Basically a first implementation of the chacha20 Poly1305 algorithm #90
Conversation
Attempt to fix bugreport MHumm#86
Fixed the crash of issue MHumm#86 by changing GCM to use poitners instead ot TBytes and added unit test to verify the change
Same kind of change as already done to EncodeGCM
Changed GCM part of EncodeBytes as well
Added name of the CCM implementation sponsor
Still not working.
* Fixed bugs to get stream functions working - not yet tested * shrinking base classes to get the extended aead functions working (ccm, gcm, poly1305) - not yet tested
Minor: removed debug idx variable.
|
Added code to implement XChaCha20 as well |
|
I need to find the time to look at this over the next few weeks. Please be a bit patient! I value your contribution. Thanks for the warning about the changes in the base class. Yes, they need to be evaluated carefully. Does your code contain unit tests? |
|
Yes.. at least the two vectors from the original RFC. I found a bunch of test vectors here: This commit would also tackle the problems with the encodings - I changed the base class so it could be used in such a way. The chacha and GCM modules are already converted. Let me know what you think of that. |
|
We should try to have unit tests for as many areas of the library as possible. |
|
Refering to this one: "do you think it is a good idea to implement them here?" |
|
They actually include the RFC test in their test suit. It is even the first test.... |
|
I try to find original test vectors. Ok, when I took the library over there was some "crude" automatic test program which worked on a text file which contained the test vectors. And there were about a dozend unit tests for some newer date helper functions (from DECUtil). I started to implement unit tests for those test vectors in the text file, without questioning where they came from. Later on somebody reported a few flaws and fixes for them and that made me start to look for original test vectors for all the hash algorithms. After all those years I couldn't find them for all the hash algorithms but for those where I found them I added them. For KDF it was like this: the original author had implemented KDF2. At least that's what he had claimed. I found there were no tests yet and found the KDF specification and the test vectors for KDF2 didn't match the results produced by DEC. So I started to investigate and found out, that the original author had implemented KDF1 and KDF2 and 3 are only small deviations from that. The only difference is the order of 2-3 lines of code in their main method. So I implemented these two as well and added tests from that specification. => I try to find the original specification of the algorithm, be it some PDF, an RFC whatever and check if that contains test vectors. Also NIST is sometimes a source for test vectors or other standard bodies. Does this answer your question? |
|
I see... thanks for the info. |
Removed dll reference Fixed a crucial bug in the poly1305 generation - the ConstTimeCarray32 had wrong brackets applied.
|
These two last commits include the found test vector - about 300 tests. |
Hope this works as intendent....
Basically I implemented the base chacha20 algorithm and a poly1305 mode following the GCM mode implementation.
I need to say I did quite some rewriting on the base class (don't be mad...) to have a more leaner interface in the
cipher classes.
In addtion I rewrote the GCM part such that it works on streams too - multiple encode/decode calls are now allowed.
This was a rewrite of bug #87 based on the new base authenticator class.
I did not rewrite teh CCM stuff - simply I didn't knew how...
There are also SSE, AVX version of the chacha algorithm so I hope I managed to put it correctly in there - unfortunately I was not
successfull with a SSE/AVX version of the Poly1305 algorithm, this one is way more complicated that chacha...
Let me know what you think of the code...