diff --git a/ChangeLog b/ChangeLog
index b476c8de1b5212209cd0d512bd70a9b9ba84bd59..a7f6c11d56ecc565b3b709b1ef1df32998608c97 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2014-01-20 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
+ salsa20-128-set-key.c, and salsa20-256-set-key.c.
+
+ * salsa20.h: Declare new functions.
+ (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
+ (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
+
+ * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
+ salsa20_256_set_key.
+ (salsa20_set_iv): Renamed and moved...
+ * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
+
+ * salsa20-256-set-key.c (salsa20_256_set_key): New file and
+ function.
+ * salsa20-128-set-key.c (salsa20_128_set_key): New file and
+ function.
+
2014-01-13 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (union nettle_block16): New type, replacing union
diff --git a/Makefile.in b/Makefile.in
index 05e6adeb7287ab7f388320c6baaaf374ff3d5fa7..db2f2ba68a90f9796202245f377fcd6040313e0c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -94,6 +94,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
ripemd160.c ripemd160-compress.c ripemd160-meta.c \
salsa20-core-internal.c \
salsa20-crypt.c salsa20r12-crypt.c salsa20-set-key.c \
+ salsa20-set-nonce.c \
+ salsa20-128-set-key.c salsa20-256-set-key.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
diff --git a/salsa20-128-set-key.c b/salsa20-128-set-key.c
new file mode 100644
index 0000000000000000000000000000000000000000..4157c0c72f5b8fd91051ec727f83b6435a77d0c7
--- /dev/null
+++ b/salsa20-128-set-key.c
@@ -0,0 +1,53 @@
+/*
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ * Copyright (C) 2012-2014 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key)
+{
+ ctx->input[11] = ctx->input[1] = LE_READ_UINT32(key + 0);
+ ctx->input[12] = ctx->input[2] = LE_READ_UINT32(key + 4);
+ ctx->input[13] = ctx->input[3] = LE_READ_UINT32(key + 8);
+ ctx->input[14] = ctx->input[4] = LE_READ_UINT32(key + 12);
+
+ /* "expand 16-byte k" */
+ ctx->input[0] = 0x61707865;
+ ctx->input[5] = 0x3120646e;
+ ctx->input[10] = 0x79622d36;
+ ctx->input[15] = 0x6b206574;
+}
diff --git a/salsa20-256-set-key.c b/salsa20-256-set-key.c
new file mode 100644
index 0000000000000000000000000000000000000000..c820b501acfc40f55fd76f6f625c597d041d403a
--- /dev/null
+++ b/salsa20-256-set-key.c
@@ -0,0 +1,58 @@
+/*
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ * Copyright (C) 2012-2014 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key)
+{
+ ctx->input[1] = LE_READ_UINT32(key + 0);
+ ctx->input[2] = LE_READ_UINT32(key + 4);
+ ctx->input[3] = LE_READ_UINT32(key + 8);
+ ctx->input[4] = LE_READ_UINT32(key + 12);
+
+ ctx->input[11] = LE_READ_UINT32(key + 16);
+ ctx->input[12] = LE_READ_UINT32(key + 20);
+ ctx->input[13] = LE_READ_UINT32(key + 24);
+ ctx->input[14] = LE_READ_UINT32(key + 28);
+
+ /* "expand 32-byte k" */
+ ctx->input[0] = 0x61707865;
+ ctx->input[5] = 0x3320646e;
+ ctx->input[10] = 0x79622d32;
+ ctx->input[15] = 0x6b206574;
+}
diff --git a/salsa20-set-key.c b/salsa20-set-key.c
index 661aacc2d192d048bc734630af69539e716819de..7a120928562558e2e0623809b0633f82866ca0bf 100644
--- a/salsa20-set-key.c
+++ b/salsa20-set-key.c
@@ -33,7 +33,7 @@
# include "config.h"
#endif
-#include <assert.h>
+#include <stdlib.h>
#include "salsa20.h"
@@ -43,46 +43,15 @@ void
salsa20_set_key(struct salsa20_ctx *ctx,
size_t length, const uint8_t *key)
{
- static const uint32_t sigma[4] = {
- /* "expand 32-byte k" */
- 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
- };
- static const uint32_t tau[4] = {
- /* "expand 16-byte k" */
- 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
- };
- const uint32_t *constants;
-
- assert (length == SALSA20_MIN_KEY_SIZE || length == SALSA20_MAX_KEY_SIZE);
-
- ctx->input[1] = LE_READ_UINT32(key + 0);
- ctx->input[2] = LE_READ_UINT32(key + 4);
- ctx->input[3] = LE_READ_UINT32(key + 8);
- ctx->input[4] = LE_READ_UINT32(key + 12);
- if (length == SALSA20_MAX_KEY_SIZE) { /* recommended */
- ctx->input[11] = LE_READ_UINT32(key + 16);
- ctx->input[12] = LE_READ_UINT32(key + 20);
- ctx->input[13] = LE_READ_UINT32(key + 24);
- ctx->input[14] = LE_READ_UINT32(key + 28);
- constants = sigma;
- } else { /* kbits == 128 */
- ctx->input[11] = ctx->input[1];
- ctx->input[12] = ctx->input[2];
- ctx->input[13] = ctx->input[3];
- ctx->input[14] = ctx->input[4];
- constants = tau;
- }
- ctx->input[0] = constants[0];
- ctx->input[5] = constants[1];
- ctx->input[10] = constants[2];
- ctx->input[15] = constants[3];
-}
-
-void
-salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv)
-{
- ctx->input[6] = LE_READ_UINT32(iv + 0);
- ctx->input[7] = LE_READ_UINT32(iv + 4);
- ctx->input[8] = 0;
- ctx->input[9] = 0;
+ switch (length)
+ {
+ case SALSA20_128_KEY_SIZE:
+ salsa20_128_set_key (ctx, key);
+ break;
+ case SALSA20_256_KEY_SIZE:
+ salsa20_256_set_key (ctx, key);
+ break;
+ default:
+ abort();
+ }
}
diff --git a/salsa20-set-nonce.c b/salsa20-set-nonce.c
new file mode 100644
index 0000000000000000000000000000000000000000..cdcc44b1929896e31b5763a721ef10df3d8cb213
--- /dev/null
+++ b/salsa20-set-nonce.c
@@ -0,0 +1,47 @@
+/* salsa20-set-nonce.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_set_nonce(struct salsa20_ctx *ctx, const uint8_t *nonce)
+{
+ ctx->input[6] = LE_READ_UINT32(nonce + 0);
+ ctx->input[7] = LE_READ_UINT32(nonce + 4);
+ ctx->input[8] = 0;
+ ctx->input[9] = 0;
+}
diff --git a/salsa20.h b/salsa20.h
index 3ce1a93e8abaeed1b6a89a61b609022b53edb987..444b5b4357d36bd166aff347432c981618e0be98 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -35,20 +35,27 @@ extern "C" {
/* Name mangling */
#define salsa20_set_key nettle_salsa20_set_key
-#define salsa20_set_iv nettle_salsa20_set_iv
+#define salsa20_128_set_key nettle_salsa20_128_set_key
+#define salsa20_256_set_key nettle_salsa20_256_set_key
+#define salsa20_set_nonce nettle_salsa20_set_nonce
#define salsa20_crypt nettle_salsa20_crypt
#define _salsa20_core _nettle_salsa20_core
#define salsa20r12_crypt nettle_salsa20r12_crypt
-/* Minimum and maximum keysizes, and a reasonable default. In
- * octets.*/
+/* Alias for backwards compatibility */
+#define salsa20_set_iv nettle_salsa20_set_nonce
+
+/* In octets.*/
+#define SALSA20_128_KEY_SIZE 16
+#define SALSA20_256_KEY_SIZE 32
+#define SALSA20_BLOCK_SIZE 64
+#define SALSA20_IV_SIZE 8
+
+/* Aliases */
#define SALSA20_MIN_KEY_SIZE 16
#define SALSA20_MAX_KEY_SIZE 32
#define SALSA20_KEY_SIZE 32
-#define SALSA20_BLOCK_SIZE 64
-
-#define SALSA20_IV_SIZE 8
#define _SALSA20_INPUT_LENGTH 16
@@ -66,6 +73,11 @@ struct salsa20_ctx
uint32_t input[_SALSA20_INPUT_LENGTH];
};
+void
+salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
+void
+salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
+
void
salsa20_set_key(struct salsa20_ctx *ctx,
size_t length, const uint8_t *key);