include/crypto/chacha.h

   1 /*
   2  * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OSSL_CRYPTO_CHACHA_H
  11 #define OSSL_CRYPTO_CHACHA_H
  12 # pragma once
  13
  14 #include <stddef.h>
  15
  16 /*
  17  * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
  18  * nonce and writes the result to |out|, which may be equal to |inp|.
  19  * The |key| is not 32 bytes of verbatim key material though, but the
  20  * said material collected into 8 32-bit elements array in host byte
  21  * order. Same approach applies to nonce: the |counter| argument is
  22  * pointer to concatenated nonce and counter values collected into 4
  23  * 32-bit elements. This, passing crypto material collected into 32-bit
  24  * elements as opposite to passing verbatim byte vectors, is chosen for
  25  * efficiency in multi-call scenarios.
  26  */
  27 void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
  28                     size_t len, const unsigned int key[8],
  29                     const unsigned int counter[4]);
  30 /*
  31  * You can notice that there is no key setup procedure. Because it's
  32  * as trivial as collecting bytes into 32-bit elements, it's reckoned
  33  * that below macro is sufficient.
  34  */
  35 #define CHACHA_U8TOU32(p)  ( \
  36                 ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
  37                 ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
  38
  39 #define CHACHA_KEY_SIZE         32
  40 #define CHACHA_CTR_SIZE         16
  41 #define CHACHA_BLK_SIZE         64
  42
  43 #endif