Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::Salsa20 Class Referencefinal

#include <salsa20.h>

Inheritance diagram for Botan::Salsa20:
Botan::StreamCipher Botan::SymmetricAlgorithm

Public Member Functions

size_t buffer_size () const override
 
void cipher (const uint8_t in[], uint8_t out[], size_t len)
 
void cipher (std::span< const uint8_t > in, std::span< uint8_t > out)
 
void cipher1 (std::span< uint8_t > buf)
 
void cipher1 (uint8_t buf[], size_t len)
 
void clear () override
 
StreamCipherclone () const
 
void decrypt (std::span< uint8_t > inout)
 
size_t default_iv_length () const override
 
void encipher (std::span< uint8_t > inout)
 
void encrypt (std::span< uint8_t > inout)
 
bool has_keying_material () const override
 
Key_Length_Specification key_spec () const override
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T keystream_bytes (size_t bytes)
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
std::unique_ptr< StreamCiphernew_object () const override
 
virtual std::string provider () const
 
void seek (uint64_t offset) override
 
void set_iv (const uint8_t iv[], size_t iv_len)
 
void set_iv (std::span< const uint8_t > iv)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
bool valid_iv_length (size_t iv_len) const override
 
bool valid_keylength (size_t length) const
 
void write_keystream (std::span< uint8_t > out)
 
void write_keystream (uint8_t out[], size_t len)
 

Static Public Member Functions

static std::unique_ptr< StreamCiphercreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< StreamCiphercreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static void hsalsa20 (uint32_t output[8], const uint32_t input[16])
 
static std::vector< std::string > providers (std::string_view algo_spec)
 
static void salsa_core (uint8_t output[64], const uint32_t input[16], size_t rounds)
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 
void cipher_bytes (const uint8_t in[], uint8_t out[], size_t length) override
 
virtual void generate_keystream (uint8_t out[], size_t len)
 
void set_iv_bytes (const uint8_t iv[], size_t iv_len) override
 

Detailed Description

DJB's Salsa20 (and XSalsa20)

Definition at line 18 of file salsa20.h.

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 182 of file sym_algo.h.

183 {
185 }
virtual bool has_keying_material() const =0
void assert_key_material_set() const
Definition: sym_algo.h:182

Referenced by cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), seek(), Botan::OCB_Mode::set_associated_data_n(), set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool  predicate) const
inlineprotectedinherited

Definition at line 187 of file sym_algo.h.

188 {
189 if(!predicate)
190 throw_key_not_set_error();
191 }

◆ buffer_size()

size_t Botan::Salsa20::buffer_size ( ) const
overridevirtual

Return the optimium buffer size to use with this cipher

Most stream ciphers internally produce blocks of bytes. This function returns that block size. Aligning buffer sizes to a multiple of this size may improve performance by reducing internal buffering overhead.

Note the return value of this function may change for any particular algorithm due to changes in the implementation from release to release, or changes in the runtime environment (such as CPUID indicating availability of an optimized implementation). It is not intrinsic to the algorithm; it is just a suggestion for gaining best performance.

Implements Botan::StreamCipher.

Definition at line 186 of file salsa20.cpp.

187 {
188 return 64;
189 }

◆ cipher() [1/2]

void Botan::StreamCipher::cipher ( const uint8_t  in[],
uint8_t  out[],
size_t  len 
)
inlineinherited

Encrypt or decrypt a message

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext
lenthe length of both in and out in bytes

Definition at line 61 of file stream_cipher.h.

62 { cipher_bytes(in, out, len); }
virtual void cipher_bytes(const uint8_t in[], uint8_t out[], size_t len)=0

Referenced by Botan::StreamCipher::create(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

◆ cipher() [2/2]

void Botan::StreamCipher::cipher ( std::span< const uint8_t >  in,
std::span< uint8_t >  out 
)
inlineinherited

Encrypt or decrypt a message

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext with at least the same size as in

Definition at line 70 of file stream_cipher.h.

71 {
72 BOTAN_ARG_CHECK(in.size() <= out.size(),
73 "Output buffer of stream cipher must be at least as long as input buffer");
74 cipher_bytes(in.data(), out.data(), in.size());
75 }
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36

References BOTAN_ARG_CHECK.

◆ cipher1() [1/2]

void Botan::StreamCipher::cipher1 ( std::span< uint8_t >  buf)
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext

Definition at line 125 of file stream_cipher.h.

126 { cipher(buf, buf); }
void cipher(const uint8_t in[], uint8_t out[], size_t len)
Definition: stream_cipher.h:61

◆ cipher1() [2/2]

void Botan::StreamCipher::cipher1 ( uint8_t  buf[],
size_t  len 
)
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext
lenthe length of buf in bytes

Definition at line 117 of file stream_cipher.h.

118 { cipher(buf, buf, len); }

◆ cipher_bytes()

void Botan::Salsa20::cipher_bytes ( const uint8_t  in[],
uint8_t  out[],
size_t  len 
)
overrideprotectedvirtual

Encrypt or decrypt a message

Implements Botan::StreamCipher.

Definition at line 111 of file salsa20.cpp.

112 {
114
115 while(length >= m_buffer.size() - m_position)
116 {
117 const size_t available = m_buffer.size() - m_position;
118
119 xor_buf(out, in, &m_buffer[m_position], available);
120 salsa_core(m_buffer.data(), m_state.data(), 20);
121
122 ++m_state[8];
123 m_state[9] += (m_state[8] == 0);
124
125 length -= available;
126 in += available;
127 out += available;
128
129 m_position = 0;
130 }
131
132 xor_buf(out, in, &m_buffer[m_position], length);
133
134 m_position += length;
135 }
static void salsa_core(uint8_t output[64], const uint32_t input[16], size_t rounds)
Definition: salsa20.cpp:68
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:255

References Botan::SymmetricAlgorithm::assert_key_material_set(), salsa_core(), and Botan::xor_buf().

◆ clear()

void Botan::Salsa20::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 290 of file salsa20.cpp.

291 {
292 zap(m_key);
293 zap(m_state);
294 zap(m_buffer);
295 m_position = 0;
296 }
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:129

References Botan::zap().

◆ clone()

StreamCipher * Botan::StreamCipher::clone ( ) const
inlineinherited
Returns
a new object representing the same algorithm as *this

Definition at line 199 of file stream_cipher.h.

200 {
201 return this->new_object().release();
202 }
virtual std::unique_ptr< StreamCipher > new_object() const =0

◆ create()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create ( std::string_view  algo_spec,
std::string_view  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 38 of file stream_cipher.cpp.

40 {
41#if defined(BOTAN_HAS_SHAKE_CIPHER)
42 if(algo_spec == "SHAKE-128" || algo_spec == "SHAKE-128-XOF")
43 {
44 if(provider.empty() || provider == "base")
45 return std::make_unique<SHAKE_128_Cipher>();
46 }
47
48 if(algo_spec == "SHAKE-256" || algo_spec == "SHAKE-256-XOF")
49 {
50 if(provider.empty() || provider == "base")
51 return std::make_unique<SHAKE_256_Cipher>();
52 }
53#endif
54
55#if defined(BOTAN_HAS_CHACHA)
56 if(algo_spec == "ChaCha20")
57 {
58 if(provider.empty() || provider == "base")
59 return std::make_unique<ChaCha>(20);
60 }
61#endif
62
63#if defined(BOTAN_HAS_SALSA20)
64 if(algo_spec == "Salsa20")
65 {
66 if(provider.empty() || provider == "base")
67 return std::make_unique<Salsa20>();
68 }
69#endif
70
71 const SCAN_Name req(algo_spec);
72
73#if defined(BOTAN_HAS_CTR_BE)
74 if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1,2))
75 {
76 if(provider.empty() || provider == "base")
77 {
78 auto cipher = BlockCipher::create(req.arg(0));
79 if(cipher)
80 {
81 size_t ctr_size = req.arg_as_integer(1, cipher->block_size());
82 return std::make_unique<CTR_BE>(std::move(cipher), ctr_size);
83 }
84 }
85 }
86#endif
87
88#if defined(BOTAN_HAS_CHACHA)
89 if(req.algo_name() == "ChaCha")
90 {
91 if(provider.empty() || provider == "base")
92 return std::make_unique<ChaCha>(req.arg_as_integer(0, 20));
93 }
94#endif
95
96#if defined(BOTAN_HAS_OFB)
97 if(req.algo_name() == "OFB" && req.arg_count() == 1)
98 {
99 if(provider.empty() || provider == "base")
100 {
101 if(auto cipher = BlockCipher::create(req.arg(0)))
102 return std::make_unique<OFB>(std::move(cipher));
103 }
104 }
105#endif
106
107#if defined(BOTAN_HAS_RC4)
108
109 if(req.algo_name() == "RC4" ||
110 req.algo_name() == "ARC4" ||
111 req.algo_name() == "MARK-4")
112 {
113 const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0);
114
115 if(provider.empty() || provider == "base")
116 {
117 return std::make_unique<RC4>(skip);
118 }
119 }
120
121#endif
122
123 BOTAN_UNUSED(req);
125
126 return nullptr;
127 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
static std::unique_ptr< BlockCipher > create(std::string_view algo_spec, std::string_view provider="")
virtual std::string provider() const

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), BOTAN_UNUSED, Botan::StreamCipher::cipher(), Botan::BlockCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::Cipher_Mode::create(), Botan::BlockCipher::create(), and Botan::StreamCipher::create_or_throw().

◆ create_or_throw()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create_or_throw ( std::string_view  algo_spec,
std::string_view  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use Throws a Lookup_Error if the algo/provider combination cannot be found

Definition at line 131 of file stream_cipher.cpp.

133 {
134 if(auto sc = StreamCipher::create(algo, provider))
135 {
136 return sc;
137 }
138 throw Lookup_Error("Stream cipher", algo, provider);
139 }
static std::unique_ptr< StreamCipher > create(std::string_view algo_spec, std::string_view provider="")

References Botan::StreamCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Sodium::crypto_secretbox_detached(), Botan::Sodium::crypto_secretbox_open_detached(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305_open(), Botan::Sodium::crypto_stream_chacha20(), Botan::Sodium::crypto_stream_chacha20_ietf(), Botan::Sodium::crypto_stream_chacha20_ietf_xor_ic(), Botan::Sodium::crypto_stream_chacha20_xor_ic(), Botan::Sodium::crypto_stream_xchacha20(), Botan::Sodium::crypto_stream_xchacha20_xor_ic(), and Botan::Dilithium_AES_Symmetric_Primitives::XOF().

◆ decrypt()

void Botan::StreamCipher::decrypt ( std::span< uint8_t >  inout)
inlineinherited

Decrypt a message in place The message is decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 149 of file stream_cipher.h.

150 { cipher(inout.data(), inout.data(), inout.size()); }

◆ default_iv_length()

size_t Botan::Salsa20::default_iv_length ( ) const
overridevirtual

Return the default (preferred) nonce length If this function returns 0, then this cipher does not support nonces

Default implementation returns 0

Reimplemented from Botan::StreamCipher.

Definition at line 267 of file salsa20.cpp.

268 {
269 return 24;
270 }

◆ encipher()

void Botan::StreamCipher::encipher ( std::span< uint8_t >  inout)
inlineinherited

Encrypt a message The message is encrypted/decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 133 of file stream_cipher.h.

134 { cipher(inout.data(), inout.data(), inout.size()); }

◆ encrypt()

void Botan::StreamCipher::encrypt ( std::span< uint8_t >  inout)
inlineinherited

Encrypt a message The message is encrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 141 of file stream_cipher.h.

142 { cipher(inout.data(), inout.data(), inout.size()); }

◆ generate_keystream()

virtual void Botan::StreamCipher::generate_keystream ( uint8_t  out[],
size_t  len 
)
inlineprotectedvirtualinherited

Write keystream bytes to a buffer

Definition at line 230 of file stream_cipher.h.

231 {
232 clear_mem(out, len);
233 cipher1(out, len);
234 }
void cipher1(uint8_t buf[], size_t len)
constexpr void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:115

References Botan::clear_mem().

◆ has_keying_material()

bool Botan::Salsa20::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 181 of file salsa20.cpp.

182 {
183 return !m_state.empty();
184 }

◆ hsalsa20()

void Botan::Salsa20::hsalsa20 ( uint32_t  output[8],
const uint32_t  input[16] 
)
static

Definition at line 34 of file salsa20.cpp.

35 {
36 uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3],
37 x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
38 x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
39 x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
40
41 for(size_t i = 0; i != 10; ++i)
42 {
43 salsa20_quarter_round(x00, x04, x08, x12);
44 salsa20_quarter_round(x05, x09, x13, x01);
45 salsa20_quarter_round(x10, x14, x02, x06);
46 salsa20_quarter_round(x15, x03, x07, x11);
47
48 salsa20_quarter_round(x00, x01, x02, x03);
49 salsa20_quarter_round(x05, x06, x07, x04);
50 salsa20_quarter_round(x10, x11, x08, x09);
51 salsa20_quarter_round(x15, x12, x13, x14);
52 }
53
54 output[0] = x00;
55 output[1] = x05;
56 output[2] = x10;
57 output[3] = x15;
58 output[4] = x06;
59 output[5] = x07;
60 output[6] = x08;
61 output[7] = x09;
62 }

Referenced by Botan::Sodium::crypto_core_hsalsa20(), and set_iv_bytes().

◆ key_spec()

Key_Length_Specification Botan::Salsa20::key_spec ( ) const
overridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 272 of file salsa20.cpp.

273 {
274 return Key_Length_Specification(16, 32, 16);
275 }

◆ keystream_bytes()

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::StreamCipher::keystream_bytes ( size_t  bytes)
inlineinherited

Get bytes from the keystream

Parameters
bytesThe number of bytes to be produced

Definition at line 104 of file stream_cipher.h.

105 {
106 T out(bytes);
107 write_keystream(out);
108 return out;
109 }
void write_keystream(uint8_t out[], size_t len)
Definition: stream_cipher.h:85
FE_25519 T
Definition: ge.cpp:36

References T.

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 123 of file sym_algo.h.

124 {
125 return key_spec().maximum_keylength();
126 }
size_t maximum_keylength() const
Definition: sym_algo.h:72
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 131 of file sym_algo.h.

132 {
133 return key_spec().minimum_keylength();
134 }
size_t minimum_keylength() const
Definition: sym_algo.h:64

◆ name()

std::string Botan::Salsa20::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 282 of file salsa20.cpp.

283 {
284 return "Salsa20";
285 }

Referenced by set_iv_bytes().

◆ new_object()

std::unique_ptr< StreamCipher > Botan::Salsa20::new_object ( ) const
overridevirtual
Returns
new object representing the same algorithm as *this

Implements Botan::StreamCipher.

Definition at line 277 of file salsa20.cpp.

278 {
279 return std::make_unique<Salsa20>();
280 }

◆ provider()

virtual std::string Botan::StreamCipher::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2" or some other arbitrary string.

Reimplemented in Botan::ChaCha.

Definition at line 219 of file stream_cipher.h.

219{ return "base"; }

Referenced by Botan::StreamCipher::create(), and Botan::StreamCipher::create_or_throw().

◆ providers()

std::vector< std::string > Botan::StreamCipher::providers ( std::string_view  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 141 of file stream_cipher.cpp.

142 {
143 return probe_providers_of<StreamCipher>(algo_spec);
144 }

◆ salsa_core()

void Botan::Salsa20::salsa_core ( uint8_t  output[64],
const uint32_t  input[16],
size_t  rounds 
)
static

Definition at line 68 of file salsa20.cpp.

69 {
70 BOTAN_ASSERT_NOMSG(rounds % 2 == 0);
71
72 uint32_t x00 = input[ 0], x01 = input[ 1], x02 = input[ 2], x03 = input[ 3],
73 x04 = input[ 4], x05 = input[ 5], x06 = input[ 6], x07 = input[ 7],
74 x08 = input[ 8], x09 = input[ 9], x10 = input[10], x11 = input[11],
75 x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
76
77 for(size_t i = 0; i != rounds / 2; ++i)
78 {
79 salsa20_quarter_round(x00, x04, x08, x12);
80 salsa20_quarter_round(x05, x09, x13, x01);
81 salsa20_quarter_round(x10, x14, x02, x06);
82 salsa20_quarter_round(x15, x03, x07, x11);
83
84 salsa20_quarter_round(x00, x01, x02, x03);
85 salsa20_quarter_round(x05, x06, x07, x04);
86 salsa20_quarter_round(x10, x11, x08, x09);
87 salsa20_quarter_round(x15, x12, x13, x14);
88 }
89
90 store_le(x00 + input[ 0], output + 4 * 0);
91 store_le(x01 + input[ 1], output + 4 * 1);
92 store_le(x02 + input[ 2], output + 4 * 2);
93 store_le(x03 + input[ 3], output + 4 * 3);
94 store_le(x04 + input[ 4], output + 4 * 4);
95 store_le(x05 + input[ 5], output + 4 * 5);
96 store_le(x06 + input[ 6], output + 4 * 6);
97 store_le(x07 + input[ 7], output + 4 * 7);
98 store_le(x08 + input[ 8], output + 4 * 8);
99 store_le(x09 + input[ 9], output + 4 * 9);
100 store_le(x10 + input[10], output + 4 * 10);
101 store_le(x11 + input[11], output + 4 * 11);
102 store_le(x12 + input[12], output + 4 * 12);
103 store_le(x13 + input[13], output + 4 * 13);
104 store_le(x14 + input[14], output + 4 * 14);
105 store_le(x15 + input[15], output + 4 * 15);
106 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
constexpr void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:465

References BOTAN_ASSERT_NOMSG, and Botan::store_le().

Referenced by cipher_bytes(), seek(), and set_iv_bytes().

◆ seek()

void Botan::Salsa20::seek ( uint64_t  offset)
overridevirtual

Set the offset and the state used later to generate the keystream

Parameters
offsetthe offset where we begin to generate the keystream

Implements Botan::StreamCipher.

Definition at line 298 of file salsa20.cpp.

299 {
301
302 // Find the block offset
303 const uint64_t counter = offset / 64;
304 uint8_t counter8[8];
305 store_le(counter, counter8);
306
307 m_state[8] = load_le<uint32_t>(counter8, 0);
308 m_state[9] += load_le<uint32_t>(counter8, 1);
309
310 salsa_core(m_buffer.data(), m_state.data(), 20);
311
312 ++m_state[8];
313 m_state[9] += (m_state[8] == 0);
314
315 m_position = offset % 64;
316 }
constexpr uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:209

References Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::load_le< uint32_t >(), salsa_core(), and Botan::store_le().

Referenced by Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

◆ set_iv() [1/2]

void Botan::StreamCipher::set_iv ( const uint8_t  iv[],
size_t  iv_len 
)
inlineinherited

Resync the cipher using the IV

Parameters
ivthe initialization vector
iv_lenthe length of the IV in bytes

Definition at line 172 of file stream_cipher.h.

173 { set_iv_bytes(iv, iv_len); }
virtual void set_iv_bytes(const uint8_t iv[], size_t iv_len)=0

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SIV_Mode::set_ctr_iv().

◆ set_iv() [2/2]

void Botan::StreamCipher::set_iv ( std::span< const uint8_t >  iv)
inlineinherited

Resync the cipher using the IV

Parameters
ivthe initialization vector

Definition at line 179 of file stream_cipher.h.

180 { set_iv_bytes(iv.data(), iv.size()); }

◆ set_iv_bytes()

void Botan::Salsa20::set_iv_bytes ( const uint8_t  iv[],
size_t  iv_len 
)
overrideprotectedvirtual

Resync the cipher using the IV

Implements Botan::StreamCipher.

Definition at line 208 of file salsa20.cpp.

209 {
211
212 if(!valid_iv_length(length))
213 throw Invalid_IV_Length(name(), length);
214
215 initialize_state();
216
217 if(length == 0)
218 {
219 // Salsa20 null IV
220 m_state[6] = 0;
221 m_state[7] = 0;
222 }
223 else if(length == 8)
224 {
225 // Salsa20
226 m_state[6] = load_le<uint32_t>(iv, 0);
227 m_state[7] = load_le<uint32_t>(iv, 1);
228 }
229 else
230 {
231 // XSalsa20
232 m_state[6] = load_le<uint32_t>(iv, 0);
233 m_state[7] = load_le<uint32_t>(iv, 1);
234 m_state[8] = load_le<uint32_t>(iv, 2);
235 m_state[9] = load_le<uint32_t>(iv, 3);
236
237 secure_vector<uint32_t> hsalsa(8);
238 hsalsa20(hsalsa.data(), m_state.data());
239
240 m_state[ 1] = hsalsa[0];
241 m_state[ 2] = hsalsa[1];
242 m_state[ 3] = hsalsa[2];
243 m_state[ 4] = hsalsa[3];
244 m_state[ 6] = load_le<uint32_t>(iv, 4);
245 m_state[ 7] = load_le<uint32_t>(iv, 5);
246 m_state[11] = hsalsa[4];
247 m_state[12] = hsalsa[5];
248 m_state[13] = hsalsa[6];
249 m_state[14] = hsalsa[7];
250 }
251
252 m_state[8] = 0;
253 m_state[9] = 0;
254
255 salsa_core(m_buffer.data(), m_state.data(), 20);
256 ++m_state[8];
257 m_state[9] += (m_state[8] == 0);
258
259 m_position = 0;
260 }
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition: salsa20.cpp:34
bool valid_iv_length(size_t iv_len) const override
Definition: salsa20.cpp:262
std::string name() const override
Definition: salsa20.cpp:282

References Botan::SymmetricAlgorithm::assert_key_material_set(), hsalsa20(), Botan::load_le< uint32_t >(), name(), salsa_core(), and valid_iv_length().

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 17 of file sym_algo.cpp.

18 {
19 if(!valid_keylength(length))
20 throw Invalid_Key_Length(name(), length);
21 key_schedule(key, length);
22 }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:141
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t >  key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 159 of file sym_algo.h.

160 {
161 set_key(key.data(), key.size());
162 }

◆ valid_iv_length()

bool Botan::Salsa20::valid_iv_length ( size_t  iv_len) const
overridevirtual
Parameters
iv_lenthe length of the IV in bytes
Returns
if the length is valid for this algorithm

Reimplemented from Botan::StreamCipher.

Definition at line 262 of file salsa20.cpp.

263 {
264 return (iv_len == 0 || iv_len == 8 || iv_len == 24);
265 }

Referenced by set_iv_bytes().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 141 of file sym_algo.h.

142 {
143 return key_spec().valid_keylength(length);
144 }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:54

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ write_keystream() [1/2]

void Botan::StreamCipher::write_keystream ( std::span< uint8_t >  out)
inlineinherited

Fill a given buffer with keystream bytes

The contents of out are ignored/overwritten

Parameters
outthe byte array to hold the keystream

Definition at line 95 of file stream_cipher.h.

96 { generate_keystream(out.data(), out.size()); }
virtual void generate_keystream(uint8_t out[], size_t len)

◆ write_keystream() [2/2]

void Botan::StreamCipher::write_keystream ( uint8_t  out[],
size_t  len 
)
inlineinherited

Write keystream bytes to a buffer

The contents of out are ignored/overwritten

Parameters
outthe byte array to hold the keystream
lenthe length of out in bytes

Definition at line 85 of file stream_cipher.h.

86 { generate_keystream(out, len); }

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_xsalsa20(), and Botan::Sodium::randombytes_buf_deterministic().


The documentation for this class was generated from the following files: