Initial implementation of ChaCha20

This commit is contained in:
Daniel King 2016-05-15 17:28:08 -03:00 committed by Manuel Pégourié-Gonnard
parent a331e0f0af
commit a98ff5eadf
14 changed files with 784 additions and 5 deletions

169
include/mbedtls/chacha20.h Normal file
View file

@ -0,0 +1,169 @@
/**
* \file chacha20.h
*
* \brief ChaCha20 cipher.
*
* \author Daniel King <damaki.gh@gmail.com>
*
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if !defined(MBEDTLS_CHACHA20_ALT)
#include <stdint.h>
#include <stddef.h>
#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
typedef struct
{
uint32_t initial_state[16]; /*! Holds the initial state (before round operations) */
uint32_t working_state[16]; /*! Holds the working state (after round operations) */
uint8_t keystream8[64]; /*! Holds leftover keystream bytes */
size_t keystream_bytes_used; /*! Number of keystream bytes currently used */
}
mbedtls_chacha20_context;
/**
* \brief Initialize ChaCha20 context
*
* \param ctx ChaCha20 context to be initialized
*/
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
/**
* \brief Clear ChaCha20 context
*
* \param ctx ChaCha20 context to be cleared
*/
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
/**
* \brief Set the ChaCha20 key.
*
* \note The nonce and counter must be set after calling this function,
* before data can be encrypted/decrypted. The nonce and
* counter are set by calling mbedtls_chacha20_starts.
*
* \see mbedtls_chacha20_starts
*
* \param ctx The context to setup.
* \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
*
* \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key
* is NULL, or if key_bits is not 128 or 256.
* Otherwise, 0 is returned to indicate success.
*/
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] );
/**
* \brief Set the ChaCha20 nonce and initial counter value.
*
* \note A ChaCha20 context can be re-used with the same key by
* calling this function to change the nonce and/or initial
* counter value.
*
* \param ctx The ChaCha20 context.
* \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in size.
* \param counter Initial counter value to use. This is usually 0.
*
* \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or
* nonce is NULL.
* Otherwise, 0 is returned to indicate success.
*/
int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
const unsigned char nonce[12],
uint32_t counter );
/**
* \brief Encrypt or decrypt data.
*
* This function is used to both encrypt and decrypt data.
*
* \note The \p input and \p output buffers may overlap, but only
* if input >= output (i.e. only if input points ahead of
* the output pointer).
*
* \note mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
* called at least once to setup the context before this function
* can be called.
*
* \param ctx The ChaCha20 context.
* \param size The length (in bytes) to process. This can have any length.
* \param input Buffer containing the input data.
* \param output Buffer containing the output data.
*
* \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
* output pointers are NULL.
* Otherwise, 0 is returned to indicate success.
*/
int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
size_t size,
const unsigned char *input,
unsigned char *output );
#else /* MBEDTLS_CHACHA20_ALT */
#include "chacha20_alt.h"
#endif /* MBEDTLS_CHACHA20_ALT */
/**
* \brief Encrypt or decrypt a message using ChaCha20.
*
* This function is used the same way for encrypting and
* decrypting data. It's not necessary to specify which
* operation is being performed.
*
* \note The \p input and \p output buffers may overlap, but only
* if input >= output (i.e. only if input points ahead of
* the output pointer).
*
* \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
* \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in length.
* \param counter The initial counter value. This is usually 0.
* \param data_len The number of bytes to process.
* \param input Buffer containing the input data (data to encrypt or decrypt).
* \param output Buffer to where the processed data is written.
*
* \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
* or output is NULL.
* Otherwise, 0 is returned to indicate success.
*/
int mbedtls_chacha20_crypt( const unsigned char key[32],
const unsigned char nonce[12],
uint32_t counter,
size_t data_len,
const unsigned char* input,
unsigned char* output );
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_chacha20_self_test( int verbose );
#endif /* MBEDTLS_CHACHA20_H */

View file

@ -274,6 +274,7 @@
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_CCM_ALT
//#define MBEDTLS_CHACHA20_ALT
//#define MBEDTLS_CMAC_ALT
//#define MBEDTLS_DES_ALT
//#define MBEDTLS_DHM_ALT
@ -1861,6 +1862,15 @@
*/
#define MBEDTLS_CERTS_C
/**
* \def MBEDTLS_CHACHA20_C
*
* Enable the ChaCha20 stream cipher.
*
* Module: library/chacha20.c
*/
#define MBEDTLS_CHACHA20_C
/**
* \def MBEDTLS_CIPHER_C
*

View file

@ -76,6 +76,7 @@
* SHA1 1 0x0035-0x0035
* SHA256 1 0x0037-0x0037
* SHA512 1 0x0039-0x0039
* CHACHA20 1 0x003B-0x003B
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors

View file

@ -13,6 +13,7 @@ set(src_crypto
blowfish.c
camellia.c
ccm.c
chacha20.c
cipher.c
cipher_wrap.c
cmac.c

View file

@ -50,7 +50,8 @@ endif
OBJS_CRYPTO= aes.o aesni.o arc4.o \
asn1parse.o asn1write.o base64.o \
bignum.o blowfish.o camellia.o \
ccm.o cipher.o cipher_wrap.o \
ccm.o chacha20.o \
cipher.o cipher_wrap.o \
cmac.o ctr_drbg.o des.o \
dhm.o ecdh.o ecdsa.o \
ecjpake.o ecp.o \

551
library/chacha20.c Normal file
View file

@ -0,0 +1,551 @@
/**
* \file chacha20.c
*
* \brief ChaCha20 cipher.
*
* \author Daniel King <damaki.gh@gmail.com>
*
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#include "mbedtls/chacha20.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_CHACHA20_C)
#if !defined(MBEDTLS_CHACHA20_ALT)
#include <stddef.h>
#include <string.h>
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define mbedtls_printf printf
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
#define BYTES_TO_U32_LE( data, offset ) \
( (uint32_t)data[offset] | \
(uint32_t)( (uint32_t)data[(offset) + 1] << 8 ) | \
(uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) | \
(uint32_t)( (uint32_t)data[(offset) + 3] << 24 ) \
)
#define ROTL32( value, amount ) ( (uint32_t)( value << amount ) | ( value >> ( 32 - amount ) ) )
#define CHACHA20_CTR_INDEX ( 12U )
#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/**
* \brief ChaCha20 quarter round operation.
*
* The quarter round is defined as follows (from RFC 7539):
* 1. a += b; d ^= a; d <<<= 16;
* 2. c += d; b ^= c; b <<<= 12;
* 3. a += b; d ^= a; d <<<= 8;
* 4. c += d; b ^= c; b <<<= 7;
*
* \param state ChaCha20 state to modify.
* \param a The index of 'a' in the state.
* \param b The index of 'b' in the state.
* \param c The index of 'c' in the state.
* \param d The index of 'd' in the state.
*/
static inline void mbedtls_chacha20_quarter_round( uint32_t state[16],
size_t a,
size_t b,
size_t c,
size_t d )
{
/* a += b; d ^= a; d <<<= 16; */
state[a] += state[b];
state[d] ^= state[a];
state[d] = ROTL32( state[d], 16 );
/* c += d; b ^= c; b <<<= 12 */
state[c] += state[d];
state[b] ^= state[c];
state[b] = ROTL32( state[b], 12 );
/* a += b; d ^= a; d <<<= 8; */
state[a] += state[b];
state[d] ^= state[a];
state[d] = ROTL32( state[d], 8 );
/* c += d; b ^= c; b <<<= 7; */
state[c] += state[d];
state[b] ^= state[c];
state[b] = ROTL32( state[b], 7 );
}
/**
* \brief Perform the ChaCha20 inner block operation.
*
* This function performs two rounds: the column round and the
* diagonal round.
*
* \param state The ChaCha20 state to update.
*/
static void mbedtls_chacha20_inner_block( uint32_t state[16] )
{
mbedtls_chacha20_quarter_round( state, 0, 4, 8, 12 );
mbedtls_chacha20_quarter_round( state, 1, 5, 9, 13 );
mbedtls_chacha20_quarter_round( state, 2, 6, 10, 14 );
mbedtls_chacha20_quarter_round( state, 3, 7, 11, 15 );
mbedtls_chacha20_quarter_round( state, 0, 5, 10, 15 );
mbedtls_chacha20_quarter_round( state, 1, 6, 11, 12 );
mbedtls_chacha20_quarter_round( state, 2, 7, 8, 13 );
mbedtls_chacha20_quarter_round( state, 3, 4, 9, 14 );
}
/**
* \brief Generates a keystream block.
*
* \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
* \param working_state This state is used as a temporary working area.
* \param keystream Generated keystream bytes are written to this buffer.
*/
static void mbedtls_chacha20_block( mbedtls_chacha20_context *ctx,
unsigned char keystream[64] )
{
size_t i;
size_t offset;
memcpy( ctx->working_state,
ctx->initial_state,
sizeof(ctx->initial_state) );
for ( i = 0U; i < 10U; i++ )
{
mbedtls_chacha20_inner_block( ctx->working_state );
}
ctx->working_state[0] += ctx->initial_state[0];
ctx->working_state[1] += ctx->initial_state[1];
ctx->working_state[2] += ctx->initial_state[2];
ctx->working_state[3] += ctx->initial_state[3];
ctx->working_state[4] += ctx->initial_state[4];
ctx->working_state[5] += ctx->initial_state[5];
ctx->working_state[6] += ctx->initial_state[6];
ctx->working_state[7] += ctx->initial_state[7];
ctx->working_state[8] += ctx->initial_state[8];
ctx->working_state[9] += ctx->initial_state[9];
ctx->working_state[10] += ctx->initial_state[10];
ctx->working_state[11] += ctx->initial_state[11];
ctx->working_state[12] += ctx->initial_state[12];
ctx->working_state[13] += ctx->initial_state[13];
ctx->working_state[14] += ctx->initial_state[14];
ctx->working_state[15] += ctx->initial_state[15];
for ( i = 0U; i < 16; i++ )
{
offset = i * 4U;
keystream[offset ] = (unsigned char) ctx->working_state[i];
keystream[offset + 1U] = (unsigned char)( ctx->working_state[i] >> 8 );
keystream[offset + 2U] = (unsigned char)( ctx->working_state[i] >> 16 );
keystream[offset + 3U] = (unsigned char)( ctx->working_state[i] >> 24 );
}
}
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
if ( ctx != NULL )
{
mbedtls_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
/* Initially, there's no keystream bytes available */
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
}
}
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
{
if ( ctx != NULL )
{
mbedtls_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
}
}
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
if ( ( ctx == NULL ) || ( key == NULL ) )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->initial_state[0] = 0x61707865;
ctx->initial_state[1] = 0x3320646e;
ctx->initial_state[2] = 0x79622d32;
ctx->initial_state[3] = 0x6b206574;
/* Set key */
ctx->initial_state[4] = BYTES_TO_U32_LE( key, 0 );
ctx->initial_state[5] = BYTES_TO_U32_LE( key, 4 );
ctx->initial_state[6] = BYTES_TO_U32_LE( key, 8 );
ctx->initial_state[7] = BYTES_TO_U32_LE( key, 12 );
ctx->initial_state[8] = BYTES_TO_U32_LE( key, 16 );
ctx->initial_state[9] = BYTES_TO_U32_LE( key, 20 );
ctx->initial_state[10] = BYTES_TO_U32_LE( key, 24 );
ctx->initial_state[11] = BYTES_TO_U32_LE( key, 28 );
return( 0 );
}
int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
const unsigned char nonce[12],
uint32_t counter )
{
if ( ( ctx == NULL ) || ( nonce == NULL ) )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
/* Counter */
ctx->initial_state[12] = counter;
/* Nonce */
ctx->initial_state[13] = BYTES_TO_U32_LE( nonce, 0 );
ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
return( 0 );
}
int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
size_t size,
const unsigned char *input,
unsigned char *output )
{
size_t offset = 0U;
size_t i;
if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
/* Use leftover keystream bytes, if available */
while ( ( size > 0U ) && ( ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) )
{
output[offset] = input[offset] ^ ctx->keystream8[ctx->keystream_bytes_used];
ctx->keystream_bytes_used++;
offset++;
size--;
}
/* Process full blocks */
while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
{
mbedtls_chacha20_block( ctx, &output[offset] );
for ( i = 0U; i < 64U; i += 8U )
{
output[offset + i ] ^= input[offset + i ];
output[offset + i + 1U] ^= input[offset + i + 1U];
output[offset + i + 2U] ^= input[offset + i + 2U];
output[offset + i + 3U] ^= input[offset + i + 3U];
output[offset + i + 4U] ^= input[offset + i + 4U];
output[offset + i + 5U] ^= input[offset + i + 5U];
output[offset + i + 6U] ^= input[offset + i + 6U];
output[offset + i + 7U] ^= input[offset + i + 7U];
}
/* Increment counter */
ctx->initial_state[CHACHA20_CTR_INDEX]++;
offset += 64U;
size -= 64U;
}
/* Last (partial) block */
if ( size > 0U )
{
mbedtls_chacha20_block( ctx, ctx->keystream8 );
for ( i = 0U; i < size; i++)
{
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
ctx->keystream_bytes_used = size;
/* Increment counter */
ctx->initial_state[CHACHA20_CTR_INDEX]++;
}
return 0;
}
#endif /* !MBEDTLS_CHACHA20_ALT */
int mbedtls_chacha20_crypt( const unsigned char key[32],
const unsigned char nonce[12],
uint32_t counter,
size_t data_len,
const unsigned char* input,
unsigned char* output )
{
mbedtls_chacha20_context ctx;
int result;
mbedtls_chacha20_init( &ctx );
result = mbedtls_chacha20_setkey( &ctx, key );
if ( result != 0 )
goto cleanup;
result = mbedtls_chacha20_starts( &ctx, nonce, counter );
if ( result != 0 )
goto cleanup;
result = mbedtls_chacha20_process( &ctx, data_len, input, output );
cleanup:
mbedtls_chacha20_free( &ctx );
return result;
}
#if defined(MBEDTLS_SELF_TEST)
static const unsigned char test_keys[2][32] =
{
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
},
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
}
};
static const unsigned char test_nonces[2][12] =
{
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00
},
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x02
}
};
static const uint32_t test_counters[2] =
{
0U,
1U
};
static const unsigned char test_input[2][375] =
{
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
},
{
0x41, 0x6e, 0x79, 0x20, 0x73, 0x75, 0x62, 0x6d,
0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x74,
0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x49, 0x45,
0x54, 0x46, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6e,
0x64, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74,
0x68, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72,
0x69, 0x62, 0x75, 0x74, 0x6f, 0x72, 0x20, 0x66,
0x6f, 0x72, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69,
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61,
0x73, 0x20, 0x61, 0x6c, 0x6c, 0x20, 0x6f, 0x72,
0x20, 0x70, 0x61, 0x72, 0x74, 0x20, 0x6f, 0x66,
0x20, 0x61, 0x6e, 0x20, 0x49, 0x45, 0x54, 0x46,
0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x20,
0x6f, 0x72, 0x20, 0x52, 0x46, 0x43, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x73,
0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74,
0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x77, 0x69,
0x74, 0x68, 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65,
0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
0x20, 0x6f, 0x66, 0x20, 0x61, 0x6e, 0x20, 0x49,
0x45, 0x54, 0x46, 0x20, 0x61, 0x63, 0x74, 0x69,
0x76, 0x69, 0x74, 0x79, 0x20, 0x69, 0x73, 0x20,
0x63, 0x6f, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72,
0x65, 0x64, 0x20, 0x61, 0x6e, 0x20, 0x22, 0x49,
0x45, 0x54, 0x46, 0x20, 0x43, 0x6f, 0x6e, 0x74,
0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e,
0x22, 0x2e, 0x20, 0x53, 0x75, 0x63, 0x68, 0x20,
0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
0x74, 0x73, 0x20, 0x69, 0x6e, 0x63, 0x6c, 0x75,
0x64, 0x65, 0x20, 0x6f, 0x72, 0x61, 0x6c, 0x20,
0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
0x74, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x49, 0x45,
0x54, 0x46, 0x20, 0x73, 0x65, 0x73, 0x73, 0x69,
0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x73, 0x20,
0x77, 0x65, 0x6c, 0x6c, 0x20, 0x61, 0x73, 0x20,
0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x20,
0x61, 0x6e, 0x64, 0x20, 0x65, 0x6c, 0x65, 0x63,
0x74, 0x72, 0x6f, 0x6e, 0x69, 0x63, 0x20, 0x63,
0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6d, 0x61,
0x64, 0x65, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e,
0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x6f,
0x72, 0x20, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x2c,
0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x61,
0x72, 0x65, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65,
0x73, 0x73, 0x65, 0x64, 0x20, 0x74, 0x6f
}
};
static const unsigned char test_output[2][375] =
{
{
0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86
},
{
0xa3, 0xfb, 0xf0, 0x7d, 0xf3, 0xfa, 0x2f, 0xde,
0x4f, 0x37, 0x6c, 0xa2, 0x3e, 0x82, 0x73, 0x70,
0x41, 0x60, 0x5d, 0x9f, 0x4f, 0x4f, 0x57, 0xbd,
0x8c, 0xff, 0x2c, 0x1d, 0x4b, 0x79, 0x55, 0xec,
0x2a, 0x97, 0x94, 0x8b, 0xd3, 0x72, 0x29, 0x15,
0xc8, 0xf3, 0xd3, 0x37, 0xf7, 0xd3, 0x70, 0x05,
0x0e, 0x9e, 0x96, 0xd6, 0x47, 0xb7, 0xc3, 0x9f,
0x56, 0xe0, 0x31, 0xca, 0x5e, 0xb6, 0x25, 0x0d,
0x40, 0x42, 0xe0, 0x27, 0x85, 0xec, 0xec, 0xfa,
0x4b, 0x4b, 0xb5, 0xe8, 0xea, 0xd0, 0x44, 0x0e,
0x20, 0xb6, 0xe8, 0xdb, 0x09, 0xd8, 0x81, 0xa7,
0xc6, 0x13, 0x2f, 0x42, 0x0e, 0x52, 0x79, 0x50,
0x42, 0xbd, 0xfa, 0x77, 0x73, 0xd8, 0xa9, 0x05,
0x14, 0x47, 0xb3, 0x29, 0x1c, 0xe1, 0x41, 0x1c,
0x68, 0x04, 0x65, 0x55, 0x2a, 0xa6, 0xc4, 0x05,
0xb7, 0x76, 0x4d, 0x5e, 0x87, 0xbe, 0xa8, 0x5a,
0xd0, 0x0f, 0x84, 0x49, 0xed, 0x8f, 0x72, 0xd0,
0xd6, 0x62, 0xab, 0x05, 0x26, 0x91, 0xca, 0x66,
0x42, 0x4b, 0xc8, 0x6d, 0x2d, 0xf8, 0x0e, 0xa4,
0x1f, 0x43, 0xab, 0xf9, 0x37, 0xd3, 0x25, 0x9d,
0xc4, 0xb2, 0xd0, 0xdf, 0xb4, 0x8a, 0x6c, 0x91,
0x39, 0xdd, 0xd7, 0xf7, 0x69, 0x66, 0xe9, 0x28,
0xe6, 0x35, 0x55, 0x3b, 0xa7, 0x6c, 0x5c, 0x87,
0x9d, 0x7b, 0x35, 0xd4, 0x9e, 0xb2, 0xe6, 0x2b,
0x08, 0x71, 0xcd, 0xac, 0x63, 0x89, 0x39, 0xe2,
0x5e, 0x8a, 0x1e, 0x0e, 0xf9, 0xd5, 0x28, 0x0f,
0xa8, 0xca, 0x32, 0x8b, 0x35, 0x1c, 0x3c, 0x76,
0x59, 0x89, 0xcb, 0xcf, 0x3d, 0xaa, 0x8b, 0x6c,
0xcc, 0x3a, 0xaf, 0x9f, 0x39, 0x79, 0xc9, 0x2b,
0x37, 0x20, 0xfc, 0x88, 0xdc, 0x95, 0xed, 0x84,
0xa1, 0xbe, 0x05, 0x9c, 0x64, 0x99, 0xb9, 0xfd,
0xa2, 0x36, 0xe7, 0xe8, 0x18, 0xb0, 0x4b, 0x0b,
0xc3, 0x9c, 0x1e, 0x87, 0x6b, 0x19, 0x3b, 0xfe,
0x55, 0x69, 0x75, 0x3f, 0x88, 0x12, 0x8c, 0xc0,
0x8a, 0xaa, 0x9b, 0x63, 0xd1, 0xa1, 0x6f, 0x80,
0xef, 0x25, 0x54, 0xd7, 0x18, 0x9c, 0x41, 0x1f,
0x58, 0x69, 0xca, 0x52, 0xc5, 0xb8, 0x3f, 0xa3,
0x6f, 0xf2, 0x16, 0xb9, 0xc1, 0xd3, 0x00, 0x62,
0xbe, 0xbc, 0xfd, 0x2d, 0xc5, 0xbc, 0xe0, 0x91,
0x19, 0x34, 0xfd, 0xa7, 0x9a, 0x86, 0xf6, 0xe6,
0x98, 0xce, 0xd7, 0x59, 0xc3, 0xff, 0x9b, 0x64,
0x77, 0x33, 0x8f, 0x3d, 0xa4, 0xf9, 0xcd, 0x85,
0x14, 0xea, 0x99, 0x82, 0xcc, 0xaf, 0xb3, 0x41,
0xb2, 0x38, 0x4d, 0xd9, 0x02, 0xf3, 0xd1, 0xab,
0x7a, 0xc6, 0x1d, 0xd2, 0x9c, 0x6f, 0x21, 0xba,
0x5b, 0x86, 0x2f, 0x37, 0x30, 0xe3, 0x7c, 0xfd,
0xc4, 0xfd, 0x80, 0x6c, 0x22, 0xf2, 0x21
}
};
static const size_t test_lengths[2] =
{
64U,
375U
};
int mbedtls_chacha20_self_test( int verbose )
{
unsigned char output[381];
size_t i;
int result;
for ( i = 0U; i < 2U; i++ )
{
result = mbedtls_chacha20_crypt( test_keys[i],
test_nonces[i],
test_counters[i],
test_lengths[i],
test_input[i],
output );
if ( result != 0)
{
if ( verbose != 0 )
{
mbedtls_printf( "ChaCha20 test %zi error code: %i\n", i, result );
}
return( -1 );
}
if ( 0 != memcmp( output, test_output[i], test_lengths[i] ) )
{
if ( verbose != 0 )
{
mbedtls_printf( "ChaCha20 test %zi failed\n", i );
}
return( -1 );
}
}
return( 0 );
}
#endif /* MBEDTLS_SELF_TEST */
#endif /* !MBEDTLS_CHACHA20_C */

View file

@ -69,6 +69,10 @@
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher.h"
#endif
@ -653,6 +657,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" );
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHA20_C)
if( use_ret == -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) )
mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" );
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CMAC_C)
if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );

View file

@ -99,6 +99,9 @@ static const char *features[] = {
#if defined(MBEDTLS_CCM_ALT)
"MBEDTLS_CCM_ALT",
#endif /* MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_CHACHA20_ALT)
"MBEDTLS_CHACHA20_ALT",
#endif /* MBEDTLS_CHACHA20_ALT */
#if defined(MBEDTLS_CMAC_ALT)
"MBEDTLS_CMAC_ALT",
#endif /* MBEDTLS_CMAC_ALT */
@ -537,6 +540,9 @@ static const char *features[] = {
#if defined(MBEDTLS_CERTS_C)
"MBEDTLS_CERTS_C",
#endif /* MBEDTLS_CERTS_C */
#if defined(MBEDTLS_CHACHA20_C)
"MBEDTLS_CHACHA20_C",
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CIPHER_C)
"MBEDTLS_CIPHER_C",
#endif /* MBEDTLS_CIPHER_C */

View file

@ -59,6 +59,7 @@ int main( void )
#include "mbedtls/aes.h"
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/gcm.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
@ -93,7 +94,7 @@ int main( void )
#define OPTIONS \
"md4, md5, ripemd160, sha1, sha256, sha512,\n" \
"arc4, des3, des, camellia, blowfish,\n" \
"arc4, des3, des, camellia, blowfish, chacha20,\n" \
"aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n" \
"havege, ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
@ -229,7 +230,7 @@ typedef struct {
char md4, md5, ripemd160, sha1, sha256, sha512,
arc4, des3, des,
aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,
camellia, blowfish,
camellia, blowfish, chacha20,
havege, ctr_drbg, hmac_drbg,
rsa, dhm, ecdsa, ecdh;
} todo_list;
@ -286,6 +287,8 @@ int main( int argc, char *argv[] )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "chacha20" ) == 0 )
todo.chacha20 = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
@ -520,6 +523,13 @@ int main( int argc, char *argv[] )
}
#endif
#if defined(MBEDTLS_CHACHA20_C)
if ( todo.chacha20 )
{
TIME_AND_TSC( "ChaCha20", mbedtls_chacha20_crypt( buf, buf, 0U, BUFSIZE, buf, buf ) );
}
#endif
#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
if( todo.blowfish )
{

View file

@ -30,7 +30,7 @@ if( @ARGV ) {
my $error_format_file = $data_dir.'/error.fmt';
my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
CAMELLIA CCM CMAC CTR_DRBG DES
CAMELLIA CCM CHACHA20 CMAC CTR_DRBG DES
ENTROPY GCM HMAC_DRBG MD2 MD4 MD5
NET OID PADLOCK PBKDF2 RIPEMD160
SHA1 SHA256 SHA512 THREADING XTEA );

View file

@ -54,6 +54,7 @@ add_test_suite(base64)
add_test_suite(blowfish)
add_test_suite(camellia)
add_test_suite(ccm)
add_test_suite(chacha20)
add_test_suite(cipher cipher.aes)
add_test_suite(cipher cipher.arc4)
add_test_suite(cipher cipher.blowfish)

View file

@ -50,7 +50,7 @@ APPS = test_suite_aes.ecb$(EXEXT) test_suite_aes.cbc$(EXEXT) \
test_suite_arc4$(EXEXT) test_suite_asn1write$(EXEXT) \
test_suite_base64$(EXEXT) test_suite_blowfish$(EXEXT) \
test_suite_camellia$(EXEXT) test_suite_ccm$(EXEXT) \
test_suite_cmac$(EXEXT) \
test_suite_chacha20$(EXEXT) test_suite_cmac$(EXEXT) \
test_suite_cipher.aes$(EXEXT) \
test_suite_cipher.arc4$(EXEXT) test_suite_cipher.ccm$(EXEXT) \
test_suite_cipher.gcm$(EXEXT) \
@ -237,6 +237,10 @@ test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test_suite_chacha20$(EXEXT): test_suite_chacha20.c $(DEP)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

View file

@ -0,0 +1,2 @@
ChaCha20 Selftest
chacha20_self_test:

View file

@ -0,0 +1,14 @@
/* BEGIN_HEADER */
#include "mbedtls/chacha20.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_CHACHA20_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chacha20_self_test()
{
TEST_ASSERT( mbedtls_chacha20_self_test( 0 ) == 0 );
}
/* END_CASE */