mirror of
https://github.com/cryb-to/cryb-to.git
synced 2024-12-22 12:31:07 +00:00
Fix counter increment in Salsa and ChaCha.
In my eagerness to eliminate a branch which is taken once per 2^38 bytes of keystream, I forgot that the state words are in host order. Thus, the counter increment code worked fine on little-endian machines, but not on big-endian ones. Switch to a simpler (branchful) solution.
This commit is contained in:
parent
6e5bac8747
commit
b28507b0e9
2 changed files with 4 additions and 6 deletions
|
@ -137,7 +137,6 @@ size_t
|
|||
chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||
{
|
||||
const uint8_t *pt = vpt;
|
||||
uint64_t ctr;
|
||||
uint32_t mix[16];
|
||||
uint8_t ks[64];
|
||||
unsigned int b, i;
|
||||
|
@ -164,8 +163,8 @@ chacha_encrypt(chacha_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
|||
for (i = 0; i < 64 && i < len; ++i)
|
||||
*ct++ = *pt++ ^ ks[i];
|
||||
}
|
||||
ctr = le64dec(ctx->state + 12);
|
||||
le64enc(ctx->state + 12, ++ctr);
|
||||
if (++ctx->state[12] == 0)
|
||||
++ctx->state[13];
|
||||
}
|
||||
return (len);
|
||||
}
|
||||
|
|
|
@ -137,7 +137,6 @@ size_t
|
|||
salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
||||
{
|
||||
const uint8_t *pt = vpt;
|
||||
uint64_t ctr;
|
||||
uint32_t mix[16];
|
||||
uint8_t ks[64];
|
||||
unsigned int b, i;
|
||||
|
@ -164,8 +163,8 @@ salsa_encrypt(salsa_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
|
|||
for (i = 0; i < 64 && i < len; ++i)
|
||||
*ct++ = *pt++ ^ ks[i];
|
||||
}
|
||||
ctr = le64dec(ctx->state + 12);
|
||||
le64enc(ctx->state + 12, ++ctr);
|
||||
if (++ctx->state[12] == 0)
|
||||
++ctx->state[13];
|
||||
}
|
||||
return (len);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue