chacha: new ChaCha20 stream cipher

2014-03-29 18:10:58 +01:00 · 2014-03-29 18:10:58 +01:00 · 7d1d95784a
parent 6a8029e626
commit 7d1d95784a
2 changed files with 196 additions and 0 deletions
--- a/src/chacha.cpp
+++ b/src/chacha.cpp
@ -0,0 +1,135 @@
+
+/*
+ * This file is part of Codecrypt.
+ *
+ * Codecrypt is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Codecrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "chacha.h"
+
+void chacha_gen (const uint32_t*key, const uint32_t*counter, uint32_t*out)
+{
+	uint32_t j[16], x[16];
+	int i;
+	static const char sigma[] = "expand 32-byte k";
+
+	//key setup
+	for (i = 0; i < 4; ++i)
+		j[i] = ( (uint32_t*) sigma) [i]; //constants
+
+	for (i = 0; i < 8; ++i)
+		j[4 + i] = key[i]; //key material
+
+	for (i = 0; i < 2; ++i)
+		j[14 + i] = key[8 + i]; //IV, taken from key
+
+	for (i = 0; i < 2; ++i)
+		j[12 + i] = counter[i]; //block position
+
+	//rounds&mixing
+	for (i = 0; i < 16; ++i) x[i] = j[i];
+
+#define rotl32(val,n) \
+	(((uint32_t)((val)<<(n)))|((val)>>(32-(n))))
+
+#define qtrround(a,b,c,d) \
+	x[a]=x[a]+x[b]; x[d]=rotl32(x[d]^x[a], 16); \
+	x[c]=x[c]+x[d]; x[b]=rotl32(x[b]^x[c], 12); \
+	x[a]=x[a]+x[b]; x[d]=rotl32(x[d]^x[a], 8); \
+	x[c]=x[c]+x[d]; x[b]=rotl32(x[b]^x[c], 7);
+
+	for (i = 0; i < 20; ++i) {
+		qtrround (0, 4, 8, 12);
+		qtrround (1, 5, 9, 13);
+		qtrround (2, 6, 10, 14);
+		qtrround (3, 7, 11, 15);
+		qtrround (0, 5, 10, 15);
+		qtrround (1, 6, 11, 12);
+		qtrround (2, 7, 8, 13);
+		qtrround (3, 4, 9, 14);
+	}
+
+	//output the round
+	for (i = 0; i < 16; ++i) out[i] = x[i] + j[i];
+}
+
+void chacha_incr_counter (uint32_t*counter)
+{
+	counter[0]++;
+	if (!counter[0]) counter[1]++;
+}
+
+void chacha20::init()
+{
+	for (int i = 0; i < 10; ++i) key[i] = 0;
+	for (int i = 0; i < 2; ++i) counter[i] = 0;
+
+	blockpos = 256;
+}
+
+void chacha20::load_key (const byte*begin, const byte*end)
+{
+	if (begin >= end) return; //invalid usage
+
+	byte *ckey = (byte*) key;
+	byte *kp = ckey;
+	const byte *b = begin;
+
+	for (; b < end; ++b) { //stuff in whole key
+		*kp = *b ^ *kp;
+		if (++kp > ckey + 40) kp = ckey;
+	}
+
+	b = begin;
+	for (; kp < ckey + 40; ++kp) { //fill up the rest
+		*kp = *b ^*kp;
+		if (++b == end) b = begin;
+	}
+}
+
+byte chacha20::gen()
+{
+	byte r;
+	gen (1, &r);
+	return r;
+}
+
+void chacha20::gen (size_t n, byte*out)
+{
+	//empty the block buffer first
+	while (n && blockpos < 64) {
+		* (out++) = block[blockpos++];
+		--n;
+	}
+
+	//fill in whole blocks
+	while (n >= 64) {
+		chacha_gen (key, counter, (uint32_t*) &out);
+		chacha_incr_counter (counter);
+		out += 64;
+		n -= 64;
+	}
+
+	if (!n) return;
+
+	//generate the last truncated block
+	blockpos = 0;
+	chacha_gen (key, counter, (uint32_t*) block);
+	chacha_incr_counter (counter);
+
+	while (n) {
+		* (out++) = block[blockpos++];
+		--n;
+	}
+}
--- a/src/chacha.h
+++ b/src/chacha.h
@ -0,0 +1,61 @@
+
+/*
+ * This file is part of Codecrypt.
+ *
+ * Codecrypt is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Codecrypt is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _ccr_chacha_h_
+#define _ccr_chacha_h_
+
+#include "types.h"
+#include "sc.h"
+
+#include <sys/types.h>
+#include <stdint.h>
+
+class chacha20 : public streamcipher
+{
+	/*
+	 * This implementation uses Nonce as actual part of the key, as we do
+	 * not have any actual use for nonce-ing here. From that reason, keys
+	 * are 40byte (320bit). We always use the "32byte" expansion.
+	 */
+
+	uint32_t key[10];
+	uint32_t counter[2];
+
+	byte block[64];
+	int blockpos; //64 = no block data allocated
+
+	void init();
+
+	void clear() {
+		init();
+	}
+
+	void load_key (const byte*begin, const byte*end);
+	byte gen();
+	void gen (size_t n, byte*out);
+
+	size_t key_size() {
+		return 32 + 8;
+	}
+
+	size_t block_size() {
+		return 64;
+	}
+};
+
+#endif