From 1ca7b54879045f7f3a61db73ae1540d22cba8871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= Date: Fri, 13 Dec 2013 10:01:34 +0100 Subject: [PATCH] Moved chacha files into the repo. --- chacha-core-internal.c | 120 +++++++++++++++++++++++++++++++++++++++++++++++++ chacha-crypt.c | 89 ++++++++++++++++++++++++++++++++++++ chacha-init.c | 92 +++++++++++++++++++++++++++++++++++++ chacha.h | 99 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 400 insertions(+) create mode 100644 chacha-core-internal.c create mode 100644 chacha-crypt.c create mode 100644 chacha-init.c create mode 100644 chacha.h diff --git a/chacha-core-internal.c b/chacha-core-internal.c new file mode 100644 index 0000000..1c80f57 --- /dev/null +++ b/chacha-core-internal.c @@ -0,0 +1,120 @@ +/* chacha-core-internal.c + * + * Core functionality of the ChaCha stream cipher. + * Heavily based on the Salsa20 implementation in Nettle. + * + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2013 Joachim Str��mbergson + * Copyright (C) 2012 Simon Josefsson, Niels M��ller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +/* Based on: + chacha-ref.c version 2008.01.20. + D. J. Bernstein + Public domain. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include "chacha.h" + +#include "macros.h" + +#ifndef CHACHA_DEBUG +# define CHACHA_DEBUG 0 +#endif + +#if CHACHA_DEBUG +# include +# define DEBUG(i) do { \ + unsigned debug_j; \ + for (debug_j = 0; debug_j < 16; debug_j++) \ + { \ + if (debug_j == 0) \ + fprintf(stderr, "%2d:", (i)); \ + else if (debug_j % 4 == 0) \ + fprintf(stderr, "\n "); \ + fprintf(stderr, " %8x", x[debug_j]); \ + } \ + fprintf(stderr, "\n"); \ + } while (0) +#else +# define DEBUG(i) +#endif + +#ifdef WORDS_BIGENDIAN +#define LE_SWAP32(v) \ + ((ROTL32(8, v) & 0x00FF00FFUL) | \ + (ROTL32(24, v) & 0xFF00FF00UL)) +#else +#define LE_SWAP32(v) (v) +#endif + +#define QROUND(x0, x1, x2, x3) do { \ + x0 = x0 + x1; x3 = ROTL32(16, (x0 ^ x3)); \ + x2 = x2 + x3; x1 = ROTL32(12, (x1 ^ x2)); \ + x0 = x0 + x1; x3 = ROTL32(8, (x0 ^ x3)); \ + x2 = x2 + x3; x1 = ROTL32(7, (x1 ^ x2)); \ + } while(0) + +void +_chacha_core(uint32_t *dst, const uint32_t *src, uint8_t rounds) +{ + uint32_t x[_CHACHA_STATE_LENGTH]; + unsigned i; + + assert ( (rounds & 1) == 0); + + memcpy (x, src, sizeof(x)); + for (i = 0; i < rounds;i += 2) + { + DEBUG (i); + QROUND(x[0], x[4], x[8], x[12]); + QROUND(x[1], x[5], x[9], x[13]); + QROUND(x[2], x[6], x[10], x[14]); + QROUND(x[3], x[7], x[11], x[15]); + + DEBUG (i+1); + QROUND(x[0], x[5], x[10], x[15]); + QROUND(x[1], x[6], x[11], x[12]); + QROUND(x[2], x[7], x[8], x[13]); + QROUND(x[3], x[4], x[9], x[14]); + } + DEBUG (i); + + for (i = 0; i < _CHACHA_STATE_LENGTH; i++) + { + uint32_t t = x[i] + src[i]; + dst[i] = LE_SWAP32 (t); + } +} + + + + + + + diff --git a/chacha-crypt.c b/chacha-crypt.c new file mode 100644 index 0000000..c2e94e8 --- /dev/null +++ b/chacha-crypt.c @@ -0,0 +1,89 @@ +/* salsa20-crypt.c + * + * The crypt function in the ChaCha stream cipher. + * Heavily based on the Salsa20 implementation in Nettle. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2013 Joachim Str��mbergson + * Copyright (C) 2012 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +/* Based on: + chacha-ref.c version 2008.01.20. + D. J. Bernstein + Public domain. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "chacha.h" + +#include "macros.h" +#include "memxor.h" + +void +chachar12_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + chacha_crypt(ctx, length, 12, dst, src); +} + + +void +chachar20_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + chacha_crypt(ctx, length, 20, dst, src); +} + + +void +chacha_crypt(struct chacha_ctx *ctx, size_t length, uint8_t rounds, + uint8_t *c, const uint8_t *m) +{ + if (!length) + return; + + for (;;) + { + uint32_t x[_CHACHA_STATE_LENGTH]; + + _chacha_core (x, ctx->state, rounds); + + ctx->state[9] += (++ctx->state[8] == 0); + + /* stopping at 2^70 length per nonce is user's responsibility */ + + if (length <= CHACHA_BLOCK_SIZE) + { + memxor3 (c, m, x, length); + return; + } + memxor3 (c, m, x, CHACHA_BLOCK_SIZE); + + length -= CHACHA_BLOCK_SIZE; + c += CHACHA_BLOCK_SIZE; + m += CHACHA_BLOCK_SIZE; + } +} diff --git a/chacha-init.c b/chacha-init.c new file mode 100644 index 0000000..a413c1f --- /dev/null +++ b/chacha-init.c @@ -0,0 +1,92 @@ +/* chacha-init.c + * + * Initialization functions for the ChaCha stream cipher. + * Based on the Salsa20 implementation in Nettle. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2013 Joachim Str��mbergon + * Copyright (C) 2012 Simon Josefsson, Niels M��ller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +/* Based on: + ChaCha specification (doc id: 4027b5256e17b9796842e6d0f68b0b5e) and reference + implementation dated 2008.01.20 + D. J. Bernstein + Public domain. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "chacha.h" + +#include "macros.h" + +void +chacha_set_key(struct chacha_ctx *ctx, + size_t length, const uint8_t *key) +{ + static const uint32_t sigma[4] = { + /* "expand 32-byte k" */ + 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 + }; + static const uint32_t tau[4] = { + /* "expand 16-byte k" */ + 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574 + }; + const uint32_t *constants; + + assert (length == CHACHA_MIN_KEY_SIZE || length == CHACHA_MAX_KEY_SIZE); + + ctx->state[4] = LE_READ_UINT32(key + 0); + ctx->state[5] = LE_READ_UINT32(key + 4); + ctx->state[6] = LE_READ_UINT32(key + 8); + ctx->state[7] = LE_READ_UINT32(key + 12); + if (length == CHACHA_MAX_KEY_SIZE) { /* recommended */ + ctx->state[8] = LE_READ_UINT32(key + 16); + ctx->state[9] = LE_READ_UINT32(key + 20); + ctx->state[10] = LE_READ_UINT32(key + 24); + ctx->state[11] = LE_READ_UINT32(key + 28); + constants = sigma; + } else { /* kbits == 128 */ + ctx->state[8] = ctx->state[4]; + ctx->state[9] = ctx->state[5]; + ctx->state[10] = ctx->state[6]; + ctx->state[11] = ctx->state[7]; + constants = tau; + } + ctx->state[0] = constants[0]; + ctx->state[1] = constants[1]; + ctx->state[2] = constants[2]; + ctx->state[3] = constants[3]; +} + +void +chacha_set_iv(struct chacha_ctx *ctx, const uint8_t *iv) +{ + ctx->state[12] = 0; + ctx->state[13] = 0; + ctx->state[14] = LE_READ_UINT32(iv + 0); + ctx->state[15] = LE_READ_UINT32(iv + 4); +} + diff --git a/chacha.h b/chacha.h new file mode 100644 index 0000000..269f838 --- /dev/null +++ b/chacha.h @@ -0,0 +1,99 @@ +/* chacha.h + * + * The ChaCha stream cipher. + * Heavily based on the Salsa20 source code in Nettle. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2013 Joachim Str��mbergson + * Copyright (C) 2012 Simon Josefsson + * Copyright (C) 2001 Niels M��ller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#ifndef NETTLE_CHACHA_H_INCLUDED +#define NETTLE_CHACHA_H_INCLUDED + +#include "nettle-types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Name mangling */ +#define chacha_set_key nettle_chacha_set_key +#define chacha_set_iv nettle_chacha_set_iv +#define chacha_crypt nettle_chacha_crypt +#define _chacha_core _nettle_chacha_core + +/* Minimum and maximum keysizes, and a reasonable default. + In octets. */ +#define CHACHA_MIN_KEY_SIZE 16 +#define CHACHA_MAX_KEY_SIZE 32 +#define CHACHA_KEY_SIZE 32 +#define CHACHA_BLOCK_SIZE 64 + +#define CHACHA_IV_SIZE 8 + +#define CHACHA_NUM_ROUNDS 8 + +#define _CHACHA_STATE_LENGTH 16 + +struct chacha_ctx +{ + /* Indices 0-3 holds a constant (SIGMA or TAU). + Indices 4-11 holds the key. + Indices 12-13 holds the block counter. + Indices 14-15 holds the IV: + + This creates the state matrix: + C C C C + K K K K + K K K K + B B I I + */ + uint32_t state[_CHACHA_STATE_LENGTH]; +}; + +void +chacha_set_key(struct chacha_ctx *ctx, + size_t length, const uint8_t *key); + +void +chacha_set_iv(struct chacha_ctx *ctx, const uint8_t *iv); + +void +chacha_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t rounds, uint8_t *dst, const uint8_t *src); + +void +chachar12_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t *dst, const uint8_t *src); + +void +chachar20_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t *dst, const uint8_t *src); + +void +_chacha_core(uint32_t *dst, const uint32_t *src, uint8_t rounds); + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_CHACHA_H_INCLUDED */ -- 1.8.3.4 (Apple Git-47)