Re: Salsa20/8 and Salsa20/12

Tue, 06 Nov 2012 08:25:58 -0800 

ni...@lysator.liu.se (Niels Möller) writes:

> Simon Josefsson <si...@josefsson.org> writes:
>
>> Actually, sleeping on this, I realized that we really want to export the
>> Salsa20 core primitive (this was what I actually needed), and that is
>> the primitive that should be implemented in assembler.
>
> Now that this is in, did you make any use of it yet? I don't quite
> remember what your application was.

For some reason I had missed that this went in, thanks for commiting
this.  How about the attached final cleanup patch, to export the Salsa20
core?  I think that is consistent with the approach you outlined.

My application was scrypt, and I'll update my implementation to use the
latest Nettle interfaces soon.  I'll submit the scrypt part later on...

/Simon

>From e03d9fd45bf0693eb358ea0db57cfb5d0c423922 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <si...@josefsson.org>
Date: Tue, 6 Nov 2012 17:12:25 +0100
Subject: [PATCH] Add salsa20_core function.

---
 ChangeLog                |    9 ++++++++
 Makefile.in              |    2 +-
 NEWS                     |    3 +++
 nettle.texinfo           |    6 ++++++
 salsa20-core.c           |   53 ++++++++++++++++++++++++++++++++++++++++++++++
 salsa20.h                |    5 +++++
 testsuite/salsa20-test.c |   16 ++++++++++++++
 7 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 salsa20-core.c

diff --git a/ChangeLog b/ChangeLog
index e28b074..8f8f797 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-11-06  Simon Josefsson  <si...@josefsson.org>
+
+	* NEWS: Mention Salsa20 core.
+	* nettle.texinfo: Document salsa20_core.
+	* Makefile.in (nettle_SOURCES): Add salsa20-core.c.
+	* salsa20.h (salsa20_core): Add.
+	* salsa20-core.c: New file.
+	* testsuite/salsa20-test.c (test_main): Self-check salsa20_core.
+
 2012-10-29  Niels Möller  <ni...@lysator.liu.se>
 
 	From Martin Storsjö:
diff --git a/Makefile.in b/Makefile.in
index c0ca3ad..a0d705d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -83,7 +83,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
 		 md5.c md5-compress.c md5-compat.c md5-meta.c \
 		 ripemd160.c ripemd160-compress.c ripemd160-meta.c \
 		 salsa20-core-internal.c \
-		 salsa20-crypt.c salsa20-set-key.c \
+		 salsa20-crypt.c salsa20-core.c salsa20-set-key.c \
 		 sha1.c sha1-compress.c sha1-meta.c \
 		 sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
 		 sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
diff --git a/NEWS b/NEWS
index 8f7e9e6..a40d6cc 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ NEWS for the 2.6 release
 
 	New features:
 
+	* Support for the Salsa20 core.  Contributed by Simon
+          Josefsson.
+
 	* Support for PKCS #5 PBKDF2.  Contributed by Simon Josefsson.
           Specification in RFC 2898 and test vectors in RFC 6070.
 
diff --git a/nettle.texinfo b/nettle.texinfo
index bfaf0a6..4eb1b13 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -1335,6 +1335,12 @@ all but the last call @emph{must} use a length that is a multiple of
 
 @end deftypefun
 
+@deftypefun void salsa20_core (uint8_t *@var{dst}, const uint8_t *@var{src}, unsigned @var{rounds})
+Hash the 64-byte (@code{SALSA20_BLOCK_SIZE}) message into a 64-byte
+message, using the indicated number of Salsa20 core rounds.
+
+@end deftypefun
+
 @subsection SERPENT
 SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
 Biham and Lars Knudsen. Thus, the interface and properties are similar
diff --git a/salsa20-core.c b/salsa20-core.c
new file mode 100644
index 0000000..3280e54
--- /dev/null
+++ b/salsa20-core.c
@@ -0,0 +1,53 @@
+/* salsa20-core.c
+ *
+ * The Salsa20 core hash.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+#include "memxor.h"
+
+void
+salsa20_core (uint8_t *dst,
+	      const uint8_t *src,
+	      unsigned rounds)
+{
+  uint32_t dst32[_SALSA20_INPUT_LENGTH];
+  uint32_t src32[_SALSA20_INPUT_LENGTH];
+  unsigned i;
+
+  for (i = 0; i < _SALSA20_INPUT_LENGTH; i++)
+    src32[i] = LE_READ_UINT32(&src[i * 4]);
+
+  _salsa20_core (dst32, src32, rounds);
+
+  for (i = 0; i < _SALSA20_INPUT_LENGTH; i++)
+    LE_WRITE_UINT32(&dst[i * sizeof (uint32_t)], dst32[i]);
+}
diff --git a/salsa20.h b/salsa20.h
index d95d002..95ee6a1 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -37,6 +37,7 @@ extern "C" {
 #define salsa20_set_key nettle_salsa20_set_key
 #define salsa20_set_iv nettle_salsa20_set_iv
 #define salsa20_crypt nettle_salsa20_crypt
+#define salsa20_core nettle_salsa20_core
 #define _salsa20_core _nettle_salsa20_core
 
 /* Minimum and maximum keysizes, and a reasonable default. In
@@ -76,6 +77,10 @@ salsa20_crypt(struct salsa20_ctx *ctx,
 	      unsigned length, uint8_t *dst,
 	      const uint8_t *src);
 
+/* Salsa20 core hash function.  Warning: not collision resistant. */
+void
+salsa20_core(uint8_t *dst, const uint8_t *src, unsigned rounds);
+
 void
 _salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
 
diff --git a/testsuite/salsa20-test.c b/testsuite/salsa20-test.c
index d742ce4..093fb78 100644
--- a/testsuite/salsa20-test.c
+++ b/testsuite/salsa20-test.c
@@ -177,6 +177,22 @@ test_salsa20(const struct tstring *key,
 void
 test_main(void)
 {
+  /* http://tools.ietf.org/html/draft-josefsson-scrypt-kdf */
+
+  {
+    uint8_t dst[SALSA20_BLOCK_SIZE];
+
+    salsa20_core (dst, H("7e879a214f3ec9867ca940e641718f26"
+			 "baee555b8c61c1b50df846116dcd3b1d"
+			 "ee24f319df9b3d8514121e4b5ac5aa32"
+			 "76021d2909c74829edebc68db8b8c25e"), 8);
+    ASSERT(MEMEQ (SALSA20_BLOCK_SIZE, dst,
+		  H("a41f859c6608cc993b81cacb020cef05"
+		    "044b2181a2fd337dfd7b1c6396682f29"
+		    "b4393168e3c9e6bcfe6bc5b7a06d96ba"
+		    "e424cc102c91745c24ad673dc7618f81")));
+  }
+
   /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/verified.test-vectors?logsort=rev&rev=210&view=markup */
 
   test_salsa20(SHEX("80000000 00000000 00000000 00000000"),
-- 
1.7.9.5


_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Reply via email to