feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

rename wc_XChaCha_init() to wc_XChacha_SetKey() for consistency, and add a counter argument to provide for future random access scenarios; refactor wc_Chacha_purge_current_block() to use a dummy wc_Chacha_Process() call for intrinsically correct counter dynamics.

Browse Source
This commit is contained in:
Daniel Pouzzner
2020-10-01 13:27:43 -05:00
parent 6142c22948
commit f65947ae09
4 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
wolfcrypt/src/chacha.c
View File

@ -266,7 +266,10 @@ static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_W
}
/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */
int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz, const byte *nonce, word32 nonceSz) {
int wc_XChacha_SetKey(ChaCha *ctx,
const byte *key, word32 keySz,
const byte *nonce, word32 nonceSz,
word32 counter) {
word32 k[CHACHA_MAX_KEY_SZ];
byte iv[CHACHA_IV_BYTES];
int ret;
@ -286,7 +289,7 @@ int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz, const byte *nonc
wc_HChacha_block(ctx, k, 20);
XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32));
if ((ret = wc_Chacha_SetIV(ctx, iv, 0)) < 0)
if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0)
return ret;
XMEMSET(k, 0, sizeof k);
@ -426,15 +429,10 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
return 0;
}
void wc_ChaCha_purge_current_block(ChaCha* ctx) {
void wc_Chacha_purge_current_block(ChaCha* ctx) {
if (ctx->left > 0) {
#ifndef USE_INTEL_CHACHA_SPEEDUP
/* the algorithms in chacha_asm.S increment the counter for partial
* blocks, but wc_Chacha_encrypt_bytes() defers.
*/
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
#endif
ctx->left = 0;
byte scratch[CHACHA_CHUNK_BYTES];
(void)wc_Chacha_Process(ctx, scratch, scratch, CHACHA_CHUNK_BYTES - ctx->left);
}
}

7
wolfcrypt/src/chacha20_poly1305.c
View File

@ -312,7 +312,10 @@ int wc_XChaCha20Poly1305_Init(
(nonce_len != XCHACHA20_POLY1305_AEAD_NONCE_SIZE))
return BAD_FUNC_ARG;
if ((ret = wc_XChaCha_init(&aead->chacha, key, key_len, nonce, nonce_len)) < 0)
if ((ret = wc_XChacha_SetKey(&aead->chacha,
key, key_len,
nonce, nonce_len,
0 /* counter */)) < 0)
return ret;
XMEMSET(authKey, 0, sizeof authKey);
@ -322,7 +325,7 @@ int wc_XChaCha20Poly1305_Init(
(word32)sizeof authKey)) < 0)
return ret;
/* advance to start of the next ChaCha block. */
wc_ChaCha_purge_current_block(&aead->chacha);
wc_Chacha_purge_current_block(&aead->chacha);
/* Initialize Poly1305 context */
if ((ret = wc_Poly1305SetKey(&aead->poly, authKey,

4
wolfcrypt/test/test.c
View File

@ -10110,7 +10110,7 @@ static int XChaCha_test(void) {
byte buf2[sizeof Plaintext];
#endif
ret = wc_XChaCha_init(chacha, Key, sizeof Key, IV, sizeof IV);
ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
if (ret < 0)
ERROR_OUT(-4770, out);
@ -10121,7 +10121,7 @@ static int XChaCha_test(void) {
if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
ERROR_OUT(-4772, out);
ret = wc_XChaCha_init(chacha, Key, sizeof Key, IV, sizeof IV);
ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
if (ret < 0)
ERROR_OUT(-4773, out);

7
wolfssl/wolfcrypt/chacha.h
View File

@ -93,13 +93,14 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter);
WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
word32 msglen);
WOLFSSL_LOCAL void wc_ChaCha_purge_current_block(ChaCha* ctx);
WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx);
WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
#ifdef HAVE_XCHACHA
WOLFSSL_API int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz,
const byte *nonce, word32 nonceSz);
WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
const byte *nonce, word32 nonceSz,
word32 counter);
#endif
#ifdef __cplusplus