reworked cc20

4 years ago · 8757312d41
7 changed files with 136 additions and 39 deletions
--- a/include/cc20.h
+++ b/include/cc20.h
@ -20,26 +20,38 @@
 #ifndef CC20_H
 #define CC20_H

+#include <stdint.h>
 #include "n2n.h"               // HAVE_OPENSSL_1_1, traceEvent ...

+#define CC20_IV_SIZE           16
+#define CC20_KEY_BYTES       (256/8)

-#ifdef HAVE_OPENSSL_1_1
-
+#ifdef HAVE_OPENSSL_1_1 // openSSL 1.1 ----------------------------------------------------

-#include <stdint.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>

-#define CC20_IV_SIZE           16
-#define CC20_KEY_BYTES       (256/8)
-
-
 typedef struct cc20_context_t {
  EVP_CIPHER_CTX      *ctx;                    /* openssl's reusable evp_* en/de-cryption context */
  const EVP_CIPHER    *cipher;                 /* cipher to use: e.g. EVP_chacha20() */
  uint8_t             key[CC20_KEY_BYTES];     /* the pure key data for payload encryption & decryption */
 } cc20_context_t;

+#else // plain C --------------------------------------------------------------------------
+
+typedef struct cc20_context {
+  uint32_t keystream32[16];
+  size_t position;
+
+  uint8_t key[CC20_KEY_BYTES];
+  uint8_t nonce[CC20_IV_SIZE];
+  uint64_t counter;
+
+  uint32_t state[16];
+} cc20_context_t;
+
+#endif // openSSL 1.1, plain C ------------------------------------------------------------
+

 int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len,
                const unsigned char *iv, cc20_context_t *ctx);
@ -51,7 +63,4 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx);
 int cc20_deinit (cc20_context_t *ctx);


-#endif // HAVE_OPENSSL_1_1
-
-
 #endif // CC20_H
--- a/include/n2n.h
+++ b/include/n2n.h
@ -425,9 +425,7 @@ int n2n_transop_tf_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt);
 #ifdef N2N_HAVE_AES
 int n2n_transop_aes_cbc_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt);
 #endif
-#ifdef HAVE_OPENSSL_1_1
 int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt);
-#endif
 int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt);

 /* Log */
--- a/src/cc20.c
+++ b/src/cc20.c
@ -20,11 +20,9 @@
 #include "cc20.h"


-#ifdef HAVE_OPENSSL_1_1
+#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 ---------------------------------------------


-/* ****************************************************** */
-
 /* get any erorr message out of openssl
   taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */
 static char *openssl_err_as_string (void) {
@ -41,7 +39,6 @@ static char *openssl_err_as_string (void) {
  return ret;
 }

-/* ****************************************************** */

 // encryption == decryption
 int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len,
@ -78,13 +75,124 @@ int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len,
 }


+#else // plain C --------------------------------------------------------------------------
+
+
+// taken (and modified) from https://github.com/Ginurx/chacha20-c (public domain)
+
+
+static uint32_t rotl32(uint32_t x, int n) {
+
+  return (x << n) | (x >> (32 - n));
+}
+
+// little endian
+static uint32_t pack4(const uint8_t *a) {
+
+  uint32_t res = 0;
+  res |= (uint32_t)a[0] << 0 * 8;
+  res |= (uint32_t)a[1] << 1 * 8;
+  res |= (uint32_t)a[2] << 2 * 8;
+  res |= (uint32_t)a[3] << 3 * 8;
+  return res;
+}
+
+
+static void unpack4(uint32_t src, uint8_t *dst) {
+
+  dst[0] = (src >> 0 * 8) & 0xff;
+  dst[1] = (src >> 1 * 8) & 0xff;
+  dst[2] = (src >> 2 * 8) & 0xff;
+  dst[3] = (src >> 3 * 8) & 0xff;
+}
+
+
+static void chacha20_init_block(cc20_context_t *ctx, const uint8_t nonce[]) {
+
+  const uint8_t *magic_constant = (uint8_t*)"expand 32-byte k";
+
+  memcpy(&(ctx->state[0]), magic_constant, 16);
+  memcpy (&(ctx->state[4]), ctx->key, CC20_KEY_BYTES);
+  memcpy(&(ctx->state[12]), nonce, CC20_IV_SIZE);
+}
+
+
+#define CHACHA20_QUARTERROUND(x, a, b, c, d) \
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16); \
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12); \
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 8); \
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 7);
+
+static void chacha20_block_next(cc20_context_t *ctx) {
+
+  int i;
+
+  for(i = 0; i < 16; i++)
+    ctx->keystream32[i] = ctx->state[i];
+
+  for(i = 0; i < 10; i++) {
+    CHACHA20_QUARTERROUND(ctx->keystream32, 0, 4, 8, 12)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 1, 5, 9, 13)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 2, 6, 10, 14)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 3, 7, 11, 15)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 0, 5, 10, 15)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 1, 6, 11, 12)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 2, 7, 8, 13)
+    CHACHA20_QUARTERROUND(ctx->keystream32, 3, 4, 9, 14)
+  }
+
+  for(i = 0; i < 16; i++)
+    ctx->keystream32[i] += ctx->state[i];
+
+  uint32_t *counter = ctx->state + 12;
+  // increment counter
+  counter[0]++;
+  if(0 == counter[0]) {
+    // wrap around occured, increment higher 32 bits of counter
+    counter[1]++;
+    // Limited to 2^64 blocks of 64 bytes each.
+    // if you want to process more than 1180591620717411303424 bytes
+    // you have other problems.
+    // we could keep counting with counter[2] and counter[3] (nonce),
+    // but then we risk reusing the nonce which is very bad.
+  }
+}
+
+
+static void chacha20_init_context(cc20_context_t *ctx, const uint8_t *nonce) {
+
+  chacha20_init_block(ctx, nonce);
+  ctx->position = 64;
+}
+
+
+int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len,
+                const unsigned char *iv, cc20_context_t *ctx) {
+
+  chacha20_init_context(ctx, iv);
+
+  uint8_t *keystream8 = (uint8_t*)ctx->keystream32;
+  for(size_t i = 0; i < in_len; i++) {
+    if(ctx->position >= 64) {
+      chacha20_block_next(ctx);
+      ctx->position = 0;
+    }
+    out[i] = in[i] ^ keystream8[ctx->position];
+    ctx->position++;
+  }
+}
+
+
+#endif // openSSL 1.1, plain C ------------------------------------------------------------
+
+
 int cc20_init (const unsigned char *key, cc20_context_t **ctx) {

 // allocate context...
  *ctx = (cc20_context_t*) calloc(1, sizeof(cc20_context_t));
  if (!(*ctx))
    return -1;
-
+#if defined (HAVE_OPENSSL_1_1)
  if(!((*ctx)->ctx = EVP_CIPHER_CTX_new())) {
    traceEvent(TRACE_ERROR, "cc20_init openssl's evp_* encryption context creation failed: %s",
                            openssl_err_as_string());
@ -92,7 +200,7 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx) {
  }

  (*ctx)->cipher = EVP_chacha20();
-
+#endif
  memcpy((*ctx)->key, key, CC20_KEY_BYTES);

  return 0;
@ -101,10 +209,8 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx) {

 int cc20_deinit (cc20_context_t *ctx) {

+#if defined (HAVE_OPENSSL_1_1)
  if (ctx->ctx) EVP_CIPHER_CTX_free(ctx->ctx);
-
+#endif
  return 0;
 }
-
-
-#endif // HAVE_OPENSSL_1_1
--- a/src/edge.c
+++ b/src/edge.c
@ -168,9 +168,7 @@ static void help() {
 #ifdef N2N_HAVE_AES
  "-A3 or -A (deprecated) = AES-CBC, "
 #endif
-#ifdef HAVE_OPENSSL_1_1
  "-A4 = ChaCha20, "
-#endif
  "-A5 = Speck-CTR.\n");
  printf("-H                       | Enable full header encryption. Requires supernode with fixed community.\n");
  printf("-z1 ... -z2 or -z        | Enable compression for outgoing data packets: -z1 or -z = lzo1x"
@ -250,13 +248,11 @@ static void setPayloadEncryption( n2n_edge_conf_t *conf, int cipher) {
      break;
    }
 #endif
-#ifdef HAVE_OPENSSL_1_1
  case 4:
    {
      conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
      break;
    }
-#endif
  case 5:
    {
      conf->transop_id = N2N_TRANSFORM_ID_SPECK;
--- a/src/edge_utils.c
+++ b/src/edge_utils.c
@ -226,11 +226,9 @@ n2n_edge_t* edge_init(const n2n_edge_conf_t *conf, int *rv) {
    rc = n2n_transop_aes_cbc_init(&eee->conf, &eee->transop);
    break;
 #endif
-#ifdef HAVE_OPENSSL_1_1
  case N2N_TRANSFORM_ID_CHACHA20:
    rc = n2n_transop_cc20_init(&eee->conf, &eee->transop);
    break;
-#endif
  case N2N_TRANSFORM_ID_SPECK:
    rc = n2n_transop_speck_init(&eee->conf, &eee->transop);
    break;
--- a/src/transform_cc20.c
+++ b/src/transform_cc20.c
@ -16,9 +16,9 @@
 *
 */

+
 #include "n2n.h"

-#ifdef HAVE_OPENSSL_1_1

 /* ChaCha20 plaintext preamble */
 #define CC20_PREAMBLE_SIZE    (CC20_IV_SIZE)
@ -177,5 +177,3 @@ int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
  /* Setup the cipher and key */
  return setup_cc20_key(priv, encrypt_key, encrypt_key_len);
 }
-
-#endif /* HAVE_OPENSSL_1_1 */
--- a/tools/benchmark.c
+++ b/tools/benchmark.c
@ -66,9 +66,7 @@ int main(int argc, char * argv[]) {
 #ifdef N2N_HAVE_AES
  n2n_trans_op_t transop_aes_cbc;
 #endif
-#ifdef HAVE_OPENSSL_1_1
  n2n_trans_op_t transop_cc20;
-#endif

  n2n_trans_op_t transop_speck;
  n2n_edge_conf_t conf;
@ -86,9 +84,7 @@ int main(int argc, char * argv[]) {
 #ifdef N2N_HAVE_AES
  n2n_transop_aes_cbc_init(&conf, &transop_aes_cbc);
 #endif
-#ifdef HAVE_OPENSSL_1_1
  n2n_transop_cc20_init(&conf, &transop_cc20);
-#endif
  n2n_transop_speck_init(&conf, &transop_speck);
  
  /* Run the tests */
@ -97,9 +93,7 @@ int main(int argc, char * argv[]) {
 #ifdef N2N_HAVE_AES
  run_transop_benchmark("transop_aes", &transop_aes_cbc, &conf, pktbuf);
 #endif
-#ifdef HAVE_OPENSSL_1_1
  run_transop_benchmark("transop_cc20", &transop_cc20, &conf, pktbuf);
-#endif
  run_transop_benchmark("transop_speck", &transop_speck, &conf, pktbuf);

  /* Cleanup */
@ -108,9 +102,7 @@ int main(int argc, char * argv[]) {
 #ifdef N2N_HAVE_AES
  transop_aes_cbc.deinit(&transop_aes_cbc);
 #endif
-#ifdef HAVE_OPENSSL_1_1
  transop_cc20.deinit(&transop_cc20);
-#endif
  transop_speck.deinit(&transop_speck);

  return 0;