]> git.bitcoin.ninja Git - rust-lightning/commitdiff
Add a ChaCha20 utility for encrypting a block
authorJeffrey Czyz <jkczyz@gmail.com>
Thu, 24 Aug 2023 21:31:16 +0000 (16:31 -0500)
committerJeffrey Czyz <jkczyz@gmail.com>
Tue, 29 Aug 2023 16:08:11 +0000 (11:08 -0500)
This hides an encryption implementation detail from callers.

lightning/src/ln/inbound_payment.rs
lightning/src/util/chacha20.rs

index 956928fd7fa008c89de4713aa78586060ba635c6..25e79e3bc15db59fab2d05b7edd33bd8a6b9a7d9 100644 (file)
@@ -277,10 +277,9 @@ fn construct_payment_secret(iv_bytes: &[u8; IV_LEN], metadata_bytes: &[u8; METAD
        let (iv_slice, encrypted_metadata_slice) = payment_secret_bytes.split_at_mut(IV_LEN);
        iv_slice.copy_from_slice(iv_bytes);
 
-       let chacha_block = ChaCha20::get_single_block(metadata_key, iv_bytes);
-       for i in 0..METADATA_LEN {
-               encrypted_metadata_slice[i] = chacha_block[i] ^ metadata_bytes[i];
-       }
+       ChaCha20::encrypt_single_block(
+               metadata_key, iv_bytes, encrypted_metadata_slice, metadata_bytes
+       );
        PaymentSecret(payment_secret_bytes)
 }
 
@@ -412,11 +411,10 @@ fn decrypt_metadata(payment_secret: PaymentSecret, keys: &ExpandedKey) -> ([u8;
        let (iv_slice, encrypted_metadata_bytes) = payment_secret.0.split_at(IV_LEN);
        iv_bytes.copy_from_slice(iv_slice);
 
-       let chacha_block = ChaCha20::get_single_block(&keys.metadata_key, &iv_bytes);
        let mut metadata_bytes: [u8; METADATA_LEN] = [0; METADATA_LEN];
-       for i in 0..METADATA_LEN {
-               metadata_bytes[i] = chacha_block[i] ^ encrypted_metadata_bytes[i];
-       }
+       ChaCha20::encrypt_single_block(
+               &keys.metadata_key, &iv_bytes, &mut metadata_bytes, encrypted_metadata_bytes
+       );
 
        (iv_bytes, metadata_bytes)
 }
index c729e6847470e024858911793b9273592b0f7fb6..07567ea8a5388a6da1f56f6d71441b1b780676c1 100644 (file)
@@ -159,6 +159,20 @@ mod real_chacha {
                        chacha_bytes
                }
 
+               /// Encrypts `src` into `dest` using a single block from a ChaCha stream. Passing `dest` as
+               /// `src` in a second call will decrypt it.
+               pub fn encrypt_single_block(
+                       key: &[u8; 32], nonce: &[u8; 16], dest: &mut [u8], src: &[u8]
+               ) {
+                       debug_assert_eq!(dest.len(), src.len());
+                       debug_assert!(dest.len() <= 32);
+
+                       let block = ChaCha20::get_single_block(key, nonce);
+                       for i in 0..dest.len() {
+                               dest[i] = block[i] ^ src[i];
+                       }
+               }
+
                fn expand(key: &[u8], nonce: &[u8]) -> ChaChaState {
                        let constant = match key.len() {
                                16 => b"expand 16-byte k",
@@ -290,6 +304,13 @@ mod fuzzy_chacha {
                        [0; 32]
                }
 
+               pub fn encrypt_single_block(
+                       _key: &[u8; 32], _nonce: &[u8; 16], dest: &mut [u8], src: &[u8]
+               ) {
+                       debug_assert_eq!(dest.len(), src.len());
+                       debug_assert!(dest.len() <= 32);
+               }
+
                pub fn process(&mut self, input: &[u8], output: &mut [u8]) {
                        output.copy_from_slice(input);
                }
@@ -618,4 +639,27 @@ mod test {
 
                assert_eq!(ChaCha20::get_single_block(&key, &nonce_16bytes), block_bytes);
        }
+
+       #[test]
+       fn encrypt_single_block() {
+               let key = [
+                       0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+                       0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                       0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+               ];
+               let nonce = [
+                       0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+                       0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+               ];
+               let bytes = [1; 32];
+
+               let mut encrypted_bytes = [0; 32];
+               ChaCha20::encrypt_single_block(&key, &nonce, &mut encrypted_bytes, &bytes);
+
+               let mut decrypted_bytes = [0; 32];
+               ChaCha20::encrypt_single_block(&key, &nonce, &mut decrypted_bytes, &encrypted_bytes);
+
+               assert_eq!(bytes, decrypted_bytes);
+       }
 }