comparison chachapoly.c @ 1705:5b701bf529aa

Fix ChaCha20 on 32-bit platforms (#99) * Fix ChaCha20 on 32-bit platforms On 32-bit platforms with old compiler STORE64H() parameter is not auto-expanded to 64-bit value, causing wrong IV data. Spotted on BCM4706 MIPS32r2 with GCC 4.2.4: Exit before auth: Integrity error (bad packet size 2065808956) * Fix Chacha20-Poly1305 and AES-GCM debug messages Functions were renamed earlier and trace messages - not.
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Fri, 29 May 2020 18:26:22 +0500
parents 3a97f14c0235
children
comparison
equal deleted inserted replaced
1704:d384bc2e5af3 1705:5b701bf529aa
80 80
81 if (len < 4 || taglen != POLY1305_TAG_LEN) { 81 if (len < 4 || taglen != POLY1305_TAG_LEN) {
82 return CRYPT_ERROR; 82 return CRYPT_ERROR;
83 } 83 }
84 84
85 STORE64H(seq, seqbuf); 85 STORE64H((uint64_t)seq, seqbuf);
86 chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 0); 86 chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 0);
87 if ((err = chacha_keystream(&state->chacha, key, sizeof(key))) != CRYPT_OK) { 87 if ((err = chacha_keystream(&state->chacha, key, sizeof(key))) != CRYPT_OK) {
88 return err; 88 return err;
89 } 89 }
90 90
120 const unsigned char *in, unsigned int *outlen, 120 const unsigned char *in, unsigned int *outlen,
121 unsigned long len, dropbear_chachapoly_state *state) { 121 unsigned long len, dropbear_chachapoly_state *state) {
122 unsigned char seqbuf[8], buf[4]; 122 unsigned char seqbuf[8], buf[4];
123 int err; 123 int err;
124 124
125 TRACE2(("enter dropbear_chachapoly_parse")) 125 TRACE2(("enter dropbear_chachapoly_getlength"))
126 126
127 if (len < sizeof(buf)) { 127 if (len < sizeof(buf)) {
128 return CRYPT_ERROR; 128 return CRYPT_ERROR;
129 } 129 }
130 130
131 STORE64H(seq, seqbuf); 131 STORE64H((uint64_t)seq, seqbuf);
132 chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0); 132 chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0);
133 if ((err = chacha_crypt(&state->header, in, sizeof(buf), buf)) != CRYPT_OK) { 133 if ((err = chacha_crypt(&state->header, in, sizeof(buf), buf)) != CRYPT_OK) {
134 return err; 134 return err;
135 } 135 }
136 136
137 LOAD32H(*outlen, buf); 137 LOAD32H(*outlen, buf);
138 138
139 TRACE2(("leave dropbear_chachapoly_parse")) 139 TRACE2(("leave dropbear_chachapoly_getlength"))
140 return CRYPT_OK; 140 return CRYPT_OK;
141 } 141 }
142 142
143 const struct dropbear_cipher_mode dropbear_mode_chachapoly = 143 const struct dropbear_cipher_mode dropbear_mode_chachapoly =
144 {(void *)dropbear_chachapoly_start, NULL, NULL, 144 {(void *)dropbear_chachapoly_start, NULL, NULL,