Initial aead/chacha20 support (ChaCha20_12)

Signed-off-by: Russ Magee <rmagee@gmail.com>
2024-08-14 10:26:42 +00:00 · 2020-02-21 17:21:19 -08:00 · 2020-02-21 17:21:19 -08:00 · e9aa0072a5
commit e9aa0072a5
parent 8de76520e4
18 changed files with 2592 additions and 2 deletions
--- a/xsnet/chan.go
+++ b/xsnet/chan.go
@ -21,6 +21,7 @@ import (
 	"log"

 	"blitter.com/go/cryptmt"
+	"github.com/aead/chacha20/chacha"
 	"golang.org/x/crypto/blowfish"
 	"golang.org/x/crypto/twofish"

@ -104,6 +105,18 @@ func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err err
 	case CAlgCryptMT1:
 		rc = cryptmt.New(nil, nil, keymat)
 		log.Printf("[cipher CRYPTMT1 (%d)]\n", copts)
+	case CAlgChaCha20_12:
+		keymat = expandKeyMat(keymat, chacha.KeySize)
+		key = keymat[0:chacha.KeySize]
+		ivlen = chacha.INonceSize
+		iv = keymat[chacha.KeySize : chacha.KeySize+ivlen]
+		rc, err = chacha.NewCipher(iv, key, 20)
+		if err != nil {
+			log.Printf("[ChaCha20 config error]\n")
+			fmt.Printf("[ChaCha20 config error]\n")
+		}
+		// TODO: SetCounter() to something derived from key or nonce or extra keymat?
+		log.Printf("[cipher CHACHA20_12 (%d)]\n", copts)
 	default:
 		log.Printf("[invalid cipher (%d)]\n", copts)
 		fmt.Printf("DOOFUS SET A VALID CIPHER ALG (%d)\n", copts)
--- a/xsnet/consts.go
+++ b/xsnet/consts.go
@ -99,6 +99,7 @@ const (
 	CAlgTwofish128 // golang.org/x/crypto/twofish
 	CAlgBlowfish64 // golang.org/x/crypto/blowfish
 	CAlgCryptMT1   //cryptmt using mtwist64
+	CAlgChaCha20_12
 	CAlgNoneDisallowed
 )

--- a/xsnet/net.go
+++ b/xsnet/net.go
@ -145,6 +145,8 @@ func (c *CSCipherAlg) String() string {
 		return "C_BLOWFISH_64"
 	case CAlgCryptMT1:
 		return "C_CRYPTMT1"
+	case CAlgChaCha20_12:
+		return "C_CHACHA20_12"
 	default:
 		return "C_ERR_UNK"
 	}
@ -280,6 +282,8 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
 		hc.kex = KEX_HERRADURA512
 		log.Printf("[KEx alg %d ?? defaults to %d]\n", kexAlg, hc.kex)
 	}
+
+	//hc.logCipherText = true // !!! DEBUGGING ONLY !!! NEVER DEPLOY this uncommented !!!
 	return
 }

@ -298,7 +302,7 @@ func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
 //
 // Session (symmetric) crypto
 //
-// C_AES_256 C_TWOFISH_128 C_BLOWFISH_128 C_CRYPTMT1
+// C_AES_256 C_TWOFISH_128 C_BLOWFISH_128 C_CRYPTMT1 C_CHACHA20_12
 //
 // Session HMACs
 //
@ -322,6 +326,10 @@ func (hc *Conn) applyConnExtensions(extensions ...string) {
 			log.Println("[extension arg = C_CRYPTMT1]")
 			hc.cipheropts &= (0xFFFFFF00)
 			hc.cipheropts |= CAlgCryptMT1
+		case "C_CHACHA20_12":
+			log.Println("[extension arg = C_CHACHA20_12]")
+			hc.cipheropts &= (0xFFFFFF00)
+			hc.cipheropts |= CAlgChaCha20_12
 		case "H_SHA256":
 			log.Println("[extension arg = H_SHA256]")
 			hc.cipheropts &= (0xFFFF00FF)