Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: nss/lib/freebl/chacha20/chacha20.c

Issue 27510015: Support ChaCha20+Poly1305 cipher suites. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Make ChaCha20Poly1305 function conform to freebl API, undo changes to chacha20.c, use generic code … Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« nss/lib/freebl/blapi.h ('K') | « nss/lib/freebl/chacha20/chacha20.h ('k') | nss/lib/freebl/chacha20/chacha20_vec.c » ('j') | nss/lib/freebl/chacha20/chacha20_vec.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/freebl/chacha20/chacha20.c
===================================================================
--- nss/lib/freebl/chacha20/chacha20.c (revision 0)
+++ nss/lib/freebl/chacha20/chacha20.c (revision 0)
@@ -0,0 +1,108 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Adopted from the public domain code in NaCl by djb. */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "prtypes.h"
+
+#define ROTL32(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+#define ROTATE(v, c) (ROTL32(v, c))
wtc 2013/10/19 19:51:02 Add parentheses around v and c?
agl 2013/10/21 21:53:39 I think that's generally good style.
wtc 2013/10/22 22:36:42 Done.
+#define XOR(v, w) ((v) ^ (w))
+#define PLUS(x, y) ((x) + (y))
+#define PLUSONE(v) (PLUS((v), 1))
wtc 2013/10/19 20:15:23 Not used. Should we use this to increment the coun
agl 2013/10/21 21:53:39 I think it can be removed. It's a left-over from d
wtc 2013/10/22 22:36:42 Done.
+
+#define U32TO8_LITTLE(p, v) \
+ { (p)[0] = (v >> 0) & 0xff; (p)[1] = (v >> 8) & 0xff; \
wtc 2013/10/19 19:51:02 Omit ">> 0"? Add parentheses around v?
agl 2013/10/21 21:53:39 Sure.
wtc 2013/10/22 22:36:42 Done.
+ (p)[2] = (v >> 16) & 0xff; (p)[3] = (v >> 24) & 0xff; }
+#define U8TO32_LITTLE(p) \
+ (((PRUint32)((p)[0]) ) | ((PRUint32)((p)[1]) << 8) | \
+ ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24) )
wtc 2013/10/19 19:51:02 Omit the parentheses around (p)[i]? I think [] bin
agl 2013/10/21 21:53:39 I also think that the cast binds tighter, also the
wtc 2013/10/22 22:36:42 OK, I won't remove the parentheses.
+
+#define QUARTERROUND(a,b,c,d) \
+ x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \
+ x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \
+ x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \
+ x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);
+
+static void ChaChaCore(unsigned char output[64], const PRUint32 input[16],
+ int num_rounds) {
+ PRUint32 x[16];
+ int i;
+
+ memcpy(x, input, sizeof(PRUint32) * 16);
+ for (i = 20; i > 0; i -= 2) {
wtc 2013/10/19 19:51:02 20 => num_rounds
agl 2013/10/21 21:53:39 Yes. (Note, you're commenting as if I can make the
wtc 2013/10/22 22:36:42 Done.
+ QUARTERROUND( 0, 4, 8,12)
+ QUARTERROUND( 1, 5, 9,13)
+ QUARTERROUND( 2, 6,10,14)
+ QUARTERROUND( 3, 7,11,15)
+ QUARTERROUND( 0, 5,10,15)
+ QUARTERROUND( 1, 6,11,12)
+ QUARTERROUND( 2, 7, 8,13)
+ QUARTERROUND( 3, 4, 9,14)
+ }
+
+ for (i = 0; i < 16; ++i) {
+ x[i] = PLUS(x[i], input[i]);
+ }
+ for (i = 0; i < 16; ++i) {
+ U32TO8_LITTLE(output + 4 * i, x[i]);
+ }
+}
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+void ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen,
+ const unsigned char key[32], const unsigned char nonce[8],
+ unsigned int counter) {
+ unsigned char block[64];
+ PRUint32 input[16];
+ unsigned int u;
+ unsigned int i;
+
+ input[4] = U8TO32_LITTLE(key + 0);
+ input[5] = U8TO32_LITTLE(key + 4);
+ input[6] = U8TO32_LITTLE(key + 8);
+ input[7] = U8TO32_LITTLE(key + 12);
+
+ input[8] = U8TO32_LITTLE(key + 16);
+ input[9] = U8TO32_LITTLE(key + 20);
+ input[10] = U8TO32_LITTLE(key + 24);
+ input[11] = U8TO32_LITTLE(key + 28);
+
+ input[0] = U8TO32_LITTLE(sigma + 0);
+ input[1] = U8TO32_LITTLE(sigma + 4);
+ input[2] = U8TO32_LITTLE(sigma + 8);
+ input[3] = U8TO32_LITTLE(sigma + 12);
+
+ input[12] = counter;
+ input[13] = 0;
+ input[14] = U8TO32_LITTLE(nonce);
wtc 2013/10/19 19:51:02 nonce + 0?
+ input[15] = U8TO32_LITTLE(nonce + 4);
+
+ while (inLen >= 64) {
+ ChaChaCore(block, input, 20);
+ for (i = 0; i < 64; i++) {
+ out[i] = in[i] ^ block[i];
+ }
+
+ input[12]++;
+ if (input[12] == 0) {
+ input[13]++;
+ }
+
+ inLen -= 64;
+ in += 64;
+ out += 64;
+ }
+
+ if (inLen > 0) {
+ ChaChaCore(block, input, 20);
+ for (i = 0; i < inLen; i++) {
+ out[i] = in[i] ^ block[i];
+ }
+ }
+}
Property changes on: nss/lib/freebl/chacha20/chacha20.c
___________________________________________________________________
Added: svn:eol-style
+ LF
« nss/lib/freebl/blapi.h ('K') | « nss/lib/freebl/chacha20/chacha20.h ('k') | nss/lib/freebl/chacha20/chacha20_vec.c » ('j') | nss/lib/freebl/chacha20/chacha20_vec.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698