249 lines
10 KiB
ObjectPascal
249 lines
10 KiB
ObjectPascal
unit ChaCha20;
|
|
|
|
{
|
|
Inno Setup
|
|
Copyright (C) 1997-2024 Jordan Russell
|
|
Portions by Martijn Laan
|
|
For conditions of distribution and use, see LICENSE.TXT.
|
|
|
|
ChaCha20 and XChaCha20 encryption/decryption
|
|
|
|
Initially based on https://github.com/Ginurx/chacha20-c/tree/master
|
|
}
|
|
|
|
interface
|
|
|
|
type
|
|
TChaCha20Ctx = array[0..15] of Cardinal;
|
|
|
|
TChaCha20Context = record
|
|
ctx, keystream: TChaCha20Ctx;
|
|
position: 0..64;
|
|
count64: Boolean;
|
|
end;
|
|
|
|
procedure ChaCha20Init(var Context: TChaCha20Context; const Key;
|
|
const KeyLength: Cardinal; const Nonce; const NonceLength: Cardinal;
|
|
const Count: Cardinal);
|
|
procedure ChaCha20Crypt(var Context: TChaCha20Context; const InBuffer;
|
|
var OutBuffer; const Length: Cardinal);
|
|
|
|
procedure XChaCha20Init(var Context: TChaCha20Context; const Key;
|
|
const KeyLength: Cardinal; const Nonce; const NonceLength: Cardinal;
|
|
const Count: Cardinal);
|
|
procedure XChaCha20Crypt(var Context: TChaCha20Context; const InBuffer;
|
|
var OutBuffer; const Length: Cardinal);
|
|
|
|
implementation
|
|
|
|
uses
|
|
System.SysUtils;
|
|
|
|
{$C+}
|
|
|
|
procedure ChaCha20InitCtx(var ctx: TChaCha20Ctx; const Key;
|
|
const KeyLength: Cardinal; const Nonce; const NonceLength: Cardinal;
|
|
const Count: Cardinal);
|
|
begin
|
|
Assert(KeyLength = 32);
|
|
Assert(NonceLength in [0, 8, 12]);
|
|
{$IFDEF DEBUG}
|
|
FillChar(ctx[0], SizeOf(ctx), 1);
|
|
{$ENDIF}
|
|
ctx[0] := $61707865;
|
|
ctx[1] := $3320646e;
|
|
ctx[2] := $79622d32;
|
|
ctx[3] := $6b206574;
|
|
Move(Key, ctx[4], KeyLength);
|
|
ctx[12] := Count;
|
|
if NonceLength = 12 then
|
|
Move(Nonce, ctx[13], 12)
|
|
else if NonceLength = 8 then begin
|
|
ctx[13] := 0;
|
|
Move(Nonce, ctx[14], 8)
|
|
end else
|
|
FillChar(ctx[13], 12, 0);
|
|
end;
|
|
|
|
procedure ChaCha20Init(var Context: TChaCha20Context; const Key;
|
|
const KeyLength: Cardinal; const Nonce; const NonceLength: Cardinal;
|
|
const Count: Cardinal);
|
|
begin
|
|
ChaCha20InitCtx(Context.ctx, Key, KeyLength, Nonce, NonceLength, Count);
|
|
Context.position := 64;
|
|
Context.count64 := NonceLength <> 12;
|
|
end;
|
|
|
|
procedure ChaCha20RunRounds(var ctx, keystream: TChaCha20Ctx);
|
|
|
|
function ROTL(const x: Cardinal; const n: Byte): Cardinal;
|
|
begin
|
|
Result := (x shl n) or (x shr (32 - n));
|
|
end;
|
|
|
|
procedure CHACHA20_QR(var a, b, c, d: Cardinal);
|
|
begin
|
|
Inc(a, b); d := d xor a; d := ROTL(d, 16);
|
|
Inc(c, d); b := b xor c; b := ROTL(b, 12);
|
|
Inc(a, b); d := d xor a; d := ROTL(d, 8);
|
|
Inc(c, d); b := b xor c; b := ROTL(b, 7);
|
|
end;
|
|
|
|
begin
|
|
Move(ctx, keystream, SizeOf(ctx));
|
|
|
|
for var i := 0 to 9 do begin
|
|
CHACHA20_QR(keystream[0], keystream[4], keystream[8], keystream[12]); // column 0
|
|
CHACHA20_QR(keystream[1], keystream[5], keystream[9], keystream[13]); // column 1
|
|
CHACHA20_QR(keystream[2], keystream[6], keystream[10], keystream[14]); // column 2
|
|
CHACHA20_QR(keystream[3], keystream[7], keystream[11], keystream[15]); // column 3
|
|
CHACHA20_QR(keystream[0], keystream[5], keystream[10], keystream[15]); // diagonal 1 (main diagonal)
|
|
CHACHA20_QR(keystream[1], keystream[6], keystream[11], keystream[12]); // diagonal 2
|
|
CHACHA20_QR(keystream[2], keystream[7], keystream[8], keystream[13]); // diagonal 3
|
|
CHACHA20_QR(keystream[3], keystream[4], keystream[9], keystream[14]); // diagonal 4
|
|
end;
|
|
end;
|
|
|
|
procedure ChaCha20Crypt(var Context: TChaCha20Context; const InBuffer;
|
|
var OutBuffer; const Length: Cardinal);
|
|
|
|
procedure ChaCha20BlockNext(var ctx, keystream: TChaCha20Ctx; const count64: Boolean);
|
|
begin
|
|
ChaCha20RunRounds(ctx, keystream);
|
|
|
|
for var i := 0 to 15 do
|
|
keystream[i] := keystream[i] + ctx[i];
|
|
|
|
if count64 then begin
|
|
if ctx[12] < High(Cardinal) then
|
|
ctx[12] := ctx[12] + 1
|
|
else begin
|
|
ctx[12] := 0;
|
|
Assert(ctx[13] < High(Cardinal));
|
|
ctx[13] := ctx[13] + 1;
|
|
end;
|
|
end else begin
|
|
Assert(ctx[12] < High(Cardinal));
|
|
ctx[12] := ctx[12] + 1;
|
|
end;
|
|
end;
|
|
|
|
begin
|
|
if Length = 0 then
|
|
Exit;
|
|
|
|
var InBuf: PByte := @InBuffer;
|
|
var OutBuf: PByte := @OutBuffer;
|
|
var KeyStream: PByte := @Context.keystream;
|
|
|
|
for var I := 0 to Length-1 do begin
|
|
if Context.position >= 64 then begin
|
|
ChaCha20BlockNext(Context.ctx, Context.keystream, Context.count64);
|
|
Context.position := 0;
|
|
end;
|
|
OutBuf[I] := InBuf[I] xor KeyStream[Context.position];
|
|
Inc(Context.position);
|
|
end;
|
|
end;
|
|
|
|
procedure HChaCha20(const Key; const KeyLength: Cardinal; const Nonce;
|
|
const NonceLength: Cardinal; out SubKey: TBytes);
|
|
begin
|
|
Assert(NonceLength = 16);
|
|
var NonceBytes: PByte := @Nonce;
|
|
var ctx: TChaCha20Ctx;
|
|
ChaCha20InitCtx(ctx, Key, KeyLength, NonceBytes[4], 12, PCardinal(NonceBytes)^);
|
|
var keystream: TChaCha20Ctx;
|
|
ChaCha20RunRounds(ctx, keystream);
|
|
SetLength(SubKey, 32);
|
|
Move(keystream[0], SubKey[0], 16);
|
|
Move(keystream[12], SubKey[16], 16);
|
|
end;
|
|
|
|
procedure XChaCha20Init(var Context: TChaCha20Context; const Key;
|
|
const KeyLength: Cardinal; const Nonce; const NonceLength: Cardinal;
|
|
const Count: Cardinal);
|
|
begin
|
|
Assert(NonceLength = 24);
|
|
var SubKey: TBytes;
|
|
HChaCha20(Key, KeyLength, Nonce, 16, SubKey);
|
|
var NonceBytes: PByte := @Nonce;
|
|
ChaCha20Init(Context, SubKey[0], Length(SubKey), NonceBytes[16], 8, Count);
|
|
end;
|
|
|
|
procedure XChaCha20Crypt(var Context: TChaCha20Context; const InBuffer;
|
|
var OutBuffer; const Length: Cardinal);
|
|
begin
|
|
ChaCha20Crypt(Context, InBuffer, OutBuffer, Length);
|
|
end;
|
|
|
|
{.$DEFINE TEST}
|
|
|
|
{$IFDEF TEST}
|
|
|
|
procedure TestChaCha20;
|
|
begin
|
|
//https://datatracker.ietf.org/doc/html/rfc7539#section-2.4.2
|
|
var Buf: AnsiString := 'Ladies and Gentlemen of the class of ''99: If I could offer you only one tip for the future, sunscreen would be it.';
|
|
var BufSize := Length(Buf)*SizeOf(Buf[1]);
|
|
var Key: TBytes := [$00, $01, $02, $03, $04, $05, $06, $07, $08, $09, $0a, $0b, $0c, $0d, $0e, $0f, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $1a, $1b, $1c, $1d, $1e, $1f];
|
|
var Nonce: TBytes := [$00, $00, $00, $00, $00, $00, $00, $4a, $00, $00, $00, $00];
|
|
var Counter := 1;
|
|
var Ctx: TChaCha20Context;
|
|
|
|
ChaCha20Init(Ctx, Key[0], Length(Key), Nonce[0], Length(Nonce), Counter);
|
|
ChaCha20Crypt(Ctx, Buf[1], Buf[1], 10);
|
|
ChaCha20Crypt(Ctx, Buf[11], Buf[11], BufSize-10);
|
|
|
|
var CipherText: TBytes := [$6e, $2e, $35, $9a, $25, $68, $f9, $80, $41, $ba, $07, $28, $dd, $0d, $69, $81, $e9, $7e, $7a, $ec, $1d, $43, $60, $c2, $0a, $27, $af, $cc, $fd, $9f, $ae, $0b, $f9, $1b, $65, $c5, $52, $47, $33, $ab, $8f, $59, $3d, $ab, $cd, $62, $b3, $57, $16, $39, $d6, $24, $e6, $51, $52, $ab, $8f, $53, $0c, $35, $9f, $08, $61, $d8, $07, $ca, $0d, $bf, $50, $0d, $6a, $61, $56, $a3, $8e, $08, $8a, $22, $b6, $5e, $52, $bc, $51, $4d, $16, $cc, $f8, $06, $81, $8c, $e9, $1a, $b7, $79, $37, $36, $5a, $f9, $0b, $bf, $74, $a3, $5b, $e6, $b4, $0b, $8e, $ed, $f2, $78, $5e, $42, $87, $4d];
|
|
|
|
Assert(Length(Buf) = Length(CipherText));
|
|
for var I := 0 to Length(Buf)-1 do
|
|
Assert(Byte(Buf[I+1]) = CipherText[I]);
|
|
end;
|
|
|
|
procedure TestHChaCha20;
|
|
begin
|
|
//https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03#section-2.2.1
|
|
var Key: TBytes := [$00, $01, $02, $03, $04, $05, $06, $07, $08, $09, $0a, $0b, $0c, $0d, $0e, $0f, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $1a, $1b, $1c, $1d, $1e, $1f];
|
|
var Nonce: TBytes := [$00, $00, $00, $09, $00, $00, $00, $4a, $00, $00, $00, $00, $31, $41, $59, $27];
|
|
var SubKey: TBytes;
|
|
|
|
HChaCha20(Key[0], Length(Key), Nonce[0], Length(Nonce), SubKey);
|
|
|
|
var ExpectedSubKey: TBytes := [$82, $41, $3b, $42, $27, $b2, $7b, $fe, $d3, $0e, $42, $50, $8a, $87, $7d, $73, $a0, $f9, $e4, $d5, $8a, $74, $a8, $53, $c1, $2e, $c4, $13, $26, $d3, $ec, $dc];
|
|
|
|
Assert(Length(SubKey) = Length(ExpectedSubKey));
|
|
for var I := 0 to Length(SubKey)-1 do
|
|
Assert(SubKey[I] = ExpectedSubKey[I]);
|
|
end;
|
|
|
|
procedure TestXChaCha20;
|
|
begin
|
|
//https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03#appendix-A.2
|
|
var Buf: AnsiString := 'The dhole (pronounced "dole") is also known as the Asiatic wild dog, red dog, and whistling dog.'+' It is about the size of a German shepherd but looks more like a long-legged fox. This highly elusive and skilled jumper is classified with wolves, coyotes, jackals, and foxes in the taxonomic family Canidae.';
|
|
var BufSize := Length(Buf)*SizeOf(Buf[1]);
|
|
var Key: TBytes := [$80, $81, $82, $83, $84, $85, $86, $87, $88, $89, $8a, $8b, $8c, $8d, $8e, $8f, $90, $91, $92, $93, $94, $95, $96, $97, $98, $99, $9a, $9b, $9c, $9d, $9e, $9f];
|
|
var Nonce: TBytes := [$40, $41, $42, $43, $44, $45, $46, $47, $48, $49, $4a, $4b, $4c, $4d, $4e, $4f, $50, $51, $52, $53, $54, $55, $56, $58];
|
|
var Counter := 0;
|
|
var Ctx: TChaCha20Context;
|
|
|
|
XChaCha20Init(Ctx, Key[0], Length(Key), Nonce[0], Length(Nonce), Counter);
|
|
XChaCha20Crypt(Ctx, Buf[1], Buf[1], BufSize);
|
|
|
|
var CipherText: TBytes := [$45, $59, $ab, $ba, $4e, $48, $c1, $61, $02, $e8, $bb, $2c, $05, $e6, $94, $7f, $50, $a7, $86, $de, $16, $2f, $9b, $0b, $7e, $59, $2a, $9b, $53, $d0, $d4, $e9, $8d, $8d, $64, $10, $d5, $40, $a1, $a6, $37, $5b, $26, $d8, $0d, $ac, $e4, $fa, $b5, $23, $84, $c7, $31, $ac, $bf, $16, $a5, $92, $3c, $0c, $48, $d3, $57, $5d, $4d, $0d, $2c, $67, $3b, $66, $6f, $aa, $73, $10, $61, $27, $77, $01, $09, $3a, $6b, $f7, $a1, $58, $a8, $86, $42, $92, $a4, $1c, $48, $e3, $a9, $b4, $c0, $da, $ec, $e0, $f8, $d9, $8d, $0d, $7e, $05, $b3, $7a, $30, $7b, $bb, $66, $33, $31, $64, $ec, $9e, $1b, $24, $ea, $0d, $6c, $3f, $fd, $dc, $ec, $4f, $68, $e7, $44, $30, $56, $19, $3a, $03, $c8, $10, $e1, $13, $44, $ca, $06, $d8, $ed, $8a, $2b, $fb, $1e, $8d, $48, $cf, $a6, $bc, $0e, $b4, $e2, $46, $4b, $74, $81, $42, $40, $7c, $9f, $43, $1a, $ee, $76, $99, $60, $e1, $5b, $a8, $b9, $68, $90, $46, $6e, $f2, $45, $75, $99, $85, $23, $85, $c6, $61, $f7, $52, $ce, $20, $f9, $da, $0c, $09, $ab, $6b, $19, $df, $74, $e7, $6a, $95, $96, $74, $46, $f8, $d0, $fd, $41, $5e, $7b, $ee, $2a, $12, $a1, $14, $c2, $0e, $b5, $29, $2a, $e7, $a3, $49, $ae, $57, $78, $20, $d5, $52, $0a, $1f, $3f, $b6, $2a, $17, $ce, $6a, $7e, $68, $fa, $7c, $79, $11, $1d, $88, $60, $92, $0b, $c0, $48, $ef, $43, $fe, $84, $48, $6c, $cb, $87, $c2, $5f, $0a, $e0, $45, $f0, $cc, $e1, $e7, $98, $9a, $9a, $a2, $20, $a2, $8b, $dd, $48, $27, $e7, $51, $a2, $4a, $6d, $5c, $62, $d7, $90, $a6, $63, $93, $b9, $31, $11, $c1, $a5, $5d, $d7, $42, $1a, $10, $18, $49, $74, $c7, $c5];
|
|
|
|
Assert(Length(Buf) = Length(CipherText));
|
|
for var I := 0 to Length(Buf)-1 do
|
|
Assert(Byte(Buf[I+1]) = CipherText[I]);
|
|
end;
|
|
|
|
initialization
|
|
TestChaCha20;
|
|
TestHChaCha20;
|
|
TestXChaCha20;
|
|
|
|
{$ENDIF}
|
|
|
|
end.
|