Botan  2.15.0
Crypto and TLS for C++11
sodium_secretbox.cpp
Go to the documentation of this file.
1 /*
2 * (C) 2019 Jack Lloyd
3 *
4 * Botan is released under the Simplified BSD License (see license.txt)
5 */
6 
7 #include <botan/sodium.h>
8 #include <botan/secmem.h>
9 #include <botan/stream_cipher.h>
10 #include <botan/mac.h>
11 
12 namespace Botan {
13 
15  const uint8_t ptext[],
16  size_t ptext_len,
17  const uint8_t nonce[],
18  const uint8_t key[])
19  {
20  if(ptext_len < 32)
21  return -1;
22 
23  auto salsa = StreamCipher::create_or_throw("Salsa20");
24  salsa->set_key(key, crypto_secretbox_KEYBYTES);
25  salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
26 
27  secure_vector<uint8_t> auth_key(32);
28  salsa->write_keystream(auth_key.data(), auth_key.size());
29 
30  salsa->cipher(ptext + 32, ctext + 32, ptext_len - 32);
31 
32  auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
33  poly1305->set_key(auth_key);
34  poly1305->update(ctext + 32, ptext_len - 32);
35  poly1305->final(ctext + 16);
36 
37  clear_mem(ctext, 16);
38  return 0;
39  }
40 
42  const uint8_t ctext[],
43  size_t ctext_len,
44  const uint8_t nonce[],
45  const uint8_t key[])
46  {
48  {
49  return -1;
50  }
51 
52  auto salsa = StreamCipher::create_or_throw("Salsa20");
53  salsa->set_key(key, crypto_secretbox_KEYBYTES);
54  salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
55 
56  secure_vector<uint8_t> auth_key(32);
57  salsa->write_keystream(auth_key.data(), auth_key.size());
58 
59  auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
60  poly1305->set_key(auth_key);
61  poly1305->update(ctext + 32, ctext_len - 32);
62  secure_vector<uint8_t> computed = poly1305->final();
63 
64  if(!constant_time_compare(computed.data(), ctext + 16, 16))
65  return -1;
66 
67  salsa->cipher(ctext + 32, ptext + 32, ctext_len - 32);
68 
69  clear_mem(ptext, 32);
70  return 0;
71  }
72 
73 int Sodium::crypto_secretbox_detached(uint8_t ctext[], uint8_t mac[],
74  const uint8_t ptext[],
75  size_t ptext_len,
76  const uint8_t nonce[],
77  const uint8_t key[])
78  {
79  auto salsa = StreamCipher::create_or_throw("Salsa20");
80  salsa->set_key(key, crypto_secretbox_KEYBYTES);
81  salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
82 
83  secure_vector<uint8_t> auth_key(32);
84  salsa->write_keystream(auth_key.data(), auth_key.size());
85 
86  salsa->cipher(ptext, ctext, ptext_len);
87 
88  auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
89  poly1305->set_key(auth_key);
90  poly1305->update(ctext, ptext_len);
91  poly1305->final(mac);
92 
93  return 0;
94  }
95 
97  const uint8_t ctext[],
98  const uint8_t mac[],
99  size_t ctext_len,
100  const uint8_t nonce[],
101  const uint8_t key[])
102  {
103  auto salsa = StreamCipher::create_or_throw("Salsa20");
104  salsa->set_key(key, crypto_secretbox_KEYBYTES);
105  salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
106 
107  secure_vector<uint8_t> auth_key(32);
108  salsa->write_keystream(auth_key.data(), auth_key.size());
109 
110  auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
111  poly1305->set_key(auth_key);
112  poly1305->update(ctext, ctext_len);
113  secure_vector<uint8_t> computed_mac = poly1305->final();
114 
115  if(!constant_time_compare(mac, computed_mac.data(), computed_mac.size()))
116  return -1;
117 
118  salsa->cipher(ctext, ptext, ctext_len);
119 
120  return 0;
121  }
122 
123 }
static std::unique_ptr< StreamCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
int crypto_secretbox_xsalsa20poly1305(uint8_t ctext[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:115
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition: mem_ops.h:82
int crypto_secretbox_detached(uint8_t ctext[], uint8_t mac[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition: alg_id.cpp:13
int crypto_secretbox_open_detached(uint8_t ptext[], const uint8_t ctext[], const uint8_t mac[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
int crypto_secretbox_xsalsa20poly1305_open(uint8_t ptext[], const uint8_t ctext[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])