YoungBlood/libsodium_wasm_experimental
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added updateablePoly1305

Browse Source
This commit is contained in:
Ugljesa Jovanovic 2020-06-21 20:54:15 +02:00 committed by Ugljesa Jovanovic
parent 6fae2fd061
commit d55f67dd59
No known key found for this signature in database
GPG Key ID: 178E6DFCECCB0E0F
8 changed files with 196 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/authenticated/XChaCha20Poly1305Pure.kt
View File

@ -15,10 +15,10 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray,
companion object {
fun encrypt(key: UByteArray, nonce: UByteArray, message: UByteArray, additionalData: UByteArray) : UByteArray {
val oneTimeKey = XChaCha20Pure.hChacha(key, nonce)
val subKey = XChaCha20Pure.hChacha(key, nonce)
val authKey =
ChaCha20Pure.encrypt(
oneTimeKey.toLittleEndianUByteArray(),
subKey.toLittleEndianUByteArray(),
ubyteArrayOf(0U, 0U, 0U, 0U) + nonce.sliceArray(16 until 24),
UByteArray(64) { 0U },
0U // If this is moved as a default parameter in encrypt, and not here (in 1.4-M2)
@ -26,10 +26,6 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray,
// at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer$visitConst$1$3.invoke(ConstLowering.kt:28)
// at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer.lowerConst(ConstLowering.kt:38)
)
println("Poly sub-key:")
oneTimeKey.hexColumsPrint()
println("Poly key:")
authKey.hexColumsPrint()
val cipherText = XChaCha20Pure.encrypt(key, nonce, message, 1U)
val additionalDataPad = UByteArray(16 - additionalData.size % 16) { 0U }
val cipherTextPad = UByteArray(16 - cipherText.size % 16) { 0U }
@ -37,21 +33,51 @@ internal class XChaCha20Poly1305Pure(val key: UByteArray, val nonce: UByteArray,
cipherText + cipherTextPad +
additionalData.size.toULong().toLittleEndianUByteArray() +
cipherText.size.toULong().toLittleEndianUByteArray()
oneTimeKey.toLittleEndianUByteArray().hexColumsPrint()
val tag = Poly1305.poly1305Authenticate(authKey, macData)
return cipherText + tag
}
}
// val encryption = XChaCha20Pure(key, nonce, initialCounter = 0U) {
//
// }
//
//
// fun encryptPartialData(data: UByteArray) : UByteArray {
//
// }
//
val updateableEncryptionPrimitive = XChaCha20Pure(key, nonce, initialCounter = 0U)
val updateableMacPrimitive : Poly1305
val polyBuffer = UByteArray(16)
var polyBufferByteCounter = 0
init {
val subKey = XChaCha20Pure.hChacha(key, nonce)
val authKey =
ChaCha20Pure.encrypt(
subKey.toLittleEndianUByteArray(),
ubyteArrayOf(0U, 0U, 0U, 0U) + nonce.sliceArray(16 until 24),
UByteArray(64) { 0U },
0U // If this is moved as a default parameter in encrypt, and not here (in 1.4-M2)
// js compiler dies with: e: java.lang.NullPointerException
// at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer$visitConst$1$3.invoke(ConstLowering.kt:28)
// at org.jetbrains.kotlin.ir.backend.js.lower.ConstTransformer.lowerConst(ConstLowering.kt:38)
)
updateableMacPrimitive = Poly1305(authKey)
}
fun encryptPartialData(data: UByteArray) : UByteArray {
if (polyBufferByteCounter == 0) {
val polyBlocks = data.size / 16
val polyRemainder = data.size % 16
for (i in 0 until polyBlocks) {
updateableMacPrimitive.updateMac(data.sliceArray(i * 16 until i * 16 + 16))
}
if (polyRemainder != 0) {
for (i in 0 until polyRemainder) {
polyBuffer[i] = data[data.size - polyRemainder + i]
}
}
} else {
}
return updateableEncryptionPrimitive.encryptPartialData(data)
}
// fun finish() : UByteArray {
//
// }

52
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305.kt
View File

@ -9,17 +9,19 @@ import com.ionspin.kotlin.crypto.util.hexColumsPrint
* ugljesa.jovanovic@ionspin.com
* on 18-Jun-2020
*/
class Poly1305 {
class Poly1305(key: UByteArray) {
companion object {
fun clampR(r: UByteArray) {
r[3] = r[3] and 0b00001111U
r[7] = r[7] and 0b00001111U
r[11] = r[11] and 0b00001111U
r[15] = r[15] and 0b00001111U
fun clampR(r: UByteArray) : UByteArray {
val clamped = UByteArray(16) { r[it] }
clamped[3] = r[3] and 0b00001111U
clamped[7] = r[7] and 0b00001111U
clamped[11] = r[11] and 0b00001111U
clamped[15] = r[15] and 0b00001111U
r[4] = r[4] and 0b11111100U
r[8] = r[8] and 0b11111100U
r[12] = r[12] and 0b11111100U
clamped[4] = r[4] and 0b11111100U
clamped[8] = r[8] and 0b11111100U
clamped[12] = r[12] and 0b11111100U
return clamped
}
@ -36,11 +38,11 @@ class Poly1305 {
val twoToThe128 = BigInteger.ONE.shl(128)
fun poly1305Authenticate(key: UByteArray, message: UByteArray) : UByteArray {
val r = UByteArray(16) { key[it] }
val r = clampR(UByteArray(16) { key[it] })
val s= UByteArray(16) { key[it + 16]}
clampR(r)
var accumulator = BigInteger.ZERO
val rAsBigInt = BigInteger.fromUByteArray(r, Endianness.LITTLE)
val rAsBigInt = BigInteger.fromUByteArray(r, Endianness.LITTLE) //TODO update BigInt to make this eraseable
val sAsBigInt = BigInteger.fromUByteArray(s, Endianness.LITTLE)
val blocks = message.size / 16
val remainder = message.size % 16
@ -70,4 +72,30 @@ class Poly1305 {
}
}
var rAsBigInt = BigInteger.fromUByteArray(clampR(key.sliceArray(0 until 16)), Endianness.LITTLE)
var sAsBigInt = BigInteger.fromUByteArray(key.sliceArray(16 until 32), Endianness.LITTLE)
var accumulator = BigInteger.ZERO
fun updateMac(data : UByteArray) {
data.hexColumsPrint()
val blockAsInt = BigInteger.fromUByteArray(data, Endianness.LITTLE) + powersOfTwo[128]
accumulator += blockAsInt
accumulator *= rAsBigInt
accumulator %= P
}
fun finalizeMac(data: UByteArray) : UByteArray{
if (data.size != 0) {
data.hexColumsPrint()
val blockAsInt = BigInteger.fromUByteArray(data, Endianness.LITTLE) + powersOfTwo[data.size * 8]
accumulator += blockAsInt
accumulator *= rAsBigInt
accumulator %= P
}
accumulator += sAsBigInt
accumulator = accumulator and resultMask
val result = accumulator.toUByteArray(Endianness.BIG)
result.reverse()
return result
}
}

1
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/ChaCha20Pure.kt
View File

@ -92,6 +92,7 @@ internal class ChaCha20Pure {
message, blocks * 64,
ciphertext, blocks * 64
)
state.overwriteWithZeroes()
return ciphertext
}
}

2
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/Salsa20Pure.kt
View File

@ -110,7 +110,7 @@ internal class Salsa20Pure {
0, remainder,
message, blocks * 64,
ciphertext, blocks * 64)
state.overwriteWithZeroes()
return ciphertext
}

2
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XChaCha20Pure.kt
View File

@ -95,6 +95,7 @@ class XChaCha20Pure(key: UByteArray, nonce: UByteArray, initialCounter: UInt = 0
message, blocks * 64,
ciphertext, blocks * 64
)
state.overwriteWithZeroes()
return ciphertext
}
@ -172,6 +173,7 @@ class XChaCha20Pure(key: UByteArray, nonce: UByteArray, initialCounter: UInt = 0
)
keystreamRemainingCounter = 64 - remainingBytes
processedBytesSoFar += data.size
state.overwriteWithZeroes()
return ciphertext
}

4
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/symmetric/XSalsa20Pure.kt
View File

@ -2,6 +2,7 @@ package com.ionspin.kotlin.crypto.symmetric
import com.ionspin.kotlin.crypto.util.fromLittleEndianArrayToUInt
import com.ionspin.kotlin.crypto.util.fromLittleEndianArrayToUIntWithPosition
import com.ionspin.kotlin.crypto.util.overwriteWithZeroes
import com.ionspin.kotlin.crypto.util.xorWithPositionsAndInsertIntoArray
/**
@ -80,6 +81,7 @@ internal class XSalsa20Pure {
else -> 0U
}
}
hSalsaKey.overwriteWithZeroes()
val blocks = message.size / 64
val remainder = message.size % 64
for (i in 0 until blocks) {
@ -94,7 +96,7 @@ internal class XSalsa20Pure {
0, remainder,
message, blocks * 64,
ciphertext, blocks * 64)
state.overwriteWithZeroes()
return ciphertext
}

5
multiplatform-crypto/src/commonMain/kotlin/com/ionspin/kotlin/crypto/util/Util.kt
View File

@ -344,6 +344,11 @@ fun Array<UByte>.fromBigEndianArrayToUInt() : UInt {
operator fun UInt.plus(other : UByteArray) : UByteArray {
return this.toLittleEndianUByteArray() + other
}
fun UByteArray.overwriteWithZeroes() {
for (i in 0 until size) {
this[i] = 0U
}
}
fun UIntArray.overwriteWithZeroes() {
for (i in 0 until size) {

101
multiplatform-crypto/src/commonTest/kotlin/com/ionspin/kotlin/crypto/mac/Poly1305Test.kt
View File

@ -120,4 +120,105 @@ class Poly1305Test {
expected.contentEquals(result)
}
}
@Test
fun testUpdateablePoly1305() {
assertTrue {
val key = ubyteArrayOf(
0x85U, 0xd6U, 0xbeU, 0x78U, 0x57U, 0x55U, 0x6dU,
0x33U, 0x7fU, 0x44U, 0x52U, 0xfeU, 0x42U, 0xd5U,
0x06U, 0xa8U, 0x01U, 0x03U, 0x80U, 0x8aU, 0xfbU,
0x0dU, 0xb2U, 0xfdU, 0x4aU, 0xbfU, 0xf6U, 0xafU,
0x41U, 0x49U, 0xf5U, 0x1bU
)
val message = ubyteArrayOf(
0x43U, 0x72U, 0x79U, 0x70U, 0x74U, 0x6fU, 0x67U, 0x72U,
0x61U, 0x70U, 0x68U, 0x69U, 0x63U, 0x20U, 0x46U, 0x6fU,
0x72U, 0x75U, 0x6dU, 0x20U, 0x52U, 0x65U, 0x73U, 0x65U,
0x61U, 0x72U, 0x63U, 0x68U, 0x20U, 0x47U, 0x72U, 0x6fU,
0x75U, 0x70U
)
val expected = ubyteArrayOf(
0xA8U, 0x06U, 0x1DU, 0xC1U,
0x30U, 0x51U, 0x36U, 0xC6U,
0xC2U, 0x2BU, 0x8BU, 0xAFU,
0x0CU, 0x01U, 0x27U, 0xA9U,
)
val poly = Poly1305(key)
poly.updateMac(message.sliceArray(0 until 16))
poly.updateMac(message.sliceArray(16 until 32))
val result = poly.finalizeMac(message.sliceArray(32 until 34))
expected.contentEquals(result)
}
assertTrue {
val key = ubyteArrayOf(
0x85U, 0x1fU, 0xc4U, 0x0cU, 0x34U, 0x67U, 0xacU, 0x0bU,
0xe0U, 0x5cU, 0xc2U, 0x04U, 0x04U, 0xf3U, 0xf7U, 0x00U,
0x58U, 0x0bU, 0x3bU, 0x0fU, 0x94U, 0x47U, 0xbbU, 0x1eU,
0x69U, 0xd0U, 0x95U, 0xb5U, 0x92U, 0x8bU, 0x6dU, 0xbcU
)
val message = ubyteArrayOf(
0xf3U, 0xf6U
)
val expected = ubyteArrayOf(
0xf4U, 0xc6U, 0x33U, 0xc3U, 0x04U, 0x4fU, 0xc1U, 0x45U,
0xf8U, 0x4fU, 0x33U, 0x5cU, 0xb8U, 0x19U, 0x53U, 0xdeU
)
val poly = Poly1305(key)
val result = poly.finalizeMac(message)
expected.contentEquals(result)
}
assertTrue {
val key = ubyteArrayOf(
0x75U, 0xdeU, 0xaaU, 0x25U, 0xc0U, 0x9fU, 0x20U, 0x8eU,
0x1dU, 0xc4U, 0xceU, 0x6bU, 0x5cU, 0xadU, 0x3fU, 0xbfU,
0xddU, 0x3fU, 0xabU, 0x22U, 0x51U, 0xf1U, 0x1aU, 0xc7U,
0x59U, 0xf0U, 0x88U, 0x71U, 0x29U, 0xccU, 0x2eU, 0xe7U,
)
val message = ubyteArrayOf(
)
val expected = ubyteArrayOf(
0xddU, 0x3fU, 0xabU, 0x22U, 0x51U, 0xf1U, 0x1aU, 0xc7U,
0x59U, 0xf0U, 0x88U, 0x71U, 0x29U, 0xccU, 0x2eU, 0xe7U
)
val poly = Poly1305(key)
val result = poly.finalizeMac(message)
expected.contentEquals(result)
}
assertTrue {
val key = ubyteArrayOf(
0x12U, 0x97U, 0x6aU, 0x08U, 0xc4U, 0x42U, 0x6dU, 0x0cU,
0xe8U, 0xa8U, 0x24U, 0x07U, 0xc4U, 0xf4U, 0x82U, 0x07U,
0x80U, 0xf8U, 0xc2U, 0x0aU, 0xa7U, 0x12U, 0x02U, 0xd1U,
0xe2U, 0x91U, 0x79U, 0xcbU, 0xcbU, 0x55U, 0x5aU, 0x57U
)
val message = ubyteArrayOf(
0xabU, 0x08U, 0x12U, 0x72U, 0x4aU, 0x7fU, 0x1eU, 0x34U,
0x27U, 0x42U, 0xcbU, 0xedU, 0x37U, 0x4dU, 0x94U, 0xd1U,
0x36U, 0xc6U, 0xb8U, 0x79U, 0x5dU, 0x45U, 0xb3U, 0x81U,
0x98U, 0x30U, 0xf2U, 0xc0U, 0x44U, 0x91U, 0xfaU, 0xf0U,
0x99U, 0x0cU, 0x62U, 0xe4U, 0x8bU, 0x80U, 0x18U, 0xb2U,
0xc3U, 0xe4U, 0xa0U, 0xfaU, 0x31U, 0x34U, 0xcbU, 0x67U,
0xfaU, 0x83U, 0xe1U, 0x58U, 0xc9U, 0x94U, 0xd9U, 0x61U,
0xc4U, 0xcbU, 0x21U, 0x09U, 0x5cU, 0x1bU, 0xf9U,
)
val expected = ubyteArrayOf(
0x51U, 0x54U, 0xadU, 0x0dU, 0x2cU, 0xb2U, 0x6eU, 0x01U,
0x27U, 0x4fU, 0xc5U, 0x11U, 0x48U, 0x49U, 0x1fU, 0x1bU
)
val poly = Poly1305(key)
poly.updateMac(message.sliceArray(0 until 16))
poly.updateMac(message.sliceArray(16 until 32))
poly.updateMac(message.sliceArray(32 until 48))
val result = poly.finalizeMac(message.sliceArray(48 until 63))
expected.contentEquals(result)
}
}
}