TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a310c5e42baf0ca4192228be1f04ca95491b57b4 / . / include / mbedtls / aead_chacha20_poly1305.h
blob: 6c8e420b52c8359ae2fec547b6a08cf14f6914be [file] [log] [blame]
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]1/**
2 * \file aead_chacha20_poly1305.h
3 *
4 * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
5 *
6 * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23#ifndef MBEDTLS_AEAD_CHACHA20_POLY1305_H
24#define MBEDTLS_AEAD_CHACHA20_POLY1305_H
25
26#if !defined(MBEDTLS_CONFIG_FILE)
27#include "config.h"
28#else
29#include MBEDTLS_CONFIG_FILE
30#endif
31
32#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
33
34#include "chacha20.h"
35#include "poly1305.h"
36
37#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
38#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE -0x00049 /**< The requested operation is not permitted in the current state */
39
40typedef enum
41{
42 MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
43 MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT
44}
45mbedtls_aead_chacha20_poly1305_mode_t;
46
47typedef struct
48{
49 mbedtls_chacha20_context chacha20_ctx; /** ChaCha20 context */
50 mbedtls_poly1305_context poly1305_ctx; /** Poly1305 context */
51 uint64_t aad_len; /** Length (bytes) of the Additional Authenticated Data */
52 uint64_t ciphertext_len; /** Length (bytes) of the ciphertext */
53 int state; /** Current state of the context */
54 mbedtls_aead_chacha20_poly1305_mode_t mode; /** Cipher mode (encrypt or decrypt) */
55}
56mbedtls_aead_chacha20_poly1305_context;
57
58/**
59 * \brief Initialize ChaCha20-Poly1305 context
60 *
61 * \param ctx ChaCha20-Poly1305 context to be initialized
62 */
63void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context *ctx );
64
65/**
66 * \brief Clear ChaCha20-Poly1305 context
67 *
68 * \param ctx ChaCha20-Poly1305 context to be cleared
69 */
70void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context *ctx );
71
72/**
73 * \brief Set the ChaCha20-Poly1305 symmetric encryption key.
74 *
75 * \param ctx The ChaCha20-Poly1305 context.
76 * \param key The 256-bit (32 bytes) key.
77 *
78 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
79 * if \p ctx or \p key are NULL.
80 * Otherwise, 0 is returned to indicate success.
81 */
82int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_context *ctx,
83 const unsigned char key[32] );
84
85/**
86 * \brief Setup ChaCha20-Poly1305 context for encryption or decryption.
87 *
88 * \note If the context is being used for AAD only (no data to
89 * encrypt or decrypt) then \p mode can be set to any value.
90 *
91 * \param ctx The ChaCha20-Poly1305 context.
92 * \param nonce The nonce/IV to use for the message. This must be unique
93 * for every message encrypted under the same key.
94 * \param mode Specifies whether the context is used to encrypt or
95 * decrypt data.
96 *
97 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
98 * if \p ctx or \p mac are NULL.
99 * Otherwise, 0 is returned to indicate success.
100 */
101int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_context *ctx,
102 const unsigned char nonce[12],
103 mbedtls_aead_chacha20_poly1305_mode_t mode );
104
105/**
106 * \brief Process additional authenticated data (AAD).
107 *
108 * This function processes data that is authenticated, but
109 * not encrypted.
110 *
111 * \note This function is called before data is encrypted/decrypted.
112 * I.e. call this function to process the AAD before calling
113 * mbedtls_aead_chacha20_poly1305_update.
114 *
115 * You may call this function multiple times to process
116 * an arbitrary amount of AAD. It is permitted to call
117 * this function 0 times, if no AAD is used.
118 *
119 * This function cannot be called any more if data has
120 * been processed by mbedtls_aead_chacha20_poly1305_update,
121 * or if the context has been finished.
122 *
123 * \param ctx The ChaCha20-Poly1305 context.
124 * \param aad_len The length (in bytes) of the AAD. The length has no
125 * restrictions.
126 * \param aad Buffer containing the AAD.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]127 * This pointer can be NULL if aad_len == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]128 *
129 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
130 * if \p ctx or \p aad are NULL.
131 * MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
132 * the context has not been setup, the context has been
133 * finished, or if the AAD has been finished.
134 * Otherwise, 0 is returned to indicate success.
135 */
136int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_context *ctx,
137 size_t aad_len,
138 const unsigned char *aad );
139
140/**
141 * \brief Encrypt/decrypt data.
142 *
143 * The direction (encryption or decryption) depends on the
144 * mode that was given when calling
145 * mbedtls_aead_chacha20_poly1305_starts.
146 *
147 * You may call this function multiple times to process
148 * an arbitrary amount of data. It is permitted to call
149 * this function 0 times, if no data is to be encrypted
150 * or decrypted.
151 *
152 * \param ctx The ChaCha20-Poly1305 context.
153 * \param len The length (in bytes) of the data to encrypt or decrypt.
154 * \param input Buffer containing the data to encrypt or decrypt.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]155 * This pointer can be NULL if len == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]156 * \param output Buffer to where the encrypted or decrypted data is written.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]157 * This pointer can be NULL if len == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]158 *
159 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
160 * if \p ctx, \p input, or \p output are NULL.
161 * MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
162 * the context has not been setup, or if the context has been
163 * finished.
164 * Otherwise, 0 is returned to indicate success.
165 */
166int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
167 size_t len,
168 const unsigned char *input,
169 unsigned char *output );
170
171/**
172 * \brief Compute the ChaCha20-Poly1305 MAC.
173 *
174 * \param ctx The ChaCha20-Poly1305 context.
175 * \param mac Buffer to where the 128-bit (16 bytes) MAC is written.
176 *
177 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
178 * if \p ctx or \p mac are NULL.
179 * MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
180 * the context has not been setup.
181 * Otherwise, 0 is returned to indicate success.
182 */
183int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
184 unsigned char mac[16] );
185
186#else /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
187#include "aead_chacha20_poly1305_alt.h"
188#endif /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
189
190/**
191 * \brief Encrypt or decrypt data, and produce a MAC with ChaCha20-Poly1305.
192 *
193 * \param key The 256-bit (32 bytes) encryption key to use.
194 * \param nonce The 96-bit (12 bytes) nonce/IV to use.
195 * \param mode Specifies whether the data in the \p input buffer is to
196 * be encrypted or decrypted. If there is no data to encrypt
197 * or decrypt (i.e. \p ilen is 0) then the value of this
198 * parameter does not matter.
199 * \param aad_len The length (in bytes) of the AAD data to process.
200 * \param aad Buffer containing the additional authenticated data (AAD).
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]201 * This pointer can be NULL if aad_len == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]202 * \param ilen The length (in bytes) of the data to encrypt or decrypt.
203 * \param input Buffer containing the data to encrypt or decrypt.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]204 * This pointer can be NULL if ilen == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]205 * \param output Buffer to where the encrypted or decrypted data is written.
Daniel Kinga310c5e2016-05-17 15:56:26 -0300[diff] [blame^]206 * This pointer can be NULL if ilen == 0.
Daniel Kingb8025c52016-05-17 14:43:01 -0300[diff] [blame]207 * \param mac Buffer to where the computed 128-bit (16 bytes) MAC is written.
208 *
209 * \return MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
210 * if one or more of the required parameters are NULL.
211 * Otherwise, 0 is returned to indicate success.
212 */
213int mbedtls_aead_chacha20_poly1305_crypt_and_mac( const unsigned char key[32],
214 const unsigned char nonce[12],
215 mbedtls_aead_chacha20_poly1305_mode_t mode,
216 size_t aad_len,
217 const unsigned char *aad,
218 size_t ilen,
219 const unsigned char *input,
220 unsigned char *output,
221 unsigned char mac[16] );
222
223/**
224 * \brief Checkup routine
225 *
226 * \return 0 if successful, or 1 if the test failed
227 */
228int mbedtls_aead_chacha20_poly1305_self_test( int verbose );
229
230#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_H */