bg
/
avr-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adding Salsa20

This commit is contained in:
bg 2011-07-11 18:26:25 +00:00
parent 6cddae4d0f
commit a012cfa921
13 changed files with 5416 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -231,6 +231,10 @@ $(foreach algo, $(ALGORITHMS), \
.PHONY: all
all: cores
.PHONY: reset
reset:
$(RESETCMD)
.PHONY: cores
cores: $(foreach algo, $(ALGORITHMS), $(algo)_OBJ)

1
avr-makefile.inc
View File

@ -7,6 +7,7 @@ PROGRAMMER = avr911
DEFS = -D$(call uc, $(MCU_TARGET))
FLASHCMD = avrdude -p $(MCU_TARGET) -P /dev/ttyUSB0 -c $(PROGRAMMER) -U flash:w:# no space at the end
#FLASHCMD = avrdude -p $(MCU_TARGET) -c usbasp -U flash:w:# no space at the end
RESETCMD = avrdude -p $(MCU_TARGET) -P /dev/ttyUSB0 -c $(PROGRAMMER)
DEP_DIR = deps/
TEST_DIR = test/
BIN_DIR = bin/

6
host/bigint_test.rb
View File

@ -145,6 +145,7 @@ end
def wait_for_prompt(prompt)
prompt = /[\s]*#{prompt}[\s]*/ if(prompt.class == String)
start_time = Time.now.to_i
acc = ''
begin
line = $sp.gets()
puts("DBG got (#{__LINE__}): "+line) if $debug && line
@ -156,7 +157,8 @@ def wait_for_prompt(prompt)
if (Time.now.to_i- start_time) > $max_timeout
return false
end
end while not m=prompt.match(line)
acc += line
end while not m=prompt.match(acc)
return m
end
@ -818,7 +820,7 @@ conf = readconfigfile(opts["f"], conf) if opts["f"]
#puts conf.inspect
init_serialport(conf)
$max_timeout = 2 * 60
$max_timeout = 5 * 60
if opts['d']
$debug = true

13
mkfiles/salsa20_c.mk Normal file
View File

@ -0,0 +1,13 @@
# Makefile for Salsa20
ALGO_NAME := SALSA20_C
# comment out the following line for removement of ARCFOUR from the build process
STREAM_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := salsa20/
$(ALGO_NAME)_OBJ := salsa20.o
$(ALGO_NAME)_INCDIR := memxor/ scal/
$(ALGO_NAME)_TEST_BIN := main-salsa20-test.o $(CLI_STD) $(SCAL_STD) scal_salsa20.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

143
salsa20/salsa20.c Normal file
View File

@ -0,0 +1,143 @@
/* salsa20.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include <avr/pgmspace.h>
#include "salsa20.h"
#define ROTL32(a,n) (((a)<<(n))|((a)>>(32-(n))))
static
void quaterround(uint32_t* a, uint32_t* b, uint32_t* c, uint32_t* d){
*b ^= ROTL32(*a + *d, 7);
*c ^= ROTL32(*b + *a, 9);
*d ^= ROTL32(*c + *b, 13);
*a ^= ROTL32(*d + *c, 18);
}
static
void rowround(uint32_t* a){
quaterround(a+ 0, a+ 1, a+ 2, a+ 3);
quaterround(a+ 5, a+ 6, a+ 7, a+ 4);
quaterround(a+10, a+11, a+ 8, a+ 9);
quaterround(a+15, a+12, a+13, a+14);
}
static
void columnround(uint32_t* a){
quaterround(a+ 0, a+ 4, a+ 8, a+12);
quaterround(a+ 5, a+ 9, a+13, a+ 1);
quaterround(a+10, a+14, a+ 2, a+ 6);
quaterround(a+15, a+ 3, a+ 7, a+11);
}
static
void doubleround(uint32_t* a){
columnround(a);
rowround(a);
}
void salsa20_hash(uint32_t* a){
uint8_t i;
uint32_t b[16];
memcpy(b, a, 64);
for(i=0; i<10; ++i){
doubleround(a);
}
for(i=0; i<16; ++i){
a[i] += b[i];
}
}
uint8_t sigma[] PROGMEM = {'e','x','p','a','n','d',' ','3','2','-','b','y','t','e',' ','k'};
uint8_t theta[] PROGMEM = {'e','x','p','a','n','d',' ','1','6','-','b','y','t','e',' ','k'};
void salsa_k32(uint32_t* dest, const uint32_t* k, const uint32_t* n){
memcpy_P(dest+ 0, sigma+ 0, 4);
memcpy( dest+ 4, k+ 0, 16);
memcpy_P(dest+20, sigma+ 4, 4);
memcpy( dest+24, n+ 0, 16);
memcpy_P(dest+40, sigma+ 8, 4);
memcpy( dest+44, k+16, 16);
memcpy_P(dest+60, sigma+12, 4);
salsa20_hash(dest);
}
void salsa_k16(uint32_t* dest, const uint32_t* k, const uint32_t* n){
memcpy_P(dest+ 0, theta+ 0, 4);
memcpy( dest+ 4, k+ 0, 16);
memcpy_P(dest+20, theta+ 4, 4);
memcpy( dest+24, n+ 0, 16);
memcpy_P(dest+40, theta+ 8, 4);
memcpy( dest+44, k+ 0, 16);
memcpy_P(dest+60, theta+12, 4);
salsa20_hash(dest);
}
void salsa20_genBlock256(void* dest, const void* k, const void* iv, uint64_t i){
uint32_t n[4];
memcpy(n, iv, 8);
memcpy(n+8, &i, 8);
salsa_k32((uint32_t*)dest, (uint32_t*)k, n);
}
void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
uint32_t n[4];
memcpy(n, iv, 8);
memcpy(n+8, &i, 8);
salsa_k16((uint32_t*)dest, (uint32_t*)k, n);
}
void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){
if(keylength_b==256){
memcpy_P((ctx->a+ 0), sigma+ 0, 4);
memcpy_P((ctx->a+20), sigma+ 4, 4);
memcpy_P((ctx->a+40), sigma+ 8, 4);
memcpy( (ctx->a+44), (uint8_t*)key+16, 16);
memcpy_P((ctx->a+60), sigma+12, 4);
}else{
memcpy_P((ctx->a+ 0), theta+ 0, 4);
memcpy_P((ctx->a+20), theta+ 4, 4);
memcpy_P((ctx->a+40), theta+ 8, 4);
memcpy( (ctx->a+44), (uint8_t*)key+ 0, 16);
memcpy_P((ctx->a+60), theta+12, 4);
}
memcpy( (ctx->a+ 4), key, 16);
memset( (ctx->a+24), 0, 16);
if(iv){
memcpy( (ctx->a+24), iv, 8);
}
ctx->buffer_idx=64;
}
uint8_t salsa20_gen(salsa20_ctx_t* ctx){
if(ctx->buffer_idx==64){
memcpy(ctx->buffer, ctx->a, 64);
salsa20_hash((uint32_t*)(ctx->buffer));
*((uint64_t*)(ctx->a+32)) += 1;
ctx->buffer_idx = 0;
}
return ctx->buffer[ctx->buffer_idx++];
}

40
salsa20/salsa20.h Normal file
View File

@ -0,0 +1,40 @@
/* salsa20.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SALSA20_H_
#define SALSA20_H_
#include <stdint.h>
typedef struct{
uint8_t a[64];
uint8_t buffer[64];
uint8_t buffer_idx;
} salsa20_ctx_t;
void salsa20_hash(uint32_t* a);
void salsa_k32(uint32_t* dest, const uint32_t* k, const uint32_t* n);
void salsa_k16(uint32_t* dest, const uint32_t* k, const uint32_t* n);
void salsa20_genBlock256(void* dest, const void* k, const void* iv, uint64_t i);
void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i);
void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx);
uint8_t salsa20_gen(salsa20_ctx_t* ctx);
#endif /* SALSA20_H_ */

120
scal/scal-nessie.c
View File

@ -25,9 +25,17 @@
#include "memxor.h"
#include <avr/pgmspace.h>
#ifndef NESSIE_ESTREAM
#define NESSIE_ESTREAM 0
#endif
static
uint8_t estream_flag = 0;
void scal_nessie_set_estream(uint8_t v){
estream_flag = v?1:0;
}
uint8_t scal_nessie_get_estream(void){
return estream_flag?1:0;
}
static const uint8_t normal_hooks[] PROGMEM = {
@ -43,35 +51,29 @@ static const char stream1_n[] PROGMEM = "stream[192..255]";
static const char stream2_n[] PROGMEM = "stream[256..319]";
static const char stream3_n[] PROGMEM = "stream[448..511]";
#if NESSIE_ESTREAM
static const char streamX_n[] PROGMEM = "xor-digest";
#else
static const char streamX_n[] PROGMEM = "stream[0..511]xored";
#endif
static const char streamX_n_estream[] PROGMEM = "xor-digest";
static const char streamX_n_nessie[] PROGMEM = "stream[0..511]xored";
static const char* stream_n_str[] PROGMEM = {
static const char* stream_n_str[] = {
stream0_n,
stream1_n,
stream2_n,
stream3_n,
streamX_n
streamX_n_nessie
};
static const char stream1_l[] PROGMEM = "stream[65472..65535]";
static const char stream2_l[] PROGMEM = "stream[65536..65599]";
static const char stream3_l[] PROGMEM = "stream[131008..131071]";
#if NESSIE_ESTREAM
static const char streamX_l[] PROGMEM = "xor-digest";
#else
static const char streamX_l[] PROGMEM = "stream[0..131071]xored";
#endif
static const char streamX_l_estream[] PROGMEM = "xor-digest";
static const char streamX_l_nessie[] PROGMEM = "stream[0..131071]xored";
static const char* stream_l_str[] PROGMEM = {
static const char* stream_l_str[] = {
stream0_n,
stream1_l,
stream2_l,
stream3_l,
streamX_l
streamX_l_nessie
};
static const uint8_t list_of_keys[][20] PROGMEM = {
@ -94,7 +96,7 @@ void normal_block(scgen_ctx_t *ctx){
uint8_t xor_block[64];
uint8_t block[64];
PGM_VOID_P hook_ptr = normal_hooks;
PGM_VOID_P hook_str_ptr = stream_n_str;
const char* *hook_str_ptr = stream_n_str;
char str[21];
uint8_t i;
@ -104,12 +106,12 @@ void normal_block(scgen_ctx_t *ctx){
memxor(xor_block, block, 64);
if(i==pgm_read_byte(hook_ptr)){
hook_ptr = (uint8_t*)hook_ptr + 1;
strcpy_P(str, (PGM_VOID_P)pgm_read_word(hook_str_ptr));
hook_str_ptr = (uint8_t*)hook_str_ptr + 2;
strcpy_P(str, *(hook_str_ptr));
hook_str_ptr = (const char **)((uint8_t*)hook_str_ptr + 2);
nessie_print_item(str, block, 64);
}
}
strcpy_P(str, (PGM_VOID_P)pgm_read_word(hook_str_ptr));
strcpy_P(str, *(hook_str_ptr));
nessie_print_item(str, xor_block, 64);
}
@ -118,7 +120,7 @@ void long_block(scgen_ctx_t *ctx){
uint8_t xor_block[64];
uint8_t block[64];
PGM_VOID_P hook_ptr = long_hooks;
PGM_VOID_P hook_str_ptr = stream_l_str;
const char* *hook_str_ptr = stream_l_str;
char str[24];
uint16_t i;
@ -128,15 +130,15 @@ void long_block(scgen_ctx_t *ctx){
memxor(xor_block, block, 64);
if(i==pgm_read_word(hook_ptr)){
hook_ptr = (uint8_t*)hook_ptr + 2;
strcpy_P(str, (PGM_VOID_P)pgm_read_word(hook_str_ptr));
hook_str_ptr = (uint8_t*)hook_str_ptr + 2;
strcpy_P(str, *(hook_str_ptr));
hook_str_ptr = (const char **)((uint8_t*)hook_str_ptr + 2);
nessie_print_item(str, block, 64);
}
if(i%64==0){
NESSIE_SEND_ALIVE;
}
}
strcpy_P(str, (PGM_VOID_P)pgm_read_word(hook_str_ptr));
strcpy_P(str, *(hook_str_ptr));
nessie_print_item(str, xor_block, 64);
}
@ -150,16 +152,18 @@ void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t i
uint16_t v;
scgen_ctx_t ctx;
nessie_print_header(name, keysize_b, 0, 0, 0, ivsize_b?ivsize_b:((uint16_t)-1));
if(estream_flag){
stream_n_str[4] = streamX_n_estream;
stream_l_str[4] = streamX_l_estream;
}else{
stream_n_str[4] = streamX_n_nessie;
stream_l_str[4] = streamX_l_nessie;
}
memset(iv, 0, (ivsize_b+7)/8);
memset(key, 0, (keysize_b+7)/8);
/*** Test SET 1 ***/
nessie_print_setheader(1);
#if NESSIE_ESTREAM
for(v=0;v<keysize_b; v+=9){
#else
for(v=0;v<keysize_b; ++v){
#endif
for(v=0;v<keysize_b; v+=estream_flag?9:1){
nessie_print_set_vector(1,v);
key[v/8] |= 0x80>>(v&7);
nessie_print_item("key", key, (keysize_b+7)/8);
@ -173,11 +177,7 @@ void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t i
}
/*** Test SET 2 ***/
nessie_print_setheader(2);
#if NESSIE_ESTREAM
for(v=0;v<256; v+=9){
#else
for(v=0;v<256; ++v){
#endif
for(v=0;v<256; v+=estream_flag?9:1){
nessie_print_set_vector(2,v);
memset(key, v&0xff, (keysize_b+7)/8);
nessie_print_item("key", key, (keysize_b+7)/8);
@ -190,11 +190,7 @@ void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t i
}
/*** Test SET 3 ***/
nessie_print_setheader(3);
#if NESSIE_ESTREAM
for(v=0;v<256; v+=9){
#else
for(v=0;v<256; ++v){
#endif
for(v=0;v<256; v+=estream_flag?9:1){
uint8_t i;
nessie_print_set_vector(3,v);
for(i=0; i<((keysize_b+7)/8); ++i){
@ -231,11 +227,7 @@ void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t i
/*** Test SET 5 ***/
nessie_print_setheader(5);
memset(key, 0, (keysize_b+7)/8);
#if NESSIE_ESTREAM
for(v=0;v<ivsize_b; v+=9){
#else
for(v=0;v<ivsize_b; ++v){
#endif
for(v=0;v<ivsize_b; v+=estream_flag?9:1){
nessie_print_set_vector(5,v);
iv[v/8] |= 0x80>>(v&7);
nessie_print_item("key", key, (keysize_b+7)/8);
@ -263,27 +255,27 @@ void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t i
scal_cipher_free(&ctx);
}
/*** Test SET 7 ***/
#if !NESSIE_ESTREAM
nessie_print_setheader(7);
uint8_t u;
for(v=0;v<3; ++v){
for(u=0; u<3; ++u){
uint8_t i;
nessie_print_set_vector(7,v*3+u);
for(i=0; i<((keysize_b+7)/8); ++i){
key[i]=pgm_read_byte(list_of_keys+20*v+(i%20));
}
for(i=0; i<((ivsize_b+7)/8); ++i){
key[i]=pgm_read_byte(list_of_keys+4*u+(i%4));
if(!estream_flag){
nessie_print_setheader(7);
uint8_t u;
for(v=0;v<3; ++v){
for(u=0; u<3; ++u){
uint8_t i;
nessie_print_set_vector(7,v*3+u);
for(i=0; i<((keysize_b+7)/8); ++i){
key[i]=pgm_read_byte(list_of_keys+20*v+(i%20));
}
for(i=0; i<((ivsize_b+7)/8); ++i){
key[i]=pgm_read_byte(list_of_keys+4*u+(i%4));
}
}
nessie_print_item("key", key, (keysize_b+7)/8);
nessie_print_item("IV", iv, (ivsize_b+7)/8);
scal_cipher_init(desc, key, keysize_b, iv, ivsize_b, &ctx);
long_block(&ctx);
scal_cipher_free(&ctx);
}
nessie_print_item("key", key, (keysize_b+7)/8);
nessie_print_item("IV", iv, (ivsize_b+7)/8);
scal_cipher_init(desc, key, keysize_b, iv, ivsize_b, &ctx);
long_block(&ctx);
scal_cipher_free(&ctx);
}
#endif
nessie_print_footer();
}

3
scal/scal-nessie.h
View File

@ -23,6 +23,9 @@
#include <stdint.h>
#include <streamcipher_descriptor.h>
void scal_nessie_set_estream(uint8_t v);
uint8_t scal_nessie_get_estream(void);
void scal_nessie_stream_run(const scdesc_t *desc, uint16_t keysize_b, uint16_t ivsize_b);
void scal_nessie_run(const scdesc_t* desc);

56
scal/scal_salsa20.c Normal file
View File

@ -0,0 +1,56 @@
/* scal_salsa20.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdlib.h>
#include <avr/pgmspace.h>
#include <stdint.h>
#include "streamcipher_descriptor.h"
#include "keysize_descriptor.h"
#include "salsa20.h"
const char salsa20_str[] PROGMEM = "Salsa20";
const uint8_t salsa20_keysize_desc[] PROGMEM = {
KS_TYPE_LIST, 2, KS_INT(128), KS_INT(256),
KS_TYPE_TERMINATOR };
const uint8_t salsa20_ivsize_desc[] PROGMEM = {
KS_TYPE_LIST, 1, KS_INT(64),
KS_TYPE_TERMINATOR };
const scdesc_t salsa20_desc PROGMEM = {
SCDESC_TYPE_STREAMCIPHER, /* abstraction layer type designator */
SC_INIT_TYPE_4|SC_GEN_TYPE_1, /* flags*/
salsa20_str, /* name string pointer */
sizeof(salsa20_ctx_t), /* size of context */
8, /* blocksize */
{(void_fpt)salsa20_init}, /* init function pointer */
{(void_fpt)salsa20_gen}, /* key stream generator function pointer */
{(void_fpt)NULL}, /* key stream generator for random access function pointer */
(sc_free_fpt)NULL, /* free function pointer */
salsa20_keysize_desc, /* key size descriptor pointer */
salsa20_ivsize_desc /* iv size descriptor pointer */
};

27
scal/scal_salsa20.h Normal file
View File

@ -0,0 +1,27 @@
/* scal_salsa20.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SCAL_SALSA20_H_
#define SCAL_SALSA20_H_
#include "streamcipher_descriptor.h"
extern const scdesc_t salsa20_desc;
#endif /* SCAL_SALSA20_H_ */

3
test_src/config.h
View File

@ -19,10 +19,9 @@
#ifndef __CONFIG_H__
#define __CONFIG_H__
#include <avr/io.h>
// #define F_CPU 20000000
#define F_CPU 20000000
// #define F_CPU 16000000 /* oscillator-frequency in Hz */
// #define F_CPU 14745600
#define F_CPU 20000000 /* this is out of spec but lets try it */
#define DEBUG_METHOD uart

294
test_src/main-salsa20-test.c Normal file
View File

@ -0,0 +1,294 @@
/* main-salsa20-test.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include "uart_i.h"
#include "debug.h"
#include "salsa20.h"
#include "cli.h"
#include "performance_test.h"
#include "scal_salsa20.h"
#include "scal-basic.h"
#include "scal-nessie.h"
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
char* algo_name = "Salsa20";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void nessie_first(void){
salsa20_ctx_t ctx;
uint8_t key[16];
memset(key, 0, 16);
key[0] = 0x80;
cli_putstr_P(PSTR("\r\n testing with key: "));
cli_hexdump(key, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_putstr_P(PSTR("\r\n data: "));
cli_hexdump_block(ctx.buffer, 64, 4, 16);
memset(key, 0, 16);
key[15] = 0x01;
cli_putstr_P(PSTR("\r\n testing with key: "));
cli_hexdump(key, 16);
cli_hexdump_block(ctx.a, 64, 4, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr_P(PSTR("\r\n internal state: "));
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_putstr_P(PSTR("\r\n data: "));
cli_hexdump_block(ctx.buffer, 64, 4, 16);
}
/*
Salsa20(
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
=(
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
).
Salsa20(
211,159, 13,115, 76, 55, 82,183, 3,117,222, 37,191,187,234,136,
49,237,179, 48, 1,106,178,219,175,199,166, 48, 86, 16,179,207,
31,240, 32, 63, 15, 83, 93,161,116,147, 48,113,238, 55,204, 36,
79,201,235, 79, 3, 81,156, 47,203, 26,244,243, 88,118,104, 54)
= (
109, 42,178,168,156,240,248,238,168,196,190,203, 26,110,170,154,
29, 29,150, 26,150, 30,235,249,190,163,251, 48, 69,144, 51, 57,
118, 40,152,157,180, 57, 27, 94,107, 42,236, 35, 27,111,114,114,
219,236,232,135,111,155,110, 18, 24,232, 95,158,179, 19, 48,202
).
Salsa20(
88,118,104, 54, 79,201,235, 79, 3, 81,156, 47,203, 26,244,243,
191,187,234,136,211,159, 13,115, 76, 55, 82,183, 3,117,222, 37,
86, 16,179,207, 49,237,179, 48, 1,106,178,219,175,199,166, 48,
238, 55,204, 36, 31,240, 32, 63, 15, 83, 93,161,116,147, 48,113)
= (
179, 19, 48,202,219,236,232,135,111,155,110, 18, 24,232, 95,158,
26,110,170,154,109, 42,178,168,156,240,248,238,168,196,190,203,
69,144, 51, 57, 29, 29,150, 26,150, 30,235,249,190,163,251, 48,
27,111,114,114,118, 40,152,157,180, 57, 27, 94,107, 42,236, 35
).
Salsa20^1000000 (
6,124, 83,146, 38,191, 9, 50, 4,161, 47,222,122,182,223,185,
75, 27, 0,216, 16,122, 7, 89,162,104,101,147,213, 21, 54, 95,
225,253,139,176,105,132, 23,116, 76, 41,176,207,221, 34,157,108,
94, 94, 99, 52, 90,117, 91,220,146,190,239,143,196,176,130,186)
=(
8, 18, 38,199,119, 76,215, 67,173,127,144,162,103,212,176,217,
192, 19,233, 33,159,197,154,160,128,243,219, 65,171,136,135,225,
123, 11, 68, 86,237, 82, 20,155,133,189, 9, 83,167,116,194, 78,
122,127,195,185,185,204,188, 90,245, 9,183,248,226, 85,245,104
).
*/
uint8_t Salsa20_spectest0_in[] PROGMEM = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
uint8_t Salsa20_spectest0_ref[] PROGMEM = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
uint8_t Salsa20_spectest1_in[] PROGMEM = {
211,159, 13,115, 76, 55, 82,183, 3,117,222, 37,191,187,234,136,
49,237,179, 48, 1,106,178,219,175,199,166, 48, 86, 16,179,207,
31,240, 32, 63, 15, 83, 93,161,116,147, 48,113,238, 55,204, 36,
79,201,235, 79, 3, 81,156, 47,203, 26,244,243, 88,118,104, 54 };
uint8_t Salsa20_spectest1_ref[] PROGMEM = {
109, 42,178,168,156,240,248,238,168,196,190,203, 26,110,170,154,
29, 29,150, 26,150, 30,235,249,190,163,251, 48, 69,144, 51, 57,
118, 40,152,157,180, 57, 27, 94,107, 42,236, 35, 27,111,114,114,
219,236,232,135,111,155,110, 18, 24,232, 95,158,179, 19, 48,202 };
uint8_t Salsa20_spectest2_in[] PROGMEM = {
88,118,104, 54, 79,201,235, 79, 3, 81,156, 47,203, 26,244,243,
191,187,234,136,211,159, 13,115, 76, 55, 82,183, 3,117,222, 37,
86, 16,179,207, 49,237,179, 48, 1,106,178,219,175,199,166, 48,
238, 55,204, 36, 31,240, 32, 63, 15, 83, 93,161,116,147, 48,113 };
uint8_t Salsa20_spectest2_ref[] PROGMEM = {
179, 19, 48,202,219,236,232,135,111,155,110, 18, 24,232, 95,158,
26,110,170,154,109, 42,178,168,156,240,248,238,168,196,190,203,
69,144, 51, 57, 29, 29,150, 26,150, 30,235,249,190,163,251, 48,
27,111,114,114,118, 40,152,157,180, 57, 27, 94,107, 42,236, 35 };
uint8_t Salsa20_spectest3_in[] PROGMEM = {
6,124, 83,146, 38,191, 9, 50, 4,161, 47,222,122,182,223,185,
75, 27, 0,216, 16,122, 7, 89,162,104,101,147,213, 21, 54, 95,
225,253,139,176,105,132, 23,116, 76, 41,176,207,221, 34,157,108,
94, 94, 99, 52, 90,117, 91,220,146,190,239,143,196,176,130,186 };
uint8_t Salsa20_spectest3_ref[] PROGMEM = {
8, 18, 38,199,119, 76,215, 67,173,127,144,162,103,212,176,217,
192, 19,233, 33,159,197,154,160,128,243,219, 65,171,136,135,225,
123, 11, 68, 86,237, 82, 20,155,133,189, 9, 83,167,116,194, 78,
122,127,195,185,185,204,188, 90,245, 9,183,248,226, 85,245,104 };
void spec_test(void){
uint8_t buffer[64];
nessie_first();
cli_putstr_P(PSTR("\r\ntesting with vectors from sepcification"));
cli_putstr_P(PSTR("\r\ntest 0: "));
memcpy_P(buffer, Salsa20_spectest0_in, 64);
salsa20_hash((uint32_t*)buffer);
if(memcmp_P(buffer, Salsa20_spectest0_ref, 64)){
cli_putstr_P(PSTR(" [fail]"));
}else{
cli_putstr_P(PSTR(" [ok]"));
}
cli_putstr_P(PSTR("\r\ntest 1: "));
memcpy_P(buffer, Salsa20_spectest1_in, 64);
salsa20_hash((uint32_t*)buffer);
if(memcmp_P(buffer, Salsa20_spectest1_ref, 64)){
cli_putstr_P(PSTR(" [fail]"));
}else{
cli_putstr_P(PSTR(" [ok]"));
}
cli_putstr_P(PSTR("\r\ntest 2: "));
memcpy_P(buffer, Salsa20_spectest2_in, 64);
salsa20_hash((uint32_t*)buffer);
if(memcmp_P(buffer, Salsa20_spectest2_ref, 64)){
cli_putstr_P(PSTR(" [fail]"));
}else{
cli_putstr_P(PSTR(" [ok]"));
}
uint32_t count=0;
cli_putstr_P(PSTR("\r\ntest 3: "));
memcpy_P(buffer, Salsa20_spectest3_in, 64);
do{
if((count&0xFFFF)==0){
cli_putc('.');
if((count&0x20FFFF)==0){
cli_putc('\r'); cli_putc('\n');
}
}
salsa20_hash((uint32_t*)buffer);
}while(++count<1000000);
if(memcmp_P(buffer, Salsa20_spectest0_ref, 64)){
cli_putstr_P(PSTR(" [fail]"));
}else{
cli_putstr_P(PSTR(" [ok]"));
}
}
void testrun_nessie_salsa20(void){
scal_nessie_set_estream(1);
scal_nessie_run(&salsa20_desc);
}
/*
void testrun_performance_arcfour(void){
uint64_t t;
char str[16];
uint8_t key[16];
arcfour_ctx_t ctx;
calibrateTimer();
print_overhead();
memset(key, 0, 16);
startTimer(1);
arcfour_init(key, 16, &ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tctx-gen time: "));
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
startTimer(1);
arcfour_gen(&ctx);
t = stopTimer();
cli_putstr_P(PSTR("\r\n\tencrypt time: "));
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
cli_putstr_P(PSTR("\r\n"));
}
*/
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] PROGMEM = "nessie";
const char test_str[] PROGMEM = "test";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
cmdlist_entry_t cmdlist[] PROGMEM = {
{ nessie_str, NULL, testrun_nessie_salsa20 },
// { performance_str, NULL, testrun_performance_arcfour},
{ test_str, NULL, spec_test},
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
DEBUG_INIT();
cli_rx = (cli_rx_fpt)uart0_getc;
cli_tx = (cli_tx_fpt)uart0_putc;
for(;;){
cli_putstr_P(PSTR("\r\n\r\nCrypto-VS ("));
cli_putstr(algo_name);
cli_putstr_P(PSTR(")\r\nloaded and running\r\n"));
cmd_interface(cmdlist);
}
}

4774
testvectors/salsa20-full-verified.test-vectors Normal file
View File

File diff suppressed because it is too large Load Diff