Commit Graph

12 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b60045aacb chacha20: fix bug in starts() and add test for it
Previously the streaming API would fail when encrypting multiple messages with
the same key.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
453cf2850f Remove semi-internal chacha20_keystrem_block()
It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
02969bf882 ChaCha20: allow in-place en/decryption
All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
726cf72fce Avoid using %zu in selftest functions
This is a C99 feature and unfortunately we can't rely on it yet considering
the set of toolchain (versions) we want to support.
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
deda80e80d Adapt the _ALT style to our new standard
- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
2018-05-10 13:22:14 +02:00
Daniel King
f589275d80 Minor style and formatting fixes.
This change corrects some minor style violations, mostly for spacing
around parentheses.
2018-05-10 13:22:14 +02:00
Daniel King
47252c739d Correct signedness of printf specifier in self tests 2018-05-10 13:22:14 +02:00
Daniel King
d00afaf2ba Adjust verbose self-test output to match other ciphers. 2018-05-10 13:21:40 +02:00
Daniel King
f28c2aa64e Allow some parameters to be NULL if the length is 0.
This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
2018-05-10 13:20:52 +02:00
Daniel King
31ac12e004 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-10 13:20:52 +02:00
Daniel King
0fe7b5b8c5 Add ChaCha20 to the Cipher module 2018-05-10 13:19:31 +02:00
Daniel King
a98ff5eadf Initial implementation of ChaCha20 2018-05-10 13:19:31 +02:00