1 /* $OpenBSD: chacha.c,v 1.9 2022/08/20 18:44:58 jsing Exp $ */ 2 /* 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <stdint.h> 19 20 #include <openssl/chacha.h> 21 22 #include "chacha-merged.c" 23 24 void 25 ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, uint32_t keybits) 26 { 27 chacha_keysetup((chacha_ctx *)ctx, key, keybits); 28 ctx->unused = 0; 29 } 30 31 void 32 ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv, 33 const unsigned char *counter) 34 { 35 chacha_ivsetup((chacha_ctx *)ctx, iv, counter); 36 ctx->unused = 0; 37 } 38 39 void 40 ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) 41 { 42 unsigned char *k; 43 uint64_t n; 44 int i, l; 45 46 /* Consume remaining keystream, if any exists. */ 47 if (ctx->unused > 0) { 48 k = ctx->ks + 64 - ctx->unused; 49 l = (len > ctx->unused) ? ctx->unused : len; 50 for (i = 0; i < l; i++) 51 *(out++) = *(in++) ^ *(k++); 52 ctx->unused -= l; 53 len -= l; 54 } 55 56 while (len > 0) { 57 if ((n = len) > UINT32_MAX) 58 n = UINT32_MAX; 59 60 chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)n); 61 62 in += n; 63 out += n; 64 len -= n; 65 } 66 } 67 68 void 69 CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, 70 const unsigned char key[32], const unsigned char iv[8], uint64_t counter) 71 { 72 struct chacha_ctx ctx; 73 uint64_t n; 74 75 /* 76 * chacha_ivsetup expects the counter to be in u8. Rather than 77 * converting size_t to u8 and then back again, pass a counter of 78 * NULL and manually assign it afterwards. 79 */ 80 chacha_keysetup(&ctx, key, 256); 81 chacha_ivsetup(&ctx, iv, NULL); 82 if (counter != 0) { 83 ctx.input[12] = (uint32_t)counter; 84 ctx.input[13] = (uint32_t)(counter >> 32); 85 } 86 87 while (len > 0) { 88 if ((n = len) > UINT32_MAX) 89 n = UINT32_MAX; 90 91 chacha_encrypt_bytes(&ctx, in, out, (uint32_t)n); 92 93 in += n; 94 out += n; 95 len -= n; 96 } 97 } 98 99 void 100 CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, 101 const unsigned char key[32], const unsigned char iv[24]) 102 { 103 uint8_t subkey[32]; 104 105 CRYPTO_hchacha_20(subkey, key, iv); 106 CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0); 107 } 108