Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | List of all members
Botan::ChaCha Class Referencefinal

#include <chacha.h>

Inheritance diagram for Botan::ChaCha:
Botan::StreamCipher Botan::SymmetricAlgorithm

Public Member Functions

 ChaCha (size_t rounds=20)
 
void cipher (const uint8_t in[], uint8_t out[], size_t length) override
 
void cipher1 (uint8_t buf[], size_t len)
 
void clear () override
 
StreamCipherclone () const override
 
template<typename Alloc >
void decrypt (std::vector< uint8_t, Alloc > &inout)
 
template<typename Alloc >
void encipher (std::vector< uint8_t, Alloc > &inout)
 
template<typename Alloc >
void encrypt (std::vector< uint8_t, Alloc > &inout)
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
std::string provider () const override
 
void seek (uint64_t offset) override
 
void set_iv (const uint8_t iv[], size_t iv_len) override
 
void set_key (const SymmetricKey &key)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const uint8_t key[], size_t length)
 
bool valid_iv_length (size_t iv_len) const override
 
bool valid_keylength (size_t length) const
 

Static Public Member Functions

static std::unique_ptr< StreamCiphercreate (const std::string &algo_spec, const std::string &provider="")
 
static std::unique_ptr< StreamCiphercreate_or_throw (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Detailed Description

DJB's ChaCha (http://cr.yp.to/chacha.html)

Definition at line 18 of file chacha.h.

Constructor & Destructor Documentation

Botan::ChaCha::ChaCha ( size_t  rounds = 20)
Parameters
roundsnumber of rounds
Note
Currently only 8, 12 or 20 rounds are supported, all others will throw an exception

Definition at line 14 of file chacha.cpp.

14  : m_rounds(rounds)
15  {
16  if(m_rounds != 8 && m_rounds != 12 && m_rounds != 20)
17  throw Invalid_Argument("ChaCha only supports 8, 12 or 20 rounds");
18  }

Member Function Documentation

void Botan::ChaCha::cipher ( const uint8_t  in[],
uint8_t  out[],
size_t  len 
)
overridevirtual

Encrypt or decrypt a message

Parameters
inthe plaintext
outthe byte array to hold the output, i.e. the ciphertext
lenthe length of both in and out in bytes

Implements Botan::StreamCipher.

Definition at line 117 of file chacha.cpp.

References Botan::xor_buf().

118  {
119  while(length >= m_buffer.size() - m_position)
120  {
121  xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position);
122  length -= (m_buffer.size() - m_position);
123  in += (m_buffer.size() - m_position);
124  out += (m_buffer.size() - m_position);
125  chacha_x4(m_buffer.data(), m_state.data(), m_rounds);
126  m_position = 0;
127  }
128 
129  xor_buf(out, in, &m_buffer[m_position], length);
130 
131  m_position += length;
132  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
void Botan::StreamCipher::cipher1 ( uint8_t  buf[],
size_t  len 
)
inlineinherited

Encrypt or decrypt a message The message is encrypted/decrypted in place.

Parameters
bufthe plaintext / ciphertext
lenthe length of buf in bytes

Definition at line 65 of file stream_cipher.h.

Referenced by Botan::SIV_Encryption::finish().

66  { cipher(buf, buf, len); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
void Botan::ChaCha::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 209 of file chacha.cpp.

References Botan::zap().

210  {
211  zap(m_state);
212  zap(m_buffer);
213  m_position = 0;
214  }
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:221
StreamCipher* Botan::ChaCha::clone ( ) const
inlineoverridevirtual
Returns
a new object representing the same algorithm as *this

Implements Botan::StreamCipher.

Definition at line 21 of file chacha.h.

21 { return new ChaCha(m_rounds); }
ChaCha(size_t rounds=20)
Definition: chacha.cpp:14
std::unique_ptr< StreamCipher > Botan::StreamCipher::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 41 of file stream_cipher.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, and Botan::BlockCipher::create().

Referenced by Botan::BlockCipher::create(), Botan::StreamCipher::create_or_throw(), Botan::get_cipher_mode(), and Botan::get_stream_cipher().

43  {
44  const SCAN_Name req(algo_spec);
45 
46 #if defined(BOTAN_HAS_CTR_BE)
47  if(req.algo_name() == "CTR-BE" && req.arg_count() == 1)
48  {
49  if(provider.empty() || provider == "base")
50  {
51  if(auto c = BlockCipher::create(req.arg(0)))
52  return std::unique_ptr<StreamCipher>(new CTR_BE(c.release()));
53  }
54  }
55 #endif
56 
57 #if defined(BOTAN_HAS_CHACHA)
58  if(req.algo_name() == "ChaCha")
59  {
60  if(provider.empty() || provider == "base")
61  return std::unique_ptr<StreamCipher>(new ChaCha(req.arg_as_integer(0, 20)));
62  }
63 #endif
64 
65 #if defined(BOTAN_HAS_SALSA20)
66  if(req.algo_name() == "Salsa20")
67  {
68  if(provider.empty() || provider == "base")
69  return std::unique_ptr<StreamCipher>(new Salsa20);
70  }
71 #endif
72 
73 #if defined(BOTAN_HAS_SHAKE_CIPHER)
74  if(req.algo_name() == "SHAKE-128")
75  {
76  if(provider.empty() || provider == "base")
77  return std::unique_ptr<StreamCipher>(new SHAKE_128_Cipher);
78  }
79 #endif
80 
81 #if defined(BOTAN_HAS_OFB)
82  if(req.algo_name() == "OFB" && req.arg_count() == 1)
83  {
84  if(provider.empty() || provider == "base")
85  {
86  if(auto c = BlockCipher::create(req.arg(0)))
87  return std::unique_ptr<StreamCipher>(new OFB(c.release()));
88  }
89  }
90 #endif
91 
92 #if defined(BOTAN_HAS_RC4)
93 
94  if(req.algo_name() == "RC4" ||
95  req.algo_name() == "ARC4" ||
96  req.algo_name() == "MARK-4")
97  {
98  const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0);
99 
100 #if defined(BOTAN_HAS_OPENSSL)
101  if(provider.empty() || provider == "openssl")
102  {
103  return std::unique_ptr<StreamCipher>(make_openssl_rc4(skip));
104  }
105 #endif
106 
107  if(provider.empty() || provider == "base")
108  {
109  return std::unique_ptr<StreamCipher>(new RC4(skip));
110  }
111  }
112 
113 #endif
114 
115  BOTAN_UNUSED(req);
117 
118  return nullptr;
119  }
virtual std::string provider() const
#define BOTAN_UNUSED(v)
Definition: assert.h:92
static std::unique_ptr< BlockCipher > create(const std::string &algo_spec, const std::string &provider="")
std::unique_ptr< StreamCipher > Botan::StreamCipher::create_or_throw ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to use Throws a Lookup_Error if the algo/provider combination cannot be found

Definition at line 123 of file stream_cipher.cpp.

References Botan::StreamCipher::create().

Referenced by Botan::make_stream_cipher().

125  {
126  if(auto sc = StreamCipher::create(algo, provider))
127  {
128  return sc;
129  }
130  throw Lookup_Error("Stream cipher", algo, provider);
131  }
virtual std::string provider() const
static std::unique_ptr< StreamCipher > create(const std::string &algo_spec, const std::string &provider="")
template<typename Alloc >
void Botan::StreamCipher::decrypt ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Decrypt a message in place The message is decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 92 of file stream_cipher.h.

93  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
template<typename Alloc >
void Botan::StreamCipher::encipher ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Encrypt a message The message is encrypted/decrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 74 of file stream_cipher.h.

75  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
template<typename Alloc >
void Botan::StreamCipher::encrypt ( std::vector< uint8_t, Alloc > &  inout)
inlineinherited

Encrypt a message The message is encrypted in place.

Parameters
inoutthe plaintext / ciphertext

Definition at line 83 of file stream_cipher.h.

84  { cipher(inout.data(), inout.data(), inout.size()); }
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
Key_Length_Specification Botan::ChaCha::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 42 of file chacha.h.

43  {
44  return Key_Length_Specification(16, 32, 16);
45  }
size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 39 of file sym_algo.h.

40  {
41  return key_spec().maximum_keylength();
42  }
size_t maximum_keylength() const
Definition: key_spec.h:69
virtual Key_Length_Specification key_spec() const =0
size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 47 of file sym_algo.h.

48  {
49  return key_spec().minimum_keylength();
50  }
size_t minimum_keylength() const
Definition: key_spec.h:61
virtual Key_Length_Specification key_spec() const =0
std::string Botan::ChaCha::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 216 of file chacha.cpp.

References Botan::ASN1::to_string().

Referenced by set_iv().

217  {
218  return "ChaCha(" + std::to_string(m_rounds) + ")";
219  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
std::string Botan::ChaCha::provider ( ) const
overridevirtual
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented from Botan::StreamCipher.

Definition at line 20 of file chacha.cpp.

21  {
22 #if defined(BOTAN_HAS_CHACHA_SSE2)
23  if(CPUID::has_sse2())
24  {
25  return "sse2";
26  }
27 #endif
28 
29  return "base";
30  }
std::vector< std::string > Botan::StreamCipher::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 133 of file stream_cipher.cpp.

Referenced by Botan::get_stream_cipher_providers().

134  {
135  return probe_providers_of<StreamCipher>(algo_spec, {"base", "openssl"});
136  }
void Botan::ChaCha::seek ( uint64_t  offset)
overridevirtual

Set the offset and the state used later to generate the keystream

Parameters
offsetthe offset where we begin to generate the keystream

Implements Botan::StreamCipher.

Definition at line 221 of file chacha.cpp.

References Botan::load_le< uint32_t >(), and Botan::store_le().

222  {
223  if (m_state.size() == 0 && m_buffer.size() == 0)
224  {
225  throw Invalid_State("You have to setup the stream cipher (key and iv)");
226  }
227 
228  // Find the block offset
229  uint64_t counter = offset / 64;
230 
231  uint8_t out[8];
232 
233  store_le(counter, out);
234 
235  m_state[12] = load_le<uint32_t>(out, 0);
236  m_state[13] += load_le<uint32_t>(out, 1);
237 
238  chacha_x4(m_buffer.data(), m_state.data(), m_rounds);
239  m_position = offset % 64;
240  }
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:204
void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:457
void Botan::ChaCha::set_iv ( const uint8_t  iv[],
size_t  iv_len 
)
overridevirtual

Resync the cipher using the IV

Parameters
ivthe initialization vector
iv_lenthe length of the IV in bytes

Implements Botan::StreamCipher.

Definition at line 179 of file chacha.cpp.

References Botan::load_le< uint32_t >(), name(), and valid_iv_length().

180  {
181  if(!valid_iv_length(length))
182  throw Invalid_IV_Length(name(), length);
183 
184  m_state[12] = 0;
185  m_state[13] = 0;
186 
187  if(length == 0)
188  {
189  // Treat zero length IV same as an all-zero IV
190  m_state[14] = 0;
191  m_state[15] = 0;
192  }
193  else if(length == 8)
194  {
195  m_state[14] = load_le<uint32_t>(iv, 0);
196  m_state[15] = load_le<uint32_t>(iv, 1);
197  }
198  else if(length == 12)
199  {
200  m_state[13] = load_le<uint32_t>(iv, 0);
201  m_state[14] = load_le<uint32_t>(iv, 1);
202  m_state[15] = load_le<uint32_t>(iv, 2);
203  }
204 
205  chacha_x4(m_buffer.data(), m_state.data(), m_rounds);
206  m_position = 0;
207  }
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:204
bool valid_iv_length(size_t iv_len) const override
Definition: chacha.cpp:174
std::string name() const override
Definition: chacha.cpp:216
void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 66 of file sym_algo.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_mac_set_key(), and Botan::pbkdf2().

67  {
68  set_key(key.begin(), key.length());
69  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66
template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 72 of file sym_algo.h.

73  {
74  set_key(key.data(), key.size());
75  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66
void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 82 of file sym_algo.h.

83  {
84  if(!valid_keylength(length))
85  throw Invalid_Key_Length(name(), length);
86  key_schedule(key, length);
87  }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:57
virtual std::string name() const =0
bool Botan::ChaCha::valid_iv_length ( size_t  iv_len) const
overridevirtual
Parameters
iv_lenthe length of the IV in bytes
Returns
if the length is valid for this algorithm

Reimplemented from Botan::StreamCipher.

Definition at line 174 of file chacha.cpp.

Referenced by set_iv().

175  {
176  return (iv_len == 0 || iv_len == 8 || iv_len == 12);
177  }
bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 57 of file sym_algo.h.

Referenced by Botan::aont_package(), and Botan::aont_unpackage().

58  {
59  return key_spec().valid_keylength(length);
60  }
bool valid_keylength(size_t length) const
Definition: key_spec.h:51
virtual Key_Length_Specification key_spec() const =0

The documentation for this class was generated from the following files: