chacha20_poly1305.h
Go to the documentation of this file.
1 /* chacha20_poly1305.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 
23 /* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
24  * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
25  * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
26  */
27 
32 #ifndef WOLF_CRYPT_CHACHA20_POLY1305_H
33 #define WOLF_CRYPT_CHACHA20_POLY1305_H
34 
35 #include <wolfssl/wolfcrypt/types.h>
36 #include <wolfssl/wolfcrypt/chacha.h>
37 #include <wolfssl/wolfcrypt/poly1305.h>
38 
39 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
40 
41 #ifdef __cplusplus
42  extern "C" {
43 #endif
44 
45 #define CHACHA20_POLY1305_AEAD_KEYSIZE 32
46 #define CHACHA20_POLY1305_AEAD_IV_SIZE 12
47 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
48 
49 enum {
50  CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
51 
52  /* AEAD Cipher Direction */
53  CHACHA20_POLY1305_AEAD_DECRYPT = 0,
54  CHACHA20_POLY1305_AEAD_ENCRYPT = 1,
55 
56  /* AEAD State */
57  CHACHA20_POLY1305_STATE_INIT = 0,
58  CHACHA20_POLY1305_STATE_READY = 1,
59  CHACHA20_POLY1305_STATE_AAD = 2,
60  CHACHA20_POLY1305_STATE_DATA = 3,
61 };
62 
63 typedef struct ChaChaPoly_Aead {
64  ChaCha chacha;
65  Poly1305 poly;
66 
67  word32 aadLen;
68  word32 dataLen;
69 
70  byte state;
71  byte isEncrypt:1;
72 } ChaChaPoly_Aead;
73 
74 
75 /*
76  * The IV for this implementation is 96 bits to give the most flexibility.
77  *
78  * Some protocols may have unique per-invocation inputs that are not
79  * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In
80  * such a case, it is up to the protocol document to define how to
81  * transform the protocol nonce into a 96-bit nonce, for example by
82  * concatenating a constant value.
83  */
84 
85 WOLFSSL_API
86 int wc_ChaCha20Poly1305_Encrypt(
87  const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
88  const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
89  const byte* inAAD, const word32 inAADLen,
90  const byte* inPlaintext, const word32 inPlaintextLen,
91  byte* outCiphertext,
92  byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
93 
94 WOLFSSL_API
95 int wc_ChaCha20Poly1305_Decrypt(
96  const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
97  const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
98  const byte* inAAD, const word32 inAADLen,
99  const byte* inCiphertext, const word32 inCiphertextLen,
100  const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
101  byte* outPlaintext);
102 
103 WOLFSSL_API
104 int wc_ChaCha20Poly1305_CheckTag(
105  const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
106  const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
107 
108 
109 
110 /* Implementation of AEAD, which includes support for adding
111  data, then final calculation of authentication tag */
112 WOLFSSL_API int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
113  const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
114  const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
115  int isEncrypt);
116 WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
117  const byte* inAAD, word32 inAADLen);
118 WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
119  const byte* inData, byte* outData, word32 dataLen);
120 WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
121  byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
122 
123 
124 #ifdef __cplusplus
125  } /* extern "C" */
126 #endif
127 
128 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
129 #endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */
Poly1305
Definition: poly1305.h:69
ChaCha
Definition: chacha.h:58
wc_ChaCha20Poly1305_Decrypt
WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inCiphertext, const word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte *outPlaintext)
This function decrypts input ciphertext, inCiphertext, using the ChaCha20 stream cipher, into the output buffer, outPlaintext. It also performs Poly-1305 authentication, comparing the given inAuthTag to an authentication generated with the inAAD (arbitrary length additional authentication data). Note: If the generated authentication tag does not match the supplied authentication tag, the text is not decrypted.
Definition: chacha20_poly1305.c:76
ChaChaPoly_Aead
Definition: chacha20_poly1305.h:63
wc_ChaCha20Poly1305_Encrypt
WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inPlaintext, const word32 inPlaintextLen, byte *outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
This function encrypts an input message, inPlaintext, using the ChaCha20 stream cipher, into the output buffer, outCiphertext. It also performs Poly-1305 authentication (on the cipher text), and stores the generated authentication tag in the output buffer, outAuthTag.
Definition: chacha20_poly1305.c:44