _dl_strlcpy(message, "<10>ld.so:", sizeof message); | |||
55 | _dl_strlcat(message, __progname, sizeof message); | |||
56 | if (_dl_strlen(message) > sizeof(message)/2) | |||
57 | _dl_strlcpy(message + sizeof(message)/2, "...", | |||
58 | sizeof(message) - sizeof(message)/2); | |||
59 | _dl_strlcat(message, " stack overflow in function ", sizeof message); | |||
60 | _dl_strlcat(message, func, sizeof message); | |||
61 | ||||
62 | _dl_sendsyslog(message, _dl_strlen(message), LOG_CONS0x02); | |||
63 | _dl_diedie()_dl_thrkill(0, 9, ((void*)0)); | |||
64 | } | |||
65 | #endif /* _RET_PROTECTOR */ | |||
66 | ||||
67 | char * | |||
68 | _dl_strdup(const char *orig) | |||
69 | { | |||
70 | char *newstr; | |||
71 | size_t len; | |||
72 | ||||
73 | len = _dl_strlen(orig)+1; | |||
74 | newstr = _dl_malloc(len); | |||
75 | if (newstr != NULL((void*)0)) | |||
76 | _dl_strlcpy(newstr, orig, len); | |||
77 | return (newstr); | |||
78 | } | |||
79 | ||||
80 | #define KEYSZ32 32 | |||
81 | #define IVSZ8 8 | |||
82 | #define REKEY_AFTER_BYTES(1 << 31) (1 << 31) | |||
83 | static chacha_ctx chacha; | |||
84 | static size_t chacha_bytes; | |||
85 | ||||
86 | void | |||
87 | _dl_arc4randombuf(void *buf, size_t buflen) | |||
88 | { | |||
89 | if (chacha_bytes == 0) { | |||
90 | char bytes[KEYSZ32 + IVSZ8]; | |||
91 | ||||
92 | if (_dl_getentropy(bytes, KEYSZ32 + IVSZ8) != 0) | |||
93 | _dl_die("no entropy"); | |||
94 | chacha_keysetup(&chacha, bytes, KEYSZ32 * 8); | |||
95 | chacha_ivsetup(&chacha, bytes + KEYSZ32); | |||
96 | if (_dl_getentropy(bytes, KEYSZ32 + IVSZ8) != 0) | |||
97 | _dl_die("could not clobber rng key"); | |||
98 | } | |||
99 | ||||
100 | chacha_encrypt_bytes(&chacha, buf, buf, buflen); | |||
101 | ||||
102 | if (REKEY_AFTER_BYTES(1 << 31) - chacha_bytes < buflen) | |||
103 | chacha_bytes = 0; | |||
104 | else | |||
105 | chacha_bytes += buflen; | |||
106 | } | |||
107 | ||||
108 | u_int32_t | |||
109 | _dl_arc4random(void) | |||
110 | { | |||
111 | u_int32_t rnd; | |||
112 | ||||
113 | _dl_arc4randombuf(&rnd, sizeof(rnd)); | |||
| ||||
114 | return (rnd); | |||
115 | } |
1 | /* | ||||
2 | chacha-merged.c version 20080118 | ||||
3 | D. J. Bernstein | ||||
4 | Public domain. | ||||
5 | */ | ||||
6 | |||||
7 | /* $OpenBSD: chacha_private.h,v 1.1 2018/02/09 22:13:04 mortimer Exp $ */ | ||||
8 | |||||
9 | typedef unsigned char u8; | ||||
10 | typedef unsigned int u32; | ||||
11 | |||||
12 | typedef struct | ||||
13 | { | ||||
14 | u32 input[16]; /* could be compressed */ | ||||
15 | } chacha_ctx; | ||||
16 | |||||
17 | #define U8C(v)(vU) (v##U) | ||||
18 | #define U32C(v)(vU) (v##U) | ||||
19 | |||||
20 | #define U8V(v)((u8)(v) & (0xFFU)) ((u8)(v) & U8C(0xFF)(0xFFU)) | ||||
21 | #define U32V(v)((u32)(v) & (0xFFFFFFFFU)) ((u32)(v) & U32C(0xFFFFFFFF)(0xFFFFFFFFU)) | ||||
22 | |||||
23 | #define ROTL32(v, n)(((u32)((v) << (n)) & (0xFFFFFFFFU)) | ((v) >> (32 - (n)))) \ | ||||
24 | (U32V((v) << (n))((u32)((v) << (n)) & (0xFFFFFFFFU)) | ((v) >> (32 - (n)))) | ||||
25 | |||||
26 | #define U8TO32_LITTLE(p)(((u32)((p)[0]) ) | ((u32)((p)[1]) << 8) | ((u32)((p)[2 ]) << 16) | ((u32)((p)[3]) << 24)) \ | ||||
27 | (((u32)((p)[0]) ) | \ | ||||
28 | ((u32)((p)[1]) << 8) | \ | ||||
29 | ((u32)((p)[2]) << 16) | \ | ||||
30 | ((u32)((p)[3]) << 24)) | ||||
31 | |||||
32 | #define U32TO8_LITTLE(p, v)do { (p)[0] = ((u8)((v)) & (0xFFU)); (p)[1] = ((u8)((v) >> 8) & (0xFFU)); (p)[2] = ((u8)((v) >> 16) & (0xFFU )); (p)[3] = ((u8)((v) >> 24) & (0xFFU)); } while ( 0) \ | ||||
33 | do { \ | ||||
34 | (p)[0] = U8V((v) )((u8)((v)) & (0xFFU)); \ | ||||
35 | (p)[1] = U8V((v) >> 8)((u8)((v) >> 8) & (0xFFU)); \ | ||||
36 | (p)[2] = U8V((v) >> 16)((u8)((v) >> 16) & (0xFFU)); \ | ||||
37 | (p)[3] = U8V((v) >> 24)((u8)((v) >> 24) & (0xFFU)); \ | ||||
38 | } while (0) | ||||
39 | |||||
40 | #define ROTATE(v,c)((((u32)((v) << (c)) & (0xFFFFFFFFU)) | ((v) >> (32 - (c))))) (ROTL32(v,c)(((u32)((v) << (c)) & (0xFFFFFFFFU)) | ((v) >> (32 - (c))))) | ||||
41 | #define XOR(v,w)((v) ^ (w)) ((v) ^ (w)) | ||||
42 | #define PLUS(v,w)(((u32)((v) + (w)) & (0xFFFFFFFFU))) (U32V((v) + (w))((u32)((v) + (w)) & (0xFFFFFFFFU))) | ||||
43 | #define PLUSONE(v)((((u32)(((v)) + (1)) & (0xFFFFFFFFU)))) (PLUS((v),1)(((u32)(((v)) + (1)) & (0xFFFFFFFFU)))) | ||||
44 | |||||
45 | #define QUARTERROUND(a,b,c,d)a = (((u32)((a) + (b)) & (0xFFFFFFFFU))); d = ((((u32)((( (d) ^ (a))) << (16)) & (0xFFFFFFFFU)) | ((((d) ^ (a ))) >> (32 - (16))))); c = (((u32)((c) + (d)) & (0xFFFFFFFFU ))); b = ((((u32)((((b) ^ (c))) << (12)) & (0xFFFFFFFFU )) | ((((b) ^ (c))) >> (32 - (12))))); a = (((u32)((a) + (b)) & (0xFFFFFFFFU))); d = ((((u32)((((d) ^ (a))) << (8)) & (0xFFFFFFFFU)) | ((((d) ^ (a))) >> (32 - (8 ))))); c = (((u32)((c) + (d)) & (0xFFFFFFFFU))); b = (((( u32)((((b) ^ (c))) << (7)) & (0xFFFFFFFFU)) | ((((b ) ^ (c))) >> (32 - (7))))); \ | ||||
46 | a = PLUS(a,b)(((u32)((a) + (b)) & (0xFFFFFFFFU))); d = ROTATE(XOR(d,a),16)((((u32)((((d) ^ (a))) << (16)) & (0xFFFFFFFFU)) | ( (((d) ^ (a))) >> (32 - (16))))); \ | ||||
47 | c = PLUS(c,d)(((u32)((c) + (d)) & (0xFFFFFFFFU))); b = ROTATE(XOR(b,c),12)((((u32)((((b) ^ (c))) << (12)) & (0xFFFFFFFFU)) | ( (((b) ^ (c))) >> (32 - (12))))); \ | ||||
48 | a = PLUS(a,b)(((u32)((a) + (b)) & (0xFFFFFFFFU))); d = ROTATE(XOR(d,a), 8)((((u32)((((d) ^ (a))) << (8)) & (0xFFFFFFFFU)) | ( (((d) ^ (a))) >> (32 - (8))))); \ | ||||
49 | c = PLUS(c,d)(((u32)((c) + (d)) & (0xFFFFFFFFU))); b = ROTATE(XOR(b,c), 7)((((u32)((((b) ^ (c))) << (7)) & (0xFFFFFFFFU)) | ( (((b) ^ (c))) >> (32 - (7))))); | ||||
50 | |||||
51 | static const char sigma[16] = "expand 32-byte k"; | ||||
52 | static const char tau[16] = "expand 16-byte k"; | ||||
53 | |||||
54 | static void | ||||
55 | chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) | ||||
56 | { | ||||
57 | const char *constants; | ||||
58 | |||||
59 | x->input[4] = U8TO32_LITTLE(k + 0)(((u32)((k + 0)[0]) ) | ((u32)((k + 0)[1]) << 8) | ((u32 )((k + 0)[2]) << 16) | ((u32)((k + 0)[3]) << 24)); | ||||
60 | x->input[5] = U8TO32_LITTLE(k + 4)(((u32)((k + 4)[0]) ) | ((u32)((k + 4)[1]) << 8) | ((u32 )((k + 4)[2]) << 16) | ((u32)((k + 4)[3]) << 24)); | ||||
61 | x->input[6] = U8TO32_LITTLE(k + 8)(((u32)((k + 8)[0]) ) | ((u32)((k + 8)[1]) << 8) | ((u32 )((k + 8)[2]) << 16) | ((u32)((k + 8)[3]) << 24)); | ||||
62 | x->input[7] = U8TO32_LITTLE(k + 12)(((u32)((k + 12)[0]) ) | ((u32)((k + 12)[1]) << 8) | (( u32)((k + 12)[2]) << 16) | ((u32)((k + 12)[3]) << 24)); | ||||
63 | if (kbits == 256) { /* recommended */ | ||||
64 | k += 16; | ||||
65 | constants = sigma; | ||||
66 | } else { /* kbits == 128 */ | ||||
67 | constants = tau; | ||||
68 | } | ||||
69 | x->input[8] = U8TO32_LITTLE(k + 0)(((u32)((k + 0)[0]) ) | ((u32)((k + 0)[1]) << 8) | ((u32 )((k + 0)[2]) << 16) | ((u32)((k + 0)[3]) << 24)); | ||||
70 | x->input[9] = U8TO32_LITTLE(k + 4)(((u32)((k + 4)[0]) ) | ((u32)((k + 4)[1]) << 8) | ((u32 )((k + 4)[2]) << 16) | ((u32)((k + 4)[3]) << 24)); | ||||
71 | x->input[10] = U8TO32_LITTLE(k + 8)(((u32)((k + 8)[0]) ) | ((u32)((k + 8)[1]) << 8) | ((u32 )((k + 8)[2]) << 16) | ((u32)((k + 8)[3]) << 24)); | ||||
72 | x->input[11] = U8TO32_LITTLE(k + 12)(((u32)((k + 12)[0]) ) | ((u32)((k + 12)[1]) << 8) | (( u32)((k + 12)[2]) << 16) | ((u32)((k + 12)[3]) << 24)); | ||||
73 | x->input[0] = U8TO32_LITTLE(constants + 0)(((u32)((constants + 0)[0]) ) | ((u32)((constants + 0)[1]) << 8) | ((u32)((constants + 0)[2]) << 16) | ((u32)((constants + 0)[3]) << 24)); | ||||
74 | x->input[1] = U8TO32_LITTLE(constants + 4)(((u32)((constants + 4)[0]) ) | ((u32)((constants + 4)[1]) << 8) | ((u32)((constants + 4)[2]) << 16) | ((u32)((constants + 4)[3]) << 24)); | ||||
75 | x->input[2] = U8TO32_LITTLE(constants + 8)(((u32)((constants + 8)[0]) ) | ((u32)((constants + 8)[1]) << 8) | ((u32)((constants + 8)[2]) << 16) | ((u32)((constants + 8)[3]) << 24)); | ||||
76 | x->input[3] = U8TO32_LITTLE(constants + 12)(((u32)((constants + 12)[0]) ) | ((u32)((constants + 12)[1]) << 8) | ((u32)((constants + 12)[2]) << 16) | ((u32)((constants + 12)[3]) << 24)); | ||||
77 | } | ||||
78 | |||||
79 | static void | ||||
80 | chacha_ivsetup(chacha_ctx *x,const u8 *iv) | ||||
81 | { | ||||
82 | x->input[12] = 0; | ||||
83 | x->input[13] = 0; | ||||
84 | x->input[14] = U8TO32_LITTLE(iv + 0)(((u32)((iv + 0)[0]) ) | ((u32)((iv + 0)[1]) << 8) | (( u32)((iv + 0)[2]) << 16) | ((u32)((iv + 0)[3]) << 24)); | ||||
85 | x->input[15] = U8TO32_LITTLE(iv + 4)(((u32)((iv + 4)[0]) ) | ((u32)((iv + 4)[1]) << 8) | (( u32)((iv + 4)[2]) << 16) | ((u32)((iv + 4)[3]) << 24)); | ||||
86 | } | ||||
87 | |||||
88 | static void | ||||
89 | chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) | ||||
90 | { | ||||
91 | u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; | ||||
92 | u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; | ||||
93 | u8 *ctarget = NULL((void*)0); | ||||
94 | u8 tmp[64]; | ||||
95 | u_int i; | ||||
96 | |||||
97 | if (!bytes
| ||||
98 | |||||
99 | j0 = x->input[0]; | ||||
100 | j1 = x->input[1]; | ||||
101 | j2 = x->input[2]; | ||||
102 | j3 = x->input[3]; | ||||
103 | j4 = x->input[4]; | ||||
104 | j5 = x->input[5]; | ||||
105 | j6 = x->input[6]; | ||||
106 | j7 = x->input[7]; | ||||
107 | j8 = x->input[8]; | ||||
108 | j9 = x->input[9]; | ||||
109 | j10 = x->input[10]; | ||||
110 | j11 = x->input[11]; | ||||
111 | j12 = x->input[12]; | ||||
112 | j13 = x->input[13]; | ||||
113 | j14 = x->input[14]; | ||||
114 | j15 = x->input[15]; | ||||
115 | |||||
116 | for (;;) { | ||||
117 | if (bytes
| ||||
118 | for (i = 0;i < bytes;++i) tmp[i] = m[i]; | ||||
| |||||
119 | m = tmp; | ||||
120 | ctarget = c; | ||||
121 | c = tmp; | ||||
122 | } | ||||
123 | x0 = j0; | ||||
124 | x1 = j1; | ||||
125 | x2 = j2; | ||||
126 | x3 = j3; | ||||
127 | x4 = j4; | ||||
128 | x5 = j5; | ||||
129 | x6 = j6; | ||||
130 | x7 = j7; | ||||
131 | x8 = j8; | ||||
132 | x9 = j9; | ||||
133 | x10 = j10; | ||||
134 | x11 = j11; | ||||
135 | x12 = j12; | ||||
136 | x13 = j13; | ||||
137 | x14 = j14; | ||||
138 | x15 = j15; | ||||
139 | for (i = 20;i > 0;i -= 2) { | ||||
140 | QUARTERROUND( x0, x4, x8,x12)x0 = (((u32)((x0) + (x4)) & (0xFFFFFFFFU))); x12 = ((((u32 )((((x12) ^ (x0))) << (16)) & (0xFFFFFFFFU)) | (((( x12) ^ (x0))) >> (32 - (16))))); x8 = (((u32)((x8) + (x12 )) & (0xFFFFFFFFU))); x4 = ((((u32)((((x4) ^ (x8))) << (12)) & (0xFFFFFFFFU)) | ((((x4) ^ (x8))) >> (32 - (12))))); x0 = (((u32)((x0) + (x4)) & (0xFFFFFFFFU))); x12 = ((((u32)((((x12) ^ (x0))) << (8)) & (0xFFFFFFFFU )) | ((((x12) ^ (x0))) >> (32 - (8))))); x8 = (((u32)(( x8) + (x12)) & (0xFFFFFFFFU))); x4 = ((((u32)((((x4) ^ (x8 ))) << (7)) & (0xFFFFFFFFU)) | ((((x4) ^ (x8))) >> (32 - (7))))); | ||||
141 | QUARTERROUND( x1, x5, x9,x13)x1 = (((u32)((x1) + (x5)) & (0xFFFFFFFFU))); x13 = ((((u32 )((((x13) ^ (x1))) << (16)) & (0xFFFFFFFFU)) | (((( x13) ^ (x1))) >> (32 - (16))))); x9 = (((u32)((x9) + (x13 )) & (0xFFFFFFFFU))); x5 = ((((u32)((((x5) ^ (x9))) << (12)) & (0xFFFFFFFFU)) | ((((x5) ^ (x9))) >> (32 - (12))))); x1 = (((u32)((x1) + (x5)) & (0xFFFFFFFFU))); x13 = ((((u32)((((x13) ^ (x1))) << (8)) & (0xFFFFFFFFU )) | ((((x13) ^ (x1))) >> (32 - (8))))); x9 = (((u32)(( x9) + (x13)) & (0xFFFFFFFFU))); x5 = ((((u32)((((x5) ^ (x9 ))) << (7)) & (0xFFFFFFFFU)) | ((((x5) ^ (x9))) >> (32 - (7))))); | ||||
142 | QUARTERROUND( x2, x6,x10,x14)x2 = (((u32)((x2) + (x6)) & (0xFFFFFFFFU))); x14 = ((((u32 )((((x14) ^ (x2))) << (16)) & (0xFFFFFFFFU)) | (((( x14) ^ (x2))) >> (32 - (16))))); x10 = (((u32)((x10) + ( x14)) & (0xFFFFFFFFU))); x6 = ((((u32)((((x6) ^ (x10))) << (12)) & (0xFFFFFFFFU)) | ((((x6) ^ (x10))) >> (32 - (12))))); x2 = (((u32)((x2) + (x6)) & (0xFFFFFFFFU))); x14 = ((((u32)((((x14) ^ (x2))) << (8)) & (0xFFFFFFFFU )) | ((((x14) ^ (x2))) >> (32 - (8))))); x10 = (((u32)( (x10) + (x14)) & (0xFFFFFFFFU))); x6 = ((((u32)((((x6) ^ ( x10))) << (7)) & (0xFFFFFFFFU)) | ((((x6) ^ (x10))) >> (32 - (7))))); | ||||
143 | QUARTERROUND( x3, x7,x11,x15)x3 = (((u32)((x3) + (x7)) & (0xFFFFFFFFU))); x15 = ((((u32 )((((x15) ^ (x3))) << (16)) & (0xFFFFFFFFU)) | (((( x15) ^ (x3))) >> (32 - (16))))); x11 = (((u32)((x11) + ( x15)) & (0xFFFFFFFFU))); x7 = ((((u32)((((x7) ^ (x11))) << (12)) & (0xFFFFFFFFU)) | ((((x7) ^ (x11))) >> (32 - (12))))); x3 = (((u32)((x3) + (x7)) & (0xFFFFFFFFU))); x15 = ((((u32)((((x15) ^ (x3))) << (8)) & (0xFFFFFFFFU )) | ((((x15) ^ (x3))) >> (32 - (8))))); x11 = (((u32)( (x11) + (x15)) & (0xFFFFFFFFU))); x7 = ((((u32)((((x7) ^ ( x11))) << (7)) & (0xFFFFFFFFU)) | ((((x7) ^ (x11))) >> (32 - (7))))); | ||||
144 | QUARTERROUND( x0, x5,x10,x15)x0 = (((u32)((x0) + (x5)) & (0xFFFFFFFFU))); x15 = ((((u32 )((((x15) ^ (x0))) << (16)) & (0xFFFFFFFFU)) | (((( x15) ^ (x0))) >> (32 - (16))))); x10 = (((u32)((x10) + ( x15)) & (0xFFFFFFFFU))); x5 = ((((u32)((((x5) ^ (x10))) << (12)) & (0xFFFFFFFFU)) | ((((x5) ^ (x10))) >> (32 - (12))))); x0 = (((u32)((x0) + (x5)) & (0xFFFFFFFFU))); x15 = ((((u32)((((x15) ^ (x0))) << (8)) & (0xFFFFFFFFU )) | ((((x15) ^ (x0))) >> (32 - (8))))); x10 = (((u32)( (x10) + (x15)) & (0xFFFFFFFFU))); x5 = ((((u32)((((x5) ^ ( x10))) << (7)) & (0xFFFFFFFFU)) | ((((x5) ^ (x10))) >> (32 - (7))))); | ||||
145 | QUARTERROUND( x1, x6,x11,x12)x1 = (((u32)((x1) + (x6)) & (0xFFFFFFFFU))); x12 = ((((u32 )((((x12) ^ (x1))) << (16)) & (0xFFFFFFFFU)) | (((( x12) ^ (x1))) >> (32 - (16))))); x11 = (((u32)((x11) + ( x12)) & (0xFFFFFFFFU))); x6 = ((((u32)((((x6) ^ (x11))) << (12)) & (0xFFFFFFFFU)) | ((((x6) ^ (x11))) >> (32 - (12))))); x1 = (((u32)((x1) + (x6)) & (0xFFFFFFFFU))); x12 = ((((u32)((((x12) ^ (x1))) << (8)) & (0xFFFFFFFFU )) | ((((x12) ^ (x1))) >> (32 - (8))))); x11 = (((u32)( (x11) + (x12)) & (0xFFFFFFFFU))); x6 = ((((u32)((((x6) ^ ( x11))) << (7)) & (0xFFFFFFFFU)) | ((((x6) ^ (x11))) >> (32 - (7))))); | ||||
146 | QUARTERROUND( x2, x7, x8,x13)x2 = (((u32)((x2) + (x7)) & (0xFFFFFFFFU))); x13 = ((((u32 )((((x13) ^ (x2))) << (16)) & (0xFFFFFFFFU)) | (((( x13) ^ (x2))) >> (32 - (16))))); x8 = (((u32)((x8) + (x13 )) & (0xFFFFFFFFU))); x7 = ((((u32)((((x7) ^ (x8))) << (12)) & (0xFFFFFFFFU)) | ((((x7) ^ (x8))) >> (32 - (12))))); x2 = (((u32)((x2) + (x7)) & (0xFFFFFFFFU))); x13 = ((((u32)((((x13) ^ (x2))) << (8)) & (0xFFFFFFFFU )) | ((((x13) ^ (x2))) >> (32 - (8))))); x8 = (((u32)(( x8) + (x13)) & (0xFFFFFFFFU))); x7 = ((((u32)((((x7) ^ (x8 ))) << (7)) & (0xFFFFFFFFU)) | ((((x7) ^ (x8))) >> (32 - (7))))); | ||||
147 | QUARTERROUND( x3, x4, x9,x14)x3 = (((u32)((x3) + (x4)) & (0xFFFFFFFFU))); x14 = ((((u32 )((((x14) ^ (x3))) << (16)) & (0xFFFFFFFFU)) | (((( x14) ^ (x3))) >> (32 - (16))))); x9 = (((u32)((x9) + (x14 )) & (0xFFFFFFFFU))); x4 = ((((u32)((((x4) ^ (x9))) << (12)) & (0xFFFFFFFFU)) | ((((x4) ^ (x9))) >> (32 - (12))))); x3 = (((u32)((x3) + (x4)) & (0xFFFFFFFFU))); x14 = ((((u32)((((x14) ^ (x3))) << (8)) & (0xFFFFFFFFU )) | ((((x14) ^ (x3))) >> (32 - (8))))); x9 = (((u32)(( x9) + (x14)) & (0xFFFFFFFFU))); x4 = ((((u32)((((x4) ^ (x9 ))) << (7)) & (0xFFFFFFFFU)) | ((((x4) ^ (x9))) >> (32 - (7))))); | ||||
148 | } | ||||
149 | x0 = PLUS(x0,j0)(((u32)((x0) + (j0)) & (0xFFFFFFFFU))); | ||||
150 | x1 = PLUS(x1,j1)(((u32)((x1) + (j1)) & (0xFFFFFFFFU))); | ||||
151 | x2 = PLUS(x2,j2)(((u32)((x2) + (j2)) & (0xFFFFFFFFU))); | ||||
152 | x3 = PLUS(x3,j3)(((u32)((x3) + (j3)) & (0xFFFFFFFFU))); | ||||
153 | x4 = PLUS(x4,j4)(((u32)((x4) + (j4)) & (0xFFFFFFFFU))); | ||||
154 | x5 = PLUS(x5,j5)(((u32)((x5) + (j5)) & (0xFFFFFFFFU))); | ||||
155 | x6 = PLUS(x6,j6)(((u32)((x6) + (j6)) & (0xFFFFFFFFU))); | ||||
156 | x7 = PLUS(x7,j7)(((u32)((x7) + (j7)) & (0xFFFFFFFFU))); | ||||
157 | x8 = PLUS(x8,j8)(((u32)((x8) + (j8)) & (0xFFFFFFFFU))); | ||||
158 | x9 = PLUS(x9,j9)(((u32)((x9) + (j9)) & (0xFFFFFFFFU))); | ||||
159 | x10 = PLUS(x10,j10)(((u32)((x10) + (j10)) & (0xFFFFFFFFU))); | ||||
160 | x11 = PLUS(x11,j11)(((u32)((x11) + (j11)) & (0xFFFFFFFFU))); | ||||
161 | x12 = PLUS(x12,j12)(((u32)((x12) + (j12)) & (0xFFFFFFFFU))); | ||||
162 | x13 = PLUS(x13,j13)(((u32)((x13) + (j13)) & (0xFFFFFFFFU))); | ||||
163 | x14 = PLUS(x14,j14)(((u32)((x14) + (j14)) & (0xFFFFFFFFU))); | ||||
164 | x15 = PLUS(x15,j15)(((u32)((x15) + (j15)) & (0xFFFFFFFFU))); | ||||
165 | |||||
166 | #ifndef KEYSTREAM_ONLY | ||||
167 | x0 = XOR(x0,U8TO32_LITTLE(m + 0))((x0) ^ ((((u32)((m + 0)[0]) ) | ((u32)((m + 0)[1]) << 8 ) | ((u32)((m + 0)[2]) << 16) | ((u32)((m + 0)[3]) << 24)))); | ||||
168 | x1 = XOR(x1,U8TO32_LITTLE(m + 4))((x1) ^ ((((u32)((m + 4)[0]) ) | ((u32)((m + 4)[1]) << 8 ) | ((u32)((m + 4)[2]) << 16) | ((u32)((m + 4)[3]) << 24)))); | ||||
169 | x2 = XOR(x2,U8TO32_LITTLE(m + 8))((x2) ^ ((((u32)((m + 8)[0]) ) | ((u32)((m + 8)[1]) << 8 ) | ((u32)((m + 8)[2]) << 16) | ((u32)((m + 8)[3]) << 24)))); | ||||
170 | x3 = XOR(x3,U8TO32_LITTLE(m + 12))((x3) ^ ((((u32)((m + 12)[0]) ) | ((u32)((m + 12)[1]) << 8) | ((u32)((m + 12)[2]) << 16) | ((u32)((m + 12)[3]) << 24)))); | ||||
171 | x4 = XOR(x4,U8TO32_LITTLE(m + 16))((x4) ^ ((((u32)((m + 16)[0]) ) | ((u32)((m + 16)[1]) << 8) | ((u32)((m + 16)[2]) << 16) | ((u32)((m + 16)[3]) << 24)))); | ||||
172 | x5 = XOR(x5,U8TO32_LITTLE(m + 20))((x5) ^ ((((u32)((m + 20)[0]) ) | ((u32)((m + 20)[1]) << 8) | ((u32)((m + 20)[2]) << 16) | ((u32)((m + 20)[3]) << 24)))); | ||||
173 | x6 = XOR(x6,U8TO32_LITTLE(m + 24))((x6) ^ ((((u32)((m + 24)[0]) ) | ((u32)((m + 24)[1]) << 8) | ((u32)((m + 24)[2]) << 16) | ((u32)((m + 24)[3]) << 24)))); | ||||
174 | x7 = XOR(x7,U8TO32_LITTLE(m + 28))((x7) ^ ((((u32)((m + 28)[0]) ) | ((u32)((m + 28)[1]) << 8) | ((u32)((m + 28)[2]) << 16) | ((u32)((m + 28)[3]) << 24)))); | ||||
175 | x8 = XOR(x8,U8TO32_LITTLE(m + 32))((x8) ^ ((((u32)((m + 32)[0]) ) | ((u32)((m + 32)[1]) << 8) | ((u32)((m + 32)[2]) << 16) | ((u32)((m + 32)[3]) << 24)))); | ||||
176 | x9 = XOR(x9,U8TO32_LITTLE(m + 36))((x9) ^ ((((u32)((m + 36)[0]) ) | ((u32)((m + 36)[1]) << 8) | ((u32)((m + 36)[2]) << 16) | ((u32)((m + 36)[3]) << 24)))); | ||||
177 | x10 = XOR(x10,U8TO32_LITTLE(m + 40))((x10) ^ ((((u32)((m + 40)[0]) ) | ((u32)((m + 40)[1]) << 8) | ((u32)((m + 40)[2]) << 16) | ((u32)((m + 40)[3]) << 24)))); | ||||
178 | x11 = XOR(x11,U8TO32_LITTLE(m + 44))((x11) ^ ((((u32)((m + 44)[0]) ) | ((u32)((m + 44)[1]) << 8) | ((u32)((m + 44)[2]) << 16) | ((u32)((m + 44)[3]) << 24)))); | ||||
179 | x12 = XOR(x12,U8TO32_LITTLE(m + 48))((x12) ^ ((((u32)((m + 48)[0]) ) | ((u32)((m + 48)[1]) << 8) | ((u32)((m + 48)[2]) << 16) | ((u32)((m + 48)[3]) << 24)))); | ||||
180 | x13 = XOR(x13,U8TO32_LITTLE(m + 52))((x13) ^ ((((u32)((m + 52)[0]) ) | ((u32)((m + 52)[1]) << 8) | ((u32)((m + 52)[2]) << 16) | ((u32)((m + 52)[3]) << 24)))); | ||||
181 | x14 = XOR(x14,U8TO32_LITTLE(m + 56))((x14) ^ ((((u32)((m + 56)[0]) ) | ((u32)((m + 56)[1]) << 8) | ((u32)((m + 56)[2]) << 16) | ((u32)((m + 56)[3]) << 24)))); | ||||
182 | x15 = XOR(x15,U8TO32_LITTLE(m + 60))((x15) ^ ((((u32)((m + 60)[0]) ) | ((u32)((m + 60)[1]) << 8) | ((u32)((m + 60)[2]) << 16) | ((u32)((m + 60)[3]) << 24)))); | ||||
183 | #endif | ||||
184 | |||||
185 | j12 = PLUSONE(j12)((((u32)(((j12)) + (1)) & (0xFFFFFFFFU)))); | ||||
186 | if (!j12) { | ||||
187 | j13 = PLUSONE(j13)((((u32)(((j13)) + (1)) & (0xFFFFFFFFU)))); | ||||
188 | /* stopping at 2^70 bytes per nonce is user's responsibility */ | ||||
189 | } | ||||
190 | |||||
191 | U32TO8_LITTLE(c + 0,x0)do { (c + 0)[0] = ((u8)((x0)) & (0xFFU)); (c + 0)[1] = (( u8)((x0) >> 8) & (0xFFU)); (c + 0)[2] = ((u8)((x0) >> 16) & (0xFFU)); (c + 0)[3] = ((u8)((x0) >> 24) & (0xFFU)); } while (0); | ||||
192 | U32TO8_LITTLE(c + 4,x1)do { (c + 4)[0] = ((u8)((x1)) & (0xFFU)); (c + 4)[1] = (( u8)((x1) >> 8) & (0xFFU)); (c + 4)[2] = ((u8)((x1) >> 16) & (0xFFU)); (c + 4)[3] = ((u8)((x1) >> 24) & (0xFFU)); } while (0); | ||||
193 | U32TO8_LITTLE(c + 8,x2)do { (c + 8)[0] = ((u8)((x2)) & (0xFFU)); (c + 8)[1] = (( u8)((x2) >> 8) & (0xFFU)); (c + 8)[2] = ((u8)((x2) >> 16) & (0xFFU)); (c + 8)[3] = ((u8)((x2) >> 24) & (0xFFU)); } while (0); | ||||
194 | U32TO8_LITTLE(c + 12,x3)do { (c + 12)[0] = ((u8)((x3)) & (0xFFU)); (c + 12)[1] = ( (u8)((x3) >> 8) & (0xFFU)); (c + 12)[2] = ((u8)((x3 ) >> 16) & (0xFFU)); (c + 12)[3] = ((u8)((x3) >> 24) & (0xFFU)); } while (0); | ||||
195 | U32TO8_LITTLE(c + 16,x4)do { (c + 16)[0] = ((u8)((x4)) & (0xFFU)); (c + 16)[1] = ( (u8)((x4) >> 8) & (0xFFU)); (c + 16)[2] = ((u8)((x4 ) >> 16) & (0xFFU)); (c + 16)[3] = ((u8)((x4) >> 24) & (0xFFU)); } while (0); | ||||
196 | U32TO8_LITTLE(c + 20,x5)do { (c + 20)[0] = ((u8)((x5)) & (0xFFU)); (c + 20)[1] = ( (u8)((x5) >> 8) & (0xFFU)); (c + 20)[2] = ((u8)((x5 ) >> 16) & (0xFFU)); (c + 20)[3] = ((u8)((x5) >> 24) & (0xFFU)); } while (0); | ||||
197 | U32TO8_LITTLE(c + 24,x6)do { (c + 24)[0] = ((u8)((x6)) & (0xFFU)); (c + 24)[1] = ( (u8)((x6) >> 8) & (0xFFU)); (c + 24)[2] = ((u8)((x6 ) >> 16) & (0xFFU)); (c + 24)[3] = ((u8)((x6) >> 24) & (0xFFU)); } while (0); | ||||
198 | U32TO8_LITTLE(c + 28,x7)do { (c + 28)[0] = ((u8)((x7)) & (0xFFU)); (c + 28)[1] = ( (u8)((x7) >> 8) & (0xFFU)); (c + 28)[2] = ((u8)((x7 ) >> 16) & (0xFFU)); (c + 28)[3] = ((u8)((x7) >> 24) & (0xFFU)); } while (0); | ||||
199 | U32TO8_LITTLE(c + 32,x8)do { (c + 32)[0] = ((u8)((x8)) & (0xFFU)); (c + 32)[1] = ( (u8)((x8) >> 8) & (0xFFU)); (c + 32)[2] = ((u8)((x8 ) >> 16) & (0xFFU)); (c + 32)[3] = ((u8)((x8) >> 24) & (0xFFU)); } while (0); | ||||
200 | U32TO8_LITTLE(c + 36,x9)do { (c + 36)[0] = ((u8)((x9)) & (0xFFU)); (c + 36)[1] = ( (u8)((x9) >> 8) & (0xFFU)); (c + 36)[2] = ((u8)((x9 ) >> 16) & (0xFFU)); (c + 36)[3] = ((u8)((x9) >> 24) & (0xFFU)); } while (0); | ||||
201 | U32TO8_LITTLE(c + 40,x10)do { (c + 40)[0] = ((u8)((x10)) & (0xFFU)); (c + 40)[1] = ((u8)((x10) >> 8) & (0xFFU)); (c + 40)[2] = ((u8)( (x10) >> 16) & (0xFFU)); (c + 40)[3] = ((u8)((x10) >> 24) & (0xFFU)); } while (0); | ||||
202 | U32TO8_LITTLE(c + 44,x11)do { (c + 44)[0] = ((u8)((x11)) & (0xFFU)); (c + 44)[1] = ((u8)((x11) >> 8) & (0xFFU)); (c + 44)[2] = ((u8)( (x11) >> 16) & (0xFFU)); (c + 44)[3] = ((u8)((x11) >> 24) & (0xFFU)); } while (0); | ||||
203 | U32TO8_LITTLE(c + 48,x12)do { (c + 48)[0] = ((u8)((x12)) & (0xFFU)); (c + 48)[1] = ((u8)((x12) >> 8) & (0xFFU)); (c + 48)[2] = ((u8)( (x12) >> 16) & (0xFFU)); (c + 48)[3] = ((u8)((x12) >> 24) & (0xFFU)); } while (0); | ||||
204 | U32TO8_LITTLE(c + 52,x13)do { (c + 52)[0] = ((u8)((x13)) & (0xFFU)); (c + 52)[1] = ((u8)((x13) >> 8) & (0xFFU)); (c + 52)[2] = ((u8)( (x13) >> 16) & (0xFFU)); (c + 52)[3] = ((u8)((x13) >> 24) & (0xFFU)); } while (0); | ||||
205 | U32TO8_LITTLE(c + 56,x14)do { (c + 56)[0] = ((u8)((x14)) & (0xFFU)); (c + 56)[1] = ((u8)((x14) >> 8) & (0xFFU)); (c + 56)[2] = ((u8)( (x14) >> 16) & (0xFFU)); (c + 56)[3] = ((u8)((x14) >> 24) & (0xFFU)); } while (0); | ||||
206 | U32TO8_LITTLE(c + 60,x15)do { (c + 60)[0] = ((u8)((x15)) & (0xFFU)); (c + 60)[1] = ((u8)((x15) >> 8) & (0xFFU)); (c + 60)[2] = ((u8)( (x15) >> 16) & (0xFFU)); (c + 60)[3] = ((u8)((x15) >> 24) & (0xFFU)); } while (0); | ||||
207 | |||||
208 | if (bytes <= 64) { | ||||
209 | if (bytes < 64) { | ||||
210 | for (i = 0;i < bytes;++i) ctarget[i] = c[i]; | ||||
211 | } | ||||
212 | x->input[12] = j12; | ||||
213 | x->input[13] = j13; | ||||
214 | return; | ||||
215 | } | ||||
216 | bytes -= 64; | ||||
217 | c += 64; | ||||
218 | #ifndef KEYSTREAM_ONLY | ||||
219 | m += 64; | ||||
220 | #endif | ||||
221 | } | ||||
222 | } |