salsa20 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,279 @@
1
+ /* ecrypt-sync.h */
2
+
3
+ /*
4
+ * Header file for synchronous stream ciphers without authentication
5
+ * mechanism.
6
+ *
7
+ * *** Please only edit parts marked with "[edit]". ***
8
+ */
9
+
10
+ #ifndef ECRYPT_SYNC
11
+ #define ECRYPT_SYNC
12
+
13
+ #include "ecrypt-portable.h"
14
+
15
+ /* ------------------------------------------------------------------------- */
16
+
17
+ /* Cipher parameters */
18
+
19
+ /*
20
+ * The name of your cipher.
21
+ */
22
+ #define ECRYPT_NAME "Salsa20" /* [edit] */
23
+ #define ECRYPT_PROFILE "S!_H."
24
+
25
+ /*
26
+ * Specify which key and IV sizes are supported by your cipher. A user
27
+ * should be able to enumerate the supported sizes by running the
28
+ * following code:
29
+ *
30
+ * for (i = 0; ECRYPT_KEYSIZE(i) <= ECRYPT_MAXKEYSIZE; ++i)
31
+ * {
32
+ * keysize = ECRYPT_KEYSIZE(i);
33
+ *
34
+ * ...
35
+ * }
36
+ *
37
+ * All sizes are in bits.
38
+ */
39
+
40
+ #define ECRYPT_MAXKEYSIZE 256 /* [edit] */
41
+ #define ECRYPT_KEYSIZE(i) (128 + (i)*128) /* [edit] */
42
+
43
+ #define ECRYPT_MAXIVSIZE 64 /* [edit] */
44
+ #define ECRYPT_IVSIZE(i) (64 + (i)*64) /* [edit] */
45
+
46
+ /* ------------------------------------------------------------------------- */
47
+
48
+ /* Data structures */
49
+
50
+ /*
51
+ * ECRYPT_ctx is the structure containing the representation of the
52
+ * internal state of your cipher.
53
+ */
54
+
55
+ typedef struct
56
+ {
57
+ u32 input[16]; /* could be compressed */
58
+ /*
59
+ * [edit]
60
+ *
61
+ * Put here all state variable needed during the encryption process.
62
+ */
63
+ } ECRYPT_ctx;
64
+
65
+ /* ------------------------------------------------------------------------- */
66
+
67
+ /* Mandatory functions */
68
+
69
+ /*
70
+ * Key and message independent initialization. This function will be
71
+ * called once when the program starts (e.g., to build expanded S-box
72
+ * tables).
73
+ */
74
+ void ECRYPT_init();
75
+
76
+ /*
77
+ * Key setup. It is the user's responsibility to select the values of
78
+ * keysize and ivsize from the set of supported values specified
79
+ * above.
80
+ */
81
+ void ECRYPT_keysetup(
82
+ ECRYPT_ctx* ctx,
83
+ const u8* key,
84
+ u32 keysize, /* Key size in bits. */
85
+ u32 ivsize); /* IV size in bits. */
86
+
87
+ /*
88
+ * IV setup. After having called ECRYPT_keysetup(), the user is
89
+ * allowed to call ECRYPT_ivsetup() different times in order to
90
+ * encrypt/decrypt different messages with the same key but different
91
+ * IV's.
92
+ */
93
+ void ECRYPT_ivsetup(
94
+ ECRYPT_ctx* ctx,
95
+ const u8* iv);
96
+
97
+ /*
98
+ * Encryption/decryption of arbitrary length messages.
99
+ *
100
+ * For efficiency reasons, the API provides two types of
101
+ * encrypt/decrypt functions. The ECRYPT_encrypt_bytes() function
102
+ * (declared here) encrypts byte strings of arbitrary length, while
103
+ * the ECRYPT_encrypt_blocks() function (defined later) only accepts
104
+ * lengths which are multiples of ECRYPT_BLOCKLENGTH.
105
+ *
106
+ * The user is allowed to make multiple calls to
107
+ * ECRYPT_encrypt_blocks() to incrementally encrypt a long message,
108
+ * but he is NOT allowed to make additional encryption calls once he
109
+ * has called ECRYPT_encrypt_bytes() (unless he starts a new message
110
+ * of course). For example, this sequence of calls is acceptable:
111
+ *
112
+ * ECRYPT_keysetup();
113
+ *
114
+ * ECRYPT_ivsetup();
115
+ * ECRYPT_encrypt_blocks();
116
+ * ECRYPT_encrypt_blocks();
117
+ * ECRYPT_encrypt_bytes();
118
+ *
119
+ * ECRYPT_ivsetup();
120
+ * ECRYPT_encrypt_blocks();
121
+ * ECRYPT_encrypt_blocks();
122
+ *
123
+ * ECRYPT_ivsetup();
124
+ * ECRYPT_encrypt_bytes();
125
+ *
126
+ * The following sequence is not:
127
+ *
128
+ * ECRYPT_keysetup();
129
+ * ECRYPT_ivsetup();
130
+ * ECRYPT_encrypt_blocks();
131
+ * ECRYPT_encrypt_bytes();
132
+ * ECRYPT_encrypt_blocks();
133
+ */
134
+
135
+ void ECRYPT_encrypt_bytes(
136
+ ECRYPT_ctx* ctx,
137
+ const u8* plaintext,
138
+ u8* ciphertext,
139
+ u32 msglen); /* Message length in bytes. */
140
+
141
+ void ECRYPT_decrypt_bytes(
142
+ ECRYPT_ctx* ctx,
143
+ const u8* ciphertext,
144
+ u8* plaintext,
145
+ u32 msglen); /* Message length in bytes. */
146
+
147
+ /* ------------------------------------------------------------------------- */
148
+
149
+ /* Optional features */
150
+
151
+ /*
152
+ * For testing purposes it can sometimes be useful to have a function
153
+ * which immediately generates keystream without having to provide it
154
+ * with a zero plaintext. If your cipher cannot provide this function
155
+ * (e.g., because it is not strictly a synchronous cipher), please
156
+ * reset the ECRYPT_GENERATES_KEYSTREAM flag.
157
+ */
158
+
159
+ #define ECRYPT_GENERATES_KEYSTREAM
160
+ #ifdef ECRYPT_GENERATES_KEYSTREAM
161
+
162
+ void ECRYPT_keystream_bytes(
163
+ ECRYPT_ctx* ctx,
164
+ u8* keystream,
165
+ u32 length); /* Length of keystream in bytes. */
166
+
167
+ #endif
168
+
169
+ /* ------------------------------------------------------------------------- */
170
+
171
+ /* Optional optimizations */
172
+
173
+ /*
174
+ * By default, the functions in this section are implemented using
175
+ * calls to functions declared above. However, you might want to
176
+ * implement them differently for performance reasons.
177
+ */
178
+
179
+ /*
180
+ * All-in-one encryption/decryption of (short) packets.
181
+ *
182
+ * The default definitions of these functions can be found in
183
+ * "ecrypt-sync.c". If you want to implement them differently, please
184
+ * undef the ECRYPT_USES_DEFAULT_ALL_IN_ONE flag.
185
+ */
186
+ #define ECRYPT_USES_DEFAULT_ALL_IN_ONE /* [edit] */
187
+
188
+ void ECRYPT_encrypt_packet(
189
+ ECRYPT_ctx* ctx,
190
+ const u8* iv,
191
+ const u8* plaintext,
192
+ u8* ciphertext,
193
+ u32 msglen);
194
+
195
+ void ECRYPT_decrypt_packet(
196
+ ECRYPT_ctx* ctx,
197
+ const u8* iv,
198
+ const u8* ciphertext,
199
+ u8* plaintext,
200
+ u32 msglen);
201
+
202
+ /*
203
+ * Encryption/decryption of blocks.
204
+ *
205
+ * By default, these functions are defined as macros. If you want to
206
+ * provide a different implementation, please undef the
207
+ * ECRYPT_USES_DEFAULT_BLOCK_MACROS flag and implement the functions
208
+ * declared below.
209
+ */
210
+
211
+ #define ECRYPT_BLOCKLENGTH 64 /* [edit] */
212
+
213
+ #define ECRYPT_USES_DEFAULT_BLOCK_MACROS /* [edit] */
214
+ #ifdef ECRYPT_USES_DEFAULT_BLOCK_MACROS
215
+
216
+ #define ECRYPT_encrypt_blocks(ctx, plaintext, ciphertext, blocks) \
217
+ ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, \
218
+ (blocks) * ECRYPT_BLOCKLENGTH)
219
+
220
+ #define ECRYPT_decrypt_blocks(ctx, ciphertext, plaintext, blocks) \
221
+ ECRYPT_decrypt_bytes(ctx, ciphertext, plaintext, \
222
+ (blocks) * ECRYPT_BLOCKLENGTH)
223
+
224
+ #ifdef ECRYPT_GENERATES_KEYSTREAM
225
+
226
+ #define ECRYPT_keystream_blocks(ctx, keystream, blocks) \
227
+ ECRYPT_keystream_bytes(ctx, keystream, \
228
+ (blocks) * ECRYPT_BLOCKLENGTH)
229
+
230
+ #endif
231
+
232
+ #else
233
+
234
+ void ECRYPT_encrypt_blocks(
235
+ ECRYPT_ctx* ctx,
236
+ const u8* plaintext,
237
+ u8* ciphertext,
238
+ u32 blocks); /* Message length in blocks. */
239
+
240
+ void ECRYPT_decrypt_blocks(
241
+ ECRYPT_ctx* ctx,
242
+ const u8* ciphertext,
243
+ u8* plaintext,
244
+ u32 blocks); /* Message length in blocks. */
245
+
246
+ #ifdef ECRYPT_GENERATES_KEYSTREAM
247
+
248
+ void ECRYPT_keystream_blocks(
249
+ ECRYPT_ctx* ctx,
250
+ const u8* keystream,
251
+ u32 blocks); /* Keystream length in blocks. */
252
+
253
+ #endif
254
+
255
+ #endif
256
+
257
+ /*
258
+ * If your cipher can be implemented in different ways, you can use
259
+ * the ECRYPT_VARIANT parameter to allow the user to choose between
260
+ * them at compile time (e.g., gcc -DECRYPT_VARIANT=3 ...). Please
261
+ * only use this possibility if you really think it could make a
262
+ * significant difference and keep the number of variants
263
+ * (ECRYPT_MAXVARIANT) as small as possible (definitely not more than
264
+ * 10). Note also that all variants should have exactly the same
265
+ * external interface (i.e., the same ECRYPT_BLOCKLENGTH, etc.).
266
+ */
267
+ #define ECRYPT_MAXVARIANT 1 /* [edit] */
268
+
269
+ #ifndef ECRYPT_VARIANT
270
+ #define ECRYPT_VARIANT 1
271
+ #endif
272
+
273
+ #if (ECRYPT_VARIANT > ECRYPT_MAXVARIANT)
274
+ #error this variant does not exist
275
+ #endif
276
+
277
+ /* ------------------------------------------------------------------------- */
278
+
279
+ #endif
@@ -0,0 +1,7 @@
1
+ require 'mkmf'
2
+ require 'rbconfig'
3
+
4
+ $CFLAGS << ' -Wall -funroll-loops'
5
+ $CFLAGS << ' -Wextra -O0 -ggdb3' if ENV['DEBUG']
6
+
7
+ create_makefile("salsa20_ext")
@@ -0,0 +1,221 @@
1
+ /*
2
+ salsa20-merged.c version 20051118
3
+ D. J. Bernstein
4
+ Public domain.
5
+ */
6
+
7
+ #include "ecrypt-sync.h"
8
+
9
+ #define ROTATE(v,c) (ROTL32(v,c))
10
+ #define XOR(v,w) ((v) ^ (w))
11
+ #define PLUS(v,w) (U32V((v) + (w)))
12
+ #define PLUSONE(v) (PLUS((v),1))
13
+
14
+ void ECRYPT_init(void)
15
+ {
16
+ return;
17
+ }
18
+
19
+ static const char sigma[16] = "expand 32-byte k";
20
+ static const char tau[16] = "expand 16-byte k";
21
+
22
+ void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
23
+ {
24
+ const char *constants;
25
+
26
+ (void) ivbits; /* avoid unused parameter compiler warning */
27
+
28
+ x->input[1] = U8TO32_LITTLE(k + 0);
29
+ x->input[2] = U8TO32_LITTLE(k + 4);
30
+ x->input[3] = U8TO32_LITTLE(k + 8);
31
+ x->input[4] = U8TO32_LITTLE(k + 12);
32
+ if (kbits == 256) { /* recommended */
33
+ k += 16;
34
+ constants = sigma;
35
+ } else { /* kbits == 128 */
36
+ constants = tau;
37
+ }
38
+ x->input[11] = U8TO32_LITTLE(k + 0);
39
+ x->input[12] = U8TO32_LITTLE(k + 4);
40
+ x->input[13] = U8TO32_LITTLE(k + 8);
41
+ x->input[14] = U8TO32_LITTLE(k + 12);
42
+ x->input[0] = U8TO32_LITTLE(constants + 0);
43
+ x->input[5] = U8TO32_LITTLE(constants + 4);
44
+ x->input[10] = U8TO32_LITTLE(constants + 8);
45
+ x->input[15] = U8TO32_LITTLE(constants + 12);
46
+ }
47
+
48
+ void ECRYPT_ivsetup(ECRYPT_ctx *x,const u8 *iv)
49
+ {
50
+ x->input[6] = U8TO32_LITTLE(iv + 0);
51
+ x->input[7] = U8TO32_LITTLE(iv + 4);
52
+ x->input[8] = 0;
53
+ x->input[9] = 0;
54
+ }
55
+
56
+ void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
57
+ {
58
+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
59
+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
60
+ u8 *ctarget = 0;
61
+ u8 tmp[64];
62
+ u32 i;
63
+
64
+ if (!bytes) return;
65
+
66
+ j0 = x->input[0];
67
+ j1 = x->input[1];
68
+ j2 = x->input[2];
69
+ j3 = x->input[3];
70
+ j4 = x->input[4];
71
+ j5 = x->input[5];
72
+ j6 = x->input[6];
73
+ j7 = x->input[7];
74
+ j8 = x->input[8];
75
+ j9 = x->input[9];
76
+ j10 = x->input[10];
77
+ j11 = x->input[11];
78
+ j12 = x->input[12];
79
+ j13 = x->input[13];
80
+ j14 = x->input[14];
81
+ j15 = x->input[15];
82
+
83
+ for (;;) {
84
+ if (bytes < 64) {
85
+ for (i = 0;i < bytes;++i) tmp[i] = m[i];
86
+ m = tmp;
87
+ ctarget = c;
88
+ c = tmp;
89
+ }
90
+ x0 = j0;
91
+ x1 = j1;
92
+ x2 = j2;
93
+ x3 = j3;
94
+ x4 = j4;
95
+ x5 = j5;
96
+ x6 = j6;
97
+ x7 = j7;
98
+ x8 = j8;
99
+ x9 = j9;
100
+ x10 = j10;
101
+ x11 = j11;
102
+ x12 = j12;
103
+ x13 = j13;
104
+ x14 = j14;
105
+ x15 = j15;
106
+ for (i = 20;i > 0;i -= 2) {
107
+ x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
108
+ x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
109
+ x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
110
+ x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
111
+ x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
112
+ x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
113
+ x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
114
+ x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
115
+ x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
116
+ x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
117
+ x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
118
+ x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
119
+ x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
120
+ x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
121
+ x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
122
+ x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
123
+ x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
124
+ x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
125
+ x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
126
+ x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
127
+ x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
128
+ x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
129
+ x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
130
+ x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
131
+ x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
132
+ x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
133
+ x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
134
+ x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
135
+ x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
136
+ x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
137
+ x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
138
+ x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
139
+ }
140
+ x0 = PLUS(x0,j0);
141
+ x1 = PLUS(x1,j1);
142
+ x2 = PLUS(x2,j2);
143
+ x3 = PLUS(x3,j3);
144
+ x4 = PLUS(x4,j4);
145
+ x5 = PLUS(x5,j5);
146
+ x6 = PLUS(x6,j6);
147
+ x7 = PLUS(x7,j7);
148
+ x8 = PLUS(x8,j8);
149
+ x9 = PLUS(x9,j9);
150
+ x10 = PLUS(x10,j10);
151
+ x11 = PLUS(x11,j11);
152
+ x12 = PLUS(x12,j12);
153
+ x13 = PLUS(x13,j13);
154
+ x14 = PLUS(x14,j14);
155
+ x15 = PLUS(x15,j15);
156
+
157
+ x0 = XOR(x0,U8TO32_LITTLE(m + 0));
158
+ x1 = XOR(x1,U8TO32_LITTLE(m + 4));
159
+ x2 = XOR(x2,U8TO32_LITTLE(m + 8));
160
+ x3 = XOR(x3,U8TO32_LITTLE(m + 12));
161
+ x4 = XOR(x4,U8TO32_LITTLE(m + 16));
162
+ x5 = XOR(x5,U8TO32_LITTLE(m + 20));
163
+ x6 = XOR(x6,U8TO32_LITTLE(m + 24));
164
+ x7 = XOR(x7,U8TO32_LITTLE(m + 28));
165
+ x8 = XOR(x8,U8TO32_LITTLE(m + 32));
166
+ x9 = XOR(x9,U8TO32_LITTLE(m + 36));
167
+ x10 = XOR(x10,U8TO32_LITTLE(m + 40));
168
+ x11 = XOR(x11,U8TO32_LITTLE(m + 44));
169
+ x12 = XOR(x12,U8TO32_LITTLE(m + 48));
170
+ x13 = XOR(x13,U8TO32_LITTLE(m + 52));
171
+ x14 = XOR(x14,U8TO32_LITTLE(m + 56));
172
+ x15 = XOR(x15,U8TO32_LITTLE(m + 60));
173
+
174
+ j8 = PLUSONE(j8);
175
+ if (!j8) {
176
+ j9 = PLUSONE(j9);
177
+ /* stopping at 2^70 bytes per nonce is user's responsibility */
178
+ }
179
+
180
+ U32TO8_LITTLE(c + 0,x0);
181
+ U32TO8_LITTLE(c + 4,x1);
182
+ U32TO8_LITTLE(c + 8,x2);
183
+ U32TO8_LITTLE(c + 12,x3);
184
+ U32TO8_LITTLE(c + 16,x4);
185
+ U32TO8_LITTLE(c + 20,x5);
186
+ U32TO8_LITTLE(c + 24,x6);
187
+ U32TO8_LITTLE(c + 28,x7);
188
+ U32TO8_LITTLE(c + 32,x8);
189
+ U32TO8_LITTLE(c + 36,x9);
190
+ U32TO8_LITTLE(c + 40,x10);
191
+ U32TO8_LITTLE(c + 44,x11);
192
+ U32TO8_LITTLE(c + 48,x12);
193
+ U32TO8_LITTLE(c + 52,x13);
194
+ U32TO8_LITTLE(c + 56,x14);
195
+ U32TO8_LITTLE(c + 60,x15);
196
+
197
+ if (bytes <= 64) {
198
+ if (bytes < 64) {
199
+ for (i = 0;i < bytes;++i) ctarget[i] = c[i];
200
+ }
201
+ x->input[8] = j8;
202
+ x->input[9] = j9;
203
+ return;
204
+ }
205
+ bytes -= 64;
206
+ c += 64;
207
+ m += 64;
208
+ }
209
+ }
210
+
211
+ void ECRYPT_decrypt_bytes(ECRYPT_ctx *x,const u8 *c,u8 *m,u32 bytes)
212
+ {
213
+ ECRYPT_encrypt_bytes(x,c,m,bytes);
214
+ }
215
+
216
+ void ECRYPT_keystream_bytes(ECRYPT_ctx *x,u8 *stream,u32 bytes)
217
+ {
218
+ u32 i;
219
+ for (i = 0;i < bytes;++i) stream[i] = 0;
220
+ ECRYPT_encrypt_bytes(x,stream,stream,bytes);
221
+ }