diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2014-12-21 17:36:59 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2014-12-23 12:51:36 +0200 |
commit | 520070e02e2e6ee7228945015573a6e1f4895ec3 (patch) | |
tree | 838fad593082d53e5b864494356048219b2268cc /cipher/cipher.c | |
parent | 11b8d2d449a7bc664b4371ae14c57caa6704d272 (diff) | |
download | libgcrypt-520070e02e2e6ee7228945015573a6e1f4895ec3.tar.gz |
Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
counters for AAD and data in Poly1305.
* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
(poly1305_fill_bytecounts, poly1305_do_padding): New.
(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
length.
(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
AAD and data byte counts; only allow 96-bit IV.
* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
ChaCha20 cipher.
* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
* tests/bench-slope.c (cipher_bench_one): Ditto.
--
Latest Internet-Draft version for "ChaCha20 and Poly1305 for IETF protocols"
has added additional padding to Poly1305-AEAD and limited support IV size to
96-bits:
https://www.ietf.org/rfcdiff?url1=draft-nir-cfrg-chacha20-poly1305-03&difftype=--html&submit=Go!&url2=draft-irtf-cfrg-chacha20-poly1305-03
Patch makes Poly1305-AEAD implementation to match the changes and limits
Poly1305-AEAD to ChaCha20 only.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/cipher.c')
-rw-r--r-- | cipher/cipher.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/cipher/cipher.c b/cipher/cipher.c index 5c44c0d9..78cad210 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -421,9 +421,7 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, case GCRY_CIPHER_MODE_POLY1305: if (!spec->stencrypt || !spec->stdecrypt || !spec->setiv) err = GPG_ERR_INV_CIPHER_MODE; - else if (spec->algo != GCRY_CIPHER_SALSA20 && - spec->algo != GCRY_CIPHER_SALSA20R12 && - spec->algo != GCRY_CIPHER_CHACHA20) + else if (spec->algo != GCRY_CIPHER_CHACHA20) err = GPG_ERR_INV_CIPHER_MODE; break; |