Mercurial > dropbear
comparison chachapoly.c @ 1705:5b701bf529aa
Fix ChaCha20 on 32-bit platforms (#99)
* Fix ChaCha20 on 32-bit platforms
On 32-bit platforms with old compiler STORE64H() parameter is
not auto-expanded to 64-bit value, causing wrong IV data.
Spotted on BCM4706 MIPS32r2 with GCC 4.2.4:
Exit before auth: Integrity error (bad packet size 2065808956)
* Fix Chacha20-Poly1305 and AES-GCM debug messages
Functions were renamed earlier and trace messages - not.
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Fri, 29 May 2020 18:26:22 +0500 |
parents | 3a97f14c0235 |
children |
comparison
equal
deleted
inserted
replaced
1704:d384bc2e5af3 | 1705:5b701bf529aa |
---|---|
80 | 80 |
81 if (len < 4 || taglen != POLY1305_TAG_LEN) { | 81 if (len < 4 || taglen != POLY1305_TAG_LEN) { |
82 return CRYPT_ERROR; | 82 return CRYPT_ERROR; |
83 } | 83 } |
84 | 84 |
85 STORE64H(seq, seqbuf); | 85 STORE64H((uint64_t)seq, seqbuf); |
86 chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 0); | 86 chacha_ivctr64(&state->chacha, seqbuf, sizeof(seqbuf), 0); |
87 if ((err = chacha_keystream(&state->chacha, key, sizeof(key))) != CRYPT_OK) { | 87 if ((err = chacha_keystream(&state->chacha, key, sizeof(key))) != CRYPT_OK) { |
88 return err; | 88 return err; |
89 } | 89 } |
90 | 90 |
120 const unsigned char *in, unsigned int *outlen, | 120 const unsigned char *in, unsigned int *outlen, |
121 unsigned long len, dropbear_chachapoly_state *state) { | 121 unsigned long len, dropbear_chachapoly_state *state) { |
122 unsigned char seqbuf[8], buf[4]; | 122 unsigned char seqbuf[8], buf[4]; |
123 int err; | 123 int err; |
124 | 124 |
125 TRACE2(("enter dropbear_chachapoly_parse")) | 125 TRACE2(("enter dropbear_chachapoly_getlength")) |
126 | 126 |
127 if (len < sizeof(buf)) { | 127 if (len < sizeof(buf)) { |
128 return CRYPT_ERROR; | 128 return CRYPT_ERROR; |
129 } | 129 } |
130 | 130 |
131 STORE64H(seq, seqbuf); | 131 STORE64H((uint64_t)seq, seqbuf); |
132 chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0); | 132 chacha_ivctr64(&state->header, seqbuf, sizeof(seqbuf), 0); |
133 if ((err = chacha_crypt(&state->header, in, sizeof(buf), buf)) != CRYPT_OK) { | 133 if ((err = chacha_crypt(&state->header, in, sizeof(buf), buf)) != CRYPT_OK) { |
134 return err; | 134 return err; |
135 } | 135 } |
136 | 136 |
137 LOAD32H(*outlen, buf); | 137 LOAD32H(*outlen, buf); |
138 | 138 |
139 TRACE2(("leave dropbear_chachapoly_parse")) | 139 TRACE2(("leave dropbear_chachapoly_getlength")) |
140 return CRYPT_OK; | 140 return CRYPT_OK; |
141 } | 141 } |
142 | 142 |
143 const struct dropbear_cipher_mode dropbear_mode_chachapoly = | 143 const struct dropbear_cipher_mode dropbear_mode_chachapoly = |
144 {(void *)dropbear_chachapoly_start, NULL, NULL, | 144 {(void *)dropbear_chachapoly_start, NULL, NULL, |