From 8c9b73f67b786d9c08ffc98cc4b0f9b7c44b7717 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 18 Oct 2013 17:39:48 -0400 Subject: Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance. --- node/Identity.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'node/Identity.cpp') diff --git a/node/Identity.cpp b/node/Identity.cpp index 0ea3dc18..d50c56fe 100644 --- a/node/Identity.cpp +++ b/node/Identity.cpp @@ -48,6 +48,9 @@ // Step distance for mixing genmem[] #define ZT_IDENTITY_GEN_MEMORY_MIX_STEP 1024 +// Rounds used for Salsa20 step +#define ZT_IDENTITY_GEN_SALSA20_ROUNDS 20 + namespace ZeroTier { // A memory-hard composition of SHA-512 and Salsa20 for hashcash hashing @@ -58,7 +61,7 @@ static inline void _computeMemoryHardHash(const void *publicKey,unsigned int pub // Generate genmem[] bytes of Salsa20 key stream memset(genmem,0,ZT_IDENTITY_GEN_MEMORY); - Salsa20 s20(digest,256,(char *)digest + 32); + Salsa20 s20(digest,256,(char *)digest + 32,ZT_IDENTITY_GEN_SALSA20_ROUNDS); s20.encrypt(genmem,genmem,ZT_IDENTITY_GEN_MEMORY); // Do something to genmem[] that iteratively makes every value -- cgit v1.2.3