highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-12-08 11:44:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

crypto: Implement RFC8439-compatible variant of ChaCha20

Browse Source 
There are two variants of ChaCha20 in use. The original one uses a 64-bit
nonce and a 64-bit block counter, while the one used in RFC8439 uses a
96-bit nonce and 32-bit block counter. This commit changes the interface
to use the 96/32 split (but automatically incrementing the first 32-bit
part of the nonce when the 32-bit block counter overflows, so to retain
compatibility with >256 GiB output).

Simultaneously, also merge the SetIV and Seek64 functions, as we almost
always call both anyway.

Co-authored-by: dhruv <856960+dhruv@users.noreply.github.com>
This commit is contained in:
Pieter Wuille
2023-06-27 16:24:02 -04:00
parent cf4da5ec29
commit 511a8d406e
7 changed files with 89 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/test/fuzz/crypto_chacha20.cpp
View File

@@ -28,10 +28,11 @@ FUZZ_TARGET(crypto_chacha20)
chacha20.SetKey32(key.data());
},
[&] {
chacha20.SetIV(fuzzed_data_provider.ConsumeIntegral<uint64_t>());
},
[&] {
chacha20.Seek64(fuzzed_data_provider.ConsumeIntegral<uint64_t>());
chacha20.Seek64(
{
fuzzed_data_provider.ConsumeIntegral<uint32_t>(),
fuzzed_data_provider.ConsumeIntegral<uint64_t>()
}, fuzzed_data_provider.ConsumeIntegral<uint32_t>());
},
[&] {
std::vector<uint8_t> output(fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
@@ -63,17 +64,16 @@ void ChaCha20SplitFuzz(FuzzedDataProvider& provider)
auto key_bytes = provider.ConsumeBytes<unsigned char>(32);
std::copy(key_bytes.begin(), key_bytes.end(), key);
uint64_t iv = provider.ConsumeIntegral<uint64_t>();
uint32_t iv_prefix = provider.ConsumeIntegral<uint32_t>();
uint64_t total_bytes = provider.ConsumeIntegralInRange<uint64_t>(0, 1000000);
/* ~x = 2^64 - 1 - x, so ~(total_bytes >> 6) is the maximal seek position. */
uint64_t seek = provider.ConsumeIntegralInRange<uint64_t>(0, ~(total_bytes >> 6));
/* ~x = 2^BITS - 1 - x, so ~(total_bytes >> 6) is the maximal seek position. */
uint32_t seek = provider.ConsumeIntegralInRange<uint32_t>(0, ~(uint32_t)(total_bytes >> 6));
// Initialize two ChaCha20 ciphers, with the same key/iv/position.
ChaCha20 crypt1(key);
ChaCha20 crypt2(key);
crypt1.SetIV(iv);
crypt1.Seek64(seek);
crypt2.SetIV(iv);
crypt2.Seek64(seek);
crypt1.Seek64({iv_prefix, iv}, seek);
crypt2.Seek64({iv_prefix, iv}, seek);
// Construct vectors with data.
std::vector<unsigned char> data1, data2;