core/lib/libtomcrypt/src/encauth/chachapoly/chacha20poly1305_memory.c - optee-os-mtk - Git at Google

 // SPDX-License-Identifier: BSD-2-Clause
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
  *
  * LibTomCrypt is a library that provides various cryptographic
  * algorithms in a highly modular and flexible manner.
  *
  * The library is free for all purposes without any express
  * guarantee it works.
  */

 #include "tomcrypt_private.h"

 #ifdef LTC_CHACHA20POLY1305_MODE

 /**
   Process an entire GCM packet in one call.
   @param key               The secret key
   @param keylen            The length of the secret key
   @param iv                The initialization vector
   @param ivlen             The length of the initialization vector
   @param aad               The additional authentication data (header)
   @param aadlen            The length of the aad
   @param in                The plaintext
   @param inlen             The length of the plaintext (ciphertext length is the same)
   @param out               The ciphertext
   @param tag               [out] The MAC tag
   @param taglen            [in/out] The MAC tag length
   @param direction         Encrypt or Decrypt mode (CHACHA20POLY1305_ENCRYPT or CHACHA20POLY1305_DECRYPT)
   @return CRYPT_OK on success
  */
 int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
                             const unsigned char *iv,  unsigned long ivlen,
                             const unsigned char *aad, unsigned long aadlen,
                             const unsigned char *in,  unsigned long inlen,
                                   unsigned char *out,
                                   unsigned char *tag, unsigned long *taglen,
                             int direction)
 {
    chacha20poly1305_state st;
    int err;

    LTC_ARGCHK(key != NULL);
    LTC_ARGCHK(iv  != NULL);
    LTC_ARGCHK(in  != NULL);
    LTC_ARGCHK(out != NULL);
    LTC_ARGCHK(tag != NULL);
    LTC_ARGCHK(taglen != NULL);

    if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK)          { goto LBL_ERR; }
    if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK)           { goto LBL_ERR; }
    if (aad && aadlen > 0) {
       if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK)    { goto LBL_ERR; }
    }
    if (direction == CHACHA20POLY1305_ENCRYPT) {
       if ((err = chacha20poly1305_encrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
       if ((err = chacha20poly1305_done(&st, tag, taglen)) != CRYPT_OK)       { goto LBL_ERR; }
    }
    else if (direction == CHACHA20POLY1305_DECRYPT) {
       unsigned char buf[MAXBLOCKSIZE];
       unsigned long buflen = sizeof(buf);
       if ((err = chacha20poly1305_decrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
       if ((err = chacha20poly1305_done(&st, buf, &buflen)) != CRYPT_OK)      { goto LBL_ERR; }
       if (buflen != *taglen || XMEM_NEQ(buf, tag, buflen) != 0) {
          err = CRYPT_ERROR;
          goto LBL_ERR;
       }
    }
    else {
       err = CRYPT_INVALID_ARG;
       goto LBL_ERR;
    }
 LBL_ERR:
 #ifdef LTC_CLEAN_STACK
    zeromem(&st, sizeof(chacha20poly1305_state));
 #endif
    return err;
 }

 #endif

 /* ref:         $Format:%D$ */
 /* git commit:  $Format:%H$ */
 /* commit time: $Format:%ai$ */
	// SPDX-License-Identifier: BSD-2-Clause
	/* LibTomCrypt, modular cryptographic library -- Tom St Denis
	*
	* LibTomCrypt is a library that provides various cryptographic
	* algorithms in a highly modular and flexible manner.
	*
	* The library is free for all purposes without any express
	* guarantee it works.
	*/

	#include "tomcrypt_private.h"

	#ifdef LTC_CHACHA20POLY1305_MODE

	/**
	Process an entire GCM packet in one call.
	@param key The secret key
	@param keylen The length of the secret key
	@param iv The initialization vector
	@param ivlen The length of the initialization vector
	@param aad The additional authentication data (header)
	@param aadlen The length of the aad
	@param in The plaintext
	@param inlen The length of the plaintext (ciphertext length is the same)
	@param out The ciphertext
	@param tag [out] The MAC tag
	@param taglen [in/out] The MAC tag length
	@param direction Encrypt or Decrypt mode (CHACHA20POLY1305_ENCRYPT or CHACHA20POLY1305_DECRYPT)
	@return CRYPT_OK on success
	*/
	int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
	const unsigned char *iv, unsigned long ivlen,
	const unsigned char *aad, unsigned long aadlen,
	const unsigned char *in, unsigned long inlen,
	unsigned char *out,
	unsigned char tag, unsigned long taglen,
	int direction)
	{
	chacha20poly1305_state st;
	int err;

	LTC_ARGCHK(key != NULL);
	LTC_ARGCHK(iv != NULL);
	LTC_ARGCHK(in != NULL);
	LTC_ARGCHK(out != NULL);
	LTC_ARGCHK(tag != NULL);
	LTC_ARGCHK(taglen != NULL);

	if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
	if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK) { goto LBL_ERR; }
	if (aad && aadlen > 0) {
	if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK) { goto LBL_ERR; }
	}
	if (direction == CHACHA20POLY1305_ENCRYPT) {
	if ((err = chacha20poly1305_encrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
	if ((err = chacha20poly1305_done(&st, tag, taglen)) != CRYPT_OK) { goto LBL_ERR; }
	}
	else if (direction == CHACHA20POLY1305_DECRYPT) {
	unsigned char buf[MAXBLOCKSIZE];
	unsigned long buflen = sizeof(buf);
	if ((err = chacha20poly1305_decrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
	if ((err = chacha20poly1305_done(&st, buf, &buflen)) != CRYPT_OK) { goto LBL_ERR; }
	if (buflen != *taglen \|\| XMEM_NEQ(buf, tag, buflen) != 0) {
	err = CRYPT_ERROR;
	goto LBL_ERR;
	}
	}
	else {
	err = CRYPT_INVALID_ARG;
	goto LBL_ERR;
	}
	LBL_ERR:
	#ifdef LTC_CLEAN_STACK
	zeromem(&st, sizeof(chacha20poly1305_state));
	#endif
	return err;
	}

	#endif

	/* ref: $Format:%D$ */
	/* git commit: $Format:%H$ */
	/* commit time: $Format:%ai$ */