From 588e0e8f9d8a6fcdc404bcb704fc112d15da907a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 31 Mar 2012 22:44:56 +0200
Subject: [PATCH] New salsa20 constants.

---
 ChangeLog |  4 ++++
 salsa20.c | 26 +++++++++++++-------------
 salsa20.h | 14 +++++++++++++-
 3 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e5b83094..3b07ac51 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2012-03-31  Niels Möller  <nisse@lysator.liu.se>
 
+	* salsa20.h (SALSA20_BLOCK_SIZE): New constant.
+	(_SALSA20_INPUT_LENGTH): New constant.
+	* salsa20.c: Use these constants.
+
 	* salsa20.c (ROTL32): Deleted macro, use the one from macros.h
 	instead, with reversed order of arguments.
 	(ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
diff --git a/salsa20.c b/salsa20.c
index af452439..7cab6500 100644
--- a/salsa20.c
+++ b/salsa20.c
@@ -52,12 +52,12 @@
 #define U8TO32_LITTLE(p) U32TO32_LITTLE(((uint32_t*)(p))[0])
 #define U32TO8_LITTLE(p, v) (((uint32_t*)(p))[0] = U32TO32_LITTLE(v))
 
-static void salsa20_wordtobyte(uint8_t output[64],const uint32_t input[16])
+static void salsa20_wordtobyte(uint8_t output[SALSA20_BLOCK_SIZE],const uint32_t input[_SALSA20_INPUT_LENGTH])
 {
-  uint32_t x[16];
+  uint32_t x[_SALSA20_INPUT_LENGTH];
   int i;
 
-  for (i = 0;i < 16;++i) x[i] = input[i];
+  for (i = 0;i < _SALSA20_INPUT_LENGTH;++i) x[i] = input[i];
   for (i = 20;i > 0;i -= 2) {
     x[ 4] ^= ROTL32( 7, x[ 0] + x[12]);
     x[ 8] ^= ROTL32( 9, x[ 4] + x[ 0]);
@@ -92,12 +92,12 @@ static void salsa20_wordtobyte(uint8_t output[64],const uint32_t input[16])
     x[14] ^= ROTL32(13, x[13] + x[12]);
     x[15] ^= ROTL32(18, x[14] + x[13]);
   }
-  for (i = 0;i < 16;++i) x[i] = x[i] + input[i];
-  for (i = 0;i < 16;++i) U32TO8_LITTLE(output + 4 * i,x[i]);
+  for (i = 0;i < _SALSA20_INPUT_LENGTH;++i) x[i] = x[i] + input[i];
+  for (i = 0;i < _SALSA20_INPUT_LENGTH;++i) U32TO8_LITTLE(output + 4 * i,x[i]);
 }
 
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
+static const char sigma[_SALSA20_INPUT_LENGTH] = "expand 32-byte k";
+static const char tau[_SALSA20_INPUT_LENGTH] = "expand 16-byte k";
 
 void
 salsa20_set_key(struct salsa20_ctx *ctx,
@@ -144,7 +144,7 @@ salsa20_crypt(struct salsa20_ctx *ctx,
 	      uint8_t *c,
 	      const uint8_t *m)
 {
-  uint8_t output[64];
+  uint8_t output[SALSA20_BLOCK_SIZE];
   unsigned i;
 
   if (!length) return;
@@ -155,13 +155,13 @@ salsa20_crypt(struct salsa20_ctx *ctx,
       ctx->input[9]++;
       /* stopping at 2^70 length per nonce is user's responsibility */
     }
-    if (length <= 64) {
+    if (length <= SALSA20_BLOCK_SIZE) {
       for (i = 0;i < length;++i) c[i] = m[i] ^ output[i];
       return;
     }
-    for (i = 0;i < 64;++i) c[i] = m[i] ^ output[i];
-    length -= 64;
-    c += 64;
-    m += 64;
+    for (i = 0;i < SALSA20_BLOCK_SIZE;++i) c[i] = m[i] ^ output[i];
+    length -= SALSA20_BLOCK_SIZE;
+    c += SALSA20_BLOCK_SIZE;
+    m += SALSA20_BLOCK_SIZE;
   }
 }
diff --git a/salsa20.h b/salsa20.h
index 79f1505d..c4b98cae 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -43,12 +43,24 @@ extern "C" {
 #define SALSA20_MIN_KEY_SIZE 16
 #define SALSA20_MAX_KEY_SIZE 32
 #define SALSA20_KEY_SIZE 32
+#define SALSA20_BLOCK_SIZE 64
 
 #define SALSA20_IV_SIZE 8
 
+#define _SALSA20_INPUT_LENGTH 16
+
 struct salsa20_ctx
 {
-    uint32_t input[16];
+  /* Indices 1-4 and 11-14 holds the key (two identical copies for the
+     shorter key size), indices 0, 5, 10, 15 are constant, indices 6, 7
+     are the IV, and indices 8, 9 are the block counter:
+
+     C K K K
+     K C I I
+     B B C K
+     K K K C
+  */
+  uint32_t input[_SALSA20_INPUT_LENGTH];
 };
 
 void
-- 
GitLab