Remove semi-internal chacha20_keystrem_block()
It's actually easy to implement chachapoly without it, so let's not clutter the API (and avoid adding a burden to alt implementers).
This commit is contained in:
parent
502f189253
commit
56206c4db1
@ -107,27 +107,6 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
||||
const unsigned char nonce[12],
|
||||
uint32_t counter );
|
||||
|
||||
/**
|
||||
* \brief Generates a block of keystream bytes for a specific counter value.
|
||||
*
|
||||
* This function uses the key and nonce previously set in
|
||||
* the context (via mbedtls_chacha20_setkey and
|
||||
* mbedtls_chacha20_starts), but ignores the previously
|
||||
* set counter and uses the counter given as the parameter to
|
||||
* this function.
|
||||
*
|
||||
* \param ctx The ChaCha20 context. This context is not modified.
|
||||
* \param counter The counter value to use.
|
||||
* \param keystream Buffer to where the generated keystream bytes are written.
|
||||
*
|
||||
* \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or keystream are
|
||||
* NULL.
|
||||
* Otherwise, 0 is returned to indicate success.
|
||||
*/
|
||||
int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
|
||||
uint32_t counter,
|
||||
unsigned char keystream[64] );
|
||||
|
||||
/**
|
||||
* \brief Encrypt or decrypt data.
|
||||
*
|
||||
|
@ -246,43 +246,6 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
|
||||
uint32_t counter,
|
||||
unsigned char keystream[64] )
|
||||
{
|
||||
uint32_t initial_state[16];
|
||||
uint32_t working_state[16];
|
||||
|
||||
if ( ( ctx == NULL ) || ( keystream == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
initial_state[0] = ctx->initial_state[0];
|
||||
initial_state[1] = ctx->initial_state[1];
|
||||
initial_state[2] = ctx->initial_state[2];
|
||||
initial_state[3] = ctx->initial_state[3];
|
||||
initial_state[4] = ctx->initial_state[4];
|
||||
initial_state[5] = ctx->initial_state[5];
|
||||
initial_state[6] = ctx->initial_state[6];
|
||||
initial_state[7] = ctx->initial_state[7];
|
||||
initial_state[8] = ctx->initial_state[8];
|
||||
initial_state[9] = ctx->initial_state[9];
|
||||
initial_state[10] = ctx->initial_state[10];
|
||||
initial_state[11] = ctx->initial_state[11];
|
||||
initial_state[12] = counter;
|
||||
initial_state[13] = ctx->initial_state[13];
|
||||
initial_state[14] = ctx->initial_state[14];
|
||||
initial_state[15] = ctx->initial_state[15];
|
||||
|
||||
mbedtls_chacha20_block( initial_state, working_state, keystream );
|
||||
|
||||
mbedtls_zeroize( initial_state, sizeof( initial_state ) );
|
||||
mbedtls_zeroize( working_state, sizeof( working_state ) );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
||||
size_t size,
|
||||
const unsigned char *input,
|
||||
|
@ -143,15 +143,19 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 1U );
|
||||
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
|
||||
result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
|
||||
if ( result != 0 )
|
||||
goto cleanup;
|
||||
|
||||
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
|
||||
* This is the same as encrypting a buffer of zeroes.
|
||||
* Only the first 256-bits (32 bytes) of the key is used for Poly1305.
|
||||
* The other 256 bits are discarded.
|
||||
*/
|
||||
result = mbedtls_chacha20_keystream_block( &ctx->chacha20_ctx, 0U, poly1305_key );
|
||||
memset( poly1305_key, 0, sizeof( poly1305_key ) );
|
||||
result = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
|
||||
poly1305_key, poly1305_key );
|
||||
if ( result != 0 )
|
||||
goto cleanup;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user