Lucas/lilcrypto
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

aead/{,x}chacha20-poly1305: simplify

Browse source 
Use one-pass interfaces for encryption and decryption and rename the
Poly1305 key setup to the more correct poly1305_keysetup.
This commit is contained in:
Lucas Gabriel Vuotto 2024-06-19 14:02:54 +00:00
parent e39f46a9f9
commit 9da7685779
1 changed files with 13 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

63
aead_chacha20_poly1305.c
View file

@ -24,23 +24,13 @@
*/ */
static int static int
chacha20_xchacha20_keysetup(struct lc_cipher_ctx *cctx, poly1305_keysetup(struct lc_cipher_ctx *cctx,
uint8_t akey[LC_POLY1305_KEYLEN], void *initparams) uint8_t akey[LC_POLY1305_KEYLEN], void *initparams)
{ {
size_t i, olen, akeylen; size_t akeylen;
for (i = 0; i < LC_POLY1305_KEYLEN; i++) return lc_cipher_encrypt(cctx->impl, akey, &akeylen, initparams,
akey[i] = 0; zerobuf, LC_POLY1305_KEYLEN) && akeylen == LC_POLY1305_KEYLEN;
if (!lc_cipher_encrypt_init(cctx, initparams) ||
!lc_cipher_encrypt_update(cctx, akey, &olen, akey,
LC_POLY1305_KEYLEN))
return 0;
akeylen = olen;
if (!lc_cipher_encrypt_final(cctx, akey + olen, &olen))
return 0;
akeylen += olen;
return akeylen == LC_POLY1305_KEYLEN;
} }
static int static int
@ -85,7 +75,7 @@ chacha20_poly1305_seal(uint8_t *out, size_t *outlen, void *initparams,
cparams.nonce[i] = params->nonce[i]; cparams.nonce[i] = params->nonce[i];
cparams.counter = 0; cparams.counter = 0;
if (!chacha20_xchacha20_keysetup(cctx, aparams.key, &cparams)) if (!poly1305_keysetup(cctx, aparams.key, &cparams))
goto cleanup; goto cleanup;
if (!lc_auth_init(actx, &aparams) || if (!lc_auth_init(actx, &aparams) ||
@ -96,14 +86,7 @@ chacha20_poly1305_seal(uint8_t *out, size_t *outlen, void *initparams,
goto cleanup; goto cleanup;
cparams.counter = 1; cparams.counter = 1;
if (!lc_cipher_encrypt_init(cctx, &cparams) || if (!lc_cipher_encrypt(cctx->impl, out, outlen, &cparams, in, inlen))
!lc_cipher_encrypt_update(cctx, out, &olen, in, inlen))
goto cleanup;
*outlen = olen;
if (!lc_cipher_encrypt_final(cctx, out + olen, &olen))
goto cleanup;
*outlen += olen;
if (*outlen != inlen)
goto cleanup; goto cleanup;
if (!lc_auth_update(actx, out, inlen)) if (!lc_auth_update(actx, out, inlen))
@ -174,7 +157,7 @@ xchacha20_poly1305_seal(uint8_t *out, size_t *outlen, void *initparams,
cparams.nonce[i] = params->nonce[i]; cparams.nonce[i] = params->nonce[i];
cparams.counter = 0; cparams.counter = 0;
if (!chacha20_xchacha20_keysetup(cctx, aparams.key, &cparams)) if (!poly1305_keysetup(cctx, aparams.key, &cparams))
goto cleanup; goto cleanup;
if (!lc_auth_init(actx, &aparams) || if (!lc_auth_init(actx, &aparams) ||
@ -185,14 +168,7 @@ xchacha20_poly1305_seal(uint8_t *out, size_t *outlen, void *initparams,
goto cleanup; goto cleanup;
cparams.counter = 1; cparams.counter = 1;
if (!lc_cipher_encrypt_init(cctx, &cparams) || if (!lc_cipher_encrypt(cctx->impl, out, outlen, &cparams, in, inlen))
!lc_cipher_encrypt_update(cctx, out, &olen, in, inlen))
goto cleanup;
*outlen = olen;
if (!lc_cipher_encrypt_final(cctx, out + olen, &olen))
goto cleanup;
*outlen += olen;
if (*outlen != inlen)
goto cleanup; goto cleanup;
if (!lc_auth_update(actx, out, inlen)) if (!lc_auth_update(actx, out, inlen))
@ -265,7 +241,7 @@ chacha20_poly1305_open(uint8_t *out, size_t *outlen, void *initparams,
cparams.nonce[i] = params->nonce[i]; cparams.nonce[i] = params->nonce[i];
cparams.counter = 0; cparams.counter = 0;
if (!chacha20_xchacha20_keysetup(cctx, aparams.key, &cparams)) if (!poly1305_keysetup(cctx, aparams.key, &cparams))
goto cleanup; goto cleanup;
if (!lc_auth_init(actx, &aparams) || if (!lc_auth_init(actx, &aparams) ||
@ -293,14 +269,7 @@ chacha20_poly1305_open(uint8_t *out, size_t *outlen, void *initparams,
goto cleanup; goto cleanup;
cparams.counter = 1; cparams.counter = 1;
if (!lc_cipher_decrypt_init(cctx, &cparams) || if (!lc_cipher_decrypt(cctx->impl, out, outlen, &cparams, in, ctlen))
!lc_cipher_decrypt_update(cctx, out, &olen, in, ctlen))
goto cleanup;
*outlen = olen;
if (!lc_cipher_decrypt_final(cctx, out + olen, &olen))
goto cleanup;
*outlen += olen;
if (*outlen != ctlen)
goto cleanup; goto cleanup;
ret = 1; ret = 1;
@ -360,7 +329,7 @@ xchacha20_poly1305_open(uint8_t *out, size_t *outlen, void *initparams,
cparams.nonce[i] = params->nonce[i]; cparams.nonce[i] = params->nonce[i];
cparams.counter = 0; cparams.counter = 0;
if (!chacha20_xchacha20_keysetup(cctx, aparams.key, &cparams)) if (!poly1305_keysetup(cctx, aparams.key, &cparams))
goto cleanup; goto cleanup;
if (!lc_auth_init(actx, &aparams) || if (!lc_auth_init(actx, &aparams) ||
@ -388,15 +357,9 @@ xchacha20_poly1305_open(uint8_t *out, size_t *outlen, void *initparams,
goto cleanup; goto cleanup;
cparams.counter = 1; cparams.counter = 1;
if (!lc_cipher_decrypt_init(cctx, &cparams) || if (!lc_cipher_decrypt(cctx->impl, out, outlen, &cparams, in, ctlen))
!lc_cipher_decrypt_update(cctx, out, &olen, in, ctlen))
goto cleanup;
*outlen = olen;
if (!lc_cipher_decrypt_final(cctx, out + olen, &olen))
goto cleanup;
*outlen += olen;
if (*outlen != ctlen)
goto cleanup; goto cleanup;
ret = 1; ret = 1;
cleanup: cleanup: