commit 3e2c4b167fadac4461ce863100a3e42c819d4ffe
parent 23a0ae861f7b01b8e931160a38ed3c9ab0942a1b
Author: Armin Preiml <apreiml@strohwolke.at>
Date: Mon, 10 Jan 2022 16:20:42 +0100
implement Chacha20 and XChacha20 in crypto::chacha
Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
Signed-off-by: Drew DeVault <sir@cmpwn.com>
Diffstat:
6 files changed, 418 insertions(+), 3 deletions(-)
diff --git a/crypto/chacha/+test.ha b/crypto/chacha/+test.ha
@@ -0,0 +1,157 @@
+use bytes;
+use crypto::cipher;
+use encoding::hex;
+
+// test vector taken from rfc8439
+@test fn chacha20() void = {
+ const key: [_]u8 = [
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
+ 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d,
+ 0x1e, 0x1f,
+ ];
+ const nonce: [_]u8 = [
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00,
+ 0x00, 0x00
+ ];
+ const msg: [_]u8 = [
+ 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64,
+ 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e,
+ 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c,
+ 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+ 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, 0x6f, 0x75,
+ 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+ 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e,
+ 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65,
+ 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, 0x63, 0x72, 0x65, 0x65,
+ 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65,
+ 0x20, 0x69, 0x74, 0x2e,
+ ];
+ const cipher: [_]u8 = [
+ 0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80, 0x41, 0xba,
+ 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81, 0xe9, 0x7e, 0x7a, 0xec,
+ 0x1d, 0x43, 0x60, 0xc2, 0x0a, 0x27, 0xaf, 0xcc, 0xfd, 0x9f,
+ 0xae, 0x0b, 0xf9, 0x1b, 0x65, 0xc5, 0x52, 0x47, 0x33, 0xab,
+ 0x8f, 0x59, 0x3d, 0xab, 0xcd, 0x62, 0xb3, 0x57, 0x16, 0x39,
+ 0xd6, 0x24, 0xe6, 0x51, 0x52, 0xab, 0x8f, 0x53, 0x0c, 0x35,
+ 0x9f, 0x08, 0x61, 0xd8, 0x07, 0xca, 0x0d, 0xbf, 0x50, 0x0d,
+ 0x6a, 0x61, 0x56, 0xa3, 0x8e, 0x08, 0x8a, 0x22, 0xb6, 0x5e,
+ 0x52, 0xbc, 0x51, 0x4d, 0x16, 0xcc, 0xf8, 0x06, 0x81, 0x8c,
+ 0xe9, 0x1a, 0xb7, 0x79, 0x37, 0x36, 0x5a, 0xf9, 0x0b, 0xbf,
+ 0x74, 0xa3, 0x5b, 0xe6, 0xb4, 0x0b, 0x8e, 0xed, 0xf2, 0x78,
+ 0x5e, 0x42, 0x87, 0x4d,
+ ];
+
+ let result: [114]u8 = [0...];
+
+ let c = chacha20();
+ chacha20_init(&c, &key, &nonce);
+ setctr(&c, 1);
+ defer cipher::finish(&c);
+
+ cipher::stream_xor(&c, result, msg);
+ assert(bytes::equal(cipher, result));
+
+ result = [0...];
+ chacha20_init(&c, &key, &nonce);
+ setctr(&c, 1);
+ cipher::stream_xor(&c, result[..10], msg[..10]);
+ cipher::stream_xor(&c, result[10..63], msg[10..63]);
+ cipher::stream_xor(&c, result[63..], msg[63..]);
+ assert(bytes::equal(cipher, result));
+};
+
+
+// test vector taken from xchacha20 rfc
+@test fn xchacha20() void = {
+ const key: [_]u8 = [
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89,
+ 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93,
+ 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d,
+ 0x9e, 0x9f,
+ ];
+ const nonce: [_]u8 = [
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49,
+ 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+ 0x54, 0x55, 0x56, 0x58,
+ ];
+
+ const msg: [_]u8 = [
+ 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20,
+ 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, 0x75, 0x6e, 0x63, 0x65,
+ 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20,
+ 0x69, 0x73, 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e,
+ 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77,
+ 0x69, 0x6c, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72,
+ 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e,
+ 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, 0x20, 0x49, 0x74, 0x20,
+ 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66,
+ 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, 0x6e, 0x20,
+ 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62,
+ 0x75, 0x74, 0x20, 0x6c, 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d,
+ 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61,
+ 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67,
+ 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x2e, 0x20, 0x54, 0x68,
+ 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20,
+ 0x65, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, 0x64, 0x20,
+ 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20,
+ 0x63, 0x6c, 0x61, 0x73, 0x73, 0x69, 0x66, 0x69, 0x65, 0x64,
+ 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76,
+ 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65,
+ 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, 0x6b, 0x61, 0x6c, 0x73,
+ 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65,
+ 0x73, 0x20, 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+ 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, 0x20, 0x66,
+ 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69,
+ 0x64, 0x61, 0x65, 0x2e,
+ ];
+
+ const cipher: [_]u8 = [
+ 0x7d, 0x0a, 0x2e, 0x6b, 0x7f, 0x7c, 0x65, 0xa2, 0x36, 0x54,
+ 0x26, 0x30, 0x29, 0x4e, 0x06, 0x3b, 0x7a, 0xb9, 0xb5, 0x55,
+ 0xa5, 0xd5, 0x14, 0x9a, 0xa2, 0x1e, 0x4a, 0xe1, 0xe4, 0xfb,
+ 0xce, 0x87, 0xec, 0xc8, 0xe0, 0x8a, 0x8b, 0x5e, 0x35, 0x0a,
+ 0xbe, 0x62, 0x2b, 0x2f, 0xfa, 0x61, 0x7b, 0x20, 0x2c, 0xfa,
+ 0xd7, 0x20, 0x32, 0xa3, 0x03, 0x7e, 0x76, 0xff, 0xdc, 0xdc,
+ 0x43, 0x76, 0xee, 0x05, 0x3a, 0x19, 0x0d, 0x7e, 0x46, 0xca,
+ 0x1d, 0xe0, 0x41, 0x44, 0x85, 0x03, 0x81, 0xb9, 0xcb, 0x29,
+ 0xf0, 0x51, 0x91, 0x53, 0x86, 0xb8, 0xa7, 0x10, 0xb8, 0xac,
+ 0x4d, 0x02, 0x7b, 0x8b, 0x05, 0x0f, 0x7c, 0xba, 0x58, 0x54,
+ 0xe0, 0x28, 0xd5, 0x64, 0xe4, 0x53, 0xb8, 0xa9, 0x68, 0x82,
+ 0x41, 0x73, 0xfc, 0x16, 0x48, 0x8b, 0x89, 0x70, 0xca, 0xc8,
+ 0x28, 0xf1, 0x1a, 0xe5, 0x3c, 0xab, 0xd2, 0x01, 0x12, 0xf8,
+ 0x71, 0x07, 0xdf, 0x24, 0xee, 0x61, 0x83, 0xd2, 0x27, 0x4f,
+ 0xe4, 0xc8, 0xb1, 0x48, 0x55, 0x34, 0xef, 0x2c, 0x5f, 0xbc,
+ 0x1e, 0xc2, 0x4b, 0xfc, 0x36, 0x63, 0xef, 0xaa, 0x08, 0xbc,
+ 0x04, 0x7d, 0x29, 0xd2, 0x50, 0x43, 0x53, 0x2d, 0xb8, 0x39,
+ 0x1a, 0x8a, 0x3d, 0x77, 0x6b, 0xf4, 0x37, 0x2a, 0x69, 0x55,
+ 0x82, 0x7c, 0xcb, 0x0c, 0xdd, 0x4a, 0xf4, 0x03, 0xa7, 0xce,
+ 0x4c, 0x63, 0xd5, 0x95, 0xc7, 0x5a, 0x43, 0xe0, 0x45, 0xf0,
+ 0xcc, 0xe1, 0xf2, 0x9c, 0x8b, 0x93, 0xbd, 0x65, 0xaf, 0xc5,
+ 0x97, 0x49, 0x22, 0xf2, 0x14, 0xa4, 0x0b, 0x7c, 0x40, 0x2c,
+ 0xdb, 0x91, 0xae, 0x73, 0xc0, 0xb6, 0x36, 0x15, 0xcd, 0xad,
+ 0x04, 0x80, 0x68, 0x0f, 0x16, 0x51, 0x5a, 0x7a, 0xce, 0x9d,
+ 0x39, 0x23, 0x64, 0x64, 0x32, 0x8a, 0x37, 0x74, 0x3f, 0xfc,
+ 0x28, 0xf4, 0xdd, 0xb3, 0x24, 0xf4, 0xd0, 0xf5, 0xbb, 0xdc,
+ 0x27, 0x0c, 0x65, 0xb1, 0x74, 0x9a, 0x6e, 0xff, 0xf1, 0xfb,
+ 0xaa, 0x09, 0x53, 0x61, 0x75, 0xcc, 0xd2, 0x9f, 0xb9, 0xe6,
+ 0x05, 0x7b, 0x30, 0x73, 0x20, 0xd3, 0x16, 0x83, 0x8a, 0x9c,
+ 0x71, 0xf7, 0x0b, 0x5b, 0x59, 0x07, 0xa6, 0x6f, 0x7e, 0xa4,
+ 0x9a, 0xad, 0xc4, 0x09,
+ ];
+
+ let result: [304]u8 = [0...];
+
+ let c = chacha20();
+ xchacha20_init(&c, &key, &nonce);
+ defer cipher::finish(&c);
+ setctr(&c, 1);
+
+ cipher::stream_xor(&c, result, msg);
+ assert(bytes::equal(cipher, result));
+};
diff --git a/crypto/chacha/README b/crypto/chacha/README
@@ -0,0 +1,18 @@
+crypto::chacha provides an implementation of the Chacha20 and XChacha20 stream
+ciphers.
+
+This is a low-level module which implements cryptographic primitives. Direct
+use of cryptographic primitives is not recommended for non-experts, as
+incorrect use of these primitives can easily lead to the introduction of
+security vulnerabilities. Non-experts are advised to use the high-level
+operations available in the top-level [[crypto]] module.
+
+Use [[chacha20]] to create a stream and either [[chacha20_init]] or
+[[xchacha20_init]] to set key and nonce of the appropriate size, [[NONCESIZE]]
+for chacha20 or [[XNONCESIZE]] for XChacha20. After calling the appropriate
+init function, [[crypto::cipher::stream_xor]] may be used to encrypt blocks.
+The stream must be finished with [[crypto::cipher::finish]] to wipe sensitive
+data from memory.
+
+Writing blocks of length [[BLOCKSIZE]] is not required. However, seeking the
+key stream with [[setctr]] only operates in units of [[BLOCKSIZE]].
diff --git a/crypto/chacha/chacha20.ha b/crypto/chacha/chacha20.ha
@@ -0,0 +1,195 @@
+use bytes;
+use crypto::cipher;
+use crypto::math::{rotl32, xor};
+use endian;
+
+// Size of a Chacha key, in bytes.
+export def KEYSIZE: size = 32;
+
+// Size of the XChacha20 nonce, in bytes.
+export def XNONCESIZE: size = 24;
+
+// Size of the Chacha20 nonce, in bytes.
+export def NONCESIZE: size = 12;
+
+// The block size of the Chacha cipher in bytes.
+export def BLOCKSIZE: size = 64;
+
+def ROUNDS: size = 20;
+const magic: [4]u32 = [0x61707865, 0x3320646e, 0x79622d32, 0x6b206574];
+
+// Create a Chacha20 or XChacha20 stream. Needs to be initalized with either
+// [[chacha20_init]] or [[xchacha20_init]]. It must be finished with
+// [[crypto::cipher::finish]].
+export type stream = struct {
+ cipher::stream,
+ state: [16]u32,
+ xorbuf: [BLOCKSIZE]u8,
+ xorused: size,
+ rounds: size,
+};
+
+// Creates a ChaCha20 or XChaCha20 stream cipher. Must be initialized with
+// [[chacha20_init]] or [[xchacha20_init]] prior to use, and must be finished
+// with [[crypto::cipher::finish]] afterwards to wipe sensitive data from
+// memory.
+export fn chacha20() stream = {
+ return stream {
+ xor = &stream_xor,
+ finish = &finish,
+ xorused = BLOCKSIZE,
+ rounds = ROUNDS,
+ ...
+ };
+};
+
+// Initialize a Chacha20 stream.
+export fn chacha20_init(
+ s: *stream,
+ key: *[KEYSIZE]u8,
+ nonce: *[NONCESIZE]u8
+) void = {
+ s.state[0] = magic[0];
+ s.state[1] = magic[1];
+ s.state[2] = magic[2];
+ s.state[3] = magic[3];
+ s.state[4] = endian::legetu32(key[0..4]);
+ s.state[5] = endian::legetu32(key[4..8]);
+ s.state[6] = endian::legetu32(key[8..12]);
+ s.state[7] = endian::legetu32(key[12..16]);
+ s.state[8] = endian::legetu32(key[16..20]);
+ s.state[9] = endian::legetu32(key[20..24]);
+ s.state[10] = endian::legetu32(key[24..28]);
+ s.state[11] = endian::legetu32(key[28..32]);
+ s.state[13] = endian::legetu32(nonce[0..4]);
+ s.state[14] = endian::legetu32(nonce[4..8]);
+ s.state[15] = endian::legetu32(nonce[8..12]);
+
+ s.xorused = BLOCKSIZE;
+};
+
+// Initialise a XChacha20 stream.
+export fn xchacha20_init(
+ s: *stream,
+ key: *[KEYSIZE]u8,
+ nonce: *[XNONCESIZE]u8
+) void = {
+ let state: [16]u32 = [0...];
+
+ state[0] = magic[0];
+ state[1] = magic[1];
+ state[2] = magic[2];
+ state[3] = magic[3];
+ state[4] = endian::legetu32(key[0..4]);
+ state[5] = endian::legetu32(key[4..8]);
+ state[6] = endian::legetu32(key[8..12]);
+ state[7] = endian::legetu32(key[12..16]);
+ state[8] = endian::legetu32(key[16..20]);
+ state[9] = endian::legetu32(key[20..24]);
+ state[10] = endian::legetu32(key[24..28]);
+ state[11] = endian::legetu32(key[28..32]);
+ state[12] = endian::legetu32(nonce[0..4]);
+ state[13] = endian::legetu32(nonce[4..8]);
+ state[14] = endian::legetu32(nonce[8..12]);
+ state[15] = endian::legetu32(nonce[12..16]);
+
+ hblock(state[..], &state, s.rounds);
+
+ let dkey: [32]u8 = [0...];
+ dkey[..16] = (state: []u8: *[*]u8)[0..16];
+ dkey[16..] = (state: []u8: *[*]u8)[48..64];
+
+ let dnonce: [NONCESIZE]u8 = [0...];
+ dnonce[4..] = nonce[16..];
+
+ chacha20_init(s, &dkey, &dnonce);
+
+ bytes::zero((state: []u8: *[*]u8)[..BLOCKSIZE]);
+ bytes::zero(dkey);
+ bytes::zero(dnonce);
+};
+
+// Advances the key stream to "seek" to a future state by 'counter' times
+// [[BLOCKSIZE]].
+export fn setctr(s: *stream, counter: u32) void = {
+ s.state[12] = counter;
+};
+
+fn stream_xor(c: *cipher::stream, dest: []u8, src: []u8) void = {
+ let s = c: *stream;
+
+ for (len(dest) > 0) {
+ if (s.xorused >= BLOCKSIZE) {
+ block((s.xorbuf: []u8: *[*]u32)[..16], &s.state,
+ s.rounds);
+ // TODO on big endian systems s.xorbuf values need to
+ // be converted from little endian.
+ s.state[12] += 1;
+ s.xorused = 0;
+ };
+
+ const max = if (len(dest) > (BLOCKSIZE - s.xorused)) {
+ yield BLOCKSIZE - s.xorused;
+ } else {
+ yield len(dest);
+ };
+
+ xor(dest[..max], src[..max],
+ s.xorbuf[s.xorused..s.xorused + max]);
+ s.xorused += max;
+
+ dest = dest[max..];
+ src = src[max..];
+ };
+};
+
+fn block(dest: []u32, state: *[16]u32, rounds: size) void = {
+ hblock(dest, state, rounds);
+
+ for (let i = 0z; i < 16; i += 1) {
+ dest[i] += state[i];
+ };
+};
+
+fn hblock(dest: []u32, state: *[16]u32, rounds: size) void = {
+ for (let i = 0z; i < 16; i += 1) {
+ dest[i] = state[i];
+ };
+
+ for (let i = 0z; i < rounds; i += 2) {
+ qr(&dest[0], &dest[4], &dest[8], &dest[12]);
+ qr(&dest[1], &dest[5], &dest[9], &dest[13]);
+ qr(&dest[2], &dest[6], &dest[10], &dest[14]);
+ qr(&dest[3], &dest[7], &dest[11], &dest[15]);
+
+ qr(&dest[0], &dest[5], &dest[10], &dest[15]);
+ qr(&dest[1], &dest[6], &dest[11], &dest[12]);
+ qr(&dest[2], &dest[7], &dest[8], &dest[13]);
+ qr(&dest[3], &dest[4], &dest[9], &dest[14]);
+ };
+};
+
+
+fn qr(a: *u32, b: *u32, c: *u32, d: *u32) void = {
+ *a += *b;
+ *d ^= *a;
+ *d = rotl32(*d, 16);
+
+ *c += *d;
+ *b ^= *c;
+ *b = rotl32(*b, 12);
+
+ *a += *b;
+ *d ^= *a;
+ *d = rotl32(*d, 8);
+
+ *c += *d;
+ *b ^= *c;
+ *b = rotl32(*b, 7);
+};
+
+fn finish(c: *cipher::stream) void = {
+ let s = c: *stream;
+ bytes::zero((s.state[..]: *[*]u8)[..BLOCKSIZE]);
+ bytes::zero(s.xorbuf);
+};
diff --git a/crypto/salsa/salsa20.ha b/crypto/salsa/salsa20.ha
@@ -27,9 +27,9 @@ export type stream = struct {
rounds: size,
};
-// Create a Salsa20 or XSalsa20 stream. Needs to be initalized with either
-// [[salsa20_init]] or [[xsalsa20_init]]. It must be finished with
-// [[crypto::cipher::finish]].
+// Create a Salsa20 or XSalsa20 stream. Must be initalized with either
+// [[salsa20_init]] or [[xsalsa20_init]], and must be finished with
+// [[crypto::cipher::finish]] afterwards to wipe sensitive data from memory.
export fn salsa20() stream = {
return stream {
xor = &stream_xor,
diff --git a/scripts/gen-stdlib b/scripts/gen-stdlib
@@ -240,6 +240,17 @@ crypto_blake2b() {
fi
}
+crypto_chacha() {
+ if [ $testing -eq 0 ]
+ then
+ gen_srcs crypto::chacha chacha20.ha
+ gen_ssa crypto::chacha bytes crypto::cipher crypto::math endian
+ else
+ gen_srcs crypto::chacha chacha20.ha +test.ha
+ gen_ssa crypto::chacha bytes crypto::cipher crypto::math endian
+ fi
+}
+
crypto_cipher() {
gen_srcs crypto::cipher \
cipher.ha \
@@ -1125,6 +1136,7 @@ crypto
crypto::aes
crypto::argon2
crypto::blake2b
+crypto::chacha
crypto::cipher
crypto::hmac
crypto::mac
diff --git a/stdlib.mk b/stdlib.mk
@@ -168,6 +168,12 @@ stdlib_deps_any+=$(stdlib_crypto_blake2b_any)
stdlib_crypto_blake2b_linux=$(stdlib_crypto_blake2b_any)
stdlib_crypto_blake2b_freebsd=$(stdlib_crypto_blake2b_any)
+# gen_lib crypto::chacha (any)
+stdlib_crypto_chacha_any=$(HARECACHE)/crypto/chacha/crypto_chacha-any.o
+stdlib_deps_any+=$(stdlib_crypto_chacha_any)
+stdlib_crypto_chacha_linux=$(stdlib_crypto_chacha_any)
+stdlib_crypto_chacha_freebsd=$(stdlib_crypto_chacha_any)
+
# gen_lib crypto::cipher (any)
stdlib_crypto_cipher_any=$(HARECACHE)/crypto/cipher/crypto_cipher-any.o
stdlib_deps_any+=$(stdlib_crypto_cipher_any)
@@ -712,6 +718,16 @@ $(HARECACHE)/crypto/blake2b/crypto_blake2b-any.ssa: $(stdlib_crypto_blake2b_any_
@HARECACHE=$(HARECACHE) $(HAREC) $(HAREFLAGS) -o $@ -Ncrypto::blake2b \
-t$(HARECACHE)/crypto/blake2b/crypto_blake2b.td $(stdlib_crypto_blake2b_any_srcs)
+# crypto::chacha (+any)
+stdlib_crypto_chacha_any_srcs= \
+ $(STDLIB)/crypto/chacha/chacha20.ha
+
+$(HARECACHE)/crypto/chacha/crypto_chacha-any.ssa: $(stdlib_crypto_chacha_any_srcs) $(stdlib_rt) $(stdlib_bytes_$(PLATFORM)) $(stdlib_crypto_cipher_$(PLATFORM)) $(stdlib_crypto_math_$(PLATFORM)) $(stdlib_endian_$(PLATFORM))
+ @printf 'HAREC \t$@\n'
+ @mkdir -p $(HARECACHE)/crypto/chacha
+ @HARECACHE=$(HARECACHE) $(HAREC) $(HAREFLAGS) -o $@ -Ncrypto::chacha \
+ -t$(HARECACHE)/crypto/chacha/crypto_chacha.td $(stdlib_crypto_chacha_any_srcs)
+
# crypto::cipher (+any)
stdlib_crypto_cipher_any_srcs= \
$(STDLIB)/crypto/cipher/cipher.ha \
@@ -1935,6 +1951,12 @@ testlib_deps_any+=$(testlib_crypto_blake2b_any)
testlib_crypto_blake2b_linux=$(testlib_crypto_blake2b_any)
testlib_crypto_blake2b_freebsd=$(testlib_crypto_blake2b_any)
+# gen_lib crypto::chacha (any)
+testlib_crypto_chacha_any=$(TESTCACHE)/crypto/chacha/crypto_chacha-any.o
+testlib_deps_any+=$(testlib_crypto_chacha_any)
+testlib_crypto_chacha_linux=$(testlib_crypto_chacha_any)
+testlib_crypto_chacha_freebsd=$(testlib_crypto_chacha_any)
+
# gen_lib crypto::cipher (any)
testlib_crypto_cipher_any=$(TESTCACHE)/crypto/cipher/crypto_cipher-any.o
testlib_deps_any+=$(testlib_crypto_cipher_any)
@@ -2486,6 +2508,17 @@ $(TESTCACHE)/crypto/blake2b/crypto_blake2b-any.ssa: $(testlib_crypto_blake2b_any
@HARECACHE=$(TESTCACHE) $(HAREC) $(TESTHAREFLAGS) -o $@ -Ncrypto::blake2b \
-t$(TESTCACHE)/crypto/blake2b/crypto_blake2b.td $(testlib_crypto_blake2b_any_srcs)
+# crypto::chacha (+any)
+testlib_crypto_chacha_any_srcs= \
+ $(STDLIB)/crypto/chacha/chacha20.ha \
+ $(STDLIB)/crypto/chacha/+test.ha
+
+$(TESTCACHE)/crypto/chacha/crypto_chacha-any.ssa: $(testlib_crypto_chacha_any_srcs) $(testlib_rt) $(testlib_bytes_$(PLATFORM)) $(testlib_crypto_cipher_$(PLATFORM)) $(testlib_crypto_math_$(PLATFORM)) $(testlib_endian_$(PLATFORM))
+ @printf 'HAREC \t$@\n'
+ @mkdir -p $(TESTCACHE)/crypto/chacha
+ @HARECACHE=$(TESTCACHE) $(HAREC) $(TESTHAREFLAGS) -o $@ -Ncrypto::chacha \
+ -t$(TESTCACHE)/crypto/chacha/crypto_chacha.td $(testlib_crypto_chacha_any_srcs)
+
# crypto::cipher (+any)
testlib_crypto_cipher_any_srcs= \
$(STDLIB)/crypto/cipher/cipher.ha \
