Fixed byte order for count/nonce for chacha and salsa (now it is the same as in the reference implementations)

2016-08-08 14:18:11 +02:00 · 2016-08-08 14:18:11 +02:00 · f09a006b27
commit f09a006b27
parent 91df0c722b
3 changed files with 19 additions and 7 deletions
--- a/source/bitmanip.d
+++ b/source/bitmanip.d
@ -2,7 +2,7 @@ module bitmanip;

 private import std.traits : isUnsigned;

-private import std.bitmanip : nativeToLittleEndian, littleEndianToNative;
+private import std.bitmanip : nativeToLittleEndian, littleEndianToNative, nativeToBigEndian, bigEndianToNative;

 UIntType rotateLeft(UIntType)(in UIntType val, in size_t len) nothrow @nogc pure @safe 
        if (isUnsigned!UIntType)
@ -49,6 +49,19 @@ body
    return littleEndianToNative!uint(buf);
 }

+alias bigEndianInv = nativeToBigEndian;
+
+uint bigEndian(in ubyte[] input) @safe pure nothrow @nogc
+in
+{
+    assert(input.length == uint.sizeof);
+}
+body
+{
+    ubyte[uint.sizeof] buf = input;
+    return bigEndianToNative!uint(buf);
+}
+
 unittest
 {
    ubyte[] test0 = [0, 0, 0, 0];
--- a/source/chacha20.d
+++ b/source/chacha20.d
@ -40,8 +40,7 @@ auto chacha20Cipher(R)(R range, ubyte[32] key, ubyte[8] nonce)
            assert(!empty);
            if (++chachaCounter == 64)
            {
-                chachaSection = chacha20Exp(key, concat!(ubyte[16])(nonce,
-                        littleEndianInv(++count)));
+                chachaSection = chacha20Exp(key, concat!(ubyte[16])(bigEndianInv(++count), nonce));
                chachaCounter = 0;
            }
            range.popFront();
@ -56,8 +55,8 @@ auto chacha20Cipher(R)(R range, ubyte[32] key, ubyte[8] nonce)
        }
    }

-    return rangeResult(0UL, range, chacha20Exp(key, concat!(ubyte[16])(nonce,
-            littleEndianInv(0UL))));
+    return rangeResult(0UL, range, chacha20Exp(key, concat!(ubyte[16])([0,
+            0, 0, 0, 0, 0, 0, 0], nonce)));
 }

 // TODO: Create more unittests!!!
--- a/source/salsa20.d
+++ b/source/salsa20.d
@ -41,7 +41,7 @@ auto salsa20Cipher(R)(R range, ubyte[32] key, ubyte[8] nonce)
            if (++salsaCounter == 64)
            {
                salsaSection = salsa20Exp(key, concat!(ubyte[16])(nonce,
-                        littleEndianInv(++count)));
+                        bigEndianInv(++count)));
                salsaCounter = 0;
            }
            range.popFront();
@ -57,7 +57,7 @@ auto salsa20Cipher(R)(R range, ubyte[32] key, ubyte[8] nonce)
    }

    return rangeResult(0UL, range, salsa20Exp(key, concat!(ubyte[16])(nonce,
-            littleEndianInv(0UL))));
+            [0, 0, 0, 0, 0, 0, 0, 0])));
 }

 // TODO: Create more unittests!!!