monocypher.h (6560B)
1 #ifndef MONOCYPHER_H 2 #define MONOCYPHER_H 3 4 #include <inttypes.h> 5 #include <stddef.h> 6 7 // Constant time equality verification 8 // returns 0 if it matches, -1 otherwise. 9 int crypto_memcmp(const uint8_t *p1, const uint8_t *p2, size_t n); 10 11 // constant time zero comparison. 12 // returns 0 if the input is all zero, -1 otherwise. 13 int crypto_zerocmp(const uint8_t *p, size_t n); 14 15 //////////////// 16 /// Chacha20 /// 17 //////////////// 18 19 // Chacha context. Do not rely on its contents or its size, 20 // they may change without notice. 21 typedef struct { 22 uint32_t input[16]; // current input, unencrypted 23 uint32_t pool [16]; // last input, encrypted 24 size_t pool_idx; // pointer to random_pool 25 } crypto_chacha_ctx; 26 27 void crypto_chacha20_H(uint8_t out[32], 28 const uint8_t key[32], 29 const uint8_t in [16]); 30 31 void crypto_chacha20_init(crypto_chacha_ctx *ctx, 32 const uint8_t key[32], 33 const uint8_t nonce[8]); 34 35 void crypto_chacha20_x_init(crypto_chacha_ctx *ctx, 36 const uint8_t key[32], 37 const uint8_t nonce[24]); 38 39 void crypto_chacha20_set_ctr(crypto_chacha_ctx *ctx, uint64_t ctr); 40 41 void crypto_chacha20_encrypt(crypto_chacha_ctx *ctx, 42 uint8_t *cipher_text, 43 const uint8_t *plain_text, 44 size_t text_size); 45 46 void crypto_chacha20_stream(crypto_chacha_ctx *ctx, 47 uint8_t *stream, size_t size); 48 49 ///////////////// 50 /// Poly 1305 /// 51 ///////////////// 52 53 // Poly 1305 context. Do not rely on its contents or its size, they 54 // may change without notice. 55 typedef struct { 56 uint32_t r[4]; // constant multiplier (from the secret key) 57 uint32_t h[5]; // accumulated hash 58 uint32_t c[5]; // chunk of the message 59 uint32_t pad[4]; // random number added at the end (from the secret key) 60 size_t c_idx; // How many bytes are there in the chunk. 61 } crypto_poly1305_ctx; 62 63 void crypto_poly1305_init(crypto_poly1305_ctx *ctx, const uint8_t key[32]); 64 65 void crypto_poly1305_update(crypto_poly1305_ctx *ctx, 66 const uint8_t *message, size_t message_size); 67 68 void crypto_poly1305_final(crypto_poly1305_ctx *ctx, uint8_t mac[16]); 69 70 void crypto_poly1305_auth(uint8_t mac[16], 71 const uint8_t *message, size_t message_size, 72 const uint8_t key[32]); 73 74 //////////////// 75 /// Blake2 b /// 76 //////////////// 77 78 // Blake2b context. Do not rely on its contents or its size, they 79 // may change without notice. 80 typedef struct { 81 uint64_t hash[8]; 82 uint64_t input_offset[2]; 83 uint64_t input[16]; 84 size_t input_idx; 85 size_t hash_size; 86 } crypto_blake2b_ctx; 87 88 void crypto_blake2b_general_init(crypto_blake2b_ctx *ctx, size_t hash_size, 89 const uint8_t *key, size_t key_size); 90 91 void crypto_blake2b_init(crypto_blake2b_ctx *ctx); 92 93 void crypto_blake2b_update(crypto_blake2b_ctx *ctx, 94 const uint8_t *message, size_t message_size); 95 96 void crypto_blake2b_final(crypto_blake2b_ctx *ctx, uint8_t *hash); 97 98 void crypto_blake2b_general(uint8_t *hash , size_t hash_size, 99 const uint8_t *key , size_t key_size, // optional 100 const uint8_t *message , size_t message_size); 101 102 void crypto_blake2b(uint8_t hash[64], 103 const uint8_t *message, size_t message_size); 104 105 //////////////// 106 /// Argon2 i /// 107 //////////////// 108 void crypto_argon2i(uint8_t *hash, uint32_t hash_size, // >= 4 109 void *work_area, uint32_t nb_blocks, // >= 8 110 uint32_t nb_iterations, // >= 1 111 const uint8_t *password, uint32_t password_size, 112 const uint8_t *salt, uint32_t salt_size, // >= 8 113 const uint8_t *key, uint32_t key_size, // optional 114 const uint8_t *ad, uint32_t ad_size); // optional 115 116 /////////////// 117 /// X-25519 /// 118 /////////////// 119 int crypto_x25519(uint8_t shared_secret [32], 120 const uint8_t your_secret_key [32], 121 const uint8_t their_public_key[32]); 122 123 void crypto_x25519_public_key(uint8_t public_key[32], 124 const uint8_t secret_key[32]); 125 126 127 ///////////// 128 /// EdDSA /// 129 ///////////// 130 void crypto_sign_public_key(uint8_t public_key[32], 131 const uint8_t secret_key[32]); 132 133 void crypto_sign(uint8_t signature [64], 134 const uint8_t secret_key[32], 135 const uint8_t public_key[32], // optional, may be 0 136 const uint8_t *message, size_t message_size); 137 138 int crypto_check(const uint8_t signature [64], 139 const uint8_t public_key[32], 140 const uint8_t *message, size_t message_size); 141 142 //////////////////// 143 /// Key exchange /// 144 //////////////////// 145 int crypto_key_exchange(uint8_t shared_key [32], 146 const uint8_t your_secret_key [32], 147 const uint8_t their_public_key[32]); 148 149 //////////////////////////////// 150 /// Authenticated encryption /// 151 //////////////////////////////// 152 void crypto_aead_lock(uint8_t mac[16], 153 uint8_t *cipher_text, 154 const uint8_t key[32], 155 const uint8_t nonce[24], 156 const uint8_t *ad , size_t ad_size, 157 const uint8_t *plain_text, size_t text_size); 158 159 int crypto_aead_unlock(uint8_t *plain_text, 160 const uint8_t key[32], 161 const uint8_t nonce[24], 162 const uint8_t mac[16], 163 const uint8_t *ad , size_t ad_size, 164 const uint8_t *cipher_text, size_t text_size); 165 166 void crypto_lock(uint8_t mac[16], 167 uint8_t *cipher_text, 168 const uint8_t key[32], 169 const uint8_t nonce[24], 170 const uint8_t *plain_text, size_t text_size); 171 172 int crypto_unlock(uint8_t *plain_text, 173 const uint8_t key[32], 174 const uint8_t nonce[24], 175 const uint8_t mac[16], 176 const uint8_t *cipher_text, size_t text_size); 177 178 #endif // MONOCYPHER_H