diff --git a/include/libssh/chacha.h b/include/libssh/chacha.h index bac78c67..867f532d 100644 --- a/include/libssh/chacha.h +++ b/include/libssh/chacha.h @@ -17,7 +17,6 @@ struct chacha_ctx { #define CHACHA_NONCELEN 8 #define CHACHA_CTRLEN 8 #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) -#define CHACHA_BLOCKLEN 64 void chacha_keysetup(struct chacha_ctx *x, const uint8_t *k, uint32_t kbits) #ifdef HAVE_GCC_BOUNDED_ATTRIBUTE diff --git a/include/libssh/chacha20-poly1305-common.h b/include/libssh/chacha20-poly1305-common.h new file mode 100644 index 00000000..b2f0231b --- /dev/null +++ b/include/libssh/chacha20-poly1305-common.h @@ -0,0 +1,54 @@ +/* + * This file is part of the SSH Library + * + * Copyright (c) 2020 Red Hat, Inc. + * + * Author: Jakub Jelen + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/* + * chacha20-poly1305.h file + * This file includes definitions needed for Chacha20-poly1305 AEAD cipher + * using different crypto backends. + */ + +#ifndef CHACHA20_POLY1305_H +#define CHACHA20_POLY1305_H + +#define CHACHA20_BLOCKSIZE 64 +#define CHACHA20_KEYLEN 32 + +#define POLY1305_TAGLEN 16 +/* size of the keys k1 and k2 as defined in specs */ +#define POLY1305_KEYLEN 32 + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif +struct ssh_packet_header { + uint32_t length; + uint8_t payload[]; +} +#if defined(__GNUC__) +__attribute__ ((packed)) +#endif +#ifdef _MSC_VER +#pragma pack(pop) +#endif +; + +#endif /* CHACHA20_POLY1305_H */ diff --git a/include/libssh/poly1305.h b/include/libssh/poly1305.h index 9174bd17..513f1b99 100644 --- a/include/libssh/poly1305.h +++ b/include/libssh/poly1305.h @@ -5,9 +5,7 @@ #ifndef POLY1305_H #define POLY1305_H - -#define POLY1305_KEYLEN 32 -#define POLY1305_TAGLEN 16 +#include "libssh/chacha20-poly1305-common.h" void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen, const uint8_t key[POLY1305_KEYLEN]) diff --git a/src/chachapoly.c b/src/chachapoly.c index 820e7f6e..c90a1e97 100644 --- a/src/chachapoly.c +++ b/src/chachapoly.c @@ -26,9 +26,8 @@ #include "libssh/chacha.h" #include "libssh/poly1305.h" #include "libssh/misc.h" +#include "libssh/chacha20-poly1305-common.h" -/* size of the keys k1 and k2 as defined in specs */ -#define CHACHA20_KEYLEN 32 struct chacha20_poly1305_keysched { /* key used for encrypting the length field*/ struct chacha_ctx k1; @@ -36,13 +35,6 @@ struct chacha20_poly1305_keysched { struct chacha_ctx k2; }; -#pragma pack(push, 1) -struct ssh_packet_header { - uint32_t length; - uint8_t payload[]; -}; -#pragma pack(pop) - static const uint8_t zero_block_counter[8] = {0, 0, 0, 0, 0, 0, 0, 0}; static const uint8_t payload_block_counter[8] = {1, 0, 0, 0, 0, 0, 0, 0}; diff --git a/src/libgcrypt.c b/src/libgcrypt.c index 53de4653..85d47c3f 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -33,18 +33,15 @@ #include "libssh/wrapper.h" #include "libssh/string.h" #include "libssh/misc.h" +#ifdef HAVE_GCRYPT_CHACHA_POLY +#include "libssh/chacha20-poly1305-common.h" +#endif #ifdef HAVE_LIBGCRYPT #include #ifdef HAVE_GCRYPT_CHACHA_POLY -#define CHACHA20_BLOCKSIZE 64 -#define CHACHA20_KEYLEN 32 - -#define POLY1305_TAGLEN 16 -#define POLY1305_KEYLEN 32 - struct chacha20_poly1305_keysched { bool initialized; /* cipher handle used for encrypting the packets */ @@ -55,13 +52,6 @@ struct chacha20_poly1305_keysched { gcry_mac_hd_t mac_hd; }; -#pragma pack(push, 1) -struct ssh_packet_header { - uint32_t length; - uint8_t payload[]; -}; -#pragma pack(pop) - static const uint8_t zero_block[CHACHA20_BLOCKSIZE] = {0}; #endif /* HAVE_GCRYPT_CHACHA_POLY */ diff --git a/tests/unittests/torture_crypto.c b/tests/unittests/torture_crypto.c index acb70a46..102b2594 100644 --- a/tests/unittests/torture_crypto.c +++ b/tests/unittests/torture_crypto.c @@ -4,6 +4,7 @@ #include "torture.h" #include "libssh/crypto.h" +#include "libssh/chacha20-poly1305-common.h" uint8_t key[32] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e" @@ -110,16 +111,15 @@ static void torture_crypto_aes256_cbc(void **state) ssh_cipher_clear(&cipher); } -#define POLY1305_TAGLEN 16 - -uint8_t chacha20poly1305_key[64] = +uint8_t chacha20poly1305_key[CHACHA20_KEYLEN*2] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e" "\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d" "\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c" "\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b" "\x3c\x3d\x3e\x3f"; -uint8_t chacha20poly1305_cleartext[144] = +#define CLEARTEXT_LENGTH 144 +uint8_t chacha20poly1305_cleartext[CLEARTEXT_LENGTH] = "\xb4\xfc\x5d\xc2\x49\x8d\x2c\x29\x4a\xc9\x9a\xb0\x1b\xf8\x29" "\xee\x85\x6d\x8c\x04\x34\x7c\x65\xf4\x89\x97\xc5\x71\x70\x41" "\x91\x40\x19\x60\xe1\xf1\x8f\x4d\x8c\x17\x51\xd6\xbc\x69\x6e" @@ -133,7 +133,7 @@ uint8_t chacha20poly1305_cleartext[144] = uint64_t chacha20poly1305_seq = (uint64_t)1234567890 * 98765431; -uint8_t chacha20poly1305_encrypted[sizeof(uint32_t) + 144 + POLY1305_TAGLEN] = +uint8_t chacha20poly1305_encrypted[sizeof(uint32_t) + CLEARTEXT_LENGTH + POLY1305_TAGLEN] = "\xac\x2e\x4c\x54\xf6\x97\x75\xb4\x3b\x8f\xb0\x8e\xb0\x0a\x8e" "\xb3\x90\x21\x0d\x7a\xb6\xd3\x03\xf6\xbc\x6e\x3a\x32\x67\xe1" "\x13\x65\x43\x3b\x34\x9d\xcb\x62\x7e\x0a\x80\xb0\x45\x87\x07"