laantungir/otp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 35 Wiki Activity

Version v0.3.37 - Implement ChaCha20 nonce extension to support pads larger than 256GB

Browse Source
This commit is contained in:
Laan Tungir
2025-12-24 10:00:27 -05:00
parent 2c311a9a61
commit 977da58a3b
5 changed files with 366 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/entropy.c
View File

@@ -219,8 +219,22 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
unsigned char buffer[64 * 1024]; // 64KB chunks
unsigned char keystream[64 * 1024];
uint64_t offset = 0;
uint32_t counter = 0;
uint32_t counter_low = 0;
uint32_t counter_high = 0;
time_t start_time = time(NULL);
// Use extended counter for pads larger than 256GB
// 256GB = 2^32 blocks * 64 bytes = 274,877,906,944 bytes
int use_extended = (pad_size > 274877906944ULL);
// For extended mode, use reduced 8-byte nonce
unsigned char nonce_reduced[8];
if (use_extended) {
memcpy(nonce_reduced, nonce + 4, 8);
if (display_progress) {
printf("Using extended counter mode for large pad (>256GB)\n");
}
}
while (offset < pad_size) {
size_t chunk_size = sizeof(buffer);
@@ -237,7 +251,15 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
}
// Generate keystream for this chunk
if (chacha20_encrypt(key, counter, nonce, buffer, keystream, chunk_size) != 0) {
int chacha_result;
if (use_extended) {
chacha_result = chacha20_encrypt_extended(key, counter_low, counter_high,
nonce_reduced, buffer, keystream, chunk_size);
} else {
chacha_result = chacha20_encrypt(key, counter_low, nonce, buffer, keystream, chunk_size);
}
if (chacha_result != 0) {
printf("Error: Chacha20 keystream generation failed\n");
fclose(pad_file);
chmod(pad_path, S_IRUSR);
@@ -265,7 +287,16 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
}
offset += chunk_size;
counter += (chunk_size + 63) / 64; // Round up for block count
// Update counters
uint32_t blocks = (chunk_size + 63) / 64; // Round up for block count
uint32_t old_counter_low = counter_low;
counter_low += blocks;
// Check for overflow and increment high counter
if (counter_low < old_counter_low) {
counter_high++;
}
// Show progress for large pads
if (display_progress && offset % (64 * 1024 * 1024) == 0) { // Every 64MB
@@ -282,7 +313,8 @@ int add_entropy_chacha20(const char* pad_chksum, const unsigned char* entropy_da
if (display_progress) {
show_progress(pad_size, pad_size, start_time);
printf("\n✓ Entropy successfully added to pad using Chacha20\n");
printf("\n✓ Entropy successfully added to pad using Chacha20%s\n",
use_extended ? " (extended counter)" : "");
printf("✓ Pad integrity maintained\n");
printf("✓ %zu bytes of entropy distributed across entire pad\n", entropy_size);
printf("✓ Pad restored to read-only mode\n");

46
src/nostr_chacha20.c
View File

@@ -129,8 +129,8 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
return 0;
}
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
uint8_t* output, size_t length) {
uint8_t keystream[CHACHA20_BLOCK_SIZE];
size_t offset = 0;
@@ -161,3 +161,45 @@ int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
return 0;
}
int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
uint32_t counter_high, const uint8_t nonce[8],
const uint8_t* input, uint8_t* output, size_t length) {
uint8_t keystream[CHACHA20_BLOCK_SIZE];
uint8_t extended_nonce[12];
size_t offset = 0;
while (length > 0) {
/* Build extended 12-byte nonce: [counter_high (4 bytes)][nonce (8 bytes)] */
u32_to_bytes_le(counter_high, extended_nonce);
memcpy(extended_nonce + 4, nonce, 8);
/* Generate keystream block using extended nonce */
int ret = chacha20_block(key, counter_low, extended_nonce, keystream);
if (ret != 0) {
return ret;
}
/* XOR with input to produce output */
size_t block_len = (length < CHACHA20_BLOCK_SIZE) ? length : CHACHA20_BLOCK_SIZE;
for (size_t i = 0; i < block_len; i++) {
output[offset + i] = input[offset + i] ^ keystream[i];
}
/* Move to next block */
offset += block_len;
length -= block_len;
counter_low++;
/* Check for counter_low overflow and increment counter_high */
if (counter_low == 0) {
counter_high++;
/* Check for counter_high overflow (extremely unlikely - > 1 exabyte) */
if (counter_high == 0) {
return -1; /* Extended counter wrapped around */
}
}
}
return 0;
}

27
src/nostr_chacha20.h
View File

@@ -63,10 +63,10 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
/**
* ChaCha20 encryption/decryption
*
*
* Encrypts or decrypts data using ChaCha20 stream cipher.
* Since ChaCha20 is a stream cipher, encryption and decryption are the same operation.
*
*
* @param key[in] 32-byte key
* @param counter[in] Initial 32-bit counter value
* @param nonce[in] 12-byte nonce
@@ -75,10 +75,29 @@ int chacha20_block(const uint8_t key[32], uint32_t counter,
* @param length[in] Length of input data in bytes
* @return 0 on success, negative on error
*/
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
int chacha20_encrypt(const uint8_t key[32], uint32_t counter,
const uint8_t nonce[12], const uint8_t* input,
uint8_t* output, size_t length);
/**
* ChaCha20 encryption/decryption with extended counter (64-bit)
*
* Extended version that supports files larger than 256GB by using
* part of the nonce as a high-order counter extension.
*
* @param key[in] 32-byte key
* @param counter_low[in] Initial 32-bit counter value (low bits)
* @param counter_high[in] Initial 32-bit counter value (high bits)
* @param nonce[in] 8-byte reduced nonce (instead of 12)
* @param input[in] Input data to encrypt/decrypt
* @param output[out] Output buffer (can be same as input)
* @param length[in] Length of input data in bytes
* @return 0 on success, negative on error
*/
int chacha20_encrypt_extended(const uint8_t key[32], uint32_t counter_low,
uint32_t counter_high, const uint8_t nonce[8],
const uint8_t* input, uint8_t* output, size_t length);
/*
* ============================================================================
* UTILITY FUNCTIONS

BIN
tests/test_chacha20_extended Executable file
View File

Binary file not shown.

263
tests/test_chacha20_extended.c Normal file
View File

@@ -0,0 +1,263 @@
/*
* test_chacha20_extended.c - Test ChaCha20 extended counter implementation
*
* This test verifies that the extended counter properly handles:
* 1. Counter overflow at 2^32 blocks (256GB boundary)
* 2. Correct keystream generation across the overflow boundary
* 3. No duplicate keystream blocks
*/
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "../src/nostr_chacha20.h"
#define TEST_BLOCK_SIZE 64
#define BLOCKS_NEAR_OVERFLOW 10 // Test blocks around overflow point
// Test helper: Compare two blocks for equality
int blocks_equal(const uint8_t* block1, const uint8_t* block2, size_t len) {
return memcmp(block1, block2, len) == 0;
}
// Test 1: Verify extended counter handles overflow correctly
int test_counter_overflow() {
printf("Test 1: Counter overflow handling\n");
printf(" Testing counter transition from 0xFFFFFFFF to 0x00000000...\n");
uint8_t key[32];
uint8_t nonce[8];
uint8_t input[TEST_BLOCK_SIZE];
uint8_t output1[TEST_BLOCK_SIZE];
uint8_t output2[TEST_BLOCK_SIZE];
uint8_t output3[TEST_BLOCK_SIZE];
// Initialize test data
memset(key, 0xAA, 32);
memset(nonce, 0xBB, 8);
memset(input, 0, TEST_BLOCK_SIZE);
// Test at counter_low = 0xFFFFFFFE, counter_high = 0
uint32_t counter_low = 0xFFFFFFFE;
uint32_t counter_high = 0;
printf(" Block at counter_low=0xFFFFFFFE, counter_high=0...\n");
if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce,
input, output1, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Error at counter_low=0xFFFFFFFE\n");
return 1;
}
// Test at counter_low = 0xFFFFFFFF, counter_high = 0
counter_low = 0xFFFFFFFF;
printf(" Block at counter_low=0xFFFFFFFF, counter_high=0...\n");
if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce,
input, output2, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Error at counter_low=0xFFFFFFFF\n");
return 1;
}
// Test at counter_low = 0x00000000, counter_high = 1 (after overflow)
counter_low = 0x00000000;
counter_high = 1;
printf(" Block at counter_low=0x00000000, counter_high=1...\n");
if (chacha20_encrypt_extended(key, counter_low, counter_high, nonce,
input, output3, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Error at counter_low=0x00000000, counter_high=1\n");
return 1;
}
// Verify all three blocks are different (no keystream reuse)
if (blocks_equal(output1, output2, TEST_BLOCK_SIZE)) {
printf(" ❌ FAILED: Blocks at 0xFFFFFFFE and 0xFFFFFFFF are identical!\n");
return 1;
}
if (blocks_equal(output2, output3, TEST_BLOCK_SIZE)) {
printf(" ❌ FAILED: Blocks at 0xFFFFFFFF,0 and 0x00000000,1 are identical!\n");
return 1;
}
if (blocks_equal(output1, output3, TEST_BLOCK_SIZE)) {
printf(" ❌ FAILED: Blocks at 0xFFFFFFFE,0 and 0x00000000,1 are identical!\n");
return 1;
}
printf(" ✓ All blocks are unique across overflow boundary\n");
printf(" ✓ PASSED\n\n");
return 0;
}
// Test 2: Simulate processing data that crosses 256GB boundary
int test_large_file_simulation() {
printf("Test 2: Large file simulation (256GB+ boundary)\n");
printf(" Simulating processing across 256GB boundary...\n");
uint8_t key[32];
uint8_t nonce[8];
uint8_t input[1024];
uint8_t output[1024];
// Initialize test data
memset(key, 0x55, 32);
memset(nonce, 0x77, 8);
for (int i = 0; i < 1024; i++) {
input[i] = i & 0xFF;
}
// Simulate being at 256GB - 512 bytes (just before overflow)
// 256GB = 2^32 blocks * 64 bytes = 274,877,906,944 bytes
// Block number at 256GB - 512 bytes = 2^32 - 8 blocks
uint32_t counter_low = 0xFFFFFFF8; // 2^32 - 8
uint32_t counter_high = 0;
printf(" Processing 1KB starting at block 0xFFFFFFF8 (256GB - 512 bytes)...\n");
// This should cross the overflow boundary
int result = chacha20_encrypt_extended(key, counter_low, counter_high, nonce,
input, output, 1024);
if (result != 0) {
printf(" ❌ FAILED: Error processing data across 256GB boundary\n");
return 1;
}
printf(" ✓ Successfully processed data across 256GB boundary\n");
printf(" ✓ PASSED\n\n");
return 0;
}
// Test 3: Verify extended vs standard ChaCha20 compatibility
int test_compatibility() {
printf("Test 3: Compatibility with standard ChaCha20\n");
printf(" Verifying extended mode matches standard mode when counter_high=0...\n");
uint8_t key[32];
uint8_t nonce_standard[12];
uint8_t nonce_reduced[8];
uint8_t input[TEST_BLOCK_SIZE];
uint8_t output_standard[TEST_BLOCK_SIZE];
uint8_t output_extended[TEST_BLOCK_SIZE];
// Initialize test data
memset(key, 0x33, 32);
memset(nonce_standard, 0x44, 12);
memcpy(nonce_reduced, nonce_standard + 4, 8); // Extract last 8 bytes
memset(input, 0, TEST_BLOCK_SIZE);
uint32_t counter = 42;
// Standard ChaCha20
if (chacha20_encrypt(key, counter, nonce_standard, input,
output_standard, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Standard ChaCha20 error\n");
return 1;
}
// Extended ChaCha20 with counter_high=0 and matching nonce
// The extended version builds nonce as [counter_high][nonce_reduced]
// So we need to ensure the first 4 bytes of nonce_standard are 0
uint8_t nonce_standard_zero[12] = {0};
memcpy(nonce_standard_zero + 4, nonce_reduced, 8);
if (chacha20_encrypt(key, counter, nonce_standard_zero, input,
output_standard, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Standard ChaCha20 error\n");
return 1;
}
if (chacha20_encrypt_extended(key, counter, 0, nonce_reduced, input,
output_extended, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED: Extended ChaCha20 error\n");
return 1;
}
// Compare outputs
if (!blocks_equal(output_standard, output_extended, TEST_BLOCK_SIZE)) {
printf(" ❌ FAILED: Extended mode output differs from standard mode\n");
printf(" First 16 bytes of standard: ");
for (int i = 0; i < 16; i++) printf("%02x ", output_standard[i]);
printf("\n First 16 bytes of extended: ");
for (int i = 0; i < 16; i++) printf("%02x ", output_extended[i]);
printf("\n");
return 1;
}
printf(" ✓ Extended mode matches standard mode when counter_high=0\n");
printf(" ✓ PASSED\n\n");
return 0;
}
// Test 4: Stress test - verify no errors at extreme counter values
int test_extreme_values() {
printf("Test 4: Extreme counter values\n");
printf(" Testing at various extreme counter positions...\n");
uint8_t key[32];
uint8_t nonce[8];
uint8_t input[TEST_BLOCK_SIZE];
uint8_t output[TEST_BLOCK_SIZE];
memset(key, 0x99, 32);
memset(nonce, 0x66, 8);
memset(input, 0, TEST_BLOCK_SIZE);
// Test various extreme positions
struct {
uint32_t counter_low;
uint32_t counter_high;
const char* description;
} test_cases[] = {
{0x00000000, 0, "Start of first 256GB segment"},
{0xFFFFFFFF, 0, "End of first 256GB segment"},
{0x00000000, 1, "Start of second 256GB segment"},
{0xFFFFFFFF, 1, "End of second 256GB segment"},
{0x00000000, 0xFFFF, "Start of segment 65535"},
{0xFFFFFFFF, 0xFFFF, "End of segment 65535"},
};
for (size_t i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
printf(" Testing: %s (0x%08X, 0x%08X)...\n",
test_cases[i].description,
test_cases[i].counter_low,
test_cases[i].counter_high);
if (chacha20_encrypt_extended(key, test_cases[i].counter_low,
test_cases[i].counter_high, nonce,
input, output, TEST_BLOCK_SIZE) != 0) {
printf(" ❌ FAILED at %s\n", test_cases[i].description);
return 1;
}
}
printf(" ✓ All extreme values handled correctly\n");
printf(" ✓ PASSED\n\n");
return 0;
}
int main() {
printf("=================================================================\n");
printf("ChaCha20 Extended Counter Test Suite\n");
printf("=================================================================\n\n");
int failures = 0;
failures += test_counter_overflow();
failures += test_large_file_simulation();
failures += test_compatibility();
failures += test_extreme_values();
printf("=================================================================\n");
if (failures == 0) {
printf("✓ ALL TESTS PASSED\n");
printf("=================================================================\n");
printf("\nThe extended counter implementation is working correctly.\n");
printf("It can now handle pads larger than 256GB without overflow errors.\n");
return 0;
} else {
printf("❌ %d TEST(S) FAILED\n", failures);
printf("=================================================================\n");
return 1;
}
}