feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

progress on suite

Browse Source
This commit is contained in:
JacobBarthelmeh
2014-07-09 15:48:40 -06:00
parent 0c30053f52
commit fb25db9c28
5 changed files with 150 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ctaocrypt/src/chacha.c
View File

@@ -17,7 +17,8 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
* *
* based from
* chacha-ref.c version 20080118 * chacha-ref.c version 20080118
* D. J. Bernstein * D. J. Bernstein
* Public domain. * Public domain.
@@ -90,7 +91,7 @@ int Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
XMEMCPY(temp, inIv, 12); XMEMCPY(temp, inIv, 12);
ctx->X[12] = counter; /* block counter */ ctx->X[12] = counter; /* block counter */
ctx->X[13] = temp[0]; /* fixed variable from nonce */ ctx->X[13] = temp[0]; /* fixed variable from nonce */
ctx->X[14] = temp[1]; /* counter from nonce */ ctx->X[14] = temp[1]; /* counter from nonce */
ctx->X[15] = temp[2]; /* counter from nonce */ ctx->X[15] = temp[2]; /* counter from nonce */
@@ -115,7 +116,7 @@ int Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef XSTREAM_ALIGN #ifdef XSTREAM_ALIGN
word32 alignKey[4]; word32 alignKey[keySz / 4];
if ((word)key % 4) { if ((word)key % 4) {
CYASSL_MSG("ChachaSetKey unaligned key"); CYASSL_MSG("ChachaSetKey unaligned key");
XMEMCPY(alignKey, key, sizeof(alignKey)); XMEMCPY(alignKey, key, sizeof(alignKey));

278
ctaocrypt/src/poly1305.c
View File

@@ -18,7 +18,8 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
* *
* Based off the implementation by Andrew Moon * Based off the public domain implementations by Andrew Moon
* and Daniel J. Bernstein
*/ */
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
@@ -48,146 +49,87 @@
#define LITTLE32(x) (x) #define LITTLE32(x) (x)
#endif #endif
#ifdef POLY130564 #if defined(POLY130564)
#if defined(_MSC_VER)
#define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define POLY1305_NOINLINE __attribute__((noinline))
#else
#define POLY1305_NOINLINE
#endif
#if defined(_MSC_VER)
#include <intrin.h>
typedef struct word128 { #if defined(_MSC_VER)
word64 lo; #define POLY1305_NOINLINE __declspec(noinline)
word64 hi; #elif defined(__GNUC__)
} word128; #define POLY1305_NOINLINE __attribute__((noinline))
#define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
#define ADD(out, in) { word64 t = out.lo; out.lo += in.lo;
out.hi += (out.lo < t) + in.hi; }
#define ADDLO(out, in) { word64 t = out.lo; out.lo += in;
out.hi += (out.lo < t); }
#define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift)))
#define LO(in) (in.lo)
#elif defined(__GNUC__)
#if defined(__SIZEOF_INT128__)
typedef unsigned __int128 word128;
#else #else
typedef unsigned word128 __attribute__((mode(TI))); #define POLY1305_NOINLINE
#endif #endif
#define MUL(out, x, y) out = ((word128)x * y) #if defined(_MSC_VER)
#define ADD(out, in) out += in #include <intrin.h>
#define ADDLO(out, in) out += in
#define SHR(in, shift) (word64)(in >> (shift)) typedef struct word128 {
#define LO(in) (word64)(in) word64 lo;
#endif word64 hi;
} word128;
static word64 U8TO64(const byte* p) {
return #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
(((word64)(p[0] & 0xff) ) | #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo;
((word64)(p[1] & 0xff) << 8) | out.hi += (out.lo < t) + in.hi; }
((word64)(p[2] & 0xff) << 16) | #define ADDLO(out, in) { word64 t = out.lo; out.lo += in;
((word64)(p[3] & 0xff) << 24) | out.hi += (out.lo < t); }
((word64)(p[4] & 0xff) << 32) | #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift)))
((word64)(p[5] & 0xff) << 40) | #define LO(in) (in.lo)
((word64)(p[6] & 0xff) << 48) |
((word64)(p[7] & 0xff) << 56)); #elif defined(__GNUC__)
} #if defined(__SIZEOF_INT128__)
typedef unsigned __int128 word128;
static void U64TO8(byte* p, word64 v) { #else
p[0] = (v ) & 0xff; typedef unsigned word128 __attribute__((mode(TI)));
p[1] = (v >> 8) & 0xff; #endif
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff; #define MUL(out, x, y) out = ((word128)x * y)
p[4] = (v >> 32) & 0xff; #define ADD(out, in) out += in
p[5] = (v >> 40) & 0xff; #define ADDLO(out, in) out += in
p[6] = (v >> 48) & 0xff; #define SHR(in, shift) (word64)(in >> (shift))
p[7] = (v >> 56) & 0xff; #define LO(in) (word64)(in)
} #endif
#else /* if not 64 bit then use 32 bit */
static word32 U8TO32(const byte *p) { static word64 U8TO64(const byte* p) {
return return
(((word32)(p[0] & 0xff) ) | (((word64)(p[0] & 0xff) ) |
((word32)(p[1] & 0xff) << 8) | ((word64)(p[1] & 0xff) << 8) |
((word32)(p[2] & 0xff) << 16) | ((word64)(p[2] & 0xff) << 16) |
((word32)(p[3] & 0xff) << 24)); ((word64)(p[3] & 0xff) << 24) |
} ((word64)(p[4] & 0xff) << 32) |
((word64)(p[5] & 0xff) << 40) |
static void U32TO8(byte *p, word32 v) { ((word64)(p[6] & 0xff) << 48) |
p[0] = (v ) & 0xff; ((word64)(p[7] & 0xff) << 56));
p[1] = (v >> 8) & 0xff; }
p[2] = (v >> 16) & 0xff;
p[3] = (v >> 24) & 0xff; static void U64TO8(byte* p, word64 v) {
} p[0] = (v ) & 0xff;
#endif p[1] = (v >> 8) & 0xff;
p[2] = (v >> 16) & 0xff;
int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { p[3] = (v >> 24) & 0xff;
p[4] = (v >> 32) & 0xff;
if (keySz != 32) p[5] = (v >> 40) & 0xff;
return 1; p[6] = (v >> 48) & 0xff;
p[7] = (v >> 56) & 0xff;
#ifdef CHACHA_AEAD_TEST }
int k;
printf("Poly key used: ");
for (k = 0; k < keySz; k++)
printf("%02x", key[k]);
printf("\n");
#endif
#ifdef POLY130564
word64 t0,t1;
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
t0 = U8TO64(key + 0);
t1 = U8TO64(key + 8);
ctx->r[0] = ( t0 ) & 0xffc0fffffff;
ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f;
/* h (accumulator) = 0 */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
/* save pad for later */
ctx->pad[0] = U8TO64(key + 16);
ctx->pad[1] = U8TO64(key + 24);
#else /* if not 64 bit then use 32 bit */ #else /* if not 64 bit then use 32 bit */
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ static word32 U8TO32(const byte *p) {
ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff; return
ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03; (((word32)(p[0] & 0xff) ) |
ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff; ((word32)(p[1] & 0xff) << 8) |
ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff; ((word32)(p[2] & 0xff) << 16) |
ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff; ((word32)(p[3] & 0xff) << 24));
}
/* h = 0 */
ctx->h[0] = 0; static void U32TO8(byte *p, word32 v) {
ctx->h[1] = 0; p[0] = (v ) & 0xff;
ctx->h[2] = 0; p[1] = (v >> 8) & 0xff;
ctx->h[3] = 0; p[2] = (v >> 16) & 0xff;
ctx->h[4] = 0; p[3] = (v >> 24) & 0xff;
}
/* save pad for later */
ctx->pad[0] = U8TO32(key + 16);
ctx->pad[1] = U8TO32(key + 20);
ctx->pad[2] = U8TO32(key + 24);
ctx->pad[3] = U8TO32(key + 28);
#endif #endif
ctx->leftover = 0;
ctx->final = 0;
return 0;
}
static void poly1305_blocks(Poly1305* ctx, const unsigned char *m, static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
size_t bytes) { size_t bytes) {
#ifdef POLY130564 #ifdef POLY130564
@@ -306,13 +248,78 @@ static void poly1305_blocks(Poly1305* ctx, const unsigned char *m,
ctx->h[3] = h3; ctx->h[3] = h3;
ctx->h[4] = h4; ctx->h[4] = h4;
#endif /* end of 64 bit cpu blocks or 32 bit cpu */
}
int Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) {
if (keySz != 32)
return 1;
#ifdef CHACHA_AEAD_TEST
int k;
printf("Poly key used: ");
for (k = 0; k < keySz; k++)
printf("%02x", key[k]);
printf("\n");
#endif #endif
#if defined(POLY130564)
word64 t0,t1;
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
t0 = U8TO64(key + 0);
t1 = U8TO64(key + 8);
ctx->r[0] = ( t0 ) & 0xffc0fffffff;
ctx->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
ctx->r[2] = ((t1 >> 24) ) & 0x00ffffffc0f;
/* h (accumulator) = 0 */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
/* save pad for later */
ctx->pad[0] = U8TO64(key + 16);
ctx->pad[1] = U8TO64(key + 24);
#else /* if not 64 bit then use 32 bit */
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
ctx->r[0] = (U8TO32(key + 0) ) & 0x3ffffff;
ctx->r[1] = (U8TO32(key + 3) >> 2) & 0x3ffff03;
ctx->r[2] = (U8TO32(key + 6) >> 4) & 0x3ffc0ff;
ctx->r[3] = (U8TO32(key + 9) >> 6) & 0x3f03fff;
ctx->r[4] = (U8TO32(key + 12) >> 8) & 0x00fffff;
/* h = 0 */
ctx->h[0] = 0;
ctx->h[1] = 0;
ctx->h[2] = 0;
ctx->h[3] = 0;
ctx->h[4] = 0;
/* save pad for later */
ctx->pad[0] = U8TO32(key + 16);
ctx->pad[1] = U8TO32(key + 20);
ctx->pad[2] = U8TO32(key + 24);
ctx->pad[3] = U8TO32(key + 28);
#endif
ctx->leftover = 0;
ctx->final = 0;
return 0;
} }
int Poly1305Final(Poly1305* ctx, byte* mac) { int Poly1305Final(Poly1305* ctx, byte* mac) {
#ifdef POLY130564 #if defined(POLY130564)
word64 h0,h1,h2,c; word64 h0,h1,h2,c;
word64 g0,g1,g2; word64 g0,g1,g2;
@@ -476,7 +483,6 @@ int Poly1305Final(Poly1305* ctx, byte* mac) {
int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) { int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) {
size_t i;
#ifdef CHACHA_AEAD_TEST #ifdef CHACHA_AEAD_TEST
int k; int k;
@@ -485,6 +491,7 @@ int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) {
printf("%02x", m[k]); printf("%02x", m[k]);
printf("\n"); printf("\n");
#endif #endif
size_t i;
/* handle leftover */ /* handle leftover */
if (ctx->leftover) { if (ctx->leftover) {
@@ -516,7 +523,6 @@ int Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) {
ctx->buffer[ctx->leftover + i] = m[i]; ctx->buffer[ctx->leftover + i] = m[i];
ctx->leftover += bytes; ctx->leftover += bytes;
} }
return 0; return 0;
} }
#endif /* HAVE_POLY1305 */ #endif /* HAVE_POLY1305 */

10
cyassl/ctaocrypt/poly1305.h
View File

@@ -31,8 +31,6 @@
extern "C" { extern "C" {
#endif #endif
//#define POLY1305_BLOCK_SIZE 16
/* auto detect between 32bit / 64bit */ /* auto detect between 32bit / 64bit */
#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__)) #define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__))
#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64)) #define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64))
@@ -51,24 +49,20 @@ enum {
POLY1305_PAD_SIZE = 56 POLY1305_PAD_SIZE = 56
}; };
/* Poly1305 state */ /* Poly1305 state */
typedef struct Poly1305 { typedef struct Poly1305 {
#ifdef POLY130564 #if defined(POLY130564)
word64 r[3]; word64 r[3];
word64 h[3]; word64 h[3];
word64 pad[2]; word64 pad[2];
size_t leftover;
unsigned char buffer[POLY1305_BLOCK_SIZE];
unsigned char final;
#else #else
word32 r[5]; word32 r[5];
word32 h[5]; word32 h[5];
word32 pad[4]; word32 pad[4];
#endif
size_t leftover; size_t leftover;
unsigned char buffer[POLY1305_BLOCK_SIZE]; unsigned char buffer[POLY1305_BLOCK_SIZE];
unsigned char final; unsigned char final;
#endif
} Poly1305; } Poly1305;

2
cyassl/internal.h
View File

@@ -2111,8 +2111,6 @@ CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*); CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
word32 sz, int content, int verify); word32 sz, int content, int verify);
CYASSL_LOCAL int TLS_poly1305(CYASSL* ssl, byte* digest, const byte* in,
word32 sz, int content, int verify);
#endif #endif
#ifndef NO_CYASSL_CLIENT #ifndef NO_CYASSL_CLIENT

10
src/internal.c
View File

@@ -4329,7 +4329,8 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
+ (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16; + (sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size) % 16;
byte p[CHACHA20_BLOCK_SIZE + padding2 + 16]; byte p[CHACHA20_BLOCK_SIZE + padding2 + 16];
XMEMSET(tag, 0, 16); XMEMSET(tag, 0, ssl->specs.aead_mac_size);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16); XMEMSET(p, 0, CHACHA20_BLOCK_SIZE + padding2 + 16);
@@ -8385,13 +8386,6 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif #endif
/* poly1305 */
InitMd5(&md5);
Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
Md5Update(&md5, messageVerify, verifySz);
Md5Final(&md5, hash);
#ifndef NO_SHA256 #ifndef NO_SHA256
ret = InitSha256(&sha256); ret = InitSha256(&sha256);
if (ret != 0) if (ret != 0)