Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
N
nettle
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
5
Merge Requests
5
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Nettle
nettle
Commits
61925232
Commit
61925232
authored
Feb 12, 2014
by
Niels Möller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implemented chacha-poly1305.
parent
13068371
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
323 additions
and
2 deletions
+323
-2
ChangeLog
ChangeLog
+14
-0
Makefile.in
Makefile.in
+2
-1
chacha-poly1305-meta.c
chacha-poly1305-meta.c
+44
-0
chacha-poly1305.c
chacha-poly1305.c
+152
-0
chacha-poly1305.h
chacha-poly1305.h
+90
-0
nettle-meta.h
nettle-meta.h
+1
-0
testsuite/.test-rules.make
testsuite/.test-rules.make
+3
-0
testsuite/Makefile.in
testsuite/Makefile.in
+1
-1
testsuite/chacha-poly1305-test.c
testsuite/chacha-poly1305-test.c
+16
-0
No files found.
ChangeLog
View file @
61925232
2014-02-12 Niels Möller <nisse@lysator.liu.se>
* chacha-poly1305.h: New file.
* chacha-poly1305.c: New file.
* chacha-poly1305-meta.c (nettle_chacha_poly1305): New file, new
aead algorithm.
* nettle-meta.h (nettle_chacha_poly1305): Declare.
* Makefile.in (nettle_SOURCES): Added chacha-poly1305.c and
chacha-poly1305-meta.c.
(HEADERS): Added chacha-poly1305.h.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
chacha-poly1305-test.c.
* testsuite/chacha-poly1305-test.c: New file.
* nettle-meta.h (struct nettle_aead): New generalized version
if this struct.
(nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
...
...
Makefile.in
View file @
61925232
...
...
@@ -88,6 +88,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
camellia256-meta.c
\
cast128.c cast128-meta.c cbc.c
\
chacha-crypt.c chacha-core-internal.c
\
chacha-poly1305.c chacha-poly1305-meta.c
\
chacha-set-key.c chacha-set-nonce.c
\
chacha128-set-key.c chacha256-set-key.c
\
ctr.c des.c des3.c des-compat.c eax.c
\
...
...
@@ -164,7 +165,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
HEADERS
=
aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h
\
base16.h base64.h buffer.h camellia.h cast128.h
\
cbc.h chacha.h ctr.h
\
cbc.h chacha.h c
hacha-poly1305.h c
tr.h
\
des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h
\
gcm.h gosthash94.h hmac.h
\
knuth-lfib.h
\
...
...
chacha-poly1305-meta.c
0 → 100644
View file @
61925232
/* chacha-poly1305-meta.c */
/* nettle, low-level cryptographics library
*
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "nettle-meta.h"
#include "chacha-poly1305.h"
const
struct
nettle_aead
nettle_chacha_poly1305
=
{
"chacha_poly1305"
,
sizeof
(
struct
chacha_poly1305_ctx
),
CHACHA_POLY1305_BLOCK_SIZE
,
CHACHA_POLY1305_KEY_SIZE
,
CHACHA_POLY1305_NONCE_SIZE
,
CHACHA_POLY1305_DIGEST_SIZE
,
(
nettle_set_key_func
*
)
chacha_poly1305_set_key
,
(
nettle_set_key_func
*
)
chacha_poly1305_set_key
,
(
nettle_set_key_func
*
)
chacha_poly1305_set_nonce
,
(
nettle_hash_update_func
*
)
chacha_poly1305_update
,
(
nettle_crypt_func
*
)
chacha_poly1305_encrypt
,
(
nettle_crypt_func
*
)
chacha_poly1305_decrypt
,
(
nettle_hash_digest_func
*
)
chacha_poly1305_digest
,
};
chacha-poly1305.c
0 → 100644
View file @
61925232
/* chacha-poly1305.h
*
* AEAD mechanism based on chacha and poly1305.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <string.h>
#include "chacha-poly1305.h"
#include "macros.h"
#define CHACHA_ROUNDS 20
void
chacha_poly1305_set_key
(
struct
chacha_poly1305_ctx
*
ctx
,
const
uint8_t
*
key
)
{
chacha256_set_key
(
&
ctx
->
chacha
,
key
);
}
void
chacha_poly1305_set_nonce
(
struct
chacha_poly1305_ctx
*
ctx
,
const
uint8_t
*
nonce
)
{
union
{
uint32_t
x
[
_CHACHA_STATE_LENGTH
];
uint8_t
subkey
[
32
];
}
u
;
chacha_set_nonce
(
&
ctx
->
chacha
,
nonce
);
/* Generate authentication key */
_chacha_core
(
u
.
x
,
ctx
->
chacha
.
state
,
CHACHA_ROUNDS
);
poly1305_set_key
(
&
ctx
->
poly1305
,
u
.
subkey
);
/* For final poly1305 processing */
memcpy
(
ctx
->
s
.
b
,
u
.
subkey
+
16
,
16
);
/* Increment block count */
ctx
->
chacha
.
state
[
12
]
=
1
;
ctx
->
auth_size
=
ctx
->
data_size
=
ctx
->
index
=
0
;
}
/* FIXME: Duplicated in poly1305-aes128.c */
#define COMPRESS(ctx, data) _poly1305_block(&(ctx)->poly1305, (data), 1)
static
void
poly1305_update
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
const
uint8_t
*
data
)
{
MD_UPDATE
(
ctx
,
length
,
data
,
COMPRESS
,
(
void
)
0
);
}
void
chacha_poly1305_update
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
const
uint8_t
*
data
)
{
assert
(
ctx
->
data_size
==
0
);
poly1305_update
(
ctx
,
length
,
data
);
ctx
->
auth_size
+=
length
;
}
void
chacha_poly1305_encrypt
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
if
(
!
length
)
return
;
assert
(
ctx
->
data_size
%
CHACHA_POLY1305_BLOCK_SIZE
==
0
);
if
(
!
ctx
->
data_size
)
{
uint8_t
buf
[
8
];
LE_WRITE_UINT64
(
buf
,
ctx
->
auth_size
);
poly1305_update
(
ctx
,
sizeof
(
buf
),
buf
);
}
chacha_crypt
(
&
ctx
->
chacha
,
length
,
dst
,
src
);
poly1305_update
(
ctx
,
length
,
dst
);
ctx
->
data_size
+=
length
;
}
void
chacha_poly1305_decrypt
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
)
{
if
(
!
length
)
return
;
assert
(
ctx
->
data_size
%
CHACHA_POLY1305_BLOCK_SIZE
==
0
);
if
(
!
ctx
->
data_size
)
{
uint8_t
buf
[
8
];
LE_WRITE_UINT64
(
buf
,
ctx
->
auth_size
);
poly1305_update
(
ctx
,
sizeof
(
buf
),
buf
);
}
poly1305_update
(
ctx
,
length
,
src
);
chacha_crypt
(
&
ctx
->
chacha
,
length
,
dst
,
src
);
ctx
->
data_size
+=
length
;
}
void
chacha_poly1305_digest
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
)
{
uint8_t
buf
[
8
];
if
(
!
ctx
->
data_size
)
{
LE_WRITE_UINT64
(
buf
,
ctx
->
auth_size
);
poly1305_update
(
ctx
,
sizeof
(
buf
),
buf
);
}
LE_WRITE_UINT64
(
buf
,
ctx
->
data_size
);
poly1305_update
(
ctx
,
sizeof
(
buf
),
buf
);
/* Final bytes. FIXME: Duplicated in poly1305_aes128.c */
if
(
ctx
->
index
>
0
)
{
assert
(
ctx
->
index
<
POLY1305_BLOCK_SIZE
);
ctx
->
block
[
ctx
->
index
]
=
1
;
memset
(
ctx
->
block
+
ctx
->
index
+
1
,
0
,
POLY1305_BLOCK_SIZE
-
1
-
ctx
->
index
);
_poly1305_block
(
&
ctx
->
poly1305
,
ctx
->
block
,
0
);
}
poly1305_digest
(
&
ctx
->
poly1305
,
&
ctx
->
s
);
memcpy
(
digest
,
&
ctx
->
s
.
b
,
length
);
}
chacha-poly1305.h
0 → 100644
View file @
61925232
/* chacha-poly1305.h
*
* AEAD mechanism based on chacha and poly1305.
* See draft-agl-tls-chacha20poly1305-04.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_CHACHA_POLY1305_H_INCLUDED
#define NETTLE_CHACHA_POLY1305_H_INCLUDED
#include "chacha.h"
#include "poly1305.h"
#ifdef __cplusplus
extern
"C"
{
#endif
/* Name mangling */
#define chacha_poly1305_set_key nettle_chacha_poly1305_set_key
#define chacha_poly1305_set_nonce nettle_chacha_poly1305_set_nonce
#define chacha_poly1305_update nettle_chacha_poly1305_update
#define chacha_poly1305_decrypt nettle_chacha_poly1305_decrypt
#define chacha_poly1305_encrypt nettle_chacha_poly1305_encrypt
#define chacha_poly1305_digest nettle_chacha_poly1305_digest
#define CHACHA_POLY1305_BLOCK_SIZE 64
/* FIXME: Any need for 128-bit variant? */
#define CHACHA_POLY1305_KEY_SIZE 32
#define CHACHA_POLY1305_NONCE_SIZE CHACHA_NONCE_SIZE
#define CHACHA_POLY1305_DIGEST_SIZE 16
struct
chacha_poly1305_ctx
{
struct
chacha_ctx
chacha
;
struct
poly1305_ctx
poly1305
;
union
nettle_block16
s
;
uint64_t
auth_size
;
uint64_t
data_size
;
/* poly1305 block */
uint8_t
block
[
POLY1305_BLOCK_SIZE
];
unsigned
index
;
};
void
chacha_poly1305_set_key
(
struct
chacha_poly1305_ctx
*
ctx
,
const
uint8_t
*
key
);
void
chacha_poly1305_set_nonce
(
struct
chacha_poly1305_ctx
*
ctx
,
const
uint8_t
*
nonce
);
void
chacha_poly1305_update
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
const
uint8_t
*
data
);
void
chacha_poly1305_encrypt
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
void
chacha_poly1305_decrypt
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
dst
,
const
uint8_t
*
src
);
void
chacha_poly1305_digest
(
struct
chacha_poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
);
#ifdef __cplusplus
}
#endif
#endif
/* NETTLE_CHACHA_POLY1305_H_INCLUDED */
nettle-meta.h
View file @
61925232
...
...
@@ -150,6 +150,7 @@ struct nettle_aead
extern
const
struct
nettle_aead
nettle_gcm_aes128
;
extern
const
struct
nettle_aead
nettle_gcm_aes192
;
extern
const
struct
nettle_aead
nettle_gcm_aes256
;
extern
const
struct
nettle_aead
nettle_chacha_poly1305
;
struct
nettle_armor
{
...
...
testsuite/.test-rules.make
View file @
61925232
...
...
@@ -112,6 +112,9 @@ eax-test$(EXEEXT): eax-test.$(OBJEXT)
poly1305-test$(EXEEXT)
:
poly1305-test.$(OBJEXT)
$(LINK)
poly1305-test.
$(OBJEXT)
$(TEST_OBJS)
-o
poly1305-test
$(EXEEXT)
chacha-poly1305-test$(EXEEXT)
:
chacha-poly1305-test.$(OBJEXT)
$(LINK)
chacha-poly1305-test.
$(OBJEXT)
$(TEST_OBJS)
-o
chacha-poly1305-test
$(EXEEXT)
hmac-test$(EXEEXT)
:
hmac-test.$(OBJEXT)
$(LINK)
hmac-test.
$(OBJEXT)
$(TEST_OBJS)
-o
hmac-test
$(EXEEXT)
...
...
testsuite/Makefile.in
View file @
61925232
...
...
@@ -26,7 +26,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
serpent-test.c twofish-test.c
\
knuth-lfib-test.c
\
cbc-test.c ctr-test.c gcm-test.c eax-test.c
\
poly1305-test.c
\
poly1305-test.c
chacha-poly1305-test.c
\
hmac-test.c umac-test.c
\
meta-hash-test.c meta-cipher-test.c meta-armor-test.c
\
buffer-test.c yarrow-test.c pbkdf2-test.c
...
...
testsuite/chacha-poly1305-test.c
0 → 100644
View file @
61925232
#include "testutils.h"
#include "nettle-internal.h"
void
test_main
(
void
)
{
/* From draft-agl-tls-chacha20poly1305-04 */
test_aead
(
&
nettle_chacha_poly1305
,
NULL
,
SHEX
(
"4290bcb154173531f314af57f3be3b50"
"06da371ece272afa1b5dbdd1100a1007"
),
/* key */
SHEX
(
"87e229d4500845a079c0"
),
/* auth data */
SHEX
(
"86d09974840bded2a5ca"
),
/* plain text */
SHEX
(
"e3e446f7ede9a19b62a4"
),
/* ciphertext */
SHEX
(
"cd7cf67be39c794a"
),
/* nonce */
SHEX
(
"677dabf4e3d24b876bb284753896e1d6"
));
/* tag */
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment