shadps4-emu/ext-cryptopp
1
0
Fork 0
mirror of https://github.com/shadps4-emu/ext-cryptopp.git synced 2024-11-23 09:59:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid extra call to RekeyCipherAndMac in ChaCha20/Poly1305

Browse Source
This commit is contained in:
Jeffrey Walton 2019-02-04 06:04:12 -05:00
parent 868ca8e2e5
commit 5b6b86c7f1
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
chachapoly.cpp
View File

@ -11,8 +11,8 @@ NAMESPACE_BEGIN(CryptoPP)
// RekeyCipherAndMac is heavier-weight than we like. The Authenc framework was // RekeyCipherAndMac is heavier-weight than we like. The Authenc framework was
// predicated on BlockCiphers, where the key and key schedule could be // predicated on BlockCiphers, where the key and key schedule could be
// calculated independent of the IV being used. However, the ChaCha and // calculated independent of the IV being used. However, the ChaCha and
// ChaCha20Poly1305 construction conflates key setup and IV. That is, both are // ChaCha20Poly1305 construction combines key setup and IV. That is, both are
// needed to key or rekey the cipher. Even a simple Resync() forces us to // needed to key or rekey the cipher. Even a simple Resync() requires us to
// regenerate the initial state for both ChaCha20 and Poly1305. // regenerate the initial state for both ChaCha20 and Poly1305.
void ChaCha20Poly1305_Base::RekeyCipherAndMac(const byte *userKey, size_t keylength, const NameValuePairs &params) void ChaCha20Poly1305_Base::RekeyCipherAndMac(const byte *userKey, size_t keylength, const NameValuePairs &params)
{ {
@ -36,7 +36,16 @@ void ChaCha20Poly1305_Base::SetKeyWithoutResync(const byte *userKey, size_t user
{ {
CRYPTOPP_ASSERT(userKey && userKeyLength == 32); CRYPTOPP_ASSERT(userKey && userKeyLength == 32);
m_userKey.Assign(userKey, userKeyLength); m_userKey.Assign(userKey, userKeyLength);
RekeyCipherAndMac(userKey, userKeyLength, params);
// ChaCha/Poly1305 initial state depends on both the key and IV. The
// IV may or may not be present during the call to SetKeyWithoutResync.
// If the IV is present, the framework will call SetKeyWithoutResync
// followed by Resynchronize which calls Resync. In this case we defer
// calculating the initial state until the call to Resynchronize.
// If the IV is not present, it avoids calling ChaCha's SetKey without
// an IV, which results in an exception. In this case the user will need
// to call Resynchronize to key ChaCha and Poly1305.
// RekeyCipherAndMac(userKey, userKeyLength, params);
} }
void ChaCha20Poly1305_Base::Resync(const byte *iv, size_t len) void ChaCha20Poly1305_Base::Resync(const byte *iv, size_t len)
@ -75,6 +84,7 @@ void ChaCha20Poly1305_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSiz
PutWord(true, LITTLE_ENDIAN_ORDER, length+8, m_totalMessageLength); PutWord(true, LITTLE_ENDIAN_ORDER, length+8, m_totalMessageLength);
AccessMAC().Update(length, sizeof(length)); AccessMAC().Update(length, sizeof(length));
AccessMAC().TruncatedFinal(mac, macSize); AccessMAC().TruncatedFinal(mac, macSize);
m_state = State_KeySet;
} }
void ChaCha20Poly1305_Base::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength) void ChaCha20Poly1305_Base::EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *aad, size_t aadLength, const byte *message, size_t messageLength)