diff options
-rw-r--r-- | src/bench/chacha_poly_aead.cpp | 4 | ||||
-rw-r--r-- | src/bench/poly1305.cpp | 10 | ||||
-rw-r--r-- | src/crypto/chacha_poly_aead.cpp | 20 | ||||
-rw-r--r-- | src/crypto/poly1305.cpp | 8 | ||||
-rw-r--r-- | src/crypto/poly1305.h | 9 | ||||
-rw-r--r-- | src/test/crypto_tests.cpp | 21 | ||||
-rw-r--r-- | src/test/fuzz/crypto_chacha20_poly1305_aead.cpp | 8 | ||||
-rw-r--r-- | src/test/fuzz/crypto_poly1305.cpp | 6 |
8 files changed, 39 insertions, 47 deletions
diff --git a/src/bench/chacha_poly_aead.cpp b/src/bench/chacha_poly_aead.cpp index db88841c32..9149eb683a 100644 --- a/src/bench/chacha_poly_aead.cpp +++ b/src/bench/chacha_poly_aead.cpp @@ -23,8 +23,8 @@ static ChaCha20Poly1305AEAD aead(k1, 32, k2, 32); static void CHACHA20_POLY1305_AEAD(benchmark::Bench& bench, size_t buffersize, bool include_decryption) { - std::vector<unsigned char> in(buffersize + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); - std::vector<unsigned char> out(buffersize + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); + std::vector<unsigned char> in(buffersize + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); + std::vector<unsigned char> out(buffersize + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); uint64_t seqnr_payload = 0; uint64_t seqnr_aad = 0; int aad_pos = 0; diff --git a/src/bench/poly1305.cpp b/src/bench/poly1305.cpp index f7d17dfa96..be0e5f2c2d 100644 --- a/src/bench/poly1305.cpp +++ b/src/bench/poly1305.cpp @@ -6,6 +6,8 @@ #include <bench/bench.h> #include <crypto/poly1305.h> +#include <span.h> + /* Number of bytes to process per iteration */ static constexpr uint64_t BUFFER_SIZE_TINY = 64; static constexpr uint64_t BUFFER_SIZE_SMALL = 256; @@ -13,11 +15,11 @@ static constexpr uint64_t BUFFER_SIZE_LARGE = 1024*1024; static void POLY1305(benchmark::Bench& bench, size_t buffersize) { - std::vector<unsigned char> tag(POLY1305_TAGLEN, 0); - std::vector<unsigned char> key(POLY1305_KEYLEN, 0); - std::vector<unsigned char> in(buffersize, 0); + std::vector<std::byte> tag(Poly1305::TAGLEN, {}); + std::vector<std::byte> key(Poly1305::KEYLEN, {}); + std::vector<std::byte> in(buffersize, {}); bench.batch(in.size()).unit("byte").run([&] { - poly1305_auth(tag.data(), in.data(), in.size(), key.data()); + Poly1305{key}.Update(in).Finalize(tag); }); } diff --git a/src/crypto/chacha_poly_aead.cpp b/src/crypto/chacha_poly_aead.cpp index d15f2f4ea6..0d82cf3d74 100644 --- a/src/crypto/chacha_poly_aead.cpp +++ b/src/crypto/chacha_poly_aead.cpp @@ -50,13 +50,13 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // check buffer boundaries if ( // if we encrypt, make sure the source contains at least the expected AAD and the destination has at least space for the source + MAC - (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + POLY1305_TAGLEN)) || + (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + Poly1305::TAGLEN)) || // if we decrypt, make sure the source contains at least the expected AAD+MAC and the destination has at least space for the source - MAC - (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN || dest_len < src_len - POLY1305_TAGLEN))) { + (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN || dest_len < src_len - Poly1305::TAGLEN))) { return false; } - unsigned char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; + unsigned char expected_tag[Poly1305::TAGLEN], poly_key[Poly1305::KEYLEN]; memset(poly_key, 0, sizeof(poly_key)); // block counter 0 for the poly1305 key @@ -67,18 +67,20 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // if decrypting, verify the tag prior to decryption if (!is_encrypt) { - const unsigned char* tag = src + src_len - POLY1305_TAGLEN; - poly1305_auth(expected_tag, src, src_len - POLY1305_TAGLEN, poly_key); + const unsigned char* tag = src + src_len - Poly1305::TAGLEN; + Poly1305{MakeByteSpan(poly_key)} + .Update(AsBytes(Span{src, src_len - Poly1305::TAGLEN})) + .Finalize(MakeWritableByteSpan(expected_tag)); // constant time compare the calculated MAC with the provided MAC - if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { + if (timingsafe_bcmp(expected_tag, tag, Poly1305::TAGLEN) != 0) { memory_cleanse(expected_tag, sizeof(expected_tag)); memory_cleanse(poly_key, sizeof(poly_key)); return false; } memory_cleanse(expected_tag, sizeof(expected_tag)); // MAC has been successfully verified, make sure we don't convert it in decryption - src_len -= POLY1305_TAGLEN; + src_len -= Poly1305::TAGLEN; } // calculate and cache the next 64byte keystream block if requested sequence number is not yet the cache @@ -99,7 +101,9 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // If encrypting, calculate and append tag if (is_encrypt) { // the poly1305 tag expands over the AAD (3 bytes length) & encrypted payload - poly1305_auth(dest + src_len, dest, src_len, poly_key); + Poly1305{MakeByteSpan(poly_key)} + .Update(AsBytes(Span{dest, src_len})) + .Finalize(AsWritableBytes(Span{dest + src_len, Poly1305::TAGLEN})); } // cleanse no longer required MAC and polykey diff --git a/src/crypto/poly1305.cpp b/src/crypto/poly1305.cpp index c89383c73a..7fcbab4108 100644 --- a/src/crypto/poly1305.cpp +++ b/src/crypto/poly1305.cpp @@ -221,11 +221,3 @@ void poly1305_update(poly1305_context *st, const unsigned char *m, size_t bytes) } } // namespace poly1305_donna - -void poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]) { - using namespace poly1305_donna; - poly1305_context ctx; - poly1305_init(&ctx, key); - poly1305_update(&ctx, m, bytes); - poly1305_finish(&ctx, mac); -} diff --git a/src/crypto/poly1305.h b/src/crypto/poly1305.h index 080543ffee..592c090f57 100644 --- a/src/crypto/poly1305.h +++ b/src/crypto/poly1305.h @@ -11,8 +11,6 @@ #include <cstdlib> #include <stdint.h> -#define POLY1305_KEYLEN 32 -#define POLY1305_TAGLEN 16 #define POLY1305_BLOCK_SIZE 16 namespace poly1305_donna { @@ -42,10 +40,10 @@ class Poly1305 public: /** Length of the output produced by Finalize(). */ - static constexpr unsigned TAGLEN = POLY1305_TAGLEN; + static constexpr unsigned TAGLEN{16}; /** Length of the keys expected by the constructor. */ - static constexpr unsigned KEYLEN = POLY1305_KEYLEN; + static constexpr unsigned KEYLEN{32}; /** Construct a Poly1305 object with a given 32-byte key. */ Poly1305(Span<const std::byte> key) noexcept @@ -69,7 +67,4 @@ public: } }; -void poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, - const unsigned char key[POLY1305_KEYLEN]); - #endif // BITCOIN_CRYPTO_POLY1305_H diff --git a/src/test/crypto_tests.cpp b/src/test/crypto_tests.cpp index e147439632..8332f54591 100644 --- a/src/test/crypto_tests.cpp +++ b/src/test/crypto_tests.cpp @@ -184,26 +184,25 @@ static void TestChaCha20(const std::string &hex_message, const std::string &hexk static void TestPoly1305(const std::string &hexmessage, const std::string &hexkey, const std::string& hextag) { - std::vector<unsigned char> key = ParseHex(hexkey); - std::vector<unsigned char> m = ParseHex(hexmessage); - std::vector<unsigned char> tag = ParseHex(hextag); - std::vector<unsigned char> tagres; - tagres.resize(POLY1305_TAGLEN); - poly1305_auth(tagres.data(), m.data(), m.size(), key.data()); + auto key = ParseHex<std::byte>(hexkey); + auto m = ParseHex<std::byte>(hexmessage); + auto tag = ParseHex<std::byte>(hextag); + std::vector<std::byte> tagres(Poly1305::TAGLEN); + Poly1305{key}.Update(m).Finalize(tagres); BOOST_CHECK(tag == tagres); // Test incremental interface for (int splits = 0; splits < 10; ++splits) { for (int iter = 0; iter < 10; ++iter) { - auto data = MakeByteSpan(m); - Poly1305 poly1305{MakeByteSpan(key)}; + auto data = Span{m}; + Poly1305 poly1305{key}; for (int chunk = 0; chunk < splits; ++chunk) { size_t now = InsecureRandRange(data.size() + 1); poly1305.Update(data.first(now)); data = data.subspan(now); } - tagres.assign(POLY1305_TAGLEN, 0); - poly1305.Update(data).Finalize(MakeWritableByteSpan(tagres)); + tagres.assign(Poly1305::TAGLEN, std::byte{}); + poly1305.Update(data).Finalize(tagres); BOOST_CHECK(tag == tagres); } } @@ -858,7 +857,7 @@ static void TestChaCha20Poly1305AEAD(bool must_succeed, unsigned int expected_aa std::vector<unsigned char> expected_ciphertext_and_mac = ParseHex(hex_encrypted_message); std::vector<unsigned char> expected_ciphertext_and_mac_sequence999 = ParseHex(hex_encrypted_message_seq_999); - std::vector<unsigned char> ciphertext_buf(plaintext_buf.size() + POLY1305_TAGLEN, 0); + std::vector<unsigned char> ciphertext_buf(plaintext_buf.size() + Poly1305::TAGLEN, 0); std::vector<unsigned char> plaintext_buf_new(plaintext_buf.size(), 0); std::vector<unsigned char> cmp_ctx_buffer(64); uint32_t out_len = 0; diff --git a/src/test/fuzz/crypto_chacha20_poly1305_aead.cpp b/src/test/fuzz/crypto_chacha20_poly1305_aead.cpp index 596614a71b..84ac65dd88 100644 --- a/src/test/fuzz/crypto_chacha20_poly1305_aead.cpp +++ b/src/test/fuzz/crypto_chacha20_poly1305_aead.cpp @@ -26,16 +26,16 @@ FUZZ_TARGET(crypto_chacha20_poly1305_aead) uint64_t seqnr_aad = 0; int aad_pos = 0; size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096); - std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); - std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); + std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); + std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); bool is_encrypt = fuzzed_data_provider.ConsumeBool(); LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { CallOneOf( fuzzed_data_provider, [&] { buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096); - in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); - out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0); + in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); + out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0); }, [&] { (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt); diff --git a/src/test/fuzz/crypto_poly1305.cpp b/src/test/fuzz/crypto_poly1305.cpp index 94a7ed06e9..f49729a34b 100644 --- a/src/test/fuzz/crypto_poly1305.cpp +++ b/src/test/fuzz/crypto_poly1305.cpp @@ -14,11 +14,11 @@ FUZZ_TARGET(crypto_poly1305) { FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; - const std::vector<uint8_t> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, POLY1305_KEYLEN); + const std::vector<uint8_t> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, Poly1305::KEYLEN); const std::vector<uint8_t> in = ConsumeRandomLengthByteVector(fuzzed_data_provider); - std::vector<uint8_t> tag_out(POLY1305_TAGLEN); - poly1305_auth(tag_out.data(), in.data(), in.size(), key.data()); + std::vector<std::byte> tag_out(Poly1305::TAGLEN); + Poly1305{MakeByteSpan(key)}.Update(MakeByteSpan(in)).Finalize(tag_out); } |