1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-13 19:18:56 +00:00

fix chacha20poly1305 issues

This commit is contained in:
Pavol Rusnak 2017-05-11 13:27:59 +02:00
parent d6d7919c87
commit 1ae459912f
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 9 additions and 28 deletions

View File

@ -1,6 +1,7 @@
#ifndef CHACHA20POLY1305_H
#define CHACHA20POLY1305_H
#include <stdint.h>
#include "ecrypt-sync.h"
#include "poly1305-donna.h"

View File

@ -27,6 +27,7 @@ static const char tau[16] = "expand 16-byte k";
void ECRYPT_keysetup(ECRYPT_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
{
(void)ivbits;
const char *constants;
x->input[4] = U8TO32_LITTLE(k + 0);
@ -61,7 +62,7 @@ void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
{
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
u8 *ctarget;
u8 *ctarget = 0;
u8 tmp[64];
int i;
@ -86,7 +87,7 @@ void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
for (;;) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) tmp[i] = m[i];
for (i = 0;i < (int)bytes;++i) tmp[i] = m[i];
m = tmp;
ctarget = c;
c = tmp;
@ -176,7 +177,7 @@ void ECRYPT_encrypt_bytes(ECRYPT_ctx *x,const u8 *m,u8 *c,u32 bytes)
if (bytes <= 64) {
if (bytes < 64) {
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
for (i = 0;i < (int)bytes;++i) ctarget[i] = c[i];
}
x->input[12] = j12;
x->input[13] = j13;

View File

@ -73,7 +73,7 @@ typedef struct
* called once when the program starts (e.g., to build expanded S-box
* tables).
*/
void ECRYPT_init();
void ECRYPT_init(void);
/*
* Key setup. It is the user's responsibility to select the values of

View File

@ -1,27 +1,5 @@
#include "poly1305-donna.h"
#if defined(POLY1305_8BIT)
#include "poly1305-donna-8.h"
#elif defined(POLY1305_16BIT)
#include "poly1305-donna-16.h"
#elif defined(POLY1305_32BIT)
#include "poly1305-donna-32.h"
#elif defined(POLY1305_64BIT)
#include "poly1305-donna-64.h"
#else
/* auto detect between 32bit / 64bit */
#define HAS_SIZEOF_INT128_64BIT (defined(__SIZEOF_INT128__) && defined(__LP64__))
#define HAS_MSVC_64BIT (defined(_MSC_VER) && defined(_M_X64))
#define HAS_GCC_4_4_64BIT (defined(__GNUC__) && defined(__LP64__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4))))
#if (HAS_SIZEOF_INT128_64BIT || HAS_MSVC_64BIT || HAS_GCC_4_4_64BIT)
#include "poly1305-donna-64.h"
#else
#include "poly1305-donna-32.h"
#endif
#endif
void
poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {

View File

@ -1,6 +1,7 @@
// Implementation of the ChaCha20 + Poly1305 AEAD construction
// as described in RFC 7539.
#include <string.h>
#include "rfc7539.h"
// Initialize the ChaCha20 + Poly1305 context for encryption or decryption
@ -33,8 +34,8 @@ void rfc7539_finish(chacha20poly1305_ctx *ctx, int64_t alen, int64_t plen, uint8
uint8_t padding[16] = {0};
uint8_t lengths[16] = {0};
U64TO8_LITTLE(lengths + 0, alen);
U64TO8_LITTLE(lengths + 8, plen);
memcpy(lengths, &alen, sizeof(int64_t));
memcpy(lengths + 8, &plen, sizeof(int64_t));
poly1305_update(&ctx->poly1305, padding, 16 - plen%16);
poly1305_update(&ctx->poly1305, lengths, 16);