Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/lib/chacha20.c

  1 /*
  2  * ChaCha20 256-bit cipher algorithm, RFC7539
  3  *
  4  * Copyright (C) 2015 Martin Willi
  5  *
  6  * This program is free software; you can redistribute it and/or modify
  7  * it under the terms of the GNU General Public License as published by
  8  * the Free Software Foundation; either version 2 of the License, or
  9  * (at your option) any later version.
 10  */
 11 
 12 #include <linux/kernel.h>
 13 #include <linux/export.h>
 14 #include <linux/bitops.h>
 15 #include <linux/cryptohash.h>
 16 #include <asm/unaligned.h>
 17 #include <crypto/chacha20.h>
 18 
 19 static inline u32 rotl32(u32 v, u8 n)
 20 {
 21         return (v << n) | (v >> (sizeof(v) * 8 - n));
 22 }
 23 
 24 extern void chacha20_block(u32 *state, void *stream)
 25 {
 26         u32 x[16], *out = stream;
 27         int i;
 28 
 29         for (i = 0; i < ARRAY_SIZE(x); i++)
 30                 x[i] = state[i];
 31 
 32         for (i = 0; i < 20; i += 2) {
 33                 x[0]  += x[4];    x[12] = rotl32(x[12] ^ x[0],  16);
 34                 x[1]  += x[5];    x[13] = rotl32(x[13] ^ x[1],  16);
 35                 x[2]  += x[6];    x[14] = rotl32(x[14] ^ x[2],  16);
 36                 x[3]  += x[7];    x[15] = rotl32(x[15] ^ x[3],  16);
 37 
 38                 x[8]  += x[12];   x[4]  = rotl32(x[4]  ^ x[8],  12);
 39                 x[9]  += x[13];   x[5]  = rotl32(x[5]  ^ x[9],  12);
 40                 x[10] += x[14];   x[6]  = rotl32(x[6]  ^ x[10], 12);
 41                 x[11] += x[15];   x[7]  = rotl32(x[7]  ^ x[11], 12);
 42 
 43                 x[0]  += x[4];    x[12] = rotl32(x[12] ^ x[0],   8);
 44                 x[1]  += x[5];    x[13] = rotl32(x[13] ^ x[1],   8);
 45                 x[2]  += x[6];    x[14] = rotl32(x[14] ^ x[2],   8);
 46                 x[3]  += x[7];    x[15] = rotl32(x[15] ^ x[3],   8);
 47 
 48                 x[8]  += x[12];   x[4]  = rotl32(x[4]  ^ x[8],   7);
 49                 x[9]  += x[13];   x[5]  = rotl32(x[5]  ^ x[9],   7);
 50                 x[10] += x[14];   x[6]  = rotl32(x[6]  ^ x[10],  7);
 51                 x[11] += x[15];   x[7]  = rotl32(x[7]  ^ x[11],  7);
 52 
 53                 x[0]  += x[5];    x[15] = rotl32(x[15] ^ x[0],  16);
 54                 x[1]  += x[6];    x[12] = rotl32(x[12] ^ x[1],  16);
 55                 x[2]  += x[7];    x[13] = rotl32(x[13] ^ x[2],  16);
 56                 x[3]  += x[4];    x[14] = rotl32(x[14] ^ x[3],  16);
 57 
 58                 x[10] += x[15];   x[5]  = rotl32(x[5]  ^ x[10], 12);
 59                 x[11] += x[12];   x[6]  = rotl32(x[6]  ^ x[11], 12);
 60                 x[8]  += x[13];   x[7]  = rotl32(x[7]  ^ x[8],  12);
 61                 x[9]  += x[14];   x[4]  = rotl32(x[4]  ^ x[9],  12);
 62 
 63                 x[0]  += x[5];    x[15] = rotl32(x[15] ^ x[0],   8);
 64                 x[1]  += x[6];    x[12] = rotl32(x[12] ^ x[1],   8);
 65                 x[2]  += x[7];    x[13] = rotl32(x[13] ^ x[2],   8);
 66                 x[3]  += x[4];    x[14] = rotl32(x[14] ^ x[3],   8);
 67 
 68                 x[10] += x[15];   x[5]  = rotl32(x[5]  ^ x[10],  7);
 69                 x[11] += x[12];   x[6]  = rotl32(x[6]  ^ x[11],  7);
 70                 x[8]  += x[13];   x[7]  = rotl32(x[7]  ^ x[8],   7);
 71                 x[9]  += x[14];   x[4]  = rotl32(x[4]  ^ x[9],   7);
 72         }
 73 
 74         for (i = 0; i < ARRAY_SIZE(x); i++)
 75                 out[i] = cpu_to_le32(x[i] + state[i]);
 76 
 77         state[12]++;
 78 }
 79 EXPORT_SYMBOL(chacha20_block);
 80 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us