summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/chacha/chacha-merged.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/chacha/chacha-merged.c48
1 files changed, 47 insertions, 1 deletions
diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c
index 08511ed273..67508f208d 100644
--- a/src/lib/libcrypto/chacha/chacha-merged.c
+++ b/src/lib/libcrypto/chacha/chacha-merged.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: chacha-merged.c,v 1.8 2017/08/13 16:55:31 jsing Exp $ */ 1/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */
2/* 2/*
3chacha-merged.c version 20080118 3chacha-merged.c version 20080118
4D. J. Bernstein 4D. J. Bernstein
@@ -277,3 +277,49 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes)
277 m += 64; 277 m += 64;
278 } 278 }
279} 279}
280
281void
282CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32],
283 const unsigned char nonce[16])
284{
285 uint32_t x[16];
286 int i;
287
288 x[0] = U8TO32_LITTLE(sigma + 0);
289 x[1] = U8TO32_LITTLE(sigma + 4);
290 x[2] = U8TO32_LITTLE(sigma + 8);
291 x[3] = U8TO32_LITTLE(sigma + 12);
292 x[4] = U8TO32_LITTLE(key + 0);
293 x[5] = U8TO32_LITTLE(key + 4);
294 x[6] = U8TO32_LITTLE(key + 8);
295 x[7] = U8TO32_LITTLE(key + 12);
296 x[8] = U8TO32_LITTLE(key + 16);
297 x[9] = U8TO32_LITTLE(key + 20);
298 x[10] = U8TO32_LITTLE(key + 24);
299 x[11] = U8TO32_LITTLE(key + 28);
300 x[12] = U8TO32_LITTLE(nonce + 0);
301 x[13] = U8TO32_LITTLE(nonce + 4);
302 x[14] = U8TO32_LITTLE(nonce + 8);
303 x[15] = U8TO32_LITTLE(nonce + 12);
304
305 for (i = 20; i > 0; i -= 2) {
306 QUARTERROUND(x[0], x[4], x[8], x[12])
307 QUARTERROUND(x[1], x[5], x[9], x[13])
308 QUARTERROUND(x[2], x[6], x[10], x[14])
309 QUARTERROUND(x[3], x[7], x[11], x[15])
310 QUARTERROUND(x[0], x[5], x[10], x[15])
311 QUARTERROUND(x[1], x[6], x[11], x[12])
312 QUARTERROUND(x[2], x[7], x[8], x[13])
313 QUARTERROUND(x[3], x[4], x[9], x[14])
314 }
315
316 U32TO8_LITTLE(subkey + 0, x[0]);
317 U32TO8_LITTLE(subkey + 4, x[1]);
318 U32TO8_LITTLE(subkey + 8, x[2]);
319 U32TO8_LITTLE(subkey + 12, x[3]);
320
321 U32TO8_LITTLE(subkey + 16, x[12]);
322 U32TO8_LITTLE(subkey + 20, x[13]);
323 U32TO8_LITTLE(subkey + 24, x[14]);
324 U32TO8_LITTLE(subkey + 28, x[15]);
325}