doc/html/chacha20poly1305_8h_source.html

 // Copyright (c) 2023 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #ifndef BITCOIN_CRYPTO_CHACHA20POLY1305_H
 #define BITCOIN_CRYPTO_CHACHA20POLY1305_H

 #include <cstddef>
 #include <stdint.h>

 #include <crypto/chacha20.h>
 #include <crypto/poly1305.h>
 #include <span.h>

 class AEADChaCha20Poly1305
 {
     ChaCha20 m_chacha20;

 public:
     static constexpr unsigned KEYLEN = 32;

     static constexpr unsigned EXPANSION = Poly1305::TAGLEN;

     AEADChaCha20Poly1305(Span<const std::byte> key) noexcept;

     void SetKey(Span<const std::byte> key) noexcept;

     using Nonce96 = ChaCha20::Nonce96;

     void Encrypt(Span<const std::byte> plain, Span<const std::byte> aad, Nonce96 nonce, Span<std::byte> cipher) noexcept
     {
         Encrypt(plain, {}, aad, nonce, cipher);
     }

     void Encrypt(Span<const std::byte> plain1, Span<const std::byte> plain2, Span<const std::byte> aad, Nonce96 nonce, Span<std::byte> cipher) noexcept;

     bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad, Nonce96 nonce, Span<std::byte> plain) noexcept
     {
         return Decrypt(cipher, aad, nonce, plain, {});
     }

     bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad, Nonce96 nonce, Span<std::byte> plain1, Span<std::byte> plain2) noexcept;

     void Keystream(Nonce96 nonce, Span<std::byte> keystream) noexcept;
 };

 class FSChaCha20Poly1305
 {
 private:
     AEADChaCha20Poly1305 m_aead;

     const uint32_t m_rekey_interval;

     uint32_t m_packet_counter{0};

     uint64_t m_rekey_counter{0};

     void NextPacket() noexcept;

 public:
     static constexpr auto KEYLEN = AEADChaCha20Poly1305::KEYLEN;

     static constexpr auto EXPANSION = AEADChaCha20Poly1305::EXPANSION;

     // No copy or move to protect the secret.
     FSChaCha20Poly1305(const FSChaCha20Poly1305&) = delete;
     FSChaCha20Poly1305(FSChaCha20Poly1305&&) = delete;
     FSChaCha20Poly1305& operator=(const FSChaCha20Poly1305&) = delete;
     FSChaCha20Poly1305& operator=(FSChaCha20Poly1305&&) = delete;

     FSChaCha20Poly1305(Span<const std::byte> key, uint32_t rekey_interval) noexcept :
         m_aead(key), m_rekey_interval(rekey_interval) {}

     void Encrypt(Span<const std::byte> plain, Span<const std::byte> aad, Span<std::byte> cipher) noexcept
     {
         Encrypt(plain, {}, aad, cipher);
     }

     void Encrypt(Span<const std::byte> plain1, Span<const std::byte> plain2, Span<const std::byte> aad, Span<std::byte> cipher) noexcept;

     bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad, Span<std::byte> plain) noexcept
     {
         return Decrypt(cipher, aad, plain, {});
     }

     bool Decrypt(Span<const std::byte> cipher, Span<const std::byte> aad, Span<std::byte> plain1, Span<std::byte> plain2) noexcept;
 };

 #endif // BITCOIN_CRYPTO_CHACHA20POLY1305_H
AEADChaCha20Poly1305
The AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439 section 2...
Definition: chacha20poly1305.h:16

FSChaCha20Poly1305::m_rekey_counter
uint64_t m_rekey_counter
The number of rekeys performed so far.
Definition: chacha20poly1305.h:95

nonce
unsigned int nonce
Definition: miner_tests.cpp:72

span.h

FSChaCha20Poly1305::Encrypt
void Encrypt(Span< const std::byte > plain, Span< const std::byte > aad, Span< std::byte > cipher) noexcept
Encrypt a message with a specified aad.
Definition: chacha20poly1305.h:121

FSChaCha20Poly1305
Forward-secure wrapper around AEADChaCha20Poly1305.
Definition: chacha20poly1305.h:82

FSChaCha20Poly1305::m_packet_counter
uint32_t m_packet_counter
The number of encryptions/decryptions since the last rekey.
Definition: chacha20poly1305.h:92

AEADChaCha20Poly1305::AEADChaCha20Poly1305
AEADChaCha20Poly1305(Span< const std::byte > key) noexcept
Initialize an AEAD instance with a specified 32-byte key.
Definition: chacha20poly1305.cpp:16

chacha20.h

std
Definition: setup_common.h:36

ChaCha20::Nonce96
ChaCha20Aligned::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20.h:101

AEADChaCha20Poly1305::Decrypt
bool Decrypt(Span< const std::byte > cipher, Span< const std::byte > aad, Nonce96 nonce, Span< std::byte > plain) noexcept
Decrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:56

AEADChaCha20Poly1305::Encrypt
void Encrypt(Span< const std::byte > plain, Span< const std::byte > aad, Nonce96 nonce, Span< std::byte > cipher) noexcept
Encrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:41

FSChaCha20Poly1305::m_aead
AEADChaCha20Poly1305 m_aead
Internal AEAD.
Definition: chacha20poly1305.h:86

FSChaCha20Poly1305::m_rekey_interval
const uint32_t m_rekey_interval
Every how many iterations this cipher rekeys.
Definition: chacha20poly1305.h:89

AEADChaCha20Poly1305::EXPANSION
static constexpr unsigned EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:26

AEADChaCha20Poly1305::KEYLEN
static constexpr unsigned KEYLEN
Expected size of key argument in constructor.
Definition: chacha20poly1305.h:23

ChaCha20
Unrestricted ChaCha20 cipher.
Definition: chacha20.h:77

FSChaCha20Poly1305::NextPacket
void NextPacket() noexcept
Update counters (and if necessary, key) to transition to the next message.
Definition: chacha20poly1305.cpp:111

AEADChaCha20Poly1305::SetKey
void SetKey(Span< const std::byte > key) noexcept
Switch to another 32-byte key.
Definition: chacha20poly1305.cpp:21

AEADChaCha20Poly1305::m_chacha20
ChaCha20 m_chacha20
Internal stream cipher.
Definition: chacha20poly1305.h:19

AEADChaCha20Poly1305::Keystream
void Keystream(Nonce96 nonce, Span< std::byte > keystream) noexcept
Get a number of keystream bytes from the underlying stream cipher.
Definition: chacha20poly1305.cpp:104

AEADChaCha20Poly1305::Nonce96
ChaCha20::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20poly1305.h:35

FSChaCha20Poly1305::EXPANSION
static constexpr auto EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:105

FSChaCha20Poly1305::KEYLEN
static constexpr auto KEYLEN
Length of keys expected by the constructor.
Definition: chacha20poly1305.h:102

Poly1305::TAGLEN
static constexpr unsigned TAGLEN
Length of the output produced by Finalize().
Definition: poly1305.h:43

poly1305.h

Span< const std::byte >

FSChaCha20Poly1305::Decrypt
bool Decrypt(Span< const std::byte > cipher, Span< const std::byte > aad, Span< std::byte > plain) noexcept
Decrypt a message with a specified aad.
Definition: chacha20poly1305.h:136