Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance.

1 files changed, 11 insertions, 3 deletions

diff --git a/selftest.cpp b/selftest.cpp
index 637b579e..8404f4a1 100644
--- a/selftest.cpp
+++ b/selftest.cpp
@@ -180,16 +180,16 @@ static int testCrypto()
 		memset(buf2,0,sizeof(buf2));
 		memset(buf3,0,sizeof(buf3));
 		Salsa20 s20;
-		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.init("12345678123456781234567812345678",256,"12345678",20);
 		s20.encrypt(buf1,buf2,sizeof(buf1));
-		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.init("12345678123456781234567812345678",256,"12345678",20);
 		s20.decrypt(buf2,buf3,sizeof(buf2));
 		if (memcmp(buf1,buf3,sizeof(buf1))) {
 			std::cout << "FAIL (encrypt/decrypt test)" << std::endl;
 			return -1;
 		}
 	}
-	Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+	Salsa20 s20(s20TV0Key,256,s20TV0Iv,20);
 	memset(buf1,0,sizeof(buf1));
 	memset(buf2,0,sizeof(buf2));
 	s20.encrypt(buf1,buf2,64);
@@ -197,6 +197,14 @@ static int testCrypto()
 		std::cout << "FAIL (test vector 0)" << std::endl;
 		return -1;
 	}
+	s20.init(s2012TV0Key,256,s2012TV0Iv,12);
+	memset(buf1,0,sizeof(buf1));
+	memset(buf2,0,sizeof(buf2));
+	s20.encrypt(buf1,buf2,64);
+	if (memcmp(buf2,s2012TV0Ks,64)) {
+		std::cout << "FAIL (test vector 1)" << std::endl;
+		return -1;
+	}
 	std::cout << "PASS" << std::endl;
 
 	return 0;