60 lines
1.8 KiB
C
60 lines
1.8 KiB
C
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
|
|
/* SPDX-License-Identifier: Unlicense */
|
|
|
|
/* The implementation is based on:
|
|
* "Salsa20 specification", http://cr.yp.to/snuffle/spec.pdf
|
|
* and salsa20-ref.c version 20051118
|
|
* Public domain from D. J. Bernstein
|
|
*/
|
|
|
|
#include "tomcrypt_private.h"
|
|
|
|
#ifdef LTC_SALSA20
|
|
|
|
static const char * const sigma = "expand 32-byte k";
|
|
static const char * const tau = "expand 16-byte k";
|
|
|
|
/**
|
|
Initialize an Salsa20 context (only the key)
|
|
@param st [out] The destination of the Salsa20 state
|
|
@param key The secret key
|
|
@param keylen The length of the secret key (octets)
|
|
@param rounds Number of rounds (e.g. 20 for Salsa20)
|
|
@return CRYPT_OK if successful
|
|
*/
|
|
int salsa20_setup(salsa20_state *st, const unsigned char *key, unsigned long keylen, int rounds)
|
|
{
|
|
const char *constants;
|
|
|
|
LTC_ARGCHK(st != NULL);
|
|
LTC_ARGCHK(key != NULL);
|
|
LTC_ARGCHK(keylen == 32 || keylen == 16);
|
|
|
|
if (rounds == 0) rounds = 20;
|
|
LTC_ARGCHK(rounds % 2 == 0); /* number of rounds must be evenly divisible by 2 */
|
|
|
|
LOAD32L(st->input[1], key + 0);
|
|
LOAD32L(st->input[2], key + 4);
|
|
LOAD32L(st->input[3], key + 8);
|
|
LOAD32L(st->input[4], key + 12);
|
|
if (keylen == 32) { /* 256bit */
|
|
key += 16;
|
|
constants = sigma;
|
|
} else { /* 128bit */
|
|
constants = tau;
|
|
}
|
|
LOAD32L(st->input[11], key + 0);
|
|
LOAD32L(st->input[12], key + 4);
|
|
LOAD32L(st->input[13], key + 8);
|
|
LOAD32L(st->input[14], key + 12);
|
|
LOAD32L(st->input[ 0], constants + 0);
|
|
LOAD32L(st->input[ 5], constants + 4);
|
|
LOAD32L(st->input[10], constants + 8);
|
|
LOAD32L(st->input[15], constants + 12);
|
|
st->rounds = rounds; /* default is 20 for salsa20 */
|
|
st->ivlen = 0; /* will be set later by salsa20_ivctr(32|64) */
|
|
return CRYPT_OK;
|
|
}
|
|
|
|
#endif
|