Chacha20-Poly1305#
HACL implements the Chacha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction specified in RFC 8439. The library includes three implementations of this construction, all with the same API, for different platforms. All memory for the output variables have to be allocated by the caller.
Available Implementations#
#include "Hacl_AEAD_Chacha20Poly1305.h"
A portable C implementation that can be compiled and run on any platform that is 32-bit or higher.
This implementation works on all CPUs.
#include "Hacl_AEAD_Chacha20Poly1305_Simd128.h"
A 128-bit vectorized C implementation that can be compiled and run on any platform that supports 128-bit SIMD instructions.
Support for VEC128 is needed. Please see the HACL Packages book.
#include "Hacl_AEAD_Chacha20Poly1305_Simd256.h"
A 256-bit vectorized C implementation that can be compiled and run on any platform that supports 256-bit SIMD instructions.
Support for VEC256 is needed. Please see the HACL Packages book.
API Reference#
Example (32)
// HACL* will define these (or something similar) in a future version.
#define HACL_AEAD_CHACHA20_POLY1305_KEY_LEN 32
#define HACL_AEAD_CHACHA20_POLY1305_NONCE_LEN 12
#define HACL_AEAD_CHACHA20_POLY1305_MAC_LEN 16
// Note: This is only an example, and you must bring your own random.
// Create a key ...
uint8_t key[HACL_AEAD_CHACHA20_POLY1305_KEY_LEN];
generate_random(key, HACL_AEAD_CHACHA20_POLY1305_KEY_LEN);
// ... and a nonce.
uint8_t nonce[HACL_AEAD_CHACHA20_POLY1305_NONCE_LEN];
generate_random(nonce, HACL_AEAD_CHACHA20_POLY1305_NONCE_LEN);
// We don't authenticate additional data in this example.
const char* aad = "";
const uint32_t aad_len = strlen(aad);
// This is our message.
const char* msg = "Hello, World!";
const uint32_t msg_len = strlen(msg);
// We need to allocate the same amount of memory for the ciphertext as for
// the plaintext ...
uint8_t* cipher = (uint8_t*)malloc(msg_len);
// ... and also need to provide additional memory for the mac.
// Note that encyption and decryption can also be done in-place, i.e.,
// cipher and plaintext can point to the same memory.
uint8_t mac[HACL_AEAD_CHACHA20_POLY1305_MAC_LEN];
// Encryption.
Hacl_AEAD_Chacha20Poly1305_encrypt(
cipher, mac, (uint8_t*)msg, msg_len, (uint8_t*)aad, aad_len, key, nonce);
// Decryption.
// Allocate the same amount of memory for the recovered message as for the
// ciphertext.
uint8_t* recovered = (uint8_t*)malloc(msg_len);
uint32_t res = Hacl_AEAD_Chacha20Poly1305_decrypt(
(uint8_t*)recovered, cipher, msg_len, (uint8_t*)aad, aad_len, key, nonce, mac);
if (res == 0) {
printf("Decryption successful.");
}
free(recovered);
free(cipher);
-
void Hacl_AEAD_Chacha20Poly1305_encrypt(uint8_t *output, uint8_t *tag, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce)#
Encrypt a message
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,inputandoutputcan point to the same memory.- Parameters
output – Pointer to
input_lenbytes of memory where the ciphertext is written to.tag – Pointer to 16 bytes of memory where the mac is written to.
input – Pointer to
input_lenbytes of memory where the message is read from.input_len – Length of the message.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
-
uint32_t Hacl_AEAD_Chacha20Poly1305_decrypt(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce, uint8_t *tag)#
Decrypt a ciphertext
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,outputandinputcan point to the same memory.If decryption succeeds, the resulting plaintext is stored in
outputand the function returns the success code 0. If decryption fails, the arrayoutputremains unchanged and the function returns the error code 1.- Parameters
output – Pointer to
input_lenbytes of memory where the message is written to.input – Pointer to
input_lenbytes of memory where the ciphertext is read from.input_len – Length of the ciphertext.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
tag – Pointer to 16 bytes of memory where the mac is read from.
- Returns
0 on succeess; 1 on failure.
-
void Hacl_AEAD_Chacha20Poly1305_Simd128_encrypt(uint8_t *output, uint8_t *tag, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce)#
Encrypt a message
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,inputandoutputcan point to the same memory.- Parameters
output – Pointer to
input_lenbytes of memory where the ciphertext is written to.tag – Pointer to 16 bytes of memory where the mac is written to.
input – Pointer to
input_lenbytes of memory where the message is read from.input_len – Length of the message.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
-
uint32_t Hacl_AEAD_Chacha20Poly1305_Simd128_decrypt(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce, uint8_t *tag)#
Decrypt a ciphertext
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,inputandoutputcan point to the same memory.If decryption succeeds, the resulting plaintext is stored in
outputand the function returns the success code 0. If decryption fails, the arrayoutputremains unchanged and the function returns the error code 1.- Parameters
output – Pointer to
input_lenbytes of memory where the message is written to.input – Pointer to
input_lenbytes of memory where the ciphertext is read from.input_len – Length of the ciphertext.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
tag – Pointer to 16 bytes of memory where the mac is read from.
- Returns
0 on succeess; 1 on failure.
-
void Hacl_AEAD_Chacha20Poly1305_Simd256_encrypt(uint8_t *output, uint8_t *tag, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce)#
Encrypt a message
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,inputandoutputcan point to the same memory.- Parameters
output – Pointer to
input_lenbytes of memory where the ciphertext is written to.tag – Pointer to 16 bytes of memory where the mac is written to.
input – Pointer to
input_lenbytes of memory where the message is read from.input_len – Length of the message.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
-
uint32_t Hacl_AEAD_Chacha20Poly1305_Simd256_decrypt(uint8_t *output, uint8_t *input, uint32_t input_len, uint8_t *data, uint32_t data_len, uint8_t *key, uint8_t *nonce, uint8_t *tag)#
Decrypt a ciphertext
inputwith keykey.The arguments
key,nonce,data, anddata_lenare same in encryption/decryption. Note: Encryption and decryption can be executed in-place, i.e.,inputandoutputcan point to the same memory.If decryption succeeds, the resulting plaintext is stored in
outputand the function returns the success code 0. If decryption fails, the arrayoutputremains unchanged and the function returns the error code 1.- Parameters
output – Pointer to
input_lenbytes of memory where the message is written to.input – Pointer to
input_lenbytes of memory where the ciphertext is read from.input_len – Length of the ciphertext.
data – Pointer to
data_lenbytes of memory where the associated data is read from.data_len – Length of the associated data.
key – Pointer to 32 bytes of memory where the AEAD key is read from.
nonce – Pointer to 12 bytes of memory where the AEAD nonce is read from.
tag – Pointer to 16 bytes of memory where the mac is read from.
- Returns
0 on succeess; 1 on failure.