From 9d20e712bfa313cb4ef95140015a9803331e1f3a Mon Sep 17 00:00:00 2001 From: toddouska Date: Tue, 24 Feb 2015 12:33:52 -0800 Subject: [PATCH] add autoconf support for chapoly-aead, wipe temp polykey, minor whitespace adjusts --- configure.ac | 2 +- src/include.am | 3 + support/wolfssl.pc | 2 +- wolfcrypt/benchmark/benchmark.c | 26 +- wolfcrypt/src/chacha20_poly1305.c | 327 +++++++++++++------------- wolfcrypt/src/error.c | 3 + wolfcrypt/test/test.c | 148 ++++++------ wolfssl/version.h | 4 +- wolfssl/wolfcrypt/chacha20_poly1305.h | 61 ++--- wolfssl/wolfcrypt/error-crypt.h | 4 +- wolfssl/wolfcrypt/include.am | 1 + 11 files changed, 301 insertions(+), 280 deletions(-) diff --git a/configure.ac b/configure.ac index 2c4871ca1..6a66bc826 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.4.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.4.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/src/include.am b/src/include.am index 5cc1d20ac..c7df1b3c9 100644 --- a/src/include.am +++ b/src/include.am @@ -146,6 +146,9 @@ endif if BUILD_CHACHA src_libwolfssl_la_SOURCES += wolfcrypt/src/chacha.c +if BUILD_POLY1305 +src_libwolfssl_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c +endif endif if !BUILD_INLINE diff --git a/support/wolfssl.pc b/support/wolfssl.pc index e840d1768..1d1f3681d 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.4.0 +Version: 3.4.1 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 87547f032..8a3deabda 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -285,6 +285,9 @@ int benchmark_test(void *args) #ifdef HAVE_CHACHA bench_chacha(); #endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + bench_chacha20_poly1305_aead(); +#endif #ifndef NO_DES3 bench_des(); #endif @@ -297,9 +300,6 @@ int benchmark_test(void *args) #ifdef HAVE_POLY1305 bench_poly1305(); #endif -#if( defined( HAVE_CHACHA ) && defined( HAVE_POLY1305 ) ) - bench_chacha20_poly1305_aead(); -#endif #ifndef NO_SHA bench_sha(); #endif @@ -775,24 +775,25 @@ void bench_chacha(void) } #endif /* HAVE_CHACHA*/ - + #if( defined( HAVE_CHACHA ) && defined( HAVE_POLY1305 ) ) void bench_chacha20_poly1305_aead(void) { double start, total, persec; int i; - + byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; XMEMSET( authTag, 0, sizeof( authTag ) ); - + start = current_time(1); BEGIN_INTEL_CYCLES - + for (i = 0; i < numBlocks; i++) { - wc_ChaCha20Poly1305_Encrypt( key, iv, NULL, 0, plain, sizeof( plain ), cipher, authTag ); + wc_ChaCha20Poly1305_Encrypt(key, iv, NULL, 0, plain, sizeof(plain), + cipher, authTag ); } - + END_INTEL_CYCLES total = current_time(0) - start; persec = 1 / total * numBlocks; @@ -800,11 +801,12 @@ void bench_chacha20_poly1305_aead(void) /* since using kB, convert to MB/s */ persec = persec / 1024; #endif - - printf("ChaCha20-Poly1305 AEAD %d %s took %5.3f seconds, %7.3f MB/s", numBlocks, blockType, total, persec); + + printf("ChaCha-Poly %d %s took %5.3f seconds, %7.3f MB/s", + numBlocks, blockType, total, persec); SHOW_INTEL_CYCLES printf("\n"); - + } #endif /* HAVE_CHACHA && HAVE_POLY1305 */ diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index ea164fd16..8c098dc73 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -21,12 +21,12 @@ #ifdef HAVE_CONFIG_H -#include + #include #endif #include -#if( defined( HAVE_CHACHA ) && defined( HAVE_POLY1305 ) ) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include #include @@ -47,235 +47,242 @@ #define CHACHA20_POLY1305_AEAD_INITIAL_COUNTER 0 #define CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT 16 -static void _word32ToLittle64( const word32 inLittle32, byte outLittle64[8] ); -static int _calculateAuthTag( const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte* inAAD, const word32 inAADLen, - const byte *inCiphertext, const word32 inCiphertextLen, - byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE] ); -static int constantTimeCompare( const byte *a, const byte *b, word32 len ); +static void word32ToLittle64(const word32 inLittle32, byte outLittle64[8]); +static int calculateAuthTag( + const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte* inAAD, const word32 inAADLen, + const byte *inCiphertext, const word32 inCiphertextLen, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); +static int constantTimeCompare(const byte *a, const byte *b, word32 len); -WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte *inAAD, const word32 inAADLen, - const byte *inPlaintext, const word32 inPlaintextLen, - byte *outCiphertext, - byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE] ) +int wc_ChaCha20Poly1305_Encrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inPlaintext, const word32 inPlaintextLen, + byte* outCiphertext, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]) { int err; byte poly1305Key[CHACHA20_POLY1305_AEAD_KEYSIZE]; ChaCha chaChaCtx; - - // Validate function arguments - - if( !inKey || !inIV || + + /* Validate function arguments */ + + if (!inKey || !inIV || !inPlaintext || !inPlaintextLen || !outCiphertext || - !outAuthTag ) + !outAuthTag) { return BAD_FUNC_ARG; } - - ForceZero( poly1305Key, sizeof( poly1305Key ) ); - - err = 0; - - // Create the Poly1305 key - - err += wc_Chacha_SetKey( &chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE ); - err += wc_Chacha_SetIV( &chaChaCtx, inIV, CHACHA20_POLY1305_AEAD_INITIAL_COUNTER ); - err += wc_Chacha_Process( &chaChaCtx, poly1305Key, poly1305Key, CHACHA20_POLY1305_AEAD_KEYSIZE ); - if( err ) - { - return err; - } - - // Encrypt the plaintext using ChaCha20 - - err = wc_Chacha_Process( &chaChaCtx, outCiphertext, inPlaintext, inPlaintextLen ); - if( err ) - { - return err; - } - - // Calculate the Poly1305 auth tag - - err = _calculateAuthTag( poly1305Key, - inAAD, inAADLen, - outCiphertext, inPlaintextLen, - outAuthTag ); - + + XMEMSET(poly1305Key, 0, sizeof(poly1305Key)); + + /* Create the Poly1305 key */ + err = wc_Chacha_SetKey(&chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE); + if (err != 0) return err; + + err = wc_Chacha_SetIV(&chaChaCtx, inIV, + CHACHA20_POLY1305_AEAD_INITIAL_COUNTER); + if (err != 0) return err; + + err = wc_Chacha_Process(&chaChaCtx, poly1305Key, poly1305Key, + CHACHA20_POLY1305_AEAD_KEYSIZE); + if (err != 0) return err; + + /* Encrypt the plaintext using ChaCha20 */ + err = wc_Chacha_Process(&chaChaCtx, outCiphertext, inPlaintext, + inPlaintextLen); + /* Calculate the Poly1305 auth tag */ + if (err == 0) + err = calculateAuthTag(poly1305Key, + inAAD, inAADLen, + outCiphertext, inPlaintextLen, + outAuthTag); + ForceZero(poly1305Key, sizeof(poly1305Key)); + return err; } -WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte *inAAD, const word32 inAADLen, - const byte *inCiphertext, const word32 inCiphertextLen, - const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], - byte* outPlaintext ) + +int wc_ChaCha20Poly1305_Decrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inCiphertext, const word32 inCiphertextLen, + const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], + byte* outPlaintext) { int err; byte poly1305Key[CHACHA20_POLY1305_AEAD_KEYSIZE]; ChaCha chaChaCtx; byte calculatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - - // Validate function arguments - - if( !inKey || !inIV || + + /* Validate function arguments */ + + if (!inKey || !inIV || !inCiphertext || !inCiphertextLen || !inAuthTag || - !outPlaintext ) + !outPlaintext) { return BAD_FUNC_ARG; } - - ForceZero( calculatedAuthTag, sizeof( calculatedAuthTag ) ); - ForceZero( poly1305Key, sizeof( poly1305Key ) ); - - err = 0; - - // Create the Poly1305 key - - err += wc_Chacha_SetKey( &chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE ); - err += wc_Chacha_SetIV( &chaChaCtx, inIV, CHACHA20_POLY1305_AEAD_INITIAL_COUNTER ); - err += wc_Chacha_Process( &chaChaCtx, poly1305Key, poly1305Key, CHACHA20_POLY1305_AEAD_KEYSIZE ); - if( err ) + + XMEMSET(calculatedAuthTag, 0, sizeof(calculatedAuthTag)); + XMEMSET(poly1305Key, 0, sizeof(poly1305Key)); + + /* Create the Poly1305 key */ + err = wc_Chacha_SetKey(&chaChaCtx, inKey, CHACHA20_POLY1305_AEAD_KEYSIZE); + if (err != 0) return err; + + err = wc_Chacha_SetIV(&chaChaCtx, inIV, + CHACHA20_POLY1305_AEAD_INITIAL_COUNTER); + if (err != 0) return err; + + err = wc_Chacha_Process(&chaChaCtx, poly1305Key, poly1305Key, + CHACHA20_POLY1305_AEAD_KEYSIZE); + if (err != 0) return err; + + /* Calculate the Poly1305 auth tag */ + err = calculateAuthTag(poly1305Key, + inAAD, inAADLen, + inCiphertext, inCiphertextLen, + calculatedAuthTag); + + /* Compare the calculated auth tag with the received one */ + if (err == 0 && constantTimeCompare(inAuthTag, calculatedAuthTag, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) != 0) { - return err; + err = MAC_CMP_FAILED_E; } - - // Calculate the Poly1305 auth tag - - err = _calculateAuthTag( poly1305Key, - inAAD, inAADLen, - inCiphertext, inCiphertextLen, - calculatedAuthTag ); - - // Compare the calculated auth tag with the received one - - if( constantTimeCompare( inAuthTag, calculatedAuthTag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE ) ) - { - return MAC_CMP_FAILED_E; - } - - // Decrypt the received ciphertext - - err = wc_Chacha_Process( &chaChaCtx, outPlaintext, inCiphertext, inCiphertextLen ); - + + /* Decrypt the received ciphertext */ + if (err == 0) + err = wc_Chacha_Process(&chaChaCtx, outPlaintext, inCiphertext, + inCiphertextLen); + ForceZero(poly1305Key, sizeof(poly1305Key)); + return err; } -static int _calculateAuthTag( const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte *inAAD, const word32 inAADLen, - const byte *inCiphertext, const word32 inCiphertextLen, - byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE] ) + +static int calculateAuthTag( + const byte inAuthKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte *inAAD, const word32 inAADLen, + const byte *inCiphertext, const word32 inCiphertextLen, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]) { int err; Poly1305 poly1305Ctx; byte padding[CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1]; word32 paddingLen; byte little64[8]; - - ForceZero( padding, sizeof( padding ) ); + + XMEMSET(padding, 0, sizeof(padding)); paddingLen = 0; - - // Initialize Poly1305 - - err = wc_Poly1305SetKey( &poly1305Ctx, inAuthKey, CHACHA20_POLY1305_AEAD_KEYSIZE ); - if( err ) + + /* Initialize Poly1305 */ + + err = wc_Poly1305SetKey(&poly1305Ctx, inAuthKey, + CHACHA20_POLY1305_AEAD_KEYSIZE); + if (err) { return err; } - - // Create the authTag by MAC'ing the following items: - - // -- AAD - - if( inAAD && inAADLen ) + + /* Create the authTag by MAC'ing the following items: */ + + /* -- AAD */ + + if (inAAD && inAADLen) { - err = wc_Poly1305Update( &poly1305Ctx, inAAD, inAADLen ); - - // -- padding1: pad the AAD to 16 bytes - - paddingLen = -inAADLen & ( CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1 ); - if( paddingLen ) + err = wc_Poly1305Update(&poly1305Ctx, inAAD, inAADLen); + + /* -- padding1: pad the AAD to 16 bytes */ + + paddingLen = -inAADLen & (CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1); + if (paddingLen) { - err += wc_Poly1305Update( &poly1305Ctx, padding, paddingLen ); + err += wc_Poly1305Update(&poly1305Ctx, padding, paddingLen); } - - if( err ) + + if (err) { return err; } } - - // -- Ciphertext - - err = wc_Poly1305Update( &poly1305Ctx, inCiphertext, inCiphertextLen ); - if( err ) + + /* -- Ciphertext */ + + err = wc_Poly1305Update(&poly1305Ctx, inCiphertext, inCiphertextLen); + if (err) { return err; } - - // -- padding2: pad the ciphertext to 16 bytes - - paddingLen = -inCiphertextLen & ( CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1 ); - if( paddingLen ) + + /* -- padding2: pad the ciphertext to 16 bytes */ + + paddingLen = -inCiphertextLen & + (CHACHA20_POLY1305_MAC_PADDING_ALIGNMENT - 1); + if (paddingLen) { - err = wc_Poly1305Update( &poly1305Ctx, padding, paddingLen ); - if( err ) + err = wc_Poly1305Update(&poly1305Ctx, padding, paddingLen); + if (err) { return err; } } - - // -- AAD length as a 64-bit little endian integer - - _word32ToLittle64( inAADLen, little64 ); - - err = wc_Poly1305Update( &poly1305Ctx, little64, sizeof( little64 ) ); - if( err ) + + /* -- AAD length as a 64-bit little endian integer */ + + word32ToLittle64(inAADLen, little64); + + err = wc_Poly1305Update(&poly1305Ctx, little64, sizeof(little64)); + if (err) { return err; } - - // -- Ciphertext length as a 64-bit little endian integer - - _word32ToLittle64( inCiphertextLen, little64 ); - - err = wc_Poly1305Update( &poly1305Ctx, little64, sizeof( little64 ) ); - if( err ) + + /* -- Ciphertext length as a 64-bit little endian integer */ + + word32ToLittle64(inCiphertextLen, little64); + + err = wc_Poly1305Update(&poly1305Ctx, little64, sizeof(little64)); + if (err) { return err; } - - // Finalize the auth tag - - err = wc_Poly1305Final( &poly1305Ctx, outAuthTag ); - + + /* Finalize the auth tag */ + + err = wc_Poly1305Final(&poly1305Ctx, outAuthTag); + return err; } -static void _word32ToLittle64( const word32 inLittle32, byte outLittle64[8] ) + +static void word32ToLittle64(const word32 inLittle32, byte outLittle64[8]) { - ForceZero( outLittle64, 8 ); - - outLittle64[0] = ( inLittle32 & 0x000000FF ); - outLittle64[1] = ( inLittle32 & 0x0000FF00 ) >> 8; - outLittle64[2] = ( inLittle32 & 0x00FF0000 ) >> 16; - outLittle64[3] = ( inLittle32 & 0xFF000000 ) >> 24; + XMEMSET(outLittle64, 0, 8); + + outLittle64[0] = (inLittle32 & 0x000000FF); + outLittle64[1] = (inLittle32 & 0x0000FF00) >> 8; + outLittle64[2] = (inLittle32 & 0x00FF0000) >> 16; + outLittle64[3] = (inLittle32 & 0xFF000000) >> 24; } -static int constantTimeCompare( const byte *a, const byte *b, word32 len ) + +static int constantTimeCompare(const byte *a, const byte *b, word32 len) { word32 i; byte result = 0; - - for( i = 0; i < len; i++ ) + + for (i = 0; i < len; i++) { result |= a[i] ^ b[i]; } - + return (int)result; } diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 8c843a16c..48da1ba40 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -316,6 +316,9 @@ const char* wc_GetErrorString(int error) case THREAD_STORE_SET_E: return "Thread Storage Set error"; + case MAC_CMP_FAILED_E: + return "MAC comparison failed"; + default: return "unknown error number"; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index aadf0256b..b3788034c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2074,12 +2074,12 @@ int poly1305_test(void) #endif /* HAVE_POLY1305 */ -#if(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) int chacha20_poly1305_aead_test(void) { - // Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 - // https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 - + /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + const byte key1[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, @@ -2132,22 +2132,22 @@ int chacha20_poly1305_aead_test(void) 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16 }; - + const byte authTag1[] = { /* expected output from operation */ 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 }; - - // Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 - // https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 - + + /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + const byte key2[] = { 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 }; - + const byte plaintext2[] = { 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, @@ -2178,23 +2178,23 @@ int chacha20_poly1305_aead_test(void) 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, - 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, - 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, + 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, 0x9d }; - + const byte iv2[] = { 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; - + const byte aad2[] = { /* additional data */ 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91 }; - + const byte cipher2[] = { /* expected output from operation */ 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, @@ -2231,103 +2231,103 @@ int chacha20_poly1305_aead_test(void) 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, 0x9b }; - + const byte authTag2[] = { /* expected output from operation */ 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 }; - + byte generatedCiphertext[272]; byte generatedPlaintext[272]; byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; int err; - - XMEMSET( generatedCiphertext, 0, sizeof( generatedCiphertext ) ); - XMEMSET( generatedAuthTag, 0, sizeof( generatedAuthTag ) ); - XMEMSET( generatedPlaintext, 0, sizeof( generatedPlaintext ) ); - - // Test #1 - - err = wc_ChaCha20Poly1305_Encrypt( key1, iv1, - aad1, sizeof( aad1 ), - plaintext1, sizeof( plaintext1 ), - generatedCiphertext, generatedAuthTag ); - if( err ) + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test #1 */ + + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, + aad1, sizeof(aad1), + plaintext1, sizeof(plaintext1), + generatedCiphertext, generatedAuthTag); + if (err) { return err; } - - // -- Check the ciphertext and authtag - - if( XMEMCMP( generatedCiphertext, cipher1, sizeof( cipher1 ) ) ) + + /* -- Check the ciphertext and authtag */ + + if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { return -1064; } - - if( XMEMCMP( generatedAuthTag, authTag1, sizeof( authTag1 ) ) ) + + if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { return -1065; } - - // -- Verify decryption works - - err = wc_ChaCha20Poly1305_Decrypt( key1, iv1, - aad1, sizeof( aad1 ), - cipher1, sizeof( cipher1 ), - authTag1, generatedPlaintext ); - if( err ) + + /* -- Verify decryption works */ + + err = wc_ChaCha20Poly1305_Decrypt(key1, iv1, + aad1, sizeof(aad1), + cipher1, sizeof(cipher1), + authTag1, generatedPlaintext); + if (err) { return err; } - - if( XMEMCMP( generatedPlaintext, plaintext1, sizeof( plaintext1 ) ) ) + + if (XMEMCMP(generatedPlaintext, plaintext1, sizeof( plaintext1))) { return -1066; } - - XMEMSET( generatedCiphertext, 0, sizeof( generatedCiphertext ) ); - XMEMSET( generatedAuthTag, 0, sizeof( generatedAuthTag ) ); - XMEMSET( generatedPlaintext, 0, sizeof( generatedPlaintext ) ); - - // Test #2 - - err = wc_ChaCha20Poly1305_Encrypt( key2, iv2, - aad2, sizeof( aad2 ), - plaintext2, sizeof( plaintext2 ), - generatedCiphertext, generatedAuthTag ); - if( err ) + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test #2 */ + + err = wc_ChaCha20Poly1305_Encrypt(key2, iv2, + aad2, sizeof(aad2), + plaintext2, sizeof(plaintext2), + generatedCiphertext, generatedAuthTag); + if (err) { return err; } - - // -- Check the ciphertext and authtag - - if( XMEMCMP( generatedCiphertext, cipher2, sizeof( cipher2 ) ) ) + + /* -- Check the ciphertext and authtag */ + + if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { return -1067; } - - if( XMEMCMP( generatedAuthTag, authTag2, sizeof( authTag2 ) ) ) + + if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { return -1068; } - - // -- Verify decryption works - - err = wc_ChaCha20Poly1305_Decrypt( key2, iv2, - aad2, sizeof( aad2 ), - cipher2, sizeof( cipher2 ), - authTag2, generatedPlaintext ); - if( err ) + + /* -- Verify decryption works */ + + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, + aad2, sizeof(aad2), + cipher2, sizeof(cipher2), + authTag2, generatedPlaintext); + if (err) { return err; } - - if( XMEMCMP( generatedPlaintext, plaintext2, sizeof( plaintext2 ) ) ) + + if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { return -1069; } - + return err; } #endif /* HAVE_CHACHA && HAVE_POLY1305 */ diff --git a/wolfssl/version.h b/wolfssl/version.h index 414af9bd1..6a6e237b8 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.4.0" -#define LIBWOLFSSL_VERSION_HEX 0x03004000 +#define LIBWOLFSSL_VERSION_STRING "3.4.1" +#define LIBWOLFSSL_VERSION_HEX 0x03004001 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index fdb902fc5..8b7e477e5 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -17,13 +17,14 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - * - * This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 + */ + +/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10): * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ -#if( defined( HAVE_CHACHA ) && defined( HAVE_POLY1305 ) ) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #ifndef WOLF_CRYPT_CHACHA20_POLY1305_H #define WOLF_CRYPT_CHACHA20_POLY1305_H @@ -31,18 +32,18 @@ #include #ifdef __cplusplus -extern "C" { + extern "C" { #endif - + #define CHACHA20_POLY1305_AEAD_KEYSIZE 32 #define CHACHA20_POLY1305_AEAD_IV_SIZE 12 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 - - enum { - CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */ - }; - - /* + +enum { + CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */ +}; + + /* * The IV for this implementation is 96 bits to give the most flexibility. * * Some protocols may have unique per-invocation inputs that are not @@ -51,24 +52,28 @@ extern "C" { * transform the protocol nonce into a 96-bit nonce, for example by * concatenating a constant value. */ - - WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inPlaintext, const word32 inPlaintextLen, - byte* outCiphertext, - byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); - - WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], - const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inCiphertext, const word32 inCiphertextLen, - const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], - byte* outPlaintext); - + +WOLFSSL_API +int wc_ChaCha20Poly1305_Encrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inPlaintext, const word32 inPlaintextLen, + byte* outCiphertext, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + +WOLFSSL_API +int wc_ChaCha20Poly1305_Decrypt( + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + const byte* inAAD, const word32 inAADLen, + const byte* inCiphertext, const word32 inCiphertextLen, + const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], + byte* outPlaintext); + #ifdef __cplusplus -} /* extern "C" */ + } /* extern "C" */ #endif #endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */ -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ \ No newline at end of file +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 67291ec58..e172e6aec 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -145,9 +145,9 @@ enum { AESGCM_KAT_FIPS_E = -210, /* AESGCM KAT failure */ THREAD_STORE_KEY_E = -211, /* Thread local storage key create failure */ THREAD_STORE_SET_E = -212, /* Thread local storage key set failure */ - + MAC_CMP_FAILED_E = -213, /* MAC comparison failed */ - + MIN_CODE_E = -300 /* errors -101 - -299 */ }; diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index c05f0a46a..d82d85134 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -32,6 +32,7 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/pwdbased.h \ wolfssl/wolfcrypt/rabbit.h \ wolfssl/wolfcrypt/chacha.h \ + wolfssl/wolfcrypt/chacha20_poly1305.h \ wolfssl/wolfcrypt/random.h \ wolfssl/wolfcrypt/ripemd.h \ wolfssl/wolfcrypt/rsa.h \