xref: /freebsd/sys/dev/wg/crypto.h (revision 854d0662) 
1744bfb21SJohn Baldwin /* SPDX-License-Identifier: MIT
2744bfb21SJohn Baldwin  *
3744bfb21SJohn Baldwin  * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4744bfb21SJohn Baldwin  * Copyright (c) 2022 The FreeBSD Foundation
5744bfb21SJohn Baldwin  */
6744bfb21SJohn Baldwin 
7744bfb21SJohn Baldwin #ifndef _WG_CRYPTO
8744bfb21SJohn Baldwin #define _WG_CRYPTO
9744bfb21SJohn Baldwin 
10744bfb21SJohn Baldwin #include <sys/param.h>
11854d0662SJohn Baldwin #include <sys/endian.h>
12854d0662SJohn Baldwin #include <crypto/chacha20_poly1305.h>
13854d0662SJohn Baldwin #include <crypto/curve25519.h>
14744bfb21SJohn Baldwin 
15744bfb21SJohn Baldwin struct mbuf;
16744bfb21SJohn Baldwin 
17744bfb21SJohn Baldwin int crypto_init(void);
18744bfb21SJohn Baldwin void crypto_deinit(void);
19744bfb21SJohn Baldwin 
20744bfb21SJohn Baldwin enum chacha20poly1305_lengths {
21744bfb21SJohn Baldwin 	XCHACHA20POLY1305_NONCE_SIZE = 24,
22744bfb21SJohn Baldwin 	CHACHA20POLY1305_KEY_SIZE = 32,
23744bfb21SJohn Baldwin 	CHACHA20POLY1305_AUTHTAG_SIZE = 16
24744bfb21SJohn Baldwin };
25744bfb21SJohn Baldwin 
26744bfb21SJohn Baldwin static inline void
chacha20poly1305_encrypt(uint8_t * dst,const uint8_t * src,const size_t src_len,const uint8_t * ad,const size_t ad_len,const uint64_t nonce,const uint8_t key[CHACHA20POLY1305_KEY_SIZE])27744bfb21SJohn Baldwin chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
28744bfb21SJohn Baldwin 			 const uint8_t *ad, const size_t ad_len,
29744bfb21SJohn Baldwin 			 const uint64_t nonce,
30744bfb21SJohn Baldwin 			 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
31744bfb21SJohn Baldwin {
32744bfb21SJohn Baldwin 	uint8_t nonce_bytes[8];
33744bfb21SJohn Baldwin 
34744bfb21SJohn Baldwin 	le64enc(nonce_bytes, nonce);
35744bfb21SJohn Baldwin 	chacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len,
36744bfb21SJohn Baldwin 				  nonce_bytes, sizeof(nonce_bytes), key);
37744bfb21SJohn Baldwin }
38744bfb21SJohn Baldwin 
39744bfb21SJohn Baldwin static inline bool
chacha20poly1305_decrypt(uint8_t * dst,const uint8_t * src,const size_t src_len,const uint8_t * ad,const size_t ad_len,const uint64_t nonce,const uint8_t key[CHACHA20POLY1305_KEY_SIZE])40744bfb21SJohn Baldwin chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
41744bfb21SJohn Baldwin 			 const uint8_t *ad, const size_t ad_len,
42744bfb21SJohn Baldwin 			 const uint64_t nonce,
43744bfb21SJohn Baldwin 			 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
44744bfb21SJohn Baldwin {
45744bfb21SJohn Baldwin 	uint8_t nonce_bytes[8];
46744bfb21SJohn Baldwin 
47744bfb21SJohn Baldwin 	le64enc(nonce_bytes, nonce);
48744bfb21SJohn Baldwin 	return (chacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len,
49744bfb21SJohn Baldwin 					  nonce_bytes, sizeof(nonce_bytes), key));
50744bfb21SJohn Baldwin }
51744bfb21SJohn Baldwin 
52744bfb21SJohn Baldwin static inline void
xchacha20poly1305_encrypt(uint8_t * dst,const uint8_t * src,const size_t src_len,const uint8_t * ad,const size_t ad_len,const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],const uint8_t key[CHACHA20POLY1305_KEY_SIZE])53744bfb21SJohn Baldwin xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src,
54744bfb21SJohn Baldwin 			  const size_t src_len, const uint8_t *ad,
55744bfb21SJohn Baldwin 			  const size_t ad_len,
56744bfb21SJohn Baldwin 			  const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
57744bfb21SJohn Baldwin 			  const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
58744bfb21SJohn Baldwin {
59744bfb21SJohn Baldwin 	xchacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len, nonce, key);
60744bfb21SJohn Baldwin }
61744bfb21SJohn Baldwin 
62744bfb21SJohn Baldwin static inline bool
xchacha20poly1305_decrypt(uint8_t * dst,const uint8_t * src,const size_t src_len,const uint8_t * ad,const size_t ad_len,const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],const uint8_t key[CHACHA20POLY1305_KEY_SIZE])63744bfb21SJohn Baldwin xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src,
64744bfb21SJohn Baldwin 			  const size_t src_len,  const uint8_t *ad,
65744bfb21SJohn Baldwin 			  const size_t ad_len,
66744bfb21SJohn Baldwin 			  const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
67744bfb21SJohn Baldwin 			  const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
68744bfb21SJohn Baldwin {
69744bfb21SJohn Baldwin 	return (xchacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len, nonce, key));
70744bfb21SJohn Baldwin }
71744bfb21SJohn Baldwin 
72744bfb21SJohn Baldwin int
73744bfb21SJohn Baldwin chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce,
74744bfb21SJohn Baldwin 			      const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
75744bfb21SJohn Baldwin 
76744bfb21SJohn Baldwin int
77744bfb21SJohn Baldwin chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce,
78744bfb21SJohn Baldwin 			      const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
79744bfb21SJohn Baldwin 
80744bfb21SJohn Baldwin 
81744bfb21SJohn Baldwin enum blake2s_lengths {
82744bfb21SJohn Baldwin 	BLAKE2S_BLOCK_SIZE = 64,
83744bfb21SJohn Baldwin 	BLAKE2S_HASH_SIZE = 32,
84744bfb21SJohn Baldwin 	BLAKE2S_KEY_SIZE = 32
85744bfb21SJohn Baldwin };
86744bfb21SJohn Baldwin 
87744bfb21SJohn Baldwin #ifdef COMPAT_NEED_BLAKE2S
88744bfb21SJohn Baldwin struct blake2s_state {
89744bfb21SJohn Baldwin 	uint32_t h[8];
90744bfb21SJohn Baldwin 	uint32_t t[2];
91744bfb21SJohn Baldwin 	uint32_t f[2];
92744bfb21SJohn Baldwin 	uint8_t buf[BLAKE2S_BLOCK_SIZE];
93744bfb21SJohn Baldwin 	unsigned int buflen;
94744bfb21SJohn Baldwin 	unsigned int outlen;
95744bfb21SJohn Baldwin };
96744bfb21SJohn Baldwin 
97744bfb21SJohn Baldwin void blake2s_init(struct blake2s_state *state, const size_t outlen);
98744bfb21SJohn Baldwin 
99744bfb21SJohn Baldwin void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
100744bfb21SJohn Baldwin 		      const uint8_t *key, const size_t keylen);
101744bfb21SJohn Baldwin 
102744bfb21SJohn Baldwin void blake2s_update(struct blake2s_state *state, const uint8_t *in, size_t inlen);
103744bfb21SJohn Baldwin 
104744bfb21SJohn Baldwin void blake2s_final(struct blake2s_state *state, uint8_t *out);
105744bfb21SJohn Baldwin 
blake2s(uint8_t * out,const uint8_t * in,const uint8_t * key,const size_t outlen,const size_t inlen,const size_t keylen)106744bfb21SJohn Baldwin static inline void blake2s(uint8_t *out, const uint8_t *in, const uint8_t *key,
107744bfb21SJohn Baldwin 			   const size_t outlen, const size_t inlen, const size_t keylen)
108744bfb21SJohn Baldwin {
109744bfb21SJohn Baldwin 	struct blake2s_state state;
110744bfb21SJohn Baldwin 
111744bfb21SJohn Baldwin 	if (keylen)
112744bfb21SJohn Baldwin 		blake2s_init_key(&state, outlen, key, keylen);
113744bfb21SJohn Baldwin 	else
114744bfb21SJohn Baldwin 		blake2s_init(&state, outlen);
115744bfb21SJohn Baldwin 
116744bfb21SJohn Baldwin 	blake2s_update(&state, in, inlen);
117744bfb21SJohn Baldwin 	blake2s_final(&state, out);
118744bfb21SJohn Baldwin }
119744bfb21SJohn Baldwin #endif
120744bfb21SJohn Baldwin 
121744bfb21SJohn Baldwin #endif
122