Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/crypto/adiantum Convert crypto/adiantum to use new ChaCh...
details: https://anonhg.NetBSD.org/src/rev/24a8ffb32b57
branches: trunk
changeset: 974166:24a8ffb32b57
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sat Jul 25 22:47:16 2020 +0000
description:
Convert crypto/adiantum to use new ChaCha API.
diffstat:
sys/crypto/adiantum/adiantum.c | 287 +-----------------------------------
sys/crypto/adiantum/files.adiantum | 4 +-
2 files changed, 12 insertions(+), 279 deletions(-)
diffs (truncated from 371 to 300 lines):
diff -r 693be2301362 -r 24a8ffb32b57 sys/crypto/adiantum/adiantum.c
--- a/sys/crypto/adiantum/adiantum.c Sat Jul 25 22:46:34 2020 +0000
+++ b/sys/crypto/adiantum/adiantum.c Sat Jul 25 22:47:16 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: adiantum.c,v 1.2 2020/07/25 22:41:03 riastradh Exp $ */
+/* $NetBSD: adiantum.c,v 1.3 2020/07/25 22:47:16 riastradh Exp $ */
/*-
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: adiantum.c,v 1.2 2020/07/25 22:41:03 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: adiantum.c,v 1.3 2020/07/25 22:47:16 riastradh Exp $");
#include <sys/types.h>
#include <sys/endian.h>
@@ -51,6 +51,7 @@
#include <crypto/adiantum/adiantum.h>
#include <crypto/aes/aes.h>
+#include <crypto/chacha/chacha.h>
#else /* !defined(_KERNEL) */
@@ -1804,270 +1805,6 @@
return result;
}
-/* ChaCha core */
-
-static uint32_t
-rol32(uint32_t u, unsigned c)
-{
-
- return (u << c) | (u >> (32 - c));
-}
-
-#define CHACHA_QUARTERROUND(a, b, c, d) do { \
- (a) += (b); (d) ^= (a); (d) = rol32((d), 16); \
- (c) += (d); (b) ^= (c); (b) = rol32((b), 12); \
- (a) += (b); (d) ^= (a); (d) = rol32((d), 8); \
- (c) += (d); (b) ^= (c); (b) = rol32((b), 7); \
-} while (/*CONSTCOND*/0)
-
-const uint8_t chacha_const32[16] = "expand 32-byte k";
-
-static void
-chacha_core(uint8_t out[restrict static 64], const uint8_t in[static 16],
- const uint8_t k[static 32], const uint8_t c[static 16], unsigned nr)
-{
- uint32_t x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15;
- uint32_t y0,y1,y2,y3,y4,y5,y6,y7,y8,y9,y10,y11,y12,y13,y14,y15;
- int i;
-
- x0 = y0 = le32dec(c + 0);
- x1 = y1 = le32dec(c + 4);
- x2 = y2 = le32dec(c + 8);
- x3 = y3 = le32dec(c + 12);
- x4 = y4 = le32dec(k + 0);
- x5 = y5 = le32dec(k + 4);
- x6 = y6 = le32dec(k + 8);
- x7 = y7 = le32dec(k + 12);
- x8 = y8 = le32dec(k + 16);
- x9 = y9 = le32dec(k + 20);
- x10 = y10 = le32dec(k + 24);
- x11 = y11 = le32dec(k + 28);
- x12 = y12 = le32dec(in + 0);
- x13 = y13 = le32dec(in + 4);
- x14 = y14 = le32dec(in + 8);
- x15 = y15 = le32dec(in + 12);
-
- for (i = nr; i > 0; i -= 2) {
- CHACHA_QUARTERROUND( y0, y4, y8,y12);
- CHACHA_QUARTERROUND( y1, y5, y9,y13);
- CHACHA_QUARTERROUND( y2, y6,y10,y14);
- CHACHA_QUARTERROUND( y3, y7,y11,y15);
- CHACHA_QUARTERROUND( y0, y5,y10,y15);
- CHACHA_QUARTERROUND( y1, y6,y11,y12);
- CHACHA_QUARTERROUND( y2, y7, y8,y13);
- CHACHA_QUARTERROUND( y3, y4, y9,y14);
- }
-
- le32enc(out + 0, x0 + y0);
- le32enc(out + 4, x1 + y1);
- le32enc(out + 8, x2 + y2);
- le32enc(out + 12, x3 + y3);
- le32enc(out + 16, x4 + y4);
- le32enc(out + 20, x5 + y5);
- le32enc(out + 24, x6 + y6);
- le32enc(out + 28, x7 + y7);
- le32enc(out + 32, x8 + y8);
- le32enc(out + 36, x9 + y9);
- le32enc(out + 40, x10 + y10);
- le32enc(out + 44, x11 + y11);
- le32enc(out + 48, x12 + y12);
- le32enc(out + 52, x13 + y13);
- le32enc(out + 56, x14 + y14);
- le32enc(out + 60, x15 + y15);
-}
-
-/* https://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-00 */
-static int
-chacha_core_selftest(void)
-{
- /* TC1, 32-byte key, rounds=12, keystream block 1 */
- static const uint8_t zero[32];
- static const uint8_t expected0[64] = {
- 0x9b,0xf4,0x9a,0x6a, 0x07,0x55,0xf9,0x53,
- 0x81,0x1f,0xce,0x12, 0x5f,0x26,0x83,0xd5,
- 0x04,0x29,0xc3,0xbb, 0x49,0xe0,0x74,0x14,
- 0x7e,0x00,0x89,0xa5, 0x2e,0xae,0x15,0x5f,
- 0x05,0x64,0xf8,0x79, 0xd2,0x7a,0xe3,0xc0,
- 0x2c,0xe8,0x28,0x34, 0xac,0xfa,0x8c,0x79,
- 0x3a,0x62,0x9f,0x2c, 0xa0,0xde,0x69,0x19,
- 0x61,0x0b,0xe8,0x2f, 0x41,0x13,0x26,0xbe,
- };
- /* TC7, 32-byte key, rounds=12, keystream block 2 */
- static const uint8_t k1[32] = {
- 0x00,0x11,0x22,0x33, 0x44,0x55,0x66,0x77,
- 0x88,0x99,0xaa,0xbb, 0xcc,0xdd,0xee,0xff,
- 0xff,0xee,0xdd,0xcc, 0xbb,0xaa,0x99,0x88,
- 0x77,0x66,0x55,0x44, 0x33,0x22,0x11,0x00,
- };
- static const uint8_t in1[16] = {
- 0x01,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
- 0x0f,0x1e,0x2d,0x3c, 0x4b,0x59,0x68,0x77,
- };
- static const uint8_t expected1[64] = {
- 0xcd,0x9a,0x2a,0xa9, 0xea,0x93,0xc2,0x67,
- 0x5e,0x82,0x88,0x14, 0x08,0xde,0x85,0x2c,
- 0x62,0xfa,0x74,0x6a, 0x30,0xe5,0x2b,0x45,
- 0xa2,0x69,0x62,0xcf, 0x43,0x51,0xe3,0x04,
- 0xd3,0x13,0x20,0xbb, 0xd6,0xaa,0x6c,0xc8,
- 0xf3,0x26,0x37,0xf9, 0x59,0x34,0xe4,0xc1,
- 0x45,0xef,0xd5,0x62, 0x31,0xef,0x31,0x61,
- 0x03,0x28,0x36,0xf4, 0x96,0x71,0x83,0x3e,
- };
- uint8_t out[64];
- int result = 0;
-
- chacha_core(out, zero, zero, chacha_const32, 12);
- if (memcmp(out, expected0, 64)) {
- hexdump(printf, "chacha core 1", out, sizeof out);
- result = -1;
- }
-
- chacha_core(out, in1, k1, chacha_const32, 12);
- if (memcmp(out, expected1, 64)) {
- hexdump(printf, "chacha core 2", out, sizeof out);
- result = -1;
- }
-
- return result;
-}
-
-/* HChaCha */
-
-static void
-hchacha(uint8_t out[restrict static 32], const uint8_t in[static 16],
- const uint8_t k[static 32], const uint8_t c[static 16], unsigned nr)
-{
- uint8_t t[64];
-
- chacha_core(t, in, k, c, nr);
- le32enc(out + 0, le32dec(t + 0) - le32dec(c + 0));
- le32enc(out + 4, le32dec(t + 4) - le32dec(c + 4));
- le32enc(out + 8, le32dec(t + 8) - le32dec(c + 8));
- le32enc(out + 12, le32dec(t + 12) - le32dec(c + 12));
- le32enc(out + 16, le32dec(t + 48) - le32dec(in + 0));
- le32enc(out + 20, le32dec(t + 52) - le32dec(in + 4));
- le32enc(out + 24, le32dec(t + 56) - le32dec(in + 8));
- le32enc(out + 28, le32dec(t + 60) - le32dec(in + 12));
-}
-
-static int
-hchacha_selftest(void)
-{
- /* https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-03, §2.2.1 */
- static const uint8_t k[32] = {
- 0x00,0x01,0x02,0x03, 0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b, 0x0c,0x0d,0x0e,0x0f,
- 0x10,0x11,0x12,0x13, 0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1a,0x1b, 0x1c,0x1d,0x1e,0x1f,
- };
- static const uint8_t in[16] = {
- 0x00,0x00,0x00,0x09, 0x00,0x00,0x00,0x4a,
- 0x00,0x00,0x00,0x00, 0x31,0x41,0x59,0x27,
- };
- static const uint8_t expected[32] = {
- 0x82,0x41,0x3b,0x42, 0x27,0xb2,0x7b,0xfe,
- 0xd3,0x0e,0x42,0x50, 0x8a,0x87,0x7d,0x73,
- 0xa0,0xf9,0xe4,0xd5, 0x8a,0x74,0xa8,0x53,
- 0xc1,0x2e,0xc4,0x13, 0x26,0xd3,0xec,0xdc,
- };
- uint8_t out[32];
- int result = 0;
-
- hchacha(out, in, k, chacha_const32, 20);
- if (memcmp(out, expected, 32)) {
- hexdump(printf, "hchacha", out, sizeof out);
- result = -1;
- }
-
- return result;
-}
-
-/* XChaCha */
-
-static void
-xchacha_xor(uint8_t *c, const uint8_t *p, size_t nbytes,
- const uint8_t nonce[static 24], const uint8_t k[static 32], unsigned nr)
-{
- uint8_t h[32];
- uint8_t in[16];
- uint8_t block[64];
- unsigned i;
-
- hchacha(h, nonce, k, chacha_const32, nr);
- memset(in, 0, 8);
- memcpy(in + 8, nonce + 16, 8);
-
- for (; nbytes; nbytes -= i, c += i, p += i) {
- chacha_core(block, in, h, chacha_const32, nr);
- for (i = 0; i < MIN(nbytes, 64); i++)
- c[i] = p[i] ^ block[i];
- le32enc(in, 1 + le32dec(in));
- }
-}
-
-static int
-xchacha_selftest(void)
-{
- /* https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-03, A.2.2 */
- static const uint8_t k[32] = {
- 0x80,0x81,0x82,0x83, 0x84,0x85,0x86,0x87,
- 0x88,0x89,0x8a,0x8b, 0x8c,0x8d,0x8e,0x8f,
- 0x90,0x91,0x92,0x93, 0x94,0x95,0x96,0x97,
- 0x98,0x99,0x9a,0x9b, 0x9c,0x9d,0x9e,0x9f,
- };
- static const uint8_t nonce[24] = {
- 0x40,0x41,0x42,0x43, 0x44,0x45,0x46,0x47,
- 0x48,0x49,0x4a,0x4b, 0x4c,0x4d,0x4e,0x4f,
- 0x50,0x51,0x52,0x53, 0x54,0x55,0x56,0x58,
- };
- static const uint8_t p[128] = {
- 0x54,0x68,0x65,0x20, 0x64,0x68,0x6f,0x6c,
- 0x65,0x20,0x28,0x70, 0x72,0x6f,0x6e,0x6f,
- 0x75,0x6e,0x63,0x65, 0x64,0x20,0x22,0x64,
- 0x6f,0x6c,0x65,0x22, 0x29,0x20,0x69,0x73,
- 0x20,0x61,0x6c,0x73, 0x6f,0x20,0x6b,0x6e,
- 0x6f,0x77,0x6e,0x20, 0x61,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x41, 0x73,0x69,0x61,0x74,
- 0x69,0x63,0x20,0x77, 0x69,0x6c,0x64,0x20,
- 0x64,0x6f,0x67,0x2c, 0x20,0x72,0x65,0x64,
- 0x20,0x64,0x6f,0x67, 0x2c,0x20,0x61,0x6e,
- 0x64,0x20,0x77,0x68, 0x69,0x73,0x74,0x6c,
- 0x69,0x6e,0x67,0x20, 0x64,0x6f,0x67,0x2e,
- 0x20,0x49,0x74,0x20, 0x69,0x73,0x20,0x61,
- 0x62,0x6f,0x75,0x74, 0x20,0x74,0x68,0x65,
- 0x20,0x73,0x69,0x7a, 0x65,0x20,0x6f,0x66,
- 0x20,0x61,0x20,0x47, 0x65,0x72,0x6d,0x61,
- };
- static const uint8_t expected[128] = {
- 0x45,0x59,0xab,0xba, 0x4e,0x48,0xc1,0x61,
- 0x02,0xe8,0xbb,0x2c, 0x05,0xe6,0x94,0x7f,
- 0x50,0xa7,0x86,0xde, 0x16,0x2f,0x9b,0x0b,
- 0x7e,0x59,0x2a,0x9b, 0x53,0xd0,0xd4,0xe9,
- 0x8d,0x8d,0x64,0x10, 0xd5,0x40,0xa1,0xa6,
- 0x37,0x5b,0x26,0xd8, 0x0d,0xac,0xe4,0xfa,
- 0xb5,0x23,0x84,0xc7, 0x31,0xac,0xbf,0x16,
- 0xa5,0x92,0x3c,0x0c, 0x48,0xd3,0x57,0x5d,
- 0x4d,0x0d,0x2c,0x67, 0x3b,0x66,0x6f,0xaa,
- 0x73,0x10,0x61,0x27, 0x77,0x01,0x09,0x3a,
- 0x6b,0xf7,0xa1,0x58, 0xa8,0x86,0x42,0x92,
- 0xa4,0x1c,0x48,0xe3, 0xa9,0xb4,0xc0,0xda,
- 0xec,0xe0,0xf8,0xd9, 0x8d,0x0d,0x7e,0x05,
- 0xb3,0x7a,0x30,0x7b, 0xbb,0x66,0x33,0x31,
- 0x64,0xec,0x9e,0x1b, 0x24,0xea,0x0d,0x6c,
- 0x3f,0xfd,0xdc,0xec, 0x4f,0x68,0xe7,0x44,
- };
- uint8_t c[128];
- int result = 0;
-
- xchacha_xor(c, p, 128, nonce, k, 20);
- if (memcmp(c, expected, 128)) {
- hexdump(printf, "xchacha", c, sizeof c);
- result = -1;
- }
-
- return result;
-}
-
void
adiantum_init(struct adiantum *A, const uint8_t key[static 32])
{
@@ -2078,7 +1815,8 @@
/* Relies on ordering of struct members. */
Home |
Main Index |
Thread Index |
Old Index