/** * \brief Reseeds the random number generator from operating system entropy. * * \param state The RandState object. * * \return NOISE_ERROR_NONE on success. * \return NOISE_ERROR_INVALID_PARAM if \a state is NULL. * * This function forces the random number generator to fetch fresh entropy * from the operating system. Normally this isn't necessary because * noise_randstate_generate() will reseed automatically when necessary. * * If the application needs to generate a highly critical value such as a * new keypair then it may want to force a reseed. Even this isn't necessary * for \ref dhstate "DHState" and \ref signstate "SignState" which already * seek fresh operating system entropy when generating keypairs. * * \sa noise_randstate_generate() */ int noise_randstate_reseed(NoiseRandState *state) { uint8_t data[40]; /* Validate the parameter */ if (!state) return NOISE_ERROR_INVALID_PARAM; /* Get new random data from the operating system, encrypt it with the previous key/IV, and then replace the key/IV */ noise_rand_bytes(data, sizeof(data)); chacha_encrypt_bytes(&(state->chacha), data, data, sizeof(data)); chacha_keysetup(&(state->chacha), data, 256); chacha_ivsetup(&(state->chacha), data + 32, 0); state->left = NOISE_RAND_RESEED_COUNT; /* And force a rekey as well for good measure */ memset(data, 0, sizeof(data)); chacha_encrypt_bytes(&(state->chacha), data, data, sizeof(data)); chacha_keysetup(&(state->chacha), data, 256); chacha_ivsetup(&(state->chacha), data + 32, 0); noise_clean(data, sizeof(data)); /* Ready to go */ return NOISE_ERROR_NONE; }
void chachapoly_init(struct chachapoly_ctx *ctx, const u_char *key, u_int keylen) { // if (keylen != (32 + 32)) /* 2 x 256 bit keys */ // fatal("%s: invalid keylen %u", __func__, keylen); chacha_keysetup(&ctx->main_ctx, key, 256); chacha_keysetup(&ctx->header_ctx, key + 32, 256); }
int chachapoly_init(struct chachapoly_ctx *ctx, const u_char *key, u_int keylen) { if (keylen != (32 + 32)) /* 2 x 256 bit keys */ return SSH_ERR_INVALID_ARGUMENT; chacha_keysetup(&ctx->main_ctx, key, 256); chacha_keysetup(&ctx->header_ctx, key + 32, 256); return 0; }
/* setup needed for both encrypt & decrypt */ static void setup(u64 mlen, u64 adlen, const byte *npub, const byte *k) { assert( k != NULL) ; assert( npub != NULL) ; /* run ChaCha key schedule and then ChaCha */ chacha_keysetup(chacha_ctx, (byte *) k, 256, 64) ; chacha_ivsetup(chacha_ctx, npub) ; chacha_round() ; /* set up H, I & finalblock for authentication */ chacha_copy( H, 1 ) ; memcpy( I, H, AUTH_BYTES ) ; store64((byte *) finalblock,8 * adlen); store64(((byte *) finalblock) + 8,8 * mlen); /* random init for counter */ chacha_copy( counter, 1 ) ; iter_count = 0 ; /* use ChaCha to generate aes round keys */ chacha_copy( aes_rk, AES_RKEYS ) ; #ifdef TESTING printf( "setup: called for %lld text and %lld ad\n", mlen, adlen ) ; printf( "setup: round keys start with %08x %08x\n", aes_rk[0], aes_rk[1] ) ; #endif }
/** * \brief Creates a new random number generator. * * \param state Points to the variable where to store the pointer to * the new RandState object. * * \return NOISE_ERROR_NONE on success. * \return NOISE_ERROR_INVALID_PARAM if \a state is NULL. * \return NOISE_ERROR_NO_MEMORY if there is insufficient memory to * allocate the new RandState object. * * \sa noise_randstate_free(), noise_randstate_generate() */ int noise_randstate_new(NoiseRandState **state) { /* Starting key for the random state before the first reseed. This is the SHA256 initialization vector, to introduce a little chaos into the starting state. */ static uint8_t const starting_key[32] = { 0x6A, 0x09, 0xE6, 0x67, 0xBB, 0x67, 0xAE, 0x85, 0x3C, 0x6E, 0xF3, 0x72, 0xA5, 0x4F, 0xF5, 0x3A, 0x51, 0x0E, 0x52, 0x7F, 0x9B, 0x05, 0x68, 0x8C, 0x1F, 0x83, 0xD9, 0xAB, 0x5B, 0xE0, 0xCD, 0x19 }; /* Validate the parameter */ if (!state) return NOISE_ERROR_INVALID_PARAM; /* Create the random number generator state */ *state = noise_new(NoiseRandState); if (!(*state)) return NOISE_ERROR_NO_MEMORY; /* Initialize the random number generator */ chacha_keysetup(&((*state)->chacha), starting_key, 256); noise_randstate_reseed((*state)); return NOISE_ERROR_NONE; }
static inline void _rs_init(unsigned char *buf, size_t n) { if (n < KEYSZ + IVSZ) return; chacha_keysetup(&rs, buf, KEYSZ * 8, 0); chacha_ivsetup(&rs, buf + KEYSZ); }
/** * \brief Forces a rekey on the random number generator. * * \param state The state of the random number generator. */ static void noise_randstate_rekey(NoiseRandState *state) { uint8_t data[40]; memset(data, 0, sizeof(data)); chacha_encrypt_bytes(&(state->chacha), data, data, sizeof(data)); chacha_keysetup(&(state->chacha), data, 256); chacha_ivsetup(&(state->chacha), data + 32, 0); noise_clean(data, sizeof(data)); }
/* Initialise the encryption routine by setting up the key schedule * from the supplied <*data> which must be RANDOM_KEYSIZE bytes of binary * data. */ void randomdev_encrypt_init(union randomdev_key *context, const void *data) { if (random_chachamode) { chacha_keysetup(&context->chacha, data, RANDOM_KEYSIZE * 8); } else { rijndael_cipherInit(&context->cipher, MODE_ECB, NULL); rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data); } }
kcl_err_t kcl_chacha_init(void **ctxp, const void *key, size_t keysize, const void *iv, size_t ivsize, uint64_t counter) { chacha_ctx *chacha; if ((chacha = kcl_malloc(sizeof(chacha_ctx))) == NULL) return KCL_ERR_NOMEM; chacha_keysetup(chacha, key, keysize); chacha_ivsetup(chacha, iv, ivsize, counter); *ctxp = chacha; return KCL_ERR_NONE; }
void hs1siv_chacha256(void *out, unsigned outbytes, unsigned char *iv, void *user_key) { chacha_ctx_t ctx; // CHANGE typecasting added chacha_keysetup(&ctx, (unsigned char*)user_key, 256); chacha_ivsetup(&ctx,iv); #if ( ! HS1_SIV_XOR ) memset(out, 0, outbytes); #endif // CHANGE typecasting added chacha_xor(&ctx,(unsigned char*)out,(unsigned char*)out,outbytes); }
static inline void _rs_init(u_char *buf, size_t n) { if (n < KEYSZ + IVSZ) return; if (rs == NULL) { if (_rs_allocate(&rs, &rsx) == -1) abort(); } chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); }
void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, const unsigned char key[32], const unsigned char iv[8], size_t counter) { struct chacha_ctx ctx; /* * chacha_ivsetup expects the counter to be in u8. Rather than * converting size_t to u8 and then back again, pass a counter of * NULL and manually assign it afterwards. */ chacha_keysetup(&ctx, key, 256); chacha_ivsetup(&ctx, iv, NULL); if (counter != 0) { ctx.input[12] = (uint32_t)counter; ctx.input[13] = (uint32_t)(((uint64_t)counter) >> 32); }
static inline void _rs_init(u_char *buf, size_t n) { if (n < KEYSZ + IVSZ) return; if (rs == NULL) { #ifndef GETDNS_ON_WINDOWS if ((rs = mmap(NULL, sizeof(*rs), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) abort(); #ifdef MAP_INHERIT_ZERO if (minherit(rs, sizeof(*rs), MAP_INHERIT_ZERO) == -1) abort(); #endif #else /* WINDOWS */ rs = malloc(sizeof(*rs)); if(!rs) abort(); #endif } if (rsx == NULL) { #ifndef GETDNS_ON_WINDOWS if ((rsx = mmap(NULL, sizeof(*rsx), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) abort(); #else /* WINDOWS */ rsx = malloc(sizeof(*rsx)); if(!rsx) abort(); #endif } chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); }
void ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, uint32_t keybits) { chacha_keysetup((chacha_ctx *)ctx, key, keybits); }