From a6b67c3425e9e12c292fa38a189e6faa8afb02fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 17 Apr 2012 21:53:22 +0200
Subject: [PATCH] Moved salsa20_set_key to a separate file. Inlined
salsa20_hash into salsa20_crypt.
---
ChangeLog | 7 +++
Makefile.in | 2 +-
salsa20-set-key.c | 88 ++++++++++++++++++++++++++++++++++++++
salsa20.c | 107 +++++++++++-----------------------------------
4 files changed, 120 insertions(+), 84 deletions(-)
create mode 100644 salsa20-set-key.c
diff --git a/ChangeLog b/ChangeLog
index 548e2325..c615d6ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-04-17 Niels Möller <nisse@lysator.liu.se>
+
+ * salsa20.c (salsa20_hash): Deleted function, inlined into
+ salsa20_crypt.
+ (salsa20_set_key, salsa20_set_iv): Moved, to...
+ * salsa20-set-key.c: ...new file.
+
2012-04-15 Niels Möller <nisse@lysator.liu.se>
* testsuite/salsa20-test.c (test_salsa20_stream): New function.
diff --git a/Makefile.in b/Makefile.in
index 2e7b7fc3..471c71ca 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -81,7 +81,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \
ripemd160.c ripemd160-compress.c ripemd160-meta.c \
- salsa20.c \
+ salsa20.c salsa20-set-key.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
diff --git a/salsa20-set-key.c b/salsa20-set-key.c
new file mode 100644
index 00000000..ecb0a213
--- /dev/null
+++ b/salsa20-set-key.c
@@ -0,0 +1,88 @@
+/* salsa20-set-key.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_set_key(struct salsa20_ctx *ctx,
+ unsigned length, const uint8_t *key)
+{
+ static const uint32_t sigma[4] = {
+ /* "expand 32-byte k" */
+ 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
+ };
+ static const uint32_t tau[4] = {
+ /* "expand 16-byte k" */
+ 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
+ };
+ const uint32_t *constants;
+
+ assert (length == SALSA20_MIN_KEY_SIZE || length == SALSA20_MAX_KEY_SIZE);
+
+ ctx->input[1] = LE_READ_UINT32(key + 0);
+ ctx->input[2] = LE_READ_UINT32(key + 4);
+ ctx->input[3] = LE_READ_UINT32(key + 8);
+ ctx->input[4] = LE_READ_UINT32(key + 12);
+ if (length == SALSA20_MAX_KEY_SIZE) { /* recommended */
+ ctx->input[11] = LE_READ_UINT32(key + 16);
+ ctx->input[12] = LE_READ_UINT32(key + 20);
+ ctx->input[13] = LE_READ_UINT32(key + 24);
+ ctx->input[14] = LE_READ_UINT32(key + 28);
+ constants = sigma;
+ } else { /* kbits == 128 */
+ ctx->input[11] = ctx->input[1];
+ ctx->input[12] = ctx->input[2];
+ ctx->input[13] = ctx->input[3];
+ ctx->input[14] = ctx->input[4];
+ constants = tau;
+ }
+ ctx->input[0] = constants[0];
+ ctx->input[5] = constants[1];
+ ctx->input[10] = constants[2];
+ ctx->input[15] = constants[3];
+}
+
+void
+salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv)
+{
+ ctx->input[6] = LE_READ_UINT32(iv + 0);
+ ctx->input[7] = LE_READ_UINT32(iv + 4);
+ ctx->input[8] = 0;
+ ctx->input[9] = 0;
+}
diff --git a/salsa20.c b/salsa20.c
index 19c82056..6b4898b0 100644
--- a/salsa20.c
+++ b/salsa20.c
@@ -33,7 +33,6 @@
# include "config.h"
#endif
-#include <assert.h>
#include <string.h>
#include "salsa20.h"
@@ -56,107 +55,49 @@
x0 ^= ROTL32(18, x3 + x2); \
} while(0)
-static void
-salsa20_hash(uint32_t *output, const uint32_t *input)
-{
- uint32_t x[_SALSA20_INPUT_LENGTH];
- int i;
-
- memcpy (x, input, sizeof (x));
-
- for (i = 20;i > 0;i -= 2) {
- QROUND(x[0], x[4], x[8], x[12]);
- QROUND(x[5], x[9], x[13], x[1]);
- QROUND(x[10], x[14], x[2], x[6]);
- QROUND(x[15], x[3], x[7], x[11]);
-
- QROUND(x[0], x[1], x[2], x[3]);
- QROUND(x[5], x[6], x[7], x[4]);
- QROUND(x[10], x[11], x[8], x[9]);
- QROUND(x[15], x[12], x[13], x[14]);
- }
- for (i = 0;i < _SALSA20_INPUT_LENGTH;++i)
- {
- uint32_t t = x[i] + input[i];
- /* NOTE: We return a word array of byte-swapped values, rather
- than using a byte array and LE_WRITE_UINT32, to avoid having
- to care about unaligned bytes. */
- output[i] = LE_SWAP32 (t);
- }
-}
-
-void
-salsa20_set_key(struct salsa20_ctx *ctx,
- unsigned length, const uint8_t *key)
-{
- static const uint32_t sigma[4] = {
- /* "expand 32-byte k" */
- 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
- };
- static const uint32_t tau[4] = {
- /* "expand 16-byte k" */
- 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
- };
- const uint32_t *constants;
-
- assert (length == SALSA20_MIN_KEY_SIZE || length == SALSA20_MAX_KEY_SIZE);
-
- ctx->input[1] = LE_READ_UINT32(key + 0);
- ctx->input[2] = LE_READ_UINT32(key + 4);
- ctx->input[3] = LE_READ_UINT32(key + 8);
- ctx->input[4] = LE_READ_UINT32(key + 12);
- if (length == SALSA20_MAX_KEY_SIZE) { /* recommended */
- ctx->input[11] = LE_READ_UINT32(key + 16);
- ctx->input[12] = LE_READ_UINT32(key + 20);
- ctx->input[13] = LE_READ_UINT32(key + 24);
- ctx->input[14] = LE_READ_UINT32(key + 28);
- constants = sigma;
- } else { /* kbits == 128 */
- ctx->input[11] = ctx->input[1];
- ctx->input[12] = ctx->input[2];
- ctx->input[13] = ctx->input[3];
- ctx->input[14] = ctx->input[4];
- constants = tau;
- }
- ctx->input[0] = constants[0];
- ctx->input[5] = constants[1];
- ctx->input[10] = constants[2];
- ctx->input[15] = constants[3];
-}
-
-void
-salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv)
-{
- ctx->input[6] = LE_READ_UINT32(iv + 0);
- ctx->input[7] = LE_READ_UINT32(iv + 4);
- ctx->input[8] = 0;
- ctx->input[9] = 0;
-}
-
void
salsa20_crypt(struct salsa20_ctx *ctx,
unsigned length,
uint8_t *c,
const uint8_t *m)
{
- uint32_t output[_SALSA20_INPUT_LENGTH];
-
if (!length)
return;
for (;;)
{
- salsa20_hash(output,ctx->input);
+ uint32_t x[_SALSA20_INPUT_LENGTH];
+ int i;
+ memcpy (x, ctx->input, sizeof(x));
+ for (i = 0;i < 10;i ++)
+ {
+ QROUND(x[0], x[4], x[8], x[12]);
+ QROUND(x[5], x[9], x[13], x[1]);
+ QROUND(x[10], x[14], x[2], x[6]);
+ QROUND(x[15], x[3], x[7], x[11]);
+
+ QROUND(x[0], x[1], x[2], x[3]);
+ QROUND(x[5], x[6], x[7], x[4]);
+ QROUND(x[10], x[11], x[8], x[9]);
+ QROUND(x[15], x[12], x[13], x[14]);
+ }
+
+ for (i = 0;i < _SALSA20_INPUT_LENGTH;++i)
+ {
+ uint32_t t = x[i] + ctx->input[i];
+ x[i] = LE_SWAP32 (t);
+ }
+
ctx->input[9] += (++ctx->input[8] == 0);
/* stopping at 2^70 length per nonce is user's responsibility */
if (length <= SALSA20_BLOCK_SIZE)
{
- memxor3 (c, m, (uint8_t *) output, length);
+ memxor3 (c, m, (uint8_t *) x, length);
return;
}
- memxor3 (c, m, (uint8_t *) output, SALSA20_BLOCK_SIZE);
+ memxor3 (c, m, (uint8_t *) x, SALSA20_BLOCK_SIZE);
length -= SALSA20_BLOCK_SIZE;
c += SALSA20_BLOCK_SIZE;
--
GitLab