web/server/h2o/libh2o/deps/picotls/deps/cifra/src/chacha20poly1305.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

/*
 * cifra - embedded cryptography library
 * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
 *
 * To the extent possible under law, the author(s) have dedicated all
 * copyright and related and neighboring rights to this software to the
 * public domain worldwide. This software is distributed without any
 * warranty.
 *
 * You should have received a copy of the CC0 Public Domain Dedication
 * along with this software. If not, see
 * <http://creativecommons.org/publicdomain/zero/1.0/>.
 */

#ifndef CHACHA20POLY1305_H
#define CHACHA20POLY1305_H

#include <stdint.h>
#include <stddef.h>

/**
 * The ChaCha20-Poly1305 AEAD construction
 * =======================================
 * This is a composition of the ChaCha20 stream cipher and
 * the Poly1305 polynomial MAC to form an AEAD.
 * It's specified for use in TLS in the form of RFC7539.
 *
 * It uses a 256-bit key and a 96-bit nonce.
 *
 * This is a one-shot interface.
 */

/* .. c:function:: $DECL
 * ChaCha20-Poly1305 authenticated encryption.
 *
 * :param key: key material.
 * :param nonce: per-message nonce.
 * :param header: header buffer.
 * :param nheader: number of header bytes.
 * :param plaintext: plaintext bytes to be encrypted.
 * :param nbytes: number of plaintext/ciphertext bytes.
 * :param ciphertext: ciphertext output buffer, nbytes in length.
 * :param tag: authentication tag output buffer.
 */
void cf_chacha20poly1305_encrypt(const uint8_t key[32],
                                 const uint8_t nonce[12],
                                 const uint8_t *header, size_t nheader,
                                 const uint8_t *plaintext, size_t nbytes,
                                 uint8_t *ciphertext,
                                 uint8_t tag[16]);

/* .. c:function:: $DECL
 * ChaCha20-Poly1305 authenticated decryption.
 *
 * :return: 0 on success, non-zero on error.  Plaintext is zeroed on error.
 *
 * :param key: key material.
 * :param nonce: per-message nonce.
 * :param header: header buffer.
 * :param nheader: number of header bytes.
 * :param ciphertext: ciphertext bytes to be decrypted.
 * :param nbytes: number of plaintext/ciphertext bytes.
 * :param plaintext: plaintext output buffer, nbytes in length.
 * :param tag: authentication tag output buffer.
 */
int cf_chacha20poly1305_decrypt(const uint8_t key[32],
                                const uint8_t nonce[12],
                                const uint8_t *header, size_t nheader,
                                const uint8_t *ciphertext, size_t nbytes,
                                const uint8_t tag[16],
                                uint8_t *plaintext);

#endif