| 1 | // chacha.h - written and placed in the public domain by Jeffrey Walton. |
|---|
| 2 | // Copyright assigned to the Crypto++ project. |
|---|
| 3 | // Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha |
|---|
| 4 | // family implementation at http://cr.yp.to/chacha.html. |
|---|
| 5 | |
|---|
| 6 | //! \file chacha.h |
|---|
| 7 | //! \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers |
|---|
| 8 | //! \details Crypto++ provides Bernstein and ECRYPT's ChaCha from <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, |
|---|
| 9 | //! a variant of Salsa20</a> (2008.01.28). Bernstein's implementation is _slightly_ different from the TLS working group's |
|---|
| 10 | //! implementation for cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>, |
|---|
| 11 | //! <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. |
|---|
| 12 | //! \since Crypto++ 5.6.4 |
|---|
| 13 | |
|---|
| 14 | #ifndef CRYPTOPP_CHACHA_H |
|---|
| 15 | #define CRYPTOPP_CHACHA_H |
|---|
| 16 | |
|---|
| 17 | #include "strciphr.h" |
|---|
| 18 | #include "secblock.h" |
|---|
| 19 | |
|---|
| 20 | NAMESPACE_BEGIN(CryptoPP) |
|---|
| 21 | |
|---|
| 22 | //! \class ChaCha_Info |
|---|
| 23 | //! \brief ChaCha stream cipher information |
|---|
| 24 | //! \since Crypto++ 5.6.4 |
|---|
| 25 | template <unsigned int R> |
|---|
| 26 | struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds<R> |
|---|
| 27 | { |
|---|
| 28 | CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() { |
|---|
| 29 | return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha"))); |
|---|
| 30 | } |
|---|
| 31 | }; |
|---|
| 32 | |
|---|
| 33 | //! \class ChaCha_Policy |
|---|
| 34 | //! \brief ChaCha stream cipher implementation |
|---|
| 35 | //! \since Crypto++ 5.6.4 |
|---|
| 36 | template <unsigned int R> |
|---|
| 37 | class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<word32, 16> |
|---|
| 38 | { |
|---|
| 39 | protected: |
|---|
| 40 | CRYPTOPP_CONSTANT(ROUNDS=FixedRounds<R>::ROUNDS) |
|---|
| 41 | |
|---|
| 42 | void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); |
|---|
| 43 | void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); |
|---|
| 44 | void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); |
|---|
| 45 | bool CipherIsRandomAccess() const {return false;} // TODO |
|---|
| 46 | void SeekToIteration(lword iterationCount); |
|---|
| 47 | unsigned int GetAlignment() const; |
|---|
| 48 | unsigned int GetOptimalBlockSize() const; |
|---|
| 49 | |
|---|
| 50 | FixedSizeAlignedSecBlock<word32, 16> m_state; |
|---|
| 51 | }; |
|---|
| 52 | |
|---|
| 53 | //! \class ChaCha8 |
|---|
| 54 | //! \brief ChaCha8 stream cipher |
|---|
| 55 | //! \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28). |
|---|
| 56 | //! \since Crypto++ 5.6.4 |
|---|
| 57 | struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation |
|---|
| 58 | { |
|---|
| 59 | typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<8>, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption; |
|---|
| 60 | typedef Encryption Decryption; |
|---|
| 61 | }; |
|---|
| 62 | |
|---|
| 63 | //! \class ChaCha12 |
|---|
| 64 | //! \brief ChaCha12 stream cipher |
|---|
| 65 | //! \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for |
|---|
| 66 | //! cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>, |
|---|
| 67 | //! <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. |
|---|
| 68 | //! \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28). |
|---|
| 69 | //! \since Crypto++ 5.6.4 |
|---|
| 70 | struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation |
|---|
| 71 | { |
|---|
| 72 | typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<12>, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption; |
|---|
| 73 | typedef Encryption Decryption; |
|---|
| 74 | }; |
|---|
| 75 | |
|---|
| 76 | //! \class ChaCha20 |
|---|
| 77 | //! \brief ChaCha20 stream cipher |
|---|
| 78 | //! \sa <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28). |
|---|
| 79 | //! \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for |
|---|
| 80 | //! cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>, |
|---|
| 81 | //! <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>. |
|---|
| 82 | //! \since Crypto++ 5.6.4 |
|---|
| 83 | struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation |
|---|
| 84 | { |
|---|
| 85 | typedef SymmetricCipherFinal<ConcretePolicyHolder<ChaCha_Policy<20>, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption; |
|---|
| 86 | typedef Encryption Decryption; |
|---|
| 87 | }; |
|---|
| 88 | |
|---|
| 89 | NAMESPACE_END |
|---|
| 90 | |
|---|
| 91 | #endif // CRYPTOPP_CHACHA_H |
|---|
