Separate salsa20 set_key functions for 128 and 256 bits.

7 files changed, 209 insertions, 49 deletions

diff --git a/ChangeLog b/ChangeLog
index b476c8de..a7f6c11d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+2014-01-20  Niels Möller  <nisse@lysator.liu.se>
+
+	* Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
+	salsa20-128-set-key.c, and salsa20-256-set-key.c.
+
+	* salsa20.h: Declare new functions.
+	(SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
+	(salsa20_set_iv): Define as an alias for salsa20_set_nonce.
+
+	* salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
+	salsa20_256_set_key.
+	(salsa20_set_iv): Renamed and moved...
+	* salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
+
+	* salsa20-256-set-key.c (salsa20_256_set_key): New file and
+	function.
+	* salsa20-128-set-key.c (salsa20_128_set_key): New file and
+	function.
+
 2014-01-13  Niels Möller  <nisse@lysator.liu.se>
 
 	* nettle-types.h (union nettle_block16): New type, replacing union
diff --git a/Makefile.in b/Makefile.in
index 05e6adeb..db2f2ba6 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -94,6 +94,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
 		 ripemd160.c ripemd160-compress.c ripemd160-meta.c \
 		 salsa20-core-internal.c \
 		 salsa20-crypt.c salsa20r12-crypt.c salsa20-set-key.c \
+		 salsa20-set-nonce.c \
+		 salsa20-128-set-key.c salsa20-256-set-key.c \
 		 sha1.c sha1-compress.c sha1-meta.c \
 		 sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
 		 sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
diff --git a/salsa20-128-set-key.c b/salsa20-128-set-key.c
new file mode 100644
index 00000000..4157c0c7
--- /dev/null
+++ b/salsa20-128-set-key.c
@@ -0,0 +1,53 @@
+/*
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ * Copyright (C) 2012-2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+   salsa20-ref.c version 20051118
+   D. J. Bernstein
+   Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key)
+{
+  ctx->input[11] = ctx->input[1] = LE_READ_UINT32(key + 0);
+  ctx->input[12] = ctx->input[2] = LE_READ_UINT32(key + 4);
+  ctx->input[13] = ctx->input[3] = LE_READ_UINT32(key + 8);
+  ctx->input[14] = ctx->input[4] = LE_READ_UINT32(key + 12);
+
+  /* "expand 16-byte k" */
+  ctx->input[0]  = 0x61707865;
+  ctx->input[5]  = 0x3120646e;
+  ctx->input[10] = 0x79622d36;
+  ctx->input[15] = 0x6b206574;
+}
diff --git a/salsa20-256-set-key.c b/salsa20-256-set-key.c
new file mode 100644
index 00000000..c820b501
--- /dev/null
+++ b/salsa20-256-set-key.c
@@ -0,0 +1,58 @@
+/*
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ * Copyright (C) 2012-2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+   salsa20-ref.c version 20051118
+   D. J. Bernstein
+   Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key)
+{
+  ctx->input[1] = LE_READ_UINT32(key + 0);
+  ctx->input[2] = LE_READ_UINT32(key + 4);
+  ctx->input[3] = LE_READ_UINT32(key + 8);
+  ctx->input[4] = LE_READ_UINT32(key + 12);
+
+  ctx->input[11] = LE_READ_UINT32(key + 16);
+  ctx->input[12] = LE_READ_UINT32(key + 20);
+  ctx->input[13] = LE_READ_UINT32(key + 24);
+  ctx->input[14] = LE_READ_UINT32(key + 28);
+
+  /* "expand 32-byte k" */
+  ctx->input[0]  = 0x61707865;
+  ctx->input[5]  = 0x3320646e;
+  ctx->input[10] = 0x79622d32;
+  ctx->input[15] = 0x6b206574;
+}
diff --git a/salsa20-set-key.c b/salsa20-set-key.c
index 661aacc2..7a120928 100644
--- a/salsa20-set-key.c
+++ b/salsa20-set-key.c
@@ -33,7 +33,7 @@
 # include "config.h"
 #endif
 
-#include <assert.h>
+#include <stdlib.h>
 
 #include "salsa20.h"
 
@@ -43,46 +43,15 @@ void
 salsa20_set_key(struct salsa20_ctx *ctx,
 		size_t length, const uint8_t *key)
 {
-  static const uint32_t sigma[4] = {
-    /* "expand 32-byte k" */
-    0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
-  };
-  static const uint32_t tau[4] = {
-    /* "expand 16-byte k" */
-    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
-  };
-  const uint32_t *constants;
-  
-  assert (length == SALSA20_MIN_KEY_SIZE || length == SALSA20_MAX_KEY_SIZE);
-
-  ctx->input[1] = LE_READ_UINT32(key + 0);
-  ctx->input[2] = LE_READ_UINT32(key + 4);
-  ctx->input[3] = LE_READ_UINT32(key + 8);
-  ctx->input[4] = LE_READ_UINT32(key + 12);
-  if (length == SALSA20_MAX_KEY_SIZE) { /* recommended */
-    ctx->input[11] = LE_READ_UINT32(key + 16);
-    ctx->input[12] = LE_READ_UINT32(key + 20);
-    ctx->input[13] = LE_READ_UINT32(key + 24);
-    ctx->input[14] = LE_READ_UINT32(key + 28);
-    constants = sigma;
-  } else { /* kbits == 128 */
-    ctx->input[11] = ctx->input[1];
-    ctx->input[12] = ctx->input[2];
-    ctx->input[13] = ctx->input[3];
-    ctx->input[14] = ctx->input[4];
-    constants = tau;
-  }
-  ctx->input[0]  = constants[0];
-  ctx->input[5]  = constants[1];
-  ctx->input[10] = constants[2];
-  ctx->input[15] = constants[3];
-}
-
-void
-salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv)
-{
-  ctx->input[6] = LE_READ_UINT32(iv + 0);
-  ctx->input[7] = LE_READ_UINT32(iv + 4);
-  ctx->input[8] = 0;
-  ctx->input[9] = 0;
+  switch (length)
+    {
+    case SALSA20_128_KEY_SIZE:
+      salsa20_128_set_key (ctx, key);
+      break;
+    case SALSA20_256_KEY_SIZE:
+      salsa20_256_set_key (ctx, key);
+      break;
+    default:
+      abort();
+    }
 }
diff --git a/salsa20-set-nonce.c b/salsa20-set-nonce.c
new file mode 100644
index 00000000..cdcc44b1
--- /dev/null
+++ b/salsa20-set-nonce.c
@@ -0,0 +1,47 @@
+/* salsa20-set-nonce.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+   salsa20-ref.c version 20051118
+   D. J. Bernstein
+   Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_set_nonce(struct salsa20_ctx *ctx, const uint8_t *nonce)
+{
+  ctx->input[6] = LE_READ_UINT32(nonce + 0);
+  ctx->input[7] = LE_READ_UINT32(nonce + 4);
+  ctx->input[8] = 0;
+  ctx->input[9] = 0;
+}
diff --git a/salsa20.h b/salsa20.h
index 3ce1a93e..444b5b43 100644
--- a/salsa20.h
+++ b/salsa20.h
@@ -35,20 +35,27 @@ extern "C" {
 
 /* Name mangling */
 #define salsa20_set_key nettle_salsa20_set_key
-#define salsa20_set_iv nettle_salsa20_set_iv
+#define salsa20_128_set_key nettle_salsa20_128_set_key
+#define salsa20_256_set_key nettle_salsa20_256_set_key
+#define salsa20_set_nonce nettle_salsa20_set_nonce
 #define salsa20_crypt nettle_salsa20_crypt
 #define _salsa20_core _nettle_salsa20_core
 
 #define salsa20r12_crypt nettle_salsa20r12_crypt
 
-/* Minimum and maximum keysizes, and a reasonable default. In
- * octets.*/
+/* Alias for backwards compatibility */
+#define salsa20_set_iv nettle_salsa20_set_nonce
+
+/* In octets.*/
+#define SALSA20_128_KEY_SIZE 16
+#define SALSA20_256_KEY_SIZE 32
+#define SALSA20_BLOCK_SIZE 64
+#define SALSA20_IV_SIZE 8
+
+/* Aliases */
 #define SALSA20_MIN_KEY_SIZE 16
 #define SALSA20_MAX_KEY_SIZE 32
 #define SALSA20_KEY_SIZE 32
-#define SALSA20_BLOCK_SIZE 64
-
-#define SALSA20_IV_SIZE 8
 
 #define _SALSA20_INPUT_LENGTH 16
 
@@ -67,6 +74,11 @@ struct salsa20_ctx
 };
 
 void
+salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
+void
+salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
+
+void
 salsa20_set_key(struct salsa20_ctx *ctx,
 		size_t length, const uint8_t *key);