diff options
author | lloyd <[email protected]> | 2010-03-03 00:47:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-03 00:47:19 +0000 |
commit | 265c39bd4efb3155ec68ea09018a3e83499862f9 (patch) | |
tree | f94564a2d332febdbd546ded6127d0b1e1246059 | |
parent | e04cd85725b712c747ef5dbed2e94b7a7207ef22 (diff) |
Add XSalsa20
-rw-r--r-- | checks/validate.dat | 82 | ||||
-rw-r--r-- | doc/log.txt | 1 | ||||
-rw-r--r-- | src/stream/salsa20/salsa20.cpp | 112 | ||||
-rw-r--r-- | src/stream/salsa20/salsa20.h | 8 |
4 files changed, 191 insertions, 12 deletions
diff --git a/checks/validate.dat b/checks/validate.dat index 0998348ec..bdadad40e 100644 --- a/checks/validate.dat +++ b/checks/validate.dat @@ -42920,6 +42920,88 @@ AFDF1195:\ 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:\ 0000000000000000 +# XSalsa20, from NaCl via Crypto++ +0000000000000000000000000000000000000000000000000000000000000000\ +0000000000000000000000000000000000000000000000000000000000000000\ +0000000000000000000000000000000000000000000000000000000000000000\ +0000000000000000000000000000000000000000000000000000000000000000\ +0000000000000000000000:\ +EEA6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF880\ +309E645A74E9E0A60D8243ACD9177AB51A1BEB8D5A2F5D700C093C5E55855796\ +25337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163ABB0376529FCC09\ +BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF2130FC0A6FF604\ +9D0A5C8A82F429231F0080:\ +1B27556473E985D462CD51197A9A46C76009549EAC6474F206C4EE0844F68389:\ +69696EE955B62B73CD62BDA875FC73D68219E0036B7A0B37 + +093C5E5585579625337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163A\ +BB0376529FCC09BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF\ +2130FC0A6FF6049D0A5C8A82F429231F008082E845D7E189D37F9ED2B464E6B9\ +19E6523A8C1210BD52A02A4C3FE406D3085F5068D1909EEECA6369ABC981A42E\ +87FE665583F0AB85AE71F6F84F528E6B397AF86F6917D9754B7320DBDC2FEA81\ +496F2732F532AC78C4E9C6CFB18F8E9BDF74622EB126141416776971A84F94D1\ +56BEAF67AECBF2AD412E76E66E8FAD7633F5B6D7F3D64B5C6C69CE29003C6024\ +465AE3B89BE78E915D88B4B5621D:\ +B2AF688E7D8FC4B508C05CC39DD583D6714322C64D7F3E63147AEDE2D9534934\ +B04FF6F337B031815CD094BDBC6D7A92077DCE709412286822EF0737EE47F6B7\ +FFA22F9D53F11DD2B0A3BB9FC01D9A88F9D53C26E9365C2C3C063BC4840BFC81\ +2E4B80463E69D179530B25C158F543191CFF993106511AA036043BBC75866AB7\ +E34AFC57E2CCE4934A5FAAE6EABE4F221770183DD060467827C27A354159A081\ +275A291F69D946D6FE28ED0B9CE08206CF484925A51B9498DBDE178DDD3AE91A\ +8581B91682D860F840782F6EEA49DBB9BD721501D2C67122DEA3B7283848C5F1\ +3E0C0DE876BD227A856E4DE593A3:\ +A6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF88030:\ +9E645A74E9E0A60D8243ACD9177AB51A1BEB8D5A2F5D700C + +093C5E5585579625337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163A\ +BB0376529FCC09BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF\ +2130FC0A6FF6049D0A5C8A82F429231F008082E845D7E189D37F9ED2B464E6B9\ +19E6523A8C1210BD52A02A4C3FE406D3085F5068D1909EEECA6369ABC981A42E\ +87FE665583F0AB85AE71F6F84F528E6B397AF86F6917D9754B7320DBDC2FEA81\ +496F2732F532AC78C4E9C6CFB18F8E9BDF74622EB126141416776971A84F94D1\ +56BEAF67AECBF2AD412E76E66E8FAD7633F5B6D7F3D64B5C6C69CE29003C6024\ +465AE3B89BE78E915D88B4B5621D:\ +418078FE843F5984DD3C7975D1FF51AF4DCEDA640999AAA3C28618AE286CA150\ +51CB4D55F9DA22A213EF14A2B905B52C99A557854C7F2A6D6ED6F69C1C6649F3\ +FB67B8628468029B3367920C2E1148AA1F3B9C695CB1426F09CE84045842946E\ +0454E41AB1EDB32CAE4B95669DE4E2CCAF00BA86FFEAE6A9C5FCE4153BADDB0D\ +8998A600537A9649939CB7D7A9C4E8CBCA0FAB77963ABD516699879DE0B1971D\ +C7328668111FF5B77C253B9E6346D1A2CE6E390CD736156AD7F44B339CFB141F\ +00E7A766C06E130B0C31D88980D2AD8814A2D641599162AB8AF25D93067F06A4\ +9637EAF6523806B8FA07D56628BB:\ +A6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF88030:\ +B2AF688E7D8FC4B508C05CC39DD583D6714322C64D7F3E63 + +FEAC9D54FC8C115AE247D9A7E919DD76CFCBC72D32CAE4944860817CBDFB8C04\ +E6B1DF76A16517CD33CCF1ACDA9206389E9E318F5966C093CFB3EC2D9EE2DE85\ +6437ED581F552F26AC2907609DF8C613B9E33D44BFC21FF79153E9EF81A9D66C\ +C317857F752CC175FD8891FEFEBB7D041E6517C3162D197E2112837D3BC41043\ +12AD35B75EA686E7C70D4EC04746B52FF09C421451459FB59F:\ +2C261A2F4E61A62E1B27689916BF03453FCBC97BB2AF6F329391EF063B5A219B\ +F984D07D70F602D85F6DB61474E9D9F5A2DEECB4FCD90184D16F3B5B5E168EE0\ +3EA8C93F3933A22BC3D1A5AE8C2D8B02757C87C073409052A2A8A41E7F487E04\ +1F9A49A0997B540E18621CAD3A24F0A56D9B19227929057AB3BA950F6274B121\ +F193E32E06E5388781A1CB57317C0BA6305E910961D01002F0:\ +9E1DA239D155F52AD37F75C7368A536668B051952923AD44F57E75AB588E475A:\ +AF06F17859DFFA799891C4288F6635B5C5A45EEE9017FD72 + +F4EA120B47D15466ADE07DF0F2FF508759D9CB1035CEEAB43920E9094FA50B86\ +8673B07173557D4B994B1E9D35078C1C7369DF6B6ADB2EC0E6BFD280FEA8AC31\ +DB44BEB0C2A4DDC6198957BD0592E3E587D304863B893FF8EEE0EFC70CED5D71\ +2651C3E9DD1A0DE0480FD8CCCBAE4C50DCCBACB83DCDC3E2CEF7DBC645F0AF46\ +8163FB0E015EF48AD74694DFBCE2DB8430A6E91645FD16ADBB72E21A0FBAEDF5\ +ECFF829CEA9CBC22F82902748AA52DA5CE903D9F2BDE77EFEF5FA3970C720E89\ +F25DD05157247BF0DE2D2129C3F856238D4FAD:\ +46F396F0D2D54189968BF56B5B2F35588C3AD851E00FAC6507598F3EA0193A58\ +6C00B18677811CC305B0261D9AEBBB9C0485A5800C940AA4F09C4FBDEDE12553\ +824C429C7954E0B8DAD889203D292517B98A64E8D7A37C1364EB0934751323D9\ +B9F8498F50D729E977FB742880222F22AC5D7BFEBE6905A4C344D82027398A70\ +C334635792DEB0F20B83861B05E731F5627AEE17DF20413C79957556E66A9700\ +85E9AD40A73D9A964381584976C6F111619A916FBB5F5D305DF862D5A56BAC9F\ +F9B436F31C85F34FF890B5AD3299EDA2B8642D:\ +3070F0DB09C523507D36404DAC79038A393E9F0E3CF5F870B16D2A06DA68DCD3:\ +4AFE87BF79EB938D786BA54C26FD6D7E62261EEAE8B62202 + [Turing] 0000000000000000000000000000000000000000:\ 696626BBDC6E09F6DA9ABAB5B56C14878246DF18:\ diff --git a/doc/log.txt b/doc/log.txt index da624f223..2f15b82e6 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -4,6 +4,7 @@ - Add GOST 34.10-2001 public key signature scheme - Add SIMD implementation of Noekeon - Add SSE2 implementation of IDEA + - Extend Salsa20 to support longer IVs (XSalsa20) - Perform XTS encryption and decryption in parallel where possible - Perform CBC decryption in parallel where possible - Add SQLite3 db encryption codec, contributed by Olivier de Gaalon diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index 1b97f4421..0243149f1 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -1,6 +1,6 @@ /* -* Salsa20 -* (C) 1999-2008 Jack Lloyd +* Salsa20 / XSalsa20 +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -15,6 +15,75 @@ namespace Botan { namespace { /* +* Generate HSalsa20 cipher stream (for XSalsa20 IV setup) +*/ +void hsalsa20(u32bit output[8], const u32bit input[16]) + { + u32bit x00 = input[0]; + u32bit x01 = input[1]; + u32bit x02 = input[2]; + u32bit x03 = input[3]; + u32bit x04 = input[4]; + u32bit x05 = input[5]; + u32bit x06 = input[6]; + u32bit x07 = input[7]; + u32bit x08 = input[8]; + u32bit x09 = input[9]; + u32bit x10 = input[10]; + u32bit x11 = input[11]; + u32bit x12 = input[12]; + u32bit x13 = input[13]; + u32bit x14 = input[14]; + u32bit x15 = input[15]; + + for(u32bit i = 0; i != 10; ++i) + { + x04 ^= rotate_left(x00 + x12, 7); + x08 ^= rotate_left(x04 + x00, 9); + x12 ^= rotate_left(x08 + x04, 13); + x00 ^= rotate_left(x12 + x08, 18); + x09 ^= rotate_left(x05 + x01, 7); + x13 ^= rotate_left(x09 + x05, 9); + x01 ^= rotate_left(x13 + x09, 13); + x05 ^= rotate_left(x01 + x13, 18); + x14 ^= rotate_left(x10 + x06, 7); + x02 ^= rotate_left(x14 + x10, 9); + x06 ^= rotate_left(x02 + x14, 13); + x10 ^= rotate_left(x06 + x02, 18); + x03 ^= rotate_left(x15 + x11, 7); + x07 ^= rotate_left(x03 + x15, 9); + x11 ^= rotate_left(x07 + x03, 13); + x15 ^= rotate_left(x11 + x07, 18); + + x01 ^= rotate_left(x00 + x03, 7); + x02 ^= rotate_left(x01 + x00, 9); + x03 ^= rotate_left(x02 + x01, 13); + x00 ^= rotate_left(x03 + x02, 18); + x06 ^= rotate_left(x05 + x04, 7); + x07 ^= rotate_left(x06 + x05, 9); + x04 ^= rotate_left(x07 + x06, 13); + x05 ^= rotate_left(x04 + x07, 18); + x11 ^= rotate_left(x10 + x09, 7); + x08 ^= rotate_left(x11 + x10, 9); + x09 ^= rotate_left(x08 + x11, 13); + x10 ^= rotate_left(x09 + x08, 18); + x12 ^= rotate_left(x15 + x14, 7); + x13 ^= rotate_left(x12 + x15, 9); + x14 ^= rotate_left(x13 + x12, 13); + x15 ^= rotate_left(x14 + x13, 18); + } + + output[0] = x00; + output[1] = x05; + output[2] = x10; + output[3] = x15; + output[4] = x06; + output[5] = x07; + output[6] = x08; + output[7] = x09; + } + +/* * Generate Salsa20 cipher stream */ void salsa20(byte output[64], const u32bit input[16]) @@ -100,11 +169,11 @@ void Salsa20::cipher(const byte in[], byte out[], u32bit length) { while(length >= buffer.size() - position) { - xor_buf(out, in, buffer.begin() + position, buffer.size() - position); + xor_buf(out, in, &buffer[position], buffer.size() - position); length -= (buffer.size() - position); in += (buffer.size() - position); out += (buffer.size() - position); - salsa20(buffer.begin(), state); + salsa20(&buffer[0], state); ++state[8]; if(!state[8]) // if overflow in state[8] @@ -113,7 +182,7 @@ void Salsa20::cipher(const byte in[], byte out[], u32bit length) position = 0; } - xor_buf(out, in, buffer.begin() + position, length); + xor_buf(out, in, &buffer[position], length); position += length; } @@ -174,12 +243,39 @@ void Salsa20::set_iv(const byte iv[], u32bit length) if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); - state[6] = load_le<u32bit>(iv, 0); - state[7] = load_le<u32bit>(iv, 1); + if(length == 8) + { + // Salsa20 + state[6] = load_le<u32bit>(iv, 0); + state[7] = load_le<u32bit>(iv, 1); + } + else + { + // XSalsa20 + state[6] = load_le<u32bit>(iv, 0); + state[7] = load_le<u32bit>(iv, 1); + state[8] = load_le<u32bit>(iv, 2); + state[9] = load_le<u32bit>(iv, 3); + + SecureVector<u32bit> hsalsa(8); + hsalsa20(hsalsa, state); + + state[ 1] = hsalsa[0]; + state[ 2] = hsalsa[1]; + state[ 3] = hsalsa[2]; + state[ 4] = hsalsa[3]; + state[ 6] = load_le<u32bit>(iv, 4); + state[ 7] = load_le<u32bit>(iv, 5); + state[11] = hsalsa[4]; + state[12] = hsalsa[5]; + state[13] = hsalsa[6]; + state[14] = hsalsa[7]; + } + state[8] = 0; state[9] = 0; - salsa20(buffer.begin(), state); + salsa20(&buffer[0], state); ++state[8]; if(!state[8]) // if overflow in state[8] ++state[9]; // carry to state[9] diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h index 3ca781ea2..016745355 100644 --- a/src/stream/salsa20/salsa20.h +++ b/src/stream/salsa20/salsa20.h @@ -1,6 +1,6 @@ /* -* Salsa20 -* (C) 1999-2008 Jack Lloyd +* Salsa20 / XSalsa20 +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -13,7 +13,7 @@ namespace Botan { /* -* Salsa20 +* Salsa20 (and XSalsa20) */ class BOTAN_DLL Salsa20 : public StreamCipher { @@ -23,7 +23,7 @@ class BOTAN_DLL Salsa20 : public StreamCipher void set_iv(const byte iv[], u32bit iv_len); bool valid_iv_length(u32bit iv_len) const - { return (iv_len == 8); } + { return (iv_len == 8 || iv_len == 24); } void clear(); std::string name() const; |