Botan::Salsa20 Class Reference

#include <salsa20.h>

Inheritance diagram for Botan::Salsa20:

Public Member Functions
size_t	buffer_size () const override
void	cipher (const uint8_t in[], uint8_t out[], size_t len)
void	cipher (std::span< const uint8_t > in, std::span< uint8_t > out)
void	cipher1 (std::span< uint8_t > buf)
void	cipher1 (uint8_t buf[], size_t len)
void	clear () override
StreamCipher *	clone () const
void	decrypt (std::span< uint8_t > inout)
size_t	default_iv_length () const override
void	encipher (std::span< uint8_t > inout)
void	encrypt (std::span< uint8_t > inout)
bool	has_keying_material () const override
Key_Length_Specification	key_spec () const override
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T	keystream_bytes (size_t bytes)
size_t	maximum_keylength () const
size_t	minimum_keylength () const
std::string	name () const override
std::unique_ptr< StreamCipher >	new_object () const override
virtual std::string	provider () const
void	seek (uint64_t offset) override
void	set_iv (const uint8_t iv[], size_t iv_len)
void	set_iv (std::span< const uint8_t > iv)
void	set_key (const SymmetricKey &key)
void	set_key (const uint8_t key[], size_t length)
void	set_key (std::span< const uint8_t > key)
bool	valid_iv_length (size_t iv_len) const override
bool	valid_keylength (size_t length) const
void	write_keystream (std::span< uint8_t > out)
void	write_keystream (uint8_t out[], size_t len)

Static Public Member Functions
static std::unique_ptr< StreamCipher >	create (std::string_view algo_spec, std::string_view provider="")
static std::unique_ptr< StreamCipher >	create_or_throw (std::string_view algo_spec, std::string_view provider="")
static void	hsalsa20 (uint32_t output[8], const uint32_t input[16])
static std::vector< std::string >	providers (std::string_view algo_spec)
static void	salsa_core (uint8_t output[64], const uint32_t input[16], size_t rounds)

Protected Member Functions
void	assert_key_material_set () const
void	assert_key_material_set (bool predicate) const
void	cipher_bytes (const uint8_t in[], uint8_t out[], size_t length) override
virtual void	generate_keystream (uint8_t out[], size_t len)
void	set_iv_bytes (const uint8_t iv[], size_t iv_len) override

Detailed Description

DJB's Salsa20 (and XSalsa20)

Definition at line 18 of file salsa20.h.

Member Function Documentation

assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const

inlineprotectedinherited

Definition at line 139 of file sym_algo.h.

{ assert_key_material_set(has_keying_material()); }

References Botan::SymmetricAlgorithm::assert_key_material_set().

Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), seek(), Botan::OCB_Mode::set_associated_data_n(), set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate ) const

inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

                                                         {
         if(!predicate) {
            throw_key_not_set_error();
         }
      }

buffer_size()

size_t Botan::Salsa20::buffer_size ( ) const

overridevirtual

Return the optimium buffer size to use with this cipher

Most stream ciphers internally produce blocks of bytes. This function returns that block size. Aligning buffer sizes to a multiple of this size may improve performance by reducing internal buffering overhead.

Note the return value of this function may change for any particular algorithm due to changes in the implementation from release to release, or changes in the runtime environment (such as CPUID indicating availability of an optimized implementation). It is not intrinsic to the algorithm; it is just a suggestion for gaining best performance.

Implements Botan::StreamCipher.

Definition at line 168 of file salsa20.cpp.

                                  {
   return 64;
}

cipher() [1/2]

void Botan::StreamCipher::cipher ( const uint8_t in[], uint8_t out[], size_t len )

inlineinherited

Encrypt or decrypt a message

Processes all bytes plain/ciphertext from in and writes the result to out.

Parameters

in	the plaintext
out	the byte array to hold the output, i.e. the ciphertext
len	the length of both in and out in bytes

Definition at line 60 of file stream_cipher.h.

{ cipher_bytes(in, out, len); }

Referenced by Botan::StreamCipher::create(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

cipher() [2/2]

void Botan::StreamCipher::cipher ( std::span< const uint8_t > in, std::span< uint8_t > out )

inlineinherited

Encrypt or decrypt a message

Parameters

in	the plaintext
out	the byte array to hold the output, i.e. the ciphertext with at least the same size as in

Definition at line 68 of file stream_cipher.h.

                                                                   {
         BOTAN_ARG_CHECK(in.size() <= out.size(),
                         "Output buffer of stream cipher must be at least as long as input buffer");
         cipher_bytes(in.data(), out.data(), in.size());
      }

References BOTAN_ARG_CHECK.

cipher1() [1/2]

void Botan::StreamCipher::cipher1 ( std::span< uint8_t > buf )

inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters

buf	the plaintext / ciphertext

Definition at line 120 of file stream_cipher.h.

{ cipher(buf, buf); }

cipher1() [2/2]

void Botan::StreamCipher::cipher1 ( uint8_t buf[], size_t len )

inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters

buf	the plaintext / ciphertext
len	the length of buf in bytes

Definition at line 113 of file stream_cipher.h.

{ cipher(buf, buf, len); }

Referenced by Botan::StreamCipher::generate_keystream().

cipher_bytes()

void Botan::Salsa20::cipher_bytes ( const uint8_t in[], uint8_t out[], size_t len )

overrideprotectedvirtual

Encrypt or decrypt a message

Implements Botan::StreamCipher.

Definition at line 102 of file salsa20.cpp.

                                                                           {
   assert_key_material_set();
 
   while(length >= m_buffer.size() - m_position) {
      const size_t available = m_buffer.size() - m_position;
 
      xor_buf(out, in, &m_buffer[m_position], available);
      salsa_core(m_buffer.data(), m_state.data(), 20);
 
      ++m_state[8];
      m_state[9] += (m_state[8] == 0);
 
      length -= available;
      in += available;
      out += available;
 
      m_position = 0;
   }
 
   xor_buf(out, in, &m_buffer[m_position], length);
 
   m_position += length;
}

References Botan::SymmetricAlgorithm::assert_key_material_set(), salsa_core(), and Botan::xor_buf().

clear()

void Botan::Salsa20::clear ( )

overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 260 of file salsa20.cpp.

                    {
   zap(m_key);
   zap(m_state);
   zap(m_buffer);
   m_position = 0;
}

References Botan::zap().

clone()

StreamCipher * Botan::StreamCipher::clone ( ) const

inlineinherited

Returns

a new object representing the same algorithm as *this

Definition at line 199 of file stream_cipher.h.

{ return this->new_object().release(); }

create()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create ( std::string_view algo_spec, std::string_view provider = "" )

staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters

algo_spec	algorithm name
provider	provider implementation to use

Returns

a null pointer if the algo/provider combination cannot be found

Definition at line 40 of file stream_cipher.cpp.

                                                                                                  {
#if defined(BOTAN_HAS_SHAKE_CIPHER)
   if(algo_spec == "SHAKE-128" || algo_spec == "SHAKE-128-XOF") {
      if(provider.empty() || provider == "base") {
         return std::make_unique<SHAKE_128_Cipher>();
      }
   }
 
   if(algo_spec == "SHAKE-256" || algo_spec == "SHAKE-256-XOF") {
      if(provider.empty() || provider == "base") {
         return std::make_unique<SHAKE_256_Cipher>();
      }
   }
#endif
 
#if defined(BOTAN_HAS_CHACHA)
   if(algo_spec == "ChaCha20") {
      if(provider.empty() || provider == "base") {
         return std::make_unique<ChaCha>(20);
      }
   }
#endif
 
#if defined(BOTAN_HAS_SALSA20)
   if(algo_spec == "Salsa20") {
      if(provider.empty() || provider == "base") {
         return std::make_unique<Salsa20>();
      }
   }
#endif
 
   const SCAN_Name req(algo_spec);
 
#if defined(BOTAN_HAS_CTR_BE)
   if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1, 2)) {
      if(provider.empty() || provider == "base") {
         auto cipher = BlockCipher::create(req.arg(0));
         if(cipher) {
            size_t ctr_size = req.arg_as_integer(1, cipher->block_size());
            return std::make_unique<CTR_BE>(std::move(cipher), ctr_size);
         }
      }
   }
#endif
 
#if defined(BOTAN_HAS_CHACHA)
   if(req.algo_name() == "ChaCha") {
      if(provider.empty() || provider == "base") {
         return std::make_unique<ChaCha>(req.arg_as_integer(0, 20));
      }
   }
#endif
 
#if defined(BOTAN_HAS_OFB)
   if(req.algo_name() == "OFB" && req.arg_count() == 1) {
      if(provider.empty() || provider == "base") {
         if(auto cipher = BlockCipher::create(req.arg(0))) {
            return std::make_unique<OFB>(std::move(cipher));
         }
      }
   }
#endif
 
#if defined(BOTAN_HAS_RC4)
 
   if(req.algo_name() == "RC4" || req.algo_name() == "ARC4" || req.algo_name() == "MARK-4") {
      const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0);
 
      if(provider.empty() || provider == "base") {
         return std::make_unique<RC4>(skip);
      }
   }
 
#endif
 
   BOTAN_UNUSED(req);
   BOTAN_UNUSED(provider);
 
   return nullptr;
}

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::SCAN_Name::arg_count_between(), BOTAN_UNUSED, Botan::StreamCipher::cipher(), Botan::BlockCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::BlockCipher::create(), Botan::Cipher_Mode::create(), and Botan::StreamCipher::create_or_throw().

create_or_throw()

std::unique_ptr< StreamCipher > Botan::StreamCipher::create_or_throw ( std::string_view algo_spec, std::string_view provider = "" )

staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters

algo_spec	algorithm name
provider	provider implementation to use Throws a Lookup_Error if the algo/provider combination cannot be found

Definition at line 122 of file stream_cipher.cpp.

                                                                                                      {
   if(auto sc = StreamCipher::create(algo, provider)) {
      return sc;
   }
   throw Lookup_Error("Stream cipher", algo, provider);
}

References Botan::StreamCipher::create(), and Botan::StreamCipher::provider().

Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Sodium::crypto_secretbox_detached(), Botan::Sodium::crypto_secretbox_open_detached(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305(), Botan::Sodium::crypto_secretbox_xsalsa20poly1305_open(), Botan::Sodium::crypto_stream_chacha20(), Botan::Sodium::crypto_stream_chacha20_ietf(), Botan::Sodium::crypto_stream_chacha20_ietf_xor_ic(), Botan::Sodium::crypto_stream_chacha20_xor_ic(), Botan::Sodium::crypto_stream_xchacha20(), and Botan::Sodium::crypto_stream_xchacha20_xor_ic().

decrypt()

void Botan::StreamCipher::decrypt ( std::span< uint8_t > inout )

inlineinherited

Decrypt a message in place The message is decrypted in place.

Parameters

inout

the plaintext / ciphertext

Definition at line 141 of file stream_cipher.h.

{ cipher(inout.data(), inout.data(), inout.size()); }

default_iv_length()

size_t Botan::Salsa20::default_iv_length ( ) const

overridevirtual

Return the default (preferred) nonce length

If this function returns zero, then this cipher does not support nonces; in this case any call to set_iv with a (non-empty) value will fail.

Default implementation returns 0

Reimplemented from Botan::StreamCipher.

Definition at line 241 of file salsa20.cpp.

                                        {
   return 24;
}

encipher()

void Botan::StreamCipher::encipher ( std::span< uint8_t > inout )

inlineinherited

Encrypt a message The message is encrypted/decrypted in place.

Parameters

inout

the plaintext / ciphertext

Definition at line 127 of file stream_cipher.h.

{ cipher(inout.data(), inout.data(), inout.size()); }

encrypt()

void Botan::StreamCipher::encrypt ( std::span< uint8_t > inout )

inlineinherited

Encrypt a message The message is encrypted in place.

Parameters

inout

the plaintext / ciphertext

Definition at line 134 of file stream_cipher.h.

{ cipher(inout.data(), inout.data(), inout.size()); }

generate_keystream()

void Botan::StreamCipher::generate_keystream ( uint8_t out[], size_t len )

protectedvirtualinherited

Write keystream bytes to a buffer

Definition at line 137 of file stream_cipher.cpp.

                                                               {
   clear_mem(out, len);
   cipher1(out, len);
}

References Botan::StreamCipher::cipher1(), and Botan::clear_mem().

has_keying_material()

bool Botan::Salsa20::has_keying_material ( ) const

overridevirtual

Returns

true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 164 of file salsa20.cpp.

                                        {
   return !m_state.empty();
}

hsalsa20()

void Botan::Salsa20::hsalsa20 ( uint32_t output[8], const uint32_t input[16] )

static

Definition at line 31 of file salsa20.cpp.

                                                                   {
   uint32_t x00 = input[0], x01 = input[1], x02 = input[2], x03 = input[3], x04 = input[4], x05 = input[5],
            x06 = input[6], x07 = input[7], x08 = input[8], x09 = input[9], x10 = input[10], x11 = input[11],
            x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
 
   for(size_t i = 0; i != 10; ++i) {
      salsa20_quarter_round(x00, x04, x08, x12);
      salsa20_quarter_round(x05, x09, x13, x01);
      salsa20_quarter_round(x10, x14, x02, x06);
      salsa20_quarter_round(x15, x03, x07, x11);
 
      salsa20_quarter_round(x00, x01, x02, x03);
      salsa20_quarter_round(x05, x06, x07, x04);
      salsa20_quarter_round(x10, x11, x08, x09);
      salsa20_quarter_round(x15, x12, x13, x14);
   }
 
   output[0] = x00;
   output[1] = x05;
   output[2] = x10;
   output[3] = x15;
   output[4] = x06;
   output[5] = x07;
   output[6] = x08;
   output[7] = x09;
}

Referenced by Botan::Sodium::crypto_core_hsalsa20(), and set_iv_bytes().

key_spec()

Key_Length_Specification Botan::Salsa20::key_spec ( ) const

overridevirtual

Returns

object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 245 of file salsa20.cpp.

                                                 {
   return Key_Length_Specification(16, 32, 16);
}

keystream_bytes()

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>

T Botan::StreamCipher::keystream_bytes ( size_t bytes )

inlineinherited

Get bytes from the keystream

The bytes are written into a continous byte buffer of your choosing.

Parameters

bytes

The number of bytes to be produced

Definition at line 101 of file stream_cipher.h.

                                      {
         T out(bytes);
         write_keystream(out);
         return out;
      }

References T.

maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns

maximum allowed key length

Definition at line 95 of file sym_algo.h.

{ return key_spec().maximum_keylength(); }

minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns

minimum allowed key length

Definition at line 100 of file sym_algo.h.

{ return key_spec().minimum_keylength(); }

name()

std::string Botan::Salsa20::name ( ) const

overridevirtual

Returns

the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 253 of file salsa20.cpp.

                              {
   return "Salsa20";
}

Referenced by set_iv_bytes().

new_object()

std::unique_ptr< StreamCipher > Botan::Salsa20::new_object ( ) const

overridevirtual

Returns

new object representing the same algorithm as *this

Implements Botan::StreamCipher.

Definition at line 249 of file salsa20.cpp.

                                                      {
   return std::make_unique<Salsa20>();
}

provider()

virtual std::string Botan::StreamCipher::provider ( ) const

inlinevirtualinherited

Returns

provider information about this implementation. Default is "base", might also return "sse2", "avx2" or some other arbitrary string.

Reimplemented in Botan::ChaCha.

Definition at line 225 of file stream_cipher.h.

{ return "base"; }

Referenced by Botan::StreamCipher::create(), and Botan::StreamCipher::create_or_throw().

providers()

std::vector< std::string > Botan::StreamCipher::providers ( std::string_view algo_spec )

staticinherited

Returns

list of available providers for this algorithm, empty if not available

Definition at line 129 of file stream_cipher.cpp.

                                                                     {
   return probe_providers_of<StreamCipher>(algo_spec);
}

References Botan::probe_providers_of().

salsa_core()

void Botan::Salsa20::salsa_core ( uint8_t output[64], const uint32_t input[16], size_t rounds )

static

Definition at line 62 of file salsa20.cpp.

                                                                                    {
   BOTAN_ASSERT_NOMSG(rounds % 2 == 0);
 
   uint32_t x00 = input[0], x01 = input[1], x02 = input[2], x03 = input[3], x04 = input[4], x05 = input[5],
            x06 = input[6], x07 = input[7], x08 = input[8], x09 = input[9], x10 = input[10], x11 = input[11],
            x12 = input[12], x13 = input[13], x14 = input[14], x15 = input[15];
 
   for(size_t i = 0; i != rounds / 2; ++i) {
      salsa20_quarter_round(x00, x04, x08, x12);
      salsa20_quarter_round(x05, x09, x13, x01);
      salsa20_quarter_round(x10, x14, x02, x06);
      salsa20_quarter_round(x15, x03, x07, x11);
 
      salsa20_quarter_round(x00, x01, x02, x03);
      salsa20_quarter_round(x05, x06, x07, x04);
      salsa20_quarter_round(x10, x11, x08, x09);
      salsa20_quarter_round(x15, x12, x13, x14);
   }
 
   store_le(x00 + input[0], output + 4 * 0);
   store_le(x01 + input[1], output + 4 * 1);
   store_le(x02 + input[2], output + 4 * 2);
   store_le(x03 + input[3], output + 4 * 3);
   store_le(x04 + input[4], output + 4 * 4);
   store_le(x05 + input[5], output + 4 * 5);
   store_le(x06 + input[6], output + 4 * 6);
   store_le(x07 + input[7], output + 4 * 7);
   store_le(x08 + input[8], output + 4 * 8);
   store_le(x09 + input[9], output + 4 * 9);
   store_le(x10 + input[10], output + 4 * 10);
   store_le(x11 + input[11], output + 4 * 11);
   store_le(x12 + input[12], output + 4 * 12);
   store_le(x13 + input[13], output + 4 * 13);
   store_le(x14 + input[14], output + 4 * 14);
   store_le(x15 + input[15], output + 4 * 15);
}

References BOTAN_ASSERT_NOMSG, and Botan::store_le().

Referenced by cipher_bytes(), seek(), and set_iv_bytes().

seek()

void Botan::Salsa20::seek ( uint64_t offset )

overridevirtual

Set the offset and the state used later to generate the keystream

Sets the state of the stream cipher and keystream according to the passed offset, exactly as if offset bytes had first been encrypted. The key and (if required) the IV have to be set before this can be called.

Note

Not all ciphers support seeking; such objects will throw Not_Implemented in this case.

Parameters

offset

the offset where we begin to generate the keystream

Implements Botan::StreamCipher.

Definition at line 267 of file salsa20.cpp.

                                  {
   assert_key_material_set();
 
   // Find the block offset
   const uint64_t counter = offset / 64;
   uint8_t counter8[8];
   store_le(counter, counter8);
 
   m_state[8] = load_le<uint32_t>(counter8, 0);
   m_state[9] += load_le<uint32_t>(counter8, 1);
 
   salsa_core(m_buffer.data(), m_state.data(), 20);
 
   ++m_state[8];
   m_state[9] += (m_state[8] == 0);
 
   m_position = offset % 64;
}

References Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::load_le(), salsa_core(), and Botan::store_le().

Referenced by Botan::Sodium::crypto_stream_salsa20_xor_ic(), and Botan::Sodium::crypto_stream_xsalsa20_xor_ic().

set_iv() [1/2]

void Botan::StreamCipher::set_iv ( const uint8_t iv[], size_t iv_len )

inlineinherited

Resync the cipher using the IV

Load IV into the stream cipher state. This should happen after the key is set (set_key()) and before any operation (encrypt(), decrypt() or seek()) is called.

If the cipher does not support IVs, then a call with an empty IV will be accepted and any other length will cause an Invalid_IV_Length exception.

Parameters

iv	the initialization vector
iv_len	the length of the IV in bytes

Definition at line 171 of file stream_cipher.h.

{ set_iv_bytes(iv, iv_len); }

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SIV_Mode::set_ctr_iv().

set_iv() [2/2]

void Botan::StreamCipher::set_iv ( std::span< const uint8_t > iv )

inlineinherited

Resync the cipher using the IV

Parameters

iv	the initialization vector

Exceptions

Invalid_IV_Length

if an incompatible IV was passed.

Definition at line 178 of file stream_cipher.h.

{ set_iv_bytes(iv.data(), iv.size()); }

set_iv_bytes()

void Botan::Salsa20::set_iv_bytes ( const uint8_t iv[], size_t iv_len )

overrideprotectedvirtual

Resync the cipher using the IV

Implements Botan::StreamCipher.

Definition at line 188 of file salsa20.cpp.

                                                            {
   assert_key_material_set();
 
   if(!valid_iv_length(length)) {
      throw Invalid_IV_Length(name(), length);
   }
 
   initialize_state();
 
   if(length == 0) {
      // Salsa20 null IV
      m_state[6] = 0;
      m_state[7] = 0;
   } else if(length == 8) {
      // Salsa20
      m_state[6] = load_le<uint32_t>(iv, 0);
      m_state[7] = load_le<uint32_t>(iv, 1);
   } else {
      // XSalsa20
      m_state[6] = load_le<uint32_t>(iv, 0);
      m_state[7] = load_le<uint32_t>(iv, 1);
      m_state[8] = load_le<uint32_t>(iv, 2);
      m_state[9] = load_le<uint32_t>(iv, 3);
 
      secure_vector<uint32_t> hsalsa(8);
      hsalsa20(hsalsa.data(), m_state.data());
 
      m_state[1] = hsalsa[0];
      m_state[2] = hsalsa[1];
      m_state[3] = hsalsa[2];
      m_state[4] = hsalsa[3];
      m_state[6] = load_le<uint32_t>(iv, 4);
      m_state[7] = load_le<uint32_t>(iv, 5);
      m_state[11] = hsalsa[4];
      m_state[12] = hsalsa[5];
      m_state[13] = hsalsa[6];
      m_state[14] = hsalsa[7];
   }
 
   m_state[8] = 0;
   m_state[9] = 0;
 
   salsa_core(m_buffer.data(), m_state.data(), 20);
   ++m_state[8];
   m_state[9] += (m_state[8] == 0);
 
   m_position = 0;
}

References Botan::SymmetricAlgorithm::assert_key_material_set(), hsalsa20(), Botan::load_le(), name(), salsa_core(), and valid_iv_length().

set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey & key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 113 of file sym_algo.h.

{ set_key(std::span{key.begin(), key.length()}); }

References Botan::OctetString::begin(), Botan::OctetString::length(), and Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SymmetricAlgorithm::set_key().

set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[], size_t length )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 126 of file sym_algo.h.

{ set_key(std::span{key, length}); }

References Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::SymmetricAlgorithm::set_key().

set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key )

inherited

Set the symmetric key of this object.

Parameters

key	the contiguous byte range to be set.

Definition at line 17 of file sym_algo.cpp.

                                                           {
   if(!valid_keylength(key.size())) {
      throw Invalid_Key_Length(name(), key.size());
   }
   key_schedule(key);
}

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

valid_iv_length()

bool Botan::Salsa20::valid_iv_length ( size_t iv_len ) const

overridevirtual

Parameters

iv_len

the length of the IV in bytes

Returns

if the length is valid for this algorithm

Reimplemented from Botan::StreamCipher.

Definition at line 237 of file salsa20.cpp.

                                                 {
   return (iv_len == 0 || iv_len == 8 || iv_len == 24);
}

Referenced by set_iv_bytes().

valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length

the key length to be checked.

Returns

true if the key length is valid.

Definition at line 107 of file sym_algo.h.

{ return key_spec().valid_keylength(length); }

Referenced by Botan::SymmetricAlgorithm::set_key().

write_keystream() [1/2]

void Botan::StreamCipher::write_keystream ( std::span< uint8_t > out )

inlineinherited

Fill a given buffer with keystream bytes

The contents of out are ignored/overwritten

Parameters

out	the byte array to hold the keystream

Definition at line 91 of file stream_cipher.h.

{ generate_keystream(out.data(), out.size()); }

write_keystream() [2/2]

void Botan::StreamCipher::write_keystream ( uint8_t out[], size_t len )

inlineinherited

Write keystream bytes to a buffer

The contents of out are ignored/overwritten

Parameters

out	the byte array to hold the keystream
len	the length of out in bytes

Definition at line 82 of file stream_cipher.h.

{ generate_keystream(out, len); }

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_xsalsa20(), and Botan::Sodium::randombytes_buf_deterministic().

---

The documentation for this class was generated from the following files:

• src/lib/stream/salsa20/salsa20.h
• src/lib/stream/salsa20/salsa20.cpp