Mercurial > hg > ucis.core

view NaCl/crypto_core/hsalsa20.cs @ 54:ba4e2cb031e0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added general purpose tar archive reader class
author Ivo Smits <Ivo@UCIS.nl>
date Wed, 02 Oct 2013 21:17:30 +0200
parents c873e3dd73fe
children
line wrap: on
line source

???using System;

namespace UCIS.NaCl.crypto_core {
	unsafe static class hsalsa20 {
		static Boolean UseNativeFunctions = false;
		static unsafe internal Boolean EnableNativeImplementation() {
			UseNativeFunctions = false;
			Byte* dummy = stackalloc Byte[32];
			try {
				if (Native.crypto_core_hsalsa20(dummy, dummy, dummy, dummy) != 0) return false;
			} catch (Exception) {
				return false;
			}
			return UseNativeFunctions = true;
		}

		const int ROUNDS = 20;

		static UInt32 rotate(UInt32 u, int c) {
			return (u << c) | (u >> (32 - c));
		}

		static UInt32 load_littleendian(Byte* x) {
			return (UInt32)(x[0] | (x[1] << 8) | (x[2] << 16) | (x[3] << 24));
		}

		static void store_littleendian(Byte* x, UInt32 u) {
			x[0] = (Byte)u; u >>= 8;
			x[1] = (Byte)u; u >>= 8;
			x[2] = (Byte)u; u >>= 8;
			x[3] = (Byte)u;
		}

		public static void crypto_core(Byte* outv, Byte* inv, Byte* k, Byte[] c) {
			fixed (byte* cp = c) crypto_core(outv, inv, k, cp);
		}
		public static void crypto_core(Byte* outv, Byte* inv, Byte* k, Byte* c) {
			if (UseNativeFunctions) {
				UInt64* invp = stackalloc UInt64[2];
				invp[0] = invp[1] = 0;
				if (inv == null) inv = (Byte*)invp;
				Native.crypto_core_hsalsa20(outv, inv, k, c);
				return;
			}

			UInt32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;

			x0 = load_littleendian(c + 0);
			x1 = load_littleendian(k + 0);
			x2 = load_littleendian(k + 4);
			x3 = load_littleendian(k + 8);
			x4 = load_littleendian(k + 12);
			x5 = load_littleendian(c + 4);
			if (inv != null) {
				x6 = load_littleendian(inv + 0);
				x7 = load_littleendian(inv + 4);
				x8 = load_littleendian(inv + 8);
				x9 = load_littleendian(inv + 12);
			} else {
				x6 = x7 = x8 = x9 = 0;
			}
			x10 = load_littleendian(c + 8);
			x11 = load_littleendian(k + 16);
			x12 = load_littleendian(k + 20);
			x13 = load_littleendian(k + 24);
			x14 = load_littleendian(k + 28);
			x15 = load_littleendian(c + 12);

			for (int i = ROUNDS; i > 0; i -= 2) {
				x4 ^= rotate(x0 + x12, 7);
				x8 ^= rotate(x4 + x0, 9);
				x12 ^= rotate(x8 + x4, 13);
				x0 ^= rotate(x12 + x8, 18);
				x9 ^= rotate(x5 + x1, 7);
				x13 ^= rotate(x9 + x5, 9);
				x1 ^= rotate(x13 + x9, 13);
				x5 ^= rotate(x1 + x13, 18);
				x14 ^= rotate(x10 + x6, 7);
				x2 ^= rotate(x14 + x10, 9);
				x6 ^= rotate(x2 + x14, 13);
				x10 ^= rotate(x6 + x2, 18);
				x3 ^= rotate(x15 + x11, 7);
				x7 ^= rotate(x3 + x15, 9);
				x11 ^= rotate(x7 + x3, 13);
				x15 ^= rotate(x11 + x7, 18);
				x1 ^= rotate(x0 + x3, 7);
				x2 ^= rotate(x1 + x0, 9);
				x3 ^= rotate(x2 + x1, 13);
				x0 ^= rotate(x3 + x2, 18);
				x6 ^= rotate(x5 + x4, 7);
				x7 ^= rotate(x6 + x5, 9);
				x4 ^= rotate(x7 + x6, 13);
				x5 ^= rotate(x4 + x7, 18);
				x11 ^= rotate(x10 + x9, 7);
				x8 ^= rotate(x11 + x10, 9);
				x9 ^= rotate(x8 + x11, 13);
				x10 ^= rotate(x9 + x8, 18);
				x12 ^= rotate(x15 + x14, 7);
				x13 ^= rotate(x12 + x15, 9);
				x14 ^= rotate(x13 + x12, 13);
				x15 ^= rotate(x14 + x13, 18);
			}

			store_littleendian(outv + 0, x0);
			store_littleendian(outv + 4, x5);
			store_littleendian(outv + 8, x10);
			store_littleendian(outv + 12, x15);
			store_littleendian(outv + 16, x6);
			store_littleendian(outv + 20, x7);
			store_littleendian(outv + 24, x8);
			store_littleendian(outv + 28, x9);
		}
	}
}