crypto/include/internal/chacha.h

   1 /*
   2  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef HEADER_CHACHA_H
  11 #define HEADER_CHACHA_H
  12
  13 #include <stddef.h>
  14
  15 /*
  16  * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
  17  * nonce and writes the result to |out|, which may be equal to |inp|.
  18  * The |key| is not 32 bytes of verbatim key material though, but the
  19  * said material collected into 8 32-bit elements array in host byte
  20  * order. Same approach applies to nonce: the |counter| argument is
  21  * pointer to concatenated nonce and counter values collected into 4
  22  * 32-bit elements. This, passing crypto material collected into 32-bit
  23  * elements as opposite to passing verbatim byte vectors, is chosen for
  24  * efficiency in multi-call scenarios.
  25  */
  26 void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
  27                     size_t len, const unsigned int key[8],
  28                     const unsigned int counter[4]);
  29 /*
  30  * You can notice that there is no key setup procedure. Because it's
  31  * as trivial as collecting bytes into 32-bit elements, it's reckoned
  32  * that below macro is sufficient.
  33  */
  34 #define CHACHA_U8TOU32(p)  ( \
  35                 ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
  36                 ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
  37
  38 #define CHACHA_KEY_SIZE         32
  39 #define CHACHA_CTR_SIZE         16
  40 #define CHACHA_BLK_SIZE         64
  41
  42 #endif