diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index 6b6091eb7..23fcf813a 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -266,7 +266,10 @@ static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_W } /* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */ -int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz, const byte *nonce, word32 nonceSz) { +int wc_XChacha_SetKey(ChaCha *ctx, + const byte *key, word32 keySz, + const byte *nonce, word32 nonceSz, + word32 counter) { word32 k[CHACHA_MAX_KEY_SZ]; byte iv[CHACHA_IV_BYTES]; int ret; @@ -286,7 +289,7 @@ int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz, const byte *nonc wc_HChacha_block(ctx, k, 20); XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32)); - if ((ret = wc_Chacha_SetIV(ctx, iv, 0)) < 0) + if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0) return ret; XMEMSET(k, 0, sizeof k); @@ -426,15 +429,10 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, return 0; } -void wc_ChaCha_purge_current_block(ChaCha* ctx) { +void wc_Chacha_purge_current_block(ChaCha* ctx) { if (ctx->left > 0) { -#ifndef USE_INTEL_CHACHA_SPEEDUP - /* the algorithms in chacha_asm.S increment the counter for partial - * blocks, but wc_Chacha_encrypt_bytes() defers. - */ - ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]); -#endif - ctx->left = 0; + byte scratch[CHACHA_CHUNK_BYTES]; + (void)wc_Chacha_Process(ctx, scratch, scratch, CHACHA_CHUNK_BYTES - ctx->left); } } diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index 508a585c4..0db87a01a 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -312,7 +312,10 @@ int wc_XChaCha20Poly1305_Init( (nonce_len != XCHACHA20_POLY1305_AEAD_NONCE_SIZE)) return BAD_FUNC_ARG; - if ((ret = wc_XChaCha_init(&aead->chacha, key, key_len, nonce, nonce_len)) < 0) + if ((ret = wc_XChacha_SetKey(&aead->chacha, + key, key_len, + nonce, nonce_len, + 0 /* counter */)) < 0) return ret; XMEMSET(authKey, 0, sizeof authKey); @@ -322,7 +325,7 @@ int wc_XChaCha20Poly1305_Init( (word32)sizeof authKey)) < 0) return ret; /* advance to start of the next ChaCha block. */ - wc_ChaCha_purge_current_block(&aead->chacha); + wc_Chacha_purge_current_block(&aead->chacha); /* Initialize Poly1305 context */ if ((ret = wc_Poly1305SetKey(&aead->poly, authKey, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9c489bbb9..9a8ef4c06 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10110,7 +10110,7 @@ static int XChaCha_test(void) { byte buf2[sizeof Plaintext]; #endif - ret = wc_XChaCha_init(chacha, Key, sizeof Key, IV, sizeof IV); + ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0); if (ret < 0) ERROR_OUT(-4770, out); @@ -10121,7 +10121,7 @@ static int XChaCha_test(void) { if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext)) ERROR_OUT(-4772, out); - ret = wc_XChaCha_init(chacha, Key, sizeof Key, IV, sizeof IV); + ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0); if (ret < 0) ERROR_OUT(-4773, out); diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index d6c1b705d..a8f01f01e 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -93,13 +93,14 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, word32 msglen); -WOLFSSL_LOCAL void wc_ChaCha_purge_current_block(ChaCha* ctx); +WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx); WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); #ifdef HAVE_XCHACHA -WOLFSSL_API int wc_XChaCha_init(ChaCha *ctx, const byte *key, word32 keySz, - const byte *nonce, word32 nonceSz); +WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, + const byte *nonce, word32 nonceSz, + word32 counter); #endif #ifdef __cplusplus