I quickly discovered that I needed the round-reduced variants of Salsa20. Here they are. I didn't update the assembler part, so I would need help finishing that part.
/Simon
>From 0d15d69c41456dfb1fc7b6317d4e9fd00a444ab3 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <[email protected]> Date: Thu, 13 Sep 2012 23:55:38 +0200 Subject: [PATCH] Support round-reduced Salsa20/8 and Salsa20/12. --- ChangeLog | 10 +++++ NEWS | 5 +++ salsa20-crypt.c | 40 ++++++++++++++--- salsa20.h | 12 ++++++ testsuite/salsa20-test.c | 108 ++++++++++++++++++++++++++++++++++++++++------ 5 files changed, 155 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index fe61ad9..8ca5395 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2012-09-13 Simon Josefsson <[email protected]> + + * NEWS: Mention Salsa20/8 and Salsa20/12. + * salsa20.h (salsa20r8_crypt): New prototype. + (salsa20r12_crypt): New prototype. + * salsa20-crypt.c (salsa20r8_crypt): New function. + (salsa20r12_crypt): New function. + (salsa20r_crypt): New function, move logic from salsa20_crypt. + * testsuite/salsa20-test.c: Test new functions. + 2012-09-10 Niels Möller <[email protected]> * examples/eratosthenes.c (main): Explicitly deallocate storage diff --git a/NEWS b/NEWS index 4957f80..8a96752 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ + New features: + + * Support for the round-reduced Salsa20/8 and Salsa20/12 + variants. + NEWS for the 2.5 release This release includes important portability fixes for Windows diff --git a/salsa20-crypt.c b/salsa20-crypt.c index eae3cea..a57cb71 100644 --- a/salsa20-crypt.c +++ b/salsa20-crypt.c @@ -55,11 +55,12 @@ x0 ^= ROTL32(18, x3 + x2); \ } while(0) -void -salsa20_crypt(struct salsa20_ctx *ctx, - unsigned length, - uint8_t *c, - const uint8_t *m) +static void +salsa20r_crypt(struct salsa20_ctx *ctx, + int rounds, + unsigned length, + uint8_t *c, + const uint8_t *m) { if (!length) return; @@ -69,7 +70,7 @@ salsa20_crypt(struct salsa20_ctx *ctx, uint32_t x[_SALSA20_INPUT_LENGTH]; int i; memcpy (x, ctx->input, sizeof(x)); - for (i = 0;i < 10;i ++) + for (i = 0;i < rounds;i += 2) { QROUND(x[0], x[4], x[8], x[12]); QROUND(x[5], x[9], x[13], x[1]); @@ -104,3 +105,30 @@ salsa20_crypt(struct salsa20_ctx *ctx, m += SALSA20_BLOCK_SIZE; } } + +void +salsa20_crypt(struct salsa20_ctx *ctx, + unsigned length, + uint8_t *c, + const uint8_t *m) +{ + salsa20r_crypt(ctx, 20, length, c, m); +} + +void +salsa20r8_crypt(struct salsa20_ctx *ctx, + unsigned length, + uint8_t *c, + const uint8_t *m) +{ + salsa20r_crypt(ctx, 8, length, c, m); +} + +void +salsa20r12_crypt(struct salsa20_ctx *ctx, + unsigned length, + uint8_t *c, + const uint8_t *m) +{ + salsa20r_crypt(ctx, 12, length, c, m); +} diff --git a/salsa20.h b/salsa20.h index 7d47f52..ebb28c7 100644 --- a/salsa20.h +++ b/salsa20.h @@ -75,6 +75,18 @@ salsa20_crypt(struct salsa20_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src); +/* Round-reduced Salsa20/8. */ +void +salsa20r8_crypt(struct salsa20_ctx *ctx, + unsigned length, uint8_t *dst, + const uint8_t *src); + +/* Round-reduced Salsa20/12. */ +void +salsa20r12_crypt(struct salsa20_ctx *ctx, + unsigned length, uint8_t *dst, + const uint8_t *src); + #ifdef __cplusplus } #endif diff --git a/testsuite/salsa20-test.c b/testsuite/salsa20-test.c index 7a246b9..8ec6c25 100644 --- a/testsuite/salsa20-test.c +++ b/testsuite/salsa20-test.c @@ -13,13 +13,18 @@ memzero_p (const uint8_t *p, size_t n) return 1; } +typedef void (*salsa20_func) (struct salsa20_ctx *ctx, + unsigned length, uint8_t *dst, + const uint8_t *src); + /* The ecrypt testcases encrypt 512 zero bytes (8 blocks), then give the xor of all blocks, and the data for block 0 (0-43), 3,4 (192-319), 7 (448-511) */ #define STREAM_LENGTH 512 static void -test_salsa20_stream(unsigned key_length, +test_salsa20_stream(salsa20_func crypt, + unsigned key_length, const uint8_t *key, const uint8_t *iv, const uint8_t *ciphertext, @@ -34,7 +39,7 @@ test_salsa20_stream(unsigned key_length, salsa20_set_key(&ctx, key_length, key); salsa20_set_iv(&ctx, iv); memset(stream, 0, STREAM_LENGTH + 1); - salsa20_crypt(&ctx, STREAM_LENGTH, stream, stream); + crypt(&ctx, STREAM_LENGTH, stream, stream); if (stream[STREAM_LENGTH]) { fprintf(stderr, "Stream of %d bytes wrote too much!\n", STREAM_LENGTH); @@ -90,7 +95,7 @@ test_salsa20_stream(unsigned key_length, { memset(data, 0, STREAM_LENGTH + 1); salsa20_set_iv(&ctx, iv); - salsa20_crypt(&ctx, j, data, data); + crypt(&ctx, j, data, data); if (!MEMEQ(j, data, stream)) { @@ -114,7 +119,8 @@ test_salsa20_stream(unsigned key_length, } static void -test_salsa20(unsigned key_length, +test_salsa20(salsa20_func crypt, + unsigned key_length, const uint8_t *key, const uint8_t *iv, unsigned length, @@ -127,7 +133,7 @@ test_salsa20(unsigned key_length, salsa20_set_key(&ctx, key_length, key); salsa20_set_iv(&ctx, iv); data[length] = 17; - salsa20_crypt(&ctx, length, data, cleartext); + crypt(&ctx, length, data, cleartext); if (data[length] != 17) { fprintf(stderr, "Encrypt of %u bytes wrote too much!\nInput:", length); @@ -148,7 +154,7 @@ test_salsa20(unsigned key_length, } salsa20_set_key(&ctx, key_length, key); salsa20_set_iv(&ctx, iv); - salsa20_crypt(&ctx, length, data, data); + crypt(&ctx, length, data, data); if (!MEMEQ(length, data, cleartext)) { @@ -170,40 +176,47 @@ test_main(void) { /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/verified.test-vectors?logsort=rev&rev=210&view=markup */ - test_salsa20(HL("80000000 00000000 00000000 00000000"), + test_salsa20(salsa20_crypt, + HL("80000000 00000000 00000000 00000000"), H("00000000 00000000"), HL("00000000 00000000"), H("4DFA5E48 1DA23EA0")); - test_salsa20(HL("00000000 00000000 00000000 00000000"), + test_salsa20(salsa20_crypt, + HL("00000000 00000000 00000000 00000000"), H("80000000 00000000"), HL("00000000 00000000"), H("B66C1E44 46DD9557")); - test_salsa20(HL("0053A6F94C9FF24598EB3E91E4378ADD"), + test_salsa20(salsa20_crypt, + HL("0053A6F94C9FF24598EB3E91E4378ADD"), H("0D74DB42A91077DE"), HL("00000000 00000000"), H("05E1E7BE B697D999")); - test_salsa20(HL("80000000 00000000 00000000 00000000" + test_salsa20(salsa20_crypt, + HL("80000000 00000000 00000000 00000000" "00000000 00000000 00000000 00000000"), H("00000000 00000000"), HL("00000000 00000000"), H("E3BE8FDD 8BECA2E3")); - test_salsa20(HL("00000000 00000000 00000000 00000000" + test_salsa20(salsa20_crypt, + HL("00000000 00000000 00000000 00000000" "00000000 00000000 00000000 00000000"), H("80000000 00000000"), HL("00000000 00000000"), H("2ABA3DC45B494700")); - test_salsa20(HL("0053A6F94C9FF24598EB3E91E4378ADD" + test_salsa20(salsa20_crypt, + HL("0053A6F94C9FF24598EB3E91E4378ADD" "3083D6297CCF2275C81B6EC11467BA0D"), H("0D74DB42A91077DE"), HL("00000000 00000000"), H("F5FAD53F 79F9DF58")); - test_salsa20_stream(HL("80000000000000000000000000000000"), + test_salsa20_stream(salsa20_crypt, + HL("80000000000000000000000000000000"), H("00000000 00000000"), H("4DFA5E481DA23EA09A31022050859936" "DA52FCEE218005164F267CB65F5CFD7F" @@ -226,7 +239,8 @@ test_main(void) "5F13AC74D2539570FD34FEAB06C57205" "3949B59585742181A5A760223AFA22D4")); - test_salsa20_stream(HL("48494A4B4C4D4E4F5051525354555657" + test_salsa20_stream(salsa20_crypt, + HL("48494A4B4C4D4E4F5051525354555657" "58595A5B5C5D5E5F6061626364656667"), H("0000000000000000"), H("53AD3698A011F779AD71030F3EFBEBA0" @@ -250,5 +264,71 @@ test_main(void) "637C7CA2B78B116F83AFF46E40F8F71D" "4CD6D2E1B750D5E011D1DF2E80F7210A")); + /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/reduced/8-rounds/verified.test-vectors?rev=210&view=markup */ + + test_salsa20(salsa20r8_crypt, + HL("80000000 00000000 00000000 00000000"), + H("00000000 00000000"), + HL("00000000 00000000"), + H("A9C9F888 AB552A2D")); + + test_salsa20_stream(salsa20r8_crypt, + HL("48494A4B4C4D4E4F5051525354555657" + "58595A5B5C5D5E5F6061626364656667"), + H("0000000000000000"), + H("A6CC8B404F2AF4FDAF7D6A8795F7CC5D" + "9BB2741B787B51538BF9BDA816486BC0" + "D334348DB81317951E1DF416988A0942" + "7ECC9214B02B8C4AA816A6014758FE06" + "D4FA0D1AB59C779C4BA1B64391356884" + "06DA8137C88A3642295C6285E9535438" + "D86DAC9C5B88628CD04D99CCEA1EC82E" + "F58720BF5AEBC02A453A5601A9CFEE46" + "1768DEDD9085B9EA5D36B507855B7413" + "63500AEEDFEAE88D6996E45DC8A21BDF" + "2553BFD191E2CF697FC4D8D6AC7A3AE8" + "AF1B140EBABB5F1B8D1524E087147291" + "B53ACC37176F2DD5E48250F1334E40B0" + "282FBF02B12953AE229A9175CF973DED" + "0B8A637E2E55EE26E7E2E8E962AA4BC0" + "98B0B1A82348DEEC1BDE9D370859937F"), + H("9EA2C38E03E01567DD7B969946638AFD" + "A0EEAB5E0DAE16E6FD33196B923D57FD" + "22964B080FCFC07E64EC5464EFA9EB21" + "4ADCFE4792CEAAEABC73DB10E4178FD1")); + + /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/reduced/12-rounds/verified.test-vectors?rev=210&view=markup */ + + test_salsa20(salsa20r12_crypt, + HL("80000000 00000000 00000000 00000000"), + H("00000000 00000000"), + HL("00000000 00000000"), + H("FC207DBF C76C5E17")); + + test_salsa20_stream(salsa20r12_crypt, + HL("48494A4B4C4D4E4F5051525354555657" + "58595A5B5C5D5E5F6061626364656667"), + H("0000000000000000"), + H("9E1B005B1072B05213869162B5E9940E" + "C8847C4A2D196E421C2BF7ACEA349EB7" + "4AFCA3DE0A62416A5B7EA34D90E83EF0" + "608B45F727326C1DB59ED8C7A82EF46D" + "247D730C7FDE4B1CA99F39D29F535DE1" + "3ADBA3493B705CC5E279BBB8B190F325" + "2F21E742D8057CB3B4715CC696755540" + "AA090950A422AE1C6C9087A6AC3C0314" + "D6919E05F350D80BF9927EF17004A684" + "02FD3A990388478AFC98760FDCF0DDA6" + "0797C78224B0C7899721999C8806D6FC" + "2C2CE8D428D273FE5FE8D6AD0F0CEE46" + "37B8AE6780C719C5F89E9B13147E915B" + "4027B0419F52CC68D287391EB3954ED5" + "E7BD1F1B653F146D8D0E6A13E6B8253C" + "09FE17E11D5A99F719CD0072CEA40E80"), + H("DD32748517CA537D50CE908F5934461B" + "B2BAD80FFD6CA8673B4E72A5F0DBDB08" + "03DA7BC2F61AB452D570DF1A589783E7" + "3F4216C3244D460147749053F4091E3F")); + SUCCESS(); } -- 1.7.9.5
_______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
