TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 95d0bdbd84817cb4defeb8030b8b2fc39f5d54b5 / . / include / mbedtls / chacha20.h
blob: a2856a7e4733655f4e44b9bbe4689080b0808559 [file] [log] [blame]
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]1/**
2 * \file chacha20.h
3 *
4 * \brief ChaCha20 cipher.
5 *
6 * \author Daniel King <damaki.gh@gmail.com>
7 *
8 * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
9 * SPDX-License-Identifier: Apache-2.0
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License"); you may
12 * not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
19 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 *
23 * This file is part of mbed TLS (https://tls.mbed.org)
24 */
25#ifndef MBEDTLS_CHACHA20_H
26#define MBEDTLS_CHACHA20_H
27
28#if !defined(MBEDTLS_CONFIG_FILE)
29#include "config.h"
30#else
31#include MBEDTLS_CONFIG_FILE
32#endif
33
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]34#include <stdint.h>
35#include <stddef.h>
36
37#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
38
Manuel Pégourié-Gonnard95d0bdb2018-05-07 09:58:35 +0200[diff] [blame^]39#if !defined(MBEDTLS_CHACHA20_ALT)
40
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]41typedef struct
42{
43 uint32_t initial_state[16]; /*! Holds the initial state (before round operations) */
44 uint32_t working_state[16]; /*! Holds the working state (after round operations) */
45 uint8_t keystream8[64]; /*! Holds leftover keystream bytes */
46 size_t keystream_bytes_used; /*! Number of keystream bytes currently used */
47}
48mbedtls_chacha20_context;
49
Manuel Pégourié-Gonnard95d0bdb2018-05-07 09:58:35 +0200[diff] [blame^]50#else /* MBEDTLS_CHACHA20_ALT */
51#include "chacha20_alt.h"
52#endif /* MBEDTLS_CHACHA20_ALT */
53
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]54/**
55 * \brief Initialize ChaCha20 context
56 *
57 * \param ctx ChaCha20 context to be initialized
58 */
59void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
60
61/**
62 * \brief Clear ChaCha20 context
63 *
64 * \param ctx ChaCha20 context to be cleared
65 */
66void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
67
68/**
69 * \brief Set the ChaCha20 key.
70 *
71 * \note The nonce and counter must be set after calling this function,
72 * before data can be encrypted/decrypted. The nonce and
73 * counter are set by calling mbedtls_chacha20_starts.
74 *
75 * \see mbedtls_chacha20_starts
76 *
77 * \param ctx The context to setup.
78 * \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
79 *
80 * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key
81 * is NULL, or if key_bits is not 128 or 256.
82 * Otherwise, 0 is returned to indicate success.
83 */
84int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
85 const unsigned char key[32] );
86
87/**
88 * \brief Set the ChaCha20 nonce and initial counter value.
89 *
90 * \note A ChaCha20 context can be re-used with the same key by
91 * calling this function to change the nonce and/or initial
92 * counter value.
93 *
94 * \param ctx The ChaCha20 context.
95 * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in size.
96 * \param counter Initial counter value to use. This is usually 0.
97 *
98 * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or
99 * nonce is NULL.
100 * Otherwise, 0 is returned to indicate success.
101 */
102int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
103 const unsigned char nonce[12],
104 uint32_t counter );
105
106/**
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]107 * \brief Generates a block of keystream bytes for a specific counter value.
108 *
109 * This function uses the key and nonce previously set in
110 * the context (via mbedtls_chacha20_setkey and
111 * mbedtls_chacha20_starts), but ignores the previously
112 * set counter and uses the counter given as the parameter to
113 * this function.
114 *
115 * \param ctx The ChaCha20 context. This context is not modified.
116 * \param counter The counter value to use.
117 * \param keystream Buffer to where the generated keystream bytes are written.
118 *
119 * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or keystream are
120 * NULL.
121 * Otherwise, 0 is returned to indicate success.
122 */
123int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
124 uint32_t counter,
125 unsigned char keystream[64] );
126
127/**
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]128 * \brief Encrypt or decrypt data.
129 *
130 * This function is used to both encrypt and decrypt data.
131 *
132 * \note The \p input and \p output buffers may overlap, but only
133 * if input >= output (i.e. only if input points ahead of
134 * the output pointer).
135 *
136 * \note mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
137 * called at least once to setup the context before this function
138 * can be called.
139 *
140 * \param ctx The ChaCha20 context.
141 * \param size The length (in bytes) to process. This can have any length.
142 * \param input Buffer containing the input data.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame]143 * This pointer can be NULL if size == 0.
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]144 * \param output Buffer containing the output data.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame]145 * This pointer can be NULL if size == 0.
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]146 *
147 * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
148 * output pointers are NULL.
149 * Otherwise, 0 is returned to indicate success.
150 */
Daniel Kingbd920622016-05-15 19:56:20 -0300[diff] [blame]151int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]152 size_t size,
153 const unsigned char *input,
154 unsigned char *output );
155
Daniel King34b822c2016-05-15 17:28:08 -0300[diff] [blame]156/**
157 * \brief Encrypt or decrypt a message using ChaCha20.
158 *
159 * This function is used the same way for encrypting and
160 * decrypting data. It's not necessary to specify which
161 * operation is being performed.
162 *
163 * \note The \p input and \p output buffers may overlap, but only
164 * if input >= output (i.e. only if input points ahead of
165 * the output pointer).
166 *
167 * \param key Buffer containing the 256-bit key. Must be 32 bytes in length.
168 * \param nonce Buffer containing the 96-bit nonce. Must be 12 bytes in length.
169 * \param counter The initial counter value. This is usually 0.
170 * \param data_len The number of bytes to process.
171 * \param input Buffer containing the input data (data to encrypt or decrypt).
172 * \param output Buffer to where the processed data is written.
173 *
174 * \return MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
175 * or output is NULL.
176 * Otherwise, 0 is returned to indicate success.
177 */
178int mbedtls_chacha20_crypt( const unsigned char key[32],
179 const unsigned char nonce[12],
180 uint32_t counter,
181 size_t data_len,
182 const unsigned char* input,
183 unsigned char* output );
184
185/**
186 * \brief Checkup routine
187 *
188 * \return 0 if successful, or 1 if the test failed
189 */
190int mbedtls_chacha20_self_test( int verbose );
191
192#endif /* MBEDTLS_CHACHA20_H */