aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-08-07 17:17:31 -0400
committerJack Lloyd <[email protected]>2018-08-07 17:43:31 -0400
commitd578fcd46138a94bfa0627d88437d624b5dba04a (patch)
tree37ae0f493e91f14bb4ce400173387224b81bfac6 /src
parent9b9c766ddb431b9262dc9db2270bbbe4c22d4add (diff)
Add support for XChaCha20Poly1305
Diffstat (limited to 'src')
-rw-r--r--src/lib/modes/aead/chacha20poly1305/chacha20poly1305.cpp6
-rw-r--r--src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h3
-rw-r--r--src/lib/modes/aead/chacha20poly1305/info.txt2
-rw-r--r--src/tests/data/aead/chacha20poly1305.vec47
4 files changed, 53 insertions, 5 deletions
diff --git a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.cpp b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.cpp
index e1fd4978c..786e21def 100644
--- a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.cpp
+++ b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.cpp
@@ -1,6 +1,6 @@
/*
* ChaCha20Poly1305 AEAD
-* (C) 2014,2016 Jack Lloyd
+* (C) 2014,2016,2018 Jack Lloyd
* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
@@ -20,13 +20,14 @@ ChaCha20Poly1305_Mode::ChaCha20Poly1305_Mode() :
bool ChaCha20Poly1305_Mode::valid_nonce_length(size_t n) const
{
- return (n == 8 || n == 12);
+ return (n == 8 || n == 12 || n == 24);
}
void ChaCha20Poly1305_Mode::clear()
{
m_chacha->clear();
m_poly1305->clear();
+ m_nonce_len = 0;
reset();
}
@@ -34,7 +35,6 @@ void ChaCha20Poly1305_Mode::reset()
{
m_ad.clear();
m_ctext_len = 0;
- m_nonce_len = 0;
}
void ChaCha20Poly1305_Mode::key_schedule(const uint8_t key[], size_t length)
diff --git a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h
index 5f6417333..c7ed615d6 100644
--- a/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h
+++ b/src/lib/modes/aead/chacha20poly1305/chacha20poly1305.h
@@ -20,6 +20,7 @@ namespace Botan {
* See draft-irtf-cfrg-chacha20-poly1305-03 for specification
* If a nonce of 64 bits is used the older version described in
* draft-agl-tls-chacha20poly1305-04 is used instead.
+* If a nonce of 192 bits is used, XChaCha20Poly1305 is selected.
*/
class BOTAN_PUBLIC_API(2,0) ChaCha20Poly1305_Mode : public AEAD_Mode
{
@@ -53,7 +54,7 @@ class BOTAN_PUBLIC_API(2,0) ChaCha20Poly1305_Mode : public AEAD_Mode
size_t m_nonce_len = 0;
size_t m_ctext_len = 0;
- bool cfrg_version() const { return m_nonce_len == 12; }
+ bool cfrg_version() const { return m_nonce_len == 12 || m_nonce_len == 24; }
void update_len(size_t len);
private:
void start_msg(const uint8_t nonce[], size_t nonce_len) override;
diff --git a/src/lib/modes/aead/chacha20poly1305/info.txt b/src/lib/modes/aead/chacha20poly1305/info.txt
index 7452f65c3..c3ea53db0 100644
--- a/src/lib/modes/aead/chacha20poly1305/info.txt
+++ b/src/lib/modes/aead/chacha20poly1305/info.txt
@@ -1,5 +1,5 @@
<defines>
-AEAD_CHACHA20_POLY1305 -> 20141228
+AEAD_CHACHA20_POLY1305 -> 20180807
</defines>
<requires>
diff --git a/src/tests/data/aead/chacha20poly1305.vec b/src/tests/data/aead/chacha20poly1305.vec
index e258bb3af..9dc47ebb0 100644
--- a/src/tests/data/aead/chacha20poly1305.vec
+++ b/src/tests/data/aead/chacha20poly1305.vec
@@ -50,3 +50,50 @@ Nonce = BBBBBBBBBBBBBBBBBBBBBBBB
AD = CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
In = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Out = A0C9391216A037370BDFF40626C5DD13D45447FBEBA3C985BF65FBCBE51663F9214F9C6757F9FC0CFF3135E68DC7251F
+
+# XChaCha20Poly1305 from golang/crypto and wireguard-go tests
+
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+AD =
+Nonce = 000000000000000000000000000000000000000000000000
+In = 000000000000000000000000000000
+Out = 789e9689e5208d7fd9e1f3c5b5341fb2f7033812ac9ebd3745e2c99c7bbfeb
+
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+AD =
+Nonce = 000000000000000000000000000000000000000000000000
+In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Out = 789e9689e5208d7fd9e1f3c5b5341f48ef18a13e418998addadd97a3693a987f8e82ecd5c1433bfed1af49750c0f1ff29c4174a05b119aa3a9e8333812e0c0feb1299c5949d895ee01dbf50f8395dd84
+
+Key = b7bbfe61b8041658ddc95d5cbdc01bbe7626d24f3a043b70ddee87541234cff7
+AD =
+Nonce = e293239d4c0a07840c5f83cb515be7fd59c333933027e99c
+In = 02dc819b71875e49f5e1e5a768141cfd3f14307ae61a34d81decd9a3367c00c7
+Out = 7a51f271bd2e547943c7be3316c05519a5d16803712289aa2369950b1504dd8267222e47b13280077ecada7b8795d535
+
+Key = 4ea8fab44a07f7ffc0329b2c2f8f994efdb6d505aec32113ae324def5d929ba1
+AD = d499bb9758debe59a93783c61974b7
+Nonce = 404d5086271c58bf27b0352a205d21ce4367d7b6a7628961
+In = 7afc5f3f24155002e17dc176a8f1f3a097ff5a991b02ff4640f70b90db0c15c328b696d6998ea7988edfe3b960e47824e4ae002fbe589be57896a9b7bf5578599c6ba0153c7c
+Out = 26d2b46ad58b6988e2dcf1d09ba8ab6f532dc7e0847cdbc0ed00284225c02bbdb278ee8381ebd127a06926107d1b731cfb1521b267168926492e8f77219ad922257a5be2c5e52e6183ca4dfd0ad3912d7bd1ec968065
+
+Key = 0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f
+Nonce = 0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f
+In = 0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f
+Out = e1a046aa7f71e2af8b80b6408b2fd8d3a350278cde79c94d9efaa475e1339b3dd490127b
+
+Key = 979196dbd78526f2f584f7534db3f5824d8ccfa858ca7e09bdd3656ecd36033c
+Nonce = d9a8213e8a697508805c2c171ad54487ead9e3e02d82d5bc
+In = 43cc6d624e451bbed952c3e071dc6c03392ce11eb14316a94b2fdc98b22fedea
+Out = 53c1e8bef2dbb8f2505ec010a7afe21d5a8e6dd8f987e4ea1a2ed5dfbc844ea400db34496fd2153526c6e87c36694200
+
+Key = 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
+Nonce = 07000000404142434445464748494a4b0000000000000000
+In = 4C616469657320616E642047656E746C656D656E206F662074686520636C617373206F66202739393A204966204920636F756C64206F6666657220796F75206F6E6C79206F6E652074697020666F7220746865206675747572652C2073756E73637265656E20776F756C642062652069742E
+Out = 453c0693a7407f04ff4c56aedb17a3c0a1afff01174930fc22287c33dbcf0ac8b89ad929530a1bb3ab5e69f24c7f6070c8f840c9abb4f69fbfc8a7ff5126faeebbb55805ee9c1cf2ce5a57263287aec5780f04ec324c3514122cfc3231fc1a8b718a62863730a2702bb76366116bed09e0fdd4c860b7074be894fac9697399be5cc1
+
+Key = 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
+Nonce = 07000000404142434445464748494a4b0000000000000000
+AD = 50515253c0c1c2c3c4c5c6c7
+In = 4C616469657320616E642047656E746C656D656E206F662074686520636C617373206F66202739393A204966204920636F756C64206F6666657220796F75206F6E6C79206F6E652074697020666F7220746865206675747572652C2073756E73637265656E20776F756C642062652069742E
+Out = 453c0693a7407f04ff4c56aedb17a3c0a1afff01174930fc22287c33dbcf0ac8b89ad929530a1bb3ab5e69f24c7f6070c8f840c9abb4f69fbfc8a7ff5126faeebbb55805ee9c1cf2ce5a57263287aec5780f04ec324c3514122cfc3231fc1a8b718a62863730a2702bb76366116bed09e0fd5c6d84b6b0c1abaf249d5dd0f7f5a7ea