Fix ChaCha20/Poly1305 when using filters (GH #724)

2024-11-26 19:30:21 +00:00 · 2019-01-30 00:55:27 -05:00 · 2019-01-30 00:55:27 -05:00 · dd48a7acef
commit dd48a7acef
parent a4f6da8d30
5 changed files with 72 additions and 5 deletions
--- a/Filelist.txt
+++ b/Filelist.txt
@ -477,6 +477,7 @@ TestData/x25519v0.dat
 TestData/x25519v1.dat
 TestData/xtrdh171.dat
 TestData/xtrdh342.dat
+TestVectors/aead.txt
 TestVectors/aes.txt
 TestVectors/all.txt
 TestVectors/aria.txt
@ -487,6 +488,7 @@ TestVectors/camellia.txt
 TestVectors/ccm.txt
 TestVectors/chacha.txt
 TestVectors/chacha_tls.txt
+TestVectors/chacha20poly1305.txt
 TestVectors/cham.txt
 TestVectors/cmac.txt
 TestVectors/dlies.txt
--- a/TestVectors/aead.txt
+++ b/TestVectors/aead.txt
@ -0,0 +1,6 @@
+AlgorithmType: FileList
+Name: aead.txt collection
+Test: TestVectors/ccm.txt
+Test: TestVectors/eax.txt
+Test: TestVectors/gcm.txt
+Test: TestVectors/chacha20poly1305.txt
--- a/TestVectors/all.txt
+++ b/TestVectors/all.txt
@ -7,6 +7,7 @@ Test: TestVectors/blake2s.txt
 Test: TestVectors/camellia.txt
 Test: TestVectors/ccm.txt
 Test: TestVectors/chacha_tls.txt
+Test: TestVectors/chacha20poly1305.txt
 Test: TestVectors/chacha.txt
 Test: TestVectors/cham.txt
 Test: TestVectors/cmac.txt
--- a/TestVectors/chacha20poly1305.txt
+++ b/TestVectors/chacha20poly1305.txt
@ -0,0 +1,58 @@
+AlgorithmType: AuthenticatedSymmetricCipher
+Name: ChaCha20/Poly1305
+Source: RFC 8439 (https://tools.ietf.org/html/rfc8439), Section 2.8 example
+Key: 8081828384858687 88898a8b8c8d8e8f 9091929394959697 98999a9b9c9d9e9f
+IV: 0700000040414243 44454647
+Header: 50515253c0c1c2c3c4c5c6c7
+Plaintext: 4C61646965732061 6E642047656E746C 656D656E206F6620 74686520636C6173 \
+           73206F6620273939 3A20496620492063 6F756C64206F6666 657220796F75206F \
+           6E6C79206F6E6520 74697020666F7220 7468652066757475 72652C2073756E73 \
+           637265656E20776F 756C642062652069 742E
+Ciphertext: D31A8D34648E60DB 7B86AFBC53EF7EC2 A4ADED51296E08FE A9E2B5A736EE62D6 \
+            3DBEA45E8CA96712 82FAFB69DA92728B 1A71DE0A9E060B29 05D6A5B67ECD3B36 \
+            92DDBD7F2D778B8C 9803AEE328091B58 FAB324E4FAD67594 5585808B4831D7BC \
+            3FF4DEF08E4B7A9D E576D26586CEC64B 6116
+MAC: 1AE10B594F09E26A 7E902ECBD0600691
+Test: Encrypt
+#
+Source: RFC 8439 (https://tools.ietf.org/html/rfc8439), Section A.5 example
+Key: 1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0 \
+     47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0
+IV: 00 00 00 00 01 02 03 04 05 06 07 08
+Header: f3 33 88 86 00 00 00 00 00 00 4e 91
+Plaintext: 49 6e 74 65 72 6e 65 74 2d 44 72 61 66 74 73 20 \
+           61 72 65 20 64 72 61 66 74 20 64 6f 63 75 6d 65 \
+           6e 74 73 20 76 61 6c 69 64 20 66 6f 72 20 61 20 \
+           6d 61 78 69 6d 75 6d 20 6f 66 20 73 69 78 20 6d \
+           6f 6e 74 68 73 20 61 6e 64 20 6d 61 79 20 62 65 \
+           20 75 70 64 61 74 65 64 2c 20 72 65 70 6c 61 63 \
+           65 64 2c 20 6f 72 20 6f 62 73 6f 6c 65 74 65 64 \
+           20 62 79 20 6f 74 68 65 72 20 64 6f 63 75 6d 65 \
+           6e 74 73 20 61 74 20 61 6e 79 20 74 69 6d 65 2e \
+           20 49 74 20 69 73 20 69 6e 61 70 70 72 6f 70 72 \
+           69 61 74 65 20 74 6f 20 75 73 65 20 49 6e 74 65 \
+           72 6e 65 74 2d 44 72 61 66 74 73 20 61 73 20 72 \
+           65 66 65 72 65 6e 63 65 20 6d 61 74 65 72 69 61 \
+           6c 20 6f 72 20 74 6f 20 63 69 74 65 20 74 68 65 \
+           6d 20 6f 74 68 65 72 20 74 68 61 6e 20 61 73 20 \
+           2f e2 80 9c 77 6f 72 6b 20 69 6e 20 70 72 6f 67 \
+           72 65 73 73 2e 2f e2 80 9d
+Ciphertext: 64 a0 86 15 75 86 1a f4 60 f0 62 c7 9b e6 43 bd \
+            5e 80 5c fd 34 5c f3 89 f1 08 67 0a c7 6c 8c b2 \
+            4c 6c fc 18 75 5d 43 ee a0 9e e9 4e 38 2d 26 b0 \
+            bd b7 b7 3c 32 1b 01 00 d4 f0 3b 7f 35 58 94 cf \
+            33 2f 83 0e 71 0b 97 ce 98 c8 a8 4a bd 0b 94 81 \
+            14 ad 17 6e 00 8d 33 bd 60 f9 82 b1 ff 37 c8 55 \
+            97 97 a0 6e f4 f0 ef 61 c1 86 32 4e 2b 35 06 38 \
+            36 06 90 7b 6a 7c 02 b0 f9 f6 15 7b 53 c8 67 e4 \
+            b9 16 6c 76 7b 80 4d 46 a5 9b 52 16 cd e7 a4 e9 \
+            90 40 c5 a4 04 33 22 5e e2 82 a1 b0 a0 6c 52 3e \
+            af 45 34 d7 f8 3f a1 15 5b 00 47 71 8c bc 54 6a \
+            0d 07 2b 04 b3 56 4e ea 1b 42 22 73 f5 48 27 1a \
+            0b b2 31 60 53 fa 76 99 19 55 eb d6 31 59 43 4e \
+            ce bb 4e 46 6d ae 5a 10 73 a6 72 76 27 09 7a 10 \
+            49 e6 17 d9 1d 36 10 94 fa 68 f0 ff 77 98 71 30 \
+            30 5b ea ba 2e da 04 df 99 7b 71 4d 6c 6f 2c 29 \
+            a6 ad 5c b4 02 2b 02 70 9b
+MAC: ee ad 9d 67 89 0c bb 22 39 23 36 fe a1 85 1f 38
+Test: Encrypt
--- a/chachapoly.h
+++ b/chachapoly.h
@ -66,7 +66,7 @@ public:
 	lword MaxMessageLength() const
 		{return LWORD_MAX;}
 	lword MaxFooterLength() const
-		{return 16;}
+		{return 0;}

 	/// \brief Encrypts and calculates a MAC in one call
 	/// \param ciphertext the encryption buffer
@ -127,6 +127,7 @@ protected:
 /// \sa <A HREF="http://tools.ietf.org/html/rfc8439">RFC 8439, ChaCha20 and Poly1305
 ///  for IETF Protocols</A>.
 /// \since Crypto++ 8.1
+template <bool T_ForwardTransform>
 class ChaCha20Poly1305_Final : public ChaCha20Poly1305_Base
 {
 public:
@ -139,7 +140,7 @@ protected:
 	SymmetricCipher & AccessSymmetricCipher()
 		{return m_cipher;}
 	bool IsForwardTransformation() const
-		{return m_cipher.IsForwardTransformation();}
+		{return T_ForwardTransform;}

 	const MessageAuthenticationCode & GetMAC() const
 		{return const_cast<ChaCha20Poly1305_Final *>(this)->AccessMAC();}
@ -161,11 +162,10 @@ private:
 /// \since Crypto++ 8.1
 struct ChaCha20Poly1305 : public AuthenticatedSymmetricCipherDocumentation
 {
-	typedef ChaCha20Poly1305_Final Encryption;
-	typedef Encryption Decryption;
+	typedef ChaCha20Poly1305_Final<true> Encryption;
+	typedef ChaCha20Poly1305_Final<false> Decryption;
 };

-
 NAMESPACE_END

 #endif  // CRYPTOPP_CHACHA_POLY1305_H