Security Scol plugin
|
Poly1305 message authentication code. More...
#include <poly1305.h>
Public Member Functions | |
CRYPTOPP_CONSTANT (DEFAULT_KEYLENGTH=Poly1305_Base< T >::DEFAULT_KEYLENGTH) | |
Poly1305 () | |
Construct a Poly1305. | |
Poly1305 (const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0) | |
Construct a Poly1305. | |
Public Member Functions inherited from ClonableImpl< DERIVED, BASE > | |
Clonable * | Clone () const |
Create a copy of this object. | |
Poly1305 message authentication code.
T | class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize |
Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
The key is 32 bytes and a concatenation key = {k,s}
, where k
is the AES key and r
is additional key that gets clamped. The key is clamped internally so there is no need to perform the operation before setting the key.
Each message must have a unique security context, which means either the key or nonce must be changed after each message. It can be accomplished in one of two ways. First, you can create a new Poly1305 object each time its needed.
SecByteBlock key(32), nonce(16); prng.GenerateBlock(key, key.size()); prng.GenerateBlock(nonce, nonce.size()); Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size()); poly1305.Update(...); poly1305.Final(...);
Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce for each message. The second and subsequent nonces can be generated using GetNextIV().
SecByteBlock key(32), nonce(16); prng.GenerateBlock(key, key.size()); prng.GenerateBlock(nonce, nonce.size()); // First message Poly1305<AES> poly1305(key, key.size()); poly1305.Resynchronize(nonce); poly1305.Update(...); poly1305.Final(...); // Second message poly1305.GetNextIV(prng, nonce); poly1305.Resynchronize(nonce); poly1305.Update(...); poly1305.Final(...); ...
Definition at line 136 of file poly1305.h.
|
inline |
Construct a Poly1305.
Definition at line 142 of file poly1305.h.
|
inline |
Construct a Poly1305.
key | a byte array used to key the cipher |
keyLength | the size of the byte array, in bytes |
nonce | a byte array used to key the cipher |
nonceLength | the size of the byte array, in bytes |
The key is 32 bytes and a concatenation key = {k,s}
, where k
is the AES key and r
is additional key that gets clamped. The key is clamped internally so there is no need to perform the operation before setting the key.
Each message requires a unique security context. You can use GetNextIV() and Resynchronize() to set a new nonce under a key for a message.
Definition at line 155 of file poly1305.h.