Add a chacha20 variant to go with chacha8

This commit is contained in:
moneromooo-monero 2017-12-07 13:27:11 +00:00
parent 6ca30ae666
commit 1e5491e942
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
9 changed files with 65 additions and 50 deletions

View file

@ -29,7 +29,7 @@
set(crypto_sources set(crypto_sources
aesb.c aesb.c
blake256.c blake256.c
chacha8.c chacha.c
crypto-ops-data.c crypto-ops-data.c
crypto-ops.c crypto-ops.c
crypto.cpp crypto.cpp
@ -51,7 +51,7 @@ set(crypto_headers)
set(crypto_private_headers set(crypto_private_headers
blake256.h blake256.h
chacha8.h chacha.h
crypto-ops.h crypto-ops.h
crypto.h crypto.h
generic-ops.h generic-ops.h

View file

@ -8,7 +8,7 @@ Public domain.
#include <stdio.h> #include <stdio.h>
#include <sys/param.h> #include <sys/param.h>
#include "chacha8.h" #include "chacha.h"
#include "common/int-util.h" #include "common/int-util.h"
#include "warnings.h" #include "warnings.h"
@ -40,7 +40,7 @@ static const char sigma[] = "expand 32-byte k";
DISABLE_GCC_AND_CLANG_WARNING(strict-aliasing) DISABLE_GCC_AND_CLANG_WARNING(strict-aliasing)
void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher) { static void chacha(unsigned rounds, const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher) {
uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
char* ctarget = 0; char* ctarget = 0;
@ -89,7 +89,7 @@ void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t*
x13 = j13; x13 = j13;
x14 = j14; x14 = j14;
x15 = j15; x15 = j15;
for (i = 8;i > 0;i -= 2) { for (i = rounds;i > 0;i -= 2) {
QUARTERROUND( x0, x4, x8,x12) QUARTERROUND( x0, x4, x8,x12)
QUARTERROUND( x1, x5, x9,x13) QUARTERROUND( x1, x5, x9,x13)
QUARTERROUND( x2, x6,x10,x14) QUARTERROUND( x2, x6,x10,x14)
@ -168,3 +168,13 @@ void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t*
data = (uint8_t*)data + 64; data = (uint8_t*)data + 64;
} }
} }
void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher)
{
chacha(8, data, length, key, iv, cipher);
}
void chacha20(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher)
{
chacha(20, data, length, key, iv, cipher);
}

View file

@ -33,8 +33,8 @@
#include <stdint.h> #include <stdint.h>
#include <stddef.h> #include <stddef.h>
#define CHACHA8_KEY_SIZE 32 #define CHACHA_KEY_SIZE 32
#define CHACHA8_IV_SIZE 8 #define CHACHA_IV_SIZE 8
#if defined(__cplusplus) #if defined(__cplusplus)
#include <memory.h> #include <memory.h>
@ -46,33 +46,38 @@ namespace crypto {
extern "C" { extern "C" {
#endif #endif
void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher); void chacha8(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher);
void chacha20(const void* data, size_t length, const uint8_t* key, const uint8_t* iv, char* cipher);
#if defined(__cplusplus) #if defined(__cplusplus)
} }
using chacha8_key = tools::scrubbed_arr<uint8_t, CHACHA8_KEY_SIZE>; using chacha_key = tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>;
#pragma pack(push, 1) #pragma pack(push, 1)
// MS VC 2012 doesn't interpret `class chacha8_iv` as POD in spite of [9.0.10], so it is a struct // MS VC 2012 doesn't interpret `class chacha_iv` as POD in spite of [9.0.10], so it is a struct
struct chacha8_iv { struct chacha_iv {
uint8_t data[CHACHA8_IV_SIZE]; uint8_t data[CHACHA_IV_SIZE];
}; };
#pragma pack(pop) #pragma pack(pop)
static_assert(sizeof(chacha8_key) == CHACHA8_KEY_SIZE && sizeof(chacha8_iv) == CHACHA8_IV_SIZE, "Invalid structure size"); static_assert(sizeof(chacha_key) == CHACHA_KEY_SIZE && sizeof(chacha_iv) == CHACHA_IV_SIZE, "Invalid structure size");
inline void chacha8(const void* data, std::size_t length, const chacha8_key& key, const chacha8_iv& iv, char* cipher) { inline void chacha8(const void* data, std::size_t length, const chacha_key& key, const chacha_iv& iv, char* cipher) {
chacha8(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher); chacha8(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
} }
inline void generate_chacha8_key(const void *data, size_t size, chacha8_key& key) { inline void chacha20(const void* data, std::size_t length, const chacha_key& key, const chacha_iv& iv, char* cipher) {
static_assert(sizeof(chacha8_key) <= sizeof(hash), "Size of hash must be at least that of chacha8_key"); chacha20(data, length, key.data(), reinterpret_cast<const uint8_t*>(&iv), cipher);
}
inline void generate_chacha_key(const void *data, size_t size, chacha_key& key) {
static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
tools::scrubbed_arr<char, HASH_SIZE> pwd_hash; tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
crypto::cn_slow_hash(data, size, pwd_hash.data()); crypto::cn_slow_hash(data, size, pwd_hash.data());
memcpy(&key, pwd_hash.data(), sizeof(key)); memcpy(&key, pwd_hash.data(), sizeof(key));
} }
inline void generate_chacha8_key(std::string password, chacha8_key& key) { inline void generate_chacha_key(std::string password, chacha_key& key) {
return generate_chacha8_key(password.data(), password.size(), key); return generate_chacha_key(password.data(), password.size(), key);
} }
} }

View file

@ -34,7 +34,7 @@
#include "serialization.h" #include "serialization.h"
#include "debug_archive.h" #include "debug_archive.h"
#include "crypto/chacha8.h" #include "crypto/chacha.h"
#include "crypto/crypto.h" #include "crypto/crypto.h"
#include "crypto/hash.h" #include "crypto/hash.h"
@ -77,7 +77,7 @@ bool do_serialize(Archive<true> &ar, std::vector<crypto::signature> &v)
return true; return true;
} }
BLOB_SERIALIZER(crypto::chacha8_iv); BLOB_SERIALIZER(crypto::chacha_iv);
BLOB_SERIALIZER(crypto::hash); BLOB_SERIALIZER(crypto::hash);
BLOB_SERIALIZER(crypto::hash8); BLOB_SERIALIZER(crypto::hash8);
BLOB_SERIALIZER(crypto::public_key); BLOB_SERIALIZER(crypto::public_key);

View file

@ -2373,11 +2373,11 @@ bool wallet2::store_keys(const std::string& keys_file_name, const epee::wipeable
account_data = buffer.GetString(); account_data = buffer.GetString();
// Encrypt the entire JSON object. // Encrypt the entire JSON object.
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(password.data(), password.size(), key); crypto::generate_chacha_key(password.data(), password.size(), key);
std::string cipher; std::string cipher;
cipher.resize(account_data.size()); cipher.resize(account_data.size());
keys_file_data.iv = crypto::rand<crypto::chacha8_iv>(); keys_file_data.iv = crypto::rand<crypto::chacha_iv>();
crypto::chacha8(account_data.data(), account_data.size(), key, keys_file_data.iv, &cipher[0]); crypto::chacha8(account_data.data(), account_data.size(), key, keys_file_data.iv, &cipher[0]);
keys_file_data.account_data = cipher; keys_file_data.account_data = cipher;
@ -2414,8 +2414,8 @@ bool wallet2::load_keys(const std::string& keys_file_name, const epee::wipeable_
// Decrypt the contents // Decrypt the contents
r = ::serialization::parse_binary(buf, keys_file_data); r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"'); THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(password.data(), password.size(), key); crypto::generate_chacha_key(password.data(), password.size(), key);
std::string account_data; std::string account_data;
account_data.resize(keys_file_data.account_data.size()); account_data.resize(keys_file_data.account_data.size());
crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]); crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
@ -2599,8 +2599,8 @@ bool wallet2::verify_password(const std::string& keys_file_name, const epee::wip
// Decrypt the contents // Decrypt the contents
r = ::serialization::parse_binary(buf, keys_file_data); r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"'); THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(password.data(), password.size(), key); crypto::generate_chacha_key(password.data(), password.size(), key);
std::string account_data; std::string account_data;
account_data.resize(keys_file_data.account_data.size()); account_data.resize(keys_file_data.account_data.size());
crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]); crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
@ -3292,7 +3292,7 @@ bool wallet2::check_connection(uint32_t *version, uint32_t timeout)
return true; return true;
} }
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
bool wallet2::generate_chacha8_key_from_secret_keys(crypto::chacha8_key &key) const bool wallet2::generate_chacha_key_from_secret_keys(crypto::chacha_key &key) const
{ {
const account_keys &keys = m_account.get_keys(); const account_keys &keys = m_account.get_keys();
const crypto::secret_key &view_key = keys.m_view_secret_key; const crypto::secret_key &view_key = keys.m_view_secret_key;
@ -3301,7 +3301,7 @@ bool wallet2::generate_chacha8_key_from_secret_keys(crypto::chacha8_key &key) co
memcpy(data.data(), &view_key, sizeof(view_key)); memcpy(data.data(), &view_key, sizeof(view_key));
memcpy(data.data() + sizeof(view_key), &spend_key, sizeof(spend_key)); memcpy(data.data() + sizeof(view_key), &spend_key, sizeof(spend_key));
data[sizeof(data) - 1] = CHACHA8_KEY_TAIL; data[sizeof(data) - 1] = CHACHA8_KEY_TAIL;
crypto::generate_chacha8_key(data.data(), sizeof(data), key); crypto::generate_chacha_key(data.data(), sizeof(data), key);
return true; return true;
} }
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
@ -3341,8 +3341,8 @@ void wallet2::load(const std::string& wallet_, const epee::wipeable_string& pass
r = ::serialization::parse_binary(buf, cache_file_data); r = ::serialization::parse_binary(buf, cache_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + m_wallet_file + '\"'); THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + m_wallet_file + '\"');
crypto::chacha8_key key; crypto::chacha_key key;
generate_chacha8_key_from_secret_keys(key); generate_chacha_key_from_secret_keys(key);
std::string cache_data; std::string cache_data;
cache_data.resize(cache_file_data.cache_data.size()); cache_data.resize(cache_file_data.cache_data.size());
crypto::chacha8(cache_file_data.cache_data.data(), cache_file_data.cache_data.size(), key, cache_file_data.iv, &cache_data[0]); crypto::chacha8(cache_file_data.cache_data.data(), cache_file_data.cache_data.size(), key, cache_file_data.iv, &cache_data[0]);
@ -3500,11 +3500,11 @@ void wallet2::store_to(const std::string &path, const epee::wipeable_string &pas
wallet2::cache_file_data cache_file_data = boost::value_initialized<wallet2::cache_file_data>(); wallet2::cache_file_data cache_file_data = boost::value_initialized<wallet2::cache_file_data>();
cache_file_data.cache_data = oss.str(); cache_file_data.cache_data = oss.str();
crypto::chacha8_key key; crypto::chacha_key key;
generate_chacha8_key_from_secret_keys(key); generate_chacha_key_from_secret_keys(key);
std::string cipher; std::string cipher;
cipher.resize(cache_file_data.cache_data.size()); cipher.resize(cache_file_data.cache_data.size());
cache_file_data.iv = crypto::rand<crypto::chacha8_iv>(); cache_file_data.iv = crypto::rand<crypto::chacha_iv>();
crypto::chacha8(cache_file_data.cache_data.data(), cache_file_data.cache_data.size(), key, cache_file_data.iv, &cipher[0]); crypto::chacha8(cache_file_data.cache_data.data(), cache_file_data.cache_data.size(), key, cache_file_data.iv, &cipher[0]);
cache_file_data.cache_data = cipher; cache_file_data.cache_data = cipher;
@ -8720,10 +8720,10 @@ size_t wallet2::import_multisig(std::vector<cryptonote::blobdata> blobs)
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
std::string wallet2::encrypt(const std::string &plaintext, const crypto::secret_key &skey, bool authenticated) const std::string wallet2::encrypt(const std::string &plaintext, const crypto::secret_key &skey, bool authenticated) const
{ {
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(&skey, sizeof(skey), key); crypto::generate_chacha_key(&skey, sizeof(skey), key);
std::string ciphertext; std::string ciphertext;
crypto::chacha8_iv iv = crypto::rand<crypto::chacha8_iv>(); crypto::chacha_iv iv = crypto::rand<crypto::chacha_iv>();
ciphertext.resize(plaintext.size() + sizeof(iv) + (authenticated ? sizeof(crypto::signature) : 0)); ciphertext.resize(plaintext.size() + sizeof(iv) + (authenticated ? sizeof(crypto::signature) : 0));
crypto::chacha8(plaintext.data(), plaintext.size(), key, iv, &ciphertext[sizeof(iv)]); crypto::chacha8(plaintext.data(), plaintext.size(), key, iv, &ciphertext[sizeof(iv)]);
memcpy(&ciphertext[0], &iv, sizeof(iv)); memcpy(&ciphertext[0], &iv, sizeof(iv));
@ -8746,13 +8746,13 @@ std::string wallet2::encrypt_with_view_secret_key(const std::string &plaintext,
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
std::string wallet2::decrypt(const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated) const std::string wallet2::decrypt(const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated) const
{ {
const size_t prefix_size = sizeof(chacha8_iv) + (authenticated ? sizeof(crypto::signature) : 0); const size_t prefix_size = sizeof(chacha_iv) + (authenticated ? sizeof(crypto::signature) : 0);
THROW_WALLET_EXCEPTION_IF(ciphertext.size() < prefix_size, THROW_WALLET_EXCEPTION_IF(ciphertext.size() < prefix_size,
error::wallet_internal_error, "Unexpected ciphertext size"); error::wallet_internal_error, "Unexpected ciphertext size");
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(&skey, sizeof(skey), key); crypto::generate_chacha_key(&skey, sizeof(skey), key);
const crypto::chacha8_iv &iv = *(const crypto::chacha8_iv*)&ciphertext[0]; const crypto::chacha_iv &iv = *(const crypto::chacha_iv*)&ciphertext[0];
std::string plaintext; std::string plaintext;
plaintext.resize(ciphertext.size() - prefix_size); plaintext.resize(ciphertext.size() - prefix_size);
if (authenticated) if (authenticated)

View file

@ -49,7 +49,7 @@
#include "cryptonote_basic/cryptonote_format_utils.h" #include "cryptonote_basic/cryptonote_format_utils.h"
#include "cryptonote_core/cryptonote_tx_utils.h" #include "cryptonote_core/cryptonote_tx_utils.h"
#include "common/unordered_containers_boost_serialization.h" #include "common/unordered_containers_boost_serialization.h"
#include "crypto/chacha8.h" #include "crypto/chacha.h"
#include "crypto/hash.h" #include "crypto/hash.h"
#include "ringct/rctTypes.h" #include "ringct/rctTypes.h"
#include "ringct/rctOps.h" #include "ringct/rctOps.h"
@ -404,7 +404,7 @@ namespace tools
struct keys_file_data struct keys_file_data
{ {
crypto::chacha8_iv iv; crypto::chacha_iv iv;
std::string account_data; std::string account_data;
BEGIN_SERIALIZE_OBJECT() BEGIN_SERIALIZE_OBJECT()
@ -415,7 +415,7 @@ namespace tools
struct cache_file_data struct cache_file_data
{ {
crypto::chacha8_iv iv; crypto::chacha_iv iv;
std::string cache_data; std::string cache_data;
BEGIN_SERIALIZE_OBJECT() BEGIN_SERIALIZE_OBJECT()
@ -996,7 +996,7 @@ namespace tools
void add_unconfirmed_tx(const cryptonote::transaction& tx, uint64_t amount_in, const std::vector<cryptonote::tx_destination_entry> &dests, const crypto::hash &payment_id, uint64_t change_amount, uint32_t subaddr_account, const std::set<uint32_t>& subaddr_indices); void add_unconfirmed_tx(const cryptonote::transaction& tx, uint64_t amount_in, const std::vector<cryptonote::tx_destination_entry> &dests, const crypto::hash &payment_id, uint64_t change_amount, uint32_t subaddr_account, const std::set<uint32_t>& subaddr_indices);
void generate_genesis(cryptonote::block& b); void generate_genesis(cryptonote::block& b);
void check_genesis(const crypto::hash& genesis_hash) const; //throws void check_genesis(const crypto::hash& genesis_hash) const; //throws
bool generate_chacha8_key_from_secret_keys(crypto::chacha8_key &key) const; bool generate_chacha_key_from_secret_keys(crypto::chacha_key &key) const;
crypto::hash get_payment_id(const pending_tx &ptx) const; crypto::hash get_payment_id(const pending_tx &ptx) const;
void check_acc_out_precomp(const cryptonote::tx_out &o, const crypto::key_derivation &derivation, const std::vector<crypto::key_derivation> &additional_derivations, size_t i, tx_scan_info_t &tx_scan_info) const; void check_acc_out_precomp(const cryptonote::tx_out &o, const crypto::key_derivation &derivation, const std::vector<crypto::key_derivation> &additional_derivations, size_t i, tx_scan_info_t &tx_scan_info) const;
void parse_block_round(const cryptonote::blobdata &blob, cryptonote::block &bl, crypto::hash &bl_id, bool &error) const; void parse_block_round(const cryptonote::blobdata &blob, cryptonote::block &bl, crypto::hash &bl_id, bool &error) const;

View file

@ -36,7 +36,7 @@ set(unit_tests_sources
block_reward.cpp block_reward.cpp
bulletproofs.cpp bulletproofs.cpp
canonical_amounts.cpp canonical_amounts.cpp
chacha8.cpp chacha.cpp
checkpoints.cpp checkpoints.cpp
command_line.cpp command_line.cpp
crypto.cpp crypto.cpp

View file

@ -32,7 +32,7 @@
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include "crypto/chacha8.h" #include "crypto/chacha.h"
namespace namespace
{ {

View file

@ -802,12 +802,12 @@ TEST(Serialization, portability_outputs)
// decrypt (copied from wallet2::decrypt) // decrypt (copied from wallet2::decrypt)
auto decrypt = [] (const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated) -> string auto decrypt = [] (const std::string &ciphertext, const crypto::secret_key &skey, bool authenticated) -> string
{ {
const size_t prefix_size = sizeof(chacha8_iv) + (authenticated ? sizeof(crypto::signature) : 0); const size_t prefix_size = sizeof(chacha_iv) + (authenticated ? sizeof(crypto::signature) : 0);
if(ciphertext.size() < prefix_size) if(ciphertext.size() < prefix_size)
return {}; return {};
crypto::chacha8_key key; crypto::chacha_key key;
crypto::generate_chacha8_key(&skey, sizeof(skey), key); crypto::generate_chacha_key(&skey, sizeof(skey), key);
const crypto::chacha8_iv &iv = *(const crypto::chacha8_iv*)&ciphertext[0]; const crypto::chacha_iv &iv = *(const crypto::chacha_iv*)&ciphertext[0];
std::string plaintext; std::string plaintext;
plaintext.resize(ciphertext.size() - prefix_size); plaintext.resize(ciphertext.size() - prefix_size);
if (authenticated) if (authenticated)