9#include <botan/chacha20poly1305.h>
10#include <botan/loadstor.h>
24 return (n == 8 || n == 12 || n == 24);
41void ChaCha20Poly1305_Mode::key_schedule(
const uint8_t key[],
size_t length)
49 throw Invalid_State(
"Cannot set AD for ChaCha20Poly1305 while processing a message");
50 m_ad.assign(ad, ad + length);
55 uint8_t len8[8] = { 0 };
56 store_le(
static_cast<uint64_t
>(len), len8);
60void ChaCha20Poly1305_Mode::start_msg(
const uint8_t nonce[],
size_t nonce_len)
70 uint8_t first_block[64];
71 m_chacha->write_keystream(first_block,
sizeof(first_block));
83 const uint8_t zeros[16] = { 0 };
108 const uint8_t zeros[16] = { 0 };
115 buffer.resize(buffer.size() +
tag_size());
131 BOTAN_ASSERT(buffer.size() >= offset,
"Offset is sane");
132 const size_t sz = buffer.size() - offset;
133 uint8_t* buf = buffer.data() + offset;
137 const size_t remaining = sz -
tag_size();
150 const uint8_t zeros[16] = { 0 };
161 const uint8_t* included_tag = &buf[remaining];
168 buffer.resize(offset + remaining);
#define BOTAN_ASSERT(expr, assertion_made)
size_t process(uint8_t buf[], size_t size) override
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
size_t process(uint8_t buf[], size_t size) override
bool valid_nonce_length(size_t n) const override
secure_vector< uint8_t > m_ad
std::string name() const override
void set_associated_data(const uint8_t ad[], size_t ad_len) override
std::unique_ptr< StreamCipher > m_chacha
bool cfrg_version() const
size_t tag_size() const override
void update_len(size_t len)
std::unique_ptr< MessageAuthenticationCode > m_poly1305
int(* update)(CTX *, const void *, CC_LONG len)
void secure_scrub_memory(void *ptr, size_t n)
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
void store_le(uint16_t in, uint8_t out[2])
std::vector< T, secure_allocator< T > > secure_vector