Security Scol plugin
|
Classes for Poly1305 message authentication code. More...
#include "cryptlib.h"
#include "seckey.h"
#include "secblock.h"
#include "argnames.h"
#include "algparam.h"
Go to the source code of this file.
Classes | |
class | Poly1305_Base< T > |
Poly1305 message authentication code base class. More... | |
class | Poly1305< T > |
Poly1305 message authentication code. More... | |
class | Poly1305TLS_Base |
Poly1305-TLS message authentication code base class. More... | |
Functions | |
DOCUMENTED_TYPEDEF (MessageAuthenticationCodeFinal< Poly1305TLS_Base >, Poly1305TLS) | |
Poly1305-TLS message authentication code. | |
Classes for Poly1305 message authentication code.
Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.
Crypto++ also supplies the IETF's version of Poly1305. It is a slightly different algorithm than Bernstein's version.
Definition in file poly1305.h.
DOCUMENTED_TYPEDEF | ( | MessageAuthenticationCodeFinal< Poly1305TLS_Base > | , |
Poly1305TLS | |||
) |
Poly1305-TLS message authentication code.
This is the IETF's variant of Bernstein's Poly1305 from RFC 8439. IETF Poly1305 is called Poly1305TLS in the Crypto++ library. It is slightly different from the Bernstein implementation. Poly1305-TLS can be used for cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
.
The key is 32 bytes and a concatenation key = {r,s}
, where r
is additional key that gets clamped and s
is the nonce. The key is clamped internally so there is no need to perform the operation before setting the key.
Each message must have a unique security context, which means the key must be changed after each message. It can be accomplished in one of two ways. First, you can create a new Poly1305 object with a new key each time its needed.
SecByteBlock key(32); prng.GenerateBlock(key, key.size()); Poly1305TLS poly1305(key, key.size()); poly1305.Update(...); poly1305.Final(...);
Second, you can create a Poly1305 object, and use a new key for each message. The keys can be generated directly using a RandomNumberGenerator() derived class.
SecByteBlock key(32); prng.GenerateBlock(key, key.size()); // First message Poly1305TLS poly1305(key, key.size()); poly1305.Update(...); poly1305.Final(...); // Second message prng.GenerateBlock(key, key.size()); poly1305.SetKey(key, key.size()); poly1305.Update(...); poly1305.Final(...); ...