gosthash94.c \
ripemd160.c ripemd160-compress.c ripemd160-meta.c \
salsa20-core-internal.c \
- salsa20-crypt.c salsa20-set-key.c \
+ salsa20-crypt.c salsa20r12-crypt.c salsa20-set-key.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
#define salsa20_crypt nettle_salsa20_crypt
#define _salsa20_core _nettle_salsa20_core
+#define salsa20r12_crypt nettle_salsa20r12_crypt
+
/* Minimum and maximum keysizes, and a reasonable default. In
* octets.*/
#define SALSA20_MIN_KEY_SIZE 16
unsigned length, uint8_t *dst,
const uint8_t *src);
+void
+salsa20r12_crypt(struct salsa20_ctx *ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src);
+
void
_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
--- /dev/null
+/* salsa20r12-crypt.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+#include "memxor.h"
+
+void
+salsa20r12_crypt(struct salsa20_ctx *ctx,
+ unsigned length,
+ uint8_t *c,
+ const uint8_t *m)
+{
+ uint32_t x[_SALSA20_INPUT_LENGTH];
+
+ if (!length)
+ return;
+
+ for (;;)
+ {
+
+ _salsa20_core (x, ctx->input, 12);
+
+ ctx->input[9] += (++ctx->input[8] == 0);
+
+ /* stopping at 2^70 length per nonce is user's responsibility */
+
+ if (length <= SALSA20_BLOCK_SIZE)
+ {
+ memxor3 (c, m, (uint8_t *) x, length);
+ return;
+ }
+ memxor3 (c, m, (uint8_t *) x, SALSA20_BLOCK_SIZE);
+
+ length -= SALSA20_BLOCK_SIZE;
+ c += SALSA20_BLOCK_SIZE;
+ m += SALSA20_BLOCK_SIZE;
+ }
+}