cryb.to
/
cryb-to
mirror of https://github.com/cryb-to/cryb-to.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix counter increment in Salsa and ChaCha. 

In my eagerness to eliminate a branch which is taken once per 2^38 bytes of keystream, I forgot that the state words are in host order.  Thus, the counter increment code worked fine on little-endian machines, but not on big-endian ones.  Switch to a simpler (branchful) solution.
This commit is contained in:
Dag-Erling Smørgrav 2017-04-22 02:45:41 +02:00
parent 6e5bac8747
commit b28507b0e9
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/cipher/cryb_chacha.c
View File

@ -137,7 +137,6 @@ size_t
chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
{
const uint8_t *pt = vpt;
uint64_t ctr;
uint32_t mix[16];
uint8_t ks[64];
unsigned int b, i;
@ -164,8 +163,8 @@ chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
for (i = 0; i < 64 && i < len; ++i)
*ct++ = *pt++ ^ ks[i];
}
ctr = le64dec(ctx->state + 12);
le64enc(ctx->state + 12, ++ctr);
if (++ctx->state[12] == 0)
++ctx->state[13];
}
return (len);
}

5
lib/cipher/cryb_salsa.c
View File

@ -137,7 +137,6 @@ size_t
salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
{
const uint8_t *pt = vpt;
uint64_t ctr;
uint32_t mix[16];
uint8_t ks[64];
unsigned int b, i;
@ -164,8 +163,8 @@ salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
for (i = 0; i < 64 && i < len; ++i)
*ct++ = *pt++ ^ ks[i];
}
ctr = le64dec(ctx->state + 12);
le64enc(ctx->state + 12, ++ctr);
if (++ctx->state[12] == 0)
++ctx->state[13];
}
return (len);
}