Lines Matching refs:ctx
63 static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) in chachapoly_pad_aad() argument
65 uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U ); in chachapoly_pad_aad()
73 return( mbedtls_poly1305_update( &ctx->poly1305_ctx, in chachapoly_pad_aad()
83 static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) in chachapoly_pad_ciphertext() argument
85 uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U ); in chachapoly_pad_ciphertext()
92 return( mbedtls_poly1305_update( &ctx->poly1305_ctx, in chachapoly_pad_ciphertext()
97 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) in mbedtls_chachapoly_init() argument
99 CHACHAPOLY_VALIDATE( ctx != NULL ); in mbedtls_chachapoly_init()
101 mbedtls_chacha20_init( &ctx->chacha20_ctx ); in mbedtls_chachapoly_init()
102 mbedtls_poly1305_init( &ctx->poly1305_ctx ); in mbedtls_chachapoly_init()
103 ctx->aad_len = 0U; in mbedtls_chachapoly_init()
104 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_init()
105 ctx->state = CHACHAPOLY_STATE_INIT; in mbedtls_chachapoly_init()
106 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; in mbedtls_chachapoly_init()
109 void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) in mbedtls_chachapoly_free() argument
111 if( ctx == NULL ) in mbedtls_chachapoly_free()
114 mbedtls_chacha20_free( &ctx->chacha20_ctx ); in mbedtls_chachapoly_free()
115 mbedtls_poly1305_free( &ctx->poly1305_ctx ); in mbedtls_chachapoly_free()
116 ctx->aad_len = 0U; in mbedtls_chachapoly_free()
117 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_free()
118 ctx->state = CHACHAPOLY_STATE_INIT; in mbedtls_chachapoly_free()
119 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; in mbedtls_chachapoly_free()
122 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_setkey() argument
126 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_setkey()
129 ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); in mbedtls_chachapoly_setkey()
134 int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_starts() argument
140 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_starts()
144 ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); in mbedtls_chachapoly_starts()
154 ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ), in mbedtls_chachapoly_starts()
159 ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key ); in mbedtls_chachapoly_starts()
163 ctx->aad_len = 0U; in mbedtls_chachapoly_starts()
164 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_starts()
165 ctx->state = CHACHAPOLY_STATE_AAD; in mbedtls_chachapoly_starts()
166 ctx->mode = mode; in mbedtls_chachapoly_starts()
174 int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_update_aad() argument
178 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_update_aad()
181 if( ctx->state != CHACHAPOLY_STATE_AAD ) in mbedtls_chachapoly_update_aad()
184 ctx->aad_len += aad_len; in mbedtls_chachapoly_update_aad()
186 return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) ); in mbedtls_chachapoly_update_aad()
189 int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_update() argument
195 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_update()
199 if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && in mbedtls_chachapoly_update()
200 ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) in mbedtls_chachapoly_update()
205 if( ctx->state == CHACHAPOLY_STATE_AAD ) in mbedtls_chachapoly_update()
207 ctx->state = CHACHAPOLY_STATE_CIPHERTEXT; in mbedtls_chachapoly_update()
209 ret = chachapoly_pad_aad( ctx ); in mbedtls_chachapoly_update()
214 ctx->ciphertext_len += len; in mbedtls_chachapoly_update()
216 if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT ) in mbedtls_chachapoly_update()
218 ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); in mbedtls_chachapoly_update()
222 ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len ); in mbedtls_chachapoly_update()
228 ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len ); in mbedtls_chachapoly_update()
232 ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); in mbedtls_chachapoly_update()
240 int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_finish() argument
245 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_finish()
248 if( ctx->state == CHACHAPOLY_STATE_INIT ) in mbedtls_chachapoly_finish()
253 if( ctx->state == CHACHAPOLY_STATE_AAD ) in mbedtls_chachapoly_finish()
255 ret = chachapoly_pad_aad( ctx ); in mbedtls_chachapoly_finish()
259 else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT ) in mbedtls_chachapoly_finish()
261 ret = chachapoly_pad_ciphertext( ctx ); in mbedtls_chachapoly_finish()
266 ctx->state = CHACHAPOLY_STATE_FINISHED; in mbedtls_chachapoly_finish()
271 len_block[ 0] = (unsigned char)( ctx->aad_len ); in mbedtls_chachapoly_finish()
272 len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 ); in mbedtls_chachapoly_finish()
273 len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 ); in mbedtls_chachapoly_finish()
274 len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 ); in mbedtls_chachapoly_finish()
275 len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 ); in mbedtls_chachapoly_finish()
276 len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 ); in mbedtls_chachapoly_finish()
277 len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 ); in mbedtls_chachapoly_finish()
278 len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 ); in mbedtls_chachapoly_finish()
279 len_block[ 8] = (unsigned char)( ctx->ciphertext_len ); in mbedtls_chachapoly_finish()
280 len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 ); in mbedtls_chachapoly_finish()
281 len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 ); in mbedtls_chachapoly_finish()
282 len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 ); in mbedtls_chachapoly_finish()
283 len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 ); in mbedtls_chachapoly_finish()
284 len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 ); in mbedtls_chachapoly_finish()
285 len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 ); in mbedtls_chachapoly_finish()
286 len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 ); in mbedtls_chachapoly_finish()
288 ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); in mbedtls_chachapoly_finish()
292 ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); in mbedtls_chachapoly_finish()
297 static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, in chachapoly_crypt_and_tag() argument
309 ret = mbedtls_chachapoly_starts( ctx, nonce, mode ); in chachapoly_crypt_and_tag()
313 ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len ); in chachapoly_crypt_and_tag()
317 ret = mbedtls_chachapoly_update( ctx, length, input, output ); in chachapoly_crypt_and_tag()
321 ret = mbedtls_chachapoly_finish( ctx, tag ); in chachapoly_crypt_and_tag()
327 int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_encrypt_and_tag() argument
336 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_encrypt_and_tag()
343 return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, in mbedtls_chachapoly_encrypt_and_tag()
348 int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_auth_decrypt() argument
361 CHACHAPOLY_VALIDATE_RET( ctx != NULL ); in mbedtls_chachapoly_auth_decrypt()
368 if( ( ret = chachapoly_crypt_and_tag( ctx, in mbedtls_chachapoly_auth_decrypt()
493 mbedtls_chachapoly_context ctx; in mbedtls_chachapoly_self_test() local
504 mbedtls_chachapoly_init( &ctx ); in mbedtls_chachapoly_self_test()
506 ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] ); in mbedtls_chachapoly_self_test()
509 ret = mbedtls_chachapoly_encrypt_and_tag( &ctx, in mbedtls_chachapoly_self_test()
526 mbedtls_chachapoly_free( &ctx ); in mbedtls_chachapoly_self_test()