Botan 3.0.0
Crypto and TLS for C&
chacha20poly1305.h
Go to the documentation of this file.
1/*
2* ChaCha20Poly1305 AEAD
3* (C) 2014 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_AEAD_CHACHA20_POLY1305_H_
10#define BOTAN_AEAD_CHACHA20_POLY1305_H_
11
12#include <botan/aead.h>
13#include <botan/stream_cipher.h>
14#include <botan/mac.h>
15
16namespace Botan {
17
18/**
19* Base class
20* See draft-irtf-cfrg-chacha20-poly1305-03 for specification
21* If a nonce of 64 bits is used the older version described in
22* draft-agl-tls-chacha20poly1305-04 is used instead.
23* If a nonce of 192 bits is used, XChaCha20Poly1305 is selected.
24*/
26 {
27 public:
28 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override final;
29
30 bool associated_data_requires_key() const override { return false; }
31
32 std::string name() const override { return "ChaCha20Poly1305"; }
33
34 size_t update_granularity() const override;
35
36 size_t ideal_granularity() const override;
37
39 { return Key_Length_Specification(32); }
40
41 bool valid_nonce_length(size_t n) const override;
42
43 size_t tag_size() const override { return 16; }
44
45 void clear() override;
46
47 void reset() override;
48
49 bool has_keying_material() const override final;
50
51 protected:
54
56
58 size_t m_nonce_len = 0;
59 size_t m_ctext_len = 0;
60
61 bool cfrg_version() const { return m_nonce_len == 12 || m_nonce_len == 24; }
62 void update_len(size_t len);
63 private:
64 void start_msg(const uint8_t nonce[], size_t nonce_len) override;
65
66 void key_schedule(const uint8_t key[], size_t length) override;
67 };
68
69/**
70* ChaCha20Poly1305 Encryption
71*/
73 {
74 public:
75 size_t output_length(size_t input_length) const override
76 { return input_length + tag_size(); }
77
78 size_t minimum_final_size() const override { return 0; }
79
80 private:
81 size_t process_msg(uint8_t buf[], size_t size) override;
82 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
83 };
84
85/**
86* ChaCha20Poly1305 Decryption
87*/
89 {
90 public:
91 size_t output_length(size_t input_length) const override
92 {
93 BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input");
94 return input_length - tag_size();
95 }
96
97 size_t minimum_final_size() const override { return tag_size(); }
98
99 private:
100 size_t process_msg(uint8_t buf[], size_t size) override;
101 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
102 };
103
104}
105
106#endif
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36
size_t output_length(size_t input_length) const override
size_t minimum_final_size() const override
size_t minimum_final_size() const override
size_t output_length(size_t input_length) const override
bool valid_nonce_length(size_t n) const override
secure_vector< uint8_t > m_ad
size_t ideal_granularity() const override
std::string name() const override
std::unique_ptr< StreamCipher > m_chacha
size_t update_granularity() const override
size_t tag_size() const override
bool associated_data_requires_key() const override
bool has_keying_material() const override final
Key_Length_Specification key_spec() const override
std::unique_ptr< MessageAuthenticationCode > m_poly1305
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override final
int(* final)(unsigned char *, CTX *)
Definition: alg_id.cpp:12
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
Definition: bigint.h:1092