aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/compat/sodium/sodium_salsa.cpp
blob: c1465a9bb5b07841abce1b8f9ad64dd8d34ee471 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/sodium.h>
#include <botan/salsa20.h>
#include <botan/loadstor.h>

namespace Botan {

int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[],
                                 const uint8_t key[], const uint8_t c[])
   {
   uint32_t in32[16] = { 0 };

   static const uint32_t SIGMA[] =
      { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 };

   if(c == nullptr)
      {
      in32[0] = SIGMA[0];
      in32[5] = SIGMA[1];
      in32[10] = SIGMA[2];
      in32[15] = SIGMA[3];
      }
   else
      {
      in32[0] = load_le<uint32_t>(c, 0);
      in32[5] = load_le<uint32_t>(c, 1);
      in32[10] = load_le<uint32_t>(c, 2);
      in32[15] = load_le<uint32_t>(c, 3);
      }

   in32[1] = load_le<uint32_t>(key, 0);
   in32[2] = load_le<uint32_t>(key, 1);
   in32[3] = load_le<uint32_t>(key, 2);
   in32[4] = load_le<uint32_t>(key, 3);

   in32[6] = load_le<uint32_t>(in, 0);
   in32[7] = load_le<uint32_t>(in, 1);
   in32[8] = load_le<uint32_t>(in, 2);
   in32[9] = load_le<uint32_t>(in, 3);

   in32[11] = load_le<uint32_t>(key, 4);
   in32[12] = load_le<uint32_t>(key, 5);
   in32[13] = load_le<uint32_t>(key, 6);
   in32[14] = load_le<uint32_t>(key, 7);

   uint32_t out32[8] = { 0 };
   Salsa20::hsalsa20(out32, in32);

   copy_out_le(out, 32, out32);
   return 0;
   }

int Sodium::crypto_stream_salsa20(uint8_t out[], size_t out_len,
                                  const uint8_t nonce[], const uint8_t key[])
   {
   Salsa20 salsa;
   salsa.set_key(key, crypto_stream_salsa20_KEYBYTES);
   salsa.set_iv(nonce, crypto_stream_salsa20_NONCEBYTES);
   salsa.write_keystream(out, out_len);
   return 0;
   }

int Sodium::crypto_stream_salsa20_xor(uint8_t out[], const uint8_t in[],
                                      size_t in_len, const uint8_t nonce[],
                                      const uint8_t key[])
   {
   return crypto_stream_salsa20_xor_ic(out, in, in_len, nonce, 0, key);
   }

int Sodium::crypto_stream_salsa20_xor_ic(uint8_t out[], const uint8_t in[],
                                         size_t in_len,
                                         const uint8_t nonce[], uint64_t ic,
                                         const uint8_t key[])
   {
   if((ic >> 6) != 0) // otherwise multiply overflows
      return -1;

   Salsa20 salsa;
   salsa.set_key(key, crypto_stream_salsa20_KEYBYTES);
   salsa.set_iv(nonce, crypto_stream_salsa20_NONCEBYTES);
   salsa.seek(ic * 64);
   salsa.cipher(in, out, in_len);
   return 0;
   }

int Sodium::crypto_stream_xsalsa20(uint8_t out[], size_t out_len,
                                   const uint8_t nonce[], const uint8_t key[])
   {
   Salsa20 salsa;
   salsa.set_key(key, crypto_stream_xsalsa20_KEYBYTES);
   salsa.set_iv(nonce, crypto_stream_xsalsa20_NONCEBYTES);
   salsa.write_keystream(out, out_len);
   return 0;
   }

int Sodium::crypto_stream_xsalsa20_xor(uint8_t out[], const uint8_t in[],
                                       size_t in_len, const uint8_t nonce[],
                                       const uint8_t key[])
   {
   return crypto_stream_xsalsa20_xor_ic(out, in, in_len, nonce, 0, key);
   }

int Sodium::crypto_stream_xsalsa20_xor_ic(uint8_t out[], const uint8_t in[],
                                          size_t in_len,
                                          const uint8_t nonce[], uint64_t ic,
                                          const uint8_t key[])
   {
   if((ic >> 6) != 0) // otherwise multiply overflows
      return -1;

   Salsa20 salsa;
   salsa.set_key(key, crypto_stream_xsalsa20_KEYBYTES);
   salsa.set_iv(nonce, crypto_stream_xsalsa20_NONCEBYTES);
   salsa.seek(ic * 64);
   salsa.cipher(in, out, in_len);
   return 0;
   }

}