| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #ifndef OSSL_CRYPTO_CHACHA_H |
| 11 | #define OSSL_CRYPTO_CHACHA_H |
| 12 | |
| 13 | #include <stddef.h> |
| 14 | |
| 15 | /* |
| 16 | * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and |
| 17 | * nonce and writes the result to |out|, which may be equal to |inp|. |
| 18 | * The |key| is not 32 bytes of verbatim key material though, but the |
| 19 | * said material collected into 8 32-bit elements array in host byte |
| 20 | * order. Same approach applies to nonce: the |counter| argument is |
| 21 | * pointer to concatenated nonce and counter values collected into 4 |
| 22 | * 32-bit elements. This, passing crypto material collected into 32-bit |
| 23 | * elements as opposite to passing verbatim byte vectors, is chosen for |
| 24 | * efficiency in multi-call scenarios. |
| 25 | */ |
| 26 | void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, |
| 27 | size_t len, const unsigned int key[8], |
| 28 | const unsigned int counter[4]); |
| 29 | /* |
| 30 | * You can notice that there is no key setup procedure. Because it's |
| 31 | * as trivial as collecting bytes into 32-bit elements, it's reckoned |
| 32 | * that below macro is sufficient. |
| 33 | */ |
| 34 | #define CHACHA_U8TOU32(p) ( \ |
| 35 | ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ |
| 36 | ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) |
| 37 | |
| 38 | #define CHACHA_KEY_SIZE 32 |
| 39 | #define CHACHA_CTR_SIZE 16 |
| 40 | #define CHACHA_BLK_SIZE 64 |
| 41 | |
| 42 | #endif |