1 files changed, 52 insertions, 0 deletions

diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 5e9f25b2ec..5a8836bbf5 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -45,7 +45,13 @@
 #include <nettle/cbc.h>
 #include <nettle/gcm.h>
 #include <nettle/ccm.h>
+#ifdef HAVE_NETTLE_CHACHA_SET_COUNTER
+#include <nettle/chacha.h>
 #include <nettle/chacha-poly1305.h>
+#else
+#include "chacha/chacha.h"
+#include "chacha/chacha-poly1305.h"
+#endif
 #ifdef HAVE_NETTLE_CFB8_ENCRYPT
 #include <nettle/cfb.h>
 #else
@@ -247,6 +253,22 @@ _ccm_decrypt(struct nettle_cipher_ctx *ctx,
 }
 
 static void
+_chacha_set_nonce(struct chacha_ctx *ctx,
+		  size_t length, const uint8_t *nonce)
+{
+	chacha_set_nonce(ctx, nonce + CHACHA_COUNTER_SIZE);
+	chacha_set_counter(ctx, nonce);
+}
+
+static void
+_chacha_set_nonce96(struct chacha_ctx *ctx,
+		    size_t length, const uint8_t *nonce)
+{
+	chacha_set_nonce96(ctx, nonce + CHACHA_COUNTER32_SIZE);
+	chacha_set_counter32(ctx, nonce);
+}
+
+static void
 _chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
 		   size_t length, const uint8_t *nonce)
 {
@@ -607,6 +629,36 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .set_decrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
 	   .max_iv_size = SALSA20_NONCE_SIZE,
 	},
+	{  .algo = GNUTLS_CIPHER_CHACHA20_32,
+	   .block_size = 1,
+	   .key_size = CHACHA_KEY_SIZE,
+	   .encrypt_block = (nettle_cipher_func*)chacha_crypt32,
+	   .decrypt_block = (nettle_cipher_func*)chacha_crypt32,
+
+	   .ctx_size = sizeof(struct chacha_ctx),
+	   .encrypt = _stream_encrypt,
+	   .decrypt = _stream_encrypt,
+	   .set_encrypt_key = (nettle_set_key_func*)chacha_set_key,
+	   .set_decrypt_key = (nettle_set_key_func*)chacha_set_key,
+	   .set_iv = (setiv_func)_chacha_set_nonce96,
+	   /* we allow setting the initial block counter as part of nonce */
+	   .max_iv_size = CHACHA_NONCE96_SIZE + CHACHA_COUNTER32_SIZE,
+	},
+	{  .algo = GNUTLS_CIPHER_CHACHA20_64,
+	   .block_size = 1,
+	   .key_size = CHACHA_KEY_SIZE,
+	   .encrypt_block = (nettle_cipher_func*)chacha_crypt,
+	   .decrypt_block = (nettle_cipher_func*)chacha_crypt,
+
+	   .ctx_size = sizeof(struct chacha_ctx),
+	   .encrypt = _stream_encrypt,
+	   .decrypt = _stream_encrypt,
+	   .set_encrypt_key = (nettle_set_key_func*)chacha_set_key,
+	   .set_decrypt_key = (nettle_set_key_func*)chacha_set_key,
+	   .set_iv = (setiv_func)_chacha_set_nonce,
+	   /* we allow setting the initial block counter as part of nonce */
+	   .max_iv_size = CHACHA_NONCE_SIZE + CHACHA_COUNTER_SIZE,
+	},
 	{  .algo = GNUTLS_CIPHER_CHACHA20_POLY1305,
 	   .block_size = CHACHA_POLY1305_BLOCK_SIZE,
 	   .key_size = CHACHA_POLY1305_KEY_SIZE,