1 /* SPDX-License-Identifier: MIT
3 * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4 * Copyright (c) 2022 The FreeBSD Foundation
10 #include <sys/param.h>
11 #include <sys/endian.h>
12 #include <crypto/chacha20_poly1305.h>
13 #include <crypto/curve25519.h>
17 int crypto_init(void);
18 void crypto_deinit(void);
20 enum chacha20poly1305_lengths {
21 XCHACHA20POLY1305_NONCE_SIZE = 24,
22 CHACHA20POLY1305_KEY_SIZE = 32,
23 CHACHA20POLY1305_AUTHTAG_SIZE = 16
27 chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
28 const uint8_t *ad, const size_t ad_len,
30 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
32 uint8_t nonce_bytes[8];
34 le64enc(nonce_bytes, nonce);
35 chacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len,
36 nonce_bytes, sizeof(nonce_bytes), key);
40 chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
41 const uint8_t *ad, const size_t ad_len,
43 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
45 uint8_t nonce_bytes[8];
47 le64enc(nonce_bytes, nonce);
48 return (chacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len,
49 nonce_bytes, sizeof(nonce_bytes), key));
53 xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src,
54 const size_t src_len, const uint8_t *ad,
56 const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
57 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
59 xchacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len, nonce, key);
63 xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src,
64 const size_t src_len, const uint8_t *ad,
66 const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
67 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
69 return (xchacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len, nonce, key));
73 chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce,
74 const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
77 chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce,
78 const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
81 enum blake2s_lengths {
82 BLAKE2S_BLOCK_SIZE = 64,
83 BLAKE2S_HASH_SIZE = 32,
87 #ifdef COMPAT_NEED_BLAKE2S
88 struct blake2s_state {
92 uint8_t buf[BLAKE2S_BLOCK_SIZE];
97 void blake2s_init(struct blake2s_state *state, const size_t outlen);
99 void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
100 const uint8_t *key, const size_t keylen);
102 void blake2s_update(struct blake2s_state *state, const uint8_t *in, size_t inlen);
104 void blake2s_final(struct blake2s_state *state, uint8_t *out);
106 static inline void blake2s(uint8_t *out, const uint8_t *in, const uint8_t *key,
107 const size_t outlen, const size_t inlen, const size_t keylen)
109 struct blake2s_state state;
112 blake2s_init_key(&state, outlen, key, keylen);
114 blake2s_init(&state, outlen);
116 blake2s_update(&state, in, inlen);
117 blake2s_final(&state, out);