doc/html/chacha20poly1305_8h_source.html

 // Copyright (c) 2023-present The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #ifndef BITCOIN_CRYPTO_CHACHA20POLY1305_H
 #define BITCOIN_CRYPTO_CHACHA20POLY1305_H

 #include <cstddef>
 #include <cstdint>
 #include <span>

 #include <crypto/chacha20.h>
 #include <crypto/poly1305.h>

 class AEADChaCha20Poly1305
 {
     ChaCha20 m_chacha20;

 public:
     static constexpr unsigned KEYLEN = 32;

     static constexpr unsigned EXPANSION = Poly1305::TAGLEN;

     AEADChaCha20Poly1305(std::span<const std::byte> key) noexcept;

     void SetKey(std::span<const std::byte> key) noexcept;

     using Nonce96 = ChaCha20::Nonce96;

     void Encrypt(std::span<const std::byte> plain, std::span<const std::byte> aad, Nonce96 nonce, std::span<std::byte> cipher) noexcept
     {
         Encrypt(plain, {}, aad, nonce, cipher);
     }

     void Encrypt(std::span<const std::byte> plain1, std::span<const std::byte> plain2, std::span<const std::byte> aad, Nonce96 nonce, std::span<std::byte> cipher) noexcept;

     bool Decrypt(std::span<const std::byte> cipher, std::span<const std::byte> aad, Nonce96 nonce, std::span<std::byte> plain) noexcept
     {
         return Decrypt(cipher, aad, nonce, plain, {});
     }

     bool Decrypt(std::span<const std::byte> cipher, std::span<const std::byte> aad, Nonce96 nonce, std::span<std::byte> plain1, std::span<std::byte> plain2) noexcept;

     void Keystream(Nonce96 nonce, std::span<std::byte> keystream) noexcept;
 };

 class FSChaCha20Poly1305
 {
 private:
     AEADChaCha20Poly1305 m_aead;

     const uint32_t m_rekey_interval;

     uint32_t m_packet_counter{0};

     uint64_t m_rekey_counter{0};

     void NextPacket() noexcept;

 public:
     static constexpr auto KEYLEN = AEADChaCha20Poly1305::KEYLEN;

     static constexpr auto EXPANSION = AEADChaCha20Poly1305::EXPANSION;

     // No copy or move to protect the secret.
     FSChaCha20Poly1305(const FSChaCha20Poly1305&) = delete;
     FSChaCha20Poly1305(FSChaCha20Poly1305&&) = delete;
     FSChaCha20Poly1305& operator=(const FSChaCha20Poly1305&) = delete;
     FSChaCha20Poly1305& operator=(FSChaCha20Poly1305&&) = delete;

     FSChaCha20Poly1305(std::span<const std::byte> key, uint32_t rekey_interval) noexcept :
         m_aead(key), m_rekey_interval(rekey_interval) {}

     void Encrypt(std::span<const std::byte> plain, std::span<const std::byte> aad, std::span<std::byte> cipher) noexcept
     {
         Encrypt(plain, {}, aad, cipher);
     }

     void Encrypt(std::span<const std::byte> plain1, std::span<const std::byte> plain2, std::span<const std::byte> aad, std::span<std::byte> cipher) noexcept;

     bool Decrypt(std::span<const std::byte> cipher, std::span<const std::byte> aad, std::span<std::byte> plain) noexcept
     {
         return Decrypt(cipher, aad, plain, {});
     }

     bool Decrypt(std::span<const std::byte> cipher, std::span<const std::byte> aad, std::span<std::byte> plain1, std::span<std::byte> plain2) noexcept;
 };

 #endif // BITCOIN_CRYPTO_CHACHA20POLY1305_H
AEADChaCha20Poly1305
The AEAD_CHACHA20_POLY1305 authenticated encryption algorithm from RFC8439 section 2...
Definition: chacha20poly1305.h:16

FSChaCha20Poly1305::m_rekey_counter
uint64_t m_rekey_counter
The number of rekeys performed so far.
Definition: chacha20poly1305.h:95

nonce
unsigned int nonce
Definition: miner_tests.cpp:82

AEADChaCha20Poly1305::Keystream
void Keystream(Nonce96 nonce, std::span< std::byte > keystream) noexcept
Get a number of keystream bytes from the underlying stream cipher.
Definition: chacha20poly1305.cpp:99

FSChaCha20Poly1305::Encrypt
void Encrypt(std::span< const std::byte > plain, std::span< const std::byte > aad, std::span< std::byte > cipher) noexcept
Encrypt a message with a specified aad.
Definition: chacha20poly1305.h:121

FSChaCha20Poly1305
Forward-secure wrapper around AEADChaCha20Poly1305.
Definition: chacha20poly1305.h:82

FSChaCha20Poly1305::m_packet_counter
uint32_t m_packet_counter
The number of encryptions/decryptions since the last rekey.
Definition: chacha20poly1305.h:92

chacha20.h

std
Definition: common.h:29

AEADChaCha20Poly1305::AEADChaCha20Poly1305
AEADChaCha20Poly1305(std::span< const std::byte > key) noexcept
Initialize an AEAD instance with a specified 32-byte key.
Definition: chacha20poly1305.cpp:16

ChaCha20::Nonce96
ChaCha20Aligned::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20.h:99

FSChaCha20Poly1305::m_aead
AEADChaCha20Poly1305 m_aead
Internal AEAD.
Definition: chacha20poly1305.h:86

AEADChaCha20Poly1305::SetKey
void SetKey(std::span< const std::byte > key) noexcept
Switch to another 32-byte key.
Definition: chacha20poly1305.cpp:21

FSChaCha20Poly1305::m_rekey_interval
const uint32_t m_rekey_interval
Every how many iterations this cipher rekeys.
Definition: chacha20poly1305.h:89

AEADChaCha20Poly1305::EXPANSION
static constexpr unsigned EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:26

AEADChaCha20Poly1305::KEYLEN
static constexpr unsigned KEYLEN
Expected size of key argument in constructor.
Definition: chacha20poly1305.h:23

ChaCha20
Unrestricted ChaCha20 cipher.
Definition: chacha20.h:75

FSChaCha20Poly1305::NextPacket
void NextPacket() noexcept
Update counters (and if necessary, key) to transition to the next message.
Definition: chacha20poly1305.cpp:106

AEADChaCha20Poly1305::Encrypt
void Encrypt(std::span< const std::byte > plain, std::span< const std::byte > aad, Nonce96 nonce, std::span< std::byte > cipher) noexcept
Encrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:41

AEADChaCha20Poly1305::m_chacha20
ChaCha20 m_chacha20
Internal stream cipher.
Definition: chacha20poly1305.h:19

FSChaCha20Poly1305::Decrypt
bool Decrypt(std::span< const std::byte > cipher, std::span< const std::byte > aad, std::span< std::byte > plain) noexcept
Decrypt a message with a specified aad.
Definition: chacha20poly1305.h:136

AEADChaCha20Poly1305::Nonce96
ChaCha20::Nonce96 Nonce96
96-bit nonce type.
Definition: chacha20poly1305.h:35

AEADChaCha20Poly1305::Decrypt
bool Decrypt(std::span< const std::byte > cipher, std::span< const std::byte > aad, Nonce96 nonce, std::span< std::byte > plain) noexcept
Decrypt a message with a specified 96-bit nonce and aad.
Definition: chacha20poly1305.h:56

FSChaCha20Poly1305::EXPANSION
static constexpr auto EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:105

FSChaCha20Poly1305::KEYLEN
static constexpr auto KEYLEN
Length of keys expected by the constructor.
Definition: chacha20poly1305.h:102

Poly1305::TAGLEN
static constexpr unsigned TAGLEN
Length of the output produced by Finalize().
Definition: poly1305.h:44

poly1305.h