Botan 3.11.0
Crypto and TLS for C&
sodium_aead.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/aead.h>
10#include <botan/exceptn.h>
11#include <botan/mem_ops.h>
12
13namespace Botan {
14
15namespace {
16
17int sodium_aead_chacha20poly1305_encrypt(uint8_t ctext[],
18 unsigned long long* ctext_len,
19 const uint8_t ptext[],
20 size_t ptext_len,
21 const uint8_t ad[],
22 size_t ad_len,
23 const uint8_t nonce[],
24 size_t nonce_len,
25 const uint8_t key[]) {
26 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
27
28 chacha20poly1305->set_key(key, 32);
29 chacha20poly1305->set_associated_data(ad, ad_len);
30 chacha20poly1305->start(nonce, nonce_len);
31
32 // FIXME do this in-place
33 secure_vector<uint8_t> buf;
34 buf.reserve(ptext_len + 16);
35 buf.assign(ptext, ptext + ptext_len);
36
37 chacha20poly1305->finish(buf);
38
39 copy_mem(ctext, buf.data(), buf.size());
40 if(ctext_len != nullptr) {
41 *ctext_len = buf.size();
42 }
43 return 0;
44}
45
46int sodium_aead_chacha20poly1305_decrypt(uint8_t ptext[],
47 unsigned long long* ptext_len,
48 const uint8_t ctext[],
49 size_t ctext_len,
50 const uint8_t ad[],
51 size_t ad_len,
52 const uint8_t nonce[],
53 size_t nonce_len,
54 const uint8_t key[]) {
55 if(ctext_len < 16) {
56 return -1;
57 }
58
59 *ptext_len = 0;
60
61 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
62
63 chacha20poly1305->set_key(key, 32);
64 chacha20poly1305->set_associated_data(ad, ad_len);
65 chacha20poly1305->start(nonce, nonce_len);
66
67 // FIXME do this in-place
68 secure_vector<uint8_t> buf;
69 buf.assign(ctext, ctext + ctext_len);
70
71 try {
72 chacha20poly1305->finish(buf);
73 } catch(Invalid_Authentication_Tag&) {
74 return -1;
75 }
76
77 *ptext_len = ctext_len - 16;
78
79 copy_mem(ptext, buf.data(), buf.size());
80 return 0;
81}
82
83int sodium_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[],
84 uint8_t mac[],
85 const uint8_t ptext[],
86 size_t ptext_len,
87 const uint8_t ad[],
88 size_t ad_len,
89 const uint8_t nonce[],
90 size_t nonce_len,
91 const uint8_t key[]) {
92 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
93
94 chacha20poly1305->set_key(key, 32);
95 chacha20poly1305->set_associated_data(ad, ad_len);
96 chacha20poly1305->start(nonce, nonce_len);
97
98 // FIXME do this in-place
99 secure_vector<uint8_t> buf;
100 buf.reserve(ptext_len + 16);
101 buf.assign(ptext, ptext + ptext_len);
102
103 chacha20poly1305->finish(buf);
104
105 copy_mem(ctext, buf.data(), ptext_len);
106 copy_mem(mac, buf.data() + ptext_len, 16);
107 return 0;
108}
109
110int sodium_aead_chacha20poly1305_decrypt_detached(uint8_t ptext[],
111 const uint8_t ctext[],
112 size_t ctext_len,
113 const uint8_t mac[],
114 const uint8_t ad[],
115 size_t ad_len,
116 const uint8_t nonce[],
117 size_t nonce_len,
118 const uint8_t key[]) {
119 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
120
121 chacha20poly1305->set_key(key, 32);
122 chacha20poly1305->set_associated_data(ad, ad_len);
123 chacha20poly1305->start(nonce, nonce_len);
124
125 // FIXME do this in-place
126 secure_vector<uint8_t> buf;
127 buf.reserve(ctext_len + 16);
128 buf.assign(ctext, ctext + ctext_len);
129 buf.insert(buf.end(), mac, mac + 16);
130
131 try {
132 chacha20poly1305->finish(buf);
133 } catch(Invalid_Authentication_Tag&) {
134 return -1;
135 }
136
137 copy_mem(ptext, buf.data(), buf.size());
138 return 0;
139}
140
141} // namespace
142
143int Sodium::crypto_aead_chacha20poly1305_ietf_encrypt(uint8_t ctext[],
144 unsigned long long* ctext_len,
145 const uint8_t ptext[],
146 size_t ptext_len,
147 const uint8_t ad[],
148 size_t ad_len,
149 const uint8_t unused_secret_nonce[],
150 const uint8_t nonce[],
151 const uint8_t key[]) {
152 BOTAN_UNUSED(unused_secret_nonce);
153
154 return sodium_aead_chacha20poly1305_encrypt(
155 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
156}
157
158int Sodium::crypto_aead_chacha20poly1305_ietf_decrypt(uint8_t ptext[],
159 unsigned long long* ptext_len,
160 uint8_t unused_secret_nonce[],
161 const uint8_t ctext[],
162 size_t ctext_len,
163 const uint8_t ad[],
164 size_t ad_len,
165 const uint8_t nonce[],
166 const uint8_t key[]) {
167 BOTAN_UNUSED(unused_secret_nonce);
168
169 return sodium_aead_chacha20poly1305_decrypt(
170 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
171}
172
173int Sodium::crypto_aead_chacha20poly1305_ietf_encrypt_detached(uint8_t ctext[],
174 uint8_t mac[],
175 unsigned long long* mac_len,
176 const uint8_t ptext[],
177 size_t ptext_len,
178 const uint8_t ad[],
179 size_t ad_len,
180 const uint8_t unused_secret_nonce[],
181 const uint8_t nonce[],
182 const uint8_t key[]) {
183 BOTAN_UNUSED(unused_secret_nonce);
184
185 if(mac_len != nullptr) {
186 *mac_len = 16;
187 }
188
189 return sodium_aead_chacha20poly1305_encrypt_detached(
190 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
191}
192
193int Sodium::crypto_aead_chacha20poly1305_ietf_decrypt_detached(uint8_t ptext[],
194 uint8_t unused_secret_nonce[],
195 const uint8_t ctext[],
196 size_t ctext_len,
197 const uint8_t mac[],
198 const uint8_t ad[],
199 size_t ad_len,
200 const uint8_t nonce[],
201 const uint8_t key[]) {
202 BOTAN_UNUSED(unused_secret_nonce);
203
204 return sodium_aead_chacha20poly1305_decrypt_detached(
205 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
206}
207
208int Sodium::crypto_aead_chacha20poly1305_encrypt(uint8_t ctext[],
209 unsigned long long* ctext_len,
210 const uint8_t ptext[],
211 size_t ptext_len,
212 const uint8_t ad[],
213 size_t ad_len,
214 const uint8_t unused_secret_nonce[],
215 const uint8_t nonce[],
216 const uint8_t key[]) {
217 BOTAN_UNUSED(unused_secret_nonce);
218 return sodium_aead_chacha20poly1305_encrypt(
219 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
220}
221
222int Sodium::crypto_aead_chacha20poly1305_decrypt(uint8_t ptext[],
223 unsigned long long* ptext_len,
224 uint8_t unused_secret_nonce[],
225 const uint8_t ctext[],
226 size_t ctext_len,
227 const uint8_t ad[],
228 size_t ad_len,
229 const uint8_t nonce[],
230 const uint8_t key[]) {
231 BOTAN_UNUSED(unused_secret_nonce);
232 return sodium_aead_chacha20poly1305_decrypt(
233 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
234}
235
236int Sodium::crypto_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[],
237 uint8_t mac[],
238 unsigned long long* mac_len,
239 const uint8_t ptext[],
240 size_t ptext_len,
241 const uint8_t ad[],
242 size_t ad_len,
243 const uint8_t unused_secret_nonce[],
244 const uint8_t nonce[],
245 const uint8_t key[]) {
246 BOTAN_UNUSED(unused_secret_nonce);
247 if(mac_len != nullptr) {
248 *mac_len = 16;
249 }
250
251 return sodium_aead_chacha20poly1305_encrypt_detached(
252 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
253}
254
255int Sodium::crypto_aead_chacha20poly1305_decrypt_detached(uint8_t ptext[],
256 uint8_t unused_secret_nonce[],
257 const uint8_t ctext[],
258 size_t ctext_len,
259 const uint8_t mac[],
260 const uint8_t ad[],
261 size_t ad_len,
262 const uint8_t nonce[],
263 const uint8_t key[]) {
264 BOTAN_UNUSED(unused_secret_nonce);
265
266 return sodium_aead_chacha20poly1305_decrypt_detached(
267 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
268}
269
270int Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt(uint8_t ctext[],
271 unsigned long long* ctext_len,
272 const uint8_t ptext[],
273 size_t ptext_len,
274 const uint8_t ad[],
275 size_t ad_len,
276 const uint8_t unused_secret_nonce[],
277 const uint8_t nonce[],
278 const uint8_t key[]) {
279 BOTAN_UNUSED(unused_secret_nonce);
280
281 return sodium_aead_chacha20poly1305_encrypt(
282 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
283}
284
285int Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt(uint8_t ptext[],
286 unsigned long long* ptext_len,
287 uint8_t unused_secret_nonce[],
288 const uint8_t ctext[],
289 size_t ctext_len,
290 const uint8_t ad[],
291 size_t ad_len,
292 const uint8_t nonce[],
293 const uint8_t key[]) {
294 BOTAN_UNUSED(unused_secret_nonce);
295
296 return sodium_aead_chacha20poly1305_decrypt(
297 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
298}
299
300int Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt_detached(uint8_t ctext[],
301 uint8_t mac[],
302 unsigned long long* mac_len,
303 const uint8_t ptext[],
304 size_t ptext_len,
305 const uint8_t ad[],
306 size_t ad_len,
307 const uint8_t unused_secret_nonce[],
308 const uint8_t nonce[],
309 const uint8_t key[]) {
310 BOTAN_UNUSED(unused_secret_nonce);
311 if(mac_len != nullptr) {
312 *mac_len = 16;
313 }
314
315 return sodium_aead_chacha20poly1305_encrypt_detached(
316 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
317}
318
319int Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt_detached(uint8_t ptext[],
320 uint8_t unused_secret_nonce[],
321 const uint8_t ctext[],
322 size_t ctext_len,
323 const uint8_t mac[],
324 const uint8_t ad[],
325 size_t ad_len,
326 const uint8_t nonce[],
327 const uint8_t key[]) {
328 BOTAN_UNUSED(unused_secret_nonce);
329 return sodium_aead_chacha20poly1305_decrypt_detached(
330 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
331}
332
333} // namespace Botan
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
Botan::AEAD_Mode::create_or_throw
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:49
Botan::Invalid_Authentication_Tag
Definition exceptn.h:274
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt
int crypto_aead_xchacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:285
Botan::Sodium::crypto_aead_chacha20poly1305_decrypt
int crypto_aead_chacha20poly1305_decrypt(uint8_t m[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:222
Botan::Sodium::crypto_aead_chacha20poly1305_decrypt_detached
int crypto_aead_chacha20poly1305_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:255
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_encrypt_detached
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:173
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_npubbytes
size_t crypto_aead_chacha20poly1305_ietf_npubbytes()
Definition sodium.h:371
Botan::Sodium::crypto_aead_chacha20poly1305_encrypt
int crypto_aead_chacha20poly1305_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:208
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_npubbytes
size_t crypto_aead_xchacha20poly1305_ietf_npubbytes()
Definition sodium.h:511
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_encrypt
int crypto_aead_chacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:143
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt
int crypto_aead_xchacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:270
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_decrypt
int crypto_aead_chacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:158
Botan::Sodium::crypto_aead_chacha20poly1305_encrypt_detached
int crypto_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:236
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_encrypt_detached
int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:300
Botan::Sodium::crypto_aead_chacha20poly1305_npubbytes
size_t crypto_aead_chacha20poly1305_npubbytes()
Definition sodium.h:440
Botan::Sodium::crypto_aead_chacha20poly1305_ietf_decrypt_detached
int crypto_aead_chacha20poly1305_ietf_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:193
Botan::Sodium::crypto_aead_xchacha20poly1305_ietf_decrypt_detached
int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(uint8_t ptext[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium_aead.cpp:319
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.15.0