Deleted some obscuring macros.

a33775b0 · Niels Möller · 2e589356 · a33775b0 · a33775b0
Commit a33775b0 authored Mar 31, 2012 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
 2012-03-31  Niels Möller  <nisse@lysator.liu.se>

+	* salsa20.c (ROTL32): Deleted macro, use the one from macros.h
+	instead, with reversed order of arguments.
+	(ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
+	builtin operators directly.
+
 	Unification of rotation macros.
 	* macros.h (ROTL32): New macro, to replace (almost) all other
 	rotation macros.

--- a/salsa20.c
+++ b/salsa20.c
@@ -37,11 +37,11 @@

 #include "salsa20.h"

-#define ROTL32(x,n) ((((x))<<(n)) | (((x))>>(32-(n))))
+#include "macros.h"

 #define SWAP32(v)				\
-  ((ROTL32(v,  8) & 0x00FF00FFUL) |		\
-   (ROTL32(v, 24) & 0xFF00FF00UL))
+  ((ROTL32(8,  v) & 0x00FF00FFUL) |		\
+   (ROTL32(24, v) & 0xFF00FF00UL))

 #ifdef WORDS_BIGENDIAN
 #define U32TO32_LITTLE(v) SWAP32(v)
@@ -52,17 +52,6 @@
 #define U8TO32_LITTLE(p) U32TO32_LITTLE(((uint32_t*)(p))[0])
 #define U32TO8_LITTLE(p, v) (((uint32_t*)(p))[0] = U32TO32_LITTLE(v))

-/*
-salsa20-ref.c version 20051118
-D. J. Bernstein
-Public domain.
-*/
-
-#define ROTATE(v,c) (ROTL32(v,c))
-#define XOR(v,w) ((v) ^ (w))
-#define PLUS(v,w) ((v) + (w))
-#define PLUSONE(v) (PLUS((v),1))
-
 static void salsa20_wordtobyte(uint8_t output[64],const uint32_t input[16])
 {
  uint32_t x[16];
@@ -70,40 +59,40 @@ static void salsa20_wordtobyte(uint8_t output[64],const uint32_t input[16])

  for (i = 0;i < 16;++i) x[i] = input[i];
  for (i = 20;i > 0;i -= 2) {
-    x[ 4] = XOR(x[ 4],ROTATE(PLUS(x[ 0],x[12]), 7));
-    x[ 8] = XOR(x[ 8],ROTATE(PLUS(x[ 4],x[ 0]), 9));
-    x[12] = XOR(x[12],ROTATE(PLUS(x[ 8],x[ 4]),13));
-    x[ 0] = XOR(x[ 0],ROTATE(PLUS(x[12],x[ 8]),18));
-    x[ 9] = XOR(x[ 9],ROTATE(PLUS(x[ 5],x[ 1]), 7));
-    x[13] = XOR(x[13],ROTATE(PLUS(x[ 9],x[ 5]), 9));
-    x[ 1] = XOR(x[ 1],ROTATE(PLUS(x[13],x[ 9]),13));
-    x[ 5] = XOR(x[ 5],ROTATE(PLUS(x[ 1],x[13]),18));
-    x[14] = XOR(x[14],ROTATE(PLUS(x[10],x[ 6]), 7));
-    x[ 2] = XOR(x[ 2],ROTATE(PLUS(x[14],x[10]), 9));
-    x[ 6] = XOR(x[ 6],ROTATE(PLUS(x[ 2],x[14]),13));
-    x[10] = XOR(x[10],ROTATE(PLUS(x[ 6],x[ 2]),18));
-    x[ 3] = XOR(x[ 3],ROTATE(PLUS(x[15],x[11]), 7));
-    x[ 7] = XOR(x[ 7],ROTATE(PLUS(x[ 3],x[15]), 9));
-    x[11] = XOR(x[11],ROTATE(PLUS(x[ 7],x[ 3]),13));
-    x[15] = XOR(x[15],ROTATE(PLUS(x[11],x[ 7]),18));
-    x[ 1] = XOR(x[ 1],ROTATE(PLUS(x[ 0],x[ 3]), 7));
-    x[ 2] = XOR(x[ 2],ROTATE(PLUS(x[ 1],x[ 0]), 9));
-    x[ 3] = XOR(x[ 3],ROTATE(PLUS(x[ 2],x[ 1]),13));
-    x[ 0] = XOR(x[ 0],ROTATE(PLUS(x[ 3],x[ 2]),18));
-    x[ 6] = XOR(x[ 6],ROTATE(PLUS(x[ 5],x[ 4]), 7));
-    x[ 7] = XOR(x[ 7],ROTATE(PLUS(x[ 6],x[ 5]), 9));
-    x[ 4] = XOR(x[ 4],ROTATE(PLUS(x[ 7],x[ 6]),13));
-    x[ 5] = XOR(x[ 5],ROTATE(PLUS(x[ 4],x[ 7]),18));
-    x[11] = XOR(x[11],ROTATE(PLUS(x[10],x[ 9]), 7));
-    x[ 8] = XOR(x[ 8],ROTATE(PLUS(x[11],x[10]), 9));
-    x[ 9] = XOR(x[ 9],ROTATE(PLUS(x[ 8],x[11]),13));
-    x[10] = XOR(x[10],ROTATE(PLUS(x[ 9],x[ 8]),18));
-    x[12] = XOR(x[12],ROTATE(PLUS(x[15],x[14]), 7));
-    x[13] = XOR(x[13],ROTATE(PLUS(x[12],x[15]), 9));
-    x[14] = XOR(x[14],ROTATE(PLUS(x[13],x[12]),13));
-    x[15] = XOR(x[15],ROTATE(PLUS(x[14],x[13]),18));
+    x[ 4] ^= ROTL32( 7, x[ 0] + x[12]);
+    x[ 8] ^= ROTL32( 9, x[ 4] + x[ 0]);
+    x[12] ^= ROTL32(13, x[ 8] + x[ 4]);
+    x[ 0] ^= ROTL32(18, x[12] + x[ 8]);
+    x[ 9] ^= ROTL32( 7, x[ 5] + x[ 1]);
+    x[13] ^= ROTL32( 9, x[ 9] + x[ 5]);
+    x[ 1] ^= ROTL32(13, x[13] + x[ 9]);
+    x[ 5] ^= ROTL32(18, x[ 1] + x[13]);
+    x[14] ^= ROTL32( 7, x[10] + x[ 6]);
+    x[ 2] ^= ROTL32( 9, x[14] + x[10]);
+    x[ 6] ^= ROTL32(13, x[ 2] + x[14]);
+    x[10] ^= ROTL32(18, x[ 6] + x[ 2]);
+    x[ 3] ^= ROTL32( 7, x[15] + x[11]);
+    x[ 7] ^= ROTL32( 9, x[ 3] + x[15]);
+    x[11] ^= ROTL32(13, x[ 7] + x[ 3]);
+    x[15] ^= ROTL32(18, x[11] + x[ 7]);
+    x[ 1] ^= ROTL32( 7, x[ 0] + x[ 3]);
+    x[ 2] ^= ROTL32( 9, x[ 1] + x[ 0]);
+    x[ 3] ^= ROTL32(13, x[ 2] + x[ 1]);
+    x[ 0] ^= ROTL32(18, x[ 3] + x[ 2]);
+    x[ 6] ^= ROTL32( 7, x[ 5] + x[ 4]);
+    x[ 7] ^= ROTL32( 9, x[ 6] + x[ 5]);
+    x[ 4] ^= ROTL32(13, x[ 7] + x[ 6]);
+    x[ 5] ^= ROTL32(18, x[ 4] + x[ 7]);
+    x[11] ^= ROTL32( 7, x[10] + x[ 9]);
+    x[ 8] ^= ROTL32( 9, x[11] + x[10]);
+    x[ 9] ^= ROTL32(13, x[ 8] + x[11]);
+    x[10] ^= ROTL32(18, x[ 9] + x[ 8]);
+    x[12] ^= ROTL32( 7, x[15] + x[14]);
+    x[13] ^= ROTL32( 9, x[12] + x[15]);
+    x[14] ^= ROTL32(13, x[13] + x[12]);
+    x[15] ^= ROTL32(18, x[14] + x[13]);
  }
-  for (i = 0;i < 16;++i) x[i] = PLUS(x[i],input[i]);
+  for (i = 0;i < 16;++i) x[i] = x[i] + input[i];
  for (i = 0;i < 16;++i) U32TO8_LITTLE(output + 4 * i,x[i]);
 }

@@ -161,9 +150,9 @@ salsa20_crypt(struct salsa20_ctx *ctx,
  if (!length) return;
  for (;;) {
    salsa20_wordtobyte(output,ctx->input);
-    ctx->input[8] = PLUSONE(ctx->input[8]);
+    ctx->input[8]++;
    if (!ctx->input[8]) {
-      ctx->input[9] = PLUSONE(ctx->input[9]);
+      ctx->input[9]++;
      /* stopping at 2^70 length per nonce is user's responsibility */
    }
    if (length <= 64) {