chacha

The ChaCha20 stream cipher (docs.ppad.tech/chacha).
git clone git://git.ppad.tech/chacha.git
Log | Files | Refs | README | LICENSE

commit 01917a647ba57a5f3c5f992443c4561a6af3376a
parent 3b25b1dd3f346b2374dba198817749e61f8dcf91
Author: Jared Tobin <jared@jtobin.io>
Date:   Mon, 10 Mar 2025 16:20:14 +0400

test: additional vectors from RFC8439

Diffstat:
MREADME.md | 2++
Mlib/Crypto/Cipher/ChaCha20.hs | 2+-
Mtest/Main.hs | 47+++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md @@ -58,6 +58,8 @@ This library aims at the maximum security achievable in a garbage-collected language under an optimizing compiler such as GHC, in which strict constant-timeness can be [challenging to achieve][const]. +The ChaCha20 cipher within passes all test vectors from RFC8439. + If you discover any vulnerabilities, please disclose them via security@ppad.tech. diff --git a/lib/Crypto/Cipher/ChaCha20.hs b/lib/Crypto/Cipher/ChaCha20.hs @@ -352,7 +352,7 @@ _cipher key counter nonce plaintext = do let loop acc !j bs = case BS.splitAt 64 bs of (chunk@(BI.PS _ _ l), etc) - | l == 0 && BS.length etc == 0 -> pure $ + | l == 0 && BS.length etc == 0 -> pure $ -- XX BS.toStrict (BSB.toLazyByteString acc) | otherwise -> do PA.copyMutablePrimArray s 0 initial 0 16 diff --git a/test/Main.hs b/test/Main.hs @@ -22,6 +22,9 @@ main = defaultMain $ testGroup "ppad-chacha" [ , chacha20_block_init , chacha20_rounds , encrypt + , crypt1 + , crypt2 + , crypt3 ] quarter :: TestTree @@ -114,3 +117,47 @@ encrypt = H.testCase "chacha20 encrypt" $ do let o = ChaCha.cipher block_key 1 crypt_non crypt_plain H.assertEqual mempty crypt_cip o +-- additional vectors + +crypt1 :: TestTree +crypt1 = H.testCase "chacha20 encrypt (A.2 #1)" $ do + let key = fromJust . B16.decode $ + "0000000000000000000000000000000000000000000000000000000000000000" + non = fromJust . B16.decode $ + "000000000000000000000000" + con = 0 + plain = fromJust . B16.decode $ + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + cip = fromJust . B16.decode $ + "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586" + out = ChaCha.cipher key con non plain + H.assertEqual mempty cip out + +crypt2 :: TestTree +crypt2 = H.testCase "chacha20 encrypt (A.2 #2)" $ do + let key = fromJust . B16.decode $ + "0000000000000000000000000000000000000000000000000000000000000001" + non = fromJust . B16.decode $ + "000000000000000000000002" + con = 1 + plain = fromJust . B16.decode $ + "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f" + cip = fromJust . B16.decode $ + "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221" + out = ChaCha.cipher key con non plain + H.assertEqual mempty cip out + +crypt3 :: TestTree +crypt3 = H.testCase "chacha20 encrypt (A.2 #3)" $ do + let key = fromJust . B16.decode $ + "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0" + non = fromJust . B16.decode $ + "000000000000000000000002" + con = 42 + plain = fromJust . B16.decode $ + "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e" + cip = fromJust . B16.decode $ + "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1" + out = ChaCha.cipher key con non plain + H.assertEqual mempty cip out +