1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-23 07:58:09 +00:00
trezor-firmware/crypto/chacha_drbg.c
2020-04-16 11:51:28 +02:00

63 lines
2.2 KiB
C

/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "chacha_drbg.h"
#include <stdint.h>
#define MAX(a, b) (a) > (b) ? (a) : (b)
void chacha_drbg_init(CHACHA_DRBG_CTX *ctx,
const uint8_t entropy[CHACHA_DRBG_SEED_LENGTH]) {
uint8_t buffer[MAX(CHACHA_DRBG_KEY_LENGTH, CHACHA_DRBG_IV_LENGTH)] = {0};
ECRYPT_keysetup(&ctx->chacha_ctx, buffer, CHACHA_DRBG_KEY_LENGTH * 8,
CHACHA_DRBG_IV_LENGTH * 8);
ECRYPT_ivsetup(&ctx->chacha_ctx, buffer);
chacha_drbg_reseed(ctx, entropy);
}
static void chacha_drbg_update(CHACHA_DRBG_CTX *ctx,
const uint8_t data[CHACHA_DRBG_SEED_LENGTH]) {
uint8_t buffer[CHACHA_DRBG_SEED_LENGTH] = {0};
if (data)
ECRYPT_encrypt_bytes(&ctx->chacha_ctx, data, buffer,
CHACHA_DRBG_SEED_LENGTH);
else
ECRYPT_keystream_bytes(&ctx->chacha_ctx, buffer, CHACHA_DRBG_SEED_LENGTH);
ECRYPT_keysetup(&ctx->chacha_ctx, buffer, CHACHA_DRBG_KEY_LENGTH * 8,
CHACHA_DRBG_IV_LENGTH * 8);
ECRYPT_ivsetup(&ctx->chacha_ctx, buffer + CHACHA_DRBG_KEY_LENGTH);
}
void chacha_drbg_generate(CHACHA_DRBG_CTX *ctx, uint8_t *output,
uint8_t output_length) {
ECRYPT_keystream_bytes(&ctx->chacha_ctx, output, output_length);
chacha_drbg_update(ctx, NULL);
ctx->reseed_counter++;
}
void chacha_drbg_reseed(CHACHA_DRBG_CTX *ctx,
const uint8_t entropy[CHACHA_DRBG_SEED_LENGTH]) {
chacha_drbg_update(ctx, entropy);
ctx->reseed_counter = 1;
}