From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sun, 24 Nov 2019 21:04:05 +0000 (+0100)
Subject: Removed legacy Chacha20 dependency from aead-incr
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=e687f5ed2c4c740c5d6c3405bca972a91082469d;p=Monocypher.git

Removed legacy Chacha20 dependency from aead-incr
---

diff --git a/src/deprecated/aead-incr.c b/src/deprecated/aead-incr.c
index 7efcf46..72e8704 100644
--- a/src/deprecated/aead-incr.c
+++ b/src/deprecated/aead-incr.c
@@ -63,6 +63,48 @@ static void store64_le(u8 out[8], u64 in)
     out[7] = (in >> 56) & 0xff;
 }
 
+////////////////////////////////////
+/// Incremental API for Chacha20 ///
+////////////////////////////////////
+static void chacha20_x_init(crypto_lock_ctx *ctx,
+                            const u8 key[32], const u8 nonce[24])
+{
+    crypto_hchacha20(ctx->key, key, nonce);
+    FOR (i, 0,  8) { ctx->nonce[i] = nonce[i + 16]; }
+    ctx->ctr = 0;
+    ctx->pool_idx = 64; // The random pool starts empty
+}
+
+static void chacha20_encrypt(crypto_lock_ctx *ctx, u8 *cipher_text,
+                             const u8 *plain_text, size_t text_size)
+{
+    FOR (i, 0, text_size) {
+        if (ctx->pool_idx == 64) {
+            crypto_chacha20_ctr(ctx->pool, 0, 64,
+                                ctx->key, ctx-> nonce, ctx->ctr);
+            ctx->pool_idx = 0;
+            ctx->ctr++;
+        }
+        u8 plain = 0;
+        if (plain_text != 0) {
+            plain = *plain_text;
+            plain_text++;
+        }
+        *cipher_text = ctx->pool[ctx->pool_idx] ^ plain;
+        ctx->pool_idx++;
+        cipher_text++;
+    }
+}
+
+static void chacha20_stream(crypto_lock_ctx *ctx, u8 *stream, size_t size)
+{
+    chacha20_encrypt(ctx, stream, 0, size);
+}
+
+
+////////////////////////////////
+/// Incremental API for AEAD ///
+////////////////////////////////
 static void lock_ad_padding(crypto_lock_ctx *ctx)
 {
     if (ctx->ad_phase) {
@@ -78,8 +120,8 @@ void crypto_lock_init(crypto_lock_ctx *ctx,
     ctx->ad_phase     = 1;
     ctx->ad_size      = 0;
     ctx->message_size = 0;
-    crypto_chacha20_x_init(&ctx->chacha, key, nonce);
-    crypto_chacha20_stream(&ctx->chacha, auth_key, 64);
+    chacha20_x_init(ctx, key, nonce);
+    chacha20_stream(ctx, auth_key, 64);
     crypto_poly1305_init  (&ctx->poly  , auth_key);
     WIPE_BUFFER(auth_key);
 }
@@ -101,7 +143,7 @@ void crypto_lock_auth_message(crypto_lock_ctx *ctx,
 void crypto_lock_update(crypto_lock_ctx *ctx, u8 *cipher_text,
                         const u8 *plain_text, size_t text_size)
 {
-    crypto_chacha20_encrypt(&ctx->chacha, cipher_text, plain_text, text_size);
+    chacha20_encrypt(ctx, cipher_text, plain_text, text_size);
     crypto_lock_auth_message(ctx, cipher_text, text_size);
 }
 
@@ -121,7 +163,7 @@ void crypto_unlock_update(crypto_lock_ctx *ctx, u8 *plain_text,
                           const u8 *cipher_text, size_t text_size)
 {
     crypto_unlock_auth_message(ctx, cipher_text, text_size);
-    crypto_chacha20_encrypt(&ctx->chacha, plain_text, cipher_text, text_size);
+    chacha20_encrypt(ctx, plain_text, cipher_text, text_size);
 }
 
 int crypto_unlock_final(crypto_lock_ctx *ctx, const u8 mac[16])
diff --git a/src/deprecated/aead-incr.h b/src/deprecated/aead-incr.h
index 3ace56c..bee9420 100644
--- a/src/deprecated/aead-incr.h
+++ b/src/deprecated/aead-incr.h
@@ -38,14 +38,18 @@
 #include <stddef.h>
 #include <inttypes.h>
 #include "monocypher.h"
-#include "deprecated/chacha20.h"
 
 typedef struct {
-    crypto_chacha_ctx   chacha;
     crypto_poly1305_ctx poly;
     uint64_t            ad_size;
     uint64_t            message_size;
     int                 ad_phase;
+    // Chacha20 context
+    uint8_t  key[32];
+    uint8_t  nonce[8];
+    uint64_t ctr;
+    uint8_t  pool[64];
+    size_t   pool_idx;
 } crypto_lock_ctx;
 #define crypto_unlock_ctx crypto_lock_ctx