Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove semi-internal chacha20_keystrem_block()

Browse source 
It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
This commit is contained in:
Manuel Pégourié-Gonnard 2018-05-07 12:18:34 +02:00
parent 502f189253
commit 56206c4db1
3 changed files with 6 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

8
library/chachapoly.c
View file

@ -143,15 +143,19 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
}
result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 1U );
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
if ( result != 0 )
goto cleanup;
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
* This is the same as encrypting a buffer of zeroes.
* Only the first 256-bits (32 bytes) of the key is used for Poly1305.
* The other 256 bits are discarded.
*/
result = mbedtls_chacha20_keystream_block( &ctx->chacha20_ctx, 0U, poly1305_key );
memset( poly1305_key, 0, sizeof( poly1305_key ) );
result = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
poly1305_key, poly1305_key );
if ( result != 0 )
goto cleanup;