chacha.h File Reference

ChaCha stream cipher. More...

Detailed Description

ChaCha stream cipher.

Author
René Kijewski rene..nosp@m.kije.nosp@m.wski@.nosp@m.fu-b.nosp@m.erlin.nosp@m..de

Definition in file chacha.h.

#include <stdint.h>
#include <stddef.h>
+ Include dependency graph for chacha.h:

Go to the source code of this file.

Data Structures

struct  chacha_ctx
 A ChaCha cipher stream context. More...
 
int chacha_init (chacha_ctx *ctx, unsigned rounds, const uint8_t *key, uint32_t keylen, const uint8_t nonce[8])
 Initialize a ChaCha context. More...
 
void chacha_keystream_bytes (chacha_ctx *ctx, void *x)
 Generate next block in the keystream. More...
 
void chacha_encrypt_bytes (chacha_ctx *ctx, const uint8_t *m, uint8_t *c)
 Encode or decode a block of data. More...
 
static void chacha_decrypt_bytes (chacha_ctx *ctx, const uint8_t *m, uint8_t *c)
 Encode or decode a block of data. More...
 
void chacha_prng_seed (const void *data, size_t bytes)
 Seed the pseudo-random number generator. More...
 
uint32_t chacha_prng_next (void)
 Extract a number from the pseudo-random number generator. More...
 

Function Documentation

◆ chacha_decrypt_bytes()

static void chacha_decrypt_bytes ( chacha_ctx ctx,
const uint8_t *  m,
uint8_t *  c 
)
inlinestatic

Encode or decode a block of data.

m is always the input regardless if it is the plaintext or ciphertext, and c vice verse.

Warning
You need to re-initialize the context with a new nonce after 2^64 encrypted blocks, or the keystream will repeat!
Parameters
[in,out]ctxThe ChaCha context.
[in]mThe input.
[out]cThe output.

Definition at line 102 of file chacha.h.

◆ chacha_encrypt_bytes()

void chacha_encrypt_bytes ( chacha_ctx ctx,
const uint8_t *  m,
uint8_t *  c 
)

Encode or decode a block of data.

m is always the input regardless if it is the plaintext or ciphertext, and c vice verse.

Warning
You need to re-initialize the context with a new nonce after 2^64 encrypted blocks, or the keystream will repeat!
Parameters
[in,out]ctxThe ChaCha context.
[in]mThe input.
[out]cThe output.

◆ chacha_init()

int chacha_init ( chacha_ctx ctx,
unsigned  rounds,
const uint8_t *  key,
uint32_t  keylen,
const uint8_t  nonce[8] 
)

Initialize a ChaCha context.

Parameters
[out]ctxThe context to initialize
[in]roundsNumber of rounds. Recommended: 20. Also in use: 8 and 12.
[in]keyThe key to use.
[in]keylenLength (in bytes) of key. Must be 16 or 32.
[in]nonceIV / nonce to use.
Returns
== 0 on success.
< 0 if an illegal value for rounds or keylen was supplied.

◆ chacha_keystream_bytes()

void chacha_keystream_bytes ( chacha_ctx ctx,
void *  x 
)

Generate next block in the keystream.

If you want to seek inside the cipher steam, then you have to update the clock in ctx->state[13]:ctx->state[12] manually.

Warning
You need to re-initialize the context with a new nonce after 2^64 encrypted blocks, or the keystream will repeat!
Parameters
[in,out]ctxThe ChaCha context
[out]xThe block of the keystream (sizeof(x) == 64).

◆ chacha_prng_next()

uint32_t chacha_prng_next ( void  )

Extract a number from the pseudo-random number generator.

Warning
After you have read 2^68 numbers you have to re-seed the PRNG. Otherwise the sequence will repeat.
Returns
The random value

◆ chacha_prng_seed()

void chacha_prng_seed ( const void *  data,
size_t  bytes 
)

Seed the pseudo-random number generator.

You can seed the random number generator with up to 64 bytes of data. If you feed less than 64 bytes of data, then the privous state gets only partially overwritten.

If you want to supply multiple information, then you have to concatenate them manually before invoking the function.

The PRNG gets a random seed in the build process. You can set a deterministic value by supplying a comma separated argument to make like RIOT_CHACHA_PRNG_DEFAULT="0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15".

Parameters
[in]dataSome random data.
[in]bytesLength of data in bytes where 0 < bytes <= 64.