From d55f67dd597ceaeb150ccf236fbbffddf35f3b75 Mon Sep 17 00:00:00 2001 From: Ugljesa Jovanovic Date: Sun, 21 Jun 2020 20:54:15 +0200 Subject: [PATCH] Added updateablePoly1305 --- .../authenticated/XChaCha20Poly1305Pure.kt | 58 +++++++--- .../com/ionspin/kotlin/crypto/mac/Poly1305.kt | 54 +++++++--- .../kotlin/crypto/symmetric/ChaCha20Pure.kt | 1 + .../kotlin/crypto/symmetric/Salsa20Pure.kt | 2 +- .../kotlin/crypto/symmetric/XChaCha20Pure.kt | 2 + .../kotlin/crypto/symmetric/XSalsa20Pure.kt | 4 +- .../com/ionspin/kotlin/crypto/util/Util.kt | 5 + .../ionspin/kotlin/crypto/mac/Poly1305Test.kt | 101 ++++++++++++++++++ 8 files changed, 196 insertions(+), 31 deletions(-) diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt index f70f6c3..fba4d87 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt @@ -15,10 +15,10 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, companion object { fun encrypt(key: UByteArray, nonce: UByteArray, message: UByteArray, additionalData: UByteArray) : UByteArray { - val oneTimeKey = XChaCha20Pure.hChacha(key, nonce) + val subKey = XChaCha20Pure.hChacha(key, nonce) val authKey = ChaCha20Pure.encrypt( - oneTimeKey.toLittleEndianUByteArray(), + subKey.toLittleEndianUByteArray(), ubyteArrayOf(0U, 0U, 0U, 0U) + nonce.sliceArray(16 until 24), UByteArray(64) { 0U }, 0U // If this is moved as a default parameter in encrypt, and not here (in 1.4-M2) @@ -26,10 +26,6 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, // at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer$visitConst$1$3.invoke(ConstLowering.kt:28) // at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer.lowerConst(ConstLowering.kt:38) ) - println("Poly sub-key:") - oneTimeKey.hexColumsPrint() - println("Poly key:") - authKey.hexColumsPrint() val cipherText = XChaCha20Pure.encrypt(key, nonce, message, 1U) val additionalDataPad = UByteArray(16 - additionalData.size % 16) { 0U } val cipherTextPad = UByteArray(16 - cipherText.size % 16) { 0U } @@ -37,21 +33,51 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray, cipherText + cipherTextPad + additionalData.size.toULong().toLittleEndianUByteArray() + cipherText.size.toULong().toLittleEndianUByteArray() - oneTimeKey.toLittleEndianUByteArray().hexColumsPrint() val tag = Poly1305.poly1305Authenticate(authKey, macData) return cipherText + tag } } -// val encryption = XChaCha20Pure(key, nonce, initialCounter = 0U) { -// -// } -// -// -// fun encryptPartialData(data: UByteArray) : UByteArray { -// -// } -// + val updateableEncryptionPrimitive = XChaCha20Pure(key, nonce, initialCounter = 0U) + val updateableMacPrimitive : Poly1305 + + val polyBuffer = UByteArray(16) + var polyBufferByteCounter = 0 + + init { + val subKey = XChaCha20Pure.hChacha(key, nonce) + val authKey = + ChaCha20Pure.encrypt( + subKey.toLittleEndianUByteArray(), + ubyteArrayOf(0U, 0U, 0U, 0U) + nonce.sliceArray(16 until 24), + UByteArray(64) { 0U }, + 0U // If this is moved as a default parameter in encrypt, and not here (in 1.4-M2) + // js compiler dies with: e: java.lang.NullPointerException + // at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer$visitConst$1$3.invoke(ConstLowering.kt:28) + // at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer.lowerConst(ConstLowering.kt:38) + ) + updateableMacPrimitive = Poly1305(authKey) + } + + + fun encryptPartialData(data: UByteArray) : UByteArray { + if (polyBufferByteCounter == 0) { + val polyBlocks = data.size / 16 + val polyRemainder = data.size % 16 + for (i in 0 until polyBlocks) { + updateableMacPrimitive.updateMac(data.sliceArray(i * 16 until i * 16 + 16)) + } + if (polyRemainder != 0) { + for (i in 0 until polyRemainder) { + polyBuffer[i] = data[data.size - polyRemainder + i] + } + } + } else { + + } + return updateableEncryptionPrimitive.encryptPartialData(data) + } + // fun finish() : UByteArray { // // } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt index 4281ec5..a54fe4d 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt @@ -9,17 +9,19 @@ import com.ionspin.kotlin.crypto.util.hexColumsPrint * ugljesa.jovanovic@ionspin.com * on 18-Jun-2020 */ -class Poly1305 { +class Poly1305(key: UByteArray) { companion object { - fun clampR(r: UByteArray) { - r[3] = r[3] and 0b00001111U - r[7] = r[7] and 0b00001111U - r[11] = r[11] and 0b00001111U - r[15] = r[15] and 0b00001111U + fun clampR(r: UByteArray) : UByteArray { + val clamped = UByteArray(16) { r[it] } + clamped[3] = r[3] and 0b00001111U + clamped[7] = r[7] and 0b00001111U + clamped[11] = r[11] and 0b00001111U + clamped[15] = r[15] and 0b00001111U - r[4] = r[4] and 0b11111100U - r[8] = r[8] and 0b11111100U - r[12] = r[12] and 0b11111100U + clamped[4] = r[4] and 0b11111100U + clamped[8] = r[8] and 0b11111100U + clamped[12] = r[12] and 0b11111100U + return clamped } @@ -36,11 +38,11 @@ class Poly1305 { val twoToThe128 = BigInteger.ONE.shl(128) fun poly1305Authenticate(key: UByteArray, message: UByteArray) : UByteArray { - val r = UByteArray(16) { key[it] } + val r = clampR(UByteArray(16) { key[it] }) val s= UByteArray(16) { key[it + 16]} - clampR(r) + var accumulator = BigInteger.ZERO - val rAsBigInt = BigInteger.fromUByteArray(r, Endianness.LITTLE) + val rAsBigInt = BigInteger.fromUByteArray(r, Endianness.LITTLE) //TODO update BigInt to make this eraseable val sAsBigInt = BigInteger.fromUByteArray(s, Endianness.LITTLE) val blocks = message.size / 16 val remainder = message.size % 16 @@ -70,4 +72,30 @@ class Poly1305 { } } -} \ No newline at end of file + var rAsBigInt = BigInteger.fromUByteArray(clampR(key.sliceArray(0 until 16)), Endianness.LITTLE) + var sAsBigInt = BigInteger.fromUByteArray(key.sliceArray(16 until 32), Endianness.LITTLE) + var accumulator = BigInteger.ZERO + + fun updateMac(data : UByteArray) { + data.hexColumsPrint() + val blockAsInt = BigInteger.fromUByteArray(data, Endianness.LITTLE) + powersOfTwo[128] + accumulator += blockAsInt + accumulator *= rAsBigInt + accumulator %= P + } + + fun finalizeMac(data: UByteArray) : UByteArray{ + if (data.size != 0) { + data.hexColumsPrint() + val blockAsInt = BigInteger.fromUByteArray(data, Endianness.LITTLE) + powersOfTwo[data.size * 8] + accumulator += blockAsInt + accumulator *= rAsBigInt + accumulator %= P + } + accumulator += sAsBigInt + accumulator = accumulator and resultMask + val result = accumulator.toUByteArray(Endianness.BIG) + result.reverse() + return result + } +} diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/ChaCha20Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/ChaCha20Pure.kt index 58f7d54..8e11511 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/ChaCha20Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/ChaCha20Pure.kt @@ -92,6 +92,7 @@ internal class ChaCha20Pure { message, blocks * 64, ciphertext, blocks * 64 ) + state.overwriteWithZeroes() return ciphertext } } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/Salsa20Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/Salsa20Pure.kt index 6579a2b..2fc3761 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/Salsa20Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/Salsa20Pure.kt @@ -110,7 +110,7 @@ internal class Salsa20Pure { 0, remainder, message, blocks * 64, ciphertext, blocks * 64) - + state.overwriteWithZeroes() return ciphertext } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XChaCha20Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XChaCha20Pure.kt index 9171d31..9101398 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XChaCha20Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XChaCha20Pure.kt @@ -95,6 +95,7 @@ class XChaCha20Pure(key: UByteArray, nonce: UByteArray, initialCounter: UInt = 0 message, blocks * 64, ciphertext, blocks * 64 ) + state.overwriteWithZeroes() return ciphertext } @@ -172,6 +173,7 @@ class XChaCha20Pure(key: UByteArray, nonce: UByteArray, initialCounter: UInt = 0 ) keystreamRemainingCounter = 64 - remainingBytes processedBytesSoFar += data.size + state.overwriteWithZeroes() return ciphertext } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XSalsa20Pure.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XSalsa20Pure.kt index 9849f86..ca83a60 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XSalsa20Pure.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XSalsa20Pure.kt @@ -2,6 +2,7 @@ package com.ionspin.kotlin.crypto.symmetric import com.ionspin.kotlin.crypto.util.fromLittleEndianArrayToUInt import com.ionspin.kotlin.crypto.util.fromLittleEndianArrayToUIntWithPosition +import com.ionspin.kotlin.crypto.util.overwriteWithZeroes import com.ionspin.kotlin.crypto.util.xorWithPositionsAndInsertIntoArray /** @@ -80,6 +81,7 @@ internal class XSalsa20Pure { else -> 0U } } + hSalsaKey.overwriteWithZeroes() val blocks = message.size / 64 val remainder = message.size % 64 for (i in 0 until blocks) { @@ -94,7 +96,7 @@ internal class XSalsa20Pure { 0, remainder, message, blocks * 64, ciphertext, blocks * 64) - + state.overwriteWithZeroes() return ciphertext } diff --git a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/util/Util.kt b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/util/Util.kt index 13fe647..4d6bbcb 100644 --- a/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/util/Util.kt +++ b/multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/util/Util.kt @@ -344,6 +344,11 @@ fun Array.fromBigEndianArrayToUInt() : UInt { operator fun UInt.plus(other : UByteArray) : UByteArray { return this.toLittleEndianUByteArray() + other } +fun UByteArray.overwriteWithZeroes() { + for (i in 0 until size) { + this[i] = 0U + } +} fun UIntArray.overwriteWithZeroes() { for (i in 0 until size) { diff --git a/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305Test.kt b/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305Test.kt index fffa260..adfa978 100644 --- a/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305Test.kt +++ b/multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305Test.kt @@ -120,4 +120,105 @@ class Poly1305Test { expected.contentEquals(result) } } + + @Test + fun testUpdateablePoly1305() { + assertTrue { + val key = ubyteArrayOf( + 0x85U, 0xd6U, 0xbeU, 0x78U, 0x57U, 0x55U, 0x6dU, + 0x33U, 0x7fU, 0x44U, 0x52U, 0xfeU, 0x42U, 0xd5U, + 0x06U, 0xa8U, 0x01U, 0x03U, 0x80U, 0x8aU, 0xfbU, + 0x0dU, 0xb2U, 0xfdU, 0x4aU, 0xbfU, 0xf6U, 0xafU, + 0x41U, 0x49U, 0xf5U, 0x1bU + ) + val message = ubyteArrayOf( + 0x43U, 0x72U, 0x79U, 0x70U, 0x74U, 0x6fU, 0x67U, 0x72U, + 0x61U, 0x70U, 0x68U, 0x69U, 0x63U, 0x20U, 0x46U, 0x6fU, + 0x72U, 0x75U, 0x6dU, 0x20U, 0x52U, 0x65U, 0x73U, 0x65U, + 0x61U, 0x72U, 0x63U, 0x68U, 0x20U, 0x47U, 0x72U, 0x6fU, + 0x75U, 0x70U + ) + val expected = ubyteArrayOf( + 0xA8U, 0x06U, 0x1DU, 0xC1U, + 0x30U, 0x51U, 0x36U, 0xC6U, + 0xC2U, 0x2BU, 0x8BU, 0xAFU, + 0x0CU, 0x01U, 0x27U, 0xA9U, + ) + val poly = Poly1305(key) + poly.updateMac(message.sliceArray(0 until 16)) + poly.updateMac(message.sliceArray(16 until 32)) + val result = poly.finalizeMac(message.sliceArray(32 until 34)) + + expected.contentEquals(result) + } + assertTrue { + val key = ubyteArrayOf( + 0x85U, 0x1fU, 0xc4U, 0x0cU, 0x34U, 0x67U, 0xacU, 0x0bU, + 0xe0U, 0x5cU, 0xc2U, 0x04U, 0x04U, 0xf3U, 0xf7U, 0x00U, + 0x58U, 0x0bU, 0x3bU, 0x0fU, 0x94U, 0x47U, 0xbbU, 0x1eU, + 0x69U, 0xd0U, 0x95U, 0xb5U, 0x92U, 0x8bU, 0x6dU, 0xbcU + ) + val message = ubyteArrayOf( + 0xf3U, 0xf6U + ) + val expected = ubyteArrayOf( + 0xf4U, 0xc6U, 0x33U, 0xc3U, 0x04U, 0x4fU, 0xc1U, 0x45U, + 0xf8U, 0x4fU, 0x33U, 0x5cU, 0xb8U, 0x19U, 0x53U, 0xdeU + ) + + val poly = Poly1305(key) + val result = poly.finalizeMac(message) + expected.contentEquals(result) + } + + assertTrue { + val key = ubyteArrayOf( + 0x75U, 0xdeU, 0xaaU, 0x25U, 0xc0U, 0x9fU, 0x20U, 0x8eU, + 0x1dU, 0xc4U, 0xceU, 0x6bU, 0x5cU, 0xadU, 0x3fU, 0xbfU, + 0xddU, 0x3fU, 0xabU, 0x22U, 0x51U, 0xf1U, 0x1aU, 0xc7U, + 0x59U, 0xf0U, 0x88U, 0x71U, 0x29U, 0xccU, 0x2eU, 0xe7U, + ) + val message = ubyteArrayOf( + + ) + val expected = ubyteArrayOf( + 0xddU, 0x3fU, 0xabU, 0x22U, 0x51U, 0xf1U, 0x1aU, 0xc7U, + 0x59U, 0xf0U, 0x88U, 0x71U, 0x29U, 0xccU, 0x2eU, 0xe7U + ) + + val poly = Poly1305(key) + val result = poly.finalizeMac(message) + expected.contentEquals(result) + } + + assertTrue { + val key = ubyteArrayOf( + 0x12U, 0x97U, 0x6aU, 0x08U, 0xc4U, 0x42U, 0x6dU, 0x0cU, + 0xe8U, 0xa8U, 0x24U, 0x07U, 0xc4U, 0xf4U, 0x82U, 0x07U, + 0x80U, 0xf8U, 0xc2U, 0x0aU, 0xa7U, 0x12U, 0x02U, 0xd1U, + 0xe2U, 0x91U, 0x79U, 0xcbU, 0xcbU, 0x55U, 0x5aU, 0x57U + ) + val message = ubyteArrayOf( + 0xabU, 0x08U, 0x12U, 0x72U, 0x4aU, 0x7fU, 0x1eU, 0x34U, + 0x27U, 0x42U, 0xcbU, 0xedU, 0x37U, 0x4dU, 0x94U, 0xd1U, + 0x36U, 0xc6U, 0xb8U, 0x79U, 0x5dU, 0x45U, 0xb3U, 0x81U, + 0x98U, 0x30U, 0xf2U, 0xc0U, 0x44U, 0x91U, 0xfaU, 0xf0U, + 0x99U, 0x0cU, 0x62U, 0xe4U, 0x8bU, 0x80U, 0x18U, 0xb2U, + 0xc3U, 0xe4U, 0xa0U, 0xfaU, 0x31U, 0x34U, 0xcbU, 0x67U, + 0xfaU, 0x83U, 0xe1U, 0x58U, 0xc9U, 0x94U, 0xd9U, 0x61U, + 0xc4U, 0xcbU, 0x21U, 0x09U, 0x5cU, 0x1bU, 0xf9U, + ) + val expected = ubyteArrayOf( + 0x51U, 0x54U, 0xadU, 0x0dU, 0x2cU, 0xb2U, 0x6eU, 0x01U, + 0x27U, 0x4fU, 0xc5U, 0x11U, 0x48U, 0x49U, 0x1fU, 0x1bU + ) + + val poly = Poly1305(key) + poly.updateMac(message.sliceArray(0 until 16)) + poly.updateMac(message.sliceArray(16 until 32)) + poly.updateMac(message.sliceArray(32 until 48)) + val result = poly.finalizeMac(message.sliceArray(48 until 63)) + expected.contentEquals(result) + } + } } \ No newline at end of file