/*
GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2018 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
// one is over "0". If bit value is 1, then first is taken over "0" and
// second is over "1".
//
-// Poly1305 uses 256-bit one-time key. We generate it using XSalsa20 for
+// Poly1305 uses 256-bit one-time key. We generate it using ChaCha20 for
// for the whole byte at once (16 MACs).
//
-// MACKey1, MACKey2, ... = XSalsa20(authKey, nonce, 0x00...)
-// nonce = prefix || 0x00... || big endian byte number
+// MACKey1, MACKey2, ... = ChaCha20(authKey, nonce, 0x00...)
+// nonce = prefix || big endian byte number
package cnw
import (
"encoding/binary"
"errors"
+ "chacha20"
"golang.org/x/crypto/poly1305"
- "golang.org/x/crypto/salsa20"
)
const (
func Chaff(authKey *[32]byte, noncePrfx, in []byte) []byte {
out := make([]byte, len(in)*EnlargeFactor)
keys := make([]byte, 8*64)
- nonce := make([]byte, 24)
+ nonce := new([16]byte)
copy(nonce[:8], noncePrfx)
var i int
var v byte
tag := new([16]byte)
macKey := new([32]byte)
for n, b := range in {
- binary.BigEndian.PutUint64(nonce[16:], uint64(n))
- salsa20.XORKeyStream(keys, keys, nonce, authKey)
+ binary.BigEndian.PutUint64(nonce[8:], uint64(n))
+ chacha20.XORKeyStream(keys, keys, nonce, authKey)
for i = 0; i < 8; i++ {
v = (b >> uint8(i)) & 1
copy(macKey[:], keys[64*i:64*i+32])
}
out := make([]byte, len(in)/EnlargeFactor)
keys := make([]byte, 8*64)
- nonce := make([]byte, 24)
+ nonce := new([16]byte)
copy(nonce[:8], noncePrfx)
var i int
var v byte
var is11 bool
var is10 bool
for n := 0; n < len(out); n++ {
- binary.BigEndian.PutUint64(nonce[16:], uint64(n))
- salsa20.XORKeyStream(keys, keys, nonce, authKey)
+ binary.BigEndian.PutUint64(nonce[8:], uint64(n))
+ chacha20.XORKeyStream(keys, keys, nonce, authKey)
v = 0
for i = 0; i < 8; i++ {
copy(macKey[:], keys[64*i:64*i+32])