[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-139-g520070e
by Jussi Kivilinna
cvs at cvs.gnupg.org
Sun Dec 28 14:57:43 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 520070e02e2e6ee7228945015573a6e1f4895ec3 (commit)
via 11b8d2d449a7bc664b4371ae14c57caa6704d272 (commit)
from c964321c8a1328e89d636d899a45d68802f5ac9f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 520070e02e2e6ee7228945015573a6e1f4895ec3
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Sun Dec 21 17:36:59 2014 +0200
Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
counters for AAD and data in Poly1305.
* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
(poly1305_fill_bytecounts, poly1305_do_padding): New.
(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
length.
(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
AAD and data byte counts; only allow 96-bit IV.
* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
ChaCha20 cipher.
* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
* tests/bench-slope.c (cipher_bench_one): Ditto.
--
Latest Internet-Draft version for "ChaCha20 and Poly1305 for IETF protocols"
has added additional padding to Poly1305-AEAD and limited support IV size to
96-bits:
https://www.ietf.org/rfcdiff?url1=draft-nir-cfrg-chacha20-poly1305-03&difftype=--html&submit=Go!&url2=draft-irtf-cfrg-chacha20-poly1305-03
Patch makes Poly1305-AEAD implementation to match the changes and limits
Poly1305-AEAD to ChaCha20 only.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h
index fef0ecb..650d813 100644
--- a/cipher/cipher-internal.h
+++ b/cipher/cipher-internal.h
@@ -163,8 +163,11 @@ struct gcry_cipher_handle
/* Mode specific storage for Poly1305 mode. */
struct {
- /* byte counter for AAD and data. */
- u32 bytecount[2];
+ /* byte counter for AAD. */
+ u32 aadcount[2];
+
+ /* byte counter for data. */
+ u32 datacount[2];
unsigned int aad_finalized:1;
unsigned int bytecount_over_limits:1;
diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c
index a22ffa3..f283333 100644
--- a/cipher/cipher-poly1305.c
+++ b/cipher/cipher-poly1305.c
@@ -53,12 +53,14 @@ poly1305_bytecounter_add (u32 ctr[2], size_t add)
static void
-poly1305_fill_bytecount (gcry_cipher_hd_t c)
+poly1305_fill_bytecounts (gcry_cipher_hd_t c)
{
- u32 lenbuf[2];
+ u32 lenbuf[4];
- lenbuf[0] = le_bswap32(c->u_mode.poly1305.bytecount[0]);
- lenbuf[1] = le_bswap32(c->u_mode.poly1305.bytecount[1]);
+ lenbuf[0] = le_bswap32(c->u_mode.poly1305.aadcount[0]);
+ lenbuf[1] = le_bswap32(c->u_mode.poly1305.aadcount[1]);
+ lenbuf[2] = le_bswap32(c->u_mode.poly1305.datacount[0]);
+ lenbuf[3] = le_bswap32(c->u_mode.poly1305.datacount[1]);
_gcry_poly1305_update (&c->u_mode.poly1305.ctx, (byte*)lenbuf,
sizeof(lenbuf));
@@ -67,15 +69,33 @@ poly1305_fill_bytecount (gcry_cipher_hd_t c)
static void
+poly1305_do_padding (gcry_cipher_hd_t c, u32 ctr[2])
+{
+ static const byte zero_padding_buf[15] = {};
+ u32 padding_count;
+
+ /* Padding to 16 byte boundary. */
+ if (ctr[0] % 16 > 0)
+ {
+ padding_count = 16 - ctr[0] % 16;
+
+ _gcry_poly1305_update (&c->u_mode.poly1305.ctx, zero_padding_buf,
+ padding_count);
+ }
+}
+
+
+static void
poly1305_aad_finish (gcry_cipher_hd_t c)
{
- /* Start of encryption marks end of AAD stream. */
- poly1305_fill_bytecount(c);
+ /* After AAD, feed padding bytes so we get 16 byte alignment. */
+ poly1305_do_padding (c, c->u_mode.poly1305.aadcount);
+ /* Start of encryption marks end of AAD stream. */
c->u_mode.poly1305.aad_finalized = 1;
- c->u_mode.poly1305.bytecount[0] = 0;
- c->u_mode.poly1305.bytecount[1] = 0;
+ c->u_mode.poly1305.datacount[0] = 0;
+ c->u_mode.poly1305.datacount[1] = 0;
}
@@ -102,7 +122,7 @@ _gcry_cipher_poly1305_authenticate (gcry_cipher_hd_t c,
if (!c->marks.iv)
poly1305_set_zeroiv(c);
- if (poly1305_bytecounter_add(c->u_mode.poly1305.bytecount, aadbuflen))
+ if (poly1305_bytecounter_add(c->u_mode.poly1305.aadcount, aadbuflen))
{
c->u_mode.poly1305.bytecount_over_limits = 1;
return GPG_ERR_INV_LENGTH;
@@ -138,7 +158,7 @@ _gcry_cipher_poly1305_encrypt (gcry_cipher_hd_t c,
if (!c->u_mode.poly1305.aad_finalized)
poly1305_aad_finish(c);
- if (poly1305_bytecounter_add(c->u_mode.poly1305.bytecount, inbuflen))
+ if (poly1305_bytecounter_add(c->u_mode.poly1305.datacount, inbuflen))
{
c->u_mode.poly1305.bytecount_over_limits = 1;
return GPG_ERR_INV_LENGTH;
@@ -176,7 +196,7 @@ _gcry_cipher_poly1305_decrypt (gcry_cipher_hd_t c,
if (!c->u_mode.poly1305.aad_finalized)
poly1305_aad_finish(c);
- if (poly1305_bytecounter_add(c->u_mode.poly1305.bytecount, inbuflen))
+ if (poly1305_bytecounter_add(c->u_mode.poly1305.datacount, inbuflen))
{
c->u_mode.poly1305.bytecount_over_limits = 1;
return GPG_ERR_INV_LENGTH;
@@ -212,8 +232,11 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
if (!c->marks.tag)
{
- /* Write data-length to poly1305. */
- poly1305_fill_bytecount(c);
+ /* After data, feed padding bytes so we get 16 byte alignment. */
+ poly1305_do_padding (c, c->u_mode.poly1305.datacount);
+
+ /* Write byte counts to poly1305. */
+ poly1305_fill_bytecounts(c);
_gcry_poly1305_finish(&c->u_mode.poly1305.ctx, c->u_iv.iv);
@@ -247,8 +270,11 @@ _gcry_cipher_poly1305_check_tag (gcry_cipher_hd_t c, const unsigned char *intag,
void
_gcry_cipher_poly1305_setkey (gcry_cipher_hd_t c)
{
- c->u_mode.poly1305.bytecount[0] = 0;
- c->u_mode.poly1305.bytecount[1] = 0;
+ c->u_mode.poly1305.aadcount[0] = 0;
+ c->u_mode.poly1305.aadcount[1] = 0;
+
+ c->u_mode.poly1305.datacount[0] = 0;
+ c->u_mode.poly1305.datacount[1] = 0;
c->u_mode.poly1305.bytecount_over_limits = 0;
c->u_mode.poly1305.aad_finalized = 0;
@@ -260,16 +286,20 @@ _gcry_cipher_poly1305_setkey (gcry_cipher_hd_t c)
gcry_err_code_t
_gcry_cipher_poly1305_setiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen)
{
- byte tmpbuf[64]; /* size of ChaCha20/Salsa20 block */
+ byte tmpbuf[64]; /* size of ChaCha20 block */
gcry_err_code_t err;
- if (!iv && ivlen > 0)
+ /* IV must be 96-bits */
+ if (!iv && ivlen != (96 / 8))
return GPG_ERR_INV_ARG;
memset(&c->u_mode.poly1305.ctx, 0, sizeof(c->u_mode.poly1305.ctx));
- c->u_mode.poly1305.bytecount[0] = 0;
- c->u_mode.poly1305.bytecount[1] = 0;
+ c->u_mode.poly1305.aadcount[0] = 0;
+ c->u_mode.poly1305.aadcount[1] = 0;
+
+ c->u_mode.poly1305.datacount[0] = 0;
+ c->u_mode.poly1305.datacount[1] = 0;
c->u_mode.poly1305.bytecount_over_limits = 0;
c->u_mode.poly1305.aad_finalized = 0;
@@ -279,7 +309,7 @@ _gcry_cipher_poly1305_setiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen)
/* Set up IV for stream cipher. */
c->spec->setiv (&c->context.c, iv, ivlen);
- /* Get the first block from ChaCha20/Salsa20. */
+ /* Get the first block from ChaCha20. */
memset(tmpbuf, 0, sizeof(tmpbuf));
c->spec->stencrypt(&c->context.c, tmpbuf, tmpbuf, sizeof(tmpbuf));
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 5c44c0d..78cad21 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -421,9 +421,7 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
case GCRY_CIPHER_MODE_POLY1305:
if (!spec->stencrypt || !spec->stdecrypt || !spec->setiv)
err = GPG_ERR_INV_CIPHER_MODE;
- else if (spec->algo != GCRY_CIPHER_SALSA20 &&
- spec->algo != GCRY_CIPHER_SALSA20R12 &&
- spec->algo != GCRY_CIPHER_CHACHA20)
+ else if (spec->algo != GCRY_CIPHER_CHACHA20)
err = GPG_ERR_INV_CIPHER_MODE;
break;
diff --git a/tests/basic.c b/tests/basic.c
index e406db4..ef8260f 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -1625,27 +1625,59 @@ _check_poly1305_cipher (unsigned int step)
struct tv
{
int algo;
- char key[MAX_DATA_LEN];
- char iv[MAX_DATA_LEN];
+ const char *key;
+ const char *iv;
int ivlen;
- unsigned char aad[MAX_DATA_LEN];
+ const char *aad;
int aadlen;
- unsigned char plaintext[MAX_DATA_LEN];
+ const char *plaintext;
int inlen;
- char out[MAX_DATA_LEN];
- char tag[MAX_DATA_LEN];
+ const char *out;
+ const char *tag;
} tv[] =
{
- /* draft-agl-tls-chacha20poly1305-04 */
+ /* draft-irtf-cfrg-chacha20-poly1305-03 */
{ GCRY_CIPHER_CHACHA20,
- "\x42\x90\xbc\xb1\x54\x17\x35\x31\xf3\x14\xaf\x57\xf3\xbe\x3b\x50"
- "\x06\xda\x37\x1e\xce\x27\x2a\xfa\x1b\x5d\xbd\xd1\x10\x0a\x10\x07",
- "\xcd\x7c\xf6\x7b\xe3\x9c\x79\x4a", 8,
- "\x87\xe2\x29\xd4\x50\x08\x45\xa0\x79\xc0", 10,
- "\x86\xd0\x99\x74\x84\x0b\xde\xd2\xa5\xca", 10,
- "\xe3\xe4\x46\xf7\xed\xe9\xa1\x9b\x62\xa4",
- "\x67\x7d\xab\xf4\xe3\xd2\x4b\x87\x6b\xb2\x84\x75\x38\x96\xe1\xd6" },
- /* draft-nir-cfrg-chacha20-poly1305-03 */
+ "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
+ "\x47\x39\x17\xc1\x40\x2b\x80\x09\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
+ "\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08", 12,
+ "\xf3\x33\x88\x86\x00\x00\x00\x00\x00\x00\x4e\x91", 12,
+ "\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20"
+ "\x61\x72\x65\x20\x64\x72\x61\x66\x74\x20\x64\x6f\x63\x75\x6d\x65"
+ "\x6e\x74\x73\x20\x76\x61\x6c\x69\x64\x20\x66\x6f\x72\x20\x61\x20"
+ "\x6d\x61\x78\x69\x6d\x75\x6d\x20\x6f\x66\x20\x73\x69\x78\x20\x6d"
+ "\x6f\x6e\x74\x68\x73\x20\x61\x6e\x64\x20\x6d\x61\x79\x20\x62\x65"
+ "\x20\x75\x70\x64\x61\x74\x65\x64\x2c\x20\x72\x65\x70\x6c\x61\x63"
+ "\x65\x64\x2c\x20\x6f\x72\x20\x6f\x62\x73\x6f\x6c\x65\x74\x65\x64"
+ "\x20\x62\x79\x20\x6f\x74\x68\x65\x72\x20\x64\x6f\x63\x75\x6d\x65"
+ "\x6e\x74\x73\x20\x61\x74\x20\x61\x6e\x79\x20\x74\x69\x6d\x65\x2e"
+ "\x20\x49\x74\x20\x69\x73\x20\x69\x6e\x61\x70\x70\x72\x6f\x70\x72"
+ "\x69\x61\x74\x65\x20\x74\x6f\x20\x75\x73\x65\x20\x49\x6e\x74\x65"
+ "\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20\x61\x73\x20\x72"
+ "\x65\x66\x65\x72\x65\x6e\x63\x65\x20\x6d\x61\x74\x65\x72\x69\x61"
+ "\x6c\x20\x6f\x72\x20\x74\x6f\x20\x63\x69\x74\x65\x20\x74\x68\x65"
+ "\x6d\x20\x6f\x74\x68\x65\x72\x20\x74\x68\x61\x6e\x20\x61\x73\x20"
+ "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b\x20\x69\x6e\x20\x70\x72\x6f\x67"
+ "\x72\x65\x73\x73\x2e\x2f\xe2\x80\x9d", 265,
+ "\x64\xa0\x86\x15\x75\x86\x1a\xf4\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
+ "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
+ "\x4c\x6c\xfc\x18\x75\x5d\x43\xee\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
+ "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
+ "\x33\x2f\x83\x0e\x71\x0b\x97\xce\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
+ "\x14\xad\x17\x6e\x00\x8d\x33\xbd\x60\xf9\x82\xb1\xff\x37\xc8\x55"
+ "\x97\x97\xa0\x6e\xf4\xf0\xef\x61\xc1\x86\x32\x4e\x2b\x35\x06\x38"
+ "\x36\x06\x90\x7b\x6a\x7c\x02\xb0\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
+ "\xb9\x16\x6c\x76\x7b\x80\x4d\x46\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
+ "\x90\x40\xc5\xa4\x04\x33\x22\x5e\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
+ "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
+ "\x0d\x07\x2b\x04\xb3\x56\x4e\xea\x1b\x42\x22\x73\xf5\x48\x27\x1a"
+ "\x0b\xb2\x31\x60\x53\xfa\x76\x99\x19\x55\xeb\xd6\x31\x59\x43\x4e"
+ "\xce\xbb\x4e\x46\x6d\xae\x5a\x10\x73\xa6\x72\x76\x27\x09\x7a\x10"
+ "\x49\xe6\x17\xd9\x1d\x36\x10\x94\xfa\x68\xf0\xff\x77\x98\x71\x30"
+ "\x30\x5b\xea\xba\x2e\xda\x04\xdf\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
+ "\xa6\xad\x5c\xb4\x02\x2b\x02\x70\x9b",
+ "\xee\xad\x9d\x67\x89\x0c\xbb\x22\x39\x23\x36\xfe\xa1\x85\x1f\x38" },
+ /* draft-irtf-cfrg-chacha20-poly1305-03 */
{ GCRY_CIPHER_CHACHA20,
"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
@@ -1661,11 +1693,11 @@ _check_poly1305_cipher (unsigned int step)
"\xfa\xb3\x24\xe4\xfa\xd6\x75\x94\x55\x85\x80\x8b\x48\x31\xd7\xbc"
"\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d\xe5\x76\xd2\x65\x86\xce\xc6\x4b"
"\x61\x16",
- "\x18\xfb\x11\xa5\x03\x1a\xd1\x3a\x7e\x3b\x03\xd4\x6e\xe3\xa6\xa7" }
+ "\x1a\xe1\x0b\x59\x4f\x09\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60\x06\x91" },
};
gcry_cipher_hd_t hde, hdd;
- unsigned char out[MAX_DATA_LEN];
+ unsigned char out[1024];
unsigned char tag[16];
int i, keylen;
gcry_error_t err = 0;
@@ -4333,9 +4365,7 @@ check_ciphers (void)
gcry_cipher_algo_name (algos2[i]));
check_one_cipher (algos2[i], GCRY_CIPHER_MODE_STREAM, 0);
- if (algos2[i] == GCRY_CIPHER_CHACHA20 ||
- algos2[i] == GCRY_CIPHER_SALSA20 ||
- algos2[i] == GCRY_CIPHER_SALSA20R12)
+ if (algos2[i] == GCRY_CIPHER_CHACHA20)
check_one_cipher (algos2[i], GCRY_CIPHER_MODE_POLY1305, 0);
}
/* we have now run all cipher's selftests */
diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index 7bf587f..ebf672e 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
@@ -1147,10 +1147,8 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode)
mode.name = mode.ops == &encrypt_ops ? "STREAM enc" : "STREAM dec";
}
- /* Poly1305 has restrictions for cipher algorithm */
- if (mode.mode == GCRY_CIPHER_MODE_POLY1305 &&
- (algo != GCRY_CIPHER_SALSA20 && algo != GCRY_CIPHER_SALSA20R12 &&
- algo != GCRY_CIPHER_CHACHA20))
+ /* Poly1305 has restriction for cipher algorithm */
+ if (mode.mode == GCRY_CIPHER_MODE_POLY1305 && algo != GCRY_CIPHER_CHACHA20)
return;
/* CCM has restrictions for block-size */
commit 11b8d2d449a7bc664b4371ae14c57caa6704d272
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Sun Dec 21 17:36:59 2014 +0200
chacha20: allow setting counter for stream random access
* cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
(chacha20_ivsetup): Add setup for full counter.
(chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/cipher/chacha20.c b/cipher/chacha20.c
index c1847aa..2eaeffd 100644
--- a/cipher/chacha20.c
+++ b/cipher/chacha20.c
@@ -45,6 +45,7 @@
#define CHACHA20_BLOCK_SIZE 64 /* Bytes. */
#define CHACHA20_MIN_IV_SIZE 8 /* Bytes. */
#define CHACHA20_MAX_IV_SIZE 12 /* Bytes. */
+#define CHACHA20_CTR_SIZE 16 /* Bytes. */
#define CHACHA20_INPUT_LENGTH (CHACHA20_BLOCK_SIZE / 4)
/* USE_SSE2 indicates whether to compile with Intel SSE2 code. */
@@ -312,22 +313,30 @@ chacha20_keysetup (CHACHA20_context_t * ctx, const byte * key,
static void
chacha20_ivsetup (CHACHA20_context_t * ctx, const byte * iv, size_t ivlen)
{
- ctx->input[12] = 0;
-
- if (ivlen == CHACHA20_MAX_IV_SIZE)
+ if (ivlen == CHACHA20_CTR_SIZE)
+ {
+ ctx->input[12] = buf_get_le32 (iv + 0);
+ ctx->input[13] = buf_get_le32 (iv + 4);
+ ctx->input[14] = buf_get_le32 (iv + 8);
+ ctx->input[15] = buf_get_le32 (iv + 12);
+ }
+ else if (ivlen == CHACHA20_MAX_IV_SIZE)
{
+ ctx->input[12] = 0;
ctx->input[13] = buf_get_le32 (iv + 0);
ctx->input[14] = buf_get_le32 (iv + 4);
ctx->input[15] = buf_get_le32 (iv + 8);
}
else if (ivlen == CHACHA20_MIN_IV_SIZE)
{
+ ctx->input[12] = 0;
ctx->input[13] = 0;
ctx->input[14] = buf_get_le32 (iv + 0);
ctx->input[15] = buf_get_le32 (iv + 4);
}
else
{
+ ctx->input[12] = 0;
ctx->input[13] = 0;
ctx->input[14] = 0;
ctx->input[15] = 0;
@@ -402,10 +411,12 @@ chacha20_setiv (void *context, const byte * iv, size_t ivlen)
CHACHA20_context_t *ctx = (CHACHA20_context_t *) context;
/* draft-nir-cfrg-chacha20-poly1305-02 defines 96-bit and 64-bit nonce. */
- if (iv && ivlen != CHACHA20_MAX_IV_SIZE && ivlen != CHACHA20_MIN_IV_SIZE)
+ if (iv && ivlen != CHACHA20_MAX_IV_SIZE && ivlen != CHACHA20_MIN_IV_SIZE
+ && ivlen != CHACHA20_CTR_SIZE)
log_info ("WARNING: chacha20_setiv: bad ivlen=%u\n", (u32) ivlen);
- if (iv && (ivlen == CHACHA20_MAX_IV_SIZE || ivlen == CHACHA20_MIN_IV_SIZE))
+ if (iv && (ivlen == CHACHA20_MAX_IV_SIZE || ivlen == CHACHA20_MIN_IV_SIZE
+ || ivlen == CHACHA20_CTR_SIZE))
chacha20_ivsetup (ctx, iv, ivlen);
else
chacha20_ivsetup (ctx, NULL, 0);
-----------------------------------------------------------------------
Summary of changes:
cipher/chacha20.c | 21 ++++++++++----
cipher/cipher-internal.h | 7 +++--
cipher/cipher-poly1305.c | 70 +++++++++++++++++++++++++++++++++-------------
cipher/cipher.c | 4 +--
tests/basic.c | 70 +++++++++++++++++++++++++++++++++-------------
tests/bench-slope.c | 6 ++--
6 files changed, 124 insertions(+), 54 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list