drop 128-bit keys from ChaCha implementation

pull/50/head
Daniel Micay 2018-09-11 10:22:28 -04:00
parent b52d9ca831
commit 433af6d4ba
3 changed files with 16 additions and 25 deletions

View File

@ -41,30 +41,21 @@ Public domain.
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
static const char sigma[16] = "expand 32-byte k"; static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
void chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) void chacha_keysetup(chacha_ctx *x,const u8 *k)
{ {
const char *constants; x->input[0] = U8TO32_LITTLE(sigma + 0);
x->input[1] = U8TO32_LITTLE(sigma + 4);
x->input[2] = U8TO32_LITTLE(sigma + 8);
x->input[3] = U8TO32_LITTLE(sigma + 12);
x->input[4] = U8TO32_LITTLE(k + 0); x->input[4] = U8TO32_LITTLE(k + 0);
x->input[5] = U8TO32_LITTLE(k + 4); x->input[5] = U8TO32_LITTLE(k + 4);
x->input[6] = U8TO32_LITTLE(k + 8); x->input[6] = U8TO32_LITTLE(k + 8);
x->input[7] = U8TO32_LITTLE(k + 12); x->input[7] = U8TO32_LITTLE(k + 12);
if (kbits == 256) { /* recommended */ x->input[8] = U8TO32_LITTLE(k + 16);
k += 16; x->input[9] = U8TO32_LITTLE(k + 20);
constants = sigma; x->input[10] = U8TO32_LITTLE(k + 24);
} else { /* kbits == 128 */ x->input[11] = U8TO32_LITTLE(k + 28);
constants = tau;
}
x->input[8] = U8TO32_LITTLE(k + 0);
x->input[9] = U8TO32_LITTLE(k + 4);
x->input[10] = U8TO32_LITTLE(k + 8);
x->input[11] = U8TO32_LITTLE(k + 12);
x->input[0] = U8TO32_LITTLE(constants + 0);
x->input[1] = U8TO32_LITTLE(constants + 4);
x->input[2] = U8TO32_LITTLE(constants + 8);
x->input[3] = U8TO32_LITTLE(constants + 12);
} }
void chacha_ivsetup(chacha_ctx *x,const u8 *iv) void chacha_ivsetup(chacha_ctx *x,const u8 *iv)

View File

@ -3,6 +3,9 @@
#include <stdint.h> #include <stdint.h>
#define CHACHA_KEY_SIZE 32
#define CHACHA_IV_SIZE 8
typedef uint8_t u8; typedef uint8_t u8;
typedef uint32_t u32; typedef uint32_t u32;
@ -11,7 +14,7 @@ typedef struct
u32 input[16]; u32 input[16];
} chacha_ctx; } chacha_ctx;
void chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits); void chacha_keysetup(chacha_ctx *x,const u8 *k);
void chacha_ivsetup(chacha_ctx *x,const u8 *iv); void chacha_ivsetup(chacha_ctx *x,const u8 *iv);
void chacha_keystream_bytes(chacha_ctx *x,u8 *c,u32 bytes); void chacha_keystream_bytes(chacha_ctx *x,u8 *c,u32 bytes);

View File

@ -35,14 +35,11 @@ static void get_random_seed(void *buf, size_t size) {
} }
} }
#define KEY_SIZE 32
#define IV_SIZE 8
void random_state_init(struct random_state *state) { void random_state_init(struct random_state *state) {
uint8_t rnd[KEY_SIZE + IV_SIZE]; uint8_t rnd[CHACHA_KEY_SIZE + CHACHA_IV_SIZE];
get_random_seed(rnd, sizeof(rnd)); get_random_seed(rnd, sizeof(rnd));
chacha_keysetup(&state->ctx, rnd, KEY_SIZE * 8); chacha_keysetup(&state->ctx, rnd);
chacha_ivsetup(&state->ctx, rnd + KEY_SIZE); chacha_ivsetup(&state->ctx, rnd + CHACHA_KEY_SIZE);
chacha_keystream_bytes(&state->ctx, state->cache, RANDOM_CACHE_SIZE); chacha_keystream_bytes(&state->ctx, state->cache, RANDOM_CACHE_SIZE);
state->index = 0; state->index = 0;
state->reseed = 0; state->reseed = 0;