On Mon, Oct 26, 2015 at 18:29 +0100, Mike Belopuhov wrote:
> OK?
>
Update due to poly1305.{c,h} changes.
---
sys/crypto/chachapoly.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++
sys/crypto/chachapoly.h | 62 +++++++++++++++++++++++++++
2 files changed, 170 insertions(+)
create mode 100644 sys/crypto/chachapoly.c
create mode 100644 sys/crypto/chachapoly.h
diff --git sys/crypto/chachapoly.c sys/crypto/chachapoly.c
new file mode 100644
index 0000000..d31dc51
--- /dev/null
+++ sys/crypto/chachapoly.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+
+#include <crypto/chacha_private.h>
+#include <crypto/poly1305.h>
+#include <crypto/chachapoly.h>
+
+int
+chacha20_setkey(void *sched, u_int8_t *key, int len)
+{
+ struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
+
+ if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+ return (-1);
+
+ /* initial counter is 1 */
+ ctx->nonce[0] = 1;
+ memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+ CHACHA20_SALT);
+ chacha_keysetup((chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
+ return (0);
+}
+
+void
+chacha20_reinit(caddr_t key, u_int8_t *iv)
+{
+ struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+
+ chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
+}
+
+void
+chacha20_crypt(caddr_t key, u_int8_t *data)
+{
+ struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+
+ chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
+ CHACHA20_BLOCK_LEN);
+}
+
+void
+Chacha_Poly_Init(CHACHA_POLY_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+Chacha_Poly_Setkey(CHACHA_POLY_CTX *ctx, const uint8_t *key, uint16_t klen)
+{
+ /* salt is part of the nonce */
+ memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+ CHACHA20_SALT);
+ chacha_keysetup((chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
+}
+
+void
+Chacha_Poly_Reinit(CHACHA_POLY_CTX *ctx, const uint8_t *iv, uint16_t ivlen)
+{
+ /* initial counter is 0 */
+ chacha_ivsetup((chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
+ chacha_encrypt_bytes((chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
+ POLY1305_KEYLEN);
+ poly1305_init((poly1305_state *)&ctx->poly, ctx->key);
+}
+
+int
+Chacha_Poly_Update(CHACHA_POLY_CTX *ctx, const uint8_t *data, uint16_t len)
+{
+ uint32_t blk[POLY1305_BLOCK_LEN / 4];
+ size_t want;
+
+ if (len >= POLY1305_BLOCK_LEN) {
+ want = len & ~(POLY1305_BLOCK_LEN - 1);
+ poly1305_update((poly1305_state *)&ctx->poly, data, want);
+ len -= want;
+ data += want;
+ }
+ if (len > 0) {
+ memset(blk, 0, sizeof(blk));
+ memcpy(blk, data, len);
+ poly1305_update((poly1305_state *)&ctx->poly, (uint8_t *)blk,
+ sizeof(blk));
+ }
+ return (0);
+}
+
+void
+Chacha_Poly_Final(uint8_t digest[POLY1305_TAGLEN], CHACHA_POLY_CTX *ctx)
+{
+ poly1305_finish((poly1305_state *)&ctx->poly, digest);
+ explicit_bzero(ctx, sizeof(*ctx));
+}
diff --git sys/crypto/chachapoly.h sys/crypto/chachapoly.h
new file mode 100644
index 0000000..216a7ba
--- /dev/null
+++ sys/crypto/chachapoly.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _CHACHAPOLY_H_
+#define _CHACHAPOLY_H_
+
+#define CHACHA20_KEYSIZE 32
+#define CHACHA20_CTR 4
+#define CHACHA20_SALT 4
+#define CHACHA20_NONCE 8
+#define CHACHA20_BLOCK_LEN 64
+
+struct chacha20_ctx {
+ uint8_t block[CHACHA20_BLOCK_LEN];
+ uint8_t nonce[CHACHA20_NONCE];
+};
+
+int chacha20_setkey(void *, u_int8_t *, int);
+void chacha20_reinit(caddr_t, u_int8_t *);
+void chacha20_crypt(caddr_t, u_int8_t *);
+
+
+#define POLY1305_KEYLEN 32
+#define POLY1305_TAGLEN 16
+#define POLY1305_BLOCK_LEN 16
+
+struct poly1305_ctx {
+ /* r, h, pad, leftover */
+ unsigned long state[5+5+4];
+ size_t leftover;
+ unsigned char buffer[POLY1305_BLOCK_LEN];
+ unsigned char final;
+};
+
+typedef struct {
+ uint8_t key[POLY1305_KEYLEN];
+ /* counter, salt */
+ uint8_t nonce[CHACHA20_NONCE];
+ struct chacha20_ctx chacha;
+ struct poly1305_ctx poly;
+} CHACHA_POLY_CTX;
+
+void Chacha_Poly_Init(CHACHA_POLY_CTX *);
+void Chacha_Poly_Setkey(CHACHA_POLY_CTX *, const uint8_t *, uint16_t);
+void Chacha_Poly_Reinit(CHACHA_POLY_CTX *, const uint8_t *, uint16_t);
+int Chacha_Poly_Update(CHACHA_POLY_CTX *, const uint8_t *, uint16_t);
+void Chacha_Poly_Final(uint8_t[POLY1305_TAGLEN], CHACHA_POLY_CTX *);
+
+#endif /* _CHACHAPOLY_H_ */
--
2.6.2
