Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
byuu
/
bsnes
zrkadlo https://github.com/byuu/bsnes
Pridať medzi pozorované 2
Hviezda 0
Fork 0
Súbory Issues 0 Wiki
Branch: master
Branche Tagy
bsnes
/
nall
/
cipher
/
chacha20.hpp

chacha20.hpp 2.9 KB
Permanentný odkaz História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. #pragma once
    2. 

  2. 

  3. #include <nall/arithmetic.hpp>
    4. 

  4. #include <nall/array-view.hpp>
    5. 

  5. 

  6. namespace nall::Cipher {
    7. 

  7. 

  8. //64-bit nonce; 64-bit x 64-byte (256GB) counter
    9. 

  9. struct ChaCha20 {
    10. 

  10.   ChaCha20(uint256_t key, uint64_t nonce, uint64_t counter = 0) {
    11. 

  11.     static const uint128_t sigma = 0x6b20657479622d323320646e61707865_u128;  //"expand 32-byte k"
    12. 

  12. 

  13.     input[ 0] = sigma   >>   0;
    14. 

  14.     input[ 1] = sigma   >>  32;
    15. 

  15.     input[ 2] = sigma   >>  64;
    16. 

  16.     input[ 3] = sigma   >>  96;
    17. 

  17.     input[ 4] = key     >>   0;
    18. 

  18.     input[ 5] = key     >>  32;
    19. 

  19.     input[ 6] = key     >>  64;
    20. 

  20.     input[ 7] = key     >>  96;
    21. 

  21.     input[ 8] = key     >> 128;
    22. 

  22.     input[ 9] = key     >> 160;
    23. 

  23.     input[10] = key     >> 192;
    24. 

  24.     input[11] = key     >> 224;
    25. 

  25.     input[12] = counter >>   0;
    26. 

  26.     input[13] = counter >>  32;
    27. 

  27.     input[14] = nonce   >>   0;
    28. 

  28.     input[15] = nonce   >>  32;
    29. 

  29. 

  30.     offset = 0;
    31. 

  31.   }
    32. 

  32. 

  33.   auto encrypt(array_view<uint8_t> input) -> vector<uint8_t> {
    34. 

  34.     vector<uint8_t> output;
    35. 

  35.     while(input) {
    36. 

  36.       if(!offset) {
    37. 

  37.         cipher();
    38. 

  38.         increment();
    39. 

  39.       }
    40. 

  40.       auto byte = offset++;
    41. 

  41.       output.append(*input++ ^ (block[byte >> 2] >> (byte & 3) * 8));
    42. 

  42.       offset &= 63;
    43. 

  43.     }
    44. 

  44.     return output;
    45. 

  45.   }
    46. 

  46. 

  47.   auto decrypt(array_view<uint8_t> input) -> vector<uint8_t> {
    48. 

  48.     return encrypt(input);  //reciprocal cipher
    49. 

  49.   }
    50. 

  50. 

  51. //protected:
    52. 

  52.   inline auto rol(uint32_t value, uint bits) -> uint32_t {
    53. 

  53.     return value << bits | value >> 32 - bits;
    54. 

  54.   }
    55. 

  55. 

  56.   auto quarterRound(uint32_t x[16], uint a, uint b, uint c, uint d) -> void {
    57. 

  57.     x[a] += x[b]; x[d] = rol(x[d] ^ x[a], 16);
    58. 

  58.     x[c] += x[d]; x[b] = rol(x[b] ^ x[c], 12);
    59. 

  59.     x[a] += x[b]; x[d] = rol(x[d] ^ x[a],  8);
    60. 

  60.     x[c] += x[d]; x[b] = rol(x[b] ^ x[c],  7);
    61. 

  61.   }
    62. 

  62. 

  63.   auto cipher() -> void {
    64. 

  64.     memory::copy(block, input, 64);
    65. 

  65.     for(uint n : range(10)) {
    66. 

  66.       quarterRound(block, 0, 4,  8, 12);
    67. 

  67.       quarterRound(block, 1, 5,  9, 13);
    68. 

  68.       quarterRound(block, 2, 6, 10, 14);
    69. 

  69.       quarterRound(block, 3, 7, 11, 15);
    70. 

  70.       quarterRound(block, 0, 5, 10, 15);
    71. 

  71.       quarterRound(block, 1, 6, 11, 12);
    72. 

  72.       quarterRound(block, 2, 7,  8, 13);
    73. 

  73.       quarterRound(block, 3, 4,  9, 14);
    74. 

  74.     }
    75. 

  75.   }
    76. 

  76. 

  77.   auto increment() -> void {
    78. 

  78.     for(uint n : range(16)) {
    79. 

  79.       block[n] += input[n];
    80. 

  80.     }
    81. 

  81.     if(!++input[12]) ++input[13];
    82. 

  82.   }
    83. 

  83. 

  84.   uint32_t input[16];
    85. 

  85.   uint32_t block[16];
    86. 

  86.   uint64_t offset;
    87. 

  87. };
    88. 

  88. 

  89. struct HChaCha20 : protected ChaCha20 {
    90. 

  90.   HChaCha20(uint256_t key, uint128_t nonce) : ChaCha20(key, nonce >> 64, nonce >> 0) {
    91. 

  91.     cipher();
    92. 

  92.   }
    93. 

  93. 

  94.   auto key() const -> uint256_t {
    95. 

  95.     uint256_t key = 0;
    96. 

  96.     for(uint n : range(4)) key |= (uint256_t)block[ 0 + n] << (n + 0) * 32;
    97. 

  97.     for(uint n : range(4)) key |= (uint256_t)block[12 + n] << (n + 4) * 32;
    98. 

  98.     return key;
    99. 

  99.   }
    100. 

  100. };
    101. 

  101. 

  102. //192-bit nonce; 64-bit x 64-byte (256GB) counter
    103. 

  103. struct XChaCha20 : ChaCha20 {
    104. 

  104.   XChaCha20(uint256_t key, uint192_t nonce, uint64_t counter = 0):
    105. 

  105.   ChaCha20(HChaCha20(key, nonce).key(), nonce >> 128, counter) {
    106. 

  106.   }
    107. 

  107. };
    108. 

  108. 

  109. }
    110. 

  110.