From 3462a7fc813da9576f8dda41a81b86ca03b99344 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sat, 14 Mar 2020 06:01:49 +0100 Subject: cipher: expose raw ChaCha20 cipher Signed-off-by: Daiki Ueno --- lib/algorithms/ciphers.c | 7 +++++++ lib/includes/gnutls/gnutls.h.in | 2 ++ lib/nettle/cipher.c | 21 +++++++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index fd47c13b66..207b0483fa 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -136,6 +136,13 @@ static const cipher_entry_st algorithms[] = { .type = CIPHER_STREAM, .explicit_iv = 0, .cipher_iv = 8}, + { .name = "CHACHA20-64", + .id = GNUTLS_CIPHER_CHACHA20_64, + .blocksize = 64, + .keysize = 32, + .type = CIPHER_STREAM, + .explicit_iv = 0, + .cipher_iv = 8}, { .name = "CAMELLIA-256-CBC", .id = GNUTLS_CIPHER_CAMELLIA_256_CBC, .blocksize = 16, diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index cfc1f35e92..e88fe86918 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -113,6 +113,7 @@ extern "C" { * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys (AEAD). * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys. * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys. + * @GNUTLS_CIPHER_CHACHA20_64: Chacha20 cipher with 64-bit nonces. * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD). * @GNUTLS_CIPHER_GOST28147_TC26Z_CFB: GOST 28147-89 (Magma) cipher in CFB mode with TC26 Z S-box. * @GNUTLS_CIPHER_GOST28147_CPA_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro A S-box. @@ -174,6 +175,7 @@ typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_AES_128_XTS = 32, GNUTLS_CIPHER_AES_256_XTS = 33, GNUTLS_CIPHER_GOST28147_TC26Z_CNT = 34, + GNUTLS_CIPHER_CHACHA20_64 = 35, /* used only for PGP internals. Ignored in TLS/SSL */ diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 5e9f25b2ec..e46ce4afe4 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -246,6 +246,13 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx, tag_size, length, dst, src); } +static void +_chacha_set_nonce (struct chacha_poly1305_ctx *ctx, + size_t length, const uint8_t *nonce) +{ + chacha_set_nonce(ctx, nonce); +} + static void _chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx, size_t length, const uint8_t *nonce) @@ -607,6 +614,20 @@ static const struct nettle_cipher_st builtin_ciphers[] = { .set_decrypt_key = (nettle_set_key_func*)salsa20_256_set_key, .max_iv_size = SALSA20_NONCE_SIZE, }, + { .algo = GNUTLS_CIPHER_CHACHA20_64, + .block_size = 1, + .key_size = CHACHA_KEY_SIZE, + .encrypt_block = (nettle_cipher_func*)chacha_crypt, + .decrypt_block = (nettle_cipher_func*)chacha_crypt, + + .ctx_size = sizeof(struct chacha_ctx), + .encrypt = _stream_encrypt, + .decrypt = _stream_encrypt, + .set_encrypt_key = (nettle_set_key_func*)chacha_set_key, + .set_decrypt_key = (nettle_set_key_func*)chacha_set_key, + .set_iv = (setiv_func)_chacha_set_nonce, + .max_iv_size = CHACHA_NONCE_SIZE, + }, { .algo = GNUTLS_CIPHER_CHACHA20_POLY1305, .block_size = CHACHA_POLY1305_BLOCK_SIZE, .key_size = CHACHA_POLY1305_KEY_SIZE, -- cgit v1.2.1