haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Chacha/Salsa] cleanup nonce handling and use bufXor

Browse Source
This commit is contained in:
Vincent Hanquez 2015-05-03 14:58:59 +01:00
parent cd42b2765b
commit f09bbf55e3
2 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Crypto/Cipher/ChaCha.hs
View File

@ -24,11 +24,10 @@ import Crypto.Internal.ByteArray (ByteArrayAccess, ByteArray, SecureBy
import qualified Crypto.Internal.ByteArray as B
import Crypto.Internal.Compat
import Crypto.Internal.Imports
import Data.Bits (xor)
import Crypto.Internal.Bytes (bufXor)
import Foreign.Ptr
import Foreign.ForeignPtr
import Foreign.C.Types
import Foreign.Storable
-- | ChaCha context
data State = State Int -- number of rounds
@ -47,11 +46,11 @@ round64 len
-- | Initialize a new ChaCha context with the number of rounds,
-- the key and the nonce associated.
initialize :: ByteArrayAccess key
=> Int -- ^ number of rounds (8,12,20)
-> key -- ^ the key (128 or 256 bits)
-> ByteString -- ^ the nonce (64 or 96 bits)
-> State -- ^ the initial ChaCha state
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce)
=> Int -- ^ number of rounds (8,12,20)
-> key -- ^ the key (128 or 256 bits)
-> nonce -- ^ the nonce (64 or 96 bits)
-> State -- ^ the initial ChaCha state
initialize nbRounds key nonce
| not (kLen `elem` [16,32]) = error "ChaCha: key length should be 128 or 256 bits"
| not (nonceLen `elem` [8,12]) = error "ChaCha: nonce length should be 64 or 96 bits"
@ -103,7 +102,7 @@ combine prev@(State nbRounds prevSt prevOut) src
withByteArray src $ \srcPtr -> do
-- copy the previous buffer by xor if any
withByteArray prevOut $ \prevPtr ->
loopXor dstPtr srcPtr prevPtr prevBufLen
bufXor dstPtr srcPtr prevPtr prevBufLen
-- then create a new mutable copy of state
B.copy prevSt $ \stPtr ->
@ -120,12 +119,6 @@ combine prev@(State nbRounds prevSt prevOut) src
outputLen = B.length src
prevBufLen = B.length prevOut
loopXor :: Ptr Word8 -> Ptr Word8 -> Ptr Word8 -> Int -> IO ()
loopXor _ _ _ 0 = return ()
loopXor d s1 s2 n = do
(xor <$> peek s1 <*> peek s2) >>= poke d
loopXor (d `plusPtr` 1) (s1 `plusPtr` 1) (s2 `plusPtr` 1) (n-1)
-- | Generate a number of bytes from the ChaCha output directly
--
-- TODO: use chacha_generate directly instead of using combine xor'ing with 0.

12
Crypto/Cipher/Salsa.hs
View File

@ -14,6 +14,7 @@ module Crypto.Cipher.Salsa
) where
import Data.ByteString (ByteString)
import Crypto.Internal.Bytes (bufXor)
import Crypto.Internal.ByteArray (ByteArrayAccess, ByteArray, SecureBytes)
import qualified Crypto.Internal.ByteArray as B
import qualified Data.ByteString.Internal as BS
@ -24,7 +25,6 @@ import Data.Bits (xor)
import Foreign.Ptr
import Foreign.ForeignPtr
import Foreign.C.Types
import Foreign.Storable
-- | Salsa context
data State = State Int -- number of rounds
@ -40,7 +40,7 @@ round64 len
-- | Initialize a new Salsa context with the number of rounds,
-- the key and the nonce associated.
initialize :: (ByteArrayAccess key, ByteArray nonce)
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce)
=> Int -- ^ number of rounds (8,12,20)
-> key -- ^ the key (128 or 256 bits)
-> nonce -- ^ the nonce (64 or 96 bits)
@ -83,7 +83,7 @@ combine prev@(State nbRounds prevSt prevOut) src
B.withByteArray src $ \srcPtr -> do
-- copy the previous buffer by xor if any
B.withByteArray prevOut $ \prevPtr ->
loopXor dstPtr srcPtr prevPtr prevBufLen
bufXor dstPtr srcPtr prevPtr prevBufLen
-- then create a new mutable copy of state
B.copy prevSt $ \stPtr ->
@ -99,12 +99,6 @@ combine prev@(State nbRounds prevSt prevOut) src
outputLen = B.length src
prevBufLen = B.length prevOut
loopXor :: Ptr Word8 -> Ptr Word8 -> Ptr Word8 -> Int -> IO ()
loopXor _ _ _ 0 = return ()
loopXor d s1 s2 n = do
(xor <$> peek s1 <*> peek s2) >>= poke d
loopXor (d `plusPtr` 1) (s1 `plusPtr` 1) (s2 `plusPtr` 1) (n-1)
-- | Generate a number of bytes from the Salsa output directly
--
-- TODO: use salsa_generate directly instead of using combine xor'ing with 0.