Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1254)

Side by Side Diff: salsa20/salsa20.go

Issue 6496083: code review 6496083: go.crypto/salsa20: add package. (Closed)
Patch Set: diff -r d7d342670efa https://code.google.com/p/go.crypto Created 11 years, 6 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « salsa20/salsa/salsa20_ref.go ('k') | salsa20/salsa20_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 /*
6 Package salsa20 implements the Salsa20 stream cipher as specified in http://cr.y p.to/snuffle/spec.pdf.
7
8 Salsa20 differs from many other stream ciphers in that is message orientated
9 rather than byte orientated. Keystream blocks are not preserved between calls,
10 therefore each side must encrypt/decrypt data with the same segmentation.
11
12 Another aspect of this difference is that part of the counter is exposed as
13 an nonce in each call. Encrypting two different messages with the same (key,
14 nonce) pair leads to trivial plaintext recovery. This is analogous to
15 encrypting two different messages with the same key with a traditional stream
16 cipher.
17
18 This package also implements XSalsa20: a version of Salsa20 with a 24-byte
19 nonce as specified in http://cr.yp.to/snuffle/xsalsa-20081128.pdf. Simply
20 passing a 24-byte slice as the nonce triggers XSalsa20.
21
22 TODO(agl): implement XORKeyStream12 and XORKeyStream8 - the
23 reduced round variants of Salsa20. */
24 package salsa20
25
26 import (
27 "code.google.com/p/go.crypto/salsa20/salsa"
28 )
29
30 // XORKeyStream crypts bytes from in to out using the given key and nonce. In
31 // and out may be the same slice but otherwise should not overlap. Nonce must
32 // be either 8 or 24 bytes long.
33 func XORKeyStream(out, in []byte, nonce []byte, key *[32]byte) {
34 if len(out) < len(in) {
35 in = in[:len(out)]
36 }
37
38 var subNonce [16]byte
39
40 if len(nonce) == 24 {
41 var subKey [32]byte
42 var hNonce [16]byte
43 copy(hNonce[:], nonce[:16])
44 salsa.HSalsa20(&subKey, &hNonce, key, &salsa.Sigma)
45 copy(subNonce[:], nonce[16:])
46 key = &subKey
47 } else if len(nonce) == 8 {
48 copy(subNonce[:], nonce[:])
49 } else {
50 panic("salsa20: nonce must be 8 or 24 bytes")
51 }
52
53 salsa.XORKeyStream(out, in, &subNonce, key)
54 }
OLDNEW
« no previous file with comments | « salsa20/salsa/salsa20_ref.go ('k') | salsa20/salsa20_test.go » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b