-- |
-- Module      : Crypto.Cipher.ChaCha
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <[email protected]>
-- Stability   : stable
-- Portability : good
{-# LANGUAGE ForeignFunctionInterface #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
module Crypto.Cipher.ChaCha
    ( initialize
    , combine
    , generate
    , State
    -- * Simple interface for DRG purpose
    , initializeSimple
    , generateSimple
    , StateSimple
    ) where

import           Crypto.Internal.ByteArray (ByteArrayAccess, ByteArray, ScrubbedBytes)
import qualified Crypto.Internal.ByteArray as B
import           Crypto.Internal.Compat
import           Crypto.Internal.Imports
import           Foreign.Ptr
import           Foreign.C.Types

-- | ChaCha context
newtype State = State ScrubbedBytes
    deriving (State -> ()
forall a. (a -> ()) -> NFData a
rnf :: State -> ()
$crnf :: State -> ()

-- | ChaCha context for DRG purpose (see Crypto.Random.ChaChaDRG)
newtype StateSimple = StateSimple ScrubbedBytes -- just ChaCha's state
    deriving (StateSimple -> ()
forall a. (a -> ()) -> NFData a
rnf :: StateSimple -> ()
$crnf :: StateSimple -> ()

-- | Initialize a new ChaCha context with the number of rounds,
-- the key and the nonce associated.
initialize :: (ByteArrayAccess key, ByteArrayAccess nonce)
           => Int   -- ^ number of rounds (8,12,20)
           -> key   -- ^ the key (128 or 256 bits)
           -> nonce -- ^ the nonce (64 or 96 bits)
           -> State -- ^ the initial ChaCha state
initialize :: forall key nonce.
(ByteArrayAccess key, ByteArrayAccess nonce) =>
Int -> key -> nonce -> State
initialize Int
nbRounds key
key nonce
    | Int
kLen forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`notElem` [Int
32]          = forall a. HasCallStack => [Char] -> a
error [Char]
"ChaCha: key length should be 128 or 256 bits"
    | Int
nonceLen forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`notElem` [Int
12]       = forall a. HasCallStack => [Char] -> a
error [Char]
"ChaCha: nonce length should be 64 or 96 bits"
    | Int
nbRounds forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`notElem` [Int
20]    = forall a. HasCallStack => [Char] -> a
error [Char]
"ChaCha: rounds should be 8, 12 or 20"
    | Bool
otherwise                       = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ do
stPtr <- forall ba p. ByteArray ba => Int -> (Ptr p -> IO ()) -> IO ba
B.alloc Int
132 forall a b. (a -> b) -> a -> b
$ \Ptr State
stPtr ->
            forall ba p a. ByteArrayAccess ba => ba -> (Ptr p -> IO a) -> IO a
B.withByteArray nonce
nonce forall a b. (a -> b) -> a -> b
$ \Ptr Word8
noncePtr  ->
            forall ba p a. ByteArrayAccess ba => ba -> (Ptr p -> IO a) -> IO a
B.withByteArray key
key   forall a b. (a -> b) -> a -> b
$ \Ptr Word8
keyPtr ->
                Ptr State -> Int -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO ()
ccryptonite_chacha_init Ptr State
stPtr  Int
nbRounds Int
kLen Ptr Word8
keyPtr Int
nonceLen Ptr Word8
        forall (m :: * -> *) a. Monad m => a -> m a
return forall a b. (a -> b) -> a -> b
$ ScrubbedBytes -> State
State ScrubbedBytes
  where kLen :: Int
kLen     = forall ba. ByteArrayAccess ba => ba -> Int
B.length key
        nonceLen :: Int
nonceLen = forall ba. ByteArrayAccess ba => ba -> Int
B.length nonce

-- | Initialize simple ChaCha State
-- The seed need to be at least 40 bytes long
initializeSimple :: ByteArrayAccess seed
                 => seed -- ^ a 40 bytes long seed
                 -> StateSimple
initializeSimple :: forall seed. ByteArrayAccess seed => seed -> StateSimple
initializeSimple seed
    | Int
sLen forall a. Ord a => a -> a -> Bool
< Int
40 = forall a. HasCallStack => [Char] -> a
error [Char]
"ChaCha Random: seed length should be 40 bytes"
    | Bool
otherwise = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ do
stPtr <- forall ba p. ByteArray ba => Int -> (Ptr p -> IO ()) -> IO ba
B.alloc Int
64 forall a b. (a -> b) -> a -> b
$ \Ptr StateSimple
stPtr ->
                    forall ba p a. ByteArrayAccess ba => ba -> (Ptr p -> IO a) -> IO a
B.withByteArray seed
seed forall a b. (a -> b) -> a -> b
$ \Ptr Word8
seedPtr ->
                        Ptr StateSimple -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO ()
ccryptonite_chacha_init_core Ptr StateSimple
stPtr Int
32 Ptr Word8
seedPtr Int
8 (Ptr Word8
seedPtr forall a b. Ptr a -> Int -> Ptr b
`plusPtr` Int
        forall (m :: * -> *) a. Monad m => a -> m a
return forall a b. (a -> b) -> a -> b
$ ScrubbedBytes -> StateSimple
StateSimple ScrubbedBytes
    sLen :: Int
sLen = forall ba. ByteArrayAccess ba => ba -> Int
B.length seed

-- | Combine the chacha output and an arbitrary message with a xor,
-- and return the combined output and the new state.
combine :: ByteArray ba
        => State       -- ^ the current ChaCha state
        -> ba          -- ^ the source to xor with the generator
        -> (ba, State)
combine :: forall ba. ByteArray ba => State -> ba -> (ba, State)
combine prevSt :: State
prevSt@(State ScrubbedBytes
prevStMem) ba
    | forall a. ByteArrayAccess a => a -> Bool
B.null ba
src = (forall a. ByteArray a => a
B.empty, State
    | Bool
otherwise  = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ do
out, ScrubbedBytes
st) <- forall bs1 bs2 p a.
(ByteArrayAccess bs1, ByteArray bs2) =>
bs1 -> (Ptr p -> IO a) -> IO (a, bs2)
B.copyRet ScrubbedBytes
prevStMem forall a b. (a -> b) -> a -> b
$ \Ptr State
ctx ->
            forall ba p. ByteArray ba => Int -> (Ptr p -> IO ()) -> IO ba
B.alloc (forall ba. ByteArrayAccess ba => ba -> Int
B.length ba
src) forall a b. (a -> b) -> a -> b
$ \Ptr Word8
dstPtr ->
            forall ba p a. ByteArrayAccess ba => ba -> (Ptr p -> IO a) -> IO a
B.withByteArray ba
src    forall a b. (a -> b) -> a -> b
$ \Ptr Word8
srcPtr ->
                Ptr Word8 -> Ptr State -> Ptr Word8 -> CUInt -> IO ()
ccryptonite_chacha_combine Ptr Word8
dstPtr Ptr State
ctx Ptr Word8
srcPtr (forall a b. (Integral a, Num b) => a -> b
fromIntegral forall a b. (a -> b) -> a -> b
$ forall ba. ByteArrayAccess ba => ba -> Int
B.length ba
        forall (m :: * -> *) a. Monad m => a -> m a
return (ba
out, ScrubbedBytes -> State
State ScrubbedBytes

-- | Generate a number of bytes from the ChaCha output directly
generate :: ByteArray ba
         => State -- ^ the current ChaCha state
         -> Int   -- ^ the length of data to generate
         -> (ba, State)
generate :: forall ba. ByteArray ba => State -> Int -> (ba, State)
generate prevSt :: State
prevSt@(State ScrubbedBytes
prevStMem) Int
    | Int
len forall a. Ord a => a -> a -> Bool
<= Int
0  = (forall a. ByteArray a => a
B.empty, State
    | Bool
otherwise = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ do
out, ScrubbedBytes
st) <- forall bs1 bs2 p a.
(ByteArrayAccess bs1, ByteArray bs2) =>
bs1 -> (Ptr p -> IO a) -> IO (a, bs2)
B.copyRet ScrubbedBytes
prevStMem forall a b. (a -> b) -> a -> b
$ \Ptr State
ctx ->
            forall ba p. ByteArray ba => Int -> (Ptr p -> IO ()) -> IO ba
B.alloc Int
len forall a b. (a -> b) -> a -> b
$ \Ptr Word8
dstPtr ->
                Ptr Word8 -> Ptr State -> CUInt -> IO ()
ccryptonite_chacha_generate Ptr Word8
dstPtr Ptr State
ctx (forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
        forall (m :: * -> *) a. Monad m => a -> m a
return (ba
out, ScrubbedBytes -> State
State ScrubbedBytes

-- | similar to 'generate' but assume certains values
generateSimple :: ByteArray ba
               => StateSimple
               -> Int
               -> (ba, StateSimple)
generateSimple :: forall ba. ByteArray ba => StateSimple -> Int -> (ba, StateSimple)
generateSimple (StateSimple ScrubbedBytes
prevSt) Int
nbBytes = forall a. IO a -> a
unsafeDoIO forall a b. (a -> b) -> a -> b
$ do
newSt  <- forall bs1 bs2 p.
(ByteArrayAccess bs1, ByteArray bs2) =>
bs1 -> (Ptr p -> IO ()) -> IO bs2
B.copy ScrubbedBytes
prevSt (\Ptr Any
_ -> forall (m :: * -> *) a. Monad m => a -> m a
return ())
output <- forall ba p. ByteArray ba => Int -> (Ptr p -> IO ()) -> IO ba
B.alloc Int
nbBytes forall a b. (a -> b) -> a -> b
$ \Ptr Word8
dstPtr ->
        forall ba p a. ByteArrayAccess ba => ba -> (Ptr p -> IO a) -> IO a
B.withByteArray ScrubbedBytes
newSt forall a b. (a -> b) -> a -> b
$ \Ptr StateSimple
stPtr ->
            Int -> Ptr Word8 -> Ptr StateSimple -> CUInt -> IO ()
ccryptonite_chacha_random Int
8 Ptr Word8
dstPtr Ptr StateSimple
stPtr (forall a b. (Integral a, Num b) => a -> b
fromIntegral Int
    forall (m :: * -> *) a. Monad m => a -> m a
return (ba
output, ScrubbedBytes -> StateSimple
StateSimple ScrubbedBytes

foreign import ccall "cryptonite_chacha_init_core"
    ccryptonite_chacha_init_core :: Ptr StateSimple -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO ()

foreign import ccall "cryptonite_chacha_init"
    ccryptonite_chacha_init :: Ptr State -> Int -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO ()

foreign import ccall "cryptonite_chacha_combine"
    ccryptonite_chacha_combine :: Ptr Word8 -> Ptr State -> Ptr Word8 -> CUInt -> IO ()

foreign import ccall "cryptonite_chacha_generate"
    ccryptonite_chacha_generate :: Ptr Word8 -> Ptr State -> CUInt -> IO ()

foreign import ccall "cryptonite_chacha_random"
    ccryptonite_chacha_random :: Int -> Ptr Word8 -> Ptr StateSimple -> CUInt -> IO ()