diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | cipher-chachapoly.c | 20 |
2 files changed, 13 insertions, 10 deletions
@@ -25,6 +25,9 @@ | |||
25 | [ssh-add.c] | 25 | [ssh-add.c] |
26 | Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. | 26 | Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. |
27 | ok markus@ | 27 | ok markus@ |
28 | - djm@cvs.openbsd.org 2013/12/15 21:42:35 | ||
29 | [cipher-chachapoly.c] | ||
30 | add some comments and constify a constant | ||
28 | 31 | ||
29 | 20131208 | 32 | 20131208 |
30 | - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna | 33 | - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna |
diff --git a/cipher-chachapoly.c b/cipher-chachapoly.c index 20628ab5d..91b0830fd 100644 --- a/cipher-chachapoly.c +++ b/cipher-chachapoly.c | |||
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: cipher-chachapoly.c,v 1.2 2013/11/21 02:50:00 djm Exp $ */ | 17 | /* $OpenBSD: cipher-chachapoly.c,v 1.3 2013/12/15 21:42:35 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -38,20 +38,19 @@ void chachapoly_init(struct chachapoly_ctx *ctx, | |||
38 | 38 | ||
39 | /* | 39 | /* |
40 | * chachapoly_crypt() operates as following: | 40 | * chachapoly_crypt() operates as following: |
41 | * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. | 41 | * En/decrypt with header key 'aadlen' bytes from 'src', storing result |
42 | * Theses bytes are treated as additional authenticated data. | 42 | * to 'dest'. The ciphertext here is treated as additional authenticated |
43 | * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. | 43 | * data for MAC calculation. |
44 | * Use POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the | 44 | * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use |
45 | * authentication tag. | 45 | * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication |
46 | * This tag is written on encryption and verified on decryption. | 46 | * tag. This tag is written on encryption and verified on decryption. |
47 | * Both 'aadlen' and 'authlen' can be set to 0. | ||
48 | */ | 47 | */ |
49 | int | 48 | int |
50 | chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, | 49 | chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, |
51 | const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) | 50 | const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) |
52 | { | 51 | { |
53 | u_char seqbuf[8]; | 52 | u_char seqbuf[8]; |
54 | u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB. little-endian */ | 53 | const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */ |
55 | u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; | 54 | u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; |
56 | int r = -1; | 55 | int r = -1; |
57 | 56 | ||
@@ -76,7 +75,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, | |||
76 | goto out; | 75 | goto out; |
77 | } | 76 | } |
78 | /* Crypt additional data */ | 77 | /* Crypt additional data */ |
79 | if (aadlen) { | 78 | if (aadlen) { |
80 | chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); | 79 | chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); |
81 | chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); | 80 | chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); |
82 | } | 81 | } |
@@ -97,6 +96,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, | |||
97 | return r; | 96 | return r; |
98 | } | 97 | } |
99 | 98 | ||
99 | /* Decrypt and extract the encrypted packet length */ | ||
100 | int | 100 | int |
101 | chachapoly_get_length(struct chachapoly_ctx *ctx, | 101 | chachapoly_get_length(struct chachapoly_ctx *ctx, |
102 | u_int *plenp, u_int seqnr, const u_char *cp, u_int len) | 102 | u_int *plenp, u_int seqnr, const u_char *cp, u_int len) |