My Project
Loading...
Searching...
No Matches
chacha20_poly1305.h
Go to the documentation of this file.
1/* chacha20_poly1305.h
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20
24 * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10):
25 * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10
26 */
27
32#ifndef WOLF_CRYPT_CHACHA20_POLY1305_H
33#define WOLF_CRYPT_CHACHA20_POLY1305_H
34
35#include <wolfssl/wolfcrypt/types.h>
36#include <wolfssl/wolfcrypt/chacha.h>
37#include <wolfssl/wolfcrypt/poly1305.h>
38
39#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
40
41#ifdef __cplusplus
42 extern "C" {
43#endif
44
45#define CHACHA20_POLY1305_AEAD_KEYSIZE 32
46#define CHACHA20_POLY1305_AEAD_IV_SIZE 12
47#define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16
48
49enum {
50 CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */
51
52 /* AEAD Cipher Direction */
53 CHACHA20_POLY1305_AEAD_DECRYPT = 0,
54 CHACHA20_POLY1305_AEAD_ENCRYPT = 1,
55
56 /* AEAD State */
57 CHACHA20_POLY1305_STATE_INIT = 0,
58 CHACHA20_POLY1305_STATE_READY = 1,
59 CHACHA20_POLY1305_STATE_AAD = 2,
60 CHACHA20_POLY1305_STATE_DATA = 3,
61};
62
63typedef struct ChaChaPoly_Aead {
64 ChaCha chacha;
65 Poly1305 poly;
66
67 word32 aadLen;
68 word32 dataLen;
69
70 byte state;
71 byte isEncrypt:1;
72} ChaChaPoly_Aead;
73
74
75/*
76 * The IV for this implementation is 96 bits to give the most flexibility.
77 *
78 * Some protocols may have unique per-invocation inputs that are not
79 * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In
80 * such a case, it is up to the protocol document to define how to
81 * transform the protocol nonce into a 96-bit nonce, for example by
82 * concatenating a constant value.
83 */
84
85WOLFSSL_API
86int wc_ChaCha20Poly1305_Encrypt(
87 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
88 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
89 const byte* inAAD, const word32 inAADLen,
90 const byte* inPlaintext, const word32 inPlaintextLen,
91 byte* outCiphertext,
92 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
93
94WOLFSSL_API
95int wc_ChaCha20Poly1305_Decrypt(
96 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
97 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
98 const byte* inAAD, const word32 inAADLen,
99 const byte* inCiphertext, const word32 inCiphertextLen,
100 const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
101 byte* outPlaintext);
102
103WOLFSSL_API
104int wc_ChaCha20Poly1305_CheckTag(
105 const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
106 const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
107
108
109
110/* Implementation of AEAD, which includes support for adding
111 data, then final calculation of authentication tag */
112WOLFSSL_API int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
113 const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
114 const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
115 int isEncrypt);
116WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
117 const byte* inAAD, word32 inAADLen);
118WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
119 const byte* inData, byte* outData, word32 dataLen);
120WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
121 byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
122
123
124#ifdef __cplusplus
125 } /* extern "C" */
126#endif
127
128#endif /* HAVE_CHACHA && HAVE_POLY1305 */
129#endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */
wc_ChaCha20Poly1305_Encrypt
WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inPlaintext, const word32 inPlaintextLen, byte *outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
This function encrypts an input message, inPlaintext, using the ChaCha20 stream cipher,...
Definition chacha20_poly1305.c:44
wc_ChaCha20Poly1305_Decrypt
WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inCiphertext, const word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte *outPlaintext)
This function decrypts input ciphertext, inCiphertext, using the ChaCha20 stream cipher,...
Definition chacha20_poly1305.c:76
ChaChaPoly_Aead
Definition chacha20_poly1305.h:63
ChaCha
Definition chacha.h:58
Poly1305
Definition poly1305.h:69