Skip to content

Commit 2bc2b8b

Browse files
committed
Add ChaCha20 encryption option (XOR)
1 parent a6d7026 commit 2bc2b8b

File tree

5 files changed

+185
-16
lines changed

5 files changed

+185
-16
lines changed

src/crypto/chacha20.cpp

Lines changed: 131 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ void ChaCha20::Seek(uint64_t pos)
7171
input[13] = pos >> 32;
7272
}
7373

74-
void ChaCha20::Output(unsigned char* c, size_t bytes)
74+
void ChaCha20::Keystream(unsigned char* c, size_t bytes)
7575
{
7676
uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
7777
uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
@@ -178,3 +178,133 @@ void ChaCha20::Output(unsigned char* c, size_t bytes)
178178
c += 64;
179179
}
180180
}
181+
182+
void ChaCha20::Crypt(const unsigned char* m, unsigned char* c, size_t bytes)
183+
{
184+
uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
185+
uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
186+
unsigned char *ctarget = nullptr;
187+
unsigned char tmp[64];
188+
unsigned int i;
189+
190+
if (!bytes) return;
191+
192+
j0 = input[0];
193+
j1 = input[1];
194+
j2 = input[2];
195+
j3 = input[3];
196+
j4 = input[4];
197+
j5 = input[5];
198+
j6 = input[6];
199+
j7 = input[7];
200+
j8 = input[8];
201+
j9 = input[9];
202+
j10 = input[10];
203+
j11 = input[11];
204+
j12 = input[12];
205+
j13 = input[13];
206+
j14 = input[14];
207+
j15 = input[15];
208+
209+
for (;;) {
210+
if (bytes < 64) {
211+
// if m has fewer than 64 bytes available, copy m to tmp and
212+
// read from tmp instead
213+
for (i = 0;i < bytes;++i) tmp[i] = m[i];
214+
m = tmp;
215+
ctarget = c;
216+
c = tmp;
217+
}
218+
x0 = j0;
219+
x1 = j1;
220+
x2 = j2;
221+
x3 = j3;
222+
x4 = j4;
223+
x5 = j5;
224+
x6 = j6;
225+
x7 = j7;
226+
x8 = j8;
227+
x9 = j9;
228+
x10 = j10;
229+
x11 = j11;
230+
x12 = j12;
231+
x13 = j13;
232+
x14 = j14;
233+
x15 = j15;
234+
for (i = 20;i > 0;i -= 2) {
235+
QUARTERROUND( x0, x4, x8,x12)
236+
QUARTERROUND( x1, x5, x9,x13)
237+
QUARTERROUND( x2, x6,x10,x14)
238+
QUARTERROUND( x3, x7,x11,x15)
239+
QUARTERROUND( x0, x5,x10,x15)
240+
QUARTERROUND( x1, x6,x11,x12)
241+
QUARTERROUND( x2, x7, x8,x13)
242+
QUARTERROUND( x3, x4, x9,x14)
243+
}
244+
x0 += j0;
245+
x1 += j1;
246+
x2 += j2;
247+
x3 += j3;
248+
x4 += j4;
249+
x5 += j5;
250+
x6 += j6;
251+
x7 += j7;
252+
x8 += j8;
253+
x9 += j9;
254+
x10 += j10;
255+
x11 += j11;
256+
x12 += j12;
257+
x13 += j13;
258+
x14 += j14;
259+
x15 += j15;
260+
261+
x0 ^= ReadLE32(m + 0);
262+
x1 ^= ReadLE32(m + 4);
263+
x2 ^= ReadLE32(m + 8);
264+
x3 ^= ReadLE32(m + 12);
265+
x4 ^= ReadLE32(m + 16);
266+
x5 ^= ReadLE32(m + 20);
267+
x6 ^= ReadLE32(m + 24);
268+
x7 ^= ReadLE32(m + 28);
269+
x8 ^= ReadLE32(m + 32);
270+
x9 ^= ReadLE32(m + 36);
271+
x10 ^= ReadLE32(m + 40);
272+
x11 ^= ReadLE32(m + 44);
273+
x12 ^= ReadLE32(m + 48);
274+
x13 ^= ReadLE32(m + 52);
275+
x14 ^= ReadLE32(m + 56);
276+
x15 ^= ReadLE32(m + 60);
277+
278+
++j12;
279+
if (!j12) ++j13;
280+
281+
WriteLE32(c + 0, x0);
282+
WriteLE32(c + 4, x1);
283+
WriteLE32(c + 8, x2);
284+
WriteLE32(c + 12, x3);
285+
WriteLE32(c + 16, x4);
286+
WriteLE32(c + 20, x5);
287+
WriteLE32(c + 24, x6);
288+
WriteLE32(c + 28, x7);
289+
WriteLE32(c + 32, x8);
290+
WriteLE32(c + 36, x9);
291+
WriteLE32(c + 40, x10);
292+
WriteLE32(c + 44, x11);
293+
WriteLE32(c + 48, x12);
294+
WriteLE32(c + 52, x13);
295+
WriteLE32(c + 56, x14);
296+
WriteLE32(c + 60, x15);
297+
298+
if (bytes <= 64) {
299+
if (bytes < 64) {
300+
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
301+
}
302+
input[12] = j12;
303+
input[13] = j13;
304+
return;
305+
}
306+
bytes -= 64;
307+
c += 64;
308+
m += 64;
309+
}
310+
}

src/crypto/chacha20.h

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@
88
#include <stdint.h>
99
#include <stdlib.h>
1010

11-
/** A PRNG class for ChaCha20. */
11+
/** A class for ChaCha20 256-bit stream cipher developed by Daniel J. Bernstein
12+
https://cr.yp.to/chacha/chacha-20080128.pdf */
1213
class ChaCha20
1314
{
1415
private:
@@ -17,10 +18,17 @@ class ChaCha20
1718
public:
1819
ChaCha20();
1920
ChaCha20(const unsigned char* key, size_t keylen);
20-
void SetKey(const unsigned char* key, size_t keylen);
21-
void SetIV(uint64_t iv);
22-
void Seek(uint64_t pos);
23-
void Output(unsigned char* output, size_t bytes);
21+
void SetKey(const unsigned char* key, size_t keylen); //!< set key with flexible keylength; 256bit recommended */
22+
void SetIV(uint64_t iv); // set the 64bit nonce
23+
void Seek(uint64_t pos); // set the 64bit block counter
24+
25+
/** outputs the keystream of size <bytes> into <c> */
26+
void Keystream(unsigned char* c, size_t bytes);
27+
28+
/** enciphers the message <input> of length <bytes> and write the enciphered representation into <output>
29+
* Used for encryption and decryption (XOR)
30+
*/
31+
void Crypt(const unsigned char* input, unsigned char* output, size_t bytes);
2432
};
2533

2634
#endif // BITCOIN_CRYPTO_CHACHA20_H

src/random.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -652,7 +652,7 @@ std::vector<unsigned char> FastRandomContext::randbytes(size_t len)
652652
if (requires_seed) RandomSeed();
653653
std::vector<unsigned char> ret(len);
654654
if (len > 0) {
655-
rng.Output(&ret[0], len);
655+
rng.Keystream(&ret[0], len);
656656
}
657657
return ret;
658658
}

src/random.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ class FastRandomContext {
111111
if (requires_seed) {
112112
RandomSeed();
113113
}
114-
rng.Output(bytebuf, sizeof(bytebuf));
114+
rng.Keystream(bytebuf, sizeof(bytebuf));
115115
bytebuf_size = sizeof(bytebuf);
116116
}
117117

src/test/crypto_tests.cpp

Lines changed: 39 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -187,17 +187,36 @@ static void TestAES256CBC(const std::string &hexkey, const std::string &hexiv, b
187187
}
188188
}
189189

190-
static void TestChaCha20(const std::string &hexkey, uint64_t nonce, uint64_t seek, const std::string& hexout)
190+
static void TestChaCha20(const std::string &hex_message, const std::string &hexkey, uint64_t nonce, uint64_t seek, const std::string& hexout)
191191
{
192192
std::vector<unsigned char> key = ParseHex(hexkey);
193+
std::vector<unsigned char> m = ParseHex(hex_message);
193194
ChaCha20 rng(key.data(), key.size());
194195
rng.SetIV(nonce);
195196
rng.Seek(seek);
196197
std::vector<unsigned char> out = ParseHex(hexout);
197198
std::vector<unsigned char> outres;
198199
outres.resize(out.size());
199-
rng.Output(outres.data(), outres.size());
200+
assert(hex_message.empty() || m.size() == out.size());
201+
202+
// perform the ChaCha20 round(s), if message is provided it will output the encrypted ciphertext otherwise the keystream
203+
if (!hex_message.empty()) {
204+
rng.Crypt(m.data(), outres.data(), outres.size());
205+
} else {
206+
rng.Keystream(outres.data(), outres.size());
207+
}
200208
BOOST_CHECK(out == outres);
209+
if (!hex_message.empty()) {
210+
// Manually XOR with the keystream and compare the output
211+
rng.SetIV(nonce);
212+
rng.Seek(seek);
213+
std::vector<unsigned char> only_keystream(outres.size());
214+
rng.Keystream(only_keystream.data(), only_keystream.size());
215+
for (size_t i = 0; i != m.size(); i++) {
216+
outres[i] = m[i] ^ only_keystream[i];
217+
}
218+
BOOST_CHECK(out == outres);
219+
}
201220
}
202221

203222
static std::string LongTestString() {
@@ -497,25 +516,37 @@ BOOST_AUTO_TEST_CASE(aes_cbc_testvectors) {
497516
BOOST_AUTO_TEST_CASE(chacha20_testvector)
498517
{
499518
// Test vector from RFC 7539
500-
TestChaCha20("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 0x4a000000UL, 1,
519+
520+
// test encryption
521+
TestChaCha20("4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756"
522+
"c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e"
523+
"20776f756c642062652069742e",
524+
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 0x4a000000UL, 1,
525+
"6e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d"
526+
"624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74"
527+
"a35be6b40b8eedf2785e42874d"
528+
);
529+
530+
// test keystream output
531+
TestChaCha20("", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 0x4a000000UL, 1,
501532
"224f51f3401bd9e12fde276fb8631ded8c131f823d2c06e27e4fcaec9ef3cf788a3b0aa372600a92b57974cded2b9334794cb"
502533
"a40c63e34cdea212c4cf07d41b769a6749f3f630f4122cafe28ec4dc47e26d4346d70b98c73f3e9c53ac40c5945398b6eda1a"
503534
"832c89c167eacd901d7e2bf363");
504535

505536
// Test vectors from https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04#section-7
506-
TestChaCha20("0000000000000000000000000000000000000000000000000000000000000000", 0, 0,
537+
TestChaCha20("", "0000000000000000000000000000000000000000000000000000000000000000", 0, 0,
507538
"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b"
508539
"8f41518a11cc387b669b2ee6586");
509-
TestChaCha20("0000000000000000000000000000000000000000000000000000000000000001", 0, 0,
540+
TestChaCha20("", "0000000000000000000000000000000000000000000000000000000000000001", 0, 0,
510541
"4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d79"
511542
"2b1c43fea817e9ad275ae546963");
512-
TestChaCha20("0000000000000000000000000000000000000000000000000000000000000000", 0x0100000000000000ULL, 0,
543+
TestChaCha20("", "0000000000000000000000000000000000000000000000000000000000000000", 0x0100000000000000ULL, 0,
513544
"de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df137821031e85a050278a7084527214f73efc7fa5b52770"
514545
"62eb7a0433e445f41e3");
515-
TestChaCha20("0000000000000000000000000000000000000000000000000000000000000000", 1, 0,
546+
TestChaCha20("", "0000000000000000000000000000000000000000000000000000000000000000", 1, 0,
516547
"ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc4"
517548
"97a0b466e7d6bbdb0041b2f586b");
518-
TestChaCha20("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 0x0706050403020100ULL, 0,
549+
TestChaCha20("", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", 0x0706050403020100ULL, 0,
519550
"f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3b"
520551
"e59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc1"
521552
"18be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5"

0 commit comments

Comments
 (0)