diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt index fba4d87..3056d58 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt @@ -11,7 +11,7 @@ import com.ionspin.kotlin.crypto.util.toLittleEndianUByteArray * ugljesa.jovanovic@ionspin.com * on 17-Jun-2020 */ -internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, val additionalData: UByteArray) { +class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, val additionalData: UByteArray) { companion object { fun encrypt(key: UByteArray, nonce: UByteArray, message: UByteArray, additionalData: UByteArray) : UByteArray { @@ -38,11 +38,13 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, } } - val updateableEncryptionPrimitive = XChaCha20Pure(key, nonce, initialCounter = 0U) - val updateableMacPrimitive : Poly1305 + private val updateableEncryptionPrimitive = XChaCha20Pure(key, nonce, initialCounter = 1U) + private val updateableMacPrimitive : Poly1305 - val polyBuffer = UByteArray(16) - var polyBufferByteCounter = 0 + private val polyBuffer = UByteArray(16) + private var polyBufferByteCounter = 0 + + private var processedBytes = 0 init { val subKey = XChaCha20Pure.hChacha(key, nonce) @@ -57,10 +59,20 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, // at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer.lowerConst(ConstLowering.kt:38) ) updateableMacPrimitive = Poly1305(authKey) + val additionalDataPad = UByteArray(16 - additionalData.size % 16) { 0U } + processPolyBytes(additionalData + additionalDataPad) + } fun encryptPartialData(data: UByteArray) : UByteArray { + processedBytes += data.size + val encrypted = updateableEncryptionPrimitive.encryptPartialData(data) + processPolyBytes(encrypted) + return encrypted + } + + private fun processPolyBytes(data: UByteArray) { if (polyBufferByteCounter == 0) { val polyBlocks = data.size / 16 val polyRemainder = data.size % 16 @@ -71,16 +83,51 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, for (i in 0 until polyRemainder) { polyBuffer[i] = data[data.size - polyRemainder + i] } + polyBufferByteCounter = polyRemainder } } else { - + if (polyBufferByteCounter + data.size < 16) { + for (i in 0 until data.size) { + polyBuffer[polyBufferByteCounter + i] = data[i] + } + polyBufferByteCounter += data.size + } else { + val borrowed = 16 - polyBufferByteCounter + for (i in polyBufferByteCounter until 16) { + polyBuffer[i] = data[i - polyBufferByteCounter] + } + updateableMacPrimitive.updateMac(polyBuffer) + polyBufferByteCounter = 0 + val polyBlocks = (data.size - borrowed) / 16 + val polyRemainder = (data.size - borrowed) % 16 + for (i in 0 until polyBlocks) { + updateableMacPrimitive.updateMac(data.sliceArray(borrowed + i * 16 until borrowed + i * 16 + 16)) + } + if (polyRemainder != 0) { + for (i in 0 until polyRemainder) { + polyBuffer[i] = data[data.size + borrowed - polyRemainder + i] + } + polyBufferByteCounter = polyRemainder + } + } } - return updateableEncryptionPrimitive.encryptPartialData(data) } -// fun finish() : UByteArray { -// -// } + + + + + + fun finish() : UByteArray { + + val cipherTextPad = UByteArray(16 - processedBytes % 16) { 0U } + val macData = cipherTextPad + + additionalData.size.toULong().toLittleEndianUByteArray() + + processedBytes.toULong().toLittleEndianUByteArray() + processPolyBytes(macData) + val tag = updateableMacPrimitive.finalizeMac() + return tag + } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt index a54fe4d..b1b464e 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt @@ -84,7 +84,7 @@ class Poly1305(key: UByteArray) { accumulator %= P } - fun finalizeMac(data: UByteArray) : UByteArray{ + fun finalizeMac(data: UByteArray = ubyteArrayOf()) : UByteArray{ if (data.size != 0) { data.hexColumsPrint() val blockAsInt = BigInteger.fromUByteArray(data, Endianness.LITTLE) + powersOfTwo[data.size * 8] diff --git a/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Test.kt b/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Test.kt index e60d649..f10a104 100644 --- a/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Test.kt +++ b/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Test.kt @@ -85,5 +85,87 @@ class XChaCha20Poly1305Test { } + } + + @Test + fun updateableXChaCha20Poly1305() { + assertTrue { + val message = ("Ladies and Gentlemen of the class of '99: If I could offer you " + + "only one tip for the future, sunscreen would be it.").encodeToUByteArray() + + val additionalData = ubyteArrayOf( + 0x50U, 0x51U, 0x52U, 0x53U, 0xc0U, 0xc1U, 0xc2U, 0xc3U, 0xc4U, 0xc5U, 0xc6U, 0xc7U + ) + val key = ubyteArrayOf( + 0x80U, 0x81U, 0x82U, 0x83U, 0x84U, 0x85U, 0x86U, 0x87U, + 0x88U, 0x89U, 0x8aU, 0x8bU, 0x8cU, 0x8dU, 0x8eU, 0x8fU, + 0x90U, 0x91U, 0x92U, 0x93U, 0x94U, 0x95U, 0x96U, 0x97U, + 0x98U, 0x99U, 0x9aU, 0x9bU, 0x9cU, 0x9dU, 0x9eU, 0x9fU, + ) + + val nonce = ubyteArrayOf( + 0x40U, 0x41U, 0x42U, 0x43U, 0x44U, 0x45U, 0x46U, 0x47U, + 0x48U, 0x49U, 0x4aU, 0x4bU, 0x4cU, 0x4dU, 0x4eU, 0x4fU, + 0x50U, 0x51U, 0x52U, 0x53U, 0x54U, 0x55U, 0x56U, 0x57U, + ) + + val expected = ubyteArrayOf( + 0xbdU, 0x6dU, 0x17U, 0x9dU, 0x3eU, 0x83U, 0xd4U, 0x3bU, + 0x95U, 0x76U, 0x57U, 0x94U, 0x93U, 0xc0U, 0xe9U, 0x39U, + 0x57U, 0x2aU, 0x17U, 0x00U, 0x25U, 0x2bU, 0xfaU, 0xccU, + 0xbeU, 0xd2U, 0x90U, 0x2cU, 0x21U, 0x39U, 0x6cU, 0xbbU, + 0x73U, 0x1cU, 0x7fU, 0x1bU, 0x0bU, 0x4aU, 0xa6U, 0x44U, + 0x0bU, 0xf3U, 0xa8U, 0x2fU, 0x4eU, 0xdaU, 0x7eU, 0x39U, + 0xaeU, 0x64U, 0xc6U, 0x70U, 0x8cU, 0x54U, 0xc2U, 0x16U, + 0xcbU, 0x96U, 0xb7U, 0x2eU, 0x12U, 0x13U, 0xb4U, 0x52U, + 0x2fU, 0x8cU, 0x9bU, 0xa4U, 0x0dU, 0xb5U, 0xd9U, 0x45U, + 0xb1U, 0x1bU, 0x69U, 0xb9U, 0x82U, 0xc1U, 0xbbU, 0x9eU, + 0x3fU, 0x3fU, 0xacU, 0x2bU, 0xc3U, 0x69U, 0x48U, 0x8fU, + 0x76U, 0xb2U, 0x38U, 0x35U, 0x65U, 0xd3U, 0xffU, 0xf9U, + 0x21U, 0xf9U, 0x66U, 0x4cU, 0x97U, 0x63U, 0x7dU, 0xa9U, + 0x76U, 0x88U, 0x12U, 0xf6U, 0x15U, 0xc6U, 0x8bU, 0x13U, + 0xb5U, 0x2eU, 0xc0U, 0x87U, 0x59U, 0x24U, 0xc1U, 0xc7U, + 0x98U, 0x79U, 0x47U, 0xdeU, 0xafU, 0xd8U, 0x78U, 0x0aU, + 0xcfU, 0x49U + ) + val xChaChaPoly = XChaCha20Poly1305Pure(key, nonce, additionalData) + val firstChunk = xChaChaPoly.encryptPartialData(message) + val finalChunk = xChaChaPoly.finish() + val result = firstChunk + finalChunk + + result.contentEquals(expected) + } + + assertTrue { + val message = ubyteArrayOf( + 0x00U + ) + val additionalData = ubyteArrayOf( + 0x00U + ) + val key = ubyteArrayOf( + 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, + 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, + 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, + 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, 0x00U, + ) + + val nonce = ubyteArrayOf( + 0x00U, 0x01U, 0x02U, 0x03U, 0x04U, 0x05U, 0x06U, 0x07U, 0x08U, 0x09U, 0x0aU, 0x0bU, + 0x0cU, 0x0dU, 0x0eU, 0x0fU, 0x10U, 0x11U, 0x12U, 0x13U, 0x14U, 0x15U, 0x16U, 0x17U, + ) + + val expected = ubyteArrayOf( + 0xbdU, 0x3bU, 0x8aU, 0xd7U, 0xa1U, 0x9dU, 0xe8U, 0xc4U, 0x55U, + 0x84U, 0x6fU, 0xfcU, 0x75U, 0x31U, 0xbfU, 0x0cU, 0x2dU + ) + val xChaChaPoly = XChaCha20Poly1305Pure(key, nonce, additionalData) + val firstChunk = xChaChaPoly.encryptPartialData(message) + val finalChunk = xChaChaPoly.finish() + val result = firstChunk + finalChunk + result.contentEquals(expected) + } + + } } \ No newline at end of file