ni...@lysator.liu.se (Niels Möller) writes:
> Simon Josefsson <si...@josefsson.org> writes:
>
>> See also:
>>
>> https://groups.google.com/forum/?fromgroups=#!msg/sci.crypt/AkQnSoO40BA/o4eG96rjkgYJ
>> http://cr.yp.to/snuffle/reoncore-20080224.pdf
>
> Thanks for the references. I'm now convinced we should avoid using the
> word "hash" here. I should revise the corresponding section of the
> Nettle manual as well.
Thanks -- I didn't notice that the text in the manual was wrong before.
Fixing that would be good.
> Which leaves us with an unsolved naming problem... I don't quite like
> salsa_core and salsa_core32, but I have no better suggestions right now.
I don't like it a lot either... I believe the uint8_t version should be
called salsa20_core. The tricky name is the uint32_t variant.
Ideas:
salsa_core32
salsa_core_32
salsa_core4
salsa_core_4
salsa_core_4byte
salsa_core_word
salsa_core_uint32
salsa_core_uint32
I don't either one of them is particulary good, so the choice is
arbitrary. Updated patch below.
/Simon
>From fdff2851a284247f1e1c839a2913df3bc7068d82 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <si...@josefsson.org>
Date: Fri, 21 Sep 2012 10:21:22 +0200
Subject: [PATCH] Support Salsa20 core.
---
ChangeLog | 9 +++++
Makefile.in | 2 +-
NEWS | 3 ++
salsa20-core.c | 100 ++++++++++++++++++++++++++++++++++++++++++++++
salsa20.h | 12 +++++-
testsuite/salsa20-test.c | 29 ++++++++++++++
6 files changed, 152 insertions(+), 3 deletions(-)
create mode 100644 salsa20-core.c
diff --git a/ChangeLog b/ChangeLog
index efb578e..84c8754 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-09-21 Simon Josefsson <si...@josefsson.org>
+
+ * NEWS: Mention Salsa20 core.
+ * salsa20.h (salsa20_core, salsa20_core32): Add prototypes.
+ (_SALSA20_INPUT_LENGTH): Rename to SALSA20_INPUT_LENGTH.
+ * salsa20-core.c: New file.
+ * Makefile.in (nettle_SOURCES): Add salsa20-core.c
+ * testsuite/salsa20-test.c (test_main): Test Salsa20 core.
+
2012-09-20 Simon Josefsson <si...@josefsson.org>
* pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
diff --git a/Makefile.in b/Makefile.in
index 9904be5..24d9446 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -82,7 +82,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \
ripemd160.c ripemd160-compress.c ripemd160-meta.c \
- salsa20-crypt.c salsa20-set-key.c \
+ salsa20-crypt.c salsa20-set-key.c salsa20-core.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
diff --git a/NEWS b/NEWS
index 8f7e9e6..a40d6cc 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ NEWS for the 2.6 release
New features:
+ * Support for the Salsa20 core. Contributed by Simon
+ Josefsson.
+
* Support for PKCS #5 PBKDF2. Contributed by Simon Josefsson.
Specification in RFC 2898 and test vectors in RFC 6070.
diff --git a/salsa20-core.c b/salsa20-core.c
new file mode 100644
index 0000000..fe93527
--- /dev/null
+++ b/salsa20-core.c
@@ -0,0 +1,100 @@
+/* salsa20-core.c
+ *
+ * The Salsa20 core hash function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on salsa20-crypt.c. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+#define QROUND(x0, x1, x2, x3) do { \
+ x1 ^= ROTL32(7, x0 + x3); \
+ x2 ^= ROTL32(9, x1 + x0); \
+ x3 ^= ROTL32(13, x2 + x1); \
+ x0 ^= ROTL32(18, x3 + x2); \
+ } while(0)
+
+static void
+_salsa20 (unsigned rounds,
+ uint32_t *x)
+{
+ unsigned i;
+
+ for (i = 0; i < rounds; i += 2)
+ {
+ QROUND(x[0], x[4], x[8], x[12]);
+ QROUND(x[5], x[9], x[13], x[1]);
+ QROUND(x[10], x[14], x[2], x[6]);
+ QROUND(x[15], x[3], x[7], x[11]);
+
+ QROUND(x[0], x[1], x[2], x[3]);
+ QROUND(x[5], x[6], x[7], x[4]);
+ QROUND(x[10], x[11], x[8], x[9]);
+ QROUND(x[15], x[12], x[13], x[14]);
+ }
+}
+
+void
+salsa20_core (unsigned rounds,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ uint32_t x[SALSA20_INPUT_LENGTH];
+ unsigned i;
+
+ for (i = 0; i < SALSA20_INPUT_LENGTH; i++)
+ x[i] = LE_READ_UINT32(&src[i * 4]);
+
+ _salsa20 (rounds, x);
+
+ for (i = 0; i < SALSA20_INPUT_LENGTH; i++)
+ {
+ uint32_t t = x[i] + LE_READ_UINT32(&src[i * 4]);
+ LE_WRITE_UINT32(&dst[i * sizeof (uint32_t)], t);
+ }
+}
+
+void
+salsa20_core32 (unsigned rounds,
+ uint32_t *dst,
+ const uint32_t *src)
+{
+ uint32_t x[SALSA20_INPUT_LENGTH];
+ unsigned i;
+
+ for (i = 0; i < SALSA20_INPUT_LENGTH; i++)
+ x[i] = src[i];
+
+ _salsa20 (rounds, x);
+
+ for (i = 0; i < SALSA20_INPUT_LENGTH; i++)
+ dst[i] = x[i] + src[i];
+}
diff --git a/salsa20.h b/salsa20.h
index 7d47f52..76c65a9 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -37,6 +37,8 @@ extern "C" {
#define salsa20_set_key nettle_salsa20_set_key
#define salsa20_set_iv nettle_salsa20_set_iv
#define salsa20_crypt nettle_salsa20_crypt
+#define salsa20_core nettle_salsa20_core
+#define salsa20_core32 nettle_salsa20_core32
/* Minimum and maximum keysizes, and a reasonable default. In
* octets.*/
@@ -47,7 +49,7 @@ extern "C" {
#define SALSA20_IV_SIZE 8
-#define _SALSA20_INPUT_LENGTH 16
+#define SALSA20_INPUT_LENGTH 16
struct salsa20_ctx
{
@@ -60,7 +62,7 @@ struct salsa20_ctx
B B C K
K K K C
*/
- uint32_t input[_SALSA20_INPUT_LENGTH];
+ uint32_t input[SALSA20_INPUT_LENGTH];
};
void
@@ -75,6 +77,12 @@ salsa20_crypt(struct salsa20_ctx *ctx,
unsigned length, uint8_t *dst,
const uint8_t *src);
+/* Salsa20 core. */
+void
+salsa20_core (unsigned rounds, uint8_t *dst, const uint8_t *src);
+void
+salsa20_core32 (unsigned rounds, uint32_t *dst, const uint32_t *src);
+
#ifdef __cplusplus
}
#endif
diff --git a/testsuite/salsa20-test.c b/testsuite/salsa20-test.c
index d742ce4..ca1e8de 100644
--- a/testsuite/salsa20-test.c
+++ b/testsuite/salsa20-test.c
@@ -177,6 +177,35 @@ test_salsa20(const struct tstring *key,
void
test_main(void)
{
+ uint8_t dst[SALSA20_BLOCK_SIZE];
+
+ /* http://tools.ietf.org/html/draft-josefsson-scrypt-kdf */
+
+ salsa20_core (8, dst, H("7e879a214f3ec9867ca940e641718f26"
+ "baee555b8c61c1b50df846116dcd3b1d"
+ "ee24f319df9b3d8514121e4b5ac5aa32"
+ "76021d2909c74829edebc68db8b8c25e"));
+ ASSERT(MEMEQ (SALSA20_BLOCK_SIZE, dst,
+ H("a41f859c6608cc993b81cacb020cef05"
+ "044b2181a2fd337dfd7b1c6396682f29"
+ "b4393168e3c9e6bcfe6bc5b7a06d96ba"
+ "e424cc102c91745c24ad673dc7618f81")));
+
+ {
+ uint32_t src[] = { 0x219a877e, 0x86c93e4f, 0xe640a97c, 0x268f7141,
+ 0x5b55eeba, 0xb5c1618c, 0x1146f80d, 0x1d3bcd6d,
+ 0x19f324ee, 0x853d9bdf, 0x4b1e1214, 0x32aac55a,
+ 0x291d0276, 0x2948c709, 0x8dc6ebed, 0x5ec2b8b8 };
+ uint32_t expect[] = { 0x9c851fa4, 0x99cc0866, 0xcbca813b, 0x05ef0c02,
+ 0x81214b04, 0x7d33fda2, 0x631c7bfd, 0x292f6896,
+ 0x683139b4, 0xbce6c9e3, 0xb7c56bfe, 0xba966da0,
+ 0x10cc24e4, 0x5c74912c, 0x3d67ad24, 0x818f61c7 };
+ uint32_t dst2[SALSA20_INPUT_LENGTH];
+
+ salsa20_core32 (8, dst2, src);
+ ASSERT(MEMEQ (SALSA20_BLOCK_SIZE, dst2, expect));
+ }
+
/* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/verified.test-vectors?logsort=rev&rev=210&view=markup */
test_salsa20(SHEX("80000000 00000000 00000000 00000000"),
--
1.7.9.5
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
