diff options
Diffstat (limited to 'src/crypto/chacha/chacha_vec.c')
-rw-r--r-- | src/crypto/chacha/chacha_vec.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/crypto/chacha/chacha_vec.c b/src/crypto/chacha/chacha_vec.c index addbaa3..14b54a7 100644 --- a/src/crypto/chacha/chacha_vec.c +++ b/src/crypto/chacha/chacha_vec.c @@ -154,12 +154,12 @@ void CRYPTO_chacha_20( const uint8_t *in, size_t inlen, const uint8_t key[32], - const uint8_t nonce[12], - uint32_t counter) + const uint8_t nonce[8], + size_t counter) { unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp; #if defined(__ARM_NEON__) - uint32_t np[3]; + uint32_t np[2]; uint8_t alignment_buffer[16] __attribute__((aligned(16))); #endif vec s0, s1, s2, s3; @@ -167,16 +167,20 @@ void CRYPTO_chacha_20( {0x61707865,0x3320646E,0x79622D32,0x6B206574}; kp = (unsigned *)key; #if defined(__ARM_NEON__) - memcpy(np, nonce, 12); + memcpy(np, nonce, 8); #endif s0 = LOAD_ALIGNED(chacha_const); s1 = LOAD(&((vec*)kp)[0]); s2 = LOAD(&((vec*)kp)[1]); s3 = (vec){ - counter, + counter & 0xffffffff, +#if __ARM_NEON__ || defined(OPENSSL_X86) + 0, /* can't right-shift 32 bits on a 32-bit system. */ +#else + counter >> 32, +#endif ((uint32_t*)nonce)[0], - ((uint32_t*)nonce)[1], - ((uint32_t*)nonce)[2] + ((uint32_t*)nonce)[1] }; for (iters = 0; iters < inlen/(BPI*64); iters++) @@ -208,8 +212,8 @@ void CRYPTO_chacha_20( x2 = chacha_const[2]; x3 = chacha_const[3]; x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3]; x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7]; - x12 = counter+BPI*iters+(BPI-1); x13 = np[0]; - x14 = np[1]; x15 = np[2]; + x12 = counter+BPI*iters+(BPI-1); x13 = 0; + x14 = np[0]; x15 = np[1]; #endif for (i = CHACHA_RNDS/2; i; i--) { @@ -261,9 +265,9 @@ void CRYPTO_chacha_20( op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6])); op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7])); op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter+BPI*iters+(BPI-1))); - op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0])); - op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1])); - op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2])); + op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13)); + op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[0])); + op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[1])); s3 += ONE; ip += 16; op += 16; |