Commit 93fc1d14 authored by Niels Möller's avatar Niels Möller

Implemented chacha, based on contribution by Joachim Strömbergson.

parent e57d2fe2
2014-01-27 Niels Möller <nisse@lysator.liu.se>
Chacha implementation, based on contribution by Joachim
Strömbergson.
* chacha.h: New file.
* chacha256-set-key.c (chacha256_set_key): New file and function.
* chacha128-set-key.c (chacha128_set_key): New file and function.
* chacha-set-key.c (chacha_set_key): New file and function.
* chacha-set-iv.c (chacha_set_iv): New file and function.
* chacha-core-internal.c (_chacha_core): New file and function.
* chacha-crypt.c (chacha_crypt): New file and function.
* Makefile.in (nettle_SOURCES): Added chacha files.
(HEADERS): Added chacha.h.
* testsuite/chacha-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added chacha-test.c.
2014-01-26 Niels Möller <nisse@lysator.liu.se> 2014-01-26 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to... * nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
......
...@@ -86,8 +86,11 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ ...@@ -86,8 +86,11 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
camellia256-set-decrypt-key.c \ camellia256-set-decrypt-key.c \
camellia256-meta.c \ camellia256-meta.c \
cast128.c cast128-meta.c \ cast128.c cast128-meta.c \
blowfish.c \ blowfish.c cbc.c \
cbc.c ctr.c gcm.c \ chacha-crypt.c chacha-core-internal.c \
chacha-set-iv.c chacha-set-key.c \
chacha128-set-key.c chacha256-set-key.c \
ctr.c gcm.c \
gcm-aes.c gcm-aes128.c gcm-aes192.c gcm-aes256.c \ gcm-aes.c gcm-aes128.c gcm-aes192.c gcm-aes256.c \
des.c des3.c des-compat.c eax.c \ des.c des3.c des-compat.c eax.c \
hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
...@@ -159,7 +162,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ ...@@ -159,7 +162,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
base16.h base64.h buffer.h camellia.h cast128.h \ base16.h base64.h buffer.h camellia.h cast128.h \
cbc.h ctr.h \ cbc.h chacha.h ctr.h \
des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h \ des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h \
gcm.h gosthash94.h hmac.h \ gcm.h gosthash94.h hmac.h \
knuth-lfib.h \ knuth-lfib.h \
......
/* chacha-core-internal.c
*
* Core functionality of the ChaCha stream cipher.
* Heavily based on the Salsa20 implementation in Nettle.
*
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Joachim Strömbergson
* Copyright (C) 2012 Simon Josefsson, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Based on:
chacha-ref.c version 2008.01.20.
D. J. Bernstein
Public domain.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <string.h>
#include "chacha.h"
#include "macros.h"
#ifndef CHACHA_DEBUG
# define CHACHA_DEBUG 0
#endif
#if CHACHA_DEBUG
# include <stdio.h>
# define DEBUG(i) do { \
unsigned debug_j; \
for (debug_j = 0; debug_j < 16; debug_j++) \
{ \
if (debug_j == 0) \
fprintf(stderr, "%2d:", (i)); \
else if (debug_j % 4 == 0) \
fprintf(stderr, "\n "); \
fprintf(stderr, " %8x", x[debug_j]); \
} \
fprintf(stderr, "\n"); \
} while (0)
#else
# define DEBUG(i)
#endif
#ifdef WORDS_BIGENDIAN
#define LE_SWAP32(v) \
((ROTL32(8, v) & 0x00FF00FFUL) | \
(ROTL32(24, v) & 0xFF00FF00UL))
#else
#define LE_SWAP32(v) (v)
#endif
#define QROUND(x0, x1, x2, x3) do { \
x0 = x0 + x1; x3 = ROTL32(16, (x0 ^ x3)); \
x2 = x2 + x3; x1 = ROTL32(12, (x1 ^ x2)); \
x0 = x0 + x1; x3 = ROTL32(8, (x0 ^ x3)); \
x2 = x2 + x3; x1 = ROTL32(7, (x1 ^ x2)); \
} while(0)
void
_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
{
uint32_t x[_CHACHA_STATE_LENGTH];
unsigned i;
assert ( (rounds & 1) == 0);
memcpy (x, src, sizeof(x));
for (i = 0; i < rounds;i += 2)
{
DEBUG (i);
QROUND(x[0], x[4], x[8], x[12]);
QROUND(x[1], x[5], x[9], x[13]);
QROUND(x[2], x[6], x[10], x[14]);
QROUND(x[3], x[7], x[11], x[15]);
DEBUG (i+1);
QROUND(x[0], x[5], x[10], x[15]);
QROUND(x[1], x[6], x[11], x[12]);
QROUND(x[2], x[7], x[8], x[13]);
QROUND(x[3], x[4], x[9], x[14]);
}
DEBUG (i);
for (i = 0; i < _CHACHA_STATE_LENGTH; i++)
{
uint32_t t = x[i] + src[i];
dst[i] = LE_SWAP32 (t);
}
}
/* chacha-crypt.c
*
* The crypt function in the ChaCha stream cipher.
* Heavily based on the Salsa20 implementation in Nettle.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2014 Niels Möller
* Copyright (C) 2013 Joachim Strömbergson
* Copyright (C) 2012 Simon Josefsson
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Based on:
chacha-ref.c version 2008.01.20.
D. J. Bernstein
Public domain.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>
#include "chacha.h"
#include "macros.h"
#include "memxor.h"
#define CHACHA_ROUNDS 20
void
chacha_crypt(struct chacha_ctx *ctx,
size_t length,
uint8_t *c,
const uint8_t *m)
{
if (!length)
return;
for (;;)
{
uint32_t x[_CHACHA_STATE_LENGTH];
_chacha_core (x, ctx->state, CHACHA_ROUNDS);
ctx->state[9] += (++ctx->state[8] == 0);
/* stopping at 2^70 length per nonce is user's responsibility */
if (length <= CHACHA_BLOCK_SIZE)
{
memxor3 (c, m, x, length);
return;
}
memxor3 (c, m, x, CHACHA_BLOCK_SIZE);
length -= CHACHA_BLOCK_SIZE;
c += CHACHA_BLOCK_SIZE;
m += CHACHA_BLOCK_SIZE;
}
}
/* chacha-set-iv.c
*
* Setting the IV the ChaCha stream cipher.
* Based on the Salsa20 implementation in Nettle.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Joachim Strömbergon
* Copyright (C) 2012 Simon Josefsson
* Copyright (C) 2012, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Based on:
ChaCha specification (doc id: 4027b5256e17b9796842e6d0f68b0b5e) and reference
implementation dated 2008.01.20
D. J. Bernstein
Public domain.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "chacha.h"
#include "macros.h"
void
chacha_set_iv(struct chacha_ctx *ctx, const uint8_t *iv)
{
ctx->state[12] = 0;
ctx->state[13] = 0;
ctx->state[14] = LE_READ_UINT32(iv + 0);
ctx->state[15] = LE_READ_UINT32(iv + 4);
}
/* chacha-set-key.c
*
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdlib.h>
#include "chacha.h"
void
chacha_set_key(struct chacha_ctx *ctx, size_t length, const uint8_t *key)
{
switch (length)
{
default:
abort ();
case CHACHA128_KEY_SIZE:
chacha128_set_key (ctx, key);
break;
case CHACHA256_KEY_SIZE:
chacha256_set_key (ctx, key);
break;
}
}
/* chacha.h
*
* The ChaCha stream cipher.
* Heavily based on the Salsa20 source code in Nettle.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Joachim Strömbergson
* Copyright (C) 2012 Simon Josefsson
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_CHACHA_H_INCLUDED
#define NETTLE_CHACHA_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define chacha_set_key nettle_chacha_set_key
#define chacha128_set_key nettle_chacha128_set_key
#define chacha256_set_key nettle_chacha256_set_key
#define chacha_set_iv nettle_chacha_set_iv
#define chacha_crypt nettle_chacha_crypt
#define _chacha_core _nettle_chacha_core
/* Possible keysizes, and a reasonable default. In octets. */
#define CHACHA128_KEY_SIZE 16
#define CHACHA256_KEY_SIZE 32
#define CHACHA_KEY_SIZE 32
#define CHACHA_BLOCK_SIZE 64
#define CHACHA_IV_SIZE 8
#define _CHACHA_STATE_LENGTH 16
struct chacha_ctx
{
/* Indices 0-3 holds a constant (SIGMA or TAU).
Indices 4-11 holds the key.
Indices 12-13 holds the block counter.
Indices 14-15 holds the IV:
This creates the state matrix:
C C C C
K K K K
K K K K
B B I I
*/
uint32_t state[_CHACHA_STATE_LENGTH];
};
void
chacha128_set_key(struct chacha_ctx *ctx, const uint8_t *key);
void
chacha256_set_key(struct chacha_ctx *ctx, const uint8_t *key);
void
chacha_set_key(struct chacha_ctx *ctx,
size_t length, const uint8_t *key);
void
chacha_set_iv(struct chacha_ctx *ctx, const uint8_t *iv);
void
chacha_crypt(struct chacha_ctx *ctx, size_t length,
uint8_t *dst, const uint8_t *src);
void
_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CHACHA_H_INCLUDED */
/* chacha128-set-key.c
*
* ChaCha key setup for 128-bit keys.
* Based on the Salsa20 implementation in Nettle.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Joachim Strömbergon
* Copyright (C) 2012 Simon Josefsson
* Copyright (C) 2012, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Based on:
ChaCha specification (doc id: 4027b5256e17b9796842e6d0f68b0b5e) and reference
implementation dated 2008.01.20
D. J. Bernstein
Public domain.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <string.h>
#include "chacha.h"
#include "macros.h"
void
chacha128_set_key(struct chacha_ctx *ctx, const uint8_t *key)
{
static const uint32_t tau[4] = {
/* "expand 16-byte k" */
0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
};
ctx->state[8] = ctx->state[4] = LE_READ_UINT32(key + 0);
ctx->state[9] = ctx->state[5] = LE_READ_UINT32(key + 4);
ctx->state[10] = ctx->state[6] = LE_READ_UINT32(key + 8);
ctx->state[11] = ctx->state[7] = LE_READ_UINT32(key + 12);
memcpy (ctx->state, tau, sizeof(tau));
}
/* chacha256-set-key.c
*
* ChaCha key setup for 256-bit keys.
* Based on the Salsa20 implementation in Nettle.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Joachim Strömbergon
* Copyright (C) 2012 Simon Josefsson
* Copyright (C) 2012, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
/* Based on:
ChaCha specification (doc id: 4027b5256e17b9796842e6d0f68b0b5e) and reference
implementation dated 2008.01.20
D. J. Bernstein
Public domain.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <string.h>
#include "chacha.h"
#include "macros.h"
void
chacha256_set_key(struct chacha_ctx *ctx, const uint8_t *key)
{
static const uint32_t sigma[4] = {
/* "expand 32-byte k" */
0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
};
ctx->state[4] = LE_READ_UINT32(key + 0);
ctx->state[5] = LE_READ_UINT32(key + 4);
ctx->state[6] = LE_READ_UINT32(key + 8);
ctx->state[7] = LE_READ_UINT32(key + 12);
ctx->state[8] = LE_READ_UINT32(key + 16);
ctx->state[9] = LE_READ_UINT32(key + 20);
ctx->state[10] = LE_READ_UINT32(key + 24);
ctx->state[11] = LE_READ_UINT32(key + 28);
memcpy (ctx->state, sigma, sizeof(sigma));
}
...@@ -22,6 +22,9 @@ base64-test$(EXEEXT): base64-test.$(OBJEXT) ...@@ -22,6 +22,9 @@ base64-test$(EXEEXT): base64-test.$(OBJEXT)
camellia-test$(EXEEXT): camellia-test.$(OBJEXT) camellia-test$(EXEEXT): camellia-test.$(OBJEXT)
$(LINK) camellia-test.$(OBJEXT) $(TEST_OBJS) -o camellia-test$(EXEEXT) $(LINK) camellia-test.$(OBJEXT) $(TEST_OBJS) -o camellia-test$(EXEEXT)
chacha-test$(EXEEXT): chacha-test.$(OBJEXT)
$(LINK) chacha-test.$(OBJEXT) $(TEST_OBJS) -o chacha-test$(EXEEXT)
des-test$(EXEEXT): des-test.$(OBJEXT) des-test$(EXEEXT): des-test.$(OBJEXT)
$(LINK) des-test.$(OBJEXT) $(TEST_OBJS) -o des-test$(EXEEXT) $(LINK) des-test.$(OBJEXT) $(TEST_OBJS) -o des-test$(EXEEXT)
......
...@@ -13,7 +13,7 @@ PRE_LDFLAGS = -L.. ...@@ -13,7 +13,7 @@ PRE_LDFLAGS = -L..
TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
blowfish-test.c cast128-test.c \ blowfish-test.c cast128-test.c \
base16-test.c base64-test.c \ base16-test.c base64-test.c \
camellia-test.c \ camellia-test.c chacha-test.c \
des-test.c des3-test.c des-compat-test.c \ des-test.c des3-test.c des-compat-test.c \
md2-test.c md4-test.c md5-test.c md5-compat-test.c \ md2-test.c md4-test.c md5-test.c md5-compat-test.c \
memxor-test.c gosthash94-test.c \ memxor-test.c gosthash94-test.c \
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment