Botan 3.12.0
Crypto and TLS for C&
sodium_aead.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/aead.h>
10#include <botan/exceptn.h>
11#include <botan/mem_ops.h>
12
13namespace Botan {
14
15namespace {
16
17int sodium_aead_chacha20poly1305_encrypt(uint8_t ctext[],
18 unsigned long long* ctext_len,
19 const uint8_t ptext[],
20 size_t ptext_len,
21 const uint8_t ad[],
22 size_t ad_len,
23 const uint8_t nonce[],
24 size_t nonce_len,
25 const uint8_t key[]) {
26 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
27
28 chacha20poly1305->set_key(key, 32);
29 chacha20poly1305->set_associated_data(ad, ad_len);
30 chacha20poly1305->start(nonce, nonce_len);
31
32 // FIXME do this in-place
33 secure_vector<uint8_t> buf;
34 buf.reserve(ptext_len + 16);
35 buf.assign(ptext, ptext + ptext_len);
36
37 chacha20poly1305->finish(buf);
38
39 copy_mem(ctext, buf.data(), buf.size());
40 if(ctext_len != nullptr) {
41 *ctext_len = buf.size();
42 }
43 return 0;
44}
45
46int sodium_aead_chacha20poly1305_decrypt(uint8_t ptext[],
47 unsigned long long* ptext_len,
48 const uint8_t ctext[],
49 size_t ctext_len,
50 const uint8_t ad[],
51 size_t ad_len,
52 const uint8_t nonce[],
53 size_t nonce_len,
54 const uint8_t key[]) {
55 if(ctext_len < 16) {
56 return -1;
57 }
58
59 if(ptext_len != nullptr) {
60 *ptext_len = 0;
61 }
62
63 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
64
65 chacha20poly1305->set_key(key, 32);
66 chacha20poly1305->set_associated_data(ad, ad_len);
67 chacha20poly1305->start(nonce, nonce_len);
68
69 // FIXME do this in-place
70 secure_vector<uint8_t> buf;
71 buf.assign(ctext, ctext + ctext_len);
72
73 try {
74 chacha20poly1305->finish(buf);
75 } catch(Invalid_Authentication_Tag&) {
76 return -1;
77 }
78
79 if(ptext_len != nullptr) {
80 *ptext_len = ctext_len - 16;
81 }
82
83 copy_mem(ptext, buf.data(), buf.size());
84 return 0;
85}
86
87int sodium_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[],
88 uint8_t mac[],
89 const uint8_t ptext[],
90 size_t ptext_len,
91 const uint8_t ad[],
92 size_t ad_len,
93 const uint8_t nonce[],
94 size_t nonce_len,
95 const uint8_t key[]) {
96 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
97
98 chacha20poly1305->set_key(key, 32);
99 chacha20poly1305->set_associated_data(ad, ad_len);
100 chacha20poly1305->start(nonce, nonce_len);
101
102 // FIXME do this in-place
103 secure_vector<uint8_t> buf;
104 buf.reserve(ptext_len + 16);
105 buf.assign(ptext, ptext + ptext_len);
106
107 chacha20poly1305->finish(buf);
108
109 copy_mem(ctext, buf.data(), ptext_len);
110 copy_mem(mac, buf.data() + ptext_len, 16);
111 return 0;
112}
113
114int sodium_aead_chacha20poly1305_decrypt_detached(uint8_t ptext[],
115 const uint8_t ctext[],
116 size_t ctext_len,
117 const uint8_t mac[],
118 const uint8_t ad[],
119 size_t ad_len,
120 const uint8_t nonce[],
121 size_t nonce_len,
122 const uint8_t key[]) {
123 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
124
125 chacha20poly1305->set_key(key, 32);
126 chacha20poly1305->set_associated_data(ad, ad_len);
127 chacha20poly1305->start(nonce, nonce_len);
128
129 // FIXME do this in-place
130 secure_vector<uint8_t> buf;
131 buf.reserve(ctext_len + 16);
132 buf.assign(ctext, ctext + ctext_len);
133 buf.insert(buf.end(), mac, mac + 16);
134
135 try {
136 chacha20poly1305->finish(buf);
137 } catch(Invalid_Authentication_Tag&) {
138 return -1;
139 }
140
141 copy_mem(ptext, buf.data(), buf.size());
142 return 0;
143}
144
145} // namespace
146
147int Sodium::crypto_aead_chacha20poly1305_ietf_encrypt(uint8_t ctext[],
148 unsigned long long* ctext_len,
149 const uint8_t ptext[],
150 size_t ptext_len,
151 const uint8_t ad[],
152 size_t ad_len,
153 const uint8_t unused_secret_nonce[],
154 const uint8_t nonce[],
155 const uint8_t key[]) {
156 BOTAN_UNUSED(unused_secret_nonce);
157
158 return sodium_aead_chacha20poly1305_encrypt(
159 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
160}
161
162int Sodium::crypto_aead_chacha20poly1305_ietf_decrypt(uint8_t ptext[],
163 unsigned long long* ptext_len,
164 uint8_t unused_secret_nonce[],
165 const uint8_t ctext[],
166 size_t ctext_len,
167 const uint8_t ad[],
168 size_t ad_len,
169 const uint8_t nonce[],
170 const uint8_t key[]) {
171 BOTAN_UNUSED(unused_secret_nonce);
172
173 return sodium_aead_chacha20poly1305_decrypt(
174 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
175}
176
177int Sodium::crypto_aead_chacha20poly1305_ietf_encrypt_detached(uint8_t ctext[],
178 uint8_t mac[],
179 unsigned long long* mac_len,
180 const uint8_t ptext[],
181 size_t ptext_len,
182 const uint8_t ad[],
183 size_t ad_len,
184 const uint8_t unused_secret_nonce[],
185 const uint8_t nonce[],
186 const uint8_t key[]) {
187 BOTAN_UNUSED(unused_secret_nonce);
188
189 if(mac_len != nullptr) {
190 *mac_len = 16;
191 }
192
193 return sodium_aead_chacha20poly1305_encrypt_detached(
194 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
195}
196
197int Sodium::crypto_aead_chacha20poly1305_ietf_decrypt_detached(uint8_t ptext[],
198 uint8_t unused_secret_nonce[],
199 const uint8_t ctext[],
200 size_t ctext_len,
201 const uint8_t mac[],
202 const uint8_t ad[],
203 size_t ad_len,
204 const uint8_t nonce[],
205 const uint8_t key[]) {
206 BOTAN_UNUSED(unused_secret_nonce);
207
208 return sodium_aead_chacha20poly1305_decrypt_detached(
209 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
210}
211
212int Sodium::crypto_aead_chacha20poly1305_encrypt(uint8_t ctext[],
213 unsigned long long* ctext_len,
214 const uint8_t ptext[],
215 size_t ptext_len,
216 const uint8_t ad[],
217 size_t ad_len,
218 const uint8_t unused_secret_nonce[],
219 const uint8_t nonce[],
220 const uint8_t key[]) {
221 BOTAN_UNUSED(unused_secret_nonce);
222 return sodium_aead_chacha20poly1305_encrypt(
223 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
224}
225
226int Sodium::crypto_aead_chacha20poly1305_decrypt(uint8_t ptext[],
227 unsigned long long* ptext_len,
228 uint8_t unused_secret_nonce[],
229 const uint8_t ctext[],
230 size_t ctext_len,
231 const uint8_t ad[],
232 size_t ad_len,
233 const uint8_t nonce[],
234 const uint8_t key[]) {
235 BOTAN_UNUSED(unused_secret_nonce);
236 return sodium_aead_chacha20poly1305_decrypt(
237 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
238}
239
240int Sodium::crypto_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[],
241 uint8_t mac[],
242 unsigned long long* mac_len,
243 const uint8_t ptext[],
244 size_t ptext_len,
245 const uint8_t ad[],
246 size_t ad_len,
247 const uint8_t unused_secret_nonce[],
248 const uint8_t nonce[],
249 const uint8_t key[]) {
250 BOTAN_UNUSED(unused_secret_nonce);
251 if(mac_len != nullptr) {
252 *mac_len = 16;
253 }
254
255 return sodium_aead_chacha20poly1305_encrypt_detached(
256 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
257}
258
259int Sodium::crypto_aead_chacha20poly1305_decrypt_detached(uint8_t ptext[],
260 uint8_t unused_secret_nonce[],
261 const uint8_t ctext[],
262 size_t ctext_len,
263 const uint8_t mac[],
264 const uint8_t ad[],
265 size_t ad_len,
266 const uint8_t nonce[],
267 const uint8_t key[]) {
268 BOTAN_UNUSED(unused_secret_nonce);
269
270 return sodium_aead_chacha20poly1305_decrypt_detached(
271 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
272}
273
274int Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt(uint8_t ctext[],
275 unsigned long long* ctext_len,
276 const uint8_t ptext[],
277 size_t ptext_len,
278 const uint8_t ad[],
279 size_t ad_len,
280 const uint8_t unused_secret_nonce[],
281 const uint8_t nonce[],
282 const uint8_t key[]) {
283 BOTAN_UNUSED(unused_secret_nonce);
284
285 return sodium_aead_chacha20poly1305_encrypt(
286 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
287}
288
289int Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt(uint8_t ptext[],
290 unsigned long long* ptext_len,
291 uint8_t unused_secret_nonce[],
292 const uint8_t ctext[],
293 size_t ctext_len,
294 const uint8_t ad[],
295 size_t ad_len,
296 const uint8_t nonce[],
297 const uint8_t key[]) {
298 BOTAN_UNUSED(unused_secret_nonce);
299
300 return sodium_aead_chacha20poly1305_decrypt(
301 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
302}
303
304int Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt_detached(uint8_t ctext[],
305 uint8_t mac[],
306 unsigned long long* mac_len,
307 const uint8_t ptext[],
308 size_t ptext_len,
309 const uint8_t ad[],
310 size_t ad_len,
311 const uint8_t unused_secret_nonce[],
312 const uint8_t nonce[],
313 const uint8_t key[]) {
314 BOTAN_UNUSED(unused_secret_nonce);
315 if(mac_len != nullptr) {
316 *mac_len = 16;
317 }
318
319 return sodium_aead_chacha20poly1305_encrypt_detached(
320 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
321}
322
323int Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt_detached(uint8_t ptext[],
324 uint8_t unused_secret_nonce[],
325 const uint8_t ctext[],
326 size_t ctext_len,
327 const uint8_t mac[],
328 const uint8_t ad[],
329 size_t ad_len,
330 const uint8_t nonce[],
331 const uint8_t key[]) {
332 BOTAN_UNUSED(unused_secret_nonce);
333 return sodium_aead_chacha20poly1305_decrypt_detached(
334 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
335}
336
337} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:49
Botan::Invalid_Authentication_Tag
Definition exceptn.h:274
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt
int crypto_aead_xchacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:289
Botan::Sodium::crypto_aead_chacha20poly1305_decrypt
int crypto_aead_chacha20poly1305_decrypt(uint8_t m[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:226
Botan::Sodium::crypto_aead_chacha20poly1305_decrypt_detached
int crypto_aead_chacha20poly1305_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:259
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_encrypt_detached
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:177
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_npubbytes
size_t crypto_aead_chacha20poly1305_ietf_npubbytes()
Definition sodium.h:371
Botan::Sodium::crypto_aead_chacha20poly1305_encrypt
int crypto_aead_chacha20poly1305_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:212
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_npubbytes
size_t crypto_aead_xchacha20poly1305_ietf_npubbytes()
Definition sodium.h:511
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_encrypt
int crypto_aead_chacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:147
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt
int crypto_aead_xchacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:274
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_decrypt
int crypto_aead_chacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:162
Botan::Sodium::crypto_aead_chacha20poly1305_encrypt_detached
int crypto_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:240
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt_detached
int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:304
Botan::Sodium::crypto_aead_chacha20poly1305_npubbytes
size_t crypto_aead_chacha20poly1305_npubbytes()
Definition sodium.h:440
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_decrypt_detached
int crypto_aead_chacha20poly1305_ietf_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:197
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt_detached
int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(uint8_t ptext[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:323
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.16.1