Botan 3.3.0
Crypto and TLS for C&
chacha20poly1305.h
Go to the documentation of this file.
1/*
2* ChaCha20Poly1305 AEAD
3* (C) 2014 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_AEAD_CHACHA20_POLY1305_H_
10#define BOTAN_AEAD_CHACHA20_POLY1305_H_
11
12#include <botan/aead.h>
13#include <botan/mac.h>
14#include <botan/stream_cipher.h>
15
16namespace Botan {
17
18/**
19* Base class
20* See draft-irtf-cfrg-chacha20-poly1305-03 for specification
21* If a nonce of 64 bits is used the older version described in
22* draft-agl-tls-chacha20poly1305-04 is used instead.
23* If a nonce of 192 bits is used, XChaCha20Poly1305 is selected.
24*/
26 public:
27 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) final;
28
29 bool associated_data_requires_key() const override { return false; }
30
31 std::string name() const override { return "ChaCha20Poly1305"; }
32
33 size_t update_granularity() const override;
34
35 size_t ideal_granularity() const override;
36
38
39 bool valid_nonce_length(size_t n) const override;
40
41 size_t tag_size() const override { return 16; }
42
43 void clear() override;
44
45 void reset() override;
46
47 bool has_keying_material() const final;
48
49 protected:
50 std::unique_ptr<StreamCipher> m_chacha;
52
54
56 size_t m_nonce_len = 0;
57 size_t m_ctext_len = 0;
58
59 bool cfrg_version() const { return m_nonce_len == 12 || m_nonce_len == 24; }
60
61 void update_len(size_t len);
62
63 private:
64 void start_msg(const uint8_t nonce[], size_t nonce_len) override;
65
66 void key_schedule(std::span<const uint8_t> key) override;
67};
68
69/**
70* ChaCha20Poly1305 Encryption
71*/
73 public:
74 size_t output_length(size_t input_length) const override { return input_length + tag_size(); }
75
76 size_t minimum_final_size() const override { return 0; }
77
78 private:
79 size_t process_msg(uint8_t buf[], size_t size) override;
80 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
81};
82
83/**
84* ChaCha20Poly1305 Decryption
85*/
87 public:
88 size_t output_length(size_t input_length) const override {
89 BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input");
90 return input_length - tag_size();
91 }
92
93 size_t minimum_final_size() const override { return tag_size(); }
94
95 private:
96 size_t process_msg(uint8_t buf[], size_t size) override;
97 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
98};
99
100} // namespace Botan
101
102#endif
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
size_t output_length(size_t input_length) const override
size_t minimum_final_size() const override
size_t minimum_final_size() const override
size_t output_length(size_t input_length) const override
bool has_keying_material() const final
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) final
bool valid_nonce_length(size_t n) const override
secure_vector< uint8_t > m_ad
size_t ideal_granularity() const override
std::string name() const override
std::unique_ptr< StreamCipher > m_chacha
size_t update_granularity() const override
size_t tag_size() const override
bool associated_data_requires_key() const override
Key_Length_Specification key_spec() const override
std::unique_ptr< MessageAuthenticationCode > m_poly1305
int(* final)(unsigned char *, CTX *)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61