123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 |
- /**
- * Copyright (c) 2016 - 2019, Nordic Semiconductor ASA
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form, except as embedded into a Nordic
- * Semiconductor ASA integrated circuit in a product or a software update for
- * such product, must reproduce the above copyright notice, this list of
- * conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution.
- *
- * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
- * contributors may be used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * 4. This software, with or without modification, must only be used with a
- * Nordic Semiconductor ASA integrated circuit.
- *
- * 5. Any software provided in binary form under this license must not be reverse
- * engineered, decompiled, modified and/or disassembled.
- *
- * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- /*!
- * @brief ChaCha20 is a stream cipher developed by Daniel J. Bernstein based on the 20-round cipher Salsa20/20.
- */
- /**@file
- * A 256-bit key is expanded into 2^64 randomly accessible streams, each
- * containing 2^64 randomly accessible 64-byte (512 bits) blocks.
- *
- * The changes from Salsa20/20 to ChaCha20 are designed to improve diffusion per
- * round, conjecturally increasing resistance to cryptanalysis, while
- * preserving - and often improving - time per round.
- *
- * @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
- * @see [The ChaCha family of stream ciphers](http://cr.yp.to/chacha.html)
- */
- #ifndef OCC_CHACHA20_H
- #define OCC_CHACHA20_H
- #include <stdint.h>
- #include <stddef.h>
- /**
- * Length of the encryption key.
- */
- #define occ_chacha20_KEY_BYTES (32)
- /**
- * Maximum length of the nonce.
- */
- #define occ_chacha20_NONCE_BYTES_MAX (12)
- /**
- * ChaCha20 cipher stream generator.
- *
- * The encryption key @p k, the nonce @p n and the initial block counter
- * @p count are used to generate a pseudo random cipher stream.
- *
- * Possible applications include key generation and random number generation.
- *
- * **Example**
- * @include occ_chacha20_stream.c
- *
- * @param[out] c Generated cipher stream.
- * @param c_len Length of @p c.
- * @param n Nonce.
- * @param n_len Nonce length. 0 <= @p n_len <= @c occ_chacha20_NONCE_BYTES_MAX.
- * @param k Encryption key.
- * @param count Initial block counter.
- *
- * @remark When reusing an encryption key @p k, a different nonce @p n or
- * initial block counter @p count must be used.
- *
- * @remark This function is equivalent to @c chacha20_stream_xor with a
- * message @p m consisting of @p c_len zeroes.
- */
- void occ_chacha20_stream(uint8_t *c, size_t c_len,
- const uint8_t *n, size_t n_len,
- const uint8_t k[occ_chacha20_KEY_BYTES],
- uint32_t count);
- /**
- * ChaCha20 cipher stream encoder.
- *
- * The message @p m is encrypted by applying the XOR operation with a pseudo
- * random cipher stream derived from the encryption key @p k, the nonce @p n and
- * the initial block counter @p count.
- *
- * Calling the function a second time with the generated ciphertext as input
- * message @p m decrypts it back to the original message.
- *
- * **Example**
- * @include occ_chacha20_stream_xor.c
- *
- * @param[out] c Generated ciphertext. Same length as input message.
- * @param m Input message.
- * @param m_len Length of @p c and @p m.
- * @param n Nonce.
- * @param n_len Nonce length. 0 <= @p n_len <= @c occ_chacha20_NONCE_BYTES_MAX.
- * @param k Encryption key.
- * @param count Initial block counter.
- *
- * @remark @p c and @p m can point to the same address.
- *
- * @remark When reusing an encryption key @p k for a different message @p m, a
- * different nonce @p n or initial block counter @p count must be used.
- */
- void occ_chacha20_stream_xor(uint8_t *c,
- const uint8_t *m, size_t m_len,
- const uint8_t *n, size_t n_len,
- const uint8_t k[occ_chacha20_KEY_BYTES],
- uint32_t count);
- #endif
|