Lines Matching refs:ctx
34 static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx) in chachapoly_pad_aad() argument
36 uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U); in chachapoly_pad_aad()
45 return mbedtls_poly1305_update(&ctx->poly1305_ctx, in chachapoly_pad_aad()
55 static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx) in chachapoly_pad_ciphertext() argument
57 uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U); in chachapoly_pad_ciphertext()
65 return mbedtls_poly1305_update(&ctx->poly1305_ctx, in chachapoly_pad_ciphertext()
70 void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx) in mbedtls_chachapoly_init() argument
72 mbedtls_chacha20_init(&ctx->chacha20_ctx); in mbedtls_chachapoly_init()
73 mbedtls_poly1305_init(&ctx->poly1305_ctx); in mbedtls_chachapoly_init()
74 ctx->aad_len = 0U; in mbedtls_chachapoly_init()
75 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_init()
76 ctx->state = CHACHAPOLY_STATE_INIT; in mbedtls_chachapoly_init()
77 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; in mbedtls_chachapoly_init()
80 void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx) in mbedtls_chachapoly_free() argument
82 if (ctx == NULL) { in mbedtls_chachapoly_free()
86 mbedtls_chacha20_free(&ctx->chacha20_ctx); in mbedtls_chachapoly_free()
87 mbedtls_poly1305_free(&ctx->poly1305_ctx); in mbedtls_chachapoly_free()
88 ctx->aad_len = 0U; in mbedtls_chachapoly_free()
89 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_free()
90 ctx->state = CHACHAPOLY_STATE_INIT; in mbedtls_chachapoly_free()
91 ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; in mbedtls_chachapoly_free()
94 int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_setkey() argument
99 ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key); in mbedtls_chachapoly_setkey()
104 int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_starts() argument
112 ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U); in mbedtls_chachapoly_starts()
123 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key), in mbedtls_chachapoly_starts()
129 ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key); in mbedtls_chachapoly_starts()
132 ctx->aad_len = 0U; in mbedtls_chachapoly_starts()
133 ctx->ciphertext_len = 0U; in mbedtls_chachapoly_starts()
134 ctx->state = CHACHAPOLY_STATE_AAD; in mbedtls_chachapoly_starts()
135 ctx->mode = mode; in mbedtls_chachapoly_starts()
143 int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_update_aad() argument
147 if (ctx->state != CHACHAPOLY_STATE_AAD) { in mbedtls_chachapoly_update_aad()
151 ctx->aad_len += aad_len; in mbedtls_chachapoly_update_aad()
153 return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len); in mbedtls_chachapoly_update_aad()
156 int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_update() argument
163 if ((ctx->state != CHACHAPOLY_STATE_AAD) && in mbedtls_chachapoly_update()
164 (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) { in mbedtls_chachapoly_update()
168 if (ctx->state == CHACHAPOLY_STATE_AAD) { in mbedtls_chachapoly_update()
169 ctx->state = CHACHAPOLY_STATE_CIPHERTEXT; in mbedtls_chachapoly_update()
171 ret = chachapoly_pad_aad(ctx); in mbedtls_chachapoly_update()
177 ctx->ciphertext_len += len; in mbedtls_chachapoly_update()
179 if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) { in mbedtls_chachapoly_update()
180 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); in mbedtls_chachapoly_update()
185 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len); in mbedtls_chachapoly_update()
190 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len); in mbedtls_chachapoly_update()
195 ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); in mbedtls_chachapoly_update()
204 int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_finish() argument
210 if (ctx->state == CHACHAPOLY_STATE_INIT) { in mbedtls_chachapoly_finish()
214 if (ctx->state == CHACHAPOLY_STATE_AAD) { in mbedtls_chachapoly_finish()
215 ret = chachapoly_pad_aad(ctx); in mbedtls_chachapoly_finish()
219 } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) { in mbedtls_chachapoly_finish()
220 ret = chachapoly_pad_ciphertext(ctx); in mbedtls_chachapoly_finish()
226 ctx->state = CHACHAPOLY_STATE_FINISHED; in mbedtls_chachapoly_finish()
231 MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0); in mbedtls_chachapoly_finish()
232 MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8); in mbedtls_chachapoly_finish()
234 ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U); in mbedtls_chachapoly_finish()
239 ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac); in mbedtls_chachapoly_finish()
244 static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx, in chachapoly_crypt_and_tag() argument
256 ret = mbedtls_chachapoly_starts(ctx, nonce, mode); in chachapoly_crypt_and_tag()
261 ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len); in chachapoly_crypt_and_tag()
266 ret = mbedtls_chachapoly_update(ctx, length, input, output); in chachapoly_crypt_and_tag()
271 ret = mbedtls_chachapoly_finish(ctx, tag); in chachapoly_crypt_and_tag()
277 int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_encrypt_and_tag() argument
286 return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, in mbedtls_chachapoly_encrypt_and_tag()
291 int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, in mbedtls_chachapoly_auth_decrypt() argument
304 if ((ret = chachapoly_crypt_and_tag(ctx, in mbedtls_chachapoly_auth_decrypt()
429 mbedtls_chachapoly_context ctx; in mbedtls_chachapoly_self_test() local
440 mbedtls_chachapoly_init(&ctx); in mbedtls_chachapoly_self_test()
442 ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]); in mbedtls_chachapoly_self_test()
445 ret = mbedtls_chachapoly_encrypt_and_tag(&ctx, in mbedtls_chachapoly_self_test()
462 mbedtls_chachapoly_free(&ctx); in mbedtls_chachapoly_self_test()