summaryrefslogtreecommitdiffhomepage
path: root/xchacha20poly1305
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-02-12 23:48:09 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2018-02-12 23:49:41 +0100
commitff8f3a412ebf3b83b2d67fdafcc3311800fd39ee (patch)
treec384d62c158874ca6ebcc25a37cf80a18c56330a /xchacha20poly1305
parentea4ea6f9334b8979bec6a881d7f94d7fa94e9b9c (diff)
Use relative imports
Diffstat (limited to 'xchacha20poly1305')
-rw-r--r--xchacha20poly1305/xchacha20.go169
-rw-r--r--xchacha20poly1305/xchacha20_test.go96
2 files changed, 265 insertions, 0 deletions
diff --git a/xchacha20poly1305/xchacha20.go b/xchacha20poly1305/xchacha20.go
new file mode 100644
index 0000000..a6e59f0
--- /dev/null
+++ b/xchacha20poly1305/xchacha20.go
@@ -0,0 +1,169 @@
+// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
+// Use of this source code is governed by a license that can be
+// found in the LICENSE file.
+
+package xchacha20poly1305
+
+import (
+ "encoding/binary"
+ "golang.org/x/crypto/chacha20poly1305"
+)
+
+func hChaCha20(out *[32]byte, nonce []byte, key *[32]byte) {
+
+ v00 := uint32(0x61707865)
+ v01 := uint32(0x3320646e)
+ v02 := uint32(0x79622d32)
+ v03 := uint32(0x6b206574)
+
+ v04 := binary.LittleEndian.Uint32(key[0:])
+ v05 := binary.LittleEndian.Uint32(key[4:])
+ v06 := binary.LittleEndian.Uint32(key[8:])
+ v07 := binary.LittleEndian.Uint32(key[12:])
+ v08 := binary.LittleEndian.Uint32(key[16:])
+ v09 := binary.LittleEndian.Uint32(key[20:])
+ v10 := binary.LittleEndian.Uint32(key[24:])
+ v11 := binary.LittleEndian.Uint32(key[28:])
+ v12 := binary.LittleEndian.Uint32(nonce[0:])
+ v13 := binary.LittleEndian.Uint32(nonce[4:])
+ v14 := binary.LittleEndian.Uint32(nonce[8:])
+ v15 := binary.LittleEndian.Uint32(nonce[12:])
+
+ for i := 0; i < 20; i += 2 {
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 16) | (v12 >> 16)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 12) | (v04 >> 20)
+ v00 += v04
+ v12 ^= v00
+ v12 = (v12 << 8) | (v12 >> 24)
+ v08 += v12
+ v04 ^= v08
+ v04 = (v04 << 7) | (v04 >> 25)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 16) | (v13 >> 16)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 12) | (v05 >> 20)
+ v01 += v05
+ v13 ^= v01
+ v13 = (v13 << 8) | (v13 >> 24)
+ v09 += v13
+ v05 ^= v09
+ v05 = (v05 << 7) | (v05 >> 25)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 16) | (v14 >> 16)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 12) | (v06 >> 20)
+ v02 += v06
+ v14 ^= v02
+ v14 = (v14 << 8) | (v14 >> 24)
+ v10 += v14
+ v06 ^= v10
+ v06 = (v06 << 7) | (v06 >> 25)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 16) | (v15 >> 16)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 12) | (v07 >> 20)
+ v03 += v07
+ v15 ^= v03
+ v15 = (v15 << 8) | (v15 >> 24)
+ v11 += v15
+ v07 ^= v11
+ v07 = (v07 << 7) | (v07 >> 25)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 16) | (v15 >> 16)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 12) | (v05 >> 20)
+ v00 += v05
+ v15 ^= v00
+ v15 = (v15 << 8) | (v15 >> 24)
+ v10 += v15
+ v05 ^= v10
+ v05 = (v05 << 7) | (v05 >> 25)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 16) | (v12 >> 16)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 12) | (v06 >> 20)
+ v01 += v06
+ v12 ^= v01
+ v12 = (v12 << 8) | (v12 >> 24)
+ v11 += v12
+ v06 ^= v11
+ v06 = (v06 << 7) | (v06 >> 25)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 16) | (v13 >> 16)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 12) | (v07 >> 20)
+ v02 += v07
+ v13 ^= v02
+ v13 = (v13 << 8) | (v13 >> 24)
+ v08 += v13
+ v07 ^= v08
+ v07 = (v07 << 7) | (v07 >> 25)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 16) | (v14 >> 16)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 12) | (v04 >> 20)
+ v03 += v04
+ v14 ^= v03
+ v14 = (v14 << 8) | (v14 >> 24)
+ v09 += v14
+ v04 ^= v09
+ v04 = (v04 << 7) | (v04 >> 25)
+ }
+
+ binary.LittleEndian.PutUint32(out[0:], v00)
+ binary.LittleEndian.PutUint32(out[4:], v01)
+ binary.LittleEndian.PutUint32(out[8:], v02)
+ binary.LittleEndian.PutUint32(out[12:], v03)
+ binary.LittleEndian.PutUint32(out[16:], v12)
+ binary.LittleEndian.PutUint32(out[20:], v13)
+ binary.LittleEndian.PutUint32(out[24:], v14)
+ binary.LittleEndian.PutUint32(out[28:], v15)
+}
+
+func Encrypt(
+ dst []byte,
+ nonceFull *[24]byte,
+ plaintext []byte,
+ additionalData []byte,
+ key *[chacha20poly1305.KeySize]byte,
+) []byte {
+ var nonce [chacha20poly1305.NonceSize]byte
+ var derivedKey [chacha20poly1305.KeySize]byte
+ hChaCha20(&derivedKey, nonceFull[:16], key)
+ aead, _ := chacha20poly1305.New(derivedKey[:])
+ copy(nonce[4:], nonceFull[16:])
+ return aead.Seal(dst, nonce[:], plaintext, additionalData)
+}
+
+func Decrypt(
+ dst []byte,
+ nonceFull *[24]byte,
+ plaintext []byte,
+ additionalData []byte,
+ key *[chacha20poly1305.KeySize]byte,
+) ([]byte, error) {
+ var nonce [chacha20poly1305.NonceSize]byte
+ var derivedKey [chacha20poly1305.KeySize]byte
+ hChaCha20(&derivedKey, nonceFull[:16], key)
+ aead, _ := chacha20poly1305.New(derivedKey[:])
+ copy(nonce[4:], nonceFull[16:])
+ return aead.Open(dst, nonce[:], plaintext, additionalData)
+}
diff --git a/xchacha20poly1305/xchacha20_test.go b/xchacha20poly1305/xchacha20_test.go
new file mode 100644
index 0000000..5d5b78f
--- /dev/null
+++ b/xchacha20poly1305/xchacha20_test.go
@@ -0,0 +1,96 @@
+package xchacha20poly1305
+
+import (
+ "encoding/hex"
+ "testing"
+)
+
+type XChaCha20Test struct {
+ Nonce string
+ Key string
+ PT string
+ CT string
+}
+
+func TestXChaCha20(t *testing.T) {
+
+ tests := []XChaCha20Test{
+ {
+ Nonce: "000000000000000000000000000000000000000000000000",
+ Key: "0000000000000000000000000000000000000000000000000000000000000000",
+ PT: "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ CT: "789e9689e5208d7fd9e1f3c5b5341f48ef18a13e418998addadd97a3693a987f8e82ecd5c1433bfed1af49750c0f1ff29c4174a05b119aa3a9e8333812e0c0feb1299c5949d895ee01dbf50f8395dd84",
+ },
+ {
+ Nonce: "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
+ Key: "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
+ PT: "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
+ CT: "e1a046aa7f71e2af8b80b6408b2fd8d3a350278cde79c94d9efaa475e1339b3dd490127b",
+ },
+ {
+ Nonce: "d9a8213e8a697508805c2c171ad54487ead9e3e02d82d5bc",
+ Key: "979196dbd78526f2f584f7534db3f5824d8ccfa858ca7e09bdd3656ecd36033c",
+ PT: "43cc6d624e451bbed952c3e071dc6c03392ce11eb14316a94b2fdc98b22fedea",
+ CT: "53c1e8bef2dbb8f2505ec010a7afe21d5a8e6dd8f987e4ea1a2ed5dfbc844ea400db34496fd2153526c6e87c36694200",
+ },
+ }
+
+ for _, test := range tests {
+
+ nonce, err := hex.DecodeString(test.Nonce)
+ if err != nil {
+ panic(err)
+ }
+
+ key, err := hex.DecodeString(test.Key)
+ if err != nil {
+ panic(err)
+ }
+
+ pt, err := hex.DecodeString(test.PT)
+ if err != nil {
+ panic(err)
+ }
+
+ func() {
+ var nonceArray [24]byte
+ var keyArray [32]byte
+ copy(nonceArray[:], nonce)
+ copy(keyArray[:], key)
+
+ // test encryption
+
+ ct := Encrypt(
+ nil,
+ &nonceArray,
+ pt,
+ nil,
+ &keyArray,
+ )
+ ctHex := hex.EncodeToString(ct)
+ if ctHex != test.CT {
+ t.Fatal("encryption failed, expected:", test.CT, "got", ctHex)
+ }
+
+ // test decryption
+
+ ptp, err := Decrypt(
+ nil,
+ &nonceArray,
+ ct,
+ nil,
+ &keyArray,
+ )
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ptHex := hex.EncodeToString(ptp)
+ if ptHex != test.PT {
+ t.Fatal("decryption failed, expected:", test.PT, "got", ptHex)
+ }
+ }()
+
+ }
+
+}