You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
4.4KB

  1. --- monocypher.c.orig 2018-02-14 21:36:48.000000000 +0200
  2. +++ monocypher.c 2018-02-21 15:10:32.000000000 +0200
  3. @@ -1780,26 +1780,26 @@
  4. void crypto_lock_aead(u8 mac[16],
  5. u8 *cipher_text,
  6. const u8 key[32],
  7. - const u8 nonce[24],
  8. + const u8 nonce[12],
  9. const u8 *ad , size_t ad_size,
  10. const u8 *plain_text, size_t text_size)
  11. {
  12. crypto_lock_ctx ctx;
  13. - crypto_lock_init (&ctx, key, nonce);
  14. - crypto_lock_auth_ad(&ctx, ad, ad_size);
  15. - crypto_lock_update (&ctx, cipher_text, plain_text, text_size);
  16. - crypto_lock_final (&ctx, mac);
  17. + crypto_lock_ietf_init(&ctx, key, nonce);
  18. + crypto_lock_auth_ad (&ctx, ad, ad_size);
  19. + crypto_lock_update (&ctx, cipher_text, plain_text, text_size);
  20. + crypto_lock_final (&ctx, mac);
  21. }
  22. int crypto_unlock_aead(u8 *plain_text,
  23. const u8 key[32],
  24. - const u8 nonce[24],
  25. + const u8 nonce[12],
  26. const u8 mac[16],
  27. const u8 *ad , size_t ad_size,
  28. const u8 *cipher_text, size_t text_size)
  29. {
  30. crypto_unlock_ctx ctx;
  31. - crypto_unlock_init (&ctx, key, nonce);
  32. + crypto_unlock_ietf_init (&ctx, key, nonce);
  33. crypto_unlock_auth_ad (&ctx, ad, ad_size);
  34. crypto_unlock_auth_message(&ctx, cipher_text, text_size);
  35. crypto_chacha_ctx chacha_ctx = ctx.chacha; // avoid the wiping...
  36. @@ -1830,3 +1830,29 @@
  37. return crypto_unlock_aead(plain_text, key, nonce, mac, 0, 0,
  38. cipher_text, text_size);
  39. }
  40. +
  41. +void crypto_chacha20_ietf_init(crypto_chacha_ctx *ctx,
  42. + const uint8_t key[32],
  43. + const uint8_t nonce[12])
  44. +{
  45. + crypto_chacha20_init (ctx, key, nonce + 4);
  46. + crypto_chacha20_set_ctr(ctx,
  47. + (uint64_t)nonce[0] << 32
  48. + | (uint64_t)nonce[1] << 40
  49. + | (uint64_t)nonce[2] << 48
  50. + | (uint64_t)nonce[3] << 56);
  51. +}
  52. +
  53. +void crypto_lock_ietf_init(crypto_lock_ctx *ctx,
  54. + const uint8_t key [32],
  55. + const uint8_t nonce[12]) // 96 bits!
  56. +{
  57. + u8 auth_key[64]; // "Wasting" the whole Chacha block is faster
  58. + ctx->ad_phase = 1;
  59. + ctx->ad_size = 0;
  60. + ctx->message_size = 0;
  61. + crypto_chacha20_ietf_init(&ctx->chacha, key, nonce); // IETF!
  62. + crypto_chacha20_stream(&ctx->chacha, auth_key, 64);
  63. + crypto_poly1305_init (&ctx->poly , auth_key);
  64. + WIPE_BUFFER(auth_key);
  65. +}
  66. --- monocypher.h.orig 2018-02-13 22:30:07.000000000 +0200
  67. +++ monocypher.h 2018-02-21 13:09:34.000000000 +0200
  68. @@ -102,12 +102,12 @@
  69. void crypto_lock_aead(uint8_t mac[16],
  70. uint8_t *cipher_text,
  71. const uint8_t key[32],
  72. - const uint8_t nonce[24],
  73. + const uint8_t nonce[12],
  74. const uint8_t *ad , size_t ad_size,
  75. const uint8_t *plain_text, size_t text_size);
  76. int crypto_unlock_aead(uint8_t *plain_text,
  77. const uint8_t key[32],
  78. - const uint8_t nonce[24],
  79. + const uint8_t nonce[12],
  80. const uint8_t mac[16],
  81. const uint8_t *ad , size_t ad_size,
  82. const uint8_t *cipher_text, size_t text_size);
  83. @@ -129,6 +129,7 @@
  84. // Incremental interface (decryption)
  85. #define crypto_unlock_init crypto_lock_init
  86. +#define crypto_unlock_ietf_init crypto_lock_ietf_init
  87. #define crypto_unlock_auth_ad crypto_lock_auth_ad
  88. #define crypto_unlock_auth_message crypto_lock_auth_message
  89. void crypto_unlock_update(crypto_unlock_ctx *ctx,
  90. @@ -276,4 +277,11 @@
  91. const uint8_t your_secret_key [32],
  92. const uint8_t their_public_key [32]);
  93. +void crypto_chacha20_ietf_init(crypto_chacha_ctx *ctx,
  94. + const uint8_t key[32],
  95. + const uint8_t nonce[12]);
  96. +void crypto_lock_ietf_init(crypto_lock_ctx *ctx,
  97. + const uint8_t key [32],
  98. + const uint8_t nonce[12]);
  99. +
  100. #endif // MONOCYPHER_H