Botan  2.14.0
Crypto and TLS for C++11
sodium_salsa.cpp
Go to the documentation of this file.
1 /*
2 * (C) 2019 Jack Lloyd
3 *
4 * Botan is released under the Simplified BSD License (see license.txt)
5 */
6 
7 #include <botan/sodium.h>
8 #include <botan/salsa20.h>
9 #include <botan/loadstor.h>
10 
11 namespace Botan {
12 
13 int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[],
14  const uint8_t key[], const uint8_t c[])
15  {
16  uint32_t in32[16] = { 0 };
17 
18  static const uint32_t SIGMA[] =
19  { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 };
20 
21  if(c == nullptr)
22  {
23  in32[0] = SIGMA[0];
24  in32[5] = SIGMA[1];
25  in32[10] = SIGMA[2];
26  in32[15] = SIGMA[3];
27  }
28  else
29  {
30  in32[0] = load_le<uint32_t>(c, 0);
31  in32[5] = load_le<uint32_t>(c, 1);
32  in32[10] = load_le<uint32_t>(c, 2);
33  in32[15] = load_le<uint32_t>(c, 3);
34  }
35 
36  in32[1] = load_le<uint32_t>(key, 0);
37  in32[2] = load_le<uint32_t>(key, 1);
38  in32[3] = load_le<uint32_t>(key, 2);
39  in32[4] = load_le<uint32_t>(key, 3);
40 
41  in32[6] = load_le<uint32_t>(in, 0);
42  in32[7] = load_le<uint32_t>(in, 1);
43  in32[8] = load_le<uint32_t>(in, 2);
44  in32[9] = load_le<uint32_t>(in, 3);
45 
46  in32[11] = load_le<uint32_t>(key, 4);
47  in32[12] = load_le<uint32_t>(key, 5);
48  in32[13] = load_le<uint32_t>(key, 6);
49  in32[14] = load_le<uint32_t>(key, 7);
50 
51  uint32_t out32[8] = { 0 };
52  Salsa20::hsalsa20(out32, in32);
53 
54  copy_out_le(out, 32, out32);
55  return 0;
56  }
57 
58 int Sodium::crypto_stream_salsa20(uint8_t out[], size_t out_len,
59  const uint8_t nonce[], const uint8_t key[])
60  {
61  Salsa20 salsa;
64  salsa.write_keystream(out, out_len);
65  return 0;
66  }
67 
68 int Sodium::crypto_stream_salsa20_xor(uint8_t out[], const uint8_t in[],
69  size_t in_len, const uint8_t nonce[],
70  const uint8_t key[])
71  {
72  return crypto_stream_salsa20_xor_ic(out, in, in_len, nonce, 0, key);
73  }
74 
75 int Sodium::crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t in[],
76  size_t in_len,
77  const uint8_t nonce[], uint64_t ic,
78  const uint8_t key[])
79  {
80  if((ic >> 6) != 0) // otherwise multiply overflows
81  return -1;
82 
83  Salsa20 salsa;
86  salsa.seek(ic * 64);
87  salsa.cipher(in, out, in_len);
88  return 0;
89  }
90 
91 int Sodium::crypto_stream_xsalsa20(uint8_t out[], size_t out_len,
92  const uint8_t nonce[], const uint8_t key[])
93  {
94  Salsa20 salsa;
97  salsa.write_keystream(out, out_len);
98  return 0;
99  }
100 
101 int Sodium::crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t in[],
102  size_t in_len, const uint8_t nonce[],
103  const uint8_t key[])
104  {
105  return crypto_stream_xsalsa20_xor_ic(out, in, in_len, nonce, 0, key);
106  }
107 
108 int Sodium::crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t in[],
109  size_t in_len,
110  const uint8_t nonce[], uint64_t ic,
111  const uint8_t key[])
112  {
113  if((ic >> 6) != 0) // otherwise multiply overflows
114  return -1;
115 
116  Salsa20 salsa;
119  salsa.seek(ic * 64);
120  salsa.cipher(in, out, in_len);
121  return 0;
122  }
123 
124 }
int crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[])
int crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
void copy_out_le(uint8_t out[], size_t out_bytes, const T in[])
Definition: loadstor.h:679
int crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:198
int crypto_stream_salsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
void seek(uint64_t offset) override
Definition: salsa20.cpp:283
int crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:65
virtual void write_keystream(uint8_t out[], size_t len)
Definition: stream_cipher.h:66
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition: salsa20.cpp:27
Definition: alg_id.cpp:13
int crypto_stream_salsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
void set_iv(const uint8_t iv[], size_t iv_len) override
Definition: salsa20.cpp:193
void cipher(const uint8_t in[], uint8_t out[], size_t length) override
Definition: salsa20.cpp:106
int crypto_stream_xsalsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])