9#include <botan/internal/chacha20poly1305.h>
10#include <botan/internal/loadstor.h>
24 return (n == 8 || n == 12 || n == 24);
53 return m_chacha->has_keying_material();
56void ChaCha20Poly1305_Mode::key_schedule(
const uint8_t key[],
size_t length)
63 BOTAN_ARG_CHECK(idx == 0,
"ChaCha20Poly1305: cannot handle non-zero index in set_associated_data_n");
65 throw Invalid_State(
"Cannot set AD for ChaCha20Poly1305 while processing a message");
66 m_ad.assign(ad.begin(), ad.end());
71 uint8_t len8[8] = { 0 };
72 store_le(
static_cast<uint64_t
>(len), len8);
76void ChaCha20Poly1305_Mode::start_msg(
const uint8_t nonce[],
size_t nonce_len)
86 uint8_t first_block[64];
87 m_chacha->write_keystream(first_block,
sizeof(first_block));
99 const uint8_t zeros[16] = { 0 };
109size_t ChaCha20Poly1305_Encryption::process_msg(uint8_t buf[],
size_t sz)
117void ChaCha20Poly1305_Encryption::finish_msg(secure_vector<uint8_t>& buffer,
size_t offset)
124 const uint8_t zeros[16] = { 0 };
131 buffer.resize(buffer.size() +
tag_size());
137size_t ChaCha20Poly1305_Decryption::process_msg(uint8_t buf[],
size_t sz)
145void ChaCha20Poly1305_Decryption::finish_msg(secure_vector<uint8_t>& buffer,
size_t offset)
148 const size_t sz = buffer.size() - offset;
149 uint8_t* buf = buffer.data() + offset;
153 const size_t remaining = sz -
tag_size();
166 const uint8_t zeros[16] = { 0 };
177 const uint8_t* included_tag = &buf[remaining];
183 throw Invalid_Authentication_Tag(
"ChaCha20Poly1305 tag check failed");
184 buffer.resize(offset + remaining);
#define BOTAN_ARG_CHECK(expr, msg)
bool valid_nonce_length(size_t n) const override
secure_vector< uint8_t > m_ad
size_t ideal_granularity() const override
std::string name() const override
std::unique_ptr< StreamCipher > m_chacha
size_t update_granularity() const override
bool cfrg_version() const
size_t tag_size() const override
void update_len(size_t len)
bool has_keying_material() const override final
std::unique_ptr< MessageAuthenticationCode > m_poly1305
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override final
int(* update)(CTX *, const void *, CC_LONG len)
constexpr void store_le(uint16_t in, uint8_t out[2])
void secure_scrub_memory(void *ptr, size_t n)
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)