diff options
author | Jeffrey Walton <noloader@gmail.com> | 2019-01-27 01:41:53 -0500 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2019-01-27 01:41:53 -0500 |
commit | e388f2d88d7f4b2b52f60d5254ab27aaebcfa06e (patch) | |
tree | 85983c1001a7314f065ecb45b4003c01861d8ae0 /poly1305.h | |
parent | 6cd2d0a06a57fd800d2c590055eb741f870ac2ec (diff) | |
download | cryptopp-git-e388f2d88d7f4b2b52f60d5254ab27aaebcfa06e.tar.gz |
Add Poly1305TLS algorithm (GH #727)
This is the IETF's rendition of Poly1305 that forgoes AES and the nonce, and uses 16-bytes of the key directly to mac the message
Diffstat (limited to 'poly1305.h')
-rw-r--r-- | poly1305.h | 47 |
1 files changed, 46 insertions, 1 deletions
@@ -52,6 +52,8 @@ NAMESPACE_BEGIN(CryptoPP)
+////////////////////////////// Bernstein Poly1305 //////////////////////////////
+
/// \brief Poly1305 message authentication code base class
/// \tparam T class derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize
/// \since Crypto++ 6.0
@@ -67,6 +69,7 @@ public: CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE)
CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE)
+ virtual ~Poly1305_Base() {}
Poly1305_Base() : m_idx(0), m_used(true) {}
void Resynchronize (const byte *iv, int ivLength=-1);
@@ -83,7 +86,7 @@ public: std::string AlgorithmProvider() const;
protected:
- // No longer needed. Remove at next major version bump
+ // TODO: No longer needed. Remove at next major version bump
void HashBlocks(const byte *input, size_t length, word32 padbit);
void HashFinal(byte *mac, size_t length);
@@ -165,6 +168,48 @@ public: {this->SetKey(key, keyLength, MakeParameters(Name::IV(), ConstByteArrayParameter(nonce, nonceLength)));}
};
+////////////////////////////// IETF Poly1305 //////////////////////////////
+
+class Poly1305TLS_Base : public FixedKeyLength<32>, public MessageAuthenticationCode
+{
+public:
+ static std::string StaticAlgorithmName() {return std::string("Poly1305TLS");}
+ CRYPTOPP_CONSTANT(DIGESTSIZE=16)
+ CRYPTOPP_CONSTANT(BLOCKSIZE=16)
+
+ virtual ~Poly1305TLS_Base() {}
+ Poly1305TLS_Base() {}
+
+ //void Resynchronize (const byte *iv, int ivLength=-1);
+ //void GetNextIV (RandomNumberGenerator &rng, byte *iv);
+
+ void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms);
+ void Update(const byte *input, size_t length);
+ void TruncatedFinal(byte *mac, size_t size);
+ void Restart();
+
+ unsigned int BlockSize() const {return BLOCKSIZE;}
+ unsigned int DigestSize() const {return DIGESTSIZE;}
+
+ // std::string AlgorithmProvider() const;
+
+protected:
+ // Accumulated hash, clamped r-key, and encrypted nonce
+ FixedSizeAlignedSecBlock<word32, 5> m_h;
+ FixedSizeAlignedSecBlock<word32, 4> m_r;
+ FixedSizeAlignedSecBlock<word32, 4> m_n;
+
+ // Accumulated message bytes and index
+ FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m_acc;
+ size_t m_idx;
+};
+
+/// \brief Poly1305 TLS message authentication code
+/// \tparam T HashTransformation class
+/// \details 160-bit MAC with 160-bit key
+/// \sa MessageAuthenticationCode()
+DOCUMENTED_TYPEDEF(MessageAuthenticationCodeFinal<Poly1305TLS_Base>, Poly1305TLS)
+
NAMESPACE_END
#endif // CRYPTOPP_POLY1305_H
|