2 * The MIT License (MIT)
4 * Copyright (c) 2015 Grigori Goronzy <goronzy@kinoho.net>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in all
14 * copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #define CHACHAPOLY_OK 0
32 #define CHACHAPOLY_INVALID_MAC -1
34 struct chachapoly_ctx {
35 struct chacha_ctx cha_ctx;
39 * Initialize ChaCha20-Poly1305 AEAD.
40 * For RFC 7539 conformant AEAD, 256 bit keys must be used.
42 * \param ctx context data
43 * \param key 16 or 32 bytes of key material
44 * \param key_len key length, 256 or 512 bits
45 * \return success if 0
47 int chachapoly_init(struct chachapoly_ctx *ctx, const void *key, int key_len);
50 * Encrypt or decrypt with ChaCha20-Poly1305. The AEAD construction conforms
53 * \param ctx context data
54 * \param nonce nonce (12 bytes)
55 * \param ad associated data
56 * \param ad_len associated data length in bytes
57 * \param input plaintext/ciphertext input
58 * \param input_len input length in bytes;
59 * \param output plaintext/ciphertext output
60 * \param tag tag output
61 * \param tag_len tag length in bytes (0-16);
62 if 0, authentification is skipped
63 * \param encrypt decrypt if 0, else encrypt
64 * \return CHACHAPOLY_OK if no error, CHACHAPOLY_INVALID_MAC if auth
65 * failed when decrypting
67 int chachapoly_crypt(struct chachapoly_ctx *ctx, const void *nonce,
68 const void *ad, int ad_len, void *input, int input_len,
69 void *output, void *tag, int tag_len, int encrypt);
72 * Encrypt or decrypt with Chacha20-Poly1305 for short messages.
73 * The AEAD construction is different from chachapoly_crypt, but more
74 * efficient for small messages. Up to 32 bytes can be encrypted. The size
75 * of associated data is not restricted. The interface is similar to
78 int chachapoly_crypt_short(struct chachapoly_ctx *ctx, const void *nonce,
79 const void *ad, int ad_len, void *input, int input_len,
80 void *output, void *tag, int tag_len, int encrypt);