Salsa20: Fix in the nonce and the counter handling to comply with the Salsa20 standard

Rafał Fabich · Rafał Fabich · commit df1e41307229 · 2019-04-25T16:35:39.000+02:00
diff --git a/src/salsa20.c b/src/salsa20.c
@@ -139,7 +139,7 @@ void cf_salsa20_init(cf_salsa20_ctx *ctx, const uint8_t *key, size_t nkey, const
   }
 
   memset(ctx->nonce, 0, sizeof ctx->nonce);
-  memcpy(ctx->nonce + 8, nonce, 8);
+  memcpy(ctx->nonce, nonce, 8);
   ctx->nblock = 0;
   ctx->ncounter = 8;
 }
@@ -152,7 +152,7 @@ static void cf_salsa20_next_block(void *vctx, uint8_t *out)
                   ctx->nonce,
                   ctx->constant,
                   out);
-  incr_le(ctx->nonce, ctx->ncounter);
+  incr_le(ctx->nonce + 8, ctx->ncounter);
 }
 
 void cf_salsa20_cipher(cf_salsa20_ctx *ctx, const uint8_t *input, uint8_t *output, size_t bytes)

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ void cf_salsa20_init(cf_salsa20_ctx ctx, const uint8_t key, size_t nkey, const`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`memset(ctx->nonce, 0, sizeof ctx->nonce);`
`142`		`- memcpy(ctx->nonce + 8, nonce, 8);`
	`142`	`+ memcpy(ctx->nonce, nonce, 8);`
`143`	`143`	`ctx->nblock = 0;`
`144`	`144`	`ctx->ncounter = 8;`
`145`	`145`	`}`
`@@ -152,7 +152,7 @@ static void cf_salsa20_next_block(void vctx, uint8_t out)`
`152`	`152`	`ctx->nonce,`
`153`	`153`	`ctx->constant,`
`154`	`154`	`out);`
`155`		`- incr_le(ctx->nonce, ctx->ncounter);`
	`155`	`+ incr_le(ctx->nonce + 8, ctx->ncounter);`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`void cf_salsa20_cipher(cf_salsa20_ctx ctx, const uint8_t input, uint8_t *output, size_t bytes)`