| /** |
| * \file chacha20.h |
| * |
| * \brief ChaCha20 cipher. |
| * |
| * \author Daniel King <damaki.gh@gmail.com> |
| * |
| * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved |
| * SPDX-License-Identifier: Apache-2.0 |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| * not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| * |
| * This file is part of mbed TLS (https://tls.mbed.org) |
| */ |
| #ifndef MBEDTLS_CHACHA20_H |
| #define MBEDTLS_CHACHA20_H |
| |
| #if !defined(MBEDTLS_CONFIG_FILE) |
| #include "config.h" |
| #else |
| #include MBEDTLS_CONFIG_FILE |
| #endif |
| |
| #include <stdint.h> |
| #include <stddef.h> |
| |
| #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */ |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| #if !defined(MBEDTLS_CHACHA20_ALT) |
| |
| typedef struct |
| { |
| uint32_t initial_state[16]; /*! Holds the initial state (before round operations) */ |
| uint32_t working_state[16]; /*! Holds the working state (after round operations) */ |
| uint8_t keystream8[64]; /*! Holds leftover keystream bytes */ |
| size_t keystream_bytes_used; /*! Number of keystream bytes currently used */ |
| } |
| mbedtls_chacha20_context; |
| |
| #else /* MBEDTLS_CHACHA20_ALT */ |
| #include "chacha20_alt.h" |
| #endif /* MBEDTLS_CHACHA20_ALT */ |
| |
| /** |
| * \brief Initialize ChaCha20 context |
| * |
| * \param ctx ChaCha20 context to be initialized |
| */ |
| void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); |
| |
| /** |
| * \brief Clear ChaCha20 context |
| * |
| * \param ctx ChaCha20 context to be cleared |
| */ |
| void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); |
| |
| /** |
| * \brief Set the ChaCha20 key. |
| * |
| * \note The nonce and counter must be set after calling this function, |
| * before data can be encrypted/decrypted. The nonce and |
| * counter are set by calling mbedtls_chacha20_starts. |
| * |
| * \see mbedtls_chacha20_starts |
| * |
| * \param ctx The context to setup. |
| * \param key Buffer containing the 256-bit key. Must be 32 bytes in length. |
| * |
| * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key |
| * is NULL, or if key_bits is not 128 or 256. |
| * Otherwise, 0 is returned to indicate success. |
| */ |
| int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, |
| const unsigned char key[32] ); |
| |
| /** |
| * \brief Set the ChaCha20 nonce and initial counter value. |
| * |
| * \note A ChaCha20 context can be re-used with the same key by |
| * calling this function to change the nonce and/or initial |
| * counter value. |
| * |
| * \param ctx The ChaCha20 context. |
| * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in size. |
| * \param counter Initial counter value to use. This is usually 0. |
| * |
| * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or |
| * nonce is NULL. |
| * Otherwise, 0 is returned to indicate success. |
| */ |
| int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, |
| const unsigned char nonce[12], |
| uint32_t counter ); |
| |
| /** |
| * \brief Encrypt or decrypt data. |
| * |
| * This function is used to both encrypt and decrypt data. |
| * |
| * \note The \p input and \p output pointers must either be equal or |
| * point to non-overlapping buffers. |
| * |
| * \note mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be |
| * called at least once to setup the context before this function |
| * can be called. |
| * |
| * \param ctx The ChaCha20 context. |
| * \param size The length (in bytes) to process. This can have any length. |
| * \param input Buffer containing the input data. |
| * This pointer can be NULL if size == 0. |
| * \param output Buffer containing the output data. |
| * This pointer can be NULL if size == 0. |
| * |
| * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or |
| * output pointers are NULL. |
| * Otherwise, 0 is returned to indicate success. |
| */ |
| int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, |
| size_t size, |
| const unsigned char *input, |
| unsigned char *output ); |
| |
| /** |
| * \brief Encrypt or decrypt a message using ChaCha20. |
| * |
| * This function is used the same way for encrypting and |
| * decrypting data. It's not necessary to specify which |
| * operation is being performed. |
| * |
| * \note The \p input and \p output buffers may overlap, but only |
| * if input >= output (i.e. only if input points ahead of |
| * the output pointer). |
| * |
| * \param key Buffer containing the 256-bit key. Must be 32 bytes in length. |
| * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in length. |
| * \param counter The initial counter value. This is usually 0. |
| * \param data_len The number of bytes to process. |
| * \param input Buffer containing the input data (data to encrypt or decrypt). |
| * \param output Buffer to where the processed data is written. |
| * |
| * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input, |
| * or output is NULL. |
| * Otherwise, 0 is returned to indicate success. |
| */ |
| int mbedtls_chacha20_crypt( const unsigned char key[32], |
| const unsigned char nonce[12], |
| uint32_t counter, |
| size_t data_len, |
| const unsigned char* input, |
| unsigned char* output ); |
| |
| /** |
| * \brief Checkup routine |
| * |
| * \return 0 if successful, or 1 if the test failed |
| */ |
| int mbedtls_chacha20_self_test( int verbose ); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* MBEDTLS_CHACHA20_H */ |