New function chacha_set_nonce96.

c6319980 · Niels Möller · d54ad2d5 · c6319980 · c6319980 · c6319980
Commit c6319980 authored Jan 30, 2015 by Niels Möller
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 3 deletions

ChangeLog ChangeLog +6 -0

chacha-set-nonce.c chacha-set-nonce.c +9 -0

chacha.h chacha.h +5 -0

testsuite/chacha-test.c testsuite/chacha-test.c +24 -3

No files found.
--- a/ChangeLog
+++ b/ChangeLog
+2015-01-30  Niels Möller  <nisse@lysator.liu.se>
+
+	* chacha-set-nonce.c (chacha_set_nonce96): New function.
+	* chacha.h (CHACHA_NONCE96_SIZE): New constant.
+	* testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.
+
 2015-01-27  Niels Möller  <nisse@lysator.liu.se>

 	* ecc.h: Deleted declarations of unused itch functions. Moved

--- a/chacha-set-nonce.c
+++ b/chacha-set-nonce.c
@@ -59,3 +59,12 @@ chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce)
  ctx->state[14] = LE_READ_UINT32(nonce + 0);
  ctx->state[15] = LE_READ_UINT32(nonce + 4);
 }
+
+void
+chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce)
+{
+  ctx->state[12] = 0;
+  ctx->state[13] = LE_READ_UINT32(nonce + 0);
+  ctx->state[14] = LE_READ_UINT32(nonce + 4);
+  ctx->state[15] = LE_READ_UINT32(nonce + 8);
+}
--- a/chacha.h
+++ b/chacha.h
@@ -45,6 +45,7 @@ extern "C" {
 /* Name mangling */
 #define chacha_set_key nettle_chacha_set_key
 #define chacha_set_nonce nettle_chacha_set_nonce
+#define chacha_set_nonce96 nettle_chacha_set_nonce96
 #define chacha_crypt nettle_chacha_crypt
 #define _chacha_core _nettle_chacha_core

@@ -52,6 +53,7 @@ extern "C" {
 #define CHACHA_KEY_SIZE 32
 #define CHACHA_BLOCK_SIZE 64
 #define CHACHA_NONCE_SIZE 8
+#define CHACHA_NONCE96_SIZE 12

 #define _CHACHA_STATE_LENGTH 16

@@ -77,6 +79,9 @@ chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key);
 void
 chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce);

+void
+chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce);
+
 void
 chacha_crypt(struct chacha_ctx *ctx, size_t length, 
             uint8_t *dst, const uint8_t *src);

--- a/testsuite/chacha-test.c
+++ b/testsuite/chacha-test.c
@@ -44,20 +44,30 @@ test_chacha(const struct tstring *key, const struct tstring *nonce,

  ASSERT (key->length == CHACHA_KEY_SIZE);
  chacha_set_key (&ctx, key->data);
-  ASSERT (nonce->length == CHACHA_NONCE_SIZE);

  if (rounds == 20)
    {
      uint8_t *data = xalloc (expected->length + 2);
-      data++;
      size_t length;
+      data++;

      for (length = 1; length <= expected->length; length++)
 	{
 	  data[-1] = 17;
 	  memset (data, 0, length);
 	  data[length] = 17;
-	  chacha_set_nonce(&ctx, nonce->data);
+	  if (nonce->length == CHACHA_NONCE_SIZE)
+	    chacha_set_nonce(&ctx, nonce->data);
+	  else if (nonce->length == CHACHA_NONCE96_SIZE)
+	    {
+	      chacha_set_nonce96(&ctx, nonce->data);
+	      /* Use initial counter 1, for
+		 draft-irtf-cfrg-chacha20-poly1305-08 test cases. */
+	      ctx.state[12]++;
+	    }
+	  else
+	    die ("Bad nonce size %u.\n", (unsigned) nonce->length);
+
 	  chacha_crypt (&ctx, length, data, data);

 	  ASSERT (data[-1] == 17);
@@ -84,6 +94,7 @@ test_chacha(const struct tstring *key, const struct tstring *nonce,
 	 numbers of rounds. */
      uint32_t out[_CHACHA_STATE_LENGTH];
      ASSERT (expected->length == CHACHA_BLOCK_SIZE);
+      ASSERT (nonce->length == CHACHA_NONCE_SIZE);

      chacha_set_nonce(&ctx, nonce->data);
      _chacha_core (out, ctx.state, rounds);
@@ -622,4 +633,14 @@ test_main(void)
 		   "ae2c4c90225ba9ea 14d518f55929dea0"
 		   "98ca7a6ccfe61227 053c84e49a4a3332"),
 	      20);
+
+  /* From draft-irtf-cfrg-chacha20-poly1305-08, with 96-bit nonce */
+  test_chacha(SHEX("0001020304050607 08090a0b0c0d0e0f"
+		   "1011121314151617 18191a1b1c1d1e1f"),
+	      SHEX("000000090000004a 00000000"),
+	      SHEX("10f1e7e4d13b5915 500fdd1fa32071c4"
+		   "c7d1f4c733c06803 0422aa9ac3d46c4e"
+		   "d2826446079faa09 14c2d705d98b02a2"
+		   "b5129cd1de164eb9 cbd083e8a2503c4e"),
+	      20);
 }