diff options
| author | dlg <> | 2019-01-22 00:59:21 +0000 |
|---|---|---|
| committer | dlg <> | 2019-01-22 00:59:21 +0000 |
| commit | 4dfb993f9f695f40d03730129e2c082223711b65 (patch) | |
| tree | 87d28e1c4d3807293ec30dc5c24e43dccbe80302 /src/lib/libcrypto/chacha/chacha-merged.c | |
| parent | 85de2dd411d027af648d214d2e796529c456f58c (diff) | |
| download | openbsd-4dfb993f9f695f40d03730129e2c082223711b65.tar.gz openbsd-4dfb993f9f695f40d03730129e2c082223711b65.tar.bz2 openbsd-4dfb993f9f695f40d03730129e2c082223711b65.zip | |
add support for xchacha20 and xchacha20-poly1305
xchacha is a chacha stream that allows for an extended nonce, which
in turn makes it feasible to use random nonces.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/chacha/chacha-merged.c')
| -rw-r--r-- | src/lib/libcrypto/chacha/chacha-merged.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c index 08511ed273..67508f208d 100644 --- a/src/lib/libcrypto/chacha/chacha-merged.c +++ b/src/lib/libcrypto/chacha/chacha-merged.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha-merged.c,v 1.8 2017/08/13 16:55:31 jsing Exp $ */ | 1 | /* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | chacha-merged.c version 20080118 | 3 | chacha-merged.c version 20080118 |
| 4 | D. J. Bernstein | 4 | D. J. Bernstein |
| @@ -277,3 +277,49 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) | |||
| 277 | m += 64; | 277 | m += 64; |
| 278 | } | 278 | } |
| 279 | } | 279 | } |
| 280 | |||
| 281 | void | ||
| 282 | CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32], | ||
| 283 | const unsigned char nonce[16]) | ||
| 284 | { | ||
| 285 | uint32_t x[16]; | ||
| 286 | int i; | ||
| 287 | |||
| 288 | x[0] = U8TO32_LITTLE(sigma + 0); | ||
| 289 | x[1] = U8TO32_LITTLE(sigma + 4); | ||
| 290 | x[2] = U8TO32_LITTLE(sigma + 8); | ||
| 291 | x[3] = U8TO32_LITTLE(sigma + 12); | ||
| 292 | x[4] = U8TO32_LITTLE(key + 0); | ||
| 293 | x[5] = U8TO32_LITTLE(key + 4); | ||
| 294 | x[6] = U8TO32_LITTLE(key + 8); | ||
| 295 | x[7] = U8TO32_LITTLE(key + 12); | ||
| 296 | x[8] = U8TO32_LITTLE(key + 16); | ||
| 297 | x[9] = U8TO32_LITTLE(key + 20); | ||
| 298 | x[10] = U8TO32_LITTLE(key + 24); | ||
| 299 | x[11] = U8TO32_LITTLE(key + 28); | ||
| 300 | x[12] = U8TO32_LITTLE(nonce + 0); | ||
| 301 | x[13] = U8TO32_LITTLE(nonce + 4); | ||
| 302 | x[14] = U8TO32_LITTLE(nonce + 8); | ||
| 303 | x[15] = U8TO32_LITTLE(nonce + 12); | ||
| 304 | |||
| 305 | for (i = 20; i > 0; i -= 2) { | ||
| 306 | QUARTERROUND(x[0], x[4], x[8], x[12]) | ||
| 307 | QUARTERROUND(x[1], x[5], x[9], x[13]) | ||
| 308 | QUARTERROUND(x[2], x[6], x[10], x[14]) | ||
| 309 | QUARTERROUND(x[3], x[7], x[11], x[15]) | ||
| 310 | QUARTERROUND(x[0], x[5], x[10], x[15]) | ||
| 311 | QUARTERROUND(x[1], x[6], x[11], x[12]) | ||
| 312 | QUARTERROUND(x[2], x[7], x[8], x[13]) | ||
| 313 | QUARTERROUND(x[3], x[4], x[9], x[14]) | ||
| 314 | } | ||
| 315 | |||
| 316 | U32TO8_LITTLE(subkey + 0, x[0]); | ||
| 317 | U32TO8_LITTLE(subkey + 4, x[1]); | ||
| 318 | U32TO8_LITTLE(subkey + 8, x[2]); | ||
| 319 | U32TO8_LITTLE(subkey + 12, x[3]); | ||
| 320 | |||
| 321 | U32TO8_LITTLE(subkey + 16, x[12]); | ||
| 322 | U32TO8_LITTLE(subkey + 20, x[13]); | ||
| 323 | U32TO8_LITTLE(subkey + 24, x[14]); | ||
| 324 | U32TO8_LITTLE(subkey + 28, x[15]); | ||
| 325 | } | ||