mirror of
https://github.com/cryb-to/cryb-to.git
synced 2025-01-03 10:21:10 +00:00
Fix counter increment in Salsa and ChaCha.
In my eagerness to eliminate a branch which is taken once per 2^38 bytes of keystream, I forgot that the state words are in host order. Thus, the counter increment code worked fine on little-endian machines, but not on big-endian ones. Switch to a simpler (branchful) solution.
This commit is contained in:
parent
6e5bac8747
commit
b28507b0e9
2 changed files with 4 additions and 6 deletions
|
@ -137,7 +137,6 @@ size_t
|
||||||
chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||||
{
|
{
|
||||||
const uint8_t *pt = vpt;
|
const uint8_t *pt = vpt;
|
||||||
uint64_t ctr;
|
|
||||||
uint32_t mix[16];
|
uint32_t mix[16];
|
||||||
uint8_t ks[64];
|
uint8_t ks[64];
|
||||||
unsigned int b, i;
|
unsigned int b, i;
|
||||||
|
@ -164,8 +163,8 @@ chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||||
for (i = 0; i < 64 && i < len; ++i)
|
for (i = 0; i < 64 && i < len; ++i)
|
||||||
*ct++ = *pt++ ^ ks[i];
|
*ct++ = *pt++ ^ ks[i];
|
||||||
}
|
}
|
||||||
ctr = le64dec(ctx->state + 12);
|
if (++ctx->state[12] == 0)
|
||||||
le64enc(ctx->state + 12, ++ctr);
|
++ctx->state[13];
|
||||||
}
|
}
|
||||||
return (len);
|
return (len);
|
||||||
}
|
}
|
||||||
|
|
|
@ -137,7 +137,6 @@ size_t
|
||||||
salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||||
{
|
{
|
||||||
const uint8_t *pt = vpt;
|
const uint8_t *pt = vpt;
|
||||||
uint64_t ctr;
|
|
||||||
uint32_t mix[16];
|
uint32_t mix[16];
|
||||||
uint8_t ks[64];
|
uint8_t ks[64];
|
||||||
unsigned int b, i;
|
unsigned int b, i;
|
||||||
|
@ -164,8 +163,8 @@ salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||||
for (i = 0; i < 64 && i < len; ++i)
|
for (i = 0; i < 64 && i < len; ++i)
|
||||||
*ct++ = *pt++ ^ ks[i];
|
*ct++ = *pt++ ^ ks[i];
|
||||||
}
|
}
|
||||||
ctr = le64dec(ctx->state + 12);
|
if (++ctx->state[12] == 0)
|
||||||
le64enc(ctx->state + 12, ++ctr);
|
++ctx->state[13];
|
||||||
}
|
}
|
||||||
return (len);
|
return (len);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue