Line | Count | Source (jump to first uncovered line) |
1 | | // salsa.h - originally written and placed in the public domain by Wei Dai |
2 | | |
3 | | /// \file salsa.h |
4 | | /// \brief Classes for Salsa and Salsa20 stream ciphers |
5 | | |
6 | | #ifndef CRYPTOPP_SALSA_H |
7 | | #define CRYPTOPP_SALSA_H |
8 | | |
9 | | #include "strciphr.h" |
10 | | #include "secblock.h" |
11 | | |
12 | | // Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler |
13 | | // error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 |
14 | | #if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) |
15 | | # define CRYPTOPP_DISABLE_SALSA_ASM 1 |
16 | | #endif |
17 | | |
18 | | NAMESPACE_BEGIN(CryptoPP) |
19 | | |
20 | | /// \brief Salsa20 core transform |
21 | | /// \param data the data to transform |
22 | | /// \param rounds the number of rounds |
23 | | /// \details Several algorithms, like CryptoBox and Scrypt, require access to |
24 | | /// the core Salsa20 transform. The current Crypto++ implementation does not |
25 | | /// lend itself to disgorging the Salsa20 cipher from the Salsa20 core transform. |
26 | | /// Instead Salsa20_Core is provided with customary accelerations. |
27 | | void Salsa20_Core(word32* data, unsigned int rounds); |
28 | | |
29 | | /// \brief Salsa20 stream cipher information |
30 | | /// \since Crypto++ 5.4 |
31 | | struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> |
32 | | { |
33 | 0 | static std::string StaticAlgorithmName() {return "Salsa20";} |
34 | | }; |
35 | | |
36 | | /// \brief Salsa20 stream cipher operation |
37 | | /// \since Crypto++ 5.4 |
38 | | class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy<word32, 16> |
39 | | { |
40 | | protected: |
41 | 0 | Salsa20_Policy() : m_rounds(ROUNDS) {} |
42 | | void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); |
43 | | void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); |
44 | | void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); |
45 | 0 | bool CipherIsRandomAccess() const {return true;} |
46 | | void SeekToIteration(lword iterationCount); |
47 | | |
48 | | #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) |
49 | | unsigned int GetAlignment() const; |
50 | | unsigned int GetOptimalBlockSize() const; |
51 | | #endif |
52 | | |
53 | | std::string AlgorithmProvider() const; |
54 | | |
55 | | CRYPTOPP_CONSTANT(ROUNDS = 20); // Default rounds |
56 | | FixedSizeAlignedSecBlock<word32, 16> m_state; |
57 | | int m_rounds; |
58 | | }; |
59 | | |
60 | | /// \brief Salsa20 stream cipher |
61 | | /// \details Salsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20. |
62 | | /// \sa <A HREF="https://cr.yp.to/snuffle/salsafamily-20071225.pdf">The Salsa20 |
63 | | /// family of stream ciphers (20071225)</A>, |
64 | | /// <A HREF="https://cr.yp.to/snuffle.html">Snuffle 2005: the Salsa20 encryption |
65 | | /// function</A> and <A HREF="https://www.cryptopp.com/wiki/Salsa20">Salsa20</A> |
66 | | /// \since Crypto++ 5.4 |
67 | | struct Salsa20 : public Salsa20_Info, public SymmetricCipherDocumentation |
68 | | { |
69 | | typedef SymmetricCipherFinal<ConcretePolicyHolder<Salsa20_Policy, AdditiveCipherTemplate<> >, Salsa20_Info> Encryption; |
70 | | typedef Encryption Decryption; |
71 | | }; |
72 | | |
73 | | /// \brief XSalsa20 stream cipher information |
74 | | /// \since Crypto++ 5.4 |
75 | | struct XSalsa20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24> |
76 | | { |
77 | 0 | static std::string StaticAlgorithmName() {return "XSalsa20";} |
78 | | }; |
79 | | |
80 | | /// \brief XSalsa20 stream cipher operation |
81 | | /// \since Crypto++ 5.4 |
82 | | class CRYPTOPP_NO_VTABLE XSalsa20_Policy : public Salsa20_Policy |
83 | | { |
84 | | public: |
85 | | void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); |
86 | | void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); |
87 | | |
88 | | protected: |
89 | | FixedSizeSecBlock<word32, 8> m_key; |
90 | | }; |
91 | | |
92 | | /// \brief XSalsa20 stream cipher |
93 | | /// \details XSalsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20. |
94 | | /// \sa <a href="http://www.cryptolounge.org/wiki/XSalsa20">XSalsa20</a> |
95 | | /// \since Crypto++ 5.4 |
96 | | struct XSalsa20 : public XSalsa20_Info, public SymmetricCipherDocumentation |
97 | | { |
98 | | typedef SymmetricCipherFinal<ConcretePolicyHolder<XSalsa20_Policy, AdditiveCipherTemplate<> >, XSalsa20_Info> Encryption; |
99 | | typedef Encryption Decryption; |
100 | | }; |
101 | | |
102 | | NAMESPACE_END |
103 | | |
104 | | #endif |