We use cookies to ensure you get the best experience on our website
Головна сторінка Огляд Довідка
Реєстрація Увійти
0ct0pu5
/
moby
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: debcb76939
Гілки Теги
moby
/
vendor
/
golang.org
/
x
/
crypto
/
chacha20poly1305
/
chacha20poly1305_generic.go

chacha20poly1305_generic.go 2.2 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. // Copyright 2016 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package chacha20poly1305
    6. 

  6. 

  7. import (
    8. 

  8. 	"encoding/binary"
    9. 

  9. 

  10. 	"golang.org/x/crypto/chacha20"
    11. 

  11. 	"golang.org/x/crypto/internal/alias"
    12. 

  12. 	"golang.org/x/crypto/internal/poly1305"
    13. 

  13. )
    14. 

  14. 

  15. func writeWithPadding(p *poly1305.MAC, b []byte) {
    16. 

  16. 	p.Write(b)
    17. 

  17. 	if rem := len(b) % 16; rem != 0 {
    18. 

  18. 		var buf [16]byte
    19. 

  19. 		padLen := 16 - rem
    20. 

  20. 		p.Write(buf[:padLen])
    21. 

  21. 	}
    22. 

  22. }
    23. 

  23. 

  24. func writeUint64(p *poly1305.MAC, n int) {
    25. 

  25. 	var buf [8]byte
    26. 

  26. 	binary.LittleEndian.PutUint64(buf[:], uint64(n))
    27. 

  27. 	p.Write(buf[:])
    28. 

  28. }
    29. 

  29. 

  30. func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
    31. 

  31. 	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
    32. 

  32. 	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
    33. 

  33. 	if alias.InexactOverlap(out, plaintext) {
    34. 

  34. 		panic("chacha20poly1305: invalid buffer overlap")
    35. 

  35. 	}
    36. 

  36. 

  37. 	var polyKey [32]byte
    38. 

  38. 	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
    39. 

  39. 	s.XORKeyStream(polyKey[:], polyKey[:])
    40. 

  40. 	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
    41. 

  41. 	s.XORKeyStream(ciphertext, plaintext)
    42. 

  42. 

  43. 	p := poly1305.New(&polyKey)
    44. 

  44. 	writeWithPadding(p, additionalData)
    45. 

  45. 	writeWithPadding(p, ciphertext)
    46. 

  46. 	writeUint64(p, len(additionalData))
    47. 

  47. 	writeUint64(p, len(plaintext))
    48. 

  48. 	p.Sum(tag[:0])
    49. 

  49. 

  50. 	return ret
    51. 

  51. }
    52. 

  52. 

  53. func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
    54. 

  54. 	tag := ciphertext[len(ciphertext)-16:]
    55. 

  55. 	ciphertext = ciphertext[:len(ciphertext)-16]
    56. 

  56. 

  57. 	var polyKey [32]byte
    58. 

  58. 	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
    59. 

  59. 	s.XORKeyStream(polyKey[:], polyKey[:])
    60. 

  60. 	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
    61. 

  61. 

  62. 	p := poly1305.New(&polyKey)
    63. 

  63. 	writeWithPadding(p, additionalData)
    64. 

  64. 	writeWithPadding(p, ciphertext)
    65. 

  65. 	writeUint64(p, len(additionalData))
    66. 

  66. 	writeUint64(p, len(ciphertext))
    67. 

  67. 

  68. 	ret, out := sliceForAppend(dst, len(ciphertext))
    69. 

  69. 	if alias.InexactOverlap(out, ciphertext) {
    70. 

  70. 		panic("chacha20poly1305: invalid buffer overlap")
    71. 

  71. 	}
    72. 

  72. 	if !p.Verify(tag) {
    73. 

  73. 		for i := range out {
    74. 

  74. 			out[i] = 0
    75. 

  75. 		}
    76. 

  76. 		return nil, errOpen
    77. 

  77. 	}
    78. 

  78. 

  79. 	s.XORKeyStream(out, ciphertext)
    80. 

  80. 	return ret, nil
    81. 

  81. }
    82.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5