occ_chacha20.h 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. /**
  2. * Copyright (c) 2016 - 2018, Nordic Semiconductor ASA
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without modification,
  7. * are permitted provided that the following conditions are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright notice, this
  10. * list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form, except as embedded into a Nordic
  13. * Semiconductor ASA integrated circuit in a product or a software update for
  14. * such product, must reproduce the above copyright notice, this list of
  15. * conditions and the following disclaimer in the documentation and/or other
  16. * materials provided with the distribution.
  17. *
  18. * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
  19. * contributors may be used to endorse or promote products derived from this
  20. * software without specific prior written permission.
  21. *
  22. * 4. This software, with or without modification, must only be used with a
  23. * Nordic Semiconductor ASA integrated circuit.
  24. *
  25. * 5. Any software provided in binary form under this license must not be reverse
  26. * engineered, decompiled, modified and/or disassembled.
  27. *
  28. * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
  29. * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  30. * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
  31. * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
  32. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  33. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  34. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  37. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  38. *
  39. */
  40. /*!
  41. * @brief ChaCha20 is a stream cipher developed by Daniel J. Bernstein based on the 20-round cipher Salsa20/20.
  42. */
  43. /**@file
  44. * A 256-bit key is expanded into 2^64 randomly accessible streams, each
  45. * containing 2^64 randomly accessible 64-byte (512 bits) blocks.
  46. *
  47. * The changes from Salsa20/20 to ChaCha20 are designed to improve diffusion per
  48. * round, conjecturally increasing resistance to cryptanalysis, while
  49. * preserving - and often improving - time per round.
  50. *
  51. * @see [RFC 7539 - ChaCha20 and Poly1305 for IETF Protocols](http://tools.ietf.org/html/rfc7539)
  52. * @see [The ChaCha family of stream ciphers](http://cr.yp.to/chacha.html)
  53. */
  54. #ifndef OCC_CHACHA20_H
  55. #define OCC_CHACHA20_H
  56. #include <stdint.h>
  57. #include <stddef.h>
  58. /**
  59. * Length of the encryption key.
  60. */
  61. #define occ_chacha20_KEY_BYTES (32)
  62. /**
  63. * Maximum length of the nonce.
  64. */
  65. #define occ_chacha20_NONCE_BYTES_MAX (12)
  66. /**
  67. * ChaCha20 cipher stream generator.
  68. *
  69. * The encryption key @p k, the nonce @p n and the initial block counter
  70. * @p count are used to generate a pseudo random cipher stream.
  71. *
  72. * Possible applications include key generation and random number generation.
  73. *
  74. * **Example**
  75. * @include occ_chacha20_stream.c
  76. *
  77. * @param[out] c Generated cipher stream.
  78. * @param c_len Length of @p c.
  79. * @param n Nonce.
  80. * @param n_len Nonce length. 0 <= @p n_len <= @c occ_chacha20_NONCE_BYTES_MAX.
  81. * @param k Encryption key.
  82. * @param count Initial block counter.
  83. *
  84. * @remark When reusing an encryption key @p k, a different nonce @p n or
  85. * initial block counter @p count must be used.
  86. *
  87. * @remark This function is equivalent to @c chacha20_stream_xor with a
  88. * message @p m consisting of @p c_len zeroes.
  89. */
  90. void occ_chacha20_stream(uint8_t *c, size_t c_len,
  91. const uint8_t *n, size_t n_len,
  92. const uint8_t k[occ_chacha20_KEY_BYTES],
  93. uint32_t count);
  94. /**
  95. * ChaCha20 cipher stream encoder.
  96. *
  97. * The message @p m is encrypted by applying the XOR operation with a pseudo
  98. * random cipher stream derived from the encryption key @p k, the nonce @p n and
  99. * the initial block counter @p count.
  100. *
  101. * Calling the function a second time with the generated ciphertext as input
  102. * message @p m decrypts it back to the original message.
  103. *
  104. * **Example**
  105. * @include occ_chacha20_stream_xor.c
  106. *
  107. * @param[out] c Generated ciphertext. Same length as input message.
  108. * @param m Input message.
  109. * @param m_len Length of @p c and @p m.
  110. * @param n Nonce.
  111. * @param n_len Nonce length. 0 <= @p n_len <= @c occ_chacha20_NONCE_BYTES_MAX.
  112. * @param k Encryption key.
  113. * @param count Initial block counter.
  114. *
  115. * @remark @p c and @p m can point to the same address.
  116. *
  117. * @remark When reusing an encryption key @p k for a different message @p m, a
  118. * different nonce @p n or initial block counter @p count must be used.
  119. */
  120. void occ_chacha20_stream_xor(uint8_t *c,
  121. const uint8_t *m, size_t m_len,
  122. const uint8_t *n, size_t n_len,
  123. const uint8_t k[occ_chacha20_KEY_BYTES],
  124. uint32_t count);
  125. #endif