summaryrefslogtreecommitdiff
path: root/salsa-chacha.rkt
blob: e5a087d18b827abe333cc13558f2538ef525648a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#lang typed/racket
;;; Copyright 2011, Matthias Andreas Benkard.
;;;
;;;-----------------------------------------------------------------------------
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU Affero General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU Affero General Public License for more details.
;;;
;;; You should have received a copy of the GNU Affero General Public License
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
;;;-----------------------------------------------------------------------------
;;;

(require "util.rkt")

(provide salsa20)

(require/typed racket
               [sequence-generate (All (a)
                                    (Sequenceof a)
                                    -> (values (-> Boolean)
                                               (-> a)))]
               #;[in-producer (All (a)
                              ((-> Any)
                               Any
                               -> (Sequenceof a)))]
               [in-producer ((-> (U Byte Symbol))
                             Symbol
                             -> (Sequenceof Byte))])

(require/typed "typed-stream.rkt"
               [lazy-functional-stream-append (All (a)
                                               ((Sequenceof a)
                                                (-> (Sequenceof a))
                                                -> (Sequenceof a)))])

(define-type Word    Exact-Nonnegative-Integer)
(define-type 4words  (Vector Word Word Word Word))
(define-type 16words (Vector Word Word Word Word
                             Word Word Word Word
                             Word Word Word Word
                             Word Word Word Word))

(: w+ (Word Word -> Word))
(define (w+ a b)
  (bitwise-and (+ a b) #xffffffff))

(: wxor (Word Word -> Word))
(define wxor bitwise-xor)

(: wrot (Word Exact-Positive-Integer -> Word))
(define (wrot a e)
  (let ([ash (arithmetic-shift a e)])
    (bitwise-ior (bitwise-and ash #xffffffff)
                 (arithmetic-shift ash -32))))


(: quarterround (4words -> 4words))
(define (quarterround y)
  (match y
    [(vector y0 y1 y2 y3)
     (let* ([z1 (wxor y1 (wrot (w+ y0 y3) 7))]
            [z2 (wxor y2 (wrot (w+ z1 y0) 9))]
            [z3 (wxor y3 (wrot (w+ z2 z1) 13))]
            [z0 (wxor y0 (wrot (w+ z3 z2) 18))])
       (vector z0 z1 z2 z3))]))

(: chacha-quarterround (4words -> 4words))
(define (chacha-quarterround y)
  (match y
    [(vector a b c d)
     (let* ([a2 (w+ a  b)]  [d2 (wrot (wxor a2 d)  16)]
            [c2 (w+ c  d2)] [b2 (wrot (wxor b  c2)  12)]
            [a3 (w+ a2 b2)] [d3 (wrot (wxor d2 a3) 8)]
            [c3 (w+ c2 d3)] [b3 (wrot (wxor b2 c2) 7)])
       (vector a3 b3 c3 d3))]))

(: rowround (16words -> 16words))
(define (rowround y)
  (match y
    [(vector y0 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15)
     (match (vector (quarterround (vector y0 y1 y2 y3))
                    (quarterround (vector y5 y6 y7 y4))
                    (quarterround (vector y10 y11 y8 y9))
                    (quarterround (vector y15 y12 y13 y14)))
       [(vector (vector z0  z1  z2 z3) (vector z5  z6  z7  z4)
                (vector z10 z11 z8 z9) (vector z15 z12 z13 z14))
        (vector z0 z1 z2 z3 z4 z5 z6 z7 z8 z9 z10 z11 z12 z13 z14 z15)])]))

(: columnround (16words -> 16words))
(define (columnround y)
  (match y
    [(vector y0 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15)
     (match (vector (quarterround (vector y0 y4 y8 y12))
                    (quarterround (vector y5 y9 y13 y1))
                    (quarterround (vector y10 y14 y2 y6))
                    (quarterround (vector y15 y3 y7 y11)))
       [(vector (vector z0  z4  z8 z12) (vector z5  z9 z13 z1)
                (vector z10 z14 z2 z6)  (vector z15 z3 z7  z11))
        (vector z0 z1 z2 z3 z4 z5 z6 z7 z8 z9 z10 z11 z12 z13 z14 z15)])]))

(: doubleround (16words -> 16words))
(define doubleround (compose rowround columnround))

#;
(: 16words? (Any -> Boolean : 16words))
#;
(define (16words? x)
  (match x
    [(vector y0 y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15)
     #t]
    [_
     #f]))

(: little-endian (Bytes -> Word))
(define (little-endian b)
  (match (bytes->list b)
    [(list b0 b1 b2 b3)
     (+ (arithmetic-shift b3 24)
        (arithmetic-shift b2 16)
        (arithmetic-shift b1 8)
        b0)]))

(: anti-little-endian (Word -> Bytes))
(define (anti-little-endian w)
  (integer->bytes/size w 'little-endian 4))

(: times (All (a) ((a -> a) Integer -> (a -> a))))
(define (times fn n)
  (for/fold ([acc (inst identity a)])
            ([i   (in-range 0 n)])
    (compose fn acc)))

(: salsa20h (Bytes -> Bytes))
(define (salsa20h x)
  (let*: ([xwords : 16words (vector 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0)])
    (for ([i (in-range 0 16)])
      (vector-set! (ann xwords (Vectorof Word))
                   i
                   (little-endian (subbytes x (* i 4) (* (add1 i) 4)))))
    (let ([zwords ((times doubleround 10) xwords)])
      (bytes-append* (vector->list
                      (vector-map (λ: ([a : Word] [b : Word])
                                    (anti-little-endian (w+ a b)))
                                  (ann xwords (Vectorof Word))
                                  (ann zwords (Vectorof Word))))))))

(: salsa20k (Bytes Bytes -> Bytes))
(define (salsa20k k n)
  (let* ([s0 (list->bytes '(101 120 112  97))]
         [s1 (list->bytes '(110 100  32  51))]
         [s2 (list->bytes '( 50  45  98 121))]
         [s3 (list->bytes '(116 101  32 107))]
         [t0 s0]
         [t1 (list->bytes '(110 100  32  49))]
         [t2 s2]
         [t3 s3])
    (if (= (bytes-length k) 32)
        (let ([k0 (subbytes k 0 16)]
              [k1 (subbytes k 16)])
          (salsa20h (bytes-append s0 k0 s1 n s2 k1 s3)))
        (salsa20h (bytes-append t0 k t1 n t2 k t3)))))

(: salsa20 (Bytes Bytes (Sequenceof Byte) -> (Sequenceof Byte)))
(define (salsa20 k v m)
  (let-values ([(next? next) (sequence-generate m)])
    (let: ([i      : Word          0]
           [buffer : (Listof Byte) (list)])
       (in-producer
        (λ ()
          (when (null? buffer)
            (let ([64bytes
                   (let: inner-loop : Bytes
                         ([k     : Integer       0]
                          [bytes : (Listof Byte) (list)])
                     (if (and (next?) (< k 64))
                         (inner-loop (add1 k) (cons (next) bytes))
                         (list->bytes bytes)))]
                  [i-code
                   (integer->bytes/size i 'little-endian 8)])
              (set! buffer (bytes->list (bytes-xor 64bytes
                                                   (salsa20k k (bytes-append v i-code)))))))
          (if (null? buffer)
              'end-of-sequence
              (let ([byte (first buffer)])
                (set! buffer (rest buffer))
                byte)))
        'end-of-sequence))))