Botan 3.7.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::Salsa20 Class Referencefinal

#include <salsa20.h>

Inheritance diagram for Botan::Salsa20:
Botan::StreamCipher Botan::SymmetricAlgorithm

Public Member Functions

size_t buffer_size () const override
 
void cipher (const uint8_t in[], uint8_t out[], size_t len)
 
void cipher (std::span< const uint8_t > in, std::span< uint8_t > out)
 
void cipher1 (std::span< uint8_t > buf)
 
void cipher1 (uint8_t buf[], size_t len)
 
void clear () override
 
StreamCipherclone () const
 
void decrypt (std::span< uint8_t > inout)
 
size_t default_iv_length () const override
 
void encipher (std::span< uint8_t > inout)
 
void encrypt (std::span< uint8_t > inout)
 
bool has_keying_material () const override
 
Key_Length_Specification key_spec () const override
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T keystream_bytes (size_t bytes)
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
std::unique_ptr< StreamCiphernew_object () const override
 
virtual std::string provider () const
 
void seek (uint64_t offset) override
 
void set_iv (const uint8_t iv[], size_t iv_len)
 
void set_iv (std::span< const uint8_t > iv)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
bool valid_iv_length (size_t iv_len) const override
 
bool valid_keylength (size_t length) const
 
void write_keystream (std::span< uint8_t > out)
 
void write_keystream (uint8_t out[], size_t len)
 

Static Public Member Functions

static std::unique_ptr< StreamCiphercreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< StreamCiphercreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static void hsalsa20 (uint32_t output[8], const uint32_t input[16])
 
static std::vector< std::string > providers (std::string_view algo_spec)
 
static void salsa_core (uint8_t output[64], const uint32_t input[16], size_t rounds)
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 
void cipher_bytes (const uint8_t in[], uint8_t out[], size_t length) override
 
virtual void generate_keystream (uint8_t out[], size_t len)
 
void set_iv_bytes (const uint8_t iv[], size_t iv_len) override
 

Detailed Description

DJB's Salsa20 (and XSalsa20)

Definition at line 18 of file salsa20.h.

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 139 of file sym_algo.h.

139{ assert_key_material_set(has_keying_material()); }
Botan::SymmetricAlgorithm::has_keying_material
virtual bool has_keying_material() const =0
Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:139

References Botan::SymmetricAlgorithm::assert_key_material_set().

Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::nonce_hash(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), seek(), Botan::GHASH::set_associated_data(), Botan::OCB_Mode::set_associated_data_n(), set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

141 {
142 if(!predicate) {
143 throw_key_not_set_error();
144 }
145 }

◆ buffer_size()

size_t Botan::Salsa20::buffer_size ( ) const
overridevirtual

Return the optimium buffer size to use with this cipher

Most stream ciphers internally produce blocks of bytes. This function returns that block size. Aligning buffer sizes to a multiple of this size may improve performance by reducing internal buffering overhead.

Note the return value of this function may change for any particular algorithm due to changes in the implementation from release to release, or changes in the runtime environment (such as CPUID indicating availability of an optimized implementation). It is not intrinsic to the algorithm; it is just a suggestion for gaining best performance.

Implements Botan::StreamCipher.

Definition at line 168 of file salsa20.cpp.

168 {
169 return 64;
170}

◆ cipher() [1/2]

void Botan::StreamCipher::cipher ( const uint8_t in[],
uint8_t out[],
size_t len )
inlineinherited

Encrypt or decrypt a message

Processes all bytes plain/ciphertext from in and writes the result to out.

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext
lenthe length of both in and out in bytes

Definition at line 60 of file stream_cipher.h.

60{ cipher_bytes(in, out, len); }
Botan::StreamCipher::cipher_bytes
virtual void cipher_bytes(const uint8_t in[], uint8_t out[], size_t len)=0

Referenced by Botan::StreamCipher::create(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

◆ cipher() [2/2]

void Botan::StreamCipher::cipher ( std::span< const uint8_t > in,
std::span< uint8_t > out )
inlineinherited

Encrypt or decrypt a message

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext with at least the same size as in

Definition at line 68 of file stream_cipher.h.

68 {
69 BOTAN_ARG_CHECK(in.size() <= out.size(),
70 "Output buffer of stream cipher must be at least as long as input buffer");
71 cipher_bytes(in.data(), out.data(), in.size());
72 }
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

References BOTAN_ARG_CHECK.

◆ cipher1() [1/2]

void Botan::StreamCipher::cipher1 ( std::span< uint8_t > buf)
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext

Definition at line 120 of file stream_cipher.h.

120{ cipher(buf, buf); }
Botan::StreamCipher::cipher
void cipher(const uint8_t in[], uint8_t out[], size_t len)
Definition stream_cipher.h:60

◆ cipher1() [2/2]

void Botan::StreamCipher::cipher1 ( uint8_t buf[],
size_t len )
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext
lenthe length of buf in bytes

Definition at line 113 of file stream_cipher.h.

113{ cipher(buf, buf, len); }

Referenced by Botan::StreamCipher::generate_keystream().

◆ cipher_bytes()

void Botan::Salsa20::cipher_bytes ( const uint8_t in[],
uint8_t out[],
size_t len )
overrideprotectedvirtual

Encrypt or decrypt a message

Implements Botan::StreamCipher.

Definition at line 102 of file salsa20.cpp.

102 {
103 assert_key_material_set();
104
105 while(length >= m_buffer.size() - m_position) {
106 const size_t available = m_buffer.size() - m_position;
107
108 xor_buf(out, in, &m_buffer[m_position], available);
109 salsa_core(m_buffer.data(), m_state.data(), 20);
110
111 ++m_state[8];
112 m_state[9] += (m_state[8] == 0);
113
114 length -= available;
115 in += available;
116 out += available;
117
118 m_position = 0;
119 }
120
121 xor_buf(out, in, &m_buffer[m_position], length);
122
123 m_position += length;
124}
Botan::Salsa20::salsa_core
static void salsa_core(uint8_t output[64], const uint32_t input[16], size_t rounds)
Definition salsa20.cpp:62
Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:342

References Botan::SymmetricAlgorithm::assert_key_material_set(), salsa_core(), and Botan::xor_buf().

◆ clear()

void Botan::Salsa20::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 260 of file salsa20.cpp.

260 {
261 zap(m_key);
262 zap(m_state);
263 zap(m_buffer);
264 m_position = 0;
265}
Botan::zap
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:117

References Botan::zap().

◆ clone()

StreamCipher * Botan::StreamCipher::clone ( ) const
inlineinherited
Returns
a new object representing the same algorithm as *this

Definition at line 199 of file stream_cipher.h.

199{ return this->new_object().release(); }
Botan::StreamCipher::new_object
virtual std::unique_ptr< StreamCipher > new_object() const =0

◆ create()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 40 of file stream_cipher.cpp.

40 {
41#if defined(BOTAN_HAS_SHAKE_CIPHER)
42 if(algo_spec == "SHAKE-128" || algo_spec == "SHAKE-128-XOF") {
43 if(provider.empty() || provider == "base") {
44 return std::make_unique<SHAKE_128_Cipher>();
45 }
46 }
47
48 if(algo_spec == "SHAKE-256" || algo_spec == "SHAKE-256-XOF") {
49 if(provider.empty() || provider == "base") {
50 return std::make_unique<SHAKE_256_Cipher>();
51 }
52 }
53#endif
54
55#if defined(BOTAN_HAS_CHACHA)
56 if(algo_spec == "ChaCha20") {
57 if(provider.empty() || provider == "base") {
58 return std::make_unique<ChaCha>(20);
59 }
60 }
61#endif
62
63#if defined(BOTAN_HAS_SALSA20)
64 if(algo_spec == "Salsa20") {
65 if(provider.empty() || provider == "base") {
66 return std::make_unique<Salsa20>();
67 }
68 }
69#endif
70
71 const SCAN_Name req(algo_spec);
72
73#if defined(BOTAN_HAS_CTR_BE)
74 if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1, 2)) {
75 if(provider.empty() || provider == "base") {
76 auto cipher = BlockCipher::create(req.arg(0));
77 if(cipher) {
78 size_t ctr_size = req.arg_as_integer(1, cipher->block_size());
79 return std::make_unique<CTR_BE>(std::move(cipher), ctr_size);
80 }
81 }
82 }
83#endif
84
85#if defined(BOTAN_HAS_CHACHA)
86 if(req.algo_name() == "ChaCha") {
87 if(provider.empty() || provider == "base") {
88 return std::make_unique<ChaCha>(req.arg_as_integer(0, 20));
89 }
90 }
91#endif
92
93#if defined(BOTAN_HAS_OFB)
94 if(req.algo_name() == "OFB" && req.arg_count() == 1) {
95 if(provider.empty() || provider == "base") {
96 if(auto cipher = BlockCipher::create(req.arg(0))) {
97 return std::make_unique<OFB>(std::move(cipher));
98 }
99 }
100 }
101#endif
102
103#if defined(BOTAN_HAS_RC4)
104
105 if(req.algo_name() == "RC4" || req.algo_name() == "ARC4" || req.algo_name() == "MARK-4") {
106 const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0);
107
108 if(provider.empty() || provider == "base") {
109 return std::make_unique<RC4>(skip);
110 }
111 }
112
113#endif
114
115 BOTAN_UNUSED(req);
116 BOTAN_UNUSED(provider);
117
118 return nullptr;
119}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
Botan::BlockCipher::create
static std::unique_ptr< BlockCipher > create(std::string_view algo_spec, std::string_view provider="")
Definition block_cipher.cpp:91
Botan::StreamCipher::provider
virtual std::string provider() const
Definition stream_cipher.h:225

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), BOTAN_UNUSED, Botan::StreamCipher::cipher(), Botan::BlockCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::BlockCipher::create(), Botan::Cipher_Mode::create(), and Botan::StreamCipher::create_or_throw().

◆ create_or_throw()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create_or_throw ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use Throws a Lookup_Error if the algo/provider combination cannot be found

Definition at line 122 of file stream_cipher.cpp.

122 {
123 if(auto sc = StreamCipher::create(algo, provider)) {
124 return sc;
125 }
126 throw Lookup_Error("Stream cipher", algo, provider);
127}
Botan::StreamCipher::create
static std::unique_ptr< StreamCipher > create(std::string_view algo_spec, std::string_view provider="")
Definition stream_cipher.cpp:40

References Botan::StreamCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Sodium::crypto_secretbox_detached(), Botan::Sodium::crypto_secretbox_open_detached(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305_open(), Botan::Sodium::crypto_stream_chacha20(), Botan::Sodium::crypto_stream_chacha20_ietf(), Botan::Sodium::crypto_stream_chacha20_ietf_xor_ic(), Botan::Sodium::crypto_stream_chacha20_xor_ic(), Botan::Sodium::crypto_stream_xchacha20(), and Botan::Sodium::crypto_stream_xchacha20_xor_ic().

◆ decrypt()

void Botan::StreamCipher::decrypt ( std::span< uint8_t > inout)
inlineinherited

Decrypt a message in place The message is decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 141 of file stream_cipher.h.

141{ cipher(inout.data(), inout.data(), inout.size()); }

◆ default_iv_length()

size_t Botan::Salsa20::default_iv_length ( ) const
overridevirtual

Return the default (preferred) nonce length

If this function returns zero, then this cipher does not support nonces; in this case any call to set_iv with a (non-empty) value will fail.

Default implementation returns 0

Reimplemented from Botan::StreamCipher.

Definition at line 241 of file salsa20.cpp.

241 {
242 return 24;
243}

◆ encipher()

void Botan::StreamCipher::encipher ( std::span< uint8_t > inout)
inlineinherited

Encrypt a message The message is encrypted/decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 127 of file stream_cipher.h.

127{ cipher(inout.data(), inout.data(), inout.size()); }

◆ encrypt()

void Botan::StreamCipher::encrypt ( std::span< uint8_t > inout)
inlineinherited

Encrypt a message The message is encrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 134 of file stream_cipher.h.

134{ cipher(inout.data(), inout.data(), inout.size()); }

◆ generate_keystream()

void Botan::StreamCipher::generate_keystream ( uint8_t out[],
size_t len )
protectedvirtualinherited

Write keystream bytes to a buffer

Definition at line 137 of file stream_cipher.cpp.

137 {
138 clear_mem(out, len);
139 cipher1(out, len);
140}
Botan::StreamCipher::cipher1
void cipher1(uint8_t buf[], size_t len)
Definition stream_cipher.h:113
Botan::clear_mem
constexpr void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:121

References Botan::StreamCipher::cipher1(), and Botan::clear_mem().

◆ has_keying_material()

bool Botan::Salsa20::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 164 of file salsa20.cpp.

164 {
165 return !m_state.empty();
166}

◆ hsalsa20()

void Botan::Salsa20::hsalsa20 ( uint32_t output[8],
const uint32_t input[16] )
static

Definition at line 31 of file salsa20.cpp.

31 {
32 uint32_t x00 = input[0], x01 = input[1], x02 = input[2], x03 = input[3], x04 = input[4], x05 = input[5],
33 x06 = input[6], x07 = input[7], x08 = input[8], x09 = input[9], x10 = input[10], x11 = input[11],
34 x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
35
36 for(size_t i = 0; i != 10; ++i) {
37 salsa20_quarter_round(x00, x04, x08, x12);
38 salsa20_quarter_round(x05, x09, x13, x01);
39 salsa20_quarter_round(x10, x14, x02, x06);
40 salsa20_quarter_round(x15, x03, x07, x11);
41
42 salsa20_quarter_round(x00, x01, x02, x03);
43 salsa20_quarter_round(x05, x06, x07, x04);
44 salsa20_quarter_round(x10, x11, x08, x09);
45 salsa20_quarter_round(x15, x12, x13, x14);
46 }
47
48 output[0] = x00;
49 output[1] = x05;
50 output[2] = x10;
51 output[3] = x15;
52 output[4] = x06;
53 output[5] = x07;
54 output[6] = x08;
55 output[7] = x09;
56}

Referenced by Botan::Sodium::crypto_core_hsalsa20(), and set_iv_bytes().

◆ key_spec()

Key_Length_Specification Botan::Salsa20::key_spec ( ) const
overridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 245 of file salsa20.cpp.

245 {
246 return Key_Length_Specification(16, 32, 16);
247}

◆ keystream_bytes()

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::StreamCipher::keystream_bytes ( size_t bytes)
inlineinherited

Get bytes from the keystream

The bytes are written into a continous byte buffer of your choosing.

Parameters
bytesThe number of bytes to be produced

Definition at line 101 of file stream_cipher.h.

101 {
102 T out(bytes);
103 write_keystream(out);
104 return out;
105 }
Botan::StreamCipher::write_keystream
void write_keystream(uint8_t out[], size_t len)
Definition stream_cipher.h:82
T
FE_25519 T
Definition ge.cpp:34

References T.

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 95 of file sym_algo.h.

95{ return key_spec().maximum_keylength(); }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition sym_algo.h:54
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 100 of file sym_algo.h.

100{ return key_spec().minimum_keylength(); }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition sym_algo.h:49

◆ name()

std::string Botan::Salsa20::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 253 of file salsa20.cpp.

253 {
254 return "Salsa20";
255}

Referenced by set_iv_bytes().

◆ new_object()

std::unique_ptr< StreamCipher > Botan::Salsa20::new_object ( ) const
overridevirtual
Returns
new object representing the same algorithm as *this

Implements Botan::StreamCipher.

Definition at line 249 of file salsa20.cpp.

249 {
250 return std::make_unique<Salsa20>();
251}

◆ provider()

virtual std::string Botan::StreamCipher::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2" or some other arbitrary string.

Reimplemented in Botan::ChaCha.

Definition at line 225 of file stream_cipher.h.

225{ return "base"; }

Referenced by Botan::StreamCipher::create(), and Botan::StreamCipher::create_or_throw().

◆ providers()

std::vector< std::string > Botan::StreamCipher::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 129 of file stream_cipher.cpp.

129 {
130 return probe_providers_of<StreamCipher>(algo_spec);
131}
Botan::probe_providers_of
std::vector< std::string > probe_providers_of(std::string_view algo_spec, const std::vector< std::string > &possible={"base"})
Definition scan_name.h:105

References Botan::probe_providers_of().

◆ salsa_core()

void Botan::Salsa20::salsa_core ( uint8_t output[64],
const uint32_t input[16],
size_t rounds )
static

Definition at line 62 of file salsa20.cpp.

62 {
63 BOTAN_ASSERT_NOMSG(rounds % 2 == 0);
64
65 uint32_t x00 = input[0], x01 = input[1], x02 = input[2], x03 = input[3], x04 = input[4], x05 = input[5],
66 x06 = input[6], x07 = input[7], x08 = input[8], x09 = input[9], x10 = input[10], x11 = input[11],
67 x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
68
69 for(size_t i = 0; i != rounds / 2; ++i) {
70 salsa20_quarter_round(x00, x04, x08, x12);
71 salsa20_quarter_round(x05, x09, x13, x01);
72 salsa20_quarter_round(x10, x14, x02, x06);
73 salsa20_quarter_round(x15, x03, x07, x11);
74
75 salsa20_quarter_round(x00, x01, x02, x03);
76 salsa20_quarter_round(x05, x06, x07, x04);
77 salsa20_quarter_round(x10, x11, x08, x09);
78 salsa20_quarter_round(x15, x12, x13, x14);
79 }
80
81 store_le(x00 + input[0], output + 4 * 0);
82 store_le(x01 + input[1], output + 4 * 1);
83 store_le(x02 + input[2], output + 4 * 2);
84 store_le(x03 + input[3], output + 4 * 3);
85 store_le(x04 + input[4], output + 4 * 4);
86 store_le(x05 + input[5], output + 4 * 5);
87 store_le(x06 + input[6], output + 4 * 6);
88 store_le(x07 + input[7], output + 4 * 7);
89 store_le(x08 + input[8], output + 4 * 8);
90 store_le(x09 + input[9], output + 4 * 9);
91 store_le(x10 + input[10], output + 4 * 10);
92 store_le(x11 + input[11], output + 4 * 11);
93 store_le(x12 + input[12], output + 4 * 12);
94 store_le(x13 + input[13], output + 4 * 13);
95 store_le(x14 + input[14], output + 4 * 14);
96 store_le(x15 + input[15], output + 4 * 15);
97}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Botan::store_le
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:764

References BOTAN_ASSERT_NOMSG, and Botan::store_le().

Referenced by cipher_bytes(), seek(), and set_iv_bytes().

◆ seek()

void Botan::Salsa20::seek ( uint64_t offset)
overridevirtual

Set the offset and the state used later to generate the keystream

Sets the state of the stream cipher and keystream according to the passed offset, exactly as if offset bytes had first been encrypted. The key and (if required) the IV have to be set before this can be called.

Note
Not all ciphers support seeking; such objects will throw Not_Implemented in this case.
Parameters
offsetthe offset where we begin to generate the keystream

Implements Botan::StreamCipher.

Definition at line 267 of file salsa20.cpp.

267 {
268 assert_key_material_set();
269
270 // Find the block offset
271 const uint64_t counter = offset / 64;
272 uint8_t counter8[8];
273 store_le(counter, counter8);
274
275 m_state[8] = load_le<uint32_t>(counter8, 0);
276 m_state[9] += load_le<uint32_t>(counter8, 1);
277
278 salsa_core(m_buffer.data(), m_state.data(), 20);
279
280 ++m_state[8];
281 m_state[9] += (m_state[8] == 0);
282
283 m_position = offset % 64;
284}
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:521

References Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::load_le(), salsa_core(), and Botan::store_le().

Referenced by Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

◆ set_iv() [1/2]

void Botan::StreamCipher::set_iv ( const uint8_t iv[],
size_t iv_len )
inlineinherited

Resync the cipher using the IV

Load IV into the stream cipher state. This should happen after the key is set (set_key()) and before any operation (encrypt(), decrypt() or seek()) is called.

If the cipher does not support IVs, then a call with an empty IV will be accepted and any other length will cause an Invalid_IV_Length exception.

Parameters
ivthe initialization vector
iv_lenthe length of the IV in bytes

Definition at line 171 of file stream_cipher.h.

171{ set_iv_bytes(iv, iv_len); }
Botan::StreamCipher::set_iv_bytes
virtual void set_iv_bytes(const uint8_t iv[], size_t iv_len)=0

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SIV_Mode::set_ctr_iv().

◆ set_iv() [2/2]

void Botan::StreamCipher::set_iv ( std::span< const uint8_t > iv)
inlineinherited

Resync the cipher using the IV

Parameters
ivthe initialization vector
Exceptions
Invalid_IV_Lengthif an incompatible IV was passed.

Definition at line 178 of file stream_cipher.h.

178{ set_iv_bytes(iv.data(), iv.size()); }

◆ set_iv_bytes()

void Botan::Salsa20::set_iv_bytes ( const uint8_t iv[],
size_t iv_len )
overrideprotectedvirtual

Resync the cipher using the IV

Implements Botan::StreamCipher.

Definition at line 188 of file salsa20.cpp.

188 {
189 assert_key_material_set();
190
191 if(!valid_iv_length(length)) {
192 throw Invalid_IV_Length(name(), length);
193 }
194
195 initialize_state();
196
197 if(length == 0) {
198 // Salsa20 null IV
199 m_state[6] = 0;
200 m_state[7] = 0;
201 } else if(length == 8) {
202 // Salsa20
203 m_state[6] = load_le<uint32_t>(iv, 0);
204 m_state[7] = load_le<uint32_t>(iv, 1);
205 } else {
206 // XSalsa20
207 m_state[6] = load_le<uint32_t>(iv, 0);
208 m_state[7] = load_le<uint32_t>(iv, 1);
209 m_state[8] = load_le<uint32_t>(iv, 2);
210 m_state[9] = load_le<uint32_t>(iv, 3);
211
212 secure_vector<uint32_t> hsalsa(8);
213 hsalsa20(hsalsa.data(), m_state.data());
214
215 m_state[1] = hsalsa[0];
216 m_state[2] = hsalsa[1];
217 m_state[3] = hsalsa[2];
218 m_state[4] = hsalsa[3];
219 m_state[6] = load_le<uint32_t>(iv, 4);
220 m_state[7] = load_le<uint32_t>(iv, 5);
221 m_state[11] = hsalsa[4];
222 m_state[12] = hsalsa[5];
223 m_state[13] = hsalsa[6];
224 m_state[14] = hsalsa[7];
225 }
226
227 m_state[8] = 0;
228 m_state[9] = 0;
229
230 salsa_core(m_buffer.data(), m_state.data(), 20);
231 ++m_state[8];
232 m_state[9] += (m_state[8] == 0);
233
234 m_position = 0;
235}
Botan::Salsa20::hsalsa20
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition salsa20.cpp:31
Botan::Salsa20::valid_iv_length
bool valid_iv_length(size_t iv_len) const override
Definition salsa20.cpp:237
Botan::Salsa20::name
std::string name() const override
Definition salsa20.cpp:253
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References Botan::SymmetricAlgorithm::assert_key_material_set(), hsalsa20(), Botan::load_le(), name(), salsa_core(), and valid_iv_length().

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey & key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 113 of file sym_algo.h.

113{ set_key(std::span{key.begin(), key.length()}); }
Botan::SymmetricAlgorithm::set_key
void set_key(const SymmetricKey &key)
Definition sym_algo.h:113

References Botan::OctetString::begin(), Botan::OctetString::length(), and Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SymmetricAlgorithm::set_key().

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 126 of file sym_algo.h.

126{ set_key(std::span{key, length}); }

References Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 17 of file sym_algo.cpp.

17 {
18 if(!valid_keylength(key.size())) {
19 throw Invalid_Key_Length(name(), key.size());
20 }
21 key_schedule(key);
22}
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:107
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ valid_iv_length()

bool Botan::Salsa20::valid_iv_length ( size_t iv_len) const
overridevirtual
Parameters
iv_lenthe length of the IV in bytes
Returns
if the length is valid for this algorithm

Reimplemented from Botan::StreamCipher.

Definition at line 237 of file salsa20.cpp.

237 {
238 return (iv_len == 0 || iv_len == 8 || iv_len == 24);
239}

Referenced by set_iv_bytes().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 107 of file sym_algo.h.

107{ return key_spec().valid_keylength(length); }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:42

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ write_keystream() [1/2]

void Botan::StreamCipher::write_keystream ( std::span< uint8_t > out)
inlineinherited

Fill a given buffer with keystream bytes

The contents of out are ignored/overwritten

Parameters
outthe byte array to hold the keystream

Definition at line 91 of file stream_cipher.h.

91{ generate_keystream(out.data(), out.size()); }
Botan::StreamCipher::generate_keystream
virtual void generate_keystream(uint8_t out[], size_t len)
Definition stream_cipher.cpp:137

◆ write_keystream() [2/2]

void Botan::StreamCipher::write_keystream ( uint8_t out[],
size_t len )
inlineinherited

Write keystream bytes to a buffer

The contents of out are ignored/overwritten

Parameters
outthe byte array to hold the keystream
lenthe length of out in bytes

Definition at line 82 of file stream_cipher.h.

82{ generate_keystream(out, len); }

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_xsalsa20(), and Botan::Sodium::randombytes_buf_deterministic().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0