diff options
| author | dlg <> | 2019-01-22 00:59:21 +0000 |
|---|---|---|
| committer | dlg <> | 2019-01-22 00:59:21 +0000 |
| commit | 314b0e719f69f4ef7811d81c9346e1b71bdef302 (patch) | |
| tree | 87d28e1c4d3807293ec30dc5c24e43dccbe80302 /src/lib/libcrypto/chacha | |
| parent | 6b5710cca200592904a2f0474264ab1e06d1d1dc (diff) | |
| download | openbsd-314b0e719f69f4ef7811d81c9346e1b71bdef302.tar.gz openbsd-314b0e719f69f4ef7811d81c9346e1b71bdef302.tar.bz2 openbsd-314b0e719f69f4ef7811d81c9346e1b71bdef302.zip | |
add support for xchacha20 and xchacha20-poly1305
xchacha is a chacha stream that allows for an extended nonce, which
in turn makes it feasible to use random nonces.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/chacha')
| -rw-r--r-- | src/lib/libcrypto/chacha/chacha-merged.c | 48 | ||||
| -rw-r--r-- | src/lib/libcrypto/chacha/chacha.c | 12 | ||||
| -rw-r--r-- | src/lib/libcrypto/chacha/chacha.h | 6 |
3 files changed, 63 insertions, 3 deletions
diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c index 08511ed273..67508f208d 100644 --- a/src/lib/libcrypto/chacha/chacha-merged.c +++ b/src/lib/libcrypto/chacha/chacha-merged.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha-merged.c,v 1.8 2017/08/13 16:55:31 jsing Exp $ */ | 1 | /* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | chacha-merged.c version 20080118 | 3 | chacha-merged.c version 20080118 |
| 4 | D. J. Bernstein | 4 | D. J. Bernstein |
| @@ -277,3 +277,49 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) | |||
| 277 | m += 64; | 277 | m += 64; |
| 278 | } | 278 | } |
| 279 | } | 279 | } |
| 280 | |||
| 281 | void | ||
| 282 | CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32], | ||
| 283 | const unsigned char nonce[16]) | ||
| 284 | { | ||
| 285 | uint32_t x[16]; | ||
| 286 | int i; | ||
| 287 | |||
| 288 | x[0] = U8TO32_LITTLE(sigma + 0); | ||
| 289 | x[1] = U8TO32_LITTLE(sigma + 4); | ||
| 290 | x[2] = U8TO32_LITTLE(sigma + 8); | ||
| 291 | x[3] = U8TO32_LITTLE(sigma + 12); | ||
| 292 | x[4] = U8TO32_LITTLE(key + 0); | ||
| 293 | x[5] = U8TO32_LITTLE(key + 4); | ||
| 294 | x[6] = U8TO32_LITTLE(key + 8); | ||
| 295 | x[7] = U8TO32_LITTLE(key + 12); | ||
| 296 | x[8] = U8TO32_LITTLE(key + 16); | ||
| 297 | x[9] = U8TO32_LITTLE(key + 20); | ||
| 298 | x[10] = U8TO32_LITTLE(key + 24); | ||
| 299 | x[11] = U8TO32_LITTLE(key + 28); | ||
| 300 | x[12] = U8TO32_LITTLE(nonce + 0); | ||
| 301 | x[13] = U8TO32_LITTLE(nonce + 4); | ||
| 302 | x[14] = U8TO32_LITTLE(nonce + 8); | ||
| 303 | x[15] = U8TO32_LITTLE(nonce + 12); | ||
| 304 | |||
| 305 | for (i = 20; i > 0; i -= 2) { | ||
| 306 | QUARTERROUND(x[0], x[4], x[8], x[12]) | ||
| 307 | QUARTERROUND(x[1], x[5], x[9], x[13]) | ||
| 308 | QUARTERROUND(x[2], x[6], x[10], x[14]) | ||
| 309 | QUARTERROUND(x[3], x[7], x[11], x[15]) | ||
| 310 | QUARTERROUND(x[0], x[5], x[10], x[15]) | ||
| 311 | QUARTERROUND(x[1], x[6], x[11], x[12]) | ||
| 312 | QUARTERROUND(x[2], x[7], x[8], x[13]) | ||
| 313 | QUARTERROUND(x[3], x[4], x[9], x[14]) | ||
| 314 | } | ||
| 315 | |||
| 316 | U32TO8_LITTLE(subkey + 0, x[0]); | ||
| 317 | U32TO8_LITTLE(subkey + 4, x[1]); | ||
| 318 | U32TO8_LITTLE(subkey + 8, x[2]); | ||
| 319 | U32TO8_LITTLE(subkey + 12, x[3]); | ||
| 320 | |||
| 321 | U32TO8_LITTLE(subkey + 16, x[12]); | ||
| 322 | U32TO8_LITTLE(subkey + 20, x[13]); | ||
| 323 | U32TO8_LITTLE(subkey + 24, x[14]); | ||
| 324 | U32TO8_LITTLE(subkey + 28, x[15]); | ||
| 325 | } | ||
diff --git a/src/lib/libcrypto/chacha/chacha.c b/src/lib/libcrypto/chacha/chacha.c index 0c384ab88a..6a2dddf055 100644 --- a/src/lib/libcrypto/chacha/chacha.c +++ b/src/lib/libcrypto/chacha/chacha.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha.c,v 1.7 2015/12/09 14:07:55 bcook Exp $ */ | 1 | /* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -75,3 +75,13 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, | |||
| 75 | 75 | ||
| 76 | chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len); | 76 | chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len); |
| 77 | } | 77 | } |
| 78 | |||
| 79 | void | ||
| 80 | CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, | ||
| 81 | const unsigned char key[32], const unsigned char iv[24]) | ||
| 82 | { | ||
| 83 | uint8_t subkey[32]; | ||
| 84 | |||
| 85 | CRYPTO_hchacha_20(subkey, key, iv); | ||
| 86 | CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0); | ||
| 87 | } | ||
diff --git a/src/lib/libcrypto/chacha/chacha.h b/src/lib/libcrypto/chacha/chacha.h index 8d94e626f8..e2345b2199 100644 --- a/src/lib/libcrypto/chacha/chacha.h +++ b/src/lib/libcrypto/chacha/chacha.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha.h,v 1.7 2015/12/09 14:07:55 bcook Exp $ */ | 1 | /* $OpenBSD: chacha.h,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -46,6 +46,10 @@ void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, | |||
| 46 | 46 | ||
| 47 | void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, | 47 | void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, |
| 48 | const unsigned char key[32], const unsigned char iv[8], uint64_t counter); | 48 | const unsigned char key[32], const unsigned char iv[8], uint64_t counter); |
| 49 | void CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, | ||
| 50 | const unsigned char key[32], const unsigned char iv[24]); | ||
| 51 | void CRYPTO_hchacha_20(unsigned char out[32], | ||
| 52 | const unsigned char key[32], const unsigned char iv[16]); | ||
| 49 | 53 | ||
| 50 | #ifdef __cplusplus | 54 | #ifdef __cplusplus |
| 51 | } | 55 | } |