summaryrefslogtreecommitdiff
path: root/cipher-chachapoly.c
diff options
context:
space:
mode:
Diffstat (limited to 'cipher-chachapoly.c')
-rw-r--r--cipher-chachapoly.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/cipher-chachapoly.c b/cipher-chachapoly.c
index 20628ab5d..91b0830fd 100644
--- a/cipher-chachapoly.c
+++ b/cipher-chachapoly.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: cipher-chachapoly.c,v 1.2 2013/11/21 02:50:00 djm Exp $ */ 17/* $OpenBSD: cipher-chachapoly.c,v 1.3 2013/12/15 21:42:35 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -38,20 +38,19 @@ void chachapoly_init(struct chachapoly_ctx *ctx,
38 38
39/* 39/*
40 * chachapoly_crypt() operates as following: 40 * chachapoly_crypt() operates as following:
41 * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. 41 * En/decrypt with header key 'aadlen' bytes from 'src', storing result
42 * Theses bytes are treated as additional authenticated data. 42 * to 'dest'. The ciphertext here is treated as additional authenticated
43 * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. 43 * data for MAC calculation.
44 * Use POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the 44 * En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use
45 * authentication tag. 45 * POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication
46 * This tag is written on encryption and verified on decryption. 46 * tag. This tag is written on encryption and verified on decryption.
47 * Both 'aadlen' and 'authlen' can be set to 0.
48 */ 47 */
49int 48int
50chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, 49chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
51 const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) 50 const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt)
52{ 51{
53 u_char seqbuf[8]; 52 u_char seqbuf[8];
54 u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB. little-endian */ 53 const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */
55 u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; 54 u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
56 int r = -1; 55 int r = -1;
57 56
@@ -76,7 +75,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
76 goto out; 75 goto out;
77 } 76 }
78 /* Crypt additional data */ 77 /* Crypt additional data */
79 if (aadlen) { 78 if (aadlen) {
80 chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL); 79 chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL);
81 chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen); 80 chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen);
82 } 81 }
@@ -97,6 +96,7 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
97 return r; 96 return r;
98} 97}
99 98
99/* Decrypt and extract the encrypted packet length */
100int 100int
101chachapoly_get_length(struct chachapoly_ctx *ctx, 101chachapoly_get_length(struct chachapoly_ctx *ctx,
102 u_int *plenp, u_int seqnr, const u_char *cp, u_int len) 102 u_int *plenp, u_int seqnr, const u_char *cp, u_int len)