zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
319 Commits
183 Branches
291 MiB
Tree: 42c6a64e04
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42c6a64e04'
${ noResults }
tendermint/xchacha20poly1305/xchachapoly.go

238 lines
6.3 KiB
Raw Normal View History

Initial implementation of xchacha20poly1035 aead
7 years ago
Remove panic and check the round trip
7 years ago
Initial implementation of xchacha20poly1035 aead
7 years ago
Add the libsodium test vector
7 years ago
Initial implementation of xchacha20poly1035 aead
7 years ago
Add the libsodium test vector
7 years ago
Initial implementation of xchacha20poly1035 aead
7 years ago
Remove panic and check the round trip
7 years ago
Initial implementation of xchacha20poly1035 aead
7 years ago
Remove panic and check the round trip
7 years ago
Initial implementation of xchacha20poly1035 aead
7 years ago
 
  1. package xchacha20poly1305
  2. 

  3. import (
  4. 	"crypto/cipher"
  5. 	"encoding/binary"
  6. 	"errors"
  7. 	"fmt"
  8. 

  9. 	"golang.org/x/crypto/chacha20poly1305"
  10. )
  11. 

  12. var sigma = [4]uint32{0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}
  13. 

  14. type xchacha20poly1305 struct {
  15. 	key [KeySize]byte
  16. }
  17. 

  18. const (
  19. 	// KeySize is the size of the key used by this AEAD, in bytes.

  20. 	KeySize = 32
  21. 	// NonceSize is the size of the nonce used with this AEAD, in bytes.

  22. 	NonceSize = 24
  23. )
  24. 

  25. //New xChaChapoly1305 AEAD with 24 byte nonces

  26. func New(key []byte) (cipher.AEAD, error) {
  27. 	if len(key) != KeySize {
  28. 		return nil, errors.New("chacha20poly1305: bad key length")
  29. 	}
  30. 	ret := new(xchacha20poly1305)
  31. 	copy(ret.key[:], key)
  32. 	return ret, nil
  33. 

  34. }
  35. func (c *xchacha20poly1305) NonceSize() int {
  36. 	return NonceSize
  37. }
  38. 

  39. func (c *xchacha20poly1305) Overhead() int {
  40. 	return 16
  41. }
  42. 

  43. func (c *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
  44. 	if len(nonce) != NonceSize {
  45. 		panic("xchacha20poly1305: bad nonce length passed to Seal")
  46. 	}
  47. 

  48. 	if uint64(len(plaintext)) > (1<<38)-64 {
  49. 		panic("xchacha20poly1305: plaintext too large")
  50. 	}
  51. 

  52. 	var subKey [KeySize]byte
  53. 	var hNonce [16]byte
  54. 	var subNonce [chacha20poly1305.NonceSize]byte
  55. 	copy(hNonce[:], nonce[:16])
  56. 

  57. 	HChaCha20(&subKey, &hNonce, &c.key)
  58. 

  59. 	chacha20poly1305, _ := chacha20poly1305.New(subKey[:])
  60. 

  61. 	copy(subNonce[4:], nonce[16:])
  62. 

  63. 	return chacha20poly1305.Seal(dst, subNonce[:], plaintext, additionalData)
  64. }
  65. 

  66. func (c *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
  67. 	if len(nonce) != NonceSize {
  68. 		return nil, fmt.Errorf("xchacha20poly1305: bad nonce length passed to Open")
  69. 	}
  70. 	if uint64(len(ciphertext)) > (1<<38)-48 {
  71. 		return nil, fmt.Errorf("xchacha20poly1305: ciphertext too large")
  72. 	}
  73. 	var subKey [KeySize]byte
  74. 	var hNonce [16]byte
  75. 	var subNonce [chacha20poly1305.NonceSize]byte
  76. 	copy(hNonce[:], nonce[:16])
  77. 

  78. 	HChaCha20(&subKey, &hNonce, &c.key)
  79. 

  80. 	chacha20poly1305, _ := chacha20poly1305.New(subKey[:])
  81. 

  82. 	copy(subNonce[4:], nonce[16:])
  83. 

  84. 	return chacha20poly1305.Open(dst, subNonce[:], ciphertext, additionalData)
  85. }
  86. 

  87. // The MIT License (MIT)

  88. 

  89. // Copyright (c) 2016 Andreas Auernhammer

  90. 

  91. // Permission is hereby granted, free of charge, to any person obtaining a copy

  92. // of this software and associated documentation files (the "Software"), to deal

  93. // in the Software without restriction, including without limitation the rights

  94. // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  95. // copies of the Software, and to permit persons to whom the Software is

  96. // furnished to do so, subject to the following conditions:

  97. 

  98. // The above copyright notice and this permission notice shall be included in all

  99. // copies or substantial portions of the Software.

  100. 

  101. // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  102. // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  103. // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  104. // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  105. // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  106. // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  107. // SOFTWARE.

  108. 

  109. // HChaCha20 generates 32 pseudo-random bytes from a 128 bit nonce and a 256 bit secret key.

  110. // It can be used as a key-derivation-function (KDF).

  111. func HChaCha20(out *[32]byte, nonce *[16]byte, key *[32]byte) { hChaCha20Generic(out, nonce, key) }
  112. 

  113. func hChaCha20Generic(out *[32]byte, nonce *[16]byte, key *[32]byte) {
  114. 	v00 := sigma[0]
  115. 	v01 := sigma[1]
  116. 	v02 := sigma[2]
  117. 	v03 := sigma[3]
  118. 	v04 := binary.LittleEndian.Uint32(key[0:])
  119. 	v05 := binary.LittleEndian.Uint32(key[4:])
  120. 	v06 := binary.LittleEndian.Uint32(key[8:])
  121. 	v07 := binary.LittleEndian.Uint32(key[12:])
  122. 	v08 := binary.LittleEndian.Uint32(key[16:])
  123. 	v09 := binary.LittleEndian.Uint32(key[20:])
  124. 	v10 := binary.LittleEndian.Uint32(key[24:])
  125. 	v11 := binary.LittleEndian.Uint32(key[28:])
  126. 	v12 := binary.LittleEndian.Uint32(nonce[0:])
  127. 	v13 := binary.LittleEndian.Uint32(nonce[4:])
  128. 	v14 := binary.LittleEndian.Uint32(nonce[8:])
  129. 	v15 := binary.LittleEndian.Uint32(nonce[12:])
  130. 

  131. 	for i := 0; i < 20; i += 2 {
  132. 		v00 += v04
  133. 		v12 ^= v00
  134. 		v12 = (v12 << 16) | (v12 >> 16)
  135. 		v08 += v12
  136. 		v04 ^= v08
  137. 		v04 = (v04 << 12) | (v04 >> 20)
  138. 		v00 += v04
  139. 		v12 ^= v00
  140. 		v12 = (v12 << 8) | (v12 >> 24)
  141. 		v08 += v12
  142. 		v04 ^= v08
  143. 		v04 = (v04 << 7) | (v04 >> 25)
  144. 		v01 += v05
  145. 		v13 ^= v01
  146. 		v13 = (v13 << 16) | (v13 >> 16)
  147. 		v09 += v13
  148. 		v05 ^= v09
  149. 		v05 = (v05 << 12) | (v05 >> 20)
  150. 		v01 += v05
  151. 		v13 ^= v01
  152. 		v13 = (v13 << 8) | (v13 >> 24)
  153. 		v09 += v13
  154. 		v05 ^= v09
  155. 		v05 = (v05 << 7) | (v05 >> 25)
  156. 		v02 += v06
  157. 		v14 ^= v02
  158. 		v14 = (v14 << 16) | (v14 >> 16)
  159. 		v10 += v14
  160. 		v06 ^= v10
  161. 		v06 = (v06 << 12) | (v06 >> 20)
  162. 		v02 += v06
  163. 		v14 ^= v02
  164. 		v14 = (v14 << 8) | (v14 >> 24)
  165. 		v10 += v14
  166. 		v06 ^= v10
  167. 		v06 = (v06 << 7) | (v06 >> 25)
  168. 		v03 += v07
  169. 		v15 ^= v03
  170. 		v15 = (v15 << 16) | (v15 >> 16)
  171. 		v11 += v15
  172. 		v07 ^= v11
  173. 		v07 = (v07 << 12) | (v07 >> 20)
  174. 		v03 += v07
  175. 		v15 ^= v03
  176. 		v15 = (v15 << 8) | (v15 >> 24)
  177. 		v11 += v15
  178. 		v07 ^= v11
  179. 		v07 = (v07 << 7) | (v07 >> 25)
  180. 		v00 += v05
  181. 		v15 ^= v00
  182. 		v15 = (v15 << 16) | (v15 >> 16)
  183. 		v10 += v15
  184. 		v05 ^= v10
  185. 		v05 = (v05 << 12) | (v05 >> 20)
  186. 		v00 += v05
  187. 		v15 ^= v00
  188. 		v15 = (v15 << 8) | (v15 >> 24)
  189. 		v10 += v15
  190. 		v05 ^= v10
  191. 		v05 = (v05 << 7) | (v05 >> 25)
  192. 		v01 += v06
  193. 		v12 ^= v01
  194. 		v12 = (v12 << 16) | (v12 >> 16)
  195. 		v11 += v12
  196. 		v06 ^= v11
  197. 		v06 = (v06 << 12) | (v06 >> 20)
  198. 		v01 += v06
  199. 		v12 ^= v01
  200. 		v12 = (v12 << 8) | (v12 >> 24)
  201. 		v11 += v12
  202. 		v06 ^= v11
  203. 		v06 = (v06 << 7) | (v06 >> 25)
  204. 		v02 += v07
  205. 		v13 ^= v02
  206. 		v13 = (v13 << 16) | (v13 >> 16)
  207. 		v08 += v13
  208. 		v07 ^= v08
  209. 		v07 = (v07 << 12) | (v07 >> 20)
  210. 		v02 += v07
  211. 		v13 ^= v02
  212. 		v13 = (v13 << 8) | (v13 >> 24)
  213. 		v08 += v13
  214. 		v07 ^= v08
  215. 		v07 = (v07 << 7) | (v07 >> 25)
  216. 		v03 += v04
  217. 		v14 ^= v03
  218. 		v14 = (v14 << 16) | (v14 >> 16)
  219. 		v09 += v14
  220. 		v04 ^= v09
  221. 		v04 = (v04 << 12) | (v04 >> 20)
  222. 		v03 += v04
  223. 		v14 ^= v03
  224. 		v14 = (v14 << 8) | (v14 >> 24)
  225. 		v09 += v14
  226. 		v04 ^= v09
  227. 		v04 = (v04 << 7) | (v04 >> 25)
  228. 	}
  229. 

  230. 	binary.LittleEndian.PutUint32(out[0:], v00)
  231. 	binary.LittleEndian.PutUint32(out[4:], v01)
  232. 	binary.LittleEndian.PutUint32(out[8:], v02)
  233. 	binary.LittleEndian.PutUint32(out[12:], v03)
  234. 	binary.LittleEndian.PutUint32(out[16:], v12)
  235. 	binary.LittleEndian.PutUint32(out[20:], v13)
  236. 	binary.LittleEndian.PutUint32(out[24:], v14)
  237. 	binary.LittleEndian.PutUint32(out[28:], v15)
  238. }