doc/dev/chacha20poly1305_8h_source.html

// Copyright (c) 2023 The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#ifndef BITCOIN_CRYPTO_CHACHA20POLY1305_H

#define BITCOIN_CRYPTO_CHACHA20POLY1305_H


#include <crypto/chacha20.h>

#include <crypto/poly1305.h>

#include <span.h>


#include <cstddef>

#include <cstdint>

#include <cstdlib>


class AEADChaCha20Poly1305 {

    ChaCha20 m_chacha20;


public:

    static constexpr unsigned KEYLEN = 32;


    static constexpr unsigned EXPANSION = Poly1305::TAGLEN;


    AEADChaCha20Poly1305(Span<const std::byte> key) noexcept;


    void SetKey(Span<const std::byte> key) noexcept;


    using Nonce96 = ChaCha20::Nonce96;


    void Encrypt(Span<const std::byte> plain, Span<const std::byte> aad,

                 Nonce96 nonce, Span<std::byte> cipher) noexcept {

        Encrypt(plain, {}, aad, nonce, cipher);

    }


    void Encrypt(Span<const std::byte> plain1, Span<const std::byte> plain2,

                 Span<const std::byte> aad, Nonce96 nonce,

                 Span<std::byte> cipher) noexcept;


    bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad,

                 Nonce96 nonce, Span<std::byte> plain) noexcept {

        return Decrypt(cipher, aad, nonce, plain, {});

    }


    bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad,

                 Nonce96 nonce, Span<std::byte> plain1,

                 Span<std::byte> plain2) noexcept;


    void Keystream(Nonce96 nonce, Span<std::byte> keystream) noexcept;

};


class FSChaCha20Poly1305 {

private:

    AEADChaCha20Poly1305 m_aead;


    const uint32_t m_rekey_interval;


    uint32_t m_packet_counter{0};


    uint64_t m_rekey_counter{0};


    void NextPacket() noexcept;


public:

    static constexpr auto KEYLEN = AEADChaCha20Poly1305::KEYLEN;


    static constexpr auto EXPANSION = AEADChaCha20Poly1305::EXPANSION;


    // No copy or move to protect the secret.

    FSChaCha20Poly1305(const FSChaCha20Poly1305 &) = delete;

    FSChaCha20Poly1305(FSChaCha20Poly1305 &&) = delete;

    FSChaCha20Poly1305 &operator=(const FSChaCha20Poly1305 &) = delete;

    FSChaCha20Poly1305 &operator=(FSChaCha20Poly1305 &&) = delete;


    FSChaCha20Poly1305(Span<const std::byte> key,

                       uint32_t rekey_interval) noexcept

        : m_aead(key), m_rekey_interval(rekey_interval) {}


    void Encrypt(Span<const std::byte> plain, Span<const std::byte> aad,

                 Span<std::byte> cipher) noexcept {

        Encrypt(plain, {}, aad, cipher);

    }


    void Encrypt(Span<const std::byte> plain1, Span<const std::byte> plain2,

                 Span<const std::byte> aad, Span<std::byte> cipher) noexcept;


    bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad,

                 Span<std::byte> plain) noexcept {

        return Decrypt(cipher, aad, plain, {});

    }


    bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad,

                 Span<std::byte> plain1, Span<std::byte> plain2) noexcept;

};


#endif // BITCOIN_CRYPTO_CHACHA20POLY1305_H

chacha20.h

AEADChaCha20Poly1305
The AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439 section 2....
Definition: chacha20poly1305.h:20

AEADChaCha20Poly1305::AEADChaCha20Poly1305
AEADChaCha20Poly1305(Span< const std::byte > key) noexcept
Initialize an AEAD instance with a specified 32-byte key.
Definition: chacha20poly1305.cpp:18

AEADChaCha20Poly1305::Nonce96
ChaCha20::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20poly1305.h:38

AEADChaCha20Poly1305::Encrypt
void Encrypt(Span< const std::byte > plain, Span< const std::byte > aad, Nonce96 nonce, Span< std::byte > cipher) noexcept
Encrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:45

AEADChaCha20Poly1305::EXPANSION
static constexpr unsigned EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:29

AEADChaCha20Poly1305::SetKey
void SetKey(Span< const std::byte > key) noexcept
Switch to another 32-byte key.
Definition: chacha20poly1305.cpp:23

AEADChaCha20Poly1305::KEYLEN
static constexpr unsigned KEYLEN
Expected size of key argument in constructor.
Definition: chacha20poly1305.h:26

AEADChaCha20Poly1305::Decrypt
bool Decrypt(Span< const std::byte > cipher, Span< const std::byte > aad, Nonce96 nonce, Span< std::byte > plain) noexcept
Decrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:66

AEADChaCha20Poly1305::Keystream
void Keystream(Nonce96 nonce, Span< std::byte > keystream) noexcept
Get a number of keystream bytes from the underlying stream cipher.
Definition: chacha20poly1305.cpp:117

AEADChaCha20Poly1305::m_chacha20
ChaCha20 m_chacha20
Internal stream cipher.
Definition: chacha20poly1305.h:22

ChaCha20
Unrestricted ChaCha20 cipher.
Definition: chacha20.h:89

ChaCha20::Nonce96
ChaCha20Aligned::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20.h:112

FSChaCha20Poly1305
Forward-secure wrapper around AEADChaCha20Poly1305.
Definition: chacha20poly1305.h:99

FSChaCha20Poly1305::NextPacket
void NextPacket() noexcept
Update counters (and if necessary, key) to transition to the next message.
Definition: chacha20poly1305.cpp:125

FSChaCha20Poly1305::m_rekey_interval
const uint32_t m_rekey_interval
Every how many iterations this cipher rekeys.
Definition: chacha20poly1305.h:105

FSChaCha20Poly1305::Decrypt
bool Decrypt(Span< const std::byte > cipher, Span< const std::byte > aad, Span< std::byte > plain) noexcept
Decrypt a message with a specified aad.
Definition: chacha20poly1305.h:164

FSChaCha20Poly1305::m_packet_counter
uint32_t m_packet_counter
The number of encryptions/decryptions since the last rekey.
Definition: chacha20poly1305.h:108

FSChaCha20Poly1305::m_aead
AEADChaCha20Poly1305 m_aead
Internal AEAD.
Definition: chacha20poly1305.h:102

FSChaCha20Poly1305::KEYLEN
static constexpr auto KEYLEN
Length of keys expected by the constructor.
Definition: chacha20poly1305.h:121

FSChaCha20Poly1305::m_rekey_counter
uint64_t m_rekey_counter
The number of rekeys performed so far.
Definition: chacha20poly1305.h:111

FSChaCha20Poly1305::EXPANSION
static constexpr auto EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:124

FSChaCha20Poly1305::Encrypt
void Encrypt(Span< const std::byte > plain, Span< const std::byte > aad, Span< std::byte > cipher) noexcept
Encrypt a message with a specified aad.
Definition: chacha20poly1305.h:145

Poly1305::TAGLEN
static constexpr unsigned TAGLEN
Length of the output produced by Finalize().
Definition: poly1305.h:43

Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:94

std
Implement std::hash so RCUPtr can be used as a key for maps or sets.
Definition: rcu.h:259

poly1305.h

span.h