xref: /openbsd/sys/crypto/chachapoly.h (revision 6a126883) 
1 /*	$OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
2 /*
3  * Copyright (c) 2015 Mike Belopuhov
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef _CHACHAPOLY_H_
19 #define _CHACHAPOLY_H_
20 
21 #define CHACHA20_KEYSIZE	32
22 #define CHACHA20_CTR		4
23 #define CHACHA20_SALT		4
24 #define CHACHA20_NONCE		8
25 #define CHACHA20_BLOCK_LEN	64
26 
27 struct chacha20_ctx {
28 	uint8_t			block[CHACHA20_BLOCK_LEN];
29 	uint8_t			nonce[CHACHA20_NONCE];
30 };
31 
32 int	chacha20_setkey(void *, u_int8_t *, int);
33 void	chacha20_reinit(caddr_t, u_int8_t *);
34 void	chacha20_crypt(caddr_t, u_int8_t *);
35 
36 
37 #define POLY1305_KEYLEN		32
38 #define POLY1305_TAGLEN		16
39 #define POLY1305_BLOCK_LEN	16
40 
41 struct poly1305_ctx {
42 	/* r, h, pad, leftover */
43 	unsigned long		state[5+5+4];
44 	size_t			leftover;
45 	unsigned char		buffer[POLY1305_BLOCK_LEN];
46 	unsigned char		final;
47 };
48 
49 typedef struct {
50 	uint8_t			key[POLY1305_KEYLEN];
51 	/* counter, salt */
52 	uint8_t			nonce[CHACHA20_NONCE];
53 	struct chacha20_ctx	chacha;
54 	struct poly1305_ctx	poly;
55 } CHACHA20_POLY1305_CTX;
56 
57 void	Chacha20_Poly1305_Init(void *);
58 void	Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t);
59 void	Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t);
60 int	Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
61 void	Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
62 
63 /* WireGuard crypto */
64 #define CHACHA20POLY1305_KEY_SIZE	CHACHA20_KEYSIZE
65 #define CHACHA20POLY1305_AUTHTAG_SIZE	POLY1305_TAGLEN
66 #define XCHACHA20POLY1305_NONCE_SIZE	24
67 
68 void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
69 	const uint8_t *, const size_t,	const uint64_t,
70 	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
71 
72 int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
73 	const uint8_t *, const size_t, const uint64_t,
74 	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
75 
76 void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
77 	const uint8_t *, const size_t,
78 	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
79 	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
80 
81 int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
82 	const uint8_t *, const size_t,
83 	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
84 	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
85 
86 #endif	/* _CHACHAPOLY_H_ */
87