Botan 3.0.0
Crypto and TLS for C&
sodium_salsa.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8#include <botan/internal/salsa20.h>
9#include <botan/internal/loadstor.h>
10
11namespace Botan {
12
13int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[],
14 const uint8_t key[], const uint8_t c[])
15 {
16 uint32_t in32[16] = { 0 };
17
18 static const uint32_t SIGMA[] =
19 { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 };
20
21 if(c == nullptr)
22 {
23 in32[0] = SIGMA[0];
24 in32[5] = SIGMA[1];
25 in32[10] = SIGMA[2];
26 in32[15] = SIGMA[3];
27 }
28 else
29 {
30 in32[0] = load_le<uint32_t>(c, 0);
31 in32[5] = load_le<uint32_t>(c, 1);
32 in32[10] = load_le<uint32_t>(c, 2);
33 in32[15] = load_le<uint32_t>(c, 3);
34 }
35
36 in32[1] = load_le<uint32_t>(key, 0);
37 in32[2] = load_le<uint32_t>(key, 1);
38 in32[3] = load_le<uint32_t>(key, 2);
39 in32[4] = load_le<uint32_t>(key, 3);
40
41 in32[6] = load_le<uint32_t>(in, 0);
42 in32[7] = load_le<uint32_t>(in, 1);
43 in32[8] = load_le<uint32_t>(in, 2);
44 in32[9] = load_le<uint32_t>(in, 3);
45
46 in32[11] = load_le<uint32_t>(key, 4);
47 in32[12] = load_le<uint32_t>(key, 5);
48 in32[13] = load_le<uint32_t>(key, 6);
49 in32[14] = load_le<uint32_t>(key, 7);
50
51 uint32_t out32[8] = { 0 };
52 Salsa20::hsalsa20(out32, in32);
53
54 copy_out_le(out, 32, out32);
55 return 0;
56 }
57
58int Sodium::crypto_stream_salsa20(uint8_t out[], size_t out_len,
59 const uint8_t nonce[], const uint8_t key[])
60 {
61 Salsa20 salsa;
64 salsa.write_keystream(out, out_len);
65 return 0;
66 }
67
68int Sodium::crypto_stream_salsa20_xor(uint8_t out[], const uint8_t in[],
69 size_t in_len, const uint8_t nonce[],
70 const uint8_t key[])
71 {
72 return crypto_stream_salsa20_xor_ic(out, in, in_len, nonce, 0, key);
73 }
74
75int Sodium::crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t in[],
76 size_t in_len,
77 const uint8_t nonce[], uint64_t ic,
78 const uint8_t key[])
79 {
80 if((ic >> 6) != 0) // otherwise multiply overflows
81 return -1;
82
83 Salsa20 salsa;
86 salsa.seek(ic * 64);
87 salsa.cipher(in, out, in_len);
88 return 0;
89 }
90
91int Sodium::crypto_stream_xsalsa20(uint8_t out[], size_t out_len,
92 const uint8_t nonce[], const uint8_t key[])
93 {
94 Salsa20 salsa;
97 salsa.write_keystream(out, out_len);
98 return 0;
99 }
100
101int Sodium::crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t in[],
102 size_t in_len, const uint8_t nonce[],
103 const uint8_t key[])
104 {
105 return crypto_stream_xsalsa20_xor_ic(out, in, in_len, nonce, 0, key);
106 }
107
108int Sodium::crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t in[],
109 size_t in_len,
110 const uint8_t nonce[], uint64_t ic,
111 const uint8_t key[])
112 {
113 if((ic >> 6) != 0) // otherwise multiply overflows
114 return -1;
115
116 Salsa20 salsa;
119 salsa.seek(ic * 64);
120 salsa.cipher(in, out, in_len);
121 return 0;
122 }
123
124}
void seek(uint64_t offset) override
Definition: salsa20.cpp:298
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition: salsa20.cpp:34
void set_iv(const uint8_t iv[], size_t iv_len)
void write_keystream(uint8_t out[], size_t len)
Definition: stream_cipher.h:85
void cipher(const uint8_t in[], uint8_t out[], size_t len)
Definition: stream_cipher.h:61
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:150
int crypto_stream_salsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
@ crypto_stream_salsa20_NONCEBYTES
Definition: sodium.h:134
@ crypto_stream_xsalsa20_KEYBYTES
Definition: sodium.h:138
@ crypto_stream_xsalsa20_NONCEBYTES
Definition: sodium.h:140
@ crypto_stream_salsa20_KEYBYTES
Definition: sodium.h:132
int crypto_stream_salsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
int crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[])
int crypto_stream_xsalsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition: alg_id.cpp:12
constexpr uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:209
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:690