5 files changed, 140 insertions, 0 deletions
diff --git a/nacl/crypto_core/salsa2012/checksum b/nacl/crypto_core/salsa2012/checksum
new file mode 100644
index 00000000..2f99a8d6
--- /dev/null
+++ b/nacl/crypto_core/salsa2012/checksum
@@ -0,0 +1 @@
+f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293
diff --git a/nacl/crypto_core/salsa2012/ref/api.h b/nacl/crypto_core/salsa2012/ref/api.h
new file mode 100644
index 00000000..2a387b6d
--- /dev/null
+++ b/nacl/crypto_core/salsa2012/ref/api.h
@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 64
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16
diff --git a/nacl/crypto_core/salsa2012/ref/core.c b/nacl/crypto_core/salsa2012/ref/core.c
new file mode 100644
index 00000000..d4b59e48
--- /dev/null
+++ b/nacl/crypto_core/salsa2012/ref/core.c
@@ -0,0 +1,134 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+#include "crypto_core.h"
+#define ROUNDS 12
+typedef unsigned int uint32;
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  int i;
+  j0 = x0 = load_littleendian(c + 0);
+  j1 = x1 = load_littleendian(k + 0);
+  j2 = x2 = load_littleendian(k + 4);
+  j3 = x3 = load_littleendian(k + 8);
+  j4 = x4 = load_littleendian(k + 12);
+  j5 = x5 = load_littleendian(c + 4);
+  j6 = x6 = load_littleendian(in + 0);
+  j7 = x7 = load_littleendian(in + 4);
+  j8 = x8 = load_littleendian(in + 8);
+  j9 = x9 = load_littleendian(in + 12);
+  j10 = x10 = load_littleendian(c + 8);
+  j11 = x11 = load_littleendian(k + 16);
+  j12 = x12 = load_littleendian(k + 20);
+  j13 = x13 = load_littleendian(k + 24);
+  j14 = x14 = load_littleendian(k + 28);
+  j15 = x15 = load_littleendian(c + 12);
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+  x0 += j0;
+  x1 += j1;
+  x2 += j2;
+  x3 += j3;
+  x4 += j4;
+  x5 += j5;
+  x6 += j6;
+  x7 += j7;
+  x8 += j8;
+  x9 += j9;
+  x10 += j10;
+  x11 += j11;
+  x12 += j12;
+  x13 += j13;
+  x14 += j14;
+  x15 += j15;
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x1);
+  store_littleendian(out + 8,x2);
+  store_littleendian(out + 12,x3);
+  store_littleendian(out + 16,x4);
+  store_littleendian(out + 20,x5);
+  store_littleendian(out + 24,x6);
+  store_littleendian(out + 28,x7);
+  store_littleendian(out + 32,x8);
+  store_littleendian(out + 36,x9);
+  store_littleendian(out + 40,x10);
+  store_littleendian(out + 44,x11);
+  store_littleendian(out + 48,x12);
+  store_littleendian(out + 52,x13);
+  store_littleendian(out + 56,x14);
+  store_littleendian(out + 60,x15);
+  return 0;
+}
diff --git a/nacl/crypto_core/salsa2012/ref/implementors b/nacl/crypto_core/salsa2012/ref/implementors
new file mode 100644
index 00000000..f6fb3c73
--- /dev/null
+++ b/nacl/crypto_core/salsa2012/ref/implementors
@@ -0,0 +1 @@
+Daniel J. Bernstein
diff --git a/nacl/crypto_core/salsa2012/used b/nacl/crypto_core/salsa2012/used
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/crypto_core/salsa2012/used

diff --git a/nacl/crypto_core/salsa2012/checksum b/nacl/crypto_core/salsa2012/checksum new file mode 100644 index 00000000..2f99a8d6 --- /dev/null +++ b/nacl/crypto_core/salsa2012/checksum
@@ -0,0 +1 @@
		f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293


diff --git a/nacl/crypto_core/salsa2012/ref/api.h b/nacl/crypto_core/salsa2012/ref/api.h new file mode 100644 index 00000000..2a387b6d --- /dev/null +++ b/nacl/crypto_core/salsa2012/ref/api.h
@@ -0,0 +1,4 @@
	1	#define CRYPTO_OUTPUTBYTES 64
	2	#define CRYPTO_INPUTBYTES 16
	3	#define CRYPTO_KEYBYTES 32
	4	#define CRYPTO_CONSTBYTES 16


diff --git a/nacl/crypto_core/salsa2012/ref/core.c b/nacl/crypto_core/salsa2012/ref/core.c new file mode 100644 index 00000000..d4b59e48 --- /dev/null +++ b/nacl/crypto_core/salsa2012/ref/core.c
@@ -0,0 +1,134 @@
	1	/*
	2	version 20080913
	3	D. J. Bernstein
	4	Public domain.
	5	*/
	6
	7	#include "crypto_core.h"
	8
	9	#define ROUNDS 12
	10
	11	typedef unsigned int uint32;
	12
	13	static uint32 rotate(uint32 u,int c)
	14	{
	15	return (u << c) \| (u >> (32 - c));
	16	}
	17
	18	static uint32 load_littleendian(const unsigned char *x)
	19	{
	20	return
	21	(uint32) (x[0]) \
	22	\| (((uint32) (x[1])) << 8) \
	23	\| (((uint32) (x[2])) << 16) \
	24	\| (((uint32) (x[3])) << 24)
	25	;
	26	}
	27
	28	static void store_littleendian(unsigned char *x,uint32 u)
	29	{
	30	x[0] = u; u >>= 8;
	31	x[1] = u; u >>= 8;
	32	x[2] = u; u >>= 8;
	33	x[3] = u;
	34	}
	35
	36	int crypto_core(
	37	unsigned char *out,
	38	const unsigned char *in,
	39	const unsigned char *k,
	40	const unsigned char *c
	41	)
	42	{
	43	uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
	44	uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
	45	int i;
	46
	47	j0 = x0 = load_littleendian(c + 0);
	48	j1 = x1 = load_littleendian(k + 0);
	49	j2 = x2 = load_littleendian(k + 4);
	50	j3 = x3 = load_littleendian(k + 8);
	51	j4 = x4 = load_littleendian(k + 12);
	52	j5 = x5 = load_littleendian(c + 4);
	53	j6 = x6 = load_littleendian(in + 0);
	54	j7 = x7 = load_littleendian(in + 4);
	55	j8 = x8 = load_littleendian(in + 8);
	56	j9 = x9 = load_littleendian(in + 12);
	57	j10 = x10 = load_littleendian(c + 8);
	58	j11 = x11 = load_littleendian(k + 16);
	59	j12 = x12 = load_littleendian(k + 20);
	60	j13 = x13 = load_littleendian(k + 24);
	61	j14 = x14 = load_littleendian(k + 28);
	62	j15 = x15 = load_littleendian(c + 12);
	63
	64	for (i = ROUNDS;i > 0;i -= 2) {
	65	x4 ^= rotate( x0+x12, 7);
	66	x8 ^= rotate( x4+ x0, 9);
	67	x12 ^= rotate( x8+ x4,13);
	68	x0 ^= rotate(x12+ x8,18);
	69	x9 ^= rotate( x5+ x1, 7);
	70	x13 ^= rotate( x9+ x5, 9);
	71	x1 ^= rotate(x13+ x9,13);
	72	x5 ^= rotate( x1+x13,18);
	73	x14 ^= rotate(x10+ x6, 7);
	74	x2 ^= rotate(x14+x10, 9);
	75	x6 ^= rotate( x2+x14,13);
	76	x10 ^= rotate( x6+ x2,18);
	77	x3 ^= rotate(x15+x11, 7);
	78	x7 ^= rotate( x3+x15, 9);
	79	x11 ^= rotate( x7+ x3,13);
	80	x15 ^= rotate(x11+ x7,18);
	81	x1 ^= rotate( x0+ x3, 7);
	82	x2 ^= rotate( x1+ x0, 9);
	83	x3 ^= rotate( x2+ x1,13);
	84	x0 ^= rotate( x3+ x2,18);
	85	x6 ^= rotate( x5+ x4, 7);
	86	x7 ^= rotate( x6+ x5, 9);
	87	x4 ^= rotate( x7+ x6,13);
	88	x5 ^= rotate( x4+ x7,18);
	89	x11 ^= rotate(x10+ x9, 7);
	90	x8 ^= rotate(x11+x10, 9);
	91	x9 ^= rotate( x8+x11,13);
	92	x10 ^= rotate( x9+ x8,18);
	93	x12 ^= rotate(x15+x14, 7);
	94	x13 ^= rotate(x12+x15, 9);
	95	x14 ^= rotate(x13+x12,13);
	96	x15 ^= rotate(x14+x13,18);
	97	}
	98
	99	x0 += j0;
	100	x1 += j1;
	101	x2 += j2;
	102	x3 += j3;
	103	x4 += j4;
	104	x5 += j5;
	105	x6 += j6;
	106	x7 += j7;
	107	x8 += j8;
	108	x9 += j9;
	109	x10 += j10;
	110	x11 += j11;
	111	x12 += j12;
	112	x13 += j13;
	113	x14 += j14;
	114	x15 += j15;
	115
	116	store_littleendian(out + 0,x0);
	117	store_littleendian(out + 4,x1);
	118	store_littleendian(out + 8,x2);
	119	store_littleendian(out + 12,x3);
	120	store_littleendian(out + 16,x4);
	121	store_littleendian(out + 20,x5);
	122	store_littleendian(out + 24,x6);
	123	store_littleendian(out + 28,x7);
	124	store_littleendian(out + 32,x8);
	125	store_littleendian(out + 36,x9);
	126	store_littleendian(out + 40,x10);
	127	store_littleendian(out + 44,x11);
	128	store_littleendian(out + 48,x12);
	129	store_littleendian(out + 52,x13);
	130	store_littleendian(out + 56,x14);
	131	store_littleendian(out + 60,x15);
	132
	133	return 0;
	134	}


diff --git a/nacl/crypto_core/salsa2012/ref/implementors b/nacl/crypto_core/salsa2012/ref/implementors new file mode 100644 index 00000000..f6fb3c73 --- /dev/null +++ b/nacl/crypto_core/salsa2012/ref/implementors
@@ -0,0 +1 @@
		Daniel J. Bernstein


diff --git a/nacl/crypto_core/salsa2012/used b/nacl/crypto_core/salsa2012/used new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/nacl/crypto_core/salsa2012/used