Move salsa20/8 to C world, this took significant amount of time

Author: ktakashi

ext/crypto/CMakeLists.txt

@@ -68,7 +68,7 @@ IF(APPLE)
 ENDIF()
 TARGET_LINK_LIBRARIES(sagittarius--secure sagittarius)
 
-# sagittarius--secure
+# sagittarius--ec
 ADD_LIBRARY(sagittarius--ec MODULE
   sagittarius-ec.c
   ${CMAKE_CURRENT_BINARY_DIR}/ec-fields.c)
@@ -91,6 +91,28 @@ IF(APPLE)
 ENDIF()
 TARGET_LINK_LIBRARIES(sagittarius--ec sagittarius)
 
+# sagittarius--salsa
+ADD_LIBRARY(sagittarius--salsa MODULE
+  sagittarius-salsa.c
+  ${CMAKE_CURRENT_BINARY_DIR}/salsa.c)
+COPY_TARGET(sagittarius--salsa ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} TRUE)
+IF (USE_CPP_FOR_BROKEN_LINKER)
+  # ugly solution
+  SET_SOURCE_FILES_PROPERTIES(
+    sagittarius-salsa.c
+    ${CMAKE_CURRENT_BINARY_DIR}/salsa.c
+    PROPERTIES LANGUAGE CXX)
+ENDIF()
+ADD_STUBS(sagittarius--salsa
+  COMMAND ${GENSTUB}
+  FILES salsa.stub
+  OUTTREE)
+SET_TARGET_PROPERTIES(sagittarius--salsa PROPERTIES PREFIX "")
+IF(APPLE)
+  SET_TARGET_PROPERTIES(sagittarius--salsa PROPERTIES SUFFIX ".dylib")
+ENDIF()
+TARGET_LINK_LIBRARIES(sagittarius--salsa sagittarius)
+
 
 INSTALL(TARGETS sagittarius--tomcrypt
   DESTINATION ${SAGITTARIUS_DYNLIB_PATH})

ext/crypto/sagittarius-salsa.c

@@ -0,0 +1,106 @@
+/* sagittarius-salsa.c                            -*- mode: c; coding: utf-8; -*-
+ *
+ *   Copyright (c) 2024  Takashi Kato <ktakashi@ymail.com>
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ *   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ *   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ *   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sagittarius.h>
+#define LIBSAGITTARIUS_EXT_BODY
+#include <sagittarius/extend.h>
+#include "sagittarius-salsa.h"
+
+#ifdef noreturn
+# define noreturn_save noreturn
+# undef noreturn
+#endif
+#include <tomcrypt.h>
+#ifdef noreturn_save
+# define noreturn noreturn_save
+#endif
+
+#define QUARTERROUND(a,b,c,d)	      \
+  do {				      \
+    x[b] ^= (ROL((x[a] + x[d]),  7)); \
+    x[c] ^= (ROL((x[b] + x[a]),  9)); \
+    x[d] ^= (ROL((x[c] + x[b]), 13)); \
+    x[a] ^= (ROL((x[d] + x[c]), 18)); \
+  } while (0)
+
+static void salsa_core(uint8_t *out, uint8_t *in, int rounds)
+{
+  uint32_t x[16];
+  int i;
+
+  memcpy(x, in, sizeof(x));
+  
+  for (i = 0; i < rounds; i += 2) {
+    QUARTERROUND( 0, 4, 8,12);
+    QUARTERROUND( 5, 9,13, 1);
+    QUARTERROUND(10,14, 2, 6);
+    QUARTERROUND(15, 3, 7,11);
+    QUARTERROUND( 0, 1, 2, 3);
+    QUARTERROUND( 5, 6, 7, 4);
+    QUARTERROUND(10,11, 8, 9);
+    QUARTERROUND(15,12,13,14);
+  }
+
+  for (i = 0; i < 16; i++) {
+    x[i] += ((uint32_t *)in)[i];
+    STORE32L(x[i], out + 4 * i);
+  }
+}
+
+
+SgObject Sg_SalsaCore(SgObject in, int rounds)
+{
+  SgObject bv = Sg_ByteVectorCopy(SG_BVECTOR(in), 0, SG_BVECTOR_SIZE(in));
+  return Sg_SalsaCoreX(bv, rounds);
+
+}
+
+SgObject Sg_SalsaCoreX(SgObject in, int rounds)
+{
+  long i;
+  if (SG_BVECTOR_SIZE(in) % 64 != 0) {
+    Sg_AssertionViolation(SG_INTERN("salsa-core!"),
+      SG_MAKE_STRING("input of salsa-core! must be multiple of 64"),
+      in);
+  }
+  for (i = 0; i < SG_BVECTOR_SIZE(in); i += 64) {
+    salsa_core(SG_BVECTOR_ELEMENTS(in) + i, SG_BVECTOR_ELEMENTS(in) + i, rounds);
+  }
+  return in;
+}
+
+extern void Sg__Init_salsa(SgLibrary *lib);
+
+SG_EXTENSION_ENTRY void CDECL Sg_Init_sagittarius__salsa()
+{
+  SgLibrary *lib;
+  SG_INIT_EXTENSION(sagittarius__salsa);
+  lib = SG_LIBRARY(Sg_FindLibrary(SG_INTERN("(sagittarius crypto logic salsa)"),
+				  FALSE));
+  Sg__Init_salsa(lib);
+}

ext/crypto/sagittarius-salsa.h

@@ -0,0 +1,37 @@
+/* sagittarius-salsa.h                            -*- mode: c; coding: utf-8; -*-
+ *
+ *   Copyright (c) 2024  Takashi Kato <ktakashi@ymail.com>
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ *   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ *   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ *   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SAGITTARIUS_SALSA_H_
+#define SAGITTARIUS_SALSA_H_
+
+#include <sagittarius.h>
+
+SgObject Sg_SalsaCore(SgObject in, int rounds);
+SgObject Sg_SalsaCoreX(SgObject in, int rounds);
+
+#endif	/* SAGITTARIUS_SALSA_H_ */

ext/crypto/sagittarius/crypto/kdfs/scrypt.scm

@@ -40,6 +40,7 @@
 	    (sagittarius crypto digests)
 	    (sagittarius crypto mac)
 	    (sagittarius crypto kdfs pbkdf-2)
+	    (sagittarius crypto logic salsa)
 	    (util bytevector)
 	    (srfi :1 lists))
 
@@ -96,46 +97,5 @@
 	  (loop (+ i 1) X (cons X Y))))))
 
 ;; B = 64 octets
-(define (salsa20/8 B)
-  (define (u32 bv i) (bytevector-u32-ref bv (* i 4) (endianness little)))
-  (define (u32! bv i v) (bytevector-u32-set! bv (* i 4) v (endianness little)))
-  (define x (bytevector-copy B))
-  ;;  (((a) << (b)) | ((a) >> (32 - (b))))
-  (define (R a b)
-    (bitwise-and 
-     (bitwise-ior
-      (bitwise-arithmetic-shift-left a b)
-      (bitwise-arithmetic-shift-right (bitwise-and a #xFFFFFFFF) (- 32 b)))
-     #xFFFFFFFF))
-  (define (^= bv i v) (u32! bv i (bitwise-xor (u32 bv i) v)))
-  (define r u32)
-  (do ((i 0 (+ i 2)))
-      ((= i 8)
-       (do ((i 0 (+ i 1)))
-	   ((= i 16) B)
-	 (u32! B i (bitwise-and (+ (u32 B i) (u32 x i)) #xFFFFFFFF))))
-    (^= x  4 (R (+ (r x  0) (r x 12))  7)) (^= x  8 (R (+ (r x  4) (r x  0))  9))
-    (^= x 12 (R (+ (r x  8) (r x  4)) 13)) (^= x  0 (R (+ (r x 12) (r x  8)) 18))
-
-    (^= x  9 (R (+ (r x  5) (r x  1))  7)) (^= x 13 (R (+ (r x  9) (r x  5))  9))
-    (^= x  1 (R (+ (r x 13) (r x  9)) 13)) (^= x  5 (R (+ (r x  1) (r x 13)) 18))
-
-    (^= x 14 (R (+ (r x 10) (r x  6))  7)) (^= x  2 (R (+ (r x 14) (r x 10))  9))
-    (^= x  6 (R (+ (r x  2) (r x 14)) 13)) (^= x 10 (R (+ (r x  6) (r x  2)) 18))
-
-    (^= x  3 (R (+ (r x 15) (r x 11))  7)) (^= x  7 (R (+ (r x  3) (r x 15))  9))
-    (^= x 11 (R (+ (r x  7) (r x  3)) 13)) (^= x 15 (R (+ (r x 11) (r x  7)) 18))
-    
-    (^= x  1 (R (+ (r x  0) (r x  3))  7)) (^= x  2 (R (+ (r x  1) (r x  0))  9))
-    (^= x  3 (R (+ (r x  2) (r x  1)) 13)) (^= x  0 (R (+ (r x  3) (r x  2)) 18))
-    
-    (^= x  6 (R (+ (r x  5) (r x  4))  7)) (^= x  7 (R (+ (r x  6) (r x  5))  9))
-    (^= x  4 (R (+ (r x  7) (r x  6)) 13)) (^= x  5 (R (+ (r x  4) (r x  7)) 18))
-    
-    (^= x 11 (R (+ (r x 10) (r x  9))  7)) (^= x  8 (R (+ (r x 11) (r x 10))  9))
-    (^= x  9 (R (+ (r x  8) (r x 11)) 13)) (^= x 10 (R (+ (r x  9) (r x  8)) 18))
-    
-    (^= x 12 (R (+ (r x 15) (r x 14))  7)) (^= x 13 (R (+ (r x 12) (r x 15))  9))
-    (^= x 14 (R (+ (r x 13) (r x 12)) 13)) (^= x 15 (R (+ (r x 14) (r x 13)) 18))
-    ))
+(define (salsa20/8 B) (salsa-core! B 8))
 )

ext/crypto/sagittarius/crypto/logic/salsa.scm

@@ -0,0 +1,36 @@
+;;; -*- mode:scheme; coding:utf-8; -*-
+;;;
+;;; sagittarius/crypto/logic/salsa.scm - Salsa 20 core
+;;;  
+;;;   Copyright (c) 2024  Takashi Kato  <ktakashi@ymail.com>
+;;;   
+;;;   Redistribution and use in source and binary forms, with or without
+;;;   modification, are permitted provided that the following conditions
+;;;   are met:
+;;;   
+;;;   1. Redistributions of source code must retain the above copyright
+;;;      notice, this list of conditions and the following disclaimer.
+;;;  
+;;;   2. Redistributions in binary form must reproduce the above copyright
+;;;      notice, this list of conditions and the following disclaimer in the
+;;;      documentation and/or other materials provided with the distribution.
+;;;  
+;;;   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+;;;   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+;;;   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+;;;   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+;;;   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+;;;   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+;;;   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+;;;   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+;;;   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+;;;   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+;;;   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+;;;  
+
+;; Salsa20 core
+#!nounbound
+(library (sagittarius crypto logic salsa)
+    (export salsa-core salsa-core!)
+    (import (sagittarius dynamic-module))
+  (load-dynamic-module "sagittarius--salsa"))

ext/crypto/salsa.stub

@@ -0,0 +1,10 @@
+;; -*- mode: scheme; coding: utf-8; -*-
+
+(decl-code
+ (.include <sagittarius/private.h>)
+ (.define "LIBSAGITTARIUS_EXT_BODY")
+ (.include  <sagittarius/extend.h>
+	    <sagittarius-salsa.h>))
+
+(define-c-proc salsa-core (bv::<bytevector> rounds::<fixnum>) Sg_SalsaCore)
+(define-c-proc salsa-core! (bv::<bytevector> rounds::<fixnum>) Sg_SalsaCoreX)

ext/crypto/tests/test-scrypt.scm

@@ -30,4 +30,30 @@
  "f7ce0b653d2d72a4108cf5abe912ffdd777616dbbb27a70e8204f3ae2d0f6fad89f68f4811d1e87bcc3bd7400a9ffd29094f0184639574f39ae5a1315217bcd7894991447213bb226c25b54da86370fbcd984380374666bb8ffcb5bf40c254b067d27c51ce4ad5fed829c90b505a571b7f4d1cad6a523cda770e67bceaaf7e89"
  16 1)
 
+(define (test-scrypt P S N r p dk-len expected)
+  (if (string=? "" P)
+      (test-error (list "Empty password not allowed" N r p)
+		  (hex-string->bytevector expected)
+		  (scrypt (string->utf8 P)
+			  (string->utf8 S)
+			  N r p dk-len))
+      (test-equal (list P S N r p)
+		  (hex-string->bytevector expected)
+		  (scrypt (string->utf8 P)
+			  (string->utf8 S)
+			  N r p dk-len))))
+  
+(test-scrypt "" "" 16 1 1 64
+	     "77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906")
+
+(test-scrypt "password" "NaCl" 1024 8 16 64
+	     "fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640")
+
+(test-scrypt "pleaseletmein" "SodiumChloride" 16384 8 1 64
+	     "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887")
+
+(unless (getenv "CI")
+  (test-scrypt "pleaseletmein" "SodiumChloride" 1048576 8 1 64
+	       "2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4"))
+  
 (test-end)