diff options
author | Niels Möller <nisse@lysator.liu.se> | 2021-02-10 11:22:23 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2021-02-10 11:22:23 +0100 |
commit | 64837b2e433e2b99b893683949bad3a99acab38f (patch) | |
tree | 9a587ca39023ce0a3f171192955a2996da595043 | |
parent | dd1867efa005704fbac438896369694a44fd474b (diff) | |
download | nettle-fix-chacha-counter.tar.gz |
Fix chacha counter update for _4core variants.fix-chacha-counter
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | chacha-crypt.c | 10 |
2 files changed, 11 insertions, 3 deletions
@@ -1,5 +1,9 @@ 2021-02-10 Niels Möller <nisse@lysator.liu.se> + * chacha-crypt.c (_nettle_chacha_crypt_4core): Fix for the case + that counter increment should be 3 (129 <= message length <= 192). + (_nettle_chacha_crypt32_4core): Likewise. + * testsuite/chacha-test.c (test_chacha_rounds): New function, for tests with non-standard round count. Extracted from _test_chacha. (_test_chacha): Deleted rounds argument. Reorganized crypt/crypt32 diff --git a/chacha-crypt.c b/chacha-crypt.c index 081ebcf4..1fdfc813 100644 --- a/chacha-crypt.c +++ b/chacha-crypt.c @@ -80,13 +80,16 @@ _nettle_chacha_crypt_4core(struct chacha_ctx *ctx, while (length > 2*CHACHA_BLOCK_SIZE) { _nettle_chacha_4core (x, ctx->state, CHACHA_ROUNDS); - ctx->state[12] += 4; - ctx->state[13] += (ctx->state[12] < 4); if (length <= 4*CHACHA_BLOCK_SIZE) { + uint32_t incr = 3 + (length > 3*CHACHA_BLOCK_SIZE); + ctx->state[12] += incr; + ctx->state[13] += (ctx->state[12] < incr); memxor3 (dst, src, x, length); return; } + ctx->state[12] += 4; + ctx->state[13] += (ctx->state[12] < 4); memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE); length -= 4*CHACHA_BLOCK_SIZE; @@ -200,12 +203,13 @@ _nettle_chacha_crypt32_4core(struct chacha_ctx *ctx, while (length > 2*CHACHA_BLOCK_SIZE) { _nettle_chacha_4core32 (x, ctx->state, CHACHA_ROUNDS); - ctx->state[12] += 4; if (length <= 4*CHACHA_BLOCK_SIZE) { + ctx->state[12] += 3 + (length > 3*CHACHA_BLOCK_SIZE); memxor3 (dst, src, x, length); return; } + ctx->state[12] += 4; memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE); length -= 4*CHACHA_BLOCK_SIZE; |