Extracted function _salsa20_core.

c9f986d2 · Niels Möller · 3eff4cc8 · c9f986d2 · c9f986d2 · c9f986d2
Commit c9f986d2 authored Sep 23, 2012 by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
+2012-09-23  Niels Möller  <nisse@lysator.liu.se>
+
+	* Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
+
+	* salsa20-core-internal.c (_salsa20_core): New file and function,
+	extracted from salsa20_crypt.
+	* salsa20.h (_salsa20_core): Declare it.
+	* salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
+
 2012-09-21  Niels Möller  <nisse@lysator.liu.se>

 	* pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized

--- a/Makefile.in
+++ b/Makefile.in
@@ -82,6 +82,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
 		 md2.c md2-meta.c md4.c md4-meta.c \
 		 md5.c md5-compress.c md5-compat.c md5-meta.c \
 		 ripemd160.c ripemd160-compress.c ripemd160-meta.c \
+		 salsa20-core-internal.c \
 		 salsa20-crypt.c salsa20-set-key.c \
 		 sha1.c sha1-compress.c sha1-meta.c \
 		 sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \

--- a/salsa20-core-internal.c
+++ b/salsa20-core-internal.c
+/* salsa20-core-internal.c
+ *
+ * Internal interface to the Salsa20 core function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+   salsa20-ref.c version 20051118
+   D. J. Bernstein
+   Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+#ifdef WORDS_BIGENDIAN
+#define LE_SWAP32(v)				\
+  ((ROTL32(8,  v) & 0x00FF00FFUL) |		\
+   (ROTL32(24, v) & 0xFF00FF00UL))
+#else
+#define LE_SWAP32(v) (v)
+#endif
+
+#define QROUND(x0, x1, x2, x3) do { \
+  x1 ^= ROTL32(7, x0 + x3);	    \
+  x2 ^= ROTL32(9, x1 + x0);	    \
+  x3 ^= ROTL32(13, x2 + x1);	    \
+  x0 ^= ROTL32(18, x3 + x2);	    \
+  } while(0)
+
+void
+_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
+{
+  uint32_t x[_SALSA20_INPUT_LENGTH];
+  unsigned i;
+
+  assert ( (rounds & 1) == 0);
+
+  memcpy (x, src, sizeof(x));
+  for (i = 0; i < rounds;i += 2)
+    {
+      QROUND(x[0], x[4], x[8], x[12]);
+      QROUND(x[5], x[9], x[13], x[1]);
+      QROUND(x[10], x[14], x[2], x[6]);
+      QROUND(x[15], x[3], x[7], x[11]);
+
+      QROUND(x[0], x[1], x[2], x[3]);
+      QROUND(x[5], x[6], x[7], x[4]);
+      QROUND(x[10], x[11], x[8], x[9]);
+      QROUND(x[15], x[12], x[13], x[14]);
+    }
+
+  for (i = 0; i < _SALSA20_INPUT_LENGTH; i++)
+    {
+      uint32_t t = x[i] + src[i];
+      dst[i] = LE_SWAP32 (t);
+    }
+}
--- a/salsa20-crypt.c
+++ b/salsa20-crypt.c
@@ -40,21 +40,6 @@
 #include "macros.h"
 #include "memxor.h"

-#ifdef WORDS_BIGENDIAN
-#define LE_SWAP32(v)				\
-  ((ROTL32(8,  v) & 0x00FF00FFUL) |		\
-   (ROTL32(24, v) & 0xFF00FF00UL))
-#else
-#define LE_SWAP32(v) (v)
-#endif
-
-#define QROUND(x0, x1, x2, x3) do { \
-  x1 ^= ROTL32(7, x0 + x3);	    \
-  x2 ^= ROTL32(9, x1 + x0);	    \
-  x3 ^= ROTL32(13, x2 + x1);	    \
-  x0 ^= ROTL32(18, x3 + x2);	    \
-  } while(0)
-
 void
 salsa20_crypt(struct salsa20_ctx *ctx,
 	      unsigned length,
@@ -67,26 +52,8 @@ salsa20_crypt(struct salsa20_ctx *ctx,
  for (;;)
    {
      uint32_t x[_SALSA20_INPUT_LENGTH];
-      int i;
-      memcpy (x, ctx->input, sizeof(x));
-      for (i = 0;i < 10;i ++)
-	{
-	  QROUND(x[0], x[4], x[8], x[12]);
-	  QROUND(x[5], x[9], x[13], x[1]);
-	  QROUND(x[10], x[14], x[2], x[6]);
-	  QROUND(x[15], x[3], x[7], x[11]);

-	  QROUND(x[0], x[1], x[2], x[3]);
-	  QROUND(x[5], x[6], x[7], x[4]);
-	  QROUND(x[10], x[11], x[8], x[9]);
-	  QROUND(x[15], x[12], x[13], x[14]);
-	}
-
-      for (i = 0;i < _SALSA20_INPUT_LENGTH;++i)
-	{
-	  uint32_t t = x[i] + ctx->input[i];
-	  x[i] = LE_SWAP32 (t);
-	}
+      _salsa20_core (x, ctx->input, 20);

      ctx->input[9] += (++ctx->input[8] == 0);


--- a/salsa20.h
+++ b/salsa20.h
@@ -37,6 +37,7 @@ extern "C" {
 #define salsa20_set_key nettle_salsa20_set_key
 #define salsa20_set_iv nettle_salsa20_set_iv
 #define salsa20_crypt nettle_salsa20_crypt
+#define _salsa20_core _nettle_salsa20_core

 /* Minimum and maximum keysizes, and a reasonable default. In
 * octets.*/
@@ -75,6 +76,9 @@ salsa20_crypt(struct salsa20_ctx *ctx,
 	      unsigned length, uint8_t *dst,
 	      const uint8_t *src);

+void
+_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
 #ifdef __cplusplus
 }
 #endif