arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add Salsa20_Core transform (GH #630) (#632)

pull/633/head
Jeffrey Walton 2018-04-02 03:51:51 -04:00 committed by GitHub
parent d106256a29
commit 6faaf35195
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
salsa.cpp
View File

@ -36,6 +36,65 @@ void Salsa20_TestInstantiations()
} }
#endif #endif
void Salsa20_Core(word32* data, unsigned int rounds)
{
CRYPTOPP_ASSERT(data != NULLPTR);
CRYPTOPP_ASSERT(rounds % 2 == 0);
CRYPTOPP_ALIGN_DATA(16) word32 x[16];
for (size_t i = 0; i < 16; ++i)
x[i] = data[i];
// Rounds must be even
for (size_t i = 0; i < rounds; i += 2)
{
x[ 4] ^= rotlConstant< 7>(x[ 0]+x[12]);
x[ 8] ^= rotlConstant< 9>(x[ 4]+x[ 0]);
x[12] ^= rotlConstant<13>(x[ 8]+x[ 4]);
x[ 0] ^= rotlConstant<18>(x[12]+x[ 8]);
x[ 9] ^= rotlConstant< 7>(x[ 5]+x[ 1]);
x[13] ^= rotlConstant< 9>(x[ 9]+x[ 5]);
x[ 1] ^= rotlConstant<13>(x[13]+x[ 9]);
x[ 5] ^= rotlConstant<18>(x[ 1]+x[13]);
x[14] ^= rotlConstant< 7>(x[10]+x[ 6]);
x[ 2] ^= rotlConstant< 9>(x[14]+x[10]);
x[ 6] ^= rotlConstant<13>(x[ 2]+x[14]);
x[10] ^= rotlConstant<18>(x[ 6]+x[ 2]);
x[ 3] ^= rotlConstant< 7>(x[15]+x[11]);
x[ 7] ^= rotlConstant< 9>(x[ 3]+x[15]);
x[11] ^= rotlConstant<13>(x[ 7]+x[ 3]);
x[15] ^= rotlConstant<18>(x[11]+x[ 7]);
x[ 1] ^= rotlConstant< 7>(x[ 0]+x[ 3]);
x[ 2] ^= rotlConstant< 9>(x[ 1]+x[ 0]);
x[ 3] ^= rotlConstant<13>(x[ 2]+x[ 1]);
x[ 0] ^= rotlConstant<18>(x[ 3]+x[ 2]);
x[ 6] ^= rotlConstant< 7>(x[ 5]+x[ 4]);
x[ 7] ^= rotlConstant< 9>(x[ 6]+x[ 5]);
x[ 4] ^= rotlConstant<13>(x[ 7]+x[ 6]);
x[ 5] ^= rotlConstant<18>(x[ 4]+x[ 7]);
x[11] ^= rotlConstant< 7>(x[10]+x[ 9]);
x[ 8] ^= rotlConstant< 9>(x[11]+x[10]);
x[ 9] ^= rotlConstant<13>(x[ 8]+x[11]);
x[10] ^= rotlConstant<18>(x[ 9]+x[ 8]);
x[12] ^= rotlConstant< 7>(x[15]+x[14]);
x[13] ^= rotlConstant< 9>(x[12]+x[15]);
x[14] ^= rotlConstant<13>(x[13]+x[12]);
x[15] ^= rotlConstant<18>(x[14]+x[13]);
}
#pragma omp simd
for (size_t i = 0; i < 16; ++i)
data[i] += x[i];
}
void Salsa20_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length) void Salsa20_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
{ {
m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);

9
salsa.h
View File

@ -16,6 +16,15 @@
NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(CryptoPP)
/// \brief Salsa20 core transform
/// \param data the data to transform
/// \param rounds the number of rounds
/// \details Several algorithms, like CryptoBox and Scrypt, require access to
/// the core Salsa20 transform. The current Crypto++ implementation does not
/// lend itself to disgorging the Salsa20 cipher from the Salsa20 core transform.
/// Instead Salsa20_Core is provided with customary accelerations.
void Salsa20_Core(word32* data, unsigned int rounds);
/// \brief Salsa20 stream cipher information /// \brief Salsa20 stream cipher information
struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
{ {

53
scrypt.cpp
View File

@ -23,6 +23,7 @@ ANONYMOUS_NAMESPACE_BEGIN
using CryptoPP::byte; using CryptoPP::byte;
using CryptoPP::word32; using CryptoPP::word32;
using CryptoPP::word64; using CryptoPP::word64;
using CryptoPP::Salsa20_Core;
using CryptoPP::rotlConstant; using CryptoPP::rotlConstant;
using CryptoPP::AlignedSecByteBlock; using CryptoPP::AlignedSecByteBlock;
using CryptoPP::LITTLE_ENDIAN_ORDER; using CryptoPP::LITTLE_ENDIAN_ORDER;
@ -76,60 +77,12 @@ static inline void PBKDF2_SHA256(byte* buf, size_t dkLen,
static inline void Salsa20_8(byte B[64]) static inline void Salsa20_8(byte B[64])
{ {
word32 B32[16], x[16]; word32 B32[16];
for (size_t i = 0; i < 16; ++i) for (size_t i = 0; i < 16; ++i)
B32[i] = LE32DEC(&B[i * 4]); B32[i] = LE32DEC(&B[i * 4]);
for (size_t i = 0; i < 16; ++i) Salsa20_Core(B32, 8);
x[i] = B32[i];
for (size_t i = 0; i < 8; i += 2)
{
x[ 4] ^= rotlConstant< 7>(x[ 0]+x[12]);
x[ 8] ^= rotlConstant< 9>(x[ 4]+x[ 0]);
x[12] ^= rotlConstant<13>(x[ 8]+x[ 4]);
x[ 0] ^= rotlConstant<18>(x[12]+x[ 8]);
x[ 9] ^= rotlConstant< 7>(x[ 5]+x[ 1]);
x[13] ^= rotlConstant< 9>(x[ 9]+x[ 5]);
x[ 1] ^= rotlConstant<13>(x[13]+x[ 9]);
x[ 5] ^= rotlConstant<18>(x[ 1]+x[13]);
x[14] ^= rotlConstant< 7>(x[10]+x[ 6]);
x[ 2] ^= rotlConstant< 9>(x[14]+x[10]);
x[ 6] ^= rotlConstant<13>(x[ 2]+x[14]);
x[10] ^= rotlConstant<18>(x[ 6]+x[ 2]);
x[ 3] ^= rotlConstant< 7>(x[15]+x[11]);
x[ 7] ^= rotlConstant< 9>(x[ 3]+x[15]);
x[11] ^= rotlConstant<13>(x[ 7]+x[ 3]);
x[15] ^= rotlConstant<18>(x[11]+x[ 7]);
x[ 1] ^= rotlConstant< 7>(x[ 0]+x[ 3]);
x[ 2] ^= rotlConstant< 9>(x[ 1]+x[ 0]);
x[ 3] ^= rotlConstant<13>(x[ 2]+x[ 1]);
x[ 0] ^= rotlConstant<18>(x[ 3]+x[ 2]);
x[ 6] ^= rotlConstant< 7>(x[ 5]+x[ 4]);
x[ 7] ^= rotlConstant< 9>(x[ 6]+x[ 5]);
x[ 4] ^= rotlConstant<13>(x[ 7]+x[ 6]);
x[ 5] ^= rotlConstant<18>(x[ 4]+x[ 7]);
x[11] ^= rotlConstant< 7>(x[10]+x[ 9]);
x[ 8] ^= rotlConstant< 9>(x[11]+x[10]);
x[ 9] ^= rotlConstant<13>(x[ 8]+x[11]);
x[10] ^= rotlConstant<18>(x[ 9]+x[ 8]);
x[12] ^= rotlConstant< 7>(x[15]+x[14]);
x[13] ^= rotlConstant< 9>(x[12]+x[15]);
x[14] ^= rotlConstant<13>(x[13]+x[12]);
x[15] ^= rotlConstant<18>(x[14]+x[13]);
}
#pragma omp simd
for (size_t i = 0; i < 16; ++i)
B32[i] += x[i];
for (size_t i = 0; i < 16; ++i) for (size_t i = 0; i < 16; ++i)
LE32ENC(&B[4 * i], B32[i]); LE32ENC(&B[4 * i], B32[i]);