Add a ChaCha20 utility for encrypting a block

jkczyz · jkczyz · commit 473248452083 · 2023-08-29T11:08:11.000-05:00
This hides an encryption implementation detail from callers.
diff --git a/lightning/src/ln/inbound_payment.rs b/lightning/src/ln/inbound_payment.rs
@@ -277,10 +277,9 @@ fn construct_payment_secret(iv_bytes: &[u8; IV_LEN], metadata_bytes: &[u8; METAD
 	let (iv_slice, encrypted_metadata_slice) = payment_secret_bytes.split_at_mut(IV_LEN);
 	iv_slice.copy_from_slice(iv_bytes);
 
-	let chacha_block = ChaCha20::get_single_block(metadata_key, iv_bytes);
-	for i in 0..METADATA_LEN {
-		encrypted_metadata_slice[i] = chacha_block[i] ^ metadata_bytes[i];
-	}
+	ChaCha20::encrypt_single_block(
+		metadata_key, iv_bytes, encrypted_metadata_slice, metadata_bytes
+	);
 	PaymentSecret(payment_secret_bytes)
 }
 
@@ -412,11 +411,10 @@ fn decrypt_metadata(payment_secret: PaymentSecret, keys: &ExpandedKey) -> ([u8;
 	let (iv_slice, encrypted_metadata_bytes) = payment_secret.0.split_at(IV_LEN);
 	iv_bytes.copy_from_slice(iv_slice);
 
-	let chacha_block = ChaCha20::get_single_block(&keys.metadata_key, &iv_bytes);
 	let mut metadata_bytes: [u8; METADATA_LEN] = [0; METADATA_LEN];
-	for i in 0..METADATA_LEN {
-		metadata_bytes[i] = chacha_block[i] ^ encrypted_metadata_bytes[i];
-	}
+	ChaCha20::encrypt_single_block(
+		&keys.metadata_key, &iv_bytes, &mut metadata_bytes, encrypted_metadata_bytes
+	);
 
 	(iv_bytes, metadata_bytes)
 }
diff --git a/lightning/src/util/chacha20.rs b/lightning/src/util/chacha20.rs
@@ -159,6 +159,20 @@ mod real_chacha {
 			chacha_bytes
 		}
 
+		/// Encrypts `src` into `dest` using a single block from a ChaCha stream. Passing `dest` as
+		/// `src` in a second call will decrypt it.
+		pub fn encrypt_single_block(
+			key: &[u8; 32], nonce: &[u8; 16], dest: &mut [u8], src: &[u8]
+		) {
+			debug_assert_eq!(dest.len(), src.len());
+			debug_assert!(dest.len() <= 32);
+
+			let block = ChaCha20::get_single_block(key, nonce);
+			for i in 0..dest.len() {
+				dest[i] = block[i] ^ src[i];
+			}
+		}
+
 		fn expand(key: &[u8], nonce: &[u8]) -> ChaChaState {
 			let constant = match key.len() {
 				16 => b"expand 16-byte k",
@@ -290,6 +304,13 @@ mod fuzzy_chacha {
 			[0; 32]
 		}
 
+		pub fn encrypt_single_block(
+			_key: &[u8; 32], _nonce: &[u8; 16], dest: &mut [u8], src: &[u8]
+		) {
+			debug_assert_eq!(dest.len(), src.len());
+			debug_assert!(dest.len() <= 32);
+		}
+
 		pub fn process(&mut self, input: &[u8], output: &mut [u8]) {
 			output.copy_from_slice(input);
 		}
@@ -618,4 +639,27 @@ mod test {
 
 		assert_eq!(ChaCha20::get_single_block(&key, &nonce_16bytes), block_bytes);
 	}
+
+	#[test]
+	fn encrypt_single_block() {
+		let key = [
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		];
+		let nonce = [
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		];
+		let bytes = [1; 32];
+
+		let mut encrypted_bytes = [0; 32];
+		ChaCha20::encrypt_single_block(&key, &nonce, &mut encrypted_bytes, &bytes);
+
+		let mut decrypted_bytes = [0; 32];
+		ChaCha20::encrypt_single_block(&key, &nonce, &mut decrypted_bytes, &encrypted_bytes);
+
+		assert_eq!(bytes, decrypted_bytes);
+	}
 }
