mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-03 20:22:59 -05:00
ChaCha20: move working state from ctx to stack
No need to keep it around.
This commit is contained in:
Manuel Pégourié-Gonnard
parent
9620f9b99e
commit
98fae6d800
@ -54,8 +54,7 @@ extern "C" {
|
|||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
uint32_t initial_state[16]; /*! The initial state (before round operations). */
|
uint32_t state[16]; /*! The state (before round operations). */
|
||||||
uint32_t working_state[16]; /*! The working state (after round operations). */
|
|
||||||
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
|
uint8_t keystream8[64]; /*! Leftover keystream bytes. */
|
||||||
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
|
size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
|
||||||
}
|
}
|
||||||
|
|||||||
@ -128,15 +128,13 @@ static void chacha20_inner_block( uint32_t state[16] )
|
|||||||
* \brief Generates a keystream block.
|
* \brief Generates a keystream block.
|
||||||
*
|
*
|
||||||
* \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
|
* \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
|
||||||
* \param working_state This state is used as a temporary working area.
|
|
||||||
* \param keystream Generated keystream bytes are written to this buffer.
|
* \param keystream Generated keystream bytes are written to this buffer.
|
||||||
*/
|
*/
|
||||||
static void chacha20_block( const uint32_t initial_state[16],
|
static void chacha20_block( const uint32_t initial_state[16],
|
||||||
uint32_t working_state[16],
|
|
||||||
unsigned char keystream[64] )
|
unsigned char keystream[64] )
|
||||||
{
|
{
|
||||||
|
uint32_t working_state[16];
|
||||||
size_t i;
|
size_t i;
|
||||||
size_t offset;
|
|
||||||
|
|
||||||
memcpy( working_state,
|
memcpy( working_state,
|
||||||
initial_state,
|
initial_state,
|
||||||
@ -164,21 +162,22 @@ static void chacha20_block( const uint32_t initial_state[16],
|
|||||||
|
|
||||||
for ( i = 0U; i < 16; i++ )
|
for ( i = 0U; i < 16; i++ )
|
||||||
{
|
{
|
||||||
offset = i * 4U;
|
size_t offset = i * 4U;
|
||||||
|
|
||||||
keystream[offset ] = (unsigned char) working_state[i];
|
keystream[offset ] = (unsigned char) working_state[i];
|
||||||
keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8 );
|
keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8 );
|
||||||
keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
|
keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
|
||||||
keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
|
keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
|
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
|
||||||
{
|
{
|
||||||
if ( ctx != NULL )
|
if ( ctx != NULL )
|
||||||
{
|
{
|
||||||
mbedtls_platform_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
|
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||||
mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
|
|
||||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||||
|
|
||||||
/* Initially, there's no keystream bytes available */
|
/* Initially, there's no keystream bytes available */
|
||||||
@ -203,20 +202,20 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* ChaCha20 constants - the string "expand 32-byte k" */
|
/* ChaCha20 constants - the string "expand 32-byte k" */
|
||||||
ctx->initial_state[0] = 0x61707865;
|
ctx->state[0] = 0x61707865;
|
||||||
ctx->initial_state[1] = 0x3320646e;
|
ctx->state[1] = 0x3320646e;
|
||||||
ctx->initial_state[2] = 0x79622d32;
|
ctx->state[2] = 0x79622d32;
|
||||||
ctx->initial_state[3] = 0x6b206574;
|
ctx->state[3] = 0x6b206574;
|
||||||
|
|
||||||
/* Set key */
|
/* Set key */
|
||||||
ctx->initial_state[4] = BYTES_TO_U32_LE( key, 0 );
|
ctx->state[4] = BYTES_TO_U32_LE( key, 0 );
|
||||||
ctx->initial_state[5] = BYTES_TO_U32_LE( key, 4 );
|
ctx->state[5] = BYTES_TO_U32_LE( key, 4 );
|
||||||
ctx->initial_state[6] = BYTES_TO_U32_LE( key, 8 );
|
ctx->state[6] = BYTES_TO_U32_LE( key, 8 );
|
||||||
ctx->initial_state[7] = BYTES_TO_U32_LE( key, 12 );
|
ctx->state[7] = BYTES_TO_U32_LE( key, 12 );
|
||||||
ctx->initial_state[8] = BYTES_TO_U32_LE( key, 16 );
|
ctx->state[8] = BYTES_TO_U32_LE( key, 16 );
|
||||||
ctx->initial_state[9] = BYTES_TO_U32_LE( key, 20 );
|
ctx->state[9] = BYTES_TO_U32_LE( key, 20 );
|
||||||
ctx->initial_state[10] = BYTES_TO_U32_LE( key, 24 );
|
ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
|
||||||
ctx->initial_state[11] = BYTES_TO_U32_LE( key, 28 );
|
ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -231,14 +230,13 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Counter */
|
/* Counter */
|
||||||
ctx->initial_state[12] = counter;
|
ctx->state[12] = counter;
|
||||||
|
|
||||||
/* Nonce */
|
/* Nonce */
|
||||||
ctx->initial_state[13] = BYTES_TO_U32_LE( nonce, 0 );
|
ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
|
||||||
ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
|
ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
|
||||||
ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
|
ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
|
||||||
|
|
||||||
mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
|
|
||||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||||
|
|
||||||
/* Initially, there's no keystream bytes available */
|
/* Initially, there's no keystream bytes available */
|
||||||
@ -279,8 +277,8 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||||||
while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
|
while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
|
||||||
{
|
{
|
||||||
/* Generate new keystream block and increment counter */
|
/* Generate new keystream block and increment counter */
|
||||||
chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
|
chacha20_block( ctx->state, ctx->keystream8 );
|
||||||
ctx->initial_state[CHACHA20_CTR_INDEX]++;
|
ctx->state[CHACHA20_CTR_INDEX]++;
|
||||||
|
|
||||||
for ( i = 0U; i < 64U; i += 8U )
|
for ( i = 0U; i < 64U; i += 8U )
|
||||||
{
|
{
|
||||||
@ -302,8 +300,8 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||||||
if ( size > 0U )
|
if ( size > 0U )
|
||||||
{
|
{
|
||||||
/* Generate new keystream block and increment counter */
|
/* Generate new keystream block and increment counter */
|
||||||
chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
|
chacha20_block( ctx->state, ctx->keystream8 );
|
||||||
ctx->initial_state[CHACHA20_CTR_INDEX]++;
|
ctx->state[CHACHA20_CTR_INDEX]++;
|
||||||
|
|
||||||
for ( i = 0U; i < size; i++)
|
for ( i = 0U; i < size; i++)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user