hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE
commit bacc502677d827810a4518078214d759fe1dbdfd
parent df6844010948a5a9e18096615a4b3b8ed3ac4fbc
Author: Armin Preiml <apreiml@strohwolke.at>
Date:   Tue, 23 May 2023 16:30:55 +0200

crypto: refactor authenc to use crypto::chachapoly

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>

Diffstat:

Mcrypto/authenc.ha | 100++++++++++++-------------------------------------------------------------------


Mscripts/gen-stdlib | 6++----


Mstdlib.mk | 10++++++----


3 files changed, 23 insertions(+), 93 deletions(-)

diff --git a/crypto/authenc.ha b/crypto/authenc.ha
@@ -1,14 +1,10 @@
 // License: MPL-2.0
-// (c) 2022 Armin Preiml <apreiml@strohwolke.at>
-// (c) 2022 Drew DeVault <sir@cmpwn.com>
+// (c) 2023 Armin Preiml <apreiml@strohwolke.at>
+// (c) 2023 Drew DeVault <sir@cmpwn.com>
 use bytes;
 use bufio;
-use crypto::chacha;
-use crypto::cipher;
-use crypto::poly1305;
-use crypto::mac;
+use crypto::chachapoly;
 use crypto::math;
-use endian;
 use errors;
 use io;
 
@@ -80,69 +76,17 @@ export fn encrypt(
 	plaintext: []u8,
 	additional: []u8...,
 ) box = {
-	let s = chacha::chacha20();
+	let s = chachapoly::chachapoly();
 	defer io::close(&s)!;
 
-	let otk: poly1305::key = [0...];
-	defer bytes::zero(otk);
-
-	let otkbuf = bufio::fixed(otk, io::mode::WRITE);
-	chacha::xchacha20_init(&s, &otkbuf, key, nonce);
-	io::writeall(&s, otk[..])!;
-
-	let ciphertext = plaintext;
-	let cipherbuf = bufio::fixed(ciphertext, io::mode::WRITE);
-
-	chacha::xchacha20_init(&s, &cipherbuf, key, nonce);
-	chacha::setctr(&s, 1);
+	let h = bufio::fixed(plaintext, io::mode::WRITE);
+	chachapoly::xinit(&s, &h, key, nonce, additional...);
 	io::writeall(&s, plaintext)!;
-
 	let m: mac = [0...];
-	writemac(&m, &otk, ciphertext, additional...);
-	return (m, *nonce, ciphertext);
+	chachapoly::seal(&s, m);
+	return (m, *nonce, bufio::buffer(&h));
 };
 
-fn writemac(
-	m: *mac,
-	otk: *poly1305::key,
-	ciphertext: []u8,
-	additional: []u8...,
-) void = {
-	let poly = poly1305::poly1305();
-	poly1305::init(&poly, otk);
-	defer mac::finish(&poly);
-
-	let adlen: size = 0;
-	for (let i = 0z; i < len(additional); i += 1) {
-		adlen += len(additional[i]);
-		mac::write(&poly, additional[i]);
-	};
-	polypad(&poly, adlen);
-
-	mac::write(&poly, ciphertext);
-	polypad(&poly, len(ciphertext));
-
-	let nbuf: [8]u8 = [0...];
-	endian::leputu64(nbuf, adlen: u32);
-	mac::write(&poly, nbuf);
-
-	endian::leputu64(nbuf, len(ciphertext): u32);
-	mac::write(&poly, nbuf);
-
-	mac::sum(&poly, m[..]);
-};
-
-fn polypad(p: *poly1305::state, n: size) void = {
-	if (n % poly1305::BLOCKSIZE == 0) {
-		return;
-	};
-
-	const pad: [poly1305::BLOCKSIZE]u8 = [0...];
-	const padlen = poly1305::BLOCKSIZE - (n % poly1305::BLOCKSIZE);
-	mac::write(p, pad[..padlen]);
-};
-
-
 // Authenticates and decrypts a message encrypted with [[encrypt]]. If the
 // decryption is successful, the plaintext slice is returned, and if not,
 // [[errors::invalid]] is returned.
@@ -163,34 +107,20 @@ export fn decrypt(
 	box: *box,
 	additional: []u8...
 ) ([]u8 | errors::invalid) = {
-	let s = chacha::chacha20();
+	let s = chachapoly::chachapoly();
 	defer io::close(&s)!;
 
-	let otk: poly1305::key = [0...];
-	defer bytes::zero(otk);
-
-	let otkbuf = bufio::fixed(otk, io::mode::WRITE);
-	chacha::xchacha20_init(&s, &otkbuf, key, &box.1);
-	io::writeall(&s, otk)!;
-
 	let ciphertext = box.2;
-
-	let m: mac = [0...];
-	writemac(&m, &otk, ciphertext, additional...);
-
-	if (!compare(m, box.0)) {
-		bytes::zero(ciphertext);
-		return errors::invalid;
-	};
+	let h = bufio::fixed(ciphertext, io::mode::READ);
+	chachapoly::xinit(&s, &h, key, box.1, additional...);
 
 	let plaintext = ciphertext;
-	let cipherbuf = bufio::fixed(ciphertext, io::mode::READ);
-
-	chacha::xchacha20_init(&s, &cipherbuf, key, &box.1);
-	chacha::setctr(&s, 1);
-
 	io::readall(&s, plaintext)!;
 
+	if (chachapoly::verify(&s, box.0) is errors::invalid) {
+		bytes::zero(plaintext);
+		return errors::invalid;
+	};
 	return plaintext;
 };
 
diff --git a/scripts/gen-stdlib b/scripts/gen-stdlib
@@ -200,16 +200,14 @@ crypto() {
 		gen_srcs crypto \
 			authenc.ha \
 			keyderiv.ha
-		gen_ssa crypto bufio bytes crypto::argon2 crypto::chacha \
-			crypto::cihper crypto::poly1305 crypto::mac \
+		gen_ssa crypto bufio bytes crypto::argon2 crypto::chachapoly \
 			crypto::math endian errors io
 	else
 		gen_srcs crypto \
 			authenc.ha \
 			keyderiv.ha \
 			+test/authenc_test.ha
-		gen_ssa crypto bytes bufio crypto::argon2 crypto::chacha \
-			crypto::cihper crypto::poly1305 crypto::mac \
+		gen_ssa crypto bufio bytes crypto::argon2 crypto::chachapoly \
 			crypto::math endian errors io
 	fi
 }
diff --git a/stdlib.mk b/stdlib.mk
@@ -219,6 +219,7 @@ stdlib_crypto_chacha_freebsd = $(stdlib_crypto_chacha_any)
 
 # gen_lib crypto::chachapoly (any)
 stdlib_crypto_chachapoly_any = $(HARECACHE)/crypto/chachapoly/crypto_chachapoly-any.o
+stdlib_env += HARE_TD_crypto::chachapoly=$(HARECACHE)/crypto/chachapoly/crypto_chachapoly.td
 stdlib_deps_any += $(stdlib_crypto_chachapoly_any)
 stdlib_crypto_chachapoly_linux = $(stdlib_crypto_chachapoly_any)
 stdlib_crypto_chachapoly_freebsd = $(stdlib_crypto_chachapoly_any)
@@ -937,7 +938,7 @@ stdlib_crypto_any_srcs = \
 	$(STDLIB)/crypto/authenc.ha \
 	$(STDLIB)/crypto/keyderiv.ha
 
-$(HARECACHE)/crypto/crypto-any.ssa: $(stdlib_crypto_any_srcs) $(stdlib_rt) $(stdlib_bufio_$(PLATFORM)) $(stdlib_bytes_$(PLATFORM)) $(stdlib_crypto_argon2_$(PLATFORM)) $(stdlib_crypto_chacha_$(PLATFORM)) $(stdlib_crypto_cihper_$(PLATFORM)) $(stdlib_crypto_poly1305_$(PLATFORM)) $(stdlib_crypto_mac_$(PLATFORM)) $(stdlib_crypto_math_$(PLATFORM)) $(stdlib_endian_$(PLATFORM)) $(stdlib_errors_$(PLATFORM)) $(stdlib_io_$(PLATFORM))
+$(HARECACHE)/crypto/crypto-any.ssa: $(stdlib_crypto_any_srcs) $(stdlib_rt) $(stdlib_bufio_$(PLATFORM)) $(stdlib_bytes_$(PLATFORM)) $(stdlib_crypto_argon2_$(PLATFORM)) $(stdlib_crypto_chachapoly_$(PLATFORM)) $(stdlib_crypto_math_$(PLATFORM)) $(stdlib_endian_$(PLATFORM)) $(stdlib_errors_$(PLATFORM)) $(stdlib_io_$(PLATFORM))
 	@printf 'HAREC \t$@\n'
 	@mkdir -p $(HARECACHE)/crypto
 	@$(stdlib_env) $(HAREC) $(HAREFLAGS) -o $@ -Ncrypto \
@@ -1038,7 +1039,7 @@ stdlib_crypto_chachapoly_any_srcs = \
 $(HARECACHE)/crypto/chachapoly/crypto_chachapoly-any.ssa: $(stdlib_crypto_chachapoly_any_srcs) $(stdlib_rt) $(stdlib_bufio_$(PLATFORM)) $(stdlib_bytes_$(PLATFORM)) $(stdlib_crypto_chacha_$(PLATFORM)) $(stdlib_crypto_mac_$(PLATFORM)) $(stdlib_crypto_math_$(PLATFORM)) $(stdlib_crypto_poly1305_$(PLATFORM)) $(stdlib_endian_$(PLATFORM)) $(stdlib_errors_$(PLATFORM)) $(stdlib_io_$(PLATFORM)) $(stdlib_types_$(PLATFORM))
 	@printf 'HAREC \t$@\n'
 	@mkdir -p $(HARECACHE)/crypto/chachapoly
-	@HARECACHE=$(HARECACHE) $(HAREC) $(HAREFLAGS) -o $@ -Ncrypto::chachapoly \
+	@$(stdlib_env) $(HAREC) $(HAREFLAGS) -o $@ -Ncrypto::chachapoly \
 		-t$(HARECACHE)/crypto/chachapoly/crypto_chachapoly.td $(stdlib_crypto_chachapoly_any_srcs)
 
 # crypto::cipher (+any)
@@ -2626,6 +2627,7 @@ testlib_crypto_chacha_freebsd = $(testlib_crypto_chacha_any)
 
 # gen_lib crypto::chachapoly (any)
 testlib_crypto_chachapoly_any = $(TESTCACHE)/crypto/chachapoly/crypto_chachapoly-any.o
+testlib_env += HARE_TD_crypto::chachapoly=$(TESTCACHE)/crypto/chachapoly/crypto_chachapoly.td
 testlib_deps_any += $(testlib_crypto_chachapoly_any)
 testlib_crypto_chachapoly_linux = $(testlib_crypto_chachapoly_any)
 testlib_crypto_chachapoly_freebsd = $(testlib_crypto_chachapoly_any)
@@ -3345,7 +3347,7 @@ testlib_crypto_any_srcs = \
 	$(STDLIB)/crypto/keyderiv.ha \
 	$(STDLIB)/crypto/+test/authenc_test.ha
 
-$(TESTCACHE)/crypto/crypto-any.ssa: $(testlib_crypto_any_srcs) $(testlib_rt) $(testlib_bytes_$(PLATFORM)) $(testlib_bufio_$(PLATFORM)) $(testlib_crypto_argon2_$(PLATFORM)) $(testlib_crypto_chacha_$(PLATFORM)) $(testlib_crypto_cihper_$(PLATFORM)) $(testlib_crypto_poly1305_$(PLATFORM)) $(testlib_crypto_mac_$(PLATFORM)) $(testlib_crypto_math_$(PLATFORM)) $(testlib_endian_$(PLATFORM)) $(testlib_errors_$(PLATFORM)) $(testlib_io_$(PLATFORM))
+$(TESTCACHE)/crypto/crypto-any.ssa: $(testlib_crypto_any_srcs) $(testlib_rt) $(testlib_bufio_$(PLATFORM)) $(testlib_bytes_$(PLATFORM)) $(testlib_crypto_argon2_$(PLATFORM)) $(testlib_crypto_chachapoly_$(PLATFORM)) $(testlib_crypto_math_$(PLATFORM)) $(testlib_endian_$(PLATFORM)) $(testlib_errors_$(PLATFORM)) $(testlib_io_$(PLATFORM))
 	@printf 'HAREC \t$@\n'
 	@mkdir -p $(TESTCACHE)/crypto
 	@$(testlib_env) $(HAREC) $(TESTHAREFLAGS) -o $@ -Ncrypto \
@@ -3463,7 +3465,7 @@ testlib_crypto_chachapoly_any_srcs = \
 $(TESTCACHE)/crypto/chachapoly/crypto_chachapoly-any.ssa: $(testlib_crypto_chachapoly_any_srcs) $(testlib_rt) $(testlib_bufio_$(PLATFORM)) $(testlib_bytes_$(PLATFORM)) $(testlib_crypto_chacha_$(PLATFORM)) $(testlib_crypto_mac_$(PLATFORM)) $(testlib_crypto_math_$(PLATFORM)) $(testlib_crypto_poly1305_$(PLATFORM)) $(testlib_endian_$(PLATFORM)) $(testlib_errors_$(PLATFORM)) $(testlib_io_$(PLATFORM)) $(testlib_types_$(PLATFORM))
 	@printf 'HAREC \t$@\n'
 	@mkdir -p $(TESTCACHE)/crypto/chachapoly
-	@HARECACHE=$(TESTCACHE) $(HAREC) $(TESTHAREFLAGS) -o $@ -Ncrypto::chachapoly \
+	@$(testlib_env) $(HAREC) $(TESTHAREFLAGS) -o $@ -Ncrypto::chachapoly \
 		-t$(TESTCACHE)/crypto/chachapoly/crypto_chachapoly.td $(testlib_crypto_chachapoly_any_srcs)
 
 # crypto::cipher (+any)