Xuyi Wang
ssh lib
wolfcrypt/chacha20_poly1305.h@1:e4ea39eba2fb, 2019-11-25 (annotated)
- Committer:
- sPymbed
- Date:
- Mon Nov 25 14:23:49 2019 +0000
- Revision:
- 1:e4ea39eba2fb
- Parent:
- 0:1387ff3eed4a
improved
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| sPymbed | 0:1387ff3eed4a | 1 | /* chacha20_poly1305.h |
| sPymbed | 0:1387ff3eed4a | 2 | * |
| sPymbed | 0:1387ff3eed4a | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
| sPymbed | 0:1387ff3eed4a | 4 | * |
| sPymbed | 0:1387ff3eed4a | 5 | * This file is part of wolfSSL. |
| sPymbed | 0:1387ff3eed4a | 6 | * |
| sPymbed | 0:1387ff3eed4a | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| sPymbed | 0:1387ff3eed4a | 8 | * it under the terms of the GNU General Public License as published by |
| sPymbed | 0:1387ff3eed4a | 9 | * the Free Software Foundation; either version 2 of the License, or |
| sPymbed | 0:1387ff3eed4a | 10 | * (at your option) any later version. |
| sPymbed | 0:1387ff3eed4a | 11 | * |
| sPymbed | 0:1387ff3eed4a | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| sPymbed | 0:1387ff3eed4a | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| sPymbed | 0:1387ff3eed4a | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| sPymbed | 0:1387ff3eed4a | 15 | * GNU General Public License for more details. |
| sPymbed | 0:1387ff3eed4a | 16 | * |
| sPymbed | 0:1387ff3eed4a | 17 | * You should have received a copy of the GNU General Public License |
| sPymbed | 0:1387ff3eed4a | 18 | * along with this program; if not, write to the Free Software |
| sPymbed | 0:1387ff3eed4a | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| sPymbed | 0:1387ff3eed4a | 20 | */ |
| sPymbed | 0:1387ff3eed4a | 21 | |
| sPymbed | 0:1387ff3eed4a | 22 | |
| sPymbed | 0:1387ff3eed4a | 23 | /* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 |
| sPymbed | 0:1387ff3eed4a | 24 | * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10): |
| sPymbed | 0:1387ff3eed4a | 25 | * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 |
| sPymbed | 0:1387ff3eed4a | 26 | */ |
| sPymbed | 0:1387ff3eed4a | 27 | |
| sPymbed | 0:1387ff3eed4a | 28 | /*! |
| sPymbed | 0:1387ff3eed4a | 29 | \file wolfssl/wolfcrypt/chacha20_poly1305.h |
| sPymbed | 0:1387ff3eed4a | 30 | */ |
| sPymbed | 0:1387ff3eed4a | 31 | |
| sPymbed | 0:1387ff3eed4a | 32 | #ifndef WOLF_CRYPT_CHACHA20_POLY1305_H |
| sPymbed | 0:1387ff3eed4a | 33 | #define WOLF_CRYPT_CHACHA20_POLY1305_H |
| sPymbed | 0:1387ff3eed4a | 34 | |
| sPymbed | 0:1387ff3eed4a | 35 | #include <wolfcrypt/types.h> |
| sPymbed | 0:1387ff3eed4a | 36 | |
| sPymbed | 0:1387ff3eed4a | 37 | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) |
| sPymbed | 0:1387ff3eed4a | 38 | |
| sPymbed | 0:1387ff3eed4a | 39 | #ifdef __cplusplus |
| sPymbed | 0:1387ff3eed4a | 40 | extern "C" { |
| sPymbed | 0:1387ff3eed4a | 41 | #endif |
| sPymbed | 0:1387ff3eed4a | 42 | |
| sPymbed | 0:1387ff3eed4a | 43 | #define CHACHA20_POLY1305_AEAD_KEYSIZE 32 |
| sPymbed | 0:1387ff3eed4a | 44 | #define CHACHA20_POLY1305_AEAD_IV_SIZE 12 |
| sPymbed | 0:1387ff3eed4a | 45 | #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 |
| sPymbed | 0:1387ff3eed4a | 46 | |
| sPymbed | 0:1387ff3eed4a | 47 | enum { |
| sPymbed | 0:1387ff3eed4a | 48 | CHACHA20_POLY_1305_ENC_TYPE = 8 /* cipher unique type */ |
| sPymbed | 0:1387ff3eed4a | 49 | }; |
| sPymbed | 0:1387ff3eed4a | 50 | |
| sPymbed | 0:1387ff3eed4a | 51 | /* |
| sPymbed | 0:1387ff3eed4a | 52 | * The IV for this implementation is 96 bits to give the most flexibility. |
| sPymbed | 0:1387ff3eed4a | 53 | * |
| sPymbed | 0:1387ff3eed4a | 54 | * Some protocols may have unique per-invocation inputs that are not |
| sPymbed | 0:1387ff3eed4a | 55 | * 96-bit in length. For example, IPsec may specify a 64-bit nonce. In |
| sPymbed | 0:1387ff3eed4a | 56 | * such a case, it is up to the protocol document to define how to |
| sPymbed | 0:1387ff3eed4a | 57 | * transform the protocol nonce into a 96-bit nonce, for example by |
| sPymbed | 0:1387ff3eed4a | 58 | * concatenating a constant value. |
| sPymbed | 0:1387ff3eed4a | 59 | */ |
| sPymbed | 0:1387ff3eed4a | 60 | |
| sPymbed | 0:1387ff3eed4a | 61 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 62 | int wc_ChaCha20Poly1305_Encrypt( |
| sPymbed | 0:1387ff3eed4a | 63 | const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], |
| sPymbed | 0:1387ff3eed4a | 64 | const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], |
| sPymbed | 0:1387ff3eed4a | 65 | const byte* inAAD, const word32 inAADLen, |
| sPymbed | 0:1387ff3eed4a | 66 | const byte* inPlaintext, const word32 inPlaintextLen, |
| sPymbed | 0:1387ff3eed4a | 67 | byte* outCiphertext, |
| sPymbed | 0:1387ff3eed4a | 68 | byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); |
| sPymbed | 0:1387ff3eed4a | 69 | |
| sPymbed | 0:1387ff3eed4a | 70 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 71 | int wc_ChaCha20Poly1305_Decrypt( |
| sPymbed | 0:1387ff3eed4a | 72 | const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], |
| sPymbed | 0:1387ff3eed4a | 73 | const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], |
| sPymbed | 0:1387ff3eed4a | 74 | const byte* inAAD, const word32 inAADLen, |
| sPymbed | 0:1387ff3eed4a | 75 | const byte* inCiphertext, const word32 inCiphertextLen, |
| sPymbed | 0:1387ff3eed4a | 76 | const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], |
| sPymbed | 0:1387ff3eed4a | 77 | byte* outPlaintext); |
| sPymbed | 0:1387ff3eed4a | 78 | |
| sPymbed | 0:1387ff3eed4a | 79 | #ifdef __cplusplus |
| sPymbed | 0:1387ff3eed4a | 80 | } /* extern "C" */ |
| sPymbed | 0:1387ff3eed4a | 81 | #endif |
| sPymbed | 0:1387ff3eed4a | 82 | |
| sPymbed | 0:1387ff3eed4a | 83 | #endif /* HAVE_CHACHA && HAVE_POLY1305 */ |
| sPymbed | 0:1387ff3eed4a | 84 | #endif /* WOLF_CRYPT_CHACHA20_POLY1305_H */ |
| sPymbed | 0:1387ff3eed4a | 85 |