Drop support for 128-bit chacha keys.

diff --git a/ChangeLog b/ChangeLog
index 8446b8d821f6a56183c9eaaba5a05d0bc08a6372..72abf3d5ae7566ac1e78c11dd11e5f230bafdee0 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2014-03-04  Niels Möller  <nisse@lysator.liu.se>
+
+       * chacha128-set-key.c (chacha128_set_key): Deleted file and
+       function. Support for 128-bit chacha keys may be reintroduced
+       later, if really needed.
+       * chacha.h: Deleted chacha128-related declarations.
+       * chacha-set-key.c (chacha_set_key): Drop support for 128-bit
+       keys.
+       * testsuite/chacha-test.c (test_main): #if:ed out all tests with
+       128-bit keys.
+
 2014-02-16  Niels Möller  <nisse@lysator.liu.se>
 
        * gcm.h: Declarations for gcm-camellia256.

diff --git a/Makefile.in b/Makefile.in
index 274689c7a93d2b5891b72152cbc29b5829ad8d78..a9c70481959c3f0f83e26af6e9577d07890f0b13 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -90,7 +90,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
                 chacha-crypt.c chacha-core-internal.c \
                 chacha-poly1305.c chacha-poly1305-meta.c \
                 chacha-set-key.c chacha-set-nonce.c \
-                chacha128-set-key.c chacha256-set-key.c \
+                chacha256-set-key.c \
                 ctr.c des.c des3.c des-compat.c \
                 eax.c eax-aes128.c eax-aes128-meta.c \
                 gcm.c gcm-aes.c \

diff --git a/chacha-set-key.c b/chacha-set-key.c
index 18c6109e344da3931762de5ef100f05583cb76de..e9edea3befd8f163b197040a404969f4d93ab336 100644 (file)
--- a/chacha-set-key.c
+++ b/chacha-set-key.c
@@ -33,9 +33,6 @@ chacha_set_key(struct chacha_ctx *ctx, size_t length, const uint8_t *key)
     {
     default:
       abort ();
-    case CHACHA128_KEY_SIZE:
-      chacha128_set_key (ctx, key);
-      break;
     case CHACHA256_KEY_SIZE:
       chacha256_set_key (ctx, key);
       break;

diff --git a/chacha.h b/chacha.h
index ae3934358f7ba7a25e1b8143ba1efb3f9e5bf796..8f703decdae64674cb43acd9c7fb784e40026551 100644 (file)
--- a/chacha.h
+++ b/chacha.h
@@ -37,14 +37,12 @@ extern "C" {
 
 /* Name mangling */
 #define chacha_set_key nettle_chacha_set_key
-#define chacha128_set_key nettle_chacha128_set_key
 #define chacha256_set_key nettle_chacha256_set_key
 #define chacha_set_nonce nettle_chacha_set_nonce
 #define chacha_crypt nettle_chacha_crypt
 #define _chacha_core _nettle_chacha_core
 
 /* Possible keysizes, and a reasonable default. In octets. */
-#define CHACHA128_KEY_SIZE 16
 #define CHACHA256_KEY_SIZE 32
 #define CHACHA_KEY_SIZE 32
 
@@ -70,9 +68,6 @@ struct chacha_ctx
   uint32_t state[_CHACHA_STATE_LENGTH];
 };
 
-void
-chacha128_set_key(struct chacha_ctx *ctx, const uint8_t *key);
-
 void
 chacha256_set_key(struct chacha_ctx *ctx, const uint8_t *key);
 

diff --git a/chacha128-set-key.c b/chacha128-set-key.c
deleted file mode 100644 (file)
index 569e801..0000000
--- a/chacha128-set-key.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* chacha128-set-key.c
- *
- * ChaCha key setup for 128-bit keys.
- * Based on the Salsa20 implementation in Nettle.
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 2013 Joachim Strömbergon
- * Copyright (C) 2012 Simon Josefsson
- * Copyright (C) 2012, 2014 Niels Möller
- *  
- * The nettle library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- * 
- * The nettle library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with the nettle library; see the file COPYING.LIB.  If not, write to
- * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- * MA 02111-1301, USA.
- */
-
-/* Based on:
-   ChaCha specification (doc id: 4027b5256e17b9796842e6d0f68b0b5e) and reference 
-   implementation dated 2008.01.20
-   D. J. Bernstein
-   Public domain.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-#include <string.h>
-
-#include "chacha.h"
-
-#include "macros.h"
-
-void
-chacha128_set_key(struct chacha_ctx *ctx, const uint8_t *key)
-{
-  static const uint32_t tau[4] = {
-    /* "expand 16-byte k" */
-    0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
-  };
-
-  ctx->state[8]  = ctx->state[4] = LE_READ_UINT32(key + 0);
-  ctx->state[9]  = ctx->state[5] = LE_READ_UINT32(key + 4);
-  ctx->state[10] = ctx->state[6] = LE_READ_UINT32(key + 8);
-  ctx->state[11] = ctx->state[7] = LE_READ_UINT32(key + 12);
-
-  memcpy (ctx->state, tau, sizeof(tau));
-}

diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c
index 8f16a5a1fedab52c36fc76089431b8ad25567dbd..024b780680f0c9c2e04867b8f44273b68bb77d73 100644 (file)
--- a/testsuite/chacha-test.c
+++ b/testsuite/chacha-test.c
@@ -100,7 +100,7 @@ void
 test_main(void)
 {
   /* Test vectors from draft-strombergson-chacha-test-vectors */
-
+#if 0
   /* TC1: All zero key and IV. 128 bit key and 8 rounds. */
   test_chacha (SHEX("0000000000000000 0000000000000000"),
               SHEX("0000000000000000"),
@@ -130,7 +130,7 @@ test_main(void)
                    "8a7143d021978022 a384141a80cea306"
                    "2f41f67a752e66ad 3411984c787e30ad"),
               20);
-
+#endif
   test_chacha (SHEX("0000000000000000 0000000000000000"
                    "0000000000000000 0000000000000000"),
               SHEX("0000000000000000"),
@@ -147,6 +147,7 @@ test_main(void)
 
 
   /* TC2: Single bit in key set. All zero IV */
+#if 0
   test_chacha (SHEX("0100000000000000 0000000000000000"),
               SHEX("0000000000000000"),
               SHEX("03a7669888605a07 65e8357475e58673"
@@ -175,7 +176,7 @@ test_main(void)
                    "b3cebd0a5005e762 e562d1375b7ac445"
                    "93a991b85d1a60fb a2035dfaa2a642d5"),
               20);
-
+#endif
   test_chacha (SHEX("0100000000000000 0000000000000000"
                    "0000000000000000 0000000000000000"),
               SHEX("0000000000000000"),
@@ -191,6 +192,7 @@ test_main(void)
               20);
 
   /* TC3: Single bit in IV set. All zero key */
+#if 0
   test_chacha (SHEX("0000000000000000 0000000000000000"),
               SHEX("0100000000000000"),
               SHEX("25f5bec6683916ff 44bccd12d102e692"
@@ -219,7 +221,7 @@ test_main(void)
                    "4dfc50de711fb464 16c2553cc60f21bb"
                    "fd006491cb17888b 4fb3521c4fdd8745"),
               20);
-
+#endif
   test_chacha (SHEX("0000000000000000 0000000000000000"
                    "0000000000000000 0000000000000000"),
               SHEX("0100000000000000"),
@@ -235,6 +237,7 @@ test_main(void)
               20);
 
   /* TC4: All bits in key and IV are set. */
+#if 0
   test_chacha (SHEX("ffffffffffffffff ffffffffffffffff"),
               SHEX("ffffffffffffffff"),
               SHEX("2204d5b81ce66219 3e00966034f91302"
@@ -263,7 +266,7 @@ test_main(void)
                    "7c227c52ef796b6b ed9f9059ba0614bc"
                    "f6dd6e38917f3b15 0e576375be50ed67"),
               20);
-
+#endif
   test_chacha (SHEX("ffffffffffffffff ffffffffffffffff"
                    "ffffffffffffffff ffffffffffffffff"),
               SHEX("ffffffffffffffff"),
@@ -279,6 +282,7 @@ test_main(void)
               20);
 
   /* TC5: Every even bit set in key and IV. */
+#if 0
   test_chacha (SHEX("5555555555555555 5555555555555555"),
               SHEX("5555555555555555"),
               SHEX("f0a23bc36270e18e d0691dc384374b9b"
@@ -307,7 +311,7 @@ test_main(void)
                    "a3e5d94b5666382c 6d130d822dd56aac"
                    "b0f8195278e7b292 495f09868ddf12cc"),
               20);
-
+#endif
   test_chacha (SHEX("5555555555555555 5555555555555555"
                    "5555555555555555 5555555555555555"),
               SHEX("5555555555555555"),
@@ -323,6 +327,7 @@ test_main(void)
               20);
 
   /* TC6: Every odd bit set in key and IV. */
+#if 0
   test_chacha (SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
               SHEX("aaaaaaaaaaaaaaaa"),
               SHEX("312d95c0bc38eff4 942db2d50bdc500a"
@@ -351,7 +356,7 @@ test_main(void)
                    "efce4537bb0ef7b5 73b32f32765f2900"
                    "7da53bba62e7a44d 006f41eb28fe15d6"),
               20);
-
+#endif
   test_chacha (SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
                    "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
               SHEX("aaaaaaaaaaaaaaaa"),
@@ -367,6 +372,7 @@ test_main(void)
               20);
 
   /* TC7: Sequence patterns in key and IV. */
+#if 0
   test_chacha (SHEX("0011223344556677 8899aabbccddeeff"),
               SHEX("0f1e2d3c4b5a6978"),
               SHEX("29560d280b452840 0a8f4b795369fb3a"
@@ -395,7 +401,7 @@ test_main(void)
                    "d1ce91fd8ee08280 34b411200a9745a2"
                    "85554475d12afc04 887fef3516d12a2c"),
               20);
-
+#endif
   test_chacha (SHEX("0011223344556677 8899aabbccddeeff"
                    "ffeeddccbbaa9988 7766554433221100"),
               SHEX("0f1e2d3c4b5a6978"),
@@ -406,6 +412,7 @@ test_main(void)
               8);
 
   /* TC8: hashed string patterns */
+#if 0
   test_chacha(SHEX("c46ec1b18ce8a878 725a37e780dfb735"),
              SHEX("1ada31d5cf688221"),
              SHEX("6a870108859f6791 18f3e205e2a56a68"
@@ -434,7 +441,7 @@ test_main(void)
                   "a6a9e6e591dce674 120acaf9040ff50f"
                   "f3ac30ccfb5e1420 4f5e4268b90a8804"),
              20);
-
+#endif
   test_chacha(SHEX("c46ec1b18ce8a878 725a37e780dfb735"
                   "1f68ed2e194c79fb c6aebee1a667975d"),
              SHEX("1ada31d5cf688221"),