Botan 3.9.0
Crypto and TLS for C&
sodium_salsa.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/internal/loadstor.h>
10#include <botan/internal/salsa20.h>
11
12namespace Botan {
13
14int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[]) {
15 uint32_t in32[16] = {0};
16
17 static const uint32_t SIGMA[] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574};
18
19 if(c == nullptr) {
20 in32[0] = SIGMA[0];
21 in32[5] = SIGMA[1];
22 in32[10] = SIGMA[2];
23 in32[15] = SIGMA[3];
24 } else {
25 in32[0] = load_le<uint32_t>(c, 0);
26 in32[5] = load_le<uint32_t>(c, 1);
27 in32[10] = load_le<uint32_t>(c, 2);
28 in32[15] = load_le<uint32_t>(c, 3);
29 }
30
31 in32[1] = load_le<uint32_t>(key, 0);
32 in32[2] = load_le<uint32_t>(key, 1);
33 in32[3] = load_le<uint32_t>(key, 2);
34 in32[4] = load_le<uint32_t>(key, 3);
35
36 in32[6] = load_le<uint32_t>(in, 0);
37 in32[7] = load_le<uint32_t>(in, 1);
38 in32[8] = load_le<uint32_t>(in, 2);
39 in32[9] = load_le<uint32_t>(in, 3);
40
41 in32[11] = load_le<uint32_t>(key, 4);
42 in32[12] = load_le<uint32_t>(key, 5);
43 in32[13] = load_le<uint32_t>(key, 6);
44 in32[14] = load_le<uint32_t>(key, 7);
45
46 uint32_t out32[8] = {0};
47 Salsa20::hsalsa20(out32, in32);
48 store_le(std::span<uint8_t, 32>(out, 32), out32);
49 return 0;
50}
51
52int Sodium::crypto_stream_salsa20(uint8_t out[], size_t out_len, const uint8_t nonce[], const uint8_t key[]) {
53 Salsa20 salsa;
54 salsa.set_key(key, crypto_stream_salsa20_KEYBYTES);
55 salsa.set_iv(nonce, crypto_stream_salsa20_NONCEBYTES);
56 salsa.write_keystream(out, out_len);
57 return 0;
58}
59
60int Sodium::crypto_stream_salsa20_xor(
61 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], const uint8_t key[]) {
62 return crypto_stream_salsa20_xor_ic(out, in, in_len, nonce, 0, key);
63}
64
65int Sodium::crypto_stream_salsa20_xor_ic(
66 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[]) {
67 if((ic >> 6) != 0) { // otherwise multiply overflows
68 return -1;
69 }
70
71 Salsa20 salsa;
72 salsa.set_key(key, crypto_stream_salsa20_KEYBYTES);
73 salsa.set_iv(nonce, crypto_stream_salsa20_NONCEBYTES);
74 salsa.seek(ic * 64);
75 salsa.cipher(in, out, in_len);
76 return 0;
77}
78
79int Sodium::crypto_stream_xsalsa20(uint8_t out[], size_t out_len, const uint8_t nonce[], const uint8_t key[]) {
80 Salsa20 salsa;
81 salsa.set_key(key, crypto_stream_xsalsa20_KEYBYTES);
82 salsa.set_iv(nonce, crypto_stream_xsalsa20_NONCEBYTES);
83 salsa.write_keystream(out, out_len);
84 return 0;
85}
86
87int Sodium::crypto_stream_xsalsa20_xor(
88 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], const uint8_t key[]) {
89 return crypto_stream_xsalsa20_xor_ic(out, in, in_len, nonce, 0, key);
90}
91
92int Sodium::crypto_stream_xsalsa20_xor_ic(
93 uint8_t out[], const uint8_t in[], size_t in_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[]) {
94 if((ic >> 6) != 0) { // otherwise multiply overflows
95 return -1;
96 }
97
98 Salsa20 salsa;
99 salsa.set_key(key, crypto_stream_xsalsa20_KEYBYTES);
100 salsa.set_iv(nonce, crypto_stream_xsalsa20_NONCEBYTES);
101 salsa.seek(ic * 64);
102 salsa.cipher(in, out, in_len);
103 return 0;
104}
105
106} // namespace Botan
Botan::Salsa20::seek
void seek(uint64_t offset) override
Definition salsa20.cpp:297
Botan::Salsa20::hsalsa20
static void hsalsa20(uint32_t output[8], const uint32_t input[16])
Definition salsa20.cpp:31
Botan::StreamCipher::set_iv
void set_iv(const uint8_t iv[], size_t iv_len)
Definition stream_cipher.h:166
Botan::StreamCipher::write_keystream
void write_keystream(uint8_t out[], size_t len)
Definition stream_cipher.h:77
Botan::StreamCipher::cipher
void cipher(const uint8_t in[], uint8_t out[], size_t len)
Definition stream_cipher.h:59
Botan::SymmetricAlgorithm::set_key
void set_key(const OctetString &key)
Definition sym_algo.cpp:14
Botan::Sodium::crypto_stream_salsa20_NONCEBYTES
@ crypto_stream_salsa20_NONCEBYTES
Definition sodium.h:134
Botan::Sodium::crypto_stream_xsalsa20_KEYBYTES
@ crypto_stream_xsalsa20_KEYBYTES
Definition sodium.h:138
Botan::Sodium::crypto_stream_xsalsa20_NONCEBYTES
@ crypto_stream_xsalsa20_NONCEBYTES
Definition sodium.h:140
Botan::Sodium::crypto_stream_salsa20_KEYBYTES
@ crypto_stream_salsa20_KEYBYTES
Definition sodium.h:132
Botan::Sodium::crypto_stream_salsa20
int crypto_stream_salsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_salsa.cpp:52
Botan::Sodium::crypto_stream_xsalsa20_xor_ic
int crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
Definition sodium_salsa.cpp:92
Botan::Sodium::crypto_stream_salsa20_xor
int crypto_stream_salsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_salsa.cpp:60
Botan::Sodium::crypto_stream_salsa20_xor_ic
int crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], uint64_t ic, const uint8_t key[])
Definition sodium_salsa.cpp:65
Botan::Sodium::crypto_core_hsalsa20
int crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[])
Definition sodium_salsa.cpp:14
Botan::Sodium::crypto_stream_xsalsa20
int crypto_stream_xsalsa20(uint8_t out[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_salsa.cpp:79
Botan::Sodium::crypto_stream_xsalsa20_xor
int crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_salsa.cpp:87
Botan::store_le
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:736
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:495
Generated by doxygen 1.14.0