Botan 3.5.0
Crypto and TLS for C&
sodium_aead.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/aead.h>
10#include <botan/mem_ops.h>
11
12namespace Botan {
13
14namespace {
15
16int sodium_aead_chacha20poly1305_encrypt(uint8_t ctext[],
17 unsigned long long* ctext_len,
18 const uint8_t ptext[],
19 size_t ptext_len,
20 const uint8_t ad[],
21 size_t ad_len,
22 const uint8_t nonce[],
23 size_t nonce_len,
24 const uint8_t key[]) {
25 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
26
27 chacha20poly1305->set_key(key, 32);
28 chacha20poly1305->set_associated_data(ad, ad_len);
29 chacha20poly1305->start(nonce, nonce_len);
30
31 // FIXME do this in-place
33 buf.reserve(ptext_len + 16);
34 buf.assign(ptext, ptext + ptext_len);
35
36 chacha20poly1305->finish(buf);
37
38 copy_mem(ctext, buf.data(), buf.size());
39 if(ctext_len) {
40 *ctext_len = buf.size();
41 }
42 return 0;
43}
44
45int sodium_aead_chacha20poly1305_decrypt(uint8_t ptext[],
46 unsigned long long* ptext_len,
47 const uint8_t ctext[],
48 size_t ctext_len,
49 const uint8_t ad[],
50 size_t ad_len,
51 const uint8_t nonce[],
52 size_t nonce_len,
53 const uint8_t key[]) {
54 if(ctext_len < 16) {
55 return -1;
56 }
57
58 *ptext_len = 0;
59
60 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
61
62 chacha20poly1305->set_key(key, 32);
63 chacha20poly1305->set_associated_data(ad, ad_len);
64 chacha20poly1305->start(nonce, nonce_len);
65
66 // FIXME do this in-place
68 buf.assign(ctext, ctext + ctext_len);
69
70 try {
71 chacha20poly1305->finish(buf);
72 } catch(Invalid_Authentication_Tag&) {
73 return -1;
74 }
75
76 *ptext_len = ctext_len - 16;
77
78 copy_mem(ptext, buf.data(), buf.size());
79 return 0;
80}
81
82int sodium_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[],
83 uint8_t mac[],
84 const uint8_t ptext[],
85 size_t ptext_len,
86 const uint8_t ad[],
87 size_t ad_len,
88 const uint8_t nonce[],
89 size_t nonce_len,
90 const uint8_t key[]) {
91 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Encryption);
92
93 chacha20poly1305->set_key(key, 32);
94 chacha20poly1305->set_associated_data(ad, ad_len);
95 chacha20poly1305->start(nonce, nonce_len);
96
97 // FIXME do this in-place
99 buf.reserve(ptext_len + 16);
100 buf.assign(ptext, ptext + ptext_len);
101
102 chacha20poly1305->finish(buf);
103
104 copy_mem(ctext, buf.data(), ptext_len);
105 copy_mem(mac, buf.data() + ptext_len, 16);
106 return 0;
107}
108
109int sodium_aead_chacha20poly1305_decrypt_detached(uint8_t ptext[],
110 const uint8_t ctext[],
111 size_t ctext_len,
112 const uint8_t mac[],
113 const uint8_t ad[],
114 size_t ad_len,
115 const uint8_t nonce[],
116 size_t nonce_len,
117 const uint8_t key[]) {
118 auto chacha20poly1305 = AEAD_Mode::create_or_throw("ChaCha20Poly1305", Cipher_Dir::Decryption);
119
120 chacha20poly1305->set_key(key, 32);
121 chacha20poly1305->set_associated_data(ad, ad_len);
122 chacha20poly1305->start(nonce, nonce_len);
123
124 // FIXME do this in-place
126 buf.reserve(ctext_len + 16);
127 buf.assign(ctext, ctext + ctext_len);
128 buf.insert(buf.end(), mac, mac + 16);
129
130 try {
131 chacha20poly1305->finish(buf);
132 } catch(Invalid_Authentication_Tag&) {
133 return -1;
134 }
135
136 copy_mem(ptext, buf.data(), buf.size());
137 return 0;
138}
139
140} // namespace
141
143 unsigned long long* ctext_len,
144 const uint8_t ptext[],
145 size_t ptext_len,
146 const uint8_t ad[],
147 size_t ad_len,
148 const uint8_t unused_secret_nonce[],
149 const uint8_t nonce[],
150 const uint8_t key[]) {
151 BOTAN_UNUSED(unused_secret_nonce);
152
153 return sodium_aead_chacha20poly1305_encrypt(
154 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
155}
156
158 unsigned long long* ptext_len,
159 uint8_t unused_secret_nonce[],
160 const uint8_t ctext[],
161 size_t ctext_len,
162 const uint8_t ad[],
163 size_t ad_len,
164 const uint8_t nonce[],
165 const uint8_t key[]) {
166 BOTAN_UNUSED(unused_secret_nonce);
167
168 return sodium_aead_chacha20poly1305_decrypt(
169 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
170}
171
173 uint8_t mac[],
174 unsigned long long* mac_len,
175 const uint8_t ptext[],
176 size_t ptext_len,
177 const uint8_t ad[],
178 size_t ad_len,
179 const uint8_t unused_secret_nonce[],
180 const uint8_t nonce[],
181 const uint8_t key[]) {
182 BOTAN_UNUSED(unused_secret_nonce);
183
184 if(mac_len) {
185 *mac_len = 16;
186 }
187
188 return sodium_aead_chacha20poly1305_encrypt_detached(
189 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
190}
191
193 uint8_t unused_secret_nonce[],
194 const uint8_t ctext[],
195 size_t ctext_len,
196 const uint8_t mac[],
197 const uint8_t ad[],
198 size_t ad_len,
199 const uint8_t nonce[],
200 const uint8_t key[]) {
201 BOTAN_UNUSED(unused_secret_nonce);
202
203 return sodium_aead_chacha20poly1305_decrypt_detached(
204 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_ietf_npubbytes(), key);
205}
206
208 unsigned long long* ctext_len,
209 const uint8_t ptext[],
210 size_t ptext_len,
211 const uint8_t ad[],
212 size_t ad_len,
213 const uint8_t unused_secret_nonce[],
214 const uint8_t nonce[],
215 const uint8_t key[]) {
216 BOTAN_UNUSED(unused_secret_nonce);
217 return sodium_aead_chacha20poly1305_encrypt(
218 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
219}
220
222 unsigned long long* ptext_len,
223 uint8_t unused_secret_nonce[],
224 const uint8_t ctext[],
225 size_t ctext_len,
226 const uint8_t ad[],
227 size_t ad_len,
228 const uint8_t nonce[],
229 const uint8_t key[]) {
230 BOTAN_UNUSED(unused_secret_nonce);
231 return sodium_aead_chacha20poly1305_decrypt(
232 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
233}
234
236 uint8_t mac[],
237 unsigned long long* mac_len,
238 const uint8_t ptext[],
239 size_t ptext_len,
240 const uint8_t ad[],
241 size_t ad_len,
242 const uint8_t unused_secret_nonce[],
243 const uint8_t nonce[],
244 const uint8_t key[]) {
245 BOTAN_UNUSED(unused_secret_nonce);
246 if(mac_len) {
247 *mac_len = 16;
248 }
249
250 return sodium_aead_chacha20poly1305_encrypt_detached(
251 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
252}
253
255 uint8_t unused_secret_nonce[],
256 const uint8_t ctext[],
257 size_t ctext_len,
258 const uint8_t mac[],
259 const uint8_t ad[],
260 size_t ad_len,
261 const uint8_t nonce[],
262 const uint8_t key[]) {
263 BOTAN_UNUSED(unused_secret_nonce);
264
265 return sodium_aead_chacha20poly1305_decrypt_detached(
266 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_chacha20poly1305_npubbytes(), key);
267}
268
270 unsigned long long* ctext_len,
271 const uint8_t ptext[],
272 size_t ptext_len,
273 const uint8_t ad[],
274 size_t ad_len,
275 const uint8_t unused_secret_nonce[],
276 const uint8_t nonce[],
277 const uint8_t key[]) {
278 BOTAN_UNUSED(unused_secret_nonce);
279
280 return sodium_aead_chacha20poly1305_encrypt(
281 ctext, ctext_len, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
282}
283
285 unsigned long long* ptext_len,
286 uint8_t unused_secret_nonce[],
287 const uint8_t ctext[],
288 size_t ctext_len,
289 const uint8_t ad[],
290 size_t ad_len,
291 const uint8_t nonce[],
292 const uint8_t key[]) {
293 BOTAN_UNUSED(unused_secret_nonce);
294
295 return sodium_aead_chacha20poly1305_decrypt(
296 ptext, ptext_len, ctext, ctext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
297}
298
300 uint8_t mac[],
301 unsigned long long* mac_len,
302 const uint8_t ptext[],
303 size_t ptext_len,
304 const uint8_t ad[],
305 size_t ad_len,
306 const uint8_t unused_secret_nonce[],
307 const uint8_t nonce[],
308 const uint8_t key[]) {
309 BOTAN_UNUSED(unused_secret_nonce);
310 if(mac_len) {
311 *mac_len = 16;
312 }
313
314 return sodium_aead_chacha20poly1305_encrypt_detached(
315 ctext, mac, ptext, ptext_len, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
316}
317
319 uint8_t unused_secret_nonce[],
320 const uint8_t ctext[],
321 size_t ctext_len,
322 const uint8_t mac[],
323 const uint8_t ad[],
324 size_t ad_len,
325 const uint8_t nonce[],
326 const uint8_t key[]) {
327 BOTAN_UNUSED(unused_secret_nonce);
328 return sodium_aead_chacha20poly1305_decrypt_detached(
329 ptext, ctext, ctext_len, mac, ad, ad_len, nonce, crypto_aead_xchacha20poly1305_ietf_npubbytes(), key);
330}
331
332} // namespace Botan
#define BOTAN_UNUSED
Definition assert.h:118
static std::unique_ptr< AEAD_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:43
int crypto_aead_xchacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
int crypto_aead_chacha20poly1305_decrypt(uint8_t m[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
int crypto_aead_chacha20poly1305_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
size_t crypto_aead_chacha20poly1305_ietf_npubbytes()
Definition sodium.h:371
int crypto_aead_chacha20poly1305_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
size_t crypto_aead_xchacha20poly1305_ietf_npubbytes()
Definition sodium.h:511
int crypto_aead_chacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
int crypto_aead_xchacha20poly1305_ietf_encrypt(uint8_t ctext[], unsigned long long *ctext_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
int crypto_aead_chacha20poly1305_ietf_decrypt(uint8_t ptext[], unsigned long long *ptext_len, uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
int crypto_aead_chacha20poly1305_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(uint8_t ctext[], uint8_t mac[], unsigned long long *mac_len, const uint8_t ptext[], size_t ptext_len, const uint8_t ad[], size_t ad_len, const uint8_t unused_secret_nonce[], const uint8_t nonce[], const uint8_t key[])
size_t crypto_aead_chacha20poly1305_npubbytes()
Definition sodium.h:440
int crypto_aead_chacha20poly1305_ietf_decrypt_detached(uint8_t m[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(uint8_t ptext[], uint8_t unused_secret_nonce[], const uint8_t ctext[], size_t ctext_len, const uint8_t mac[], const uint8_t ad[], size_t ad_len, const uint8_t nonce[], const uint8_t key[])
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146