| | | 1 | | #if CRYPTO_NATIVE |
| | | 2 | | using System.Buffers; |
| | | 3 | | using System.Buffers.Binary; |
| | | 4 | | using NLightning.Infrastructure.Crypto.Providers.Native.Constants; |
| | | 5 | | |
| | | 6 | | namespace NLightning.Infrastructure.Crypto.Providers.Native.Ciphers; |
| | | 7 | | |
| | | 8 | | using Converters; |
| | | 9 | | |
| | | 10 | | public static class HChaCha20 |
| | | 11 | | { |
| | 0 | 12 | | private static readonly uint[] s_hChacha20Constant = [0x61707865, 0x3320646E, 0x79622D32, 0x6B206574]; |
| | | 13 | | |
| | | 14 | | public static void CreateInitialState(ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, Span<uint> state) |
| | | 15 | | { |
| | 0 | 16 | | if (state.Length != XChaCha20Constants.STATE_SIZE) |
| | 0 | 17 | | throw new ArgumentException("State must be 16 bytes long", nameof(state)); |
| | | 18 | | |
| | | 19 | | // set HChaCha20 constant |
| | 0 | 20 | | s_hChacha20Constant.CopyTo(state); |
| | | 21 | | |
| | | 22 | | // set key |
| | 0 | 23 | | Span<uint> keyState = stackalloc uint[8]; |
| | 0 | 24 | | ToUint32LittleEndian(key, keyState); |
| | 0 | 25 | | keyState.CopyTo(state[4..]); |
| | | 26 | | |
| | | 27 | | // set nonce |
| | 0 | 28 | | Span<uint> nonceState = stackalloc uint[4]; |
| | 0 | 29 | | ToUint32LittleEndian(nonce, nonceState); |
| | 0 | 30 | | nonceState.CopyTo(state[^4..]); |
| | 0 | 31 | | } |
| | | 32 | | |
| | | 33 | | public static void PerformRounds(Span<uint> state) |
| | | 34 | | { |
| | 0 | 35 | | for (var i = 0; i < 10; i++) |
| | | 36 | | { |
| | 0 | 37 | | ChaCha20.QuarterRound(ref state[0], ref state[4], ref state[8], ref state[12]); |
| | 0 | 38 | | ChaCha20.QuarterRound(ref state[1], ref state[5], ref state[9], ref state[13]); |
| | 0 | 39 | | ChaCha20.QuarterRound(ref state[2], ref state[6], ref state[10], ref state[14]); |
| | 0 | 40 | | ChaCha20.QuarterRound(ref state[3], ref state[7], ref state[11], ref state[15]); |
| | 0 | 41 | | ChaCha20.QuarterRound(ref state[0], ref state[5], ref state[10], ref state[15]); |
| | 0 | 42 | | ChaCha20.QuarterRound(ref state[1], ref state[6], ref state[11], ref state[12]); |
| | 0 | 43 | | ChaCha20.QuarterRound(ref state[2], ref state[7], ref state[8], ref state[13]); |
| | 0 | 44 | | ChaCha20.QuarterRound(ref state[3], ref state[4], ref state[9], ref state[14]); |
| | | 45 | | } |
| | 0 | 46 | | } |
| | | 47 | | |
| | | 48 | | public static void CreateSubkey(ReadOnlySpan<byte> key, ReadOnlySpan<byte> nonce, Span<byte> subkey) |
| | | 49 | | { |
| | 0 | 50 | | Span<uint> state = stackalloc uint[XChaCha20Constants.STATE_SIZE]; |
| | 0 | 51 | | CreateInitialState(key, nonce, state); |
| | 0 | 52 | | PerformRounds(state); |
| | | 53 | | |
| | 0 | 54 | | FromUint32LittleEndian([state[0], state[1], state[2], state[3], state[12], state[13], state[14], state[15]], |
| | 0 | 55 | | subkey); |
| | 0 | 56 | | } |
| | | 57 | | |
| | | 58 | | private static void ToUint32LittleEndian(ReadOnlySpan<byte> buffer, Span<uint> output) |
| | | 59 | | { |
| | 0 | 60 | | var temp = ArrayPool<byte>.Shared.Rent(4); |
| | | 61 | | try |
| | | 62 | | { |
| | 0 | 63 | | var pos = 0; |
| | | 64 | | |
| | 0 | 65 | | using var ms = new MemoryStream(buffer.ToArray()); |
| | 0 | 66 | | while (pos != output.Length) |
| | | 67 | | { |
| | 0 | 68 | | ms.ReadExactly(temp, 0, 4); |
| | 0 | 69 | | output[pos] = EndianBitConverter.ToUInt32LittleEndian(temp[..4]); |
| | 0 | 70 | | pos += 1; |
| | | 71 | | } |
| | | 72 | | } |
| | | 73 | | finally |
| | | 74 | | { |
| | 0 | 75 | | ArrayPool<byte>.Shared.Return(temp); |
| | 0 | 76 | | } |
| | 0 | 77 | | } |
| | | 78 | | |
| | | 79 | | private static void FromUint32LittleEndian(ReadOnlySpan<uint> input, Span<byte> output) |
| | | 80 | | { |
| | 0 | 81 | | for (var i = 0; i < input.Length; i++) |
| | | 82 | | { |
| | 0 | 83 | | var u = input[i]; |
| | 0 | 84 | | var temp = EndianBitConverter.GetBytesLittleEndian(u); |
| | 0 | 85 | | BinaryPrimitives.WriteUInt32LittleEndian(temp, u); |
| | 0 | 86 | | temp.CopyTo(output[(i * 4)..]); |
| | | 87 | | } |
| | 0 | 88 | | } |
| | | 89 | | } |
| | | 90 | | #endif |