| Daniel King | 34b822c | 2016-05-15 17:28:08 -0300 | [diff] [blame] | 1 | /** |
| 2 | * \file chacha20.h |
| 3 | * |
| 4 | * \brief ChaCha20 cipher. |
| 5 | * |
| 6 | * \author Daniel King <damaki.gh@gmail.com> |
| 7 | * |
| 8 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved |
| 9 | * SPDX-License-Identifier: Apache-2.0 |
| 10 | * |
| 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 12 | * not use this file except in compliance with the License. |
| 13 | * You may obtain a copy of the License at |
| 14 | * |
| 15 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 16 | * |
| 17 | * Unless required by applicable law or agreed to in writing, software |
| 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 20 | * See the License for the specific language governing permissions and |
| 21 | * limitations under the License. |
| 22 | * |
| 23 | * This file is part of mbed TLS (https://tls.mbed.org) |
| 24 | */ |
| 25 | #ifndef MBEDTLS_CHACHA20_H |
| 26 | #define MBEDTLS_CHACHA20_H |
| 27 | |
| 28 | #if !defined(MBEDTLS_CONFIG_FILE) |
| 29 | #include "config.h" |
| 30 | #else |
| 31 | #include MBEDTLS_CONFIG_FILE |
| 32 | #endif |
| 33 | |
| 34 | #if !defined(MBEDTLS_CHACHA20_ALT) |
| 35 | |
| 36 | #include <stdint.h> |
| 37 | #include <stddef.h> |
| 38 | |
| 39 | #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */ |
| 40 | |
| 41 | typedef struct |
| 42 | { |
| 43 | uint32_t initial_state[16]; /*! Holds the initial state (before round operations) */ |
| 44 | uint32_t working_state[16]; /*! Holds the working state (after round operations) */ |
| 45 | uint8_t keystream8[64]; /*! Holds leftover keystream bytes */ |
| 46 | size_t keystream_bytes_used; /*! Number of keystream bytes currently used */ |
| 47 | } |
| 48 | mbedtls_chacha20_context; |
| 49 | |
| 50 | /** |
| 51 | * \brief Initialize ChaCha20 context |
| 52 | * |
| 53 | * \param ctx ChaCha20 context to be initialized |
| 54 | */ |
| 55 | void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); |
| 56 | |
| 57 | /** |
| 58 | * \brief Clear ChaCha20 context |
| 59 | * |
| 60 | * \param ctx ChaCha20 context to be cleared |
| 61 | */ |
| 62 | void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); |
| 63 | |
| 64 | /** |
| 65 | * \brief Set the ChaCha20 key. |
| 66 | * |
| 67 | * \note The nonce and counter must be set after calling this function, |
| 68 | * before data can be encrypted/decrypted. The nonce and |
| 69 | * counter are set by calling mbedtls_chacha20_starts. |
| 70 | * |
| 71 | * \see mbedtls_chacha20_starts |
| 72 | * |
| 73 | * \param ctx The context to setup. |
| 74 | * \param key Buffer containing the 256-bit key. Must be 32 bytes in length. |
| 75 | * |
| 76 | * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key |
| 77 | * is NULL, or if key_bits is not 128 or 256. |
| 78 | * Otherwise, 0 is returned to indicate success. |
| 79 | */ |
| 80 | int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, |
| 81 | const unsigned char key[32] ); |
| 82 | |
| 83 | /** |
| 84 | * \brief Set the ChaCha20 nonce and initial counter value. |
| 85 | * |
| 86 | * \note A ChaCha20 context can be re-used with the same key by |
| 87 | * calling this function to change the nonce and/or initial |
| 88 | * counter value. |
| 89 | * |
| 90 | * \param ctx The ChaCha20 context. |
| 91 | * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in size. |
| 92 | * \param counter Initial counter value to use. This is usually 0. |
| 93 | * |
| 94 | * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or |
| 95 | * nonce is NULL. |
| 96 | * Otherwise, 0 is returned to indicate success. |
| 97 | */ |
| 98 | int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, |
| 99 | const unsigned char nonce[12], |
| 100 | uint32_t counter ); |
| 101 | |
| 102 | /** |
| 103 | * \brief Encrypt or decrypt data. |
| 104 | * |
| 105 | * This function is used to both encrypt and decrypt data. |
| 106 | * |
| 107 | * \note The \p input and \p output buffers may overlap, but only |
| 108 | * if input >= output (i.e. only if input points ahead of |
| 109 | * the output pointer). |
| 110 | * |
| 111 | * \note mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be |
| 112 | * called at least once to setup the context before this function |
| 113 | * can be called. |
| 114 | * |
| 115 | * \param ctx The ChaCha20 context. |
| 116 | * \param size The length (in bytes) to process. This can have any length. |
| 117 | * \param input Buffer containing the input data. |
| 118 | * \param output Buffer containing the output data. |
| 119 | * |
| 120 | * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or |
| 121 | * output pointers are NULL. |
| 122 | * Otherwise, 0 is returned to indicate success. |
| 123 | */ |
| Daniel King | bd92062 | 2016-05-15 19:56:20 -0300 | [diff] [blame^] | 124 | int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, |
| Daniel King | 34b822c | 2016-05-15 17:28:08 -0300 | [diff] [blame] | 125 | size_t size, |
| 126 | const unsigned char *input, |
| 127 | unsigned char *output ); |
| 128 | |
| 129 | #else /* MBEDTLS_CHACHA20_ALT */ |
| 130 | #include "chacha20_alt.h" |
| 131 | #endif /* MBEDTLS_CHACHA20_ALT */ |
| 132 | |
| 133 | /** |
| 134 | * \brief Encrypt or decrypt a message using ChaCha20. |
| 135 | * |
| 136 | * This function is used the same way for encrypting and |
| 137 | * decrypting data. It's not necessary to specify which |
| 138 | * operation is being performed. |
| 139 | * |
| 140 | * \note The \p input and \p output buffers may overlap, but only |
| 141 | * if input >= output (i.e. only if input points ahead of |
| 142 | * the output pointer). |
| 143 | * |
| 144 | * \param key Buffer containing the 256-bit key. Must be 32 bytes in length. |
| 145 | * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in length. |
| 146 | * \param counter The initial counter value. This is usually 0. |
| 147 | * \param data_len The number of bytes to process. |
| 148 | * \param input Buffer containing the input data (data to encrypt or decrypt). |
| 149 | * \param output Buffer to where the processed data is written. |
| 150 | * |
| 151 | * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input, |
| 152 | * or output is NULL. |
| 153 | * Otherwise, 0 is returned to indicate success. |
| 154 | */ |
| 155 | int mbedtls_chacha20_crypt( const unsigned char key[32], |
| 156 | const unsigned char nonce[12], |
| 157 | uint32_t counter, |
| 158 | size_t data_len, |
| 159 | const unsigned char* input, |
| 160 | unsigned char* output ); |
| 161 | |
| 162 | /** |
| 163 | * \brief Checkup routine |
| 164 | * |
| 165 | * \return 0 if successful, or 1 if the test failed |
| 166 | */ |
| 167 | int mbedtls_chacha20_self_test( int verbose ); |
| 168 | |
| 169 | #endif /* MBEDTLS_CHACHA20_H */ |