static int crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, const uint8_t *n, uint64_t ic, const uint8_t *k, int method) { switch (method) { case SALSA20: return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k); case CHACHA20: return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k); } // always return 0 return 0; }
int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, const unsigned char *k) { unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; crypto_core_hchacha20(k2, n, k, NULL); return crypto_stream_chacha20_xor_ic(c, m, mlen, n + crypto_core_hchacha20_INPUTBYTES, ic, k2); }
int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *mac, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) { crypto_onetimeauth_poly1305_state state; unsigned char block0[64U]; unsigned char slen[8U]; unsigned char computed_mac[crypto_aead_chacha20poly1305_ABYTES]; unsigned long long mlen; int ret; (void) nsec; crypto_stream_chacha20(block0, sizeof block0, npub, k); crypto_onetimeauth_poly1305_init(&state, block0); sodium_memzero(block0, sizeof block0); crypto_onetimeauth_poly1305_update(&state, ad, adlen); STORE64_LE(slen, (uint64_t) adlen); crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); mlen = clen; crypto_onetimeauth_poly1305_update(&state, c, mlen); STORE64_LE(slen, (uint64_t) mlen); crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); crypto_onetimeauth_poly1305_final(&state, computed_mac); sodium_memzero(&state, sizeof state); COMPILER_ASSERT(sizeof computed_mac == 16U); ret = crypto_verify_16(computed_mac, mac); sodium_memzero(computed_mac, sizeof computed_mac); if (m == NULL) { return ret; } if (ret != 0) { memset(m, 0, mlen); return -1; } crypto_stream_chacha20_xor_ic(m, c, mlen, npub, 1U, k); return 0; }
void cipher_update(struct encryption_ctx *ctx, unsigned char *out, size_t *outlen, unsigned char *in, size_t inlen) { if (ctx->cipher == CIPHER_OPENSSL) { EVP_CipherUpdate(ctx->ctx, out, (int *) outlen, in, inlen); } else if (ctx->cipher == CIPHER_SODIUM) { size_t padding = ctx->bytes_remaining; memcpy(sodium_buf + padding, in, inlen); if (_method == ENCRYPTION_SALSA20) { crypto_stream_salsa20_xor_ic(sodium_buf, sodium_buf, padding + inlen, ctx->iv, ctx->ic, _key); } else if (_method == ENCRYPTION_CHACHA20) { crypto_stream_chacha20_xor_ic(sodium_buf, sodium_buf, padding + inlen, ctx->iv, ctx->ic, _key); } *outlen = inlen; memcpy(out, sodium_buf + padding, inlen); padding += inlen; ctx->ic += padding / SODIUM_BLOCK_SIZE; ctx->bytes_remaining = padding % SODIUM_BLOCK_SIZE; } }
static int crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, const uint8_t *n, uint64_t ic, const uint8_t *k, int method) { //////////////////////////// #if 1 FATAL("not implement"); return 0; #else /////////////////////////// switch (method) { case SALSA20: return crypto_stream_salsa20_xor_ic(c, m, mlen, n, ic, k); case CHACHA20: return crypto_stream_chacha20_xor_ic(c, m, mlen, n, ic, k); } // always return 0 return 0; #endif }
int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k) { crypto_onetimeauth_poly1305_state state; unsigned char block0[64U]; unsigned char slen[8U]; (void) nsec; crypto_stream_chacha20(block0, sizeof block0, npub, k); crypto_onetimeauth_poly1305_init(&state, block0); sodium_memzero(block0, sizeof block0); crypto_onetimeauth_poly1305_update(&state, ad, adlen); STORE64_LE(slen, (uint64_t) adlen); crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); crypto_stream_chacha20_xor_ic(c, m, mlen, npub, 1U, k); crypto_onetimeauth_poly1305_update(&state, c, mlen); STORE64_LE(slen, (uint64_t) mlen); crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); crypto_onetimeauth_poly1305_final(&state, mac); sodium_memzero(&state, sizeof state); if (maclen_p != NULL) { *maclen_p = crypto_aead_chacha20poly1305_ABYTES; } return 0; }
static void tv(void) { static struct { const char *key_hex; const char *nonce_hex; } tests[] = { { "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000" }, { "0000000000000000000000000000000000000000000000000000000000000001", "0000000000000000" }, { "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000001" }, { "0000000000000000000000000000000000000000000000000000000000000000", "0100000000000000" }, { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "0001020304050607" } }; unsigned char key[crypto_stream_chacha20_KEYBYTES]; unsigned char nonce[crypto_stream_chacha20_NONCEBYTES]; unsigned char *part; unsigned char out[160]; unsigned char zero[160]; char out_hex[160 * 2 + 1]; size_t i = 0U; size_t plen; memset(zero, 0, sizeof zero); do { sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex, strlen(tests[i].key_hex), NULL, NULL, NULL); sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL, NULL, NULL); crypto_stream_chacha20(out, sizeof out, nonce, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); for (plen = 1U; plen < sizeof out; plen++) { part = (unsigned char *) sodium_malloc(plen); crypto_stream_chacha20_xor(part, out, plen, nonce, key); if (memcmp(part, zero, plen) != 0) { printf("Failed with length %lu\n", (unsigned long) plen); } sodium_free(part); } } while (++i < (sizeof tests) / (sizeof tests[0])); randombytes_buf(out, sizeof out); crypto_stream_chacha20(out, sizeof out, nonce, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); assert(crypto_stream_chacha20(out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_xor_ic(out, out, 0U, nonce, 1U, key) == 0); memset(out, 0x42, sizeof out); crypto_stream_chacha20_xor(out, out, sizeof out, nonce, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 0U, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 1U, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); };