diff --git a/CMakeLists.txt b/CMakeLists.txt index 5c48a68..2330202 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -137,7 +137,6 @@ file(GLOB_RECURSE LIB_SRC ${CMAKE_CURRENT_SOURCE_DIR}/app/src/parser_impl.c ${CMAKE_CURRENT_SOURCE_DIR}/app/src/parser_impl_common.c ${CMAKE_CURRENT_SOURCE_DIR}/app/src/crypto_helper.c - ${CMAKE_CURRENT_SOURCE_DIR}/app/src/crypto_helper/chacha.c # ### ${CMAKE_CURRENT_SOURCE_DIR}/deps/blake2/ref/blake2b-ref.c @@ -150,7 +149,6 @@ target_include_directories(app_lib PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/deps/ledger-zxlib/include ${CMAKE_CURRENT_SOURCE_DIR}/app/src ${CMAKE_CURRENT_SOURCE_DIR}/app/src/lib - ${CMAKE_CURRENT_SOURCE_DIR}/app/src/crypto_helper ${CMAKE_CURRENT_SOURCE_DIR}/app/src/common ${CMAKE_CURRENT_SOURCE_DIR}/app/rust/include ${CMAKE_CURRENT_SOURCE_DIR}/deps/blake2/ref diff --git a/app/rust/Cargo.lock b/app/rust/Cargo.lock index 7fee2cf..fb3d0fe 100644 --- a/app/rust/Cargo.lock +++ b/app/rust/Cargo.lock @@ -2,6 +2,16 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + [[package]] name = "arrayref" version = "0.3.9" @@ -48,12 +58,72 @@ dependencies = [ "subtle", ] +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + [[package]] name = "constant_time_eq" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c74b8349d32d297c9134b8c88677813a227df8f779daa29bfc29c183fe3dca6" +[[package]] +name = "cpufeatures" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + [[package]] name = "ff" version = "0.13.0" @@ -70,6 +140,16 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + [[package]] name = "group" version = "0.13.0" @@ -81,6 +161,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + [[package]] name = "jubjub" version = "0.10.0" @@ -95,12 +184,35 @@ dependencies = [ "subtle", ] +[[package]] +name = "libc" +version = "0.2.159" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + [[package]] name = "panic-halt" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de96540e0ebde571dc55c73d60ef407c653844e6f9a1e2fdbd40c07b9252d812" +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "radium" version = "0.7.0" @@ -118,6 +230,7 @@ name = "rslib" version = "0.1.0" dependencies = [ "blake2b_simd", + "chacha20poly1305", "jubjub", "panic-halt", ] @@ -134,6 +247,28 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + [[package]] name = "wyz" version = "0.5.1" @@ -142,3 +277,9 @@ checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" dependencies = [ "tap", ] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/app/rust/Cargo.toml b/app/rust/Cargo.toml index 32e6a03..6b2bcc1 100644 --- a/app/rust/Cargo.toml +++ b/app/rust/Cargo.toml @@ -14,6 +14,7 @@ crate-type = ["staticlib"] [dependencies] jubjub = { version = "0.10.0", default-features = false } blake2b_simd = { version = "1.0.0", default-features = false } +chacha20poly1305 = { version = "0.10.1", default-features = false } [target.thumbv6m-none-eabi.dev-dependencies] panic-halt = "0.2.0" diff --git a/app/rust/include/rslib.h b/app/rust/include/rslib.h index 4dd71f8..86a4b3f 100644 --- a/app/rust/include/rslib.h +++ b/app/rust/include/rslib.h @@ -17,6 +17,10 @@ parser_error_t compute_sbar(const uint8_t s[KEY_LENGTH], const uint8_t r[KEY_LEN uint8_t sbar[32]); parser_error_t shared_secret(uint8_t secret_key[32], uint8_t other_public_key[32], const uint8_t reference_public_key[32], uint8_t output[32]); +parser_error_t decrypt_note_encryption_keys(const uint8_t key[KEY_LENGTH], const uint8_t note_encryption_keys[80], + uint8_t output[ENCRYPTED_SHARED_KEY_SIZE]); +parser_error_t decrypt_note(const uint8_t key[KEY_LENGTH], const uint8_t note[ENCRYPTED_NOTE_SIZE + MAC_SIZE], + uint8_t output[ENCRYPTED_NOTE_SIZE]); #ifdef __cplusplus } #endif diff --git a/app/rust/src/constants.rs b/app/rust/src/constants.rs index cd78861..08525e9 100644 --- a/app/rust/src/constants.rs +++ b/app/rust/src/constants.rs @@ -74,7 +74,7 @@ pub const MEMO_SIZE: usize = 32; pub const AMOUNT_VALUE_SIZE: usize = 8; pub const ASSET_ID_LENGTH: usize = 32; pub const PUBLIC_ADDRESS_SIZE: usize = 32; - +pub const EPHEMEREAL_PUBLIC_KEY_SIZE: usize = 32; pub const ENCRYPTED_NOTE_SIZE: usize = SCALAR_SIZE + MEMO_SIZE + AMOUNT_VALUE_SIZE + ASSET_ID_LENGTH + PUBLIC_ADDRESS_SIZE; diff --git a/app/rust/src/lib.rs b/app/rust/src/lib.rs index ed8e591..10a4917 100644 --- a/app/rust/src/lib.rs +++ b/app/rust/src/lib.rs @@ -19,9 +19,11 @@ use core::panic::PanicInfo; +use chacha20poly1305::{aead::generic_array::GenericArray, ChaCha20Poly1305, Key, KeyInit, Nonce}; use constants::{ - DIFFIE_HELLMAN_PERSONALIZATION, ENCRYPTED_NOTE_SIZE, ENCRYPTED_SHARED_KEY_SIZE, MAC_SIZE, - NOTE_ENCRYPTION_KEY_SIZE, SHARED_KEY_PERSONALIZATION, SPENDING_KEY_GENERATOR, + DIFFIE_HELLMAN_PERSONALIZATION, ENCRYPTED_NOTE_SIZE, ENCRYPTED_SHARED_KEY_SIZE, + EPHEMEREAL_PUBLIC_KEY_SIZE, MAC_SIZE, NOTE_ENCRYPTION_KEY_SIZE, SHARED_KEY_PERSONALIZATION, + SPENDING_KEY_GENERATOR, }; mod constants; @@ -150,6 +152,52 @@ pub extern "C" fn shared_secret( ParserError::ParserOk } +fn decrypt( + key: &[u8; 32], + ciphertext: &[u8], + plaintext: &mut [u8; SIZE], +) -> ParserError { + use chacha20poly1305::AeadInPlace; + + // Check if the ciphertext length is sufficient + if ciphertext.len() < SIZE { + return ParserError::ParserUnexpectedError; // Return an error if insufficient data + } + + let decryptor = ChaCha20Poly1305::new(Key::from_slice(key)); + + plaintext.copy_from_slice(&ciphertext[..SIZE]); + + // Attempt decryption + match decryptor.decrypt_in_place_detached( + &Nonce::default(), + &[], + plaintext, + ciphertext[SIZE..].into(), + ) { + Ok(_) => ParserError::ParserOk, + Err(_) => ParserError::ParserUnexpectedError, // Handle decryption failure + } +} + +#[no_mangle] +pub extern "C" fn decrypt_note_encryption_keys( + key: &[u8; 32], + ciphertext: &[u8; NOTE_ENCRYPTION_KEY_SIZE], + output: &mut [u8; ENCRYPTED_SHARED_KEY_SIZE], +) -> ParserError { + decrypt::(key, ciphertext, output) +} + +#[no_mangle] +pub extern "C" fn decrypt_note( + shared_key: &[u8; 32], + ciphertext: &[u8; ENCRYPTED_NOTE_SIZE + MAC_SIZE], + output: &mut [u8; ENCRYPTED_NOTE_SIZE], +) -> ParserError { + decrypt::(shared_key, ciphertext, output) +} + #[cfg(not(test))] #[panic_handler] fn panic(_info: &PanicInfo) -> ! { diff --git a/app/src/crypto_helper.c b/app/src/crypto_helper.c index eedcb3f..8d55a45 100644 --- a/app/src/crypto_helper.c +++ b/app/src/crypto_helper.c @@ -18,7 +18,6 @@ #include #include "coin.h" -#include "crypto_helper/chacha.h" #include "keys_personalizations.h" #include "rslib.h" #include "zxformat.h" @@ -271,12 +270,7 @@ parser_error_t crypto_decrypt_merkle_note(parser_tx_t *txObj, const uint8_t *m_n // Decrypt the note encryption keys uint8_t note_encryption_key[ENCRYPTED_SHARED_KEY_SIZE] = {0}; - uint8_t cc_nonce[CHACHA_NONCE_SIZE] = {0}; - CHECK_ERROR(chacha(note_encryption_key, sizeof(note_encryption_key), m_note + NOTE_ENCRYPTION_KEYS_OFFSET, - ENCRYPTED_SHARED_KEY_SIZE, encryption_key, cc_nonce, 1)); -#if defined(LEDGER_SPECIFIC) - io_seproxyhal_io_heartbeat(); -#endif + CHECK_ERROR(decrypt_note_encryption_keys(encryption_key, m_note + NOTE_ENCRYPTION_KEYS_OFFSET, note_encryption_key)); CHECK_APP_CANARY() // Extract public address and secret key from the note encryption key @@ -289,17 +283,14 @@ parser_error_t crypto_decrypt_merkle_note(parser_tx_t *txObj, const uint8_t *m_n uint8_t shared_key[32] = {0}; const uint8_t *ephemeral_public_key = m_note + VALUE_COMMITMENT_SIZE + NOTE_COMMITMENT_SIZE; CHECK_ERROR(shared_secret(secret_key, public_address, ephemeral_public_key, shared_key)); -#if defined(LEDGER_SPECIFIC) - io_seproxyhal_io_heartbeat(); -#endif CHECK_APP_CANARY() // Finally decrypt the note uint8_t plain_text[ENCRYPTED_NOTE_SIZE] = {0}; - CHECK_ERROR(chacha(plain_text, sizeof(plain_text), m_note + ENCRYPTED_NOTE_OFFSET, ENCRYPTED_NOTE_SIZE, shared_key, - cc_nonce, 1)); + CHECK_ERROR(decrypt_note(shared_key, m_note + ENCRYPTED_NOTE_OFFSET, plain_text)); + #if defined(LEDGER_SPECIFIC) - io_seproxyhal_io_heartbeat(); + io_seproxyhal_io_heartbeat(); #endif CHECK_APP_CANARY() // Fill the txObj with the decrypted note diff --git a/app/src/crypto_helper/chacha.c b/app/src/crypto_helper/chacha.c deleted file mode 100644 index 0652632..0000000 --- a/app/src/crypto_helper/chacha.c +++ /dev/null @@ -1,139 +0,0 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -// Adapted from the public domain, estream code by D. Bernstein. -// Adapted by Zondax - -#include "chacha.h" - -#include "coin.h" -#if defined(LEDGER_SPECIFIC) -#include "cx.h" -#include "os.h" -#endif -#include "zxmacros.h" - -#define U8TO32_LITTLE(p) \ - (((uint32_t)((p)[0])) | ((uint32_t)((p)[1]) << 8) | ((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24)) -// sigma contains the ChaCha constants, which happen to be an ASCII string. -static const uint8_t sigma[16] = {'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}; -#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n)))) -// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. -#define QUARTERROUND(a, b, c, d) \ - x[a] += x[b]; \ - x[d] = ROTATE(x[d] ^ x[a], 16); \ - x[c] += x[d]; \ - x[b] = ROTATE(x[b] ^ x[c], 12); \ - x[a] += x[b]; \ - x[d] = ROTATE(x[d] ^ x[a], 8); \ - x[c] += x[d]; \ - x[b] = ROTATE(x[b] ^ x[c], 7); - -void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32], const uint8_t nonce[16]) { - uint32_t x[16]; - MEMCPY(x, sigma, sizeof(sigma)); - MEMCPY(&x[4], key, 32); - MEMCPY(&x[12], nonce, 16); - for (size_t i = 0; i < 20; i += 2) { - QUARTERROUND(0, 4, 8, 12) - QUARTERROUND(1, 5, 9, 13) - QUARTERROUND(2, 6, 10, 14) - QUARTERROUND(3, 7, 11, 15) - QUARTERROUND(0, 5, 10, 15) - QUARTERROUND(1, 6, 11, 12) - QUARTERROUND(2, 7, 8, 13) - QUARTERROUND(3, 4, 9, 14) - } - MEMCPY(out, &x[0], sizeof(uint32_t) * 4); - MEMCPY(&out[16], &x[12], sizeof(uint32_t) * 4); -} - -#define U32TO8_LITTLE(p, v) \ - { \ - (p)[0] = (v >> 0) & 0xff; \ - (p)[1] = (v >> 8) & 0xff; \ - (p)[2] = (v >> 16) & 0xff; \ - (p)[3] = (v >> 24) & 0xff; \ - } - -// chacha_core performs 20 rounds of ChaCha on the input words in -// |input| and writes the 64 output bytes to |output|. -void chacha_core(uint8_t *output, const uint32_t *input) { - uint32_t x[16]; - int i; - MEMCPY(x, input, sizeof(uint32_t) * 16); - for (i = 20; i > 0; i -= 2) { - QUARTERROUND(0, 4, 8, 12) - QUARTERROUND(1, 5, 9, 13) - QUARTERROUND(2, 6, 10, 14) - QUARTERROUND(3, 7, 11, 15) - QUARTERROUND(0, 5, 10, 15) - QUARTERROUND(1, 6, 11, 12) - QUARTERROUND(2, 7, 8, 13) - QUARTERROUND(3, 4, 9, 14) - } - for (i = 0; i < 16; ++i) { - x[i] += input[i]; - } - for (i = 0; i < 16; ++i) { - U32TO8_LITTLE(output + 4 * i, x[i]); - } -} - -parser_error_t chacha(uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, const uint8_t *key, - const uint8_t *nonce, uint32_t counter) { - if (out_len < in_len) { - return parser_value_out_of_range; - } - uint32_t input[16]; - uint8_t buf[64]; - - size_t todo, i; - input[0] = U8TO32_LITTLE(sigma + 0); - input[1] = U8TO32_LITTLE(sigma + 4); - input[2] = U8TO32_LITTLE(sigma + 8); - input[3] = U8TO32_LITTLE(sigma + 12); - input[4] = U8TO32_LITTLE(key + 0); - input[5] = U8TO32_LITTLE(key + 4); - input[6] = U8TO32_LITTLE(key + 8); - input[7] = U8TO32_LITTLE(key + 12); - input[8] = U8TO32_LITTLE(key + 16); - input[9] = U8TO32_LITTLE(key + 20); - input[10] = U8TO32_LITTLE(key + 24); - input[11] = U8TO32_LITTLE(key + 28); - input[12] = counter; - input[13] = U8TO32_LITTLE(nonce + 0); - input[14] = U8TO32_LITTLE(nonce + 4); - input[15] = U8TO32_LITTLE(nonce + 8); - while (in_len > 0) { -#if defined(LEDGER_SPECIFIC) - io_seproxyhal_io_heartbeat(); -#endif - todo = sizeof(buf); - if (in_len < todo) { - todo = in_len; - } - chacha_core(buf, input); -#if defined(LEDGER_SPECIFIC) - io_seproxyhal_io_heartbeat(); -#endif - for (i = 0; i < todo; i++) { - out[i] = in[i] ^ buf[i]; - } - out += todo; - in += todo; - in_len -= todo; - input[12]++; - } - return parser_ok; -} diff --git a/app/src/crypto_helper/chacha.h b/app/src/crypto_helper/chacha.h deleted file mode 100644 index cd35a4f..0000000 --- a/app/src/crypto_helper/chacha.h +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright (c) 2018, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#pragma once - -#include -#include - -#include "parser_common.h" - -#if defined(__cplusplus) -extern "C" { -#endif - -// CRYPTO_hchacha20 computes the HChaCha20 function, which should only be used -// as part of XChaCha20. -void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32], const uint8_t nonce[16]); - -parser_error_t chacha(uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, const uint8_t *key, - const uint8_t *nonce, uint32_t counter); - -#if defined(__cplusplus) -} // extern C -#endif // OPENSSL_HEADER_CHACHA_INTERNAL diff --git a/app/src/parser_txdef.h b/app/src/parser_txdef.h index 4a82abe..a15bd3f 100644 --- a/app/src/parser_txdef.h +++ b/app/src/parser_txdef.h @@ -62,8 +62,7 @@ extern "C" { (VALUE_COMMITMENT_SIZE + NOTE_COMMITMENT_SIZE + EPHEMERAL_PUBLIC_KEY_SIZE + ENCRYPTED_NOTE_SIZE + MAC_SIZE + \ NOTE_ENCRYPTION_KEYS_SIZE) -#define SECRET_KEY_SIZE 32 -#define CHACHA_NONCE_SIZE 12 +#define SECRET_KEY_SIZE 32 typedef enum { V1 = 1, V2 = 2,