Kezdőlap Felfedezés Súgó
Bejelentkezés
sebastian
/
threema-android
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Branch: main
Branch-ok Tag-ek
threema-andr...
/
app
/
jni
/
salsa20-jni.c

salsa20-jni.c 13 KB
Állandó hivatkozás Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523 
  1. /*  _____ _
    2. 

  2.  * |_   _| |_  _ _ ___ ___ _ __  __ _
    3. 

  3.  *   | | | ' \| '_/ -_) -_) '  \/ _` |_
    4. 

  4.  *   |_| |_||_|_| \___\___|_|_|_\__,_(_)
    5. 

  5.  *
    6. 

  6.  * Threema Java Client
    7. 

  7.  * Copyright (c) 2015-2020 Threema GmbH
    8. 

  8.  *
    9. 

  9.  * This program is free software: you can redistribute it and/or modify
    10. 

  10.  * it under the terms of the GNU Affero General Public License, version 3,
    11. 

  11.  * as published by the Free Software Foundation.
    12. 

  12.  *
    13. 

  13.  * This program is distributed in the hope that it will be useful,
    14. 

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    16. 

  16.  * GNU Affero General Public License for more details.
    17. 

  17.  *
    18. 

  18.  * You should have received a copy of the GNU Affero General Public License
    19. 

  19.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    20. 

  20.  */
    21. 

  21. 

  22. #include <string.h>
    23. 

  23. #include <jni.h>
    24. 

  24. 

  25. #define ROUNDS 20
    26. 

  26. 

  27. typedef unsigned int uint32;
    28. 

  28. 

  29. static const unsigned char sigma[16] = "expand 32-byte k";
    30. 

  30. 

  31. int crypto_stream_salsa20_ref(
    32. 

  32. 	unsigned char *c,unsigned long long clen,
    33. 

  33. 	const unsigned char *n,
    34. 

  34. 	const unsigned char *k
    35. 

  35. );
    36. 

  36. 

  37. int crypto_stream_salsa20_ref_xor(
    38. 

  38. 	unsigned char *c,
    39. 

  39. 	const unsigned char *m,unsigned long long mlen,
    40. 

  40. 	const unsigned char *n,
    41. 

  41. 	const unsigned char *k
    42. 

  42. );
    43. 

  43. 

  44. int crypto_stream_salsa20_ref_xor_skip32(
    45. 

  45. 		unsigned char *c0,
    46. 

  46.         unsigned char *c,unsigned long coffset,
    47. 

  47.   const unsigned char *m,unsigned long moffset,
    48. 

  48.   unsigned long long mlen,
    49. 

  49.   const unsigned char *n,
    50. 

  50.   const unsigned char *k
    51. 

  51. );
    52. 

  52. 

  53. JNIEXPORT jint JNICALL Java_com_neilalexander_jnacl_crypto_salsa20_crypto_1stream_1native(JNIEnv* env, jclass cls,
    54. 

  54. 	jbyteArray carr, jint clen, jbyteArray narr, jint noffset, jbyteArray karr)
    55. 

  55. {
    56. 

  56. 	jbyte *c;
    57. 

  57. 	jbyte n[8];
    58. 

  58. 	jbyte k[32];
    59. 

  59. 	int res;
    60. 

  60. 

  61. 	if ((*env)->GetArrayLength(env, carr) < clen) {
    62. 

  62. 		/* bad length */
    63. 

  63. 		return 1;
    64. 

  64. 	}
    65. 

  65. 

  66. 	(*env)->GetByteArrayRegion(env, narr, noffset, 8, n);
    67. 

  67. 	(*env)->GetByteArrayRegion(env, karr, 0, 32, k);
    68. 

  68. 

  69. 	c = (*env)->GetPrimitiveArrayCritical(env, carr, NULL);
    70. 

  70. 	if (c == NULL)
    71. 

  71. 		return 4;
    72. 

  72. 

  73. 	res = crypto_stream_salsa20_ref((unsigned char *)c, clen, (unsigned char *)n, (unsigned char *)k);
    74. 

  74. 

  75. 	(*env)->ReleasePrimitiveArrayCritical(env, carr, c, 0);
    76. 

  76. 

  77. 	return res;
    78. 

  78. }
    79. 

  79. 

  80. JNIEXPORT jint JNICALL Java_com_neilalexander_jnacl_crypto_salsa20_crypto_1stream_1xor_1native(JNIEnv* env, jclass cls,
    81. 

  81. 	jbyteArray carr, jbyteArray marr, jint mlen, jbyteArray narr, jint noffset, jbyteArray karr)
    82. 

  82. {
    83. 

  83. 	jbyte *c, *m;
    84. 

  84. 	jbyte n[8];
    85. 

  85. 	jbyte k[32];
    86. 

  86. 	int res;
    87. 

  87. 

  88. 	if ((*env)->GetArrayLength(env, marr) < mlen || (*env)->GetArrayLength(env, carr) < mlen) {
    89. 

  89. 		/* bad length */
    90. 

  90. 		return 1;
    91. 

  91. 	}
    92. 

  92. 

  93. 	(*env)->GetByteArrayRegion(env, narr, noffset, 8, n);
    94. 

  94. 	(*env)->GetByteArrayRegion(env, karr, 0, 32, k);
    95. 

  95. 

  96. 	c = (*env)->GetPrimitiveArrayCritical(env, carr, NULL);
    97. 

  97. 	if (c == NULL)
    98. 

  98. 		return 4;
    99. 

  99. 

  100. 	m = (*env)->GetPrimitiveArrayCritical(env, marr, NULL);
    101. 

  101. 	if (m == NULL) {
    102. 

  102. 		(*env)->ReleasePrimitiveArrayCritical(env, carr, c, 0);
    103. 

  103. 		return 5;
    104. 

  104. 	}
    105. 

  105. 

  106. 	res = crypto_stream_salsa20_ref_xor((unsigned char *)c, (unsigned char *)m, mlen, (unsigned char *)n, (unsigned char *)k);
    107. 

  107. 

  108. 	(*env)->ReleasePrimitiveArrayCritical(env, marr, m, 0);
    109. 

  109. 	(*env)->ReleasePrimitiveArrayCritical(env, carr, c, 0);
    110. 

  110. 

  111. 	return res;
    112. 

  112. }
    113. 

  113. 

  114. JNIEXPORT jint JNICALL Java_com_neilalexander_jnacl_crypto_salsa20_crypto_1stream_1xor_1skip32_1native(JNIEnv* env, jclass cls,
    115. 

  115. 	jbyteArray c0arr, jbyteArray carr, jint coffset, jbyteArray marr, jint moffset, jint mlen, jbyteArray narr, jint noffset, jbyteArray karr)
    116. 

  116. {
    117. 

  117. 	jbyte c0[32];
    118. 

  118. 	jbyte *c, *m;
    119. 

  119. 	jbyte n[8];
    120. 

  120. 	jbyte k[32];
    121. 

  121. 	int res;
    122. 

  122. 

  123. 	if ((*env)->GetArrayLength(env, marr) < (moffset+mlen) || (*env)->GetArrayLength(env, carr) < (coffset+mlen)) {
    124. 

  124. 		/* bad length */
    125. 

  125. 		return 1;
    126. 

  126. 	}
    127. 

  127. 

  128. 	(*env)->GetByteArrayRegion(env, narr, noffset, 8, n);
    129. 

  129. 	(*env)->GetByteArrayRegion(env, karr, 0, 32, k);
    130. 

  130. 

  131. 	c = (*env)->GetPrimitiveArrayCritical(env, carr, NULL);
    132. 

  132. 	if (c == NULL)
    133. 

  133. 		return 4;
    134. 

  134. 

  135. 	m = (*env)->GetPrimitiveArrayCritical(env, marr, NULL);
    136. 

  136. 	if (m == NULL) {
    137. 

  137. 		(*env)->ReleasePrimitiveArrayCritical(env, carr, c, 0);
    138. 

  138. 		return 5;
    139. 

  139. 	}
    140. 

  140. 

  141. 	res = crypto_stream_salsa20_ref_xor_skip32((unsigned char *)c0, (unsigned char *)c, coffset, (unsigned char *)m, moffset, mlen, (unsigned char *)n, (unsigned char *)k);
    142. 

  142. 

  143. 	(*env)->ReleasePrimitiveArrayCritical(env, marr, m, 0);
    144. 

  144. 	(*env)->ReleasePrimitiveArrayCritical(env, carr, c, 0);
    145. 

  145. 

  146. 	if (c0arr != NULL)
    147. 

  147. 		(*env)->SetByteArrayRegion(env, c0arr, 0, 32, c0);
    148. 

  148. 

  149. 	return res;
    150. 

  150. }
    151. 

  151. 

  152. 

  153. 

  154. 

  155. /* Public Domain code copied verbatim from NaCl below */
    156. 

  156. 

  157. static uint32 rotate(uint32 u,int c)
    158. 

  158. {
    159. 

  159.     return (u << c) | (u >> (32 - c));
    160. 

  160. }
    161. 

  161. 

  162. static uint32 load_littleendian(const unsigned char *x)
    163. 

  163. {
    164. 

  164.     return
    165. 

  165.     (uint32) (x[0]) \
    166. 

  166.     | (((uint32) (x[1])) << 8) \
    167. 

  167.     | (((uint32) (x[2])) << 16) \
    168. 

  168.     | (((uint32) (x[3])) << 24)
    169. 

  169.     ;
    170. 

  170. }
    171. 

  171. 

  172. static void store_littleendian(unsigned char *x,uint32 u)
    173. 

  173. {
    174. 

  174.     x[0] = u; u >>= 8;
    175. 

  175.     x[1] = u; u >>= 8;
    176. 

  176.     x[2] = u; u >>= 8;
    177. 

  177.     x[3] = u;
    178. 

  178. }
    179. 

  179. 

  180. int crypto_core_salsa20_ref(
    181. 

  181.         unsigned char *out,
    182. 

  182.   const unsigned char *in,
    183. 

  183.   const unsigned char *k,
    184. 

  184.   const unsigned char *c
    185. 

  185. )
    186. 

  186. {
    187. 

  187.   uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
    188. 

  188.   uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
    189. 

  189.   int i;
    190. 

  190. 

  191.   j0 = x0 = load_littleendian(c + 0);
    192. 

  192.   j1 = x1 = load_littleendian(k + 0);
    193. 

  193.   j2 = x2 = load_littleendian(k + 4);
    194. 

  194.   j3 = x3 = load_littleendian(k + 8);
    195. 

  195.   j4 = x4 = load_littleendian(k + 12);
    196. 

  196.   j5 = x5 = load_littleendian(c + 4);
    197. 

  197.   j6 = x6 = load_littleendian(in + 0);
    198. 

  198.   j7 = x7 = load_littleendian(in + 4);
    199. 

  199.   j8 = x8 = load_littleendian(in + 8);
    200. 

  200.   j9 = x9 = load_littleendian(in + 12);
    201. 

  201.   j10 = x10 = load_littleendian(c + 8);
    202. 

  202.   j11 = x11 = load_littleendian(k + 16);
    203. 

  203.   j12 = x12 = load_littleendian(k + 20);
    204. 

  204.   j13 = x13 = load_littleendian(k + 24);
    205. 

  205.   j14 = x14 = load_littleendian(k + 28);
    206. 

  206.   j15 = x15 = load_littleendian(c + 12);
    207. 

  207. 

  208.   for (i = ROUNDS;i > 0;i -= 2) {
    209. 

  209.      x4 ^= rotate( x0+x12, 7);
    210. 

  210.      x8 ^= rotate( x4+ x0, 9);
    211. 

  211.     x12 ^= rotate( x8+ x4,13);
    212. 

  212.      x0 ^= rotate(x12+ x8,18);
    213. 

  213.      x9 ^= rotate( x5+ x1, 7);
    214. 

  214.     x13 ^= rotate( x9+ x5, 9);
    215. 

  215.      x1 ^= rotate(x13+ x9,13);
    216. 

  216.      x5 ^= rotate( x1+x13,18);
    217. 

  217.     x14 ^= rotate(x10+ x6, 7);
    218. 

  218.      x2 ^= rotate(x14+x10, 9);
    219. 

  219.      x6 ^= rotate( x2+x14,13);
    220. 

  220.     x10 ^= rotate( x6+ x2,18);
    221. 

  221.      x3 ^= rotate(x15+x11, 7);
    222. 

  222.      x7 ^= rotate( x3+x15, 9);
    223. 

  223.     x11 ^= rotate( x7+ x3,13);
    224. 

  224.     x15 ^= rotate(x11+ x7,18);
    225. 

  225.      x1 ^= rotate( x0+ x3, 7);
    226. 

  226.      x2 ^= rotate( x1+ x0, 9);
    227. 

  227.      x3 ^= rotate( x2+ x1,13);
    228. 

  228.      x0 ^= rotate( x3+ x2,18);
    229. 

  229.      x6 ^= rotate( x5+ x4, 7);
    230. 

  230.      x7 ^= rotate( x6+ x5, 9);
    231. 

  231.      x4 ^= rotate( x7+ x6,13);
    232. 

  232.      x5 ^= rotate( x4+ x7,18);
    233. 

  233.     x11 ^= rotate(x10+ x9, 7);
    234. 

  234.      x8 ^= rotate(x11+x10, 9);
    235. 

  235.      x9 ^= rotate( x8+x11,13);
    236. 

  236.     x10 ^= rotate( x9+ x8,18);
    237. 

  237.     x12 ^= rotate(x15+x14, 7);
    238. 

  238.     x13 ^= rotate(x12+x15, 9);
    239. 

  239.     x14 ^= rotate(x13+x12,13);
    240. 

  240.     x15 ^= rotate(x14+x13,18);
    241. 

  241.   }
    242. 

  242. 

  243.   x0 += j0;
    244. 

  244.   x1 += j1;
    245. 

  245.   x2 += j2;
    246. 

  246.   x3 += j3;
    247. 

  247.   x4 += j4;
    248. 

  248.   x5 += j5;
    249. 

  249.   x6 += j6;
    250. 

  250.   x7 += j7;
    251. 

  251.   x8 += j8;
    252. 

  252.   x9 += j9;
    253. 

  253.   x10 += j10;
    254. 

  254.   x11 += j11;
    255. 

  255.   x12 += j12;
    256. 

  256.   x13 += j13;
    257. 

  257.   x14 += j14;
    258. 

  258.   x15 += j15;
    259. 

  259. 

  260.   store_littleendian(out + 0,x0);
    261. 

  261.   store_littleendian(out + 4,x1);
    262. 

  262.   store_littleendian(out + 8,x2);
    263. 

  263.   store_littleendian(out + 12,x3);
    264. 

  264.   store_littleendian(out + 16,x4);
    265. 

  265.   store_littleendian(out + 20,x5);
    266. 

  266.   store_littleendian(out + 24,x6);
    267. 

  267.   store_littleendian(out + 28,x7);
    268. 

  268.   store_littleendian(out + 32,x8);
    269. 

  269.   store_littleendian(out + 36,x9);
    270. 

  270.   store_littleendian(out + 40,x10);
    271. 

  271.   store_littleendian(out + 44,x11);
    272. 

  272.   store_littleendian(out + 48,x12);
    273. 

  273.   store_littleendian(out + 52,x13);
    274. 

  274.   store_littleendian(out + 56,x14);
    275. 

  275.   store_littleendian(out + 60,x15);
    276. 

  276. 

  277.   return 0;
    278. 

  278. }
    279. 

  279. 

  280. int crypto_core_hsalsa20_ref(
    281. 

  281.         unsigned char *out,
    282. 

  282.   const unsigned char *in,
    283. 

  283.   const unsigned char *k,
    284. 

  284.   const unsigned char *c
    285. 

  285. )
    286. 

  286. {
    287. 

  287.   uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
    288. 

  288.   uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
    289. 

  289.   int i;
    290. 

  290. 

  291.   j0 = x0 = load_littleendian(c + 0);
    292. 

  292.   j1 = x1 = load_littleendian(k + 0);
    293. 

  293.   j2 = x2 = load_littleendian(k + 4);
    294. 

  294.   j3 = x3 = load_littleendian(k + 8);
    295. 

  295.   j4 = x4 = load_littleendian(k + 12);
    296. 

  296.   j5 = x5 = load_littleendian(c + 4);
    297. 

  297.   j6 = x6 = load_littleendian(in + 0);
    298. 

  298.   j7 = x7 = load_littleendian(in + 4);
    299. 

  299.   j8 = x8 = load_littleendian(in + 8);
    300. 

  300.   j9 = x9 = load_littleendian(in + 12);
    301. 

  301.   j10 = x10 = load_littleendian(c + 8);
    302. 

  302.   j11 = x11 = load_littleendian(k + 16);
    303. 

  303.   j12 = x12 = load_littleendian(k + 20);
    304. 

  304.   j13 = x13 = load_littleendian(k + 24);
    305. 

  305.   j14 = x14 = load_littleendian(k + 28);
    306. 

  306.   j15 = x15 = load_littleendian(c + 12);
    307. 

  307. 

  308.   for (i = ROUNDS;i > 0;i -= 2) {
    309. 

  309.      x4 ^= rotate( x0+x12, 7);
    310. 

  310.      x8 ^= rotate( x4+ x0, 9);
    311. 

  311.     x12 ^= rotate( x8+ x4,13);
    312. 

  312.      x0 ^= rotate(x12+ x8,18);
    313. 

  313.      x9 ^= rotate( x5+ x1, 7);
    314. 

  314.     x13 ^= rotate( x9+ x5, 9);
    315. 

  315.      x1 ^= rotate(x13+ x9,13);
    316. 

  316.      x5 ^= rotate( x1+x13,18);
    317. 

  317.     x14 ^= rotate(x10+ x6, 7);
    318. 

  318.      x2 ^= rotate(x14+x10, 9);
    319. 

  319.      x6 ^= rotate( x2+x14,13);
    320. 

  320.     x10 ^= rotate( x6+ x2,18);
    321. 

  321.      x3 ^= rotate(x15+x11, 7);
    322. 

  322.      x7 ^= rotate( x3+x15, 9);
    323. 

  323.     x11 ^= rotate( x7+ x3,13);
    324. 

  324.     x15 ^= rotate(x11+ x7,18);
    325. 

  325.      x1 ^= rotate( x0+ x3, 7);
    326. 

  326.      x2 ^= rotate( x1+ x0, 9);
    327. 

  327.      x3 ^= rotate( x2+ x1,13);
    328. 

  328.      x0 ^= rotate( x3+ x2,18);
    329. 

  329.      x6 ^= rotate( x5+ x4, 7);
    330. 

  330.      x7 ^= rotate( x6+ x5, 9);
    331. 

  331.      x4 ^= rotate( x7+ x6,13);
    332. 

  332.      x5 ^= rotate( x4+ x7,18);
    333. 

  333.     x11 ^= rotate(x10+ x9, 7);
    334. 

  334.      x8 ^= rotate(x11+x10, 9);
    335. 

  335.      x9 ^= rotate( x8+x11,13);
    336. 

  336.     x10 ^= rotate( x9+ x8,18);
    337. 

  337.     x12 ^= rotate(x15+x14, 7);
    338. 

  338.     x13 ^= rotate(x12+x15, 9);
    339. 

  339.     x14 ^= rotate(x13+x12,13);
    340. 

  340.     x15 ^= rotate(x14+x13,18);
    341. 

  341.   }
    342. 

  342. 

  343.   x0 += j0;
    344. 

  344.   x1 += j1;
    345. 

  345.   x2 += j2;
    346. 

  346.   x3 += j3;
    347. 

  347.   x4 += j4;
    348. 

  348.   x5 += j5;
    349. 

  349.   x6 += j6;
    350. 

  350.   x7 += j7;
    351. 

  351.   x8 += j8;
    352. 

  352.   x9 += j9;
    353. 

  353.   x10 += j10;
    354. 

  354.   x11 += j11;
    355. 

  355.   x12 += j12;
    356. 

  356.   x13 += j13;
    357. 

  357.   x14 += j14;
    358. 

  358.   x15 += j15;
    359. 

  359. 

  360.   x0 -= load_littleendian(c + 0);
    361. 

  361.   x5 -= load_littleendian(c + 4);
    362. 

  362.   x10 -= load_littleendian(c + 8);
    363. 

  363.   x15 -= load_littleendian(c + 12);
    364. 

  364.   x6 -= load_littleendian(in + 0);
    365. 

  365.   x7 -= load_littleendian(in + 4);
    366. 

  366.   x8 -= load_littleendian(in + 8);
    367. 

  367.   x9 -= load_littleendian(in + 12);
    368. 

  368. 

  369.   store_littleendian(out + 0,x0);
    370. 

  370.   store_littleendian(out + 4,x5);
    371. 

  371.   store_littleendian(out + 8,x10);
    372. 

  372.   store_littleendian(out + 12,x15);
    373. 

  373.   store_littleendian(out + 16,x6);
    374. 

  374.   store_littleendian(out + 20,x7);
    375. 

  375.   store_littleendian(out + 24,x8);
    376. 

  376.   store_littleendian(out + 28,x9);
    377. 

  377. 

  378.   return 0;
    379. 

  379. }
    380. 

  380. 

  381. int crypto_stream_salsa20_ref_xor(
    382. 

  382.         unsigned char *c,
    383. 

  383.   const unsigned char *m,unsigned long long mlen,
    384. 

  384.   const unsigned char *n,
    385. 

  385.   const unsigned char *k
    386. 

  386. )
    387. 

  387. {
    388. 

  388.   unsigned char in[16];
    389. 

  389.   unsigned char block[64];
    390. 

  390.   int i;
    391. 

  391.   unsigned int u;
    392. 

  392. 

  393.   if (!mlen) return 0;
    394. 

  394. 

  395.   for (i = 0;i < 8;++i) in[i] = n[i];
    396. 

  396.   for (i = 8;i < 16;++i) in[i] = 0;
    397. 

  397. 

  398.   while (mlen >= 64) {
    399. 

  399.     crypto_core_salsa20_ref(block,in,k,sigma);
    400. 

  400.     for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i];
    401. 

  401. 

  402.     u = 1;
    403. 

  403.     for (i = 8;i < 16;++i) {
    404. 

  404.       u += (unsigned int) in[i];
    405. 

  405.       in[i] = u;
    406. 

  406.       u >>= 8;
    407. 

  407.     }
    408. 

  408. 

  409.     mlen -= 64;
    410. 

  410.     c += 64;
    411. 

  411.     m += 64;
    412. 

  412.   }
    413. 

  413. 

  414.   if (mlen) {
    415. 

  415.     crypto_core_salsa20_ref(block,in,k,sigma);
    416. 

  416.     for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i];
    417. 

  417.   }
    418. 

  418.   return 0;
    419. 

  419. }
    420. 

  420. 

  421. int crypto_stream_salsa20_ref_xor_skip32(
    422. 

  422. 		unsigned char *c0,
    423. 

  423.         unsigned char *c,unsigned long coffset,
    424. 

  424.   const unsigned char *m,unsigned long moffset,
    425. 

  425.   unsigned long long mlen,
    426. 

  426.   const unsigned char *n,
    427. 

  427.   const unsigned char *k
    428. 

  428. )
    429. 

  429. {
    430. 

  430.   unsigned char in[16];
    431. 

  431.   unsigned char blk1[64];
    432. 

  432.   unsigned char blk2[64];
    433. 

  433.   unsigned char *prevblock;
    434. 

  434.   unsigned char *curblock;
    435. 

  435.   unsigned char *tmpblock;
    436. 

  436.   int i;
    437. 

  437.   unsigned int u;
    438. 

  438. 

  439.   if (!mlen) return 0;
    440. 

  440. 

  441.   for (i = 0;i < 8;++i) in[i] = n[i];
    442. 

  442.   for (i = 8;i < 16;++i) in[i] = 0;
    443. 

  443. 

  444.   prevblock = blk1;
    445. 

  445.   curblock = blk2;
    446. 

  446.   crypto_core_salsa20_ref(prevblock,in,k,sigma);
    447. 

  447.   if (c0 != NULL) {
    448. 

  448. 	for (i = 0; i < 32; i++) c0[i] = prevblock[i];
    449. 

  449.   }
    450. 

  450. 

  451.   while (mlen >= 64) {
    452. 

  452. 	u = 1;
    453. 

  453.     for (i = 8;i < 16;++i) {
    454. 

  454.       u += (unsigned int) in[i];
    455. 

  455.       in[i] = u;
    456. 

  456.       u >>= 8;
    457. 

  457.     }
    458. 

  458. 

  459.     crypto_core_salsa20_ref(curblock,in,k,sigma);
    460. 

  460. 

  461. 	for (i = 0;i < 32;++i) c[i+coffset] = m[i+moffset] ^ prevblock[i+32];
    462. 

  462. 	for (i = 32;i < 64;++i) c[i+coffset] = m[i+moffset] ^ curblock[i-32];
    463. 

  463. 

  464.     mlen -= 64;
    465. 

  465.     c += 64;
    466. 

  466.     m += 64;
    467. 

  467. 

  468. 	tmpblock = prevblock;
    469. 

  469. 	prevblock = curblock;
    470. 

  470. 	curblock = tmpblock;
    471. 

  471.   }
    472. 

  472. 

  473.   if (mlen) {
    474. 

  474. 	u = 1;
    475. 

  475.     for (i = 8;i < 16;++i) {
    476. 

  476.       u += (unsigned int) in[i];
    477. 

  477.       in[i] = u;
    478. 

  478.       u >>= 8;
    479. 

  479.     }
    480. 

  480. 

  481.     crypto_core_salsa20_ref(curblock,in,k,sigma);
    482. 

  482.     for (i = 0;i < mlen && i < 32;++i) c[i+coffset] = m[i+moffset] ^ prevblock[i+32];
    483. 

  483.     for (i = 32;i < mlen && i < 64;++i) c[i+coffset] = m[i+moffset] ^ curblock[i-32];
    484. 

  484.   }
    485. 

  485.   return 0;
    486. 

  486. }
    487. 

  487. 

  488. int crypto_stream_salsa20_ref(
    489. 

  489.         unsigned char *c,unsigned long long clen,
    490. 

  490.   const unsigned char *n,
    491. 

  491.   const unsigned char *k
    492. 

  492. )
    493. 

  493. {
    494. 

  494.   unsigned char in[16];
    495. 

  495.   unsigned char block[64];
    496. 

  496.   int i;
    497. 

  497.   unsigned int u;
    498. 

  498. 

  499.   if (!clen) return 0;
    500. 

  500. 

  501.   for (i = 0;i < 8;++i) in[i] = n[i];
    502. 

  502.   for (i = 8;i < 16;++i) in[i] = 0;
    503. 

  503. 

  504.   while (clen >= 64) {
    505. 

  505.     crypto_core_salsa20_ref(c,in,k,sigma);
    506. 

  506. 

  507.     u = 1;
    508. 

  508.     for (i = 8;i < 16;++i) {
    509. 

  509.       u += (unsigned int) in[i];
    510. 

  510.       in[i] = u;
    511. 

  511.       u >>= 8;
    512. 

  512.     }
    513. 

  513. 

  514.     clen -= 64;
    515. 

  515.     c += 64;
    516. 

  516.   }
    517. 

  517. 

  518.   if (clen) {
    519. 

  519.     crypto_core_salsa20_ref(block,in,k,sigma);
    520. 

  520.     for (i = 0;i < clen;++i) c[i] = block[i];
    521. 

  521.   }
    522. 

  522.   return 0;
    523. 

  523. }
    524.