48#if !defined(MBEDTLS_CONFIG_FILE)
51#include MBEDTLS_CONFIG_FILE
54#if defined(MBEDTLS_CHACHAPOLY_C)
61#if defined(MBEDTLS_SELF_TEST)
62#if defined(MBEDTLS_PLATFORM_C)
66#define mbedtls_printf printf
70#if !defined(MBEDTLS_CHACHAPOLY_ALT)
73#define CHACHAPOLY_VALIDATE_RET( cond ) \
74 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
75#define CHACHAPOLY_VALIDATE( cond ) \
76 MBEDTLS_INTERNAL_VALIDATE( cond )
78#define CHACHAPOLY_STATE_INIT ( 0 )
79#define CHACHAPOLY_STATE_AAD ( 1 )
80#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 )
81#define CHACHAPOLY_STATE_FINISHED ( 3 )
91 unsigned char zeroes[15];
93 if( partial_block_len == 0
U )
96 memset( zeroes, 0,
sizeof( zeroes ) );
100 16U - partial_block_len ) );
111 unsigned char zeroes[15];
113 if( partial_block_len == 0
U )
116 memset( zeroes, 0,
sizeof( zeroes ) );
119 16U - partial_block_len ) );
124 CHACHAPOLY_VALIDATE(
ctx !=
NULL );
129 ctx->ciphertext_len = 0
U;
130 ctx->state = CHACHAPOLY_STATE_INIT;
142 ctx->ciphertext_len = 0
U;
143 ctx->state = CHACHAPOLY_STATE_INIT;
148 const unsigned char key[32] )
151 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
152 CHACHAPOLY_VALIDATE_RET(
key !=
NULL );
160 const unsigned char nonce[12],
164 unsigned char poly1305_key[64];
165 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
166 CHACHAPOLY_VALIDATE_RET( nonce !=
NULL );
178 memset( poly1305_key, 0,
sizeof( poly1305_key ) );
180 poly1305_key, poly1305_key );
189 ctx->ciphertext_len = 0
U;
190 ctx->state = CHACHAPOLY_STATE_AAD;
200 const unsigned char *aad,
203 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
204 CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad !=
NULL );
206 if(
ctx->state != CHACHAPOLY_STATE_AAD )
209 ctx->aad_len += aad_len;
216 const unsigned char *
input,
217 unsigned char *output )
220 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
222 CHACHAPOLY_VALIDATE_RET(
len == 0 || output !=
NULL );
224 if( (
ctx->state != CHACHAPOLY_STATE_AAD ) &&
225 (
ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
230 if(
ctx->state == CHACHAPOLY_STATE_AAD )
232 ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
234 ret = chachapoly_pad_aad(
ctx );
239 ctx->ciphertext_len +=
len;
266 unsigned char mac[16] )
269 unsigned char len_block[16];
270 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
271 CHACHAPOLY_VALIDATE_RET( mac !=
NULL );
273 if(
ctx->state == CHACHAPOLY_STATE_INIT )
278 if(
ctx->state == CHACHAPOLY_STATE_AAD )
280 ret = chachapoly_pad_aad(
ctx );
284 else if(
ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
286 ret = chachapoly_pad_ciphertext(
ctx );
291 ctx->state = CHACHAPOLY_STATE_FINISHED;
296 len_block[ 0] = (
unsigned char)(
ctx->aad_len );
297 len_block[ 1] = (
unsigned char)(
ctx->aad_len >> 8 );
298 len_block[ 2] = (
unsigned char)(
ctx->aad_len >> 16 );
299 len_block[ 3] = (
unsigned char)(
ctx->aad_len >> 24 );
300 len_block[ 4] = (
unsigned char)(
ctx->aad_len >> 32 );
301 len_block[ 5] = (
unsigned char)(
ctx->aad_len >> 40 );
302 len_block[ 6] = (
unsigned char)(
ctx->aad_len >> 48 );
303 len_block[ 7] = (
unsigned char)(
ctx->aad_len >> 56 );
304 len_block[ 8] = (
unsigned char)(
ctx->ciphertext_len );
305 len_block[ 9] = (
unsigned char)(
ctx->ciphertext_len >> 8 );
306 len_block[10] = (
unsigned char)(
ctx->ciphertext_len >> 16 );
307 len_block[11] = (
unsigned char)(
ctx->ciphertext_len >> 24 );
308 len_block[12] = (
unsigned char)(
ctx->ciphertext_len >> 32 );
309 len_block[13] = (
unsigned char)(
ctx->ciphertext_len >> 40 );
310 len_block[14] = (
unsigned char)(
ctx->ciphertext_len >> 48 );
311 len_block[15] = (
unsigned char)(
ctx->ciphertext_len >> 56 );
325 const unsigned char nonce[12],
326 const unsigned char *aad,
328 const unsigned char *
input,
329 unsigned char *output,
330 unsigned char tag[16] )
354 const unsigned char nonce[12],
355 const unsigned char *aad,
357 const unsigned char *
input,
358 unsigned char *output,
359 unsigned char tag[16] )
361 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
362 CHACHAPOLY_VALIDATE_RET( nonce !=
NULL );
363 CHACHAPOLY_VALIDATE_RET(
tag !=
NULL );
364 CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad !=
NULL );
366 CHACHAPOLY_VALIDATE_RET(
length == 0 || output !=
NULL );
369 length, nonce, aad, aad_len,
375 const unsigned char nonce[12],
376 const unsigned char *aad,
378 const unsigned char tag[16],
379 const unsigned char *
input,
380 unsigned char *output )
383 unsigned char check_tag[16];
386 CHACHAPOLY_VALIDATE_RET(
ctx !=
NULL );
387 CHACHAPOLY_VALIDATE_RET( nonce !=
NULL );
388 CHACHAPOLY_VALIDATE_RET(
tag !=
NULL );
389 CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad !=
NULL );
391 CHACHAPOLY_VALIDATE_RET(
length == 0 || output !=
NULL );
393 if( (
ret = chachapoly_crypt_and_tag(
ctx,
395 aad, aad_len,
input, output, check_tag ) ) != 0 )
401 for( diff = 0,
i = 0;
i <
sizeof( check_tag );
i++ )
402 diff |=
tag[
i] ^ check_tag[
i];
415#if defined(MBEDTLS_SELF_TEST)
417static const unsigned char test_key[1][32] =
420 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
421 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
422 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
423 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
427static const unsigned char test_nonce[1][12] =
430 0x07, 0x00, 0x00, 0x00,
431 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47
435static const unsigned char test_aad[1][12] =
438 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
439 0xc4, 0xc5, 0xc6, 0xc7
443static const size_t test_aad_len[1] =
448static const unsigned char test_input[1][114] =
451 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
452 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
453 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
454 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
455 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
456 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
457 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
458 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
459 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
460 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
461 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
462 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
463 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
464 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
472 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
473 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
474 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
475 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
476 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
477 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
478 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
479 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
480 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
481 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
482 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
483 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
484 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
485 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
490static const size_t test_input_len[1] =
495static const unsigned char test_mac[1][16] =
498 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
499 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
503#define ASSERT( cond, args ) \
509 mbedtls_printf args; \
516int mbedtls_chachapoly_self_test(
int verbose )
521 unsigned char output[200];
522 unsigned char mac[16];
524 for(
i = 0
U;
i < 1U;
i++ )
532 ASSERT( 0 ==
ret, (
"setkey() error code: %i\n",
ret ) );
543 ASSERT( 0 ==
ret, (
"crypt_and_tag() error code: %i\n",
ret ) );
546 (
"failure (wrong output)\n" ) );
549 (
"failure (wrong MAC)\n" ) );
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
This function releases and clears the specified ChaCha20 context.
int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx, const unsigned char key[32])
This function sets the encryption/decryption key.
void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx)
This function initializes the specified ChaCha20 context.
int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, const unsigned char nonce[12], uint32_t counter)
This function sets the nonce and initial counter value.
int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx, size_t size, const unsigned char *input, unsigned char *output)
This function encrypts or decrypts data.
This file contains the AEAD-ChaCha20-Poly1305 definitions and functions.
int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, unsigned char mac[16])
This function finished the ChaCha20-Poly1305 operation and generates the MAC (authentication tag).
void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
This function initializes the specified ChaCha20-Poly1305 context.
int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, const unsigned char nonce[12], mbedtls_chachapoly_mode_t mode)
This function starts a ChaCha20-Poly1305 encryption or decryption operation.
int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, const unsigned char key[32])
This function sets the ChaCha20-Poly1305 symmetric encryption key.
int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, size_t len, const unsigned char *input, unsigned char *output)
Thus function feeds data to be encrypted or decrypted into an on-going ChaCha20-Poly1305 operation.
#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
This function releases and clears the specified ChaCha20-Poly1305 context.
int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, size_t length, const unsigned char nonce[12], const unsigned char *aad, size_t aad_len, const unsigned char *input, unsigned char *output, unsigned char tag[16])
This function performs a complete ChaCha20-Poly1305 authenticated encryption with the previously-set ...
#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
mbedtls_chachapoly_mode_t
@ MBEDTLS_CHACHAPOLY_ENCRYPT
@ MBEDTLS_CHACHAPOLY_DECRYPT
int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, size_t length, const unsigned char nonce[12], const unsigned char *aad, size_t aad_len, const unsigned char tag[16], const unsigned char *input, unsigned char *output)
This function performs a complete ChaCha20-Poly1305 authenticated decryption with the previously-set ...
int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, const unsigned char *aad, size_t aad_len)
This function feeds additional data to be authenticated into an ongoing ChaCha20-Poly1305 operation.
static void cleanup(void)
GLuint GLsizei GLsizei * length
GLenum GLenum GLenum input
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
static void test_output(const char *out_data, DWORD out_size, const char *exp_data, DWORD exp_size)
static void test_mac(void)
int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx, const unsigned char *input, size_t ilen)
This functions feeds an input buffer into an ongoing Poly1305 computation.
int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx, unsigned char mac[16])
This function generates the Poly1305 Message Authentication Code (MAC).
void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx)
This function initializes the specified Poly1305 context.
int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx, const unsigned char key[32])
This function sets the one-time authentication key.
void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx)
This function releases and clears the specified Poly1305 context.
Configuration options (set of defines)