1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 
4 #include "tomcrypt_private.h"
5 
6 #ifdef LTC_CHACHA20POLY1305_MODE
7 
8 /**
9   Process an entire GCM packet in one call.
10   @param key               The secret key
11   @param keylen            The length of the secret key
12   @param iv                The initialization vector
13   @param ivlen             The length of the initialization vector
14   @param aad               The additional authentication data (header)
15   @param aadlen            The length of the aad
16   @param in                The plaintext
17   @param inlen             The length of the plaintext (ciphertext length is the same)
18   @param out               The ciphertext
19   @param tag               [out] The MAC tag
20   @param taglen            [in/out] The MAC tag length
21   @param direction         Encrypt or Decrypt mode (CHACHA20POLY1305_ENCRYPT or CHACHA20POLY1305_DECRYPT)
22   @return CRYPT_OK on success
23  */
chacha20poly1305_memory(const unsigned char * key,unsigned long keylen,const unsigned char * iv,unsigned long ivlen,const unsigned char * aad,unsigned long aadlen,const unsigned char * in,unsigned long inlen,unsigned char * out,unsigned char * tag,unsigned long * taglen,int direction)24 int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
25                             const unsigned char *iv,  unsigned long ivlen,
26                             const unsigned char *aad, unsigned long aadlen,
27                             const unsigned char *in,  unsigned long inlen,
28                                   unsigned char *out,
29                                   unsigned char *tag, unsigned long *taglen,
30                             int direction)
31 {
32    chacha20poly1305_state st;
33    int err;
34 
35    LTC_ARGCHK(key != NULL);
36    LTC_ARGCHK(iv  != NULL);
37    LTC_ARGCHK(in  != NULL);
38    LTC_ARGCHK(out != NULL);
39    LTC_ARGCHK(tag != NULL);
40    LTC_ARGCHK(taglen != NULL);
41 
42    if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK)          { goto LBL_ERR; }
43    if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK)           { goto LBL_ERR; }
44    if (aad && aadlen > 0) {
45       if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK)    { goto LBL_ERR; }
46    }
47    if (direction == CHACHA20POLY1305_ENCRYPT) {
48       if ((err = chacha20poly1305_encrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
49       if ((err = chacha20poly1305_done(&st, tag, taglen)) != CRYPT_OK)       { goto LBL_ERR; }
50    }
51    else if (direction == CHACHA20POLY1305_DECRYPT) {
52       unsigned char buf[MAXBLOCKSIZE];
53       unsigned long buflen = sizeof(buf);
54       if ((err = chacha20poly1305_decrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
55       if ((err = chacha20poly1305_done(&st, buf, &buflen)) != CRYPT_OK)      { goto LBL_ERR; }
56       if (buflen != *taglen || XMEM_NEQ(buf, tag, buflen) != 0) {
57          err = CRYPT_ERROR;
58          goto LBL_ERR;
59       }
60    }
61    else {
62       err = CRYPT_INVALID_ARG;
63       goto LBL_ERR;
64    }
65 LBL_ERR:
66 #ifdef LTC_CLEAN_STACK
67    zeromem(&st, sizeof(chacha20poly1305_state));
68 #endif
69    return err;
70 }
71 
72 #endif
73