You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

199 lines
4.9 KiB

  1. // Copyright 2012 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package salsa
  5. // Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
  6. // the result into the 64-byte array out. The input and output may be the same array.
  7. func Core208(out *[64]byte, in *[64]byte) {
  8. j0 := uint32(in[0]) | uint32(in[1])<<8 | uint32(in[2])<<16 | uint32(in[3])<<24
  9. j1 := uint32(in[4]) | uint32(in[5])<<8 | uint32(in[6])<<16 | uint32(in[7])<<24
  10. j2 := uint32(in[8]) | uint32(in[9])<<8 | uint32(in[10])<<16 | uint32(in[11])<<24
  11. j3 := uint32(in[12]) | uint32(in[13])<<8 | uint32(in[14])<<16 | uint32(in[15])<<24
  12. j4 := uint32(in[16]) | uint32(in[17])<<8 | uint32(in[18])<<16 | uint32(in[19])<<24
  13. j5 := uint32(in[20]) | uint32(in[21])<<8 | uint32(in[22])<<16 | uint32(in[23])<<24
  14. j6 := uint32(in[24]) | uint32(in[25])<<8 | uint32(in[26])<<16 | uint32(in[27])<<24
  15. j7 := uint32(in[28]) | uint32(in[29])<<8 | uint32(in[30])<<16 | uint32(in[31])<<24
  16. j8 := uint32(in[32]) | uint32(in[33])<<8 | uint32(in[34])<<16 | uint32(in[35])<<24
  17. j9 := uint32(in[36]) | uint32(in[37])<<8 | uint32(in[38])<<16 | uint32(in[39])<<24
  18. j10 := uint32(in[40]) | uint32(in[41])<<8 | uint32(in[42])<<16 | uint32(in[43])<<24
  19. j11 := uint32(in[44]) | uint32(in[45])<<8 | uint32(in[46])<<16 | uint32(in[47])<<24
  20. j12 := uint32(in[48]) | uint32(in[49])<<8 | uint32(in[50])<<16 | uint32(in[51])<<24
  21. j13 := uint32(in[52]) | uint32(in[53])<<8 | uint32(in[54])<<16 | uint32(in[55])<<24
  22. j14 := uint32(in[56]) | uint32(in[57])<<8 | uint32(in[58])<<16 | uint32(in[59])<<24
  23. j15 := uint32(in[60]) | uint32(in[61])<<8 | uint32(in[62])<<16 | uint32(in[63])<<24
  24. x0, x1, x2, x3, x4, x5, x6, x7, x8 := j0, j1, j2, j3, j4, j5, j6, j7, j8
  25. x9, x10, x11, x12, x13, x14, x15 := j9, j10, j11, j12, j13, j14, j15
  26. for i := 0; i < 8; i += 2 {
  27. u := x0 + x12
  28. x4 ^= u<<7 | u>>(32-7)
  29. u = x4 + x0
  30. x8 ^= u<<9 | u>>(32-9)
  31. u = x8 + x4
  32. x12 ^= u<<13 | u>>(32-13)
  33. u = x12 + x8
  34. x0 ^= u<<18 | u>>(32-18)
  35. u = x5 + x1
  36. x9 ^= u<<7 | u>>(32-7)
  37. u = x9 + x5
  38. x13 ^= u<<9 | u>>(32-9)
  39. u = x13 + x9
  40. x1 ^= u<<13 | u>>(32-13)
  41. u = x1 + x13
  42. x5 ^= u<<18 | u>>(32-18)
  43. u = x10 + x6
  44. x14 ^= u<<7 | u>>(32-7)
  45. u = x14 + x10
  46. x2 ^= u<<9 | u>>(32-9)
  47. u = x2 + x14
  48. x6 ^= u<<13 | u>>(32-13)
  49. u = x6 + x2
  50. x10 ^= u<<18 | u>>(32-18)
  51. u = x15 + x11
  52. x3 ^= u<<7 | u>>(32-7)
  53. u = x3 + x15
  54. x7 ^= u<<9 | u>>(32-9)
  55. u = x7 + x3
  56. x11 ^= u<<13 | u>>(32-13)
  57. u = x11 + x7
  58. x15 ^= u<<18 | u>>(32-18)
  59. u = x0 + x3
  60. x1 ^= u<<7 | u>>(32-7)
  61. u = x1 + x0
  62. x2 ^= u<<9 | u>>(32-9)
  63. u = x2 + x1
  64. x3 ^= u<<13 | u>>(32-13)
  65. u = x3 + x2
  66. x0 ^= u<<18 | u>>(32-18)
  67. u = x5 + x4
  68. x6 ^= u<<7 | u>>(32-7)
  69. u = x6 + x5
  70. x7 ^= u<<9 | u>>(32-9)
  71. u = x7 + x6
  72. x4 ^= u<<13 | u>>(32-13)
  73. u = x4 + x7
  74. x5 ^= u<<18 | u>>(32-18)
  75. u = x10 + x9
  76. x11 ^= u<<7 | u>>(32-7)
  77. u = x11 + x10
  78. x8 ^= u<<9 | u>>(32-9)
  79. u = x8 + x11
  80. x9 ^= u<<13 | u>>(32-13)
  81. u = x9 + x8
  82. x10 ^= u<<18 | u>>(32-18)
  83. u = x15 + x14
  84. x12 ^= u<<7 | u>>(32-7)
  85. u = x12 + x15
  86. x13 ^= u<<9 | u>>(32-9)
  87. u = x13 + x12
  88. x14 ^= u<<13 | u>>(32-13)
  89. u = x14 + x13
  90. x15 ^= u<<18 | u>>(32-18)
  91. }
  92. x0 += j0
  93. x1 += j1
  94. x2 += j2
  95. x3 += j3
  96. x4 += j4
  97. x5 += j5
  98. x6 += j6
  99. x7 += j7
  100. x8 += j8
  101. x9 += j9
  102. x10 += j10
  103. x11 += j11
  104. x12 += j12
  105. x13 += j13
  106. x14 += j14
  107. x15 += j15
  108. out[0] = byte(x0)
  109. out[1] = byte(x0 >> 8)
  110. out[2] = byte(x0 >> 16)
  111. out[3] = byte(x0 >> 24)
  112. out[4] = byte(x1)
  113. out[5] = byte(x1 >> 8)
  114. out[6] = byte(x1 >> 16)
  115. out[7] = byte(x1 >> 24)
  116. out[8] = byte(x2)
  117. out[9] = byte(x2 >> 8)
  118. out[10] = byte(x2 >> 16)
  119. out[11] = byte(x2 >> 24)
  120. out[12] = byte(x3)
  121. out[13] = byte(x3 >> 8)
  122. out[14] = byte(x3 >> 16)
  123. out[15] = byte(x3 >> 24)
  124. out[16] = byte(x4)
  125. out[17] = byte(x4 >> 8)
  126. out[18] = byte(x4 >> 16)
  127. out[19] = byte(x4 >> 24)
  128. out[20] = byte(x5)
  129. out[21] = byte(x5 >> 8)
  130. out[22] = byte(x5 >> 16)
  131. out[23] = byte(x5 >> 24)
  132. out[24] = byte(x6)
  133. out[25] = byte(x6 >> 8)
  134. out[26] = byte(x6 >> 16)
  135. out[27] = byte(x6 >> 24)
  136. out[28] = byte(x7)
  137. out[29] = byte(x7 >> 8)
  138. out[30] = byte(x7 >> 16)
  139. out[31] = byte(x7 >> 24)
  140. out[32] = byte(x8)
  141. out[33] = byte(x8 >> 8)
  142. out[34] = byte(x8 >> 16)
  143. out[35] = byte(x8 >> 24)
  144. out[36] = byte(x9)
  145. out[37] = byte(x9 >> 8)
  146. out[38] = byte(x9 >> 16)
  147. out[39] = byte(x9 >> 24)
  148. out[40] = byte(x10)
  149. out[41] = byte(x10 >> 8)
  150. out[42] = byte(x10 >> 16)
  151. out[43] = byte(x10 >> 24)
  152. out[44] = byte(x11)
  153. out[45] = byte(x11 >> 8)
  154. out[46] = byte(x11 >> 16)
  155. out[47] = byte(x11 >> 24)
  156. out[48] = byte(x12)
  157. out[49] = byte(x12 >> 8)
  158. out[50] = byte(x12 >> 16)
  159. out[51] = byte(x12 >> 24)
  160. out[52] = byte(x13)
  161. out[53] = byte(x13 >> 8)
  162. out[54] = byte(x13 >> 16)
  163. out[55] = byte(x13 >> 24)
  164. out[56] = byte(x14)
  165. out[57] = byte(x14 >> 8)
  166. out[58] = byte(x14 >> 16)
  167. out[59] = byte(x14 >> 24)
  168. out[60] = byte(x15)
  169. out[61] = byte(x15 >> 8)
  170. out[62] = byte(x15 >> 16)
  171. out[63] = byte(x15 >> 24)
  172. }