core/lib/libtomcrypt/src/stream/chacha/chacha_crypt.c - optee-os-mtk - Git at Google

 // SPDX-License-Identifier: BSD-2-Clause
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
  *
  * LibTomCrypt is a library that provides various cryptographic
  * algorithms in a highly modular and flexible manner.
  *
  * The library is free for all purposes without any express
  * guarantee it works.
  */

 /* The implementation is based on:
  * chacha-ref.c version 20080118
  * Public domain from D. J. Bernstein
  */

 #include "tomcrypt_private.h"

 #ifdef LTC_CHACHA

 #define QUARTERROUND(a,b,c,d) \
   x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 16); \
   x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 12); \
   x[a] += x[b]; x[d] = ROL(x[d] ^ x[a],  8); \
   x[c] += x[d]; x[b] = ROL(x[b] ^ x[c],  7);

 static void _chacha_block(unsigned char *output, const ulong32 *input, int rounds)
 {
    ulong32 x[16];
    int i;
    XMEMCPY(x, input, sizeof(x));
    for (i = rounds; i > 0; i -= 2) {
       QUARTERROUND(0, 4, 8,12)
       QUARTERROUND(1, 5, 9,13)
       QUARTERROUND(2, 6,10,14)
       QUARTERROUND(3, 7,11,15)
       QUARTERROUND(0, 5,10,15)
       QUARTERROUND(1, 6,11,12)
       QUARTERROUND(2, 7, 8,13)
       QUARTERROUND(3, 4, 9,14)
    }
    for (i = 0; i < 16; ++i) {
      x[i] += input[i];
      STORE32L(x[i], output + 4 * i);
    }
 }

 /**
    Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha
    @param st      The ChaCha state
    @param in      The plaintext (or ciphertext)
    @param inlen   The length of the input (octets)
    @param out     [out] The ciphertext (or plaintext), length inlen
    @return CRYPT_OK if successful
 */
 int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
 {
    unsigned char buf[64];
    unsigned long i, j;

    if (inlen == 0) return CRYPT_OK; /* nothing to do */

    LTC_ARGCHK(st        != NULL);
    LTC_ARGCHK(in        != NULL);
    LTC_ARGCHK(out       != NULL);
    LTC_ARGCHK(st->ivlen != 0);

    if (st->ksleft > 0) {
       j = MIN(st->ksleft, inlen);
       for (i = 0; i < j; ++i, st->ksleft--) out[i] = in[i] ^ st->kstream[64 - st->ksleft];
       inlen -= j;
       if (inlen == 0) return CRYPT_OK;
       out += j;
       in  += j;
    }
    for (;;) {
      _chacha_block(buf, st->input, st->rounds);
      if (st->ivlen == 8) {
        /* IV-64bit, increment 64bit counter */
        if (0 == ++st->input[12] && 0 == ++st->input[13]) return CRYPT_OVERFLOW;
      }
      else {
        /* IV-96bit, increment 32bit counter */
        if (0 == ++st->input[12]) return CRYPT_OVERFLOW;
      }
      if (inlen <= 64) {
        for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
        st->ksleft = 64 - inlen;
        for (i = inlen; i < 64; ++i) st->kstream[i] = buf[i];
        return CRYPT_OK;
      }
      for (i = 0; i < 64; ++i) out[i] = in[i] ^ buf[i];
      inlen -= 64;
      out += 64;
      in  += 64;
    }
 }

 #endif

 /* ref:         $Format:%D$ */
 /* git commit:  $Format:%H$ */
 /* commit time: $Format:%ai$ */
	// SPDX-License-Identifier: BSD-2-Clause
	/* LibTomCrypt, modular cryptographic library -- Tom St Denis
	*
	* LibTomCrypt is a library that provides various cryptographic
	* algorithms in a highly modular and flexible manner.
	*
	* The library is free for all purposes without any express
	* guarantee it works.
	*/

	/* The implementation is based on:
	* chacha-ref.c version 20080118
	* Public domain from D. J. Bernstein
	*/

	#include "tomcrypt_private.h"

	#ifdef LTC_CHACHA

	#define QUARTERROUND(a,b,c,d) \
	x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 16); \
	x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 12); \
	x[a] += x[b]; x[d] = ROL(x[d] ^ x[a], 8); \
	x[c] += x[d]; x[b] = ROL(x[b] ^ x[c], 7);

	static void _chacha_block(unsigned char output, const ulong32 input, int rounds)
	{
	ulong32 x[16];
	int i;
	XMEMCPY(x, input, sizeof(x));
	for (i = rounds; i > 0; i -= 2) {
	QUARTERROUND(0, 4, 8,12)
	QUARTERROUND(1, 5, 9,13)
	QUARTERROUND(2, 6,10,14)
	QUARTERROUND(3, 7,11,15)
	QUARTERROUND(0, 5,10,15)
	QUARTERROUND(1, 6,11,12)
	QUARTERROUND(2, 7, 8,13)
	QUARTERROUND(3, 4, 9,14)
	}
	for (i = 0; i < 16; ++i) {
	x[i] += input[i];
	STORE32L(x[i], output + 4 * i);
	}
	}

	/**
	Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha
	@param st The ChaCha state
	@param in The plaintext (or ciphertext)
	@param inlen The length of the input (octets)
	@param out [out] The ciphertext (or plaintext), length inlen
	@return CRYPT_OK if successful
	*/
	int chacha_crypt(chacha_state st, const unsigned char in, unsigned long inlen, unsigned char *out)
	{
	unsigned char buf[64];
	unsigned long i, j;

	if (inlen == 0) return CRYPT_OK; /* nothing to do */

	LTC_ARGCHK(st != NULL);
	LTC_ARGCHK(in != NULL);
	LTC_ARGCHK(out != NULL);
	LTC_ARGCHK(st->ivlen != 0);

	if (st->ksleft > 0) {
	j = MIN(st->ksleft, inlen);
	for (i = 0; i < j; ++i, st->ksleft--) out[i] = in[i] ^ st->kstream[64 - st->ksleft];
	inlen -= j;
	if (inlen == 0) return CRYPT_OK;
	out += j;
	in += j;
	}
	for (;;) {
	_chacha_block(buf, st->input, st->rounds);
	if (st->ivlen == 8) {
	/* IV-64bit, increment 64bit counter */
	if (0 == ++st->input[12] && 0 == ++st->input[13]) return CRYPT_OVERFLOW;
	}
	else {
	/* IV-96bit, increment 32bit counter */
	if (0 == ++st->input[12]) return CRYPT_OVERFLOW;
	}
	if (inlen <= 64) {
	for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
	st->ksleft = 64 - inlen;
	for (i = inlen; i < 64; ++i) st->kstream[i] = buf[i];
	return CRYPT_OK;
	}
	for (i = 0; i < 64; ++i) out[i] = in[i] ^ buf[i];
	inlen -= 64;
	out += 64;
	in += 64;
	}
	}

	#endif

	/* ref: $Format:%D$ */
	/* git commit: $Format:%H$ */
	/* commit time: $Format:%ai$ */