arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use ROUNDS constant for ChaChaTLS

pull/795/head
Jeffrey Walton 2019-01-25 23:27:48 -05:00
parent 76bdb328a6
commit b9d2310beb
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
2 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
chacha.cpp
View File

@ -384,7 +384,7 @@ void ChaChaTLS_Policy::CipherSetKey(const NameValuePairs &params, const byte *ke
CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 32); CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 32);
// ChaChaTLS is always 20 rounds. Fetch Rounds() to avoid a spurious failure. // ChaChaTLS is always 20 rounds. Fetch Rounds() to avoid a spurious failure.
int rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds); int rounds = params.GetIntValueWithDefault(Name::Rounds(), ROUNDS);
if (rounds != 20) if (rounds != 20)
throw InvalidRounds(ChaChaTLS::StaticAlgorithmName(), rounds); throw InvalidRounds(ChaChaTLS::StaticAlgorithmName(), rounds);
@ -423,12 +423,6 @@ void ChaChaTLS_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV
get(m_state[13])(m_state[14])(m_state[15]); get(m_state[13])(m_state[14])(m_state[15]);
} }
void ChaChaTLS_Policy::CipherResynchronize(byte *keystreamBuffer, word32 initialBlock, const byte *IV, size_t length)
{
m_state[16] = initialBlock;
this->CipherResynchronize(keystreamBuffer, IV, length);
}
void ChaChaTLS_Policy::SeekToIteration(lword iterationCount) void ChaChaTLS_Policy::SeekToIteration(lword iterationCount)
{ {
// Should we throw here??? If the initial block counter is // Should we throw here??? If the initial block counter is
@ -454,14 +448,15 @@ void ChaChaTLS_Policy::OperateKeystream(KeystreamOperation operation,
{ {
word32 discard=0; word32 discard=0;
ChaCha_OperateKeystream(operation, m_state, m_state[12], discard, ChaCha_OperateKeystream(operation, m_state, m_state[12], discard,
m_rounds, output, input, iterationCount); ROUNDS, output, input, iterationCount);
// If this fires it means ChaCha_OperateKeystream generated a counter // If this fires it means ChaCha_OperateKeystream generated a counter
// block carry that was discarded. The problem is, the RFC does not // block carry that was discarded. The problem is, the RFC does not
// specify what should happen when the counter block wraps. All we can // specify what should happen when the counter block wraps. All we can
// do is inform the user that something bad may happen because we don't // do is inform the user that something bad may happen because we don't
// know what we should do. // know what we should do.
// Also see https://github.com/weidai11/cryptopp/issues/790. // Also see https://github.com/weidai11/cryptopp/issues/790 and
// https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU
CRYPTOPP_ASSERT(discard==0); CRYPTOPP_ASSERT(discard==0);
} }

9
chacha.h
View File

@ -114,7 +114,6 @@ protected:
void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length); void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
void CipherResynchronize(byte *keystreamBuffer, word32 initialBlock, const byte *IV, size_t length);
bool CipherIsRandomAccess() const {return true;} bool CipherIsRandomAccess() const {return true;}
void SeekToIteration(lword iterationCount); void SeekToIteration(lword iterationCount);
unsigned int GetAlignment() const; unsigned int GetAlignment() const;
@ -124,7 +123,7 @@ protected:
std::string AlgorithmProvider() const; std::string AlgorithmProvider() const;
FixedSizeAlignedSecBlock<word32, 16+1> m_state; FixedSizeAlignedSecBlock<word32, 16+1> m_state;
CRYPTOPP_CONSTANT(m_rounds = ChaChaTLS_Info::ROUNDS) CRYPTOPP_CONSTANT(ROUNDS = ChaChaTLS_Info::ROUNDS)
}; };
/// \brief ChaCha-TLS stream cipher /// \brief ChaCha-TLS stream cipher
@ -135,8 +134,10 @@ protected:
/// <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>, /// <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
/// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and /// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and
/// <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. /// <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
/// \sa <a href="https://tools.ietf.org/html/rfc8439">ChaCha20 and Poly1305 for /// \sa <a href="https://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and
/// IETF Protocols</a> and <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue /// Poly1305 for IETF Protocols</a>, <A HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
/// to handle block counter wrap in IETF's ChaCha algorithm?</A> and
/// <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue
/// 790, ChaChaTLS results when counter block wraps</A>. /// 790, ChaChaTLS results when counter block wraps</A>.
/// \since Crypto++ 8.1 /// \since Crypto++ 8.1
struct ChaChaTLS : public ChaChaTLS_Info, public SymmetricCipherDocumentation struct ChaChaTLS : public ChaChaTLS_Info, public SymmetricCipherDocumentation