Botan  2.6.0
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::Salsa20 Class Referencefinal

#include <salsa20.h>

Inheritance diagram for Botan::Salsa20:
Botan::StreamCipher Botan::SymmetricAlgorithm

Public Member Functions

void cipher (const uint8_t in[], uint8_t out[], size_t length) override
 
void cipher1 (uint8_t buf[], size_t len)
 
void clear () override
 
StreamCipherclone () const override
 
template<typename Alloc >
void decrypt (std::vector< uint8_t, Alloc > &inout)
 
template<typename Alloc >
void encipher (std::vector< uint8_t, Alloc > &inout)
 
template<typename Alloc >
void encrypt (std::vector< uint8_t, Alloc > &inout)
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
virtual std::string provider () const
 
void seek (uint64_t offset) override
 
void set_iv (const uint8_t iv[], size_t iv_len) override
 
void set_key (const SymmetricKey &key)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const uint8_t key[], size_t length)
 
bool valid_iv_length (size_t iv_len) const override
 
bool valid_keylength (size_t length) const
 

Static Public Member Functions

static std::unique_ptr< StreamCiphercreate (const std::string &algo_spec, const std::string &provider="")
 
static std::unique_ptr< StreamCiphercreate_or_throw (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Protected Member Functions

void verify_key_set (bool cond) const
 

Detailed Description

DJB's Salsa20 (and XSalsa20)

Definition at line 18 of file salsa20.h.

Member Function Documentation

◆ cipher()

void Botan::Salsa20::cipher ( const uint8_t  in[],
uint8_t  out[],
size_t  len 
)
overridevirtual

Encrypt or decrypt a message

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext
lenthe length of both in and out in bytes

Implements Botan::StreamCipher.

Definition at line 104 of file salsa20.cpp.

References Botan::SymmetricAlgorithm::verify_key_set(), and Botan::xor_buf().

105  {
106  verify_key_set(m_state.empty() == false);
107 
108  while(length >= m_buffer.size() - m_position)
109  {
110  xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position);
111  length -= (m_buffer.size() - m_position);
112  in += (m_buffer.size() - m_position);
113  out += (m_buffer.size() - m_position);
114  salsa20(m_buffer.data(), m_state.data());
115 
116  ++m_state[8];
117  m_state[9] += (m_state[8] == 0);
118 
119  m_position = 0;
120  }
121 
122  xor_buf(out, in, &m_buffer[m_position], length);
123 
124  m_position += length;
125  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:95
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174

◆ cipher1()

void Botan::StreamCipher::cipher1 ( uint8_t  buf[],
size_t  len 
)
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext
lenthe length of buf in bytes

Definition at line 66 of file stream_cipher.h.

Referenced by Botan::SIV_Encryption::finish().

67  { cipher(buf, buf, len); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0

◆ clear()

void Botan::Salsa20::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 230 of file salsa20.cpp.

References Botan::zap().

231  {
232  zap(m_state);
233  zap(m_buffer);
234  m_position = 0;
235  }
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193

◆ clone()

StreamCipher* Botan::Salsa20::clone ( ) const
inlineoverridevirtual
Returns
a new object representing the same algorithm as *this

Implements Botan::StreamCipher.

Definition at line 35 of file salsa20.h.

35 { return new Salsa20; }

◆ create()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 41 of file stream_cipher.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), BOTAN_UNUSED, Botan::StreamCipher::cipher(), Botan::BlockCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::BlockCipher::create(), Botan::Cipher_Mode::create(), and Botan::StreamCipher::create_or_throw().

43  {
44  const SCAN_Name req(algo_spec);
45 
46 #if defined(BOTAN_HAS_CTR_BE)
47  if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1,2))
48  {
49  if(provider.empty() || provider == "base")
50  {
51  auto cipher = BlockCipher::create(req.arg(0));
52  if(cipher)
53  {
54  size_t ctr_size = req.arg_as_integer(1, cipher->block_size());
55  return std::unique_ptr<StreamCipher>(new CTR_BE(cipher.release(), ctr_size));
56  }
57  }
58  }
59 #endif
60 
61 #if defined(BOTAN_HAS_CHACHA)
62  if(req.algo_name() == "ChaCha")
63  {
64  if(provider.empty() || provider == "base")
65  return std::unique_ptr<StreamCipher>(new ChaCha(req.arg_as_integer(0, 20)));
66  }
67 
68  if(req.algo_name() == "ChaCha20")
69  {
70  if(provider.empty() || provider == "base")
71  return std::unique_ptr<StreamCipher>(new ChaCha(20));
72  }
73 #endif
74 
75 #if defined(BOTAN_HAS_SALSA20)
76  if(req.algo_name() == "Salsa20")
77  {
78  if(provider.empty() || provider == "base")
79  return std::unique_ptr<StreamCipher>(new Salsa20);
80  }
81 #endif
82 
83 #if defined(BOTAN_HAS_SHAKE_CIPHER)
84  if(req.algo_name() == "SHAKE-128")
85  {
86  if(provider.empty() || provider == "base")
87  return std::unique_ptr<StreamCipher>(new SHAKE_128_Cipher);
88  }
89 #endif
90 
91 #if defined(BOTAN_HAS_OFB)
92  if(req.algo_name() == "OFB" && req.arg_count() == 1)
93  {
94  if(provider.empty() || provider == "base")
95  {
96  if(auto c = BlockCipher::create(req.arg(0)))
97  return std::unique_ptr<StreamCipher>(new OFB(c.release()));
98  }
99  }
100 #endif
101 
102 #if defined(BOTAN_HAS_RC4)
103 
104  if(req.algo_name() == "RC4" ||
105  req.algo_name() == "ARC4" ||
106  req.algo_name() == "MARK-4")
107  {
108  const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0);
109 
110 #if defined(BOTAN_HAS_OPENSSL)
111  if(provider.empty() || provider == "openssl")
112  {
113  return std::unique_ptr<StreamCipher>(make_openssl_rc4(skip));
114  }
115 #endif
116 
117  if(provider.empty() || provider == "base")
118  {
119  return std::unique_ptr<StreamCipher>(new RC4(skip));
120  }
121  }
122 
123 #endif
124 
125  BOTAN_UNUSED(req);
127 
128  return nullptr;
129  }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
virtual std::string provider() const
#define BOTAN_UNUSED(...)
Definition: assert.h:117
static std::unique_ptr< BlockCipher > create(const std::string &algo_spec, const std::string &provider="")

◆ create_or_throw()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create_or_throw ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use Throws a Lookup_Error if the algo/provider combination cannot be found

Definition at line 133 of file stream_cipher.cpp.

References Botan::StreamCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::ChaCha_RNG::ChaCha_RNG().

135  {
136  if(auto sc = StreamCipher::create(algo, provider))
137  {
138  return sc;
139  }
140  throw Lookup_Error("Stream cipher", algo, provider);
141  }
virtual std::string provider() const
static std::unique_ptr< StreamCipher > create(const std::string &algo_spec, const std::string &provider="")

◆ decrypt()

template<typename Alloc >
void Botan::StreamCipher::decrypt ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Decrypt a message in place The message is decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 93 of file stream_cipher.h.

94  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0

◆ encipher()

template<typename Alloc >
void Botan::StreamCipher::encipher ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Encrypt a message The message is encrypted/decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 75 of file stream_cipher.h.

76  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0

◆ encrypt()

template<typename Alloc >
void Botan::StreamCipher::encrypt ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Encrypt a message The message is encrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 84 of file stream_cipher.h.

85  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0

◆ key_spec()

Key_Length_Specification Botan::Salsa20::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 28 of file salsa20.h.

29  {
30  return Key_Length_Specification(16, 32, 16);
31  }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 39 of file sym_algo.h.

40  {
41  return key_spec().maximum_keylength();
42  }
size_t maximum_keylength() const
Definition: key_spec.h:69
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 47 of file sym_algo.h.

48  {
49  return key_spec().minimum_keylength();
50  }
virtual Key_Length_Specification key_spec() const =0
size_t minimum_keylength() const
Definition: key_spec.h:61

◆ name()

std::string Botan::Salsa20::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 222 of file salsa20.cpp.

Referenced by set_iv().

223  {
224  return "Salsa20";
225  }

◆ provider()

virtual std::string Botan::StreamCipher::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::ChaCha.

Definition at line 124 of file stream_cipher.h.

Referenced by Botan::StreamCipher::create(), and Botan::StreamCipher::create_or_throw().

124 { return "base"; }

◆ providers()

std::vector< std::string > Botan::StreamCipher::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 143 of file stream_cipher.cpp.

144  {
145  return probe_providers_of<StreamCipher>(algo_spec, {"base", "openssl"});
146  }

◆ seek()

void Botan::Salsa20::seek ( uint64_t  offset)
overridevirtual

Set the offset and the state used later to generate the keystream

Parameters
offsetthe offset where we begin to generate the keystream

Implements Botan::StreamCipher.

Definition at line 237 of file salsa20.cpp.

References Botan::load_le< uint32_t >(), Botan::store_le(), and Botan::SymmetricAlgorithm::verify_key_set().

238  {
239  verify_key_set(m_state.empty() == false);
240 
241  // Find the block offset
242  const uint64_t counter = offset / 64;
243  uint8_t counter8[8];
244  store_le(counter, counter8);
245 
246  m_state[8] = load_le<uint32_t>(counter8, 0);
247  m_state[9] += load_le<uint32_t>(counter8, 1);
248 
249  salsa20(m_buffer.data(), m_state.data());
250 
251  ++m_state[8];
252  m_state[9] += (m_state[8] == 0);
253 
254  m_position = offset % 64;
255  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:95
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:196
void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:450

◆ set_iv()

void Botan::Salsa20::set_iv ( const uint8_t  iv[],
size_t  iv_len 
)
overridevirtual

Resync the cipher using the IV

Parameters
ivthe initialization vector
iv_lenthe length of the IV in bytes

Implements Botan::StreamCipher.

Definition at line 169 of file salsa20.cpp.

References Botan::load_le< uint32_t >(), name(), and valid_iv_length().

170  {
171  if(!valid_iv_length(length))
172  throw Invalid_IV_Length(name(), length);
173 
174  if(length == 0)
175  {
176  // Salsa20 null IV
177  m_state[6] = 0;
178  m_state[7] = 0;
179  }
180  else if(length == 8)
181  {
182  // Salsa20
183  m_state[6] = load_le<uint32_t>(iv, 0);
184  m_state[7] = load_le<uint32_t>(iv, 1);
185  }
186  else
187  {
188  // XSalsa20
189  m_state[6] = load_le<uint32_t>(iv, 0);
190  m_state[7] = load_le<uint32_t>(iv, 1);
191  m_state[8] = load_le<uint32_t>(iv, 2);
192  m_state[9] = load_le<uint32_t>(iv, 3);
193 
194  secure_vector<uint32_t> hsalsa(8);
195  hsalsa20(hsalsa.data(), m_state.data());
196 
197  m_state[ 1] = hsalsa[0];
198  m_state[ 2] = hsalsa[1];
199  m_state[ 3] = hsalsa[2];
200  m_state[ 4] = hsalsa[3];
201  m_state[ 6] = load_le<uint32_t>(iv, 4);
202  m_state[ 7] = load_le<uint32_t>(iv, 5);
203  m_state[11] = hsalsa[4];
204  m_state[12] = hsalsa[5];
205  m_state[13] = hsalsa[6];
206  m_state[14] = hsalsa[7];
207  }
208 
209  m_state[8] = 0;
210  m_state[9] = 0;
211 
212  salsa20(m_buffer.data(), m_state.data());
213  ++m_state[8];
214  m_state[9] += (m_state[8] == 0);
215 
216  m_position = 0;
217  }
std::string name() const override
Definition: salsa20.cpp:222
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:196
bool valid_iv_length(size_t iv_len) const override
Definition: salsa20.h:25

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 66 of file sym_algo.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_mac_set_key(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::pbkdf2().

67  {
68  set_key(key.begin(), key.length());
69  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66

◆ set_key() [2/3]

template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 72 of file sym_algo.h.

73  {
74  set_key(key.data(), key.size());
75  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 82 of file sym_algo.h.

83  {
84  if(!valid_keylength(length))
85  throw Invalid_Key_Length(name(), length);
86  key_schedule(key, length);
87  }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:57
virtual std::string name() const =0

◆ valid_iv_length()

bool Botan::Salsa20::valid_iv_length ( size_t  iv_len) const
inlineoverridevirtual
Parameters
iv_lenthe length of the IV in bytes
Returns
if the length is valid for this algorithm

Reimplemented from Botan::StreamCipher.

Definition at line 25 of file salsa20.h.

Referenced by set_iv().

26  { return (iv_len == 0 || iv_len == 8 || iv_len == 24); }

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 57 of file sym_algo.h.

Referenced by Botan::aont_package(), and Botan::aont_unpackage().

58  {
59  return key_spec().valid_keylength(length);
60  }
bool valid_keylength(size_t length) const
Definition: key_spec.h:51
virtual Key_Length_Specification key_spec() const =0

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond) const
inlineprotectedinherited

Definition at line 95 of file sym_algo.h.

Referenced by cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::ChaCha::cipher(), Botan::Blowfish::decrypt_n(), Botan::SEED::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::SM4::decrypt_n(), Botan::DESX::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::AES_128::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Lion::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::DES::encrypt_n(), Botan::SEED::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::DESX::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), seek(), Botan::CTR_BE::seek(), Botan::ChaCha::seek(), and Botan::GHASH::update_associated_data().

96  {
97  if(cond == false)
98  throw Key_Not_Set(name());
99  }
virtual std::string name() const =0

The documentation for this class was generated from the following files: