1/* $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $ */ 2/* 3 * Copyright (c) 2015 Mike Belopuhov 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#ifndef _CHACHAPOLY_H_ 19#define _CHACHAPOLY_H_ 20 21#define CHACHA20_KEYSIZE 32 22#define CHACHA20_CTR 4 23#define CHACHA20_SALT 4 24#define CHACHA20_NONCE 8 25#define CHACHA20_BLOCK_LEN 64 26 27struct chacha20_ctx { 28 uint8_t block[CHACHA20_BLOCK_LEN]; 29 uint8_t nonce[CHACHA20_NONCE]; 30}; 31 32int chacha20_setkey(void *, u_int8_t *, int); 33void chacha20_reinit(caddr_t, u_int8_t *); 34void chacha20_crypt(caddr_t, u_int8_t *); 35 36 37#define POLY1305_KEYLEN 32 38#define POLY1305_TAGLEN 16 39#define POLY1305_BLOCK_LEN 16 40 41struct poly1305_ctx { 42 /* r, h, pad, leftover */ 43 unsigned long state[5+5+4]; 44 size_t leftover; 45 unsigned char buffer[POLY1305_BLOCK_LEN]; 46 unsigned char final; 47}; 48 49typedef struct { 50 uint8_t key[POLY1305_KEYLEN]; 51 /* counter, salt */ 52 uint8_t nonce[CHACHA20_NONCE]; 53 struct chacha20_ctx chacha; 54 struct poly1305_ctx poly; 55} CHACHA20_POLY1305_CTX; 56 57void Chacha20_Poly1305_Init(void *); 58void Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t); 59void Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t); 60int Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t); 61void Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *); 62 63/* WireGuard crypto */ 64#define CHACHA20POLY1305_KEY_SIZE CHACHA20_KEYSIZE 65#define CHACHA20POLY1305_AUTHTAG_SIZE POLY1305_TAGLEN 66#define XCHACHA20POLY1305_NONCE_SIZE 24 67 68void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t, 69 const uint8_t *, const size_t, const uint64_t, 70 const uint8_t[CHACHA20POLY1305_KEY_SIZE]); 71 72int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t, 73 const uint8_t *, const size_t, const uint64_t, 74 const uint8_t[CHACHA20POLY1305_KEY_SIZE]); 75 76void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t, 77 const uint8_t *, const size_t, 78 const uint8_t[XCHACHA20POLY1305_NONCE_SIZE], 79 const uint8_t[CHACHA20POLY1305_KEY_SIZE]); 80 81int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t, 82 const uint8_t *, const size_t, 83 const uint8_t[XCHACHA20POLY1305_NONCE_SIZE], 84 const uint8_t[CHACHA20POLY1305_KEY_SIZE]); 85 86#endif /* _CHACHAPOLY_H_ */ 87