Security Scol plugin
poly1305.h
Go to the documentation of this file.
1// poly1305.h - written and placed in the public domain by Jeffrey Walton and Jean-Pierre Munch
2// Based on Andy Polyakov's Base-2^26 scalar multiplication implementation.
3// For more information, see https://www.openssl.org/~appro/cryptogams/.
4
5// The library added Bernstein's Poly1305 classes at Crypto++ 6.0. The IETF
6// uses a slightly different implementation than Bernstein, and the IETF
7// classes were added at Crypto++ 8.1. We wanted to maintain ABI compatibility
8// at the 8.1 release so the original Poly1305 classes were not disturbed.
9// Instead new classes were added for IETF Poly1305. The back-end implementation
10// shares code as expected, however.
11
24
25#ifndef CRYPTOPP_POLY1305_H
26#define CRYPTOPP_POLY1305_H
27
28#include "cryptlib.h"
29#include "seckey.h"
30#include "secblock.h"
31#include "argnames.h"
32#include "algparam.h"
33
34NAMESPACE_BEGIN(CryptoPP)
35
36
37
38
42template <class T>
43class CRYPTOPP_NO_VTABLE Poly1305_Base : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 16>, public MessageAuthenticationCode
44{
45 CRYPTOPP_COMPILE_ASSERT(T::DEFAULT_KEYLENGTH == 16);
46 CRYPTOPP_COMPILE_ASSERT(T::BLOCKSIZE == 16);
47
48public:
49 static std::string StaticAlgorithmName() {return std::string("Poly1305(") + T::StaticAlgorithmName() + ")";}
50
51 CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE);
52 CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE);
53
54 virtual ~Poly1305_Base() {}
55 Poly1305_Base() : m_idx(0), m_used(true) {}
56
57 void Resynchronize (const byte *iv, int ivLength=-1);
58 void GetNextIV (RandomNumberGenerator &rng, byte *iv);
59
60 void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
61 void Update(const byte *input, size_t length);
62 void TruncatedFinal(byte *mac, size_t size);
63 void Restart();
64
65 unsigned int BlockSize() const {return BLOCKSIZE;}
66 unsigned int DigestSize() const {return DIGESTSIZE;}
67
68 std::string AlgorithmProvider() const;
69
70protected:
71 // TODO: No longer needed. Remove at next major version bump
72 void HashBlocks(const byte *input, size_t length, word32 padbit);
73 void HashFinal(byte *mac, size_t length);
74
75 typename T::Encryption m_cipher;
76
77 // Accumulated hash, clamped r-key, and encrypted nonce
81
82 // Accumulated message bytes and index
84 size_t m_idx;
85
86 // Track nonce reuse; assert in debug but continue
87 bool m_used;
88};
89
135template <class T>
136class Poly1305 : public MessageAuthenticationCodeFinal<Poly1305_Base<T> >
137{
138public:
139 CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=Poly1305_Base<T>::DEFAULT_KEYLENGTH);
140
143
155 Poly1305(const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0)
156 {this->SetKey(key, keyLength, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));}
157};
158
160
165{
166public:
167 static std::string StaticAlgorithmName() {return std::string("Poly1305TLS");}
168 CRYPTOPP_CONSTANT(DIGESTSIZE=16);
169 CRYPTOPP_CONSTANT(BLOCKSIZE=16);
170
171 virtual ~Poly1305TLS_Base() {}
173
174 void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params);
175 void Update(const byte *input, size_t length);
176 void TruncatedFinal(byte *mac, size_t size);
177 void Restart();
178
179 unsigned int BlockSize() const {return BLOCKSIZE;}
180 unsigned int DigestSize() const {return DIGESTSIZE;}
181
182protected:
183 // Accumulated hash, clamped r-key, and encrypted nonce
187
188 // Accumulated message bytes and index
190 size_t m_idx;
191};
192
238
239NAMESPACE_END
240
241#endif // CRYPTOPP_POLY1305_H
Classes for working with NameValuePairs.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition algparam.h:508
Standard names for retrieving values by name when working with NameValuePairs.
virtual std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition cryptlib.h:636
Used to pass byte array input as part of a NameValuePairs object.
Definition algparam.h:25
Inherited by keyed algorithms with fixed key length.
Definition seckey.h:125
Fixed size stack-based SecBlock with 16-byte alignment.
Definition secblock.h:1259
virtual void TruncatedFinal(byte *digest, size_t digestSize)=0
Computes the hash of the current message.
virtual void Restart()
Restart the hash.
Definition cryptlib.h:1147
virtual void Update(const byte *input, size_t length)=0
Updates a hash with additional input.
Provides class member functions to key a message authentication code.
Definition seckey.h:371
Interface for message authentication codes.
Definition cryptlib.h:1299
Interface for retrieving values given their names.
Definition cryptlib.h:322
Poly1305 message authentication code base class.
Definition poly1305.h:44
unsigned int DigestSize() const
Definition poly1305.h:66
unsigned int BlockSize() const
Provides the block size of the compression function.
Definition poly1305.h:65
Poly1305 message authentication code.
Definition poly1305.h:137
Poly1305(const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0)
Construct a Poly1305.
Definition poly1305.h:155
Poly1305()
Construct a Poly1305.
Definition poly1305.h:142
Poly1305-TLS message authentication code base class.
Definition poly1305.h:165
unsigned int BlockSize() const
Provides the block size of the compression function.
Definition poly1305.h:179
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
Definition poly1305.cpp:315
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
Definition poly1305.cpp:374
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition poly1305.cpp:335
unsigned int DigestSize() const
Definition poly1305.h:180
void Restart()
Restart the hash.
Definition poly1305.cpp:394
Interface for random number generators.
Definition cryptlib.h:1435
virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)=0
Sets the key for this object without performing parameter validation.
virtual void GetNextIV(RandomNumberGenerator &rng, byte *iv)
Retrieves a secure IV for the next message.
Definition cryptlib.cpp:136
virtual void Resynchronize(const byte *iv, int ivLength=-1)
Resynchronize with an IV.
Definition cryptlib.h:783
unsigned int word32
32-bit unsigned datatype
Definition config_int.h:62
Abstract base classes that provide a uniform interface to this library.
Classes and functions for secure memory allocations.
Classes and functions for implementing secret key algorithms.