Commit c6319980 authored by Niels Möller's avatar Niels Möller

New function chacha_set_nonce96.

parent d54ad2d5
2015-01-30 Niels Möller <nisse@lysator.liu.se>
* chacha-set-nonce.c (chacha_set_nonce96): New function.
* chacha.h (CHACHA_NONCE96_SIZE): New constant.
* testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.
2015-01-27 Niels Möller <nisse@lysator.liu.se> 2015-01-27 Niels Möller <nisse@lysator.liu.se>
* ecc.h: Deleted declarations of unused itch functions. Moved * ecc.h: Deleted declarations of unused itch functions. Moved
......
...@@ -59,3 +59,12 @@ chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce) ...@@ -59,3 +59,12 @@ chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce)
ctx->state[14] = LE_READ_UINT32(nonce + 0); ctx->state[14] = LE_READ_UINT32(nonce + 0);
ctx->state[15] = LE_READ_UINT32(nonce + 4); ctx->state[15] = LE_READ_UINT32(nonce + 4);
} }
void
chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce)
{
ctx->state[12] = 0;
ctx->state[13] = LE_READ_UINT32(nonce + 0);
ctx->state[14] = LE_READ_UINT32(nonce + 4);
ctx->state[15] = LE_READ_UINT32(nonce + 8);
}
...@@ -45,6 +45,7 @@ extern "C" { ...@@ -45,6 +45,7 @@ extern "C" {
/* Name mangling */ /* Name mangling */
#define chacha_set_key nettle_chacha_set_key #define chacha_set_key nettle_chacha_set_key
#define chacha_set_nonce nettle_chacha_set_nonce #define chacha_set_nonce nettle_chacha_set_nonce
#define chacha_set_nonce96 nettle_chacha_set_nonce96
#define chacha_crypt nettle_chacha_crypt #define chacha_crypt nettle_chacha_crypt
#define _chacha_core _nettle_chacha_core #define _chacha_core _nettle_chacha_core
...@@ -52,6 +53,7 @@ extern "C" { ...@@ -52,6 +53,7 @@ extern "C" {
#define CHACHA_KEY_SIZE 32 #define CHACHA_KEY_SIZE 32
#define CHACHA_BLOCK_SIZE 64 #define CHACHA_BLOCK_SIZE 64
#define CHACHA_NONCE_SIZE 8 #define CHACHA_NONCE_SIZE 8
#define CHACHA_NONCE96_SIZE 12
#define _CHACHA_STATE_LENGTH 16 #define _CHACHA_STATE_LENGTH 16
...@@ -77,6 +79,9 @@ chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key); ...@@ -77,6 +79,9 @@ chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key);
void void
chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce); chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce);
void
chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce);
void void
chacha_crypt(struct chacha_ctx *ctx, size_t length, chacha_crypt(struct chacha_ctx *ctx, size_t length,
uint8_t *dst, const uint8_t *src); uint8_t *dst, const uint8_t *src);
......
...@@ -44,20 +44,30 @@ test_chacha(const struct tstring *key, const struct tstring *nonce, ...@@ -44,20 +44,30 @@ test_chacha(const struct tstring *key, const struct tstring *nonce,
ASSERT (key->length == CHACHA_KEY_SIZE); ASSERT (key->length == CHACHA_KEY_SIZE);
chacha_set_key (&ctx, key->data); chacha_set_key (&ctx, key->data);
ASSERT (nonce->length == CHACHA_NONCE_SIZE);
if (rounds == 20) if (rounds == 20)
{ {
uint8_t *data = xalloc (expected->length + 2); uint8_t *data = xalloc (expected->length + 2);
data++;
size_t length; size_t length;
data++;
for (length = 1; length <= expected->length; length++) for (length = 1; length <= expected->length; length++)
{ {
data[-1] = 17; data[-1] = 17;
memset (data, 0, length); memset (data, 0, length);
data[length] = 17; data[length] = 17;
if (nonce->length == CHACHA_NONCE_SIZE)
chacha_set_nonce(&ctx, nonce->data); chacha_set_nonce(&ctx, nonce->data);
else if (nonce->length == CHACHA_NONCE96_SIZE)
{
chacha_set_nonce96(&ctx, nonce->data);
/* Use initial counter 1, for
draft-irtf-cfrg-chacha20-poly1305-08 test cases. */
ctx.state[12]++;
}
else
die ("Bad nonce size %u.\n", (unsigned) nonce->length);
chacha_crypt (&ctx, length, data, data); chacha_crypt (&ctx, length, data, data);
ASSERT (data[-1] == 17); ASSERT (data[-1] == 17);
...@@ -84,6 +94,7 @@ test_chacha(const struct tstring *key, const struct tstring *nonce, ...@@ -84,6 +94,7 @@ test_chacha(const struct tstring *key, const struct tstring *nonce,
numbers of rounds. */ numbers of rounds. */
uint32_t out[_CHACHA_STATE_LENGTH]; uint32_t out[_CHACHA_STATE_LENGTH];
ASSERT (expected->length == CHACHA_BLOCK_SIZE); ASSERT (expected->length == CHACHA_BLOCK_SIZE);
ASSERT (nonce->length == CHACHA_NONCE_SIZE);
chacha_set_nonce(&ctx, nonce->data); chacha_set_nonce(&ctx, nonce->data);
_chacha_core (out, ctx.state, rounds); _chacha_core (out, ctx.state, rounds);
...@@ -622,4 +633,14 @@ test_main(void) ...@@ -622,4 +633,14 @@ test_main(void)
"ae2c4c90225ba9ea 14d518f55929dea0" "ae2c4c90225ba9ea 14d518f55929dea0"
"98ca7a6ccfe61227 053c84e49a4a3332"), "98ca7a6ccfe61227 053c84e49a4a3332"),
20); 20);
/* From draft-irtf-cfrg-chacha20-poly1305-08, with 96-bit nonce */
test_chacha(SHEX("0001020304050607 08090a0b0c0d0e0f"
"1011121314151617 18191a1b1c1d1e1f"),
SHEX("000000090000004a 00000000"),
SHEX("10f1e7e4d13b5915 500fdd1fa32071c4"
"c7d1f4c733c06803 0422aa9ac3d46c4e"
"d2826446079faa09 14c2d705d98b02a2"
"b5129cd1de164eb9 cbd083e8a2503c4e"),
20);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment