xref: /freebsd/sys/dev/wg/crypto.h (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /* SPDX-License-Identifier: MIT
2  *
3  * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4  * Copyright (c) 2022 The FreeBSD Foundation
5  */
6 
7 #ifndef _WG_CRYPTO
8 #define _WG_CRYPTO
9 
10 #include <sys/param.h>
11 #include <sys/endian.h>
12 #include <crypto/chacha20_poly1305.h>
13 #include <crypto/curve25519.h>
14 
15 struct mbuf;
16 
17 int crypto_init(void);
18 void crypto_deinit(void);
19 
20 enum chacha20poly1305_lengths {
21 	XCHACHA20POLY1305_NONCE_SIZE = 24,
22 	CHACHA20POLY1305_KEY_SIZE = 32,
23 	CHACHA20POLY1305_AUTHTAG_SIZE = 16
24 };
25 
26 static inline void
27 chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
28 			 const uint8_t *ad, const size_t ad_len,
29 			 const uint64_t nonce,
30 			 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
31 {
32 	uint8_t nonce_bytes[8];
33 
34 	le64enc(nonce_bytes, nonce);
35 	chacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len,
36 				  nonce_bytes, sizeof(nonce_bytes), key);
37 }
38 
39 static inline bool
40 chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
41 			 const uint8_t *ad, const size_t ad_len,
42 			 const uint64_t nonce,
43 			 const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
44 {
45 	uint8_t nonce_bytes[8];
46 
47 	le64enc(nonce_bytes, nonce);
48 	return (chacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len,
49 					  nonce_bytes, sizeof(nonce_bytes), key));
50 }
51 
52 static inline void
53 xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src,
54 			  const size_t src_len, const uint8_t *ad,
55 			  const size_t ad_len,
56 			  const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
57 			  const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
58 {
59 	xchacha20_poly1305_encrypt(dst, src, src_len, ad, ad_len, nonce, key);
60 }
61 
62 static inline bool
63 xchacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src,
64 			  const size_t src_len,  const uint8_t *ad,
65 			  const size_t ad_len,
66 			  const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
67 			  const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
68 {
69 	return (xchacha20_poly1305_decrypt(dst, src, src_len, ad, ad_len, nonce, key));
70 }
71 
72 int
73 chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce,
74 			      const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
75 
76 int
77 chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce,
78 			      const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
79 
80 
81 enum blake2s_lengths {
82 	BLAKE2S_BLOCK_SIZE = 64,
83 	BLAKE2S_HASH_SIZE = 32,
84 	BLAKE2S_KEY_SIZE = 32
85 };
86 
87 #ifdef COMPAT_NEED_BLAKE2S
88 struct blake2s_state {
89 	uint32_t h[8];
90 	uint32_t t[2];
91 	uint32_t f[2];
92 	uint8_t buf[BLAKE2S_BLOCK_SIZE];
93 	unsigned int buflen;
94 	unsigned int outlen;
95 };
96 
97 void blake2s_init(struct blake2s_state *state, const size_t outlen);
98 
99 void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
100 		      const uint8_t *key, const size_t keylen);
101 
102 void blake2s_update(struct blake2s_state *state, const uint8_t *in, size_t inlen);
103 
104 void blake2s_final(struct blake2s_state *state, uint8_t *out);
105 
106 static inline void blake2s(uint8_t *out, const uint8_t *in, const uint8_t *key,
107 			   const size_t outlen, const size_t inlen, const size_t keylen)
108 {
109 	struct blake2s_state state;
110 
111 	if (keylen)
112 		blake2s_init_key(&state, outlen, key, keylen);
113 	else
114 		blake2s_init(&state, outlen);
115 
116 	blake2s_update(&state, in, inlen);
117 	blake2s_final(&state, out);
118 }
119 #endif
120 
121 #endif
122