diff options
author | Daiki Ueno <dueno@redhat.com> | 2020-03-09 13:01:18 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2020-03-09 19:09:18 +0100 |
commit | 2176ccc158d220f2884a10980266899c495b77be (patch) | |
tree | b911b0287da426c48957d6c47c125c8c697e1126 /testsuite/chacha-test.c | |
parent | a9894036fc5e3c972d751ea28e64e23ddc77fc37 (diff) | |
download | nettle-2176ccc158d220f2884a10980266899c495b77be.tar.gz |
chacha: add variant that treats counter value as 32-bit
The ChaCha-Poly1305 implementation previously used the chacha_crypt
function that assumes the block counter is 64-bit long, while RFC 8439
defines that the counter is 32-bit long. Although this should be fine
as long as up to 256 gigabytes of data is encrypted with the same key,
it would be nice to use a separate functions (chacha_set_counter32 and
chacha_crypt32) that assume the counter is 32-bit long.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'testsuite/chacha-test.c')
-rw-r--r-- | testsuite/chacha-test.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c index 6875d4bb..fb8f1db7 100644 --- a/testsuite/chacha-test.c +++ b/testsuite/chacha-test.c @@ -71,9 +71,23 @@ _test_chacha(const struct tstring *key, const struct tstring *nonce, die ("Bad nonce size %u.\n", (unsigned) nonce->length); if (counter) - chacha_set_counter(&ctx, counter->data); + { + if (counter->length == CHACHA_COUNTER_SIZE) + { + ASSERT (nonce->length == CHACHA_NONCE_SIZE); + chacha_set_counter(&ctx, counter->data); + } + else if (counter->length == CHACHA_COUNTER32_SIZE) + { + ASSERT (nonce->length == CHACHA_NONCE96_SIZE); + chacha_set_counter32(&ctx, counter->data); + } + } - chacha_crypt (&ctx, length, data, data); + if (nonce->length == CHACHA_NONCE_SIZE) + chacha_crypt (&ctx, length, data, data); + else + chacha_crypt32 (&ctx, length, data, data); ASSERT (data[-1] == 17); ASSERT (data[length] == 17); @@ -666,8 +680,20 @@ test_main(void) "b5129cd1de164eb9 cbd083e8a2503c4e"), 20); - /* This is identical to the 96-bit nonce test, but it manually sets - the counter value */ + /* This is identical to the above 96-bit nonce test, but it manually + sets the 32-bit counter value */ + test_chacha_with_counter(SHEX("0001020304050607 08090a0b0c0d0e0f" + "1011121314151617 18191a1b1c1d1e1f"), + SHEX("000000090000004a 00000000"), + SHEX("10f1e7e4d13b5915 500fdd1fa32071c4" + "c7d1f4c733c06803 0422aa9ac3d46c4e" + "d2826446079faa09 14c2d705d98b02a2" + "b5129cd1de164eb9 cbd083e8a2503c4e"), + 20, + SHEX("01000000")); + + /* This is identical to the above 96-bit nonce test, but it manually + sets the 64-bit counter value */ test_chacha_with_counter(SHEX("0001020304050607 08090a0b0c0d0e0f" "1011121314151617 18191a1b1c1d1e1f"), SHEX("0000004a00000000"), |