aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-03 00:47:19 +0000
committerlloyd <[email protected]>2010-03-03 00:47:19 +0000
commit265c39bd4efb3155ec68ea09018a3e83499862f9 (patch)
treef94564a2d332febdbd546ded6127d0b1e1246059
parente04cd85725b712c747ef5dbed2e94b7a7207ef22 (diff)
Add XSalsa20
-rw-r--r--checks/validate.dat82
-rw-r--r--doc/log.txt1
-rw-r--r--src/stream/salsa20/salsa20.cpp112
-rw-r--r--src/stream/salsa20/salsa20.h8
4 files changed, 191 insertions, 12 deletions
diff --git a/checks/validate.dat b/checks/validate.dat
index 0998348ec..bdadad40e 100644
--- a/checks/validate.dat
+++ b/checks/validate.dat
@@ -42920,6 +42920,88 @@ AFDF1195:\
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:\
0000000000000000
+# XSalsa20, from NaCl via Crypto++
+0000000000000000000000000000000000000000000000000000000000000000\
+0000000000000000000000000000000000000000000000000000000000000000\
+0000000000000000000000000000000000000000000000000000000000000000\
+0000000000000000000000000000000000000000000000000000000000000000\
+0000000000000000000000:\
+EEA6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF880\
+309E645A74E9E0A60D8243ACD9177AB51A1BEB8D5A2F5D700C093C5E55855796\
+25337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163ABB0376529FCC09\
+BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF2130FC0A6FF604\
+9D0A5C8A82F429231F0080:\
+1B27556473E985D462CD51197A9A46C76009549EAC6474F206C4EE0844F68389:\
+69696EE955B62B73CD62BDA875FC73D68219E0036B7A0B37
+
+093C5E5585579625337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163A\
+BB0376529FCC09BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF\
+2130FC0A6FF6049D0A5C8A82F429231F008082E845D7E189D37F9ED2B464E6B9\
+19E6523A8C1210BD52A02A4C3FE406D3085F5068D1909EEECA6369ABC981A42E\
+87FE665583F0AB85AE71F6F84F528E6B397AF86F6917D9754B7320DBDC2FEA81\
+496F2732F532AC78C4E9C6CFB18F8E9BDF74622EB126141416776971A84F94D1\
+56BEAF67AECBF2AD412E76E66E8FAD7633F5B6D7F3D64B5C6C69CE29003C6024\
+465AE3B89BE78E915D88B4B5621D:\
+B2AF688E7D8FC4B508C05CC39DD583D6714322C64D7F3E63147AEDE2D9534934\
+B04FF6F337B031815CD094BDBC6D7A92077DCE709412286822EF0737EE47F6B7\
+FFA22F9D53F11DD2B0A3BB9FC01D9A88F9D53C26E9365C2C3C063BC4840BFC81\
+2E4B80463E69D179530B25C158F543191CFF993106511AA036043BBC75866AB7\
+E34AFC57E2CCE4934A5FAAE6EABE4F221770183DD060467827C27A354159A081\
+275A291F69D946D6FE28ED0B9CE08206CF484925A51B9498DBDE178DDD3AE91A\
+8581B91682D860F840782F6EEA49DBB9BD721501D2C67122DEA3B7283848C5F1\
+3E0C0DE876BD227A856E4DE593A3:\
+A6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF88030:\
+9E645A74E9E0A60D8243ACD9177AB51A1BEB8D5A2F5D700C
+
+093C5E5585579625337BD3AB619D615760D8C5B224A85B1D0EFE0EB8A7EE163A\
+BB0376529FCC09BAB506C618E13CE777D82C3AE9D1A6F972D4160287CBFE60BF\
+2130FC0A6FF6049D0A5C8A82F429231F008082E845D7E189D37F9ED2B464E6B9\
+19E6523A8C1210BD52A02A4C3FE406D3085F5068D1909EEECA6369ABC981A42E\
+87FE665583F0AB85AE71F6F84F528E6B397AF86F6917D9754B7320DBDC2FEA81\
+496F2732F532AC78C4E9C6CFB18F8E9BDF74622EB126141416776971A84F94D1\
+56BEAF67AECBF2AD412E76E66E8FAD7633F5B6D7F3D64B5C6C69CE29003C6024\
+465AE3B89BE78E915D88B4B5621D:\
+418078FE843F5984DD3C7975D1FF51AF4DCEDA640999AAA3C28618AE286CA150\
+51CB4D55F9DA22A213EF14A2B905B52C99A557854C7F2A6D6ED6F69C1C6649F3\
+FB67B8628468029B3367920C2E1148AA1F3B9C695CB1426F09CE84045842946E\
+0454E41AB1EDB32CAE4B95669DE4E2CCAF00BA86FFEAE6A9C5FCE4153BADDB0D\
+8998A600537A9649939CB7D7A9C4E8CBCA0FAB77963ABD516699879DE0B1971D\
+C7328668111FF5B77C253B9E6346D1A2CE6E390CD736156AD7F44B339CFB141F\
+00E7A766C06E130B0C31D88980D2AD8814A2D641599162AB8AF25D93067F06A4\
+9637EAF6523806B8FA07D56628BB:\
+A6A7251C1E72916D11C2CB214D3C252539121D8E234E652D651FA4C8CFF88030:\
+B2AF688E7D8FC4B508C05CC39DD583D6714322C64D7F3E63
+
+FEAC9D54FC8C115AE247D9A7E919DD76CFCBC72D32CAE4944860817CBDFB8C04\
+E6B1DF76A16517CD33CCF1ACDA9206389E9E318F5966C093CFB3EC2D9EE2DE85\
+6437ED581F552F26AC2907609DF8C613B9E33D44BFC21FF79153E9EF81A9D66C\
+C317857F752CC175FD8891FEFEBB7D041E6517C3162D197E2112837D3BC41043\
+12AD35B75EA686E7C70D4EC04746B52FF09C421451459FB59F:\
+2C261A2F4E61A62E1B27689916BF03453FCBC97BB2AF6F329391EF063B5A219B\
+F984D07D70F602D85F6DB61474E9D9F5A2DEECB4FCD90184D16F3B5B5E168EE0\
+3EA8C93F3933A22BC3D1A5AE8C2D8B02757C87C073409052A2A8A41E7F487E04\
+1F9A49A0997B540E18621CAD3A24F0A56D9B19227929057AB3BA950F6274B121\
+F193E32E06E5388781A1CB57317C0BA6305E910961D01002F0:\
+9E1DA239D155F52AD37F75C7368A536668B051952923AD44F57E75AB588E475A:\
+AF06F17859DFFA799891C4288F6635B5C5A45EEE9017FD72
+
+F4EA120B47D15466ADE07DF0F2FF508759D9CB1035CEEAB43920E9094FA50B86\
+8673B07173557D4B994B1E9D35078C1C7369DF6B6ADB2EC0E6BFD280FEA8AC31\
+DB44BEB0C2A4DDC6198957BD0592E3E587D304863B893FF8EEE0EFC70CED5D71\
+2651C3E9DD1A0DE0480FD8CCCBAE4C50DCCBACB83DCDC3E2CEF7DBC645F0AF46\
+8163FB0E015EF48AD74694DFBCE2DB8430A6E91645FD16ADBB72E21A0FBAEDF5\
+ECFF829CEA9CBC22F82902748AA52DA5CE903D9F2BDE77EFEF5FA3970C720E89\
+F25DD05157247BF0DE2D2129C3F856238D4FAD:\
+46F396F0D2D54189968BF56B5B2F35588C3AD851E00FAC6507598F3EA0193A58\
+6C00B18677811CC305B0261D9AEBBB9C0485A5800C940AA4F09C4FBDEDE12553\
+824C429C7954E0B8DAD889203D292517B98A64E8D7A37C1364EB0934751323D9\
+B9F8498F50D729E977FB742880222F22AC5D7BFEBE6905A4C344D82027398A70\
+C334635792DEB0F20B83861B05E731F5627AEE17DF20413C79957556E66A9700\
+85E9AD40A73D9A964381584976C6F111619A916FBB5F5D305DF862D5A56BAC9F\
+F9B436F31C85F34FF890B5AD3299EDA2B8642D:\
+3070F0DB09C523507D36404DAC79038A393E9F0E3CF5F870B16D2A06DA68DCD3:\
+4AFE87BF79EB938D786BA54C26FD6D7E62261EEAE8B62202
+
[Turing]
0000000000000000000000000000000000000000:\
696626BBDC6E09F6DA9ABAB5B56C14878246DF18:\
diff --git a/doc/log.txt b/doc/log.txt
index da624f223..2f15b82e6 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -4,6 +4,7 @@
- Add GOST 34.10-2001 public key signature scheme
- Add SIMD implementation of Noekeon
- Add SSE2 implementation of IDEA
+ - Extend Salsa20 to support longer IVs (XSalsa20)
- Perform XTS encryption and decryption in parallel where possible
- Perform CBC decryption in parallel where possible
- Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp
index 1b97f4421..0243149f1 100644
--- a/src/stream/salsa20/salsa20.cpp
+++ b/src/stream/salsa20/salsa20.cpp
@@ -1,6 +1,6 @@
/*
-* Salsa20
-* (C) 1999-2008 Jack Lloyd
+* Salsa20 / XSalsa20
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -15,6 +15,75 @@ namespace Botan {
namespace {
/*
+* Generate HSalsa20 cipher stream (for XSalsa20 IV setup)
+*/
+void hsalsa20(u32bit output[8], const u32bit input[16])
+ {
+ u32bit x00 = input[0];
+ u32bit x01 = input[1];
+ u32bit x02 = input[2];
+ u32bit x03 = input[3];
+ u32bit x04 = input[4];
+ u32bit x05 = input[5];
+ u32bit x06 = input[6];
+ u32bit x07 = input[7];
+ u32bit x08 = input[8];
+ u32bit x09 = input[9];
+ u32bit x10 = input[10];
+ u32bit x11 = input[11];
+ u32bit x12 = input[12];
+ u32bit x13 = input[13];
+ u32bit x14 = input[14];
+ u32bit x15 = input[15];
+
+ for(u32bit i = 0; i != 10; ++i)
+ {
+ x04 ^= rotate_left(x00 + x12, 7);
+ x08 ^= rotate_left(x04 + x00, 9);
+ x12 ^= rotate_left(x08 + x04, 13);
+ x00 ^= rotate_left(x12 + x08, 18);
+ x09 ^= rotate_left(x05 + x01, 7);
+ x13 ^= rotate_left(x09 + x05, 9);
+ x01 ^= rotate_left(x13 + x09, 13);
+ x05 ^= rotate_left(x01 + x13, 18);
+ x14 ^= rotate_left(x10 + x06, 7);
+ x02 ^= rotate_left(x14 + x10, 9);
+ x06 ^= rotate_left(x02 + x14, 13);
+ x10 ^= rotate_left(x06 + x02, 18);
+ x03 ^= rotate_left(x15 + x11, 7);
+ x07 ^= rotate_left(x03 + x15, 9);
+ x11 ^= rotate_left(x07 + x03, 13);
+ x15 ^= rotate_left(x11 + x07, 18);
+
+ x01 ^= rotate_left(x00 + x03, 7);
+ x02 ^= rotate_left(x01 + x00, 9);
+ x03 ^= rotate_left(x02 + x01, 13);
+ x00 ^= rotate_left(x03 + x02, 18);
+ x06 ^= rotate_left(x05 + x04, 7);
+ x07 ^= rotate_left(x06 + x05, 9);
+ x04 ^= rotate_left(x07 + x06, 13);
+ x05 ^= rotate_left(x04 + x07, 18);
+ x11 ^= rotate_left(x10 + x09, 7);
+ x08 ^= rotate_left(x11 + x10, 9);
+ x09 ^= rotate_left(x08 + x11, 13);
+ x10 ^= rotate_left(x09 + x08, 18);
+ x12 ^= rotate_left(x15 + x14, 7);
+ x13 ^= rotate_left(x12 + x15, 9);
+ x14 ^= rotate_left(x13 + x12, 13);
+ x15 ^= rotate_left(x14 + x13, 18);
+ }
+
+ output[0] = x00;
+ output[1] = x05;
+ output[2] = x10;
+ output[3] = x15;
+ output[4] = x06;
+ output[5] = x07;
+ output[6] = x08;
+ output[7] = x09;
+ }
+
+/*
* Generate Salsa20 cipher stream
*/
void salsa20(byte output[64], const u32bit input[16])
@@ -100,11 +169,11 @@ void Salsa20::cipher(const byte in[], byte out[], u32bit length)
{
while(length >= buffer.size() - position)
{
- xor_buf(out, in, buffer.begin() + position, buffer.size() - position);
+ xor_buf(out, in, &buffer[position], buffer.size() - position);
length -= (buffer.size() - position);
in += (buffer.size() - position);
out += (buffer.size() - position);
- salsa20(buffer.begin(), state);
+ salsa20(&buffer[0], state);
++state[8];
if(!state[8]) // if overflow in state[8]
@@ -113,7 +182,7 @@ void Salsa20::cipher(const byte in[], byte out[], u32bit length)
position = 0;
}
- xor_buf(out, in, buffer.begin() + position, length);
+ xor_buf(out, in, &buffer[position], length);
position += length;
}
@@ -174,12 +243,39 @@ void Salsa20::set_iv(const byte iv[], u32bit length)
if(!valid_iv_length(length))
throw Invalid_IV_Length(name(), length);
- state[6] = load_le<u32bit>(iv, 0);
- state[7] = load_le<u32bit>(iv, 1);
+ if(length == 8)
+ {
+ // Salsa20
+ state[6] = load_le<u32bit>(iv, 0);
+ state[7] = load_le<u32bit>(iv, 1);
+ }
+ else
+ {
+ // XSalsa20
+ state[6] = load_le<u32bit>(iv, 0);
+ state[7] = load_le<u32bit>(iv, 1);
+ state[8] = load_le<u32bit>(iv, 2);
+ state[9] = load_le<u32bit>(iv, 3);
+
+ SecureVector<u32bit> hsalsa(8);
+ hsalsa20(hsalsa, state);
+
+ state[ 1] = hsalsa[0];
+ state[ 2] = hsalsa[1];
+ state[ 3] = hsalsa[2];
+ state[ 4] = hsalsa[3];
+ state[ 6] = load_le<u32bit>(iv, 4);
+ state[ 7] = load_le<u32bit>(iv, 5);
+ state[11] = hsalsa[4];
+ state[12] = hsalsa[5];
+ state[13] = hsalsa[6];
+ state[14] = hsalsa[7];
+ }
+
state[8] = 0;
state[9] = 0;
- salsa20(buffer.begin(), state);
+ salsa20(&buffer[0], state);
++state[8];
if(!state[8]) // if overflow in state[8]
++state[9]; // carry to state[9]
diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h
index 3ca781ea2..016745355 100644
--- a/src/stream/salsa20/salsa20.h
+++ b/src/stream/salsa20/salsa20.h
@@ -1,6 +1,6 @@
/*
-* Salsa20
-* (C) 1999-2008 Jack Lloyd
+* Salsa20 / XSalsa20
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -13,7 +13,7 @@
namespace Botan {
/*
-* Salsa20
+* Salsa20 (and XSalsa20)
*/
class BOTAN_DLL Salsa20 : public StreamCipher
{
@@ -23,7 +23,7 @@ class BOTAN_DLL Salsa20 : public StreamCipher
void set_iv(const byte iv[], u32bit iv_len);
bool valid_iv_length(u32bit iv_len) const
- { return (iv_len == 8); }
+ { return (iv_len == 8 || iv_len == 24); }
void clear();
std::string name() const;