Botan 3.3.0
Crypto and TLS for C&
sodium_salsa.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/internal/loadstor.h>
10#include <botan/internal/salsa20.h>
11
12namespace Botan {
13
14int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[]) {
15 uint32_t in32[16] = {0};
16
17 static const uint32_t SIGMA[] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
18
19 if(c == nullptr) {
20 in32[0] = SIGMA[0];
21 in32[5] = SIGMA[1];
22 in32[10] = SIGMA[2];
23 in32[15] = SIGMA[3];
24 } else {
25 in32[0] = load_le<uint32_t>(c, 0);
26 in32[5] = load_le<uint32_t>(c, 1);
27 in32[10] = load_le<uint32_t>(c, 2);
28 in32[15] = load_le<uint32_t>(c, 3);
29 }
30
31 in32[1] = load_le<uint32_t>(key, 0);
32 in32[2] = load_le<uint32_t>(key, 1);
33 in32[3] = load_le<uint32_t>(key, 2);
34 in32[4] = load_le<uint32_t>(key, 3);
35
36 in32[6] = load_le<uint32_t>(in, 0);
37 in32[7] = load_le<uint32_t>(in, 1);
38 in32[8] = load_le<uint32_t>(in, 2);
39 in32[9] = load_le<uint32_t>(in, 3);
40
41 in32[11] = load_le<uint32_t>(key, 4);
42 in32[12] = load_le<uint32_t>(key, 5);
43 in32[13] = load_le<uint32_t>(key, 6);
44 in32[14] = load_le<uint32_t>(key, 7);
45
46 uint32_t out32[8] = {0};
47 Salsa20::hsalsa20(out32, in32);
48
49 copy_out_le(out, 32, out32);
50 return 0;
51}
52
53int Sodium::crypto_stream_salsa20(uint8_t out[], size_t out_len, const uint8_t nonce[], const uint8_t key[]) {
54 Salsa20 salsa;
57 salsa.write_keystream(out, out_len);
58 return 0;
59}
60
62 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], const uint8_t key[]) {
63 return crypto_stream_salsa20_xor_ic(out, in, in_len, nonce, 0, key);
64}
65
67 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[]) {
68 if((ic >> 6) != 0) { // otherwise multiply overflows
69 return -1;
70 }
71
72 Salsa20 salsa;
75 salsa.seek(ic * 64);
76 salsa.cipher(in, out, in_len);
77 return 0;
78}
79
80int Sodium::crypto_stream_xsalsa20(uint8_t out[], size_t out_len, const uint8_t nonce[], const uint8_t key[]) {
81 Salsa20 salsa;
84 salsa.write_keystream(out, out_len);
85 return 0;
86}
87
89 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], const uint8_t key[]) {
90 return crypto_stream_xsalsa20_xor_ic(out, in, in_len, nonce, 0, key);
91}
92
94 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[]) {
95 if((ic >> 6) != 0) { // otherwise multiply overflows
96 return -1;
97 }
98
99 Salsa20 salsa;
102 salsa.seek(ic * 64);
103 salsa.cipher(in, out, in_len);
104 return 0;
105}
106
107} // namespace Botan
void seek(uint64_t offset) override
Definition salsa20.cpp:267
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition salsa20.cpp:31
void set_iv(const uint8_t iv[], size_t iv_len)
void write_keystream(uint8_t out[], size_t len)
void cipher(const uint8_t in[], uint8_t out[], size_t len)
void set_key(const SymmetricKey &key)
Definition sym_algo.h:113
int crypto_stream_salsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
@ crypto_stream_salsa20_NONCEBYTES
Definition sodium.h:134
@ crypto_stream_xsalsa20_KEYBYTES
Definition sodium.h:138
@ crypto_stream_xsalsa20_NONCEBYTES
Definition sodium.h:140
@ crypto_stream_salsa20_KEYBYTES
Definition sodium.h:132
int crypto_stream_salsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
int crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[])
int crypto_stream_xsalsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition loadstor.h:526