diff options
| author | Jeffrey Walton <noloader@gmail.com> | 2019-02-06 01:03:28 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-06 01:03:28 -0500 |
| commit | 26c83877ef30c81054746721f23f8df91ef44337 (patch) | |
| tree | 1b732c240595f494a52e0e7cb03bac5c7f138178 /chacha.h | |
| parent | 48531785b74d2f6728282937a105595467b94cc7 (diff) | |
| download | cryptopp-git-26c83877ef30c81054746721f23f8df91ef44337.tar.gz | |
Add IETF XChaCha (GH #727, PR #794)
Diffstat (limited to 'chacha.h')
| -rw-r--r-- | chacha.h | 85 |
1 files changed, 77 insertions, 8 deletions
@@ -5,10 +5,10 @@ // The library added Bernstein's ChaCha classses at Crypto++ 5.6.4. The IETF
// uses a slightly different implementation than Bernstein, and the IETF
-// classes were added at Crypto++ 8.1. We wanted to maintain ABI compatibility
-// at the 8.1 release so the original ChaCha classes were not disturbed.
-// Instead new classes were added for IETF ChaCha. The back-end implementation
-// shares code as expected, however.
+// ChaCha and XChaCha classes were added at Crypto++ 8.1. We wanted to maintain
+// ABI compatibility at the 8.1 release so the original ChaCha classes were not
+// disturbed. Instead new classes were added for IETF ChaCha. The back-end
+// implementation shares code as expected, however.
/// \file chacha.h
/// \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers
@@ -20,8 +20,11 @@ /// implementation for cipher suites
/// <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
/// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
-/// and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
-/// \since ChaCha since Crypto++ 5.6.4, ChaChaTLS since Crypto++ 8.1
+/// and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. Finally,
+/// the library provides <a
+/// href="https://tools.ietf.org/html/draft-arciszewski-xchacha">XChaCha:
+/// eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 (rev. 03)</a>.
+/// \since ChaCha since Crypto++ 5.6.4, ChaChaTLS and XChaCha20 since Crypto++ 8.1
#ifndef CRYPTOPP_CHACHA_H
#define CRYPTOPP_CHACHA_H
@@ -81,7 +84,9 @@ protected: /// \since Crypto++ 5.6.4
struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation
{
+ /// \brief ChaCha Encryption
typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy, AdditiveCipherTemplate<> >, ChaCha_Info > Encryption;
+ /// \brief ChaCha Decryption
typedef Encryption Decryption;
};
@@ -123,8 +128,10 @@ protected: std::string AlgorithmName() const;
std::string AlgorithmProvider() const;
- FixedSizeAlignedSecBlock<word32, 16+1> m_state;
+ FixedSizeAlignedSecBlock<word32, 16+8+1> m_state;
CRYPTOPP_CONSTANT(ROUNDS = ChaChaTLS_Info::ROUNDS)
+ CRYPTOPP_CONSTANT(KEY = 16) // Index into m_state
+ CRYPTOPP_CONSTANT(CTR = 24) // Index into m_state
};
/// \brief ChaCha-TLS stream cipher
@@ -136,14 +143,76 @@ protected: /// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and
/// <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
/// \sa <a href="https://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and
-/// Poly1305 for IETF Protocols</a>, <A HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
+/// Poly1305 for IETF Protocols</a>, <A
+/// HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
/// to handle block counter wrap in IETF's ChaCha algorithm?</A> and
/// <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue
/// 790, ChaChaTLS results when counter block wraps</A>.
/// \since Crypto++ 8.1
struct ChaChaTLS : public ChaChaTLS_Info, public SymmetricCipherDocumentation
{
+ /// \brief ChaCha-TLS Encryption
typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaChaTLS_Policy, AdditiveCipherTemplate<> >, ChaChaTLS_Info > Encryption;
+ /// \brief ChaCha-TLS Decryption
+ typedef Encryption Decryption;
+};
+
+////////////////////////////// IETF XChaCha20 draft //////////////////////////////
+
+/// \brief XChaCha stream cipher information
+/// \since Crypto++ 8.1
+struct XChaCha20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24>, FixedRounds<20>
+{
+ /// \brief The algorithm name
+ /// \returns the algorithm name
+ /// \details StaticAlgorithmName returns the algorithm's name as a static
+ /// member function.
+ /// \details This is the IETF's XChaCha from draft-arciszewski-xchacha.
+ static const char* StaticAlgorithmName() {
+ return "XChaCha20";
+ }
+};
+
+/// \brief XChaCha stream cipher implementation
+/// \since Crypto++ 8.1
+class CRYPTOPP_NO_VTABLE XChaCha20_Policy : public AdditiveCipherConcretePolicy<word32, 16>
+{
+public:
+ virtual ~XChaCha20_Policy() {}
+ XChaCha20_Policy() {}
+
+protected:
+ void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length);
+ void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
+ void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
+ bool CipherIsRandomAccess() const {return false;}
+ void SeekToIteration(lword iterationCount);
+ unsigned int GetAlignment() const;
+ unsigned int GetOptimalBlockSize() const;
+
+ std::string AlgorithmName() const;
+ std::string AlgorithmProvider() const;
+
+ FixedSizeAlignedSecBlock<word32, 16+8+1> m_state;
+ CRYPTOPP_CONSTANT(ROUNDS = XChaCha20_Info::ROUNDS)
+ CRYPTOPP_CONSTANT(KEY = 16) // Index into m_state
+ CRYPTOPP_CONSTANT(CTR = 24) // Index into m_state
+};
+
+/// \brief XChaCha stream cipher
+/// \details This is the IETF's XChaCha from draft-arciszewski-xchacha.
+/// \sa <a href="https://tools.ietf.org/html/draft-arciszewski-xchacha">XChaCha:
+/// eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 (rev. 03)</a>, <A
+/// HREF="https://mailarchive.ietf.org/arch/msg/cfrg/gsOnTJzcbgG6OqD8Sc0GO5aR_tU">How
+/// to handle block counter wrap in IETF's ChaCha algorithm?</A> and
+/// <A HREF="https://github.com/weidai11/cryptopp/issues/790">Issue
+/// 790, ChaCha20 results when counter block wraps</A>.
+/// \since Crypto++ 8.1
+struct XChaCha20 : public XChaCha20_Info, public SymmetricCipherDocumentation
+{
+ /// \brief XChaCha Encryption
+ typedef SymmetricCipherFinal<ConcretePolicyHolder<XChaCha20_Policy, AdditiveCipherTemplate<> >, XChaCha20_Info > Encryption;
+ /// \brief XChaCha Decryption
typedef Encryption Decryption;
};
|