From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Mon, 9 Jan 2017 23:08:35 +0000 (+0100)
Subject: cosmetic change to Chacha20 quarter-round
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=32ec91cc7d762c3f6b9e8e4e754195c7704ef70a;p=Monocypher.git

cosmetic change to Chacha20 quarter-round
---

diff --git a/chacha20.c b/chacha20.c
index 455fedd..164b10d 100644
--- a/chacha20.c
+++ b/chacha20.c
@@ -4,12 +4,6 @@
 /// Utilities ///
 /////////////////
 
-static uint32_t
-rotl32 (uint32_t x, uint32_t n)
-{
-    return (x << n) | (x >> (32 - n));
-}
-
 static uint32_t
 load32_le(const uint8_t s[4])
 {
@@ -41,12 +35,13 @@ chacha20_rounds(uint32_t out[16], const uint32_t in[16])
     for (int i = 0; i < 16; i++)
         out[i] = in[i];
 
-    for (int i = 20; i > 0; i -= 2) { // 20 rounds, 2 rounds per loop.
+    for (int i = 0; i < 10; i++) { // 20 rounds, 2 rounds per loop.
+#define ROT_L32(x, n) x = (x << n) | (x >> (32 - n))
 #define QUARTERROUND(a, b, c, d)           \
-        a = a + b;  d = rotl32(d ^ a, 16); \
-        c = c + d;  b = rotl32(b ^ c, 12); \
-        a = a + b;  d = rotl32(d ^ a,  8); \
-        c = c + d;  b = rotl32(b ^ c,  7)
+        a += b;  d ^= a;  ROT_L32(d, 16);  \
+        c += d;  b ^= c;  ROT_L32(b, 12);  \
+        a += b;  d ^= a;  ROT_L32(d,  8);  \
+        c += d;  b ^= c;  ROT_L32(b,  7)
 
         QUARTERROUND(out[0], out[4], out[ 8], out[12]); // column 0
         QUARTERROUND(out[1], out[5], out[ 9], out[13]); // column 1