Botan
1.11.15
|
00001 /* 00002 * ChaCha20Poly1305 AEAD 00003 * (C) 2014 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_AEAD_CHACHA20_POLY1305_H__ 00009 #define BOTAN_AEAD_CHACHA20_POLY1305_H__ 00010 00011 #include <botan/aead.h> 00012 #include <botan/stream_cipher.h> 00013 #include <botan/mac.h> 00014 00015 namespace Botan { 00016 00017 /** 00018 * Base class 00019 * See draft-irtf-cfrg-chacha20-poly1305-03 for specification 00020 * If a nonce of 64 bits is used the older version described in 00021 * draft-agl-tls-chacha20poly1305-04 is used instead. 00022 */ 00023 class BOTAN_DLL ChaCha20Poly1305_Mode : public AEAD_Mode 00024 { 00025 public: 00026 void set_associated_data(const byte ad[], size_t ad_len) override; 00027 00028 std::string name() const override { return "ChaCha20Poly1305"; } 00029 00030 size_t update_granularity() const override { return 64; } 00031 00032 Key_Length_Specification key_spec() const override 00033 { return Key_Length_Specification(32); } 00034 00035 bool valid_nonce_length(size_t n) const override; 00036 00037 size_t tag_size() const override { return 16; } 00038 00039 void clear() override; 00040 protected: 00041 std::unique_ptr<StreamCipher> m_chacha; 00042 std::unique_ptr<MessageAuthenticationCode> m_poly1305; 00043 00044 secure_vector<byte> m_ad; 00045 size_t m_nonce_len = 0; 00046 size_t m_ctext_len = 0; 00047 00048 bool cfrg_version() const { return m_nonce_len == 12; } 00049 void update_len(size_t len); 00050 private: 00051 secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; 00052 00053 void key_schedule(const byte key[], size_t length) override; 00054 }; 00055 00056 /** 00057 * ChaCha20Poly1305 Encryption 00058 */ 00059 class BOTAN_DLL ChaCha20Poly1305_Encryption : public ChaCha20Poly1305_Mode 00060 { 00061 public: 00062 size_t output_length(size_t input_length) const override 00063 { return input_length + tag_size(); } 00064 00065 size_t minimum_final_size() const override { return 0; } 00066 00067 void update(secure_vector<byte>& blocks, size_t offset = 0) override; 00068 00069 void finish(secure_vector<byte>& final_block, size_t offset = 0) override; 00070 }; 00071 00072 /** 00073 * ChaCha20Poly1305 Decryption 00074 */ 00075 class BOTAN_DLL ChaCha20Poly1305_Decryption : public ChaCha20Poly1305_Mode 00076 { 00077 public: 00078 size_t output_length(size_t input_length) const override 00079 { 00080 BOTAN_ASSERT(input_length > tag_size(), "Sufficient input"); 00081 return input_length - tag_size(); 00082 } 00083 00084 size_t minimum_final_size() const override { return tag_size(); } 00085 00086 void update(secure_vector<byte>& blocks, size_t offset = 0) override; 00087 00088 void finish(secure_vector<byte>& final_block, size_t offset = 0) override; 00089 }; 00090 00091 } 00092 00093 #endif