From 2e59f9740a29439df7c7a56cf0ae83dec3081d31 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Mon, 11 Aug 2014 13:49:21 -0400
Subject: initial import of debian version from mentors

---
 .../sodium/aead_chacha20poly1305.c                 | 146 +++++++++++++++++++++
 1 file changed, 146 insertions(+)
 create mode 100644 src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c

(limited to 'src/libsodium/crypto_aead/chacha20poly1305')

diff --git a/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
new file mode 100644
index 0000000..3439cb3
--- /dev/null
+++ b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
@@ -0,0 +1,146 @@
+
+#include <limits.h>
+#include <string.h>
+
+#include "crypto_aead_chacha20poly1305.h"
+#include "crypto_onetimeauth_poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "crypto_verify_16.h"
+#include "utils.h"
+
+static inline void
+_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
+{
+    out[0] = (unsigned char) (x & 0xff); x >>= 8;
+    out[1] = (unsigned char) (x & 0xff); x >>= 8;
+    out[2] = (unsigned char) (x & 0xff); x >>= 8;
+    out[3] = (unsigned char) (x & 0xff); x >>= 8;
+    out[4] = (unsigned char) (x & 0xff); x >>= 8;
+    out[5] = (unsigned char) (x & 0xff); x >>= 8;
+    out[6] = (unsigned char) (x & 0xff); x >>= 8;
+    out[7] = (unsigned char) (x & 0xff);
+}
+
+int
+crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                     unsigned long long *clen,
+                                     const unsigned char *m,
+                                     unsigned long long mlen,
+                                     const unsigned char *ad,
+                                     unsigned long long adlen,
+                                     const unsigned char *nsec,
+                                     const unsigned char *npub,
+                                     const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+
+    (void) nsec;
+#ifdef ULONG_LONG_MAX
+    if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ABYTES) {
+        if (clen != NULL) {
+            *clen = 0ULL;
+        }
+        return -1;
+    }
+#endif
+
+    crypto_stream_chacha20(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+
+    crypto_stream_chacha20_xor_ic(c, m, mlen, npub, 1U, k);
+
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    _u64_le_from_ull(slen, mlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+
+    crypto_onetimeauth_poly1305_final(&state, c + mlen);
+    sodium_memzero(&state, sizeof state);
+
+    if (clen != NULL) {
+        *clen = mlen + crypto_aead_chacha20poly1305_ABYTES;
+    }
+    return 0;
+}
+
+int
+crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                     unsigned long long *mlen,
+                                     unsigned char *nsec,
+                                     const unsigned char *c,
+                                     unsigned long long clen,
+                                     const unsigned char *ad,
+                                     unsigned long long adlen,
+                                     const unsigned char *npub,
+                                     const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+    unsigned char                     mac[crypto_aead_chacha20poly1305_ABYTES];
+    int                               ret;
+
+    (void) nsec;
+    if (mlen != NULL) {
+        *mlen = 0ULL;
+    }
+    if (clen < crypto_aead_chacha20poly1305_ABYTES) {
+        return -1;
+    }
+    crypto_stream_chacha20(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+
+    crypto_onetimeauth_poly1305_update
+        (&state, c, clen - crypto_aead_chacha20poly1305_ABYTES);
+    _u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ABYTES);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+
+    crypto_onetimeauth_poly1305_final(&state, mac);
+    sodium_memzero(&state, sizeof state);
+
+    (void) sizeof(int[sizeof mac == 16U ? 1 : -1]);
+    ret = crypto_verify_16(mac,
+                           c + clen - crypto_aead_chacha20poly1305_ABYTES);
+    sodium_memzero(mac, sizeof mac);
+    if (ret != 0) {
+        memset(m, 0, clen - crypto_aead_chacha20poly1305_ABYTES);
+        return -1;
+    }
+    crypto_stream_chacha20_xor_ic
+        (m, c,  clen - crypto_aead_chacha20poly1305_ABYTES, npub, 1U, k);
+    if (mlen != NULL) {
+        *mlen = clen - crypto_aead_chacha20poly1305_ABYTES;
+    }
+    return 0;
+}
+
+size_t
+crypto_aead_chacha20poly1305_keybytes(void) {
+    return crypto_aead_chacha20poly1305_KEYBYTES;
+}
+
+size_t
+crypto_aead_chacha20poly1305_npubbytes(void) {
+    return crypto_aead_chacha20poly1305_NPUBBYTES;
+}
+
+size_t
+crypto_aead_chacha20poly1305_nsecbytes(void) {
+    return crypto_aead_chacha20poly1305_NSECBYTES;
+}
+
+size_t
+crypto_aead_chacha20poly1305_abytes(void) {
+    return crypto_aead_chacha20poly1305_ABYTES;
+}
-- 
cgit v1.2.3