Initial implementation of ChaCha20
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
new file mode 100644
index 0000000..ab10a96
--- /dev/null
+++ b/include/mbedtls/chacha20.h
@@ -0,0 +1,169 @@
+/**
+ * \file chacha20.h
+ *
+ * \brief ChaCha20 cipher.
+ *
+ * \author Daniel King <damaki.gh@gmail.com>
+ *
+ * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CHACHA20_H
+#define MBEDTLS_CHACHA20_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_CHACHA20_ALT)
+
+#include <stdint.h>
+#include <stddef.h>
+
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
+
+typedef struct
+{
+ uint32_t initial_state[16]; /*! Holds the initial state (before round operations) */
+ uint32_t working_state[16]; /*! Holds the working state (after round operations) */
+ uint8_t keystream8[64]; /*! Holds leftover keystream bytes */
+ size_t keystream_bytes_used; /*! Number of keystream bytes currently used */
+}
+mbedtls_chacha20_context;
+
+/**
+ * \brief Initialize ChaCha20 context
+ *
+ * \param ctx ChaCha20 context to be initialized
+ */
+void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
+
+/**
+ * \brief Clear ChaCha20 context
+ *
+ * \param ctx ChaCha20 context to be cleared
+ */
+void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
+
+/**
+ * \brief Set the ChaCha20 key.
+ *
+ * \note The nonce and counter must be set after calling this function,
+ * before data can be encrypted/decrypted. The nonce and
+ * counter are set by calling mbedtls_chacha20_starts.
+ *
+ * \see mbedtls_chacha20_starts
+ *
+ * \param ctx The context to setup.
+ * \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
+ *
+ * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key
+ * is NULL, or if key_bits is not 128 or 256.
+ * Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
+ const unsigned char key[32] );
+
+/**
+ * \brief Set the ChaCha20 nonce and initial counter value.
+ *
+ * \note A ChaCha20 context can be re-used with the same key by
+ * calling this function to change the nonce and/or initial
+ * counter value.
+ *
+ * \param ctx The ChaCha20 context.
+ * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in size.
+ * \param counter Initial counter value to use. This is usually 0.
+ *
+ * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or
+ * nonce is NULL.
+ * Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
+ const unsigned char nonce[12],
+ uint32_t counter );
+
+/**
+ * \brief Encrypt or decrypt data.
+ *
+ * This function is used to both encrypt and decrypt data.
+ *
+ * \note The \p input and \p output buffers may overlap, but only
+ * if input >= output (i.e. only if input points ahead of
+ * the output pointer).
+ *
+ * \note mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
+ * called at least once to setup the context before this function
+ * can be called.
+ *
+ * \param ctx The ChaCha20 context.
+ * \param size The length (in bytes) to process. This can have any length.
+ * \param input Buffer containing the input data.
+ * \param output Buffer containing the output data.
+ *
+ * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
+ * output pointers are NULL.
+ * Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
+ size_t size,
+ const unsigned char *input,
+ unsigned char *output );
+
+#else /* MBEDTLS_CHACHA20_ALT */
+#include "chacha20_alt.h"
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+/**
+ * \brief Encrypt or decrypt a message using ChaCha20.
+ *
+ * This function is used the same way for encrypting and
+ * decrypting data. It's not necessary to specify which
+ * operation is being performed.
+ *
+ * \note The \p input and \p output buffers may overlap, but only
+ * if input >= output (i.e. only if input points ahead of
+ * the output pointer).
+ *
+ * \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
+ * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in length.
+ * \param counter The initial counter value. This is usually 0.
+ * \param data_len The number of bytes to process.
+ * \param input Buffer containing the input data (data to encrypt or decrypt).
+ * \param output Buffer to where the processed data is written.
+ *
+ * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
+ * or output is NULL.
+ * Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_crypt( const unsigned char key[32],
+ const unsigned char nonce[12],
+ uint32_t counter,
+ size_t data_len,
+ const unsigned char* input,
+ unsigned char* output );
+
+/**
+ * \brief Checkup routine
+ *
+ * \return 0 if successful, or 1 if the test failed
+ */
+int mbedtls_chacha20_self_test( int verbose );
+
+#endif /* MBEDTLS_CHACHA20_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7c9acb2..4c8fc3c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -274,6 +274,7 @@
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
//#define MBEDTLS_CMAC_ALT
//#define MBEDTLS_DES_ALT
//#define MBEDTLS_DHM_ALT
@@ -1862,6 +1863,15 @@
#define MBEDTLS_CERTS_C
/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module: library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
* \def MBEDTLS_CIPHER_C
*
* Enable the generic cipher layer.
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 8b4d3a8..ace0c47 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -76,6 +76,7 @@
* SHA1 1 0x0035-0x0035
* SHA256 1 0x0037-0x0037
* SHA512 1 0x0039-0x0039
+ * CHACHA20 1 0x003B-0x003B
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors