Import Upstream version 1.1~pre17

2019-08-26 13:44:53 +02:00 · 2019-08-26 13:44:53 +02:00 · b511a112e6
commit b511a112e6
parent bc8ca65653
216 changed files with 43313 additions and 18448 deletions
--- a/src/chacha-poly1305/chacha-poly1305.c
+++ b/src/chacha-poly1305/chacha-poly1305.c
@ -11,42 +11,40 @@ struct chacha_poly1305_ctx {
 	struct chacha_ctx main_ctx, header_ctx;
 };

-chacha_poly1305_ctx_t *chacha_poly1305_init(void)
-{
-	chacha_poly1305_ctx_t *ctx = xzalloc(sizeof *ctx);
+chacha_poly1305_ctx_t *chacha_poly1305_init(void) {
+	chacha_poly1305_ctx_t *ctx = xzalloc(sizeof(*ctx));
 	return ctx;
 }

-void chacha_poly1305_exit(chacha_poly1305_ctx_t *ctx)
-{
+void chacha_poly1305_exit(chacha_poly1305_ctx_t *ctx) {
 	free(ctx);
 }

-bool chacha_poly1305_set_key(chacha_poly1305_ctx_t *ctx, const void *key)
-{
+bool chacha_poly1305_set_key(chacha_poly1305_ctx_t *ctx, const void *vkey) {
+	const uint8_t *key = vkey;
 	chacha_keysetup(&ctx->main_ctx, key, 256);
 	chacha_keysetup(&ctx->header_ctx, key + 32, 256);
 	return true;
 }

-static void put_u64(void *vp, uint64_t v)
-{
+static void put_u64(void *vp, uint64_t v) {
 	uint8_t *p = (uint8_t *) vp;

-	p[0] = (uint8_t) (v >> 56) & 0xff;
-	p[1] = (uint8_t) (v >> 48) & 0xff;
-	p[2] = (uint8_t) (v >> 40) & 0xff;
-	p[3] = (uint8_t) (v >> 32) & 0xff;
-	p[4] = (uint8_t) (v >> 24) & 0xff;
-	p[5] = (uint8_t) (v >> 16) & 0xff;
-	p[6] = (uint8_t) (v >> 8) & 0xff;
+	p[0] = (uint8_t)(v >> 56) & 0xff;
+	p[1] = (uint8_t)(v >> 48) & 0xff;
+	p[2] = (uint8_t)(v >> 40) & 0xff;
+	p[3] = (uint8_t)(v >> 32) & 0xff;
+	p[4] = (uint8_t)(v >> 24) & 0xff;
+	p[5] = (uint8_t)(v >> 16) & 0xff;
+	p[6] = (uint8_t)(v >> 8) & 0xff;
 	p[7] = (uint8_t) v & 0xff;
 }

-bool chacha_poly1305_encrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *outdata, size_t *outlen) {
+bool chacha_poly1305_encrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *voutdata, size_t *outlen) {
 	uint8_t seqbuf[8];
-	const uint8_t one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 };	/* NB little-endian */
+	const uint8_t one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 };      /* NB little-endian */
 	uint8_t poly_key[POLY1305_KEYLEN];
+	uint8_t *outdata = voutdata;

 	/*
 	 * Run ChaCha20 once to generate the Poly1305 key. The IV is the
@ -63,16 +61,18 @@ bool chacha_poly1305_encrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const v
 	chacha_encrypt_bytes(&ctx->main_ctx, indata, outdata, inlen);
 	poly1305_auth(outdata + inlen, outdata, inlen, poly_key);

-	if (outlen)
+	if(outlen) {
 		*outlen = inlen + POLY1305_TAGLEN;
+	}

 	return true;
 }

-bool chacha_poly1305_decrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *outdata, size_t *outlen) {
+bool chacha_poly1305_decrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *vindata, size_t inlen, void *outdata, size_t *outlen) {
 	uint8_t seqbuf[8];
-	const uint8_t one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 };	/* NB little-endian */
+	const uint8_t one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 };      /* NB little-endian */
 	uint8_t expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
+	const uint8_t *indata = vindata;

 	/*
 	 * Run ChaCha20 once to generate the Poly1305 key. The IV is the
@ -91,13 +91,16 @@ bool chacha_poly1305_decrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const v
 	const uint8_t *tag = indata + inlen;

 	poly1305_auth(expected_tag, indata, inlen, poly_key);
-	if (memcmp(expected_tag, tag, POLY1305_TAGLEN))
+
+	if(memcmp(expected_tag, tag, POLY1305_TAGLEN)) {
 		return false;
+	}

 	chacha_encrypt_bytes(&ctx->main_ctx, indata, outdata, inlen);

-	if (outlen)
+	if(outlen) {
 		*outlen = inlen;
+	}

 	return true;
 }
--- a/src/chacha-poly1305/chacha.c
+++ b/src/chacha-poly1305/chacha.c
@ -47,20 +47,21 @@ typedef struct chacha_ctx chacha_ctx;
 static const char sigma[16] = "expand 32-byte k";
 static const char tau[16] = "expand 16-byte k";

-void chacha_keysetup(chacha_ctx *x, const uint8_t *k, uint32_t kbits)
-{
+void chacha_keysetup(chacha_ctx *x, const uint8_t *k, uint32_t kbits) {
 	const char *constants;

 	x->input[4] = U8TO32_LITTLE(k + 0);
 	x->input[5] = U8TO32_LITTLE(k + 4);
 	x->input[6] = U8TO32_LITTLE(k + 8);
 	x->input[7] = U8TO32_LITTLE(k + 12);
-	if (kbits == 256) {	/* recommended */
+
+	if(kbits == 256) {      /* recommended */
 		k += 16;
 		constants = sigma;
-	} else {		/* kbits == 128 */
+	} else {                /* kbits == 128 */
 		constants = tau;
 	}
+
 	x->input[8] = U8TO32_LITTLE(k + 0);
 	x->input[9] = U8TO32_LITTLE(k + 4);
 	x->input[10] = U8TO32_LITTLE(k + 8);
@ -71,8 +72,7 @@ void chacha_keysetup(chacha_ctx *x, const uint8_t *k, uint32_t kbits)
 	x->input[3] = U8TO32_LITTLE(constants + 12);
 }

-void chacha_ivsetup(chacha_ctx *x, const uint8_t *iv, const uint8_t *counter)
-{
+void chacha_ivsetup(chacha_ctx *x, const uint8_t *iv, const uint8_t *counter) {
 	x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
 	x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
 	x->input[14] = U8TO32_LITTLE(iv + 0);
@ -80,16 +80,16 @@ void chacha_ivsetup(chacha_ctx *x, const uint8_t *iv, const uint8_t *counter)
 }

 void
-chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes)
-{
+chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes) {
 	uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
 	uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
 	uint8_t *ctarget = NULL;
 	uint8_t tmp[64];
 	uint32_t i;

-	if (!bytes)
+	if(!bytes) {
 		return;
+	}

 	j0 = x->input[0];
 	j1 = x->input[1];
@ -108,14 +108,17 @@ chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes
 	j14 = x->input[14];
 	j15 = x->input[15];

-	for (;;) {
-		if (bytes < 64) {
-			for (i = 0; i < bytes; ++i)
+	for(;;) {
+		if(bytes < 64) {
+			for(i = 0; i < bytes; ++i) {
 				tmp[i] = m[i];
+			}
+
 			m = tmp;
 			ctarget = c;
 			c = tmp;
 		}
+
 		x0 = j0;
 		x1 = j1;
 		x2 = j2;
@ -132,7 +135,8 @@ chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes
 		x13 = j13;
 		x14 = j14;
 		x15 = j15;
-		for (i = 20; i > 0; i -= 2) {
+
+		for(i = 20; i > 0; i -= 2) {
 			QUARTERROUND(x0, x4, x8, x12)
 			QUARTERROUND(x1, x5, x9, x13)
 			QUARTERROUND(x2, x6, x10, x14)
@ -142,6 +146,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes
 			QUARTERROUND(x2, x7, x8, x13)
 			QUARTERROUND(x3, x4, x9, x14)
 		}
+
 		x0 = PLUS(x0, j0);
 		x1 = PLUS(x1, j1);
 		x2 = PLUS(x2, j2);
@ -177,7 +182,8 @@ chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes
 		x15 = XOR(x15, U8TO32_LITTLE(m + 60));

 		j12 = PLUSONE(j12);
-		if (!j12) {
+
+		if(!j12) {
 			j13 = PLUSONE(j13);
 			/* stopping at 2^70 bytes per nonce is user's responsibility */
 		}
@ -199,15 +205,18 @@ chacha_encrypt_bytes(chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes
 		U32TO8_LITTLE(c + 56, x14);
 		U32TO8_LITTLE(c + 60, x15);

-		if (bytes <= 64) {
-			if (bytes < 64) {
-				for (i = 0; i < bytes; ++i)
+		if(bytes <= 64) {
+			if(bytes < 64) {
+				for(i = 0; i < bytes; ++i) {
 					ctarget[i] = c[i];
+				}
 			}
+
 			x->input[12] = j12;
 			x->input[13] = j13;
 			return;
 		}
+
 		bytes -= 64;
 		c += 64;
 		m += 64;
--- a/src/chacha-poly1305/chacha.h
+++ b/src/chacha-poly1305/chacha.h
@ -11,14 +11,14 @@ struct chacha_ctx {
 	uint32_t input[16];
 };

-#define CHACHA_MINKEYLEN 	16
-#define CHACHA_NONCELEN		8
-#define CHACHA_CTRLEN		8
-#define CHACHA_STATELEN		(CHACHA_NONCELEN+CHACHA_CTRLEN)
-#define CHACHA_BLOCKLEN		64
+#define CHACHA_MINKEYLEN        16
+#define CHACHA_NONCELEN         8
+#define CHACHA_CTRLEN           8
+#define CHACHA_STATELEN         (CHACHA_NONCELEN+CHACHA_CTRLEN)
+#define CHACHA_BLOCKLEN         64

 void chacha_keysetup(struct chacha_ctx *x, const uint8_t *k, uint32_t kbits);
 void chacha_ivsetup(struct chacha_ctx *x, const uint8_t *iv, const uint8_t *ctr);
-void chacha_encrypt_bytes(struct chacha_ctx *x, const uint8_t *m, uint8_t * c, uint32_t bytes);
+void chacha_encrypt_bytes(struct chacha_ctx *x, const uint8_t *m, uint8_t *c, uint32_t bytes);

 #endif /* CHACHA_H */
--- a/src/chacha-poly1305/poly1305.c
+++ b/src/chacha-poly1305/poly1305.c
@ -1,4 +1,4 @@
-/* 
+/*
 * Public Domain poly1305 from Andrew Moon
 * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna
 */
@ -24,8 +24,7 @@
 	} while (0)

 void
-poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN])
-{
+poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t inlen, const unsigned char key[POLY1305_KEYLEN]) {
 	uint32_t t0, t1, t2, t3;
 	uint32_t h0, h1, h2, h3, h4;
 	uint32_t r0, r1, r2, r3, r4;
@ -71,10 +70,11 @@ poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t
 	h4 = 0;

 	/* full blocks */
-	if (inlen < 16)
+	if(inlen < 16) {
 		goto poly1305_donna_atmost15bytes;
+	}

- poly1305_donna_16bytes:
+poly1305_donna_16bytes:
 	m += 16;
 	inlen -= 16;

@ -89,7 +89,7 @@ poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t
 	h3 += ((((uint64_t) t3 << 32) | t2) >> 14) & 0x3ffffff;
 	h4 += (t3 >> 8) | (1 << 24);

- poly1305_donna_mul:
+poly1305_donna_mul:
 	t[0] = mul32x32_64(h0, r0) + mul32x32_64(h1, s4) + mul32x32_64(h2, s3) + mul32x32_64(h3, s2) + mul32x32_64(h4, s1);
 	t[1] = mul32x32_64(h0, r1) + mul32x32_64(h1, r0) + mul32x32_64(h2, s4) + mul32x32_64(h3, s3) + mul32x32_64(h4, s2);
 	t[2] = mul32x32_64(h0, r2) + mul32x32_64(h1, r1) + mul32x32_64(h2, r0) + mul32x32_64(h3, s4) + mul32x32_64(h4, s3);
@ -100,31 +100,39 @@ poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t
 	c = (t[0] >> 26);
 	t[1] += c;
 	h1 = (uint32_t) t[1] & 0x3ffffff;
-	b = (uint32_t) (t[1] >> 26);
+	b = (uint32_t)(t[1] >> 26);
 	t[2] += b;
 	h2 = (uint32_t) t[2] & 0x3ffffff;
-	b = (uint32_t) (t[2] >> 26);
+	b = (uint32_t)(t[2] >> 26);
 	t[3] += b;
 	h3 = (uint32_t) t[3] & 0x3ffffff;
-	b = (uint32_t) (t[3] >> 26);
+	b = (uint32_t)(t[3] >> 26);
 	t[4] += b;
 	h4 = (uint32_t) t[4] & 0x3ffffff;
-	b = (uint32_t) (t[4] >> 26);
+	b = (uint32_t)(t[4] >> 26);
 	h0 += b * 5;

-	if (inlen >= 16)
+	if(inlen >= 16) {
 		goto poly1305_donna_16bytes;
+	}

 	/* final bytes */
- poly1305_donna_atmost15bytes:
-	if (!inlen)
-		goto poly1305_donna_finish;
+poly1305_donna_atmost15bytes:

-	for (j = 0; j < inlen; j++)
+	if(!inlen) {
+		goto poly1305_donna_finish;
+	}
+
+	for(j = 0; j < inlen; j++) {
 		mp[j] = m[j];
+	}
+
 	mp[j++] = 1;
-	for (; j < 16; j++)
+
+	for(; j < 16; j++) {
 		mp[j] = 0;
+	}
+
 	inlen = 0;

 	t0 = U8TO32_LE(mp + 0);
@ -140,7 +148,7 @@ poly1305_auth(unsigned char out[POLY1305_TAGLEN], const unsigned char *m, size_t

 	goto poly1305_donna_mul;

- poly1305_donna_finish:
+poly1305_donna_finish:
 	b = h0 >> 26;
 	h0 = h0 & 0x3ffffff;
 	h1 += b;
--- a/src/chacha-poly1305/poly1305.h
+++ b/src/chacha-poly1305/poly1305.h
@ -1,6 +1,6 @@
 /* $OpenBSD: poly1305.h,v 1.2 2013/12/19 22:57:13 djm Exp $ */

-/* 
+/*
 * Public Domain poly1305 from Andrew Moon
 * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna
 */
@ -8,9 +8,9 @@
 #ifndef POLY1305_H
 #define POLY1305_H

-#define POLY1305_KEYLEN		32
-#define POLY1305_TAGLEN		16
+#define POLY1305_KEYLEN         32
+#define POLY1305_TAGLEN         16

 void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen, const uint8_t key[POLY1305_KEYLEN]);

-#endif				/* POLY1305_H */
+#endif                          /* POLY1305_H */