Lines Matching refs:ctx
32 * \param ctx The ChaCha20-Poly1305 context.
34 static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx)
36 uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
45 return mbedtls_poly1305_update(&ctx->poly1305_ctx,
53 * \param ctx The ChaCha20-Poly1305 context.
55 static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx)
57 uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
65 return mbedtls_poly1305_update(&ctx->poly1305_ctx,
70 void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
72 mbedtls_chacha20_init(&ctx->chacha20_ctx);
73 mbedtls_poly1305_init(&ctx->poly1305_ctx);
74 ctx->aad_len = 0U;
75 ctx->ciphertext_len = 0U;
76 ctx->state = CHACHAPOLY_STATE_INIT;
77 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
80 void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
82 if (ctx == NULL) {
86 mbedtls_chacha20_free(&ctx->chacha20_ctx);
87 mbedtls_poly1305_free(&ctx->poly1305_ctx);
88 ctx->aad_len = 0U;
89 ctx->ciphertext_len = 0U;
90 ctx->state = CHACHAPOLY_STATE_INIT;
91 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
94 int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
99 ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
104 int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
112 ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
123 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
129 ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
132 ctx->aad_len = 0U;
133 ctx->ciphertext_len = 0U;
134 ctx->state = CHACHAPOLY_STATE_AAD;
135 ctx->mode = mode;
143 int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
147 if (ctx->state != CHACHAPOLY_STATE_AAD) {
151 ctx->aad_len += aad_len;
153 return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
156 int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
163 if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
164 (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
168 if (ctx->state == CHACHAPOLY_STATE_AAD) {
169 ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
171 ret = chachapoly_pad_aad(ctx);
177 ctx->ciphertext_len += len;
179 if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
180 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
185 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
190 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
195 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
204 int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
210 if (ctx->state == CHACHAPOLY_STATE_INIT) {
214 if (ctx->state == CHACHAPOLY_STATE_AAD) {
215 ret = chachapoly_pad_aad(ctx);
219 } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
220 ret = chachapoly_pad_ciphertext(ctx);
226 ctx->state = CHACHAPOLY_STATE_FINISHED;
231 MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
232 MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
234 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
239 ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
244 static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
256 ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
261 ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
266 ret = mbedtls_chachapoly_update(ctx, length, input, output);
271 ret = mbedtls_chachapoly_finish(ctx, tag);
277 int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
286 return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
291 int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
304 if ((ret = chachapoly_crypt_and_tag(ctx,
429 mbedtls_chachapoly_context ctx;
440 mbedtls_chachapoly_init(&ctx);
442 ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]);
445 ret = mbedtls_chachapoly_encrypt_and_tag(&ctx,
462 mbedtls_chachapoly_free(&ctx);