cipher: expose raw ChaCha20 cipher

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index fd47c13b6653dfed66e411770de1e0cedf68849e..207b0483fa190f3fd60e8bfc4f442642cbc03be3 100644 (file)
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -136,6 +136,13 @@ static const cipher_entry_st algorithms[] = {
          .type = CIPHER_STREAM,
          .explicit_iv = 0,
          .cipher_iv = 8},
+       { .name = "CHACHA20-64",
+         .id = GNUTLS_CIPHER_CHACHA20_64,
+         .blocksize = 64,
+         .keysize = 32,
+         .type = CIPHER_STREAM,
+         .explicit_iv = 0,
+         .cipher_iv = 8},
        { .name = "CAMELLIA-256-CBC",
          .id = GNUTLS_CIPHER_CAMELLIA_256_CBC,
          .blocksize = 16,

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index cfc1f35e922e438a18edf0b6cd98050be0c75c5d..e88fe86918ddce48012ec2656de0fd64b4afb7d5 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -113,6 +113,7 @@ extern "C" {
  * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys (AEAD).
  * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
  * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
+ * @GNUTLS_CIPHER_CHACHA20_64: Chacha20 cipher with 64-bit nonces.
  * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
  * @GNUTLS_CIPHER_GOST28147_TC26Z_CFB: GOST 28147-89 (Magma) cipher in CFB mode with TC26 Z S-box.
  * @GNUTLS_CIPHER_GOST28147_CPA_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro A S-box.
@@ -174,6 +175,7 @@ typedef enum gnutls_cipher_algorithm {
        GNUTLS_CIPHER_AES_128_XTS = 32,
        GNUTLS_CIPHER_AES_256_XTS = 33,
        GNUTLS_CIPHER_GOST28147_TC26Z_CNT = 34,
+       GNUTLS_CIPHER_CHACHA20_64 = 35,
 
        /* used only for PGP internals. Ignored in TLS/SSL
         */

diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 5e9f25b2ec9b80846404a4cbe0ea4433c3f07df1..e46ce4afe4e3c0c16f8ef31c776c5e0f9de34b9d 100644 (file)
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -246,6 +246,13 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx,
                                    tag_size, length, dst, src);
 }
 
+static void
+_chacha_set_nonce (struct chacha_poly1305_ctx *ctx,
+                  size_t length, const uint8_t *nonce)
+{
+       chacha_set_nonce(ctx, nonce);
+}
+
 static void
 _chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
                   size_t length, const uint8_t *nonce)
@@ -607,6 +614,20 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
           .set_decrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
           .max_iv_size = SALSA20_NONCE_SIZE,
        },
+       {  .algo = GNUTLS_CIPHER_CHACHA20_64,
+          .block_size = 1,
+          .key_size = CHACHA_KEY_SIZE,
+          .encrypt_block = (nettle_cipher_func*)chacha_crypt,
+          .decrypt_block = (nettle_cipher_func*)chacha_crypt,
+
+          .ctx_size = sizeof(struct chacha_ctx),
+          .encrypt = _stream_encrypt,
+          .decrypt = _stream_encrypt,
+          .set_encrypt_key = (nettle_set_key_func*)chacha_set_key,
+          .set_decrypt_key = (nettle_set_key_func*)chacha_set_key,
+          .set_iv = (setiv_func)_chacha_set_nonce,
+          .max_iv_size = CHACHA_NONCE_SIZE,
+       },
        {  .algo = GNUTLS_CIPHER_CHACHA20_POLY1305,
           .block_size = CHACHA_POLY1305_BLOCK_SIZE,
           .key_size = CHACHA_POLY1305_KEY_SIZE,