Botan 2.19.3
Crypto and TLS for C&
sodium_secretbox.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8#include <botan/secmem.h>
9#include <botan/stream_cipher.h>
10#include <botan/mac.h>
11
12namespace Botan {
13
15 const uint8_t ptext[],
16 size_t ptext_len,
17 const uint8_t nonce[],
18 const uint8_t key[])
19 {
20 if(ptext_len < 32)
21 return -1;
22
23 auto salsa = StreamCipher::create_or_throw("Salsa20");
24 salsa->set_key(key, crypto_secretbox_KEYBYTES);
25 salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
26
27 secure_vector<uint8_t> auth_key(32);
28 salsa->write_keystream(auth_key.data(), auth_key.size());
29
30 salsa->cipher(ptext + 32, ctext + 32, ptext_len - 32);
31
32 auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
33 poly1305->set_key(auth_key);
34 poly1305->update(ctext + 32, ptext_len - 32);
35 poly1305->final(ctext + 16);
36
37 clear_mem(ctext, 16);
38 return 0;
39 }
40
42 const uint8_t ctext[],
43 size_t ctext_len,
44 const uint8_t nonce[],
45 const uint8_t key[])
46 {
48 {
49 return -1;
50 }
51
52 auto salsa = StreamCipher::create_or_throw("Salsa20");
53 salsa->set_key(key, crypto_secretbox_KEYBYTES);
54 salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
55
56 secure_vector<uint8_t> auth_key(32);
57 salsa->write_keystream(auth_key.data(), auth_key.size());
58
59 auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
60 poly1305->set_key(auth_key);
61 poly1305->update(ctext + 32, ctext_len - 32);
62 secure_vector<uint8_t> computed = poly1305->final();
63
64 if(!constant_time_compare(computed.data(), ctext + 16, 16))
65 return -1;
66
67 salsa->cipher(ctext + 32, ptext + 32, ctext_len - 32);
68
69 clear_mem(ptext, 32);
70 return 0;
71 }
72
73int Sodium::crypto_secretbox_detached(uint8_t ctext[], uint8_t mac[],
74 const uint8_t ptext[],
75 size_t ptext_len,
76 const uint8_t nonce[],
77 const uint8_t key[])
78 {
79 auto salsa = StreamCipher::create_or_throw("Salsa20");
80 salsa->set_key(key, crypto_secretbox_KEYBYTES);
81 salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
82
83 secure_vector<uint8_t> auth_key(32);
84 salsa->write_keystream(auth_key.data(), auth_key.size());
85
86 salsa->cipher(ptext, ctext, ptext_len);
87
88 auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
89 poly1305->set_key(auth_key);
90 poly1305->update(ctext, ptext_len);
91 poly1305->final(mac);
92
93 return 0;
94 }
95
97 const uint8_t ctext[],
98 const uint8_t mac[],
99 size_t ctext_len,
100 const uint8_t nonce[],
101 const uint8_t key[])
102 {
103 auto salsa = StreamCipher::create_or_throw("Salsa20");
104 salsa->set_key(key, crypto_secretbox_KEYBYTES);
105 salsa->set_iv(nonce, crypto_secretbox_NONCEBYTES);
106
107 secure_vector<uint8_t> auth_key(32);
108 salsa->write_keystream(auth_key.data(), auth_key.size());
109
110 auto poly1305 = MessageAuthenticationCode::create_or_throw("Poly1305");
111 poly1305->set_key(auth_key);
112 poly1305->update(ctext, ctext_len);
113 secure_vector<uint8_t> computed_mac = poly1305->final();
114
115 if(!constant_time_compare(mac, computed_mac.data(), computed_mac.size()))
116 return -1;
117
118 salsa->cipher(ctext, ptext, ctext_len);
119
120 return 0;
121 }
122
123}
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition mac.cpp:139
static std::unique_ptr< StreamCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
@ crypto_secretbox_KEYBYTES
Definition sodium.h:104
@ crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
Definition sodium.h:60
@ crypto_secretbox_NONCEBYTES
Definition sodium.h:107
int crypto_secretbox_xsalsa20poly1305_open(uint8_t ptext[], const uint8_t ctext[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_secretbox_open_detached(uint8_t ptext[], const uint8_t ctext[], const uint8_t mac[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_secretbox_xsalsa20poly1305(uint8_t ctext[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
int crypto_secretbox_detached(uint8_t ctext[], uint8_t mac[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition mem_ops.h:82
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:115