Crypto++ 8.7
Free C++ class library of cryptographic schemes
List of all members
Poly1305TLS Class Reference

Poly1305-TLS message authentication code. More...

#include <poly1305.h>

+ Inheritance diagram for Poly1305TLS:

Additional Inherited Members

- Public Types inherited from SimpleKeyingInterface
enum  IV_Requirement {
  UNIQUE_IV = 0 , RANDOM_IV , UNPREDICTABLE_RANDOM_IV , INTERNALLY_GENERATED_IV ,
  NOT_RESYNCHRONIZABLE
}
 Secure IVs requirements as enumerated values. More...
 
- Public Member Functions inherited from MessageAuthenticationCodeFinal< Poly1305TLS_Base >
 MessageAuthenticationCodeFinal ()
 Construct a default MessageAuthenticationCodeFinal. More...
 
 MessageAuthenticationCodeFinal (const byte *key)
 Construct a BlockCipherFinal. More...
 
 MessageAuthenticationCodeFinal (const byte *key, size_t length)
 Construct a BlockCipherFinal. More...
 
- Public Member Functions inherited from ClonableImpl< MessageAuthenticationCodeFinal< Poly1305TLS_Base >, MessageAuthenticationCodeImpl< Poly1305TLS_Base > >
ClonableClone () const
 Create a copy of this object. More...
 
- Public Member Functions inherited from AlgorithmImpl< SimpleKeyingInterfaceImpl< Poly1305TLS_Base, Poly1305TLS_Base >, Poly1305TLS_Base >
std::string AlgorithmName () const
 The algorithm name. More...
 
- Public Member Functions inherited from SimpleKeyingInterfaceImpl< Poly1305TLS_Base, Poly1305TLS_Base >
size_t MinKeyLength () const
 The minimum key length used by the algorithm. More...
 
size_t MaxKeyLength () const
 The maximum key length used by the algorithm. More...
 
size_t DefaultKeyLength () const
 The default key length used by the algorithm. More...
 
size_t GetValidKeyLength (size_t keylength) const
 Provides a valid key length for the algorithm. More...
 
SimpleKeyingInterface::IV_Requirement IVRequirement () const
 The default IV requirements for the algorithm. More...
 
unsigned int IVSize () const
 The initialization vector length for the algorithm. More...
 
- Public Member Functions inherited from Poly1305TLS_Base
void UncheckedSetKey (const byte *key, unsigned int length, const NameValuePairs &params)
 Sets the key for this object without performing parameter validation. More...
 
void Update (const byte *input, size_t length)
 Updates a hash with additional input. More...
 
void TruncatedFinal (byte *mac, size_t size)
 Computes the hash of the current message. More...
 
void Restart ()
 Restart the hash. More...
 
unsigned int BlockSize () const
 Provides the block size of the compression function. More...
 
unsigned int DigestSize () const
 Provides the digest size of the hash. More...
 
- Public Member Functions inherited from SimpleKeyingInterface
virtual size_t MinKeyLength () const =0
 Returns smallest valid key length. More...
 
virtual size_t MaxKeyLength () const =0
 Returns largest valid key length. More...
 
virtual size_t DefaultKeyLength () const =0
 Returns default key length. More...
 
virtual size_t GetValidKeyLength (size_t keylength) const =0
 Returns a valid key length for the algorithm. More...
 
virtual bool IsValidKeyLength (size_t keylength) const
 Returns whether keylength is a valid key length. More...
 
virtual void SetKey (const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
 Sets or reset the key of this object. More...
 
void SetKeyWithRounds (const byte *key, size_t length, int rounds)
 Sets or reset the key of this object. More...
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv, size_t ivLength)
 Sets or reset the key of this object. More...
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv)
 Sets or reset the key of this object. More...
 
virtual IV_Requirement IVRequirement () const =0
 Minimal requirement for secure IVs. More...
 
bool IsResynchronizable () const
 Determines if the object can be resynchronized. More...
 
bool CanUseRandomIVs () const
 Determines if the object can use random IVs. More...
 
bool CanUsePredictableIVs () const
 Determines if the object can use random but possibly predictable IVs. More...
 
bool CanUseStructuredIVs () const
 Determines if the object can use structured IVs. More...
 
virtual unsigned int IVSize () const
 Returns length of the IV accepted by this object. More...
 
unsigned int DefaultIVLength () const
 Provides the default size of an IV. More...
 
virtual unsigned int MinIVLength () const
 Provides the minimum size of an IV. More...
 
virtual unsigned int MaxIVLength () const
 Provides the maximum size of an IV. More...
 
virtual void Resynchronize (const byte *iv, int ivLength=-1)
 Resynchronize with an IV. More...
 
virtual void GetNextIV (RandomNumberGenerator &rng, byte *iv)
 Retrieves a secure IV for the next message. More...
 
- Public Member Functions inherited from HashTransformation
HashTransformationRef ()
 Provides a reference to this object. More...
 
virtual void Update (const byte *input, size_t length)=0
 Updates a hash with additional input. More...
 
virtual byteCreateUpdateSpace (size_t &size)
 Request space which can be written into by the caller. More...
 
virtual void Final (byte *digest)
 Computes the hash of the current message. More...
 
virtual void Restart ()
 Restart the hash. More...
 
virtual unsigned int DigestSize () const =0
 Provides the digest size of the hash. More...
 
unsigned int TagSize () const
 Provides the tag size of the hash. More...
 
virtual unsigned int BlockSize () const
 Provides the block size of the compression function. More...
 
virtual unsigned int OptimalBlockSize () const
 Provides the input block size most efficient for this hash. More...
 
virtual unsigned int OptimalDataAlignment () const
 Provides input and output data alignment for optimal performance. More...
 
virtual void CalculateDigest (byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message. More...
 
virtual bool Verify (const byte *digest)
 Verifies the hash of the current message. More...
 
virtual bool VerifyDigest (const byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message. More...
 
virtual void TruncatedFinal (byte *digest, size_t digestSize)=0
 Computes the hash of the current message. More...
 
virtual void CalculateTruncatedDigest (byte *digest, size_t digestSize, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message. More...
 
virtual bool TruncatedVerify (const byte *digest, size_t digestLength)
 Verifies the hash of the current message. More...
 
virtual bool VerifyTruncatedDigest (const byte *digest, size_t digestLength, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message. More...
 
- Public Member Functions inherited from Algorithm
 Algorithm (bool checkSelfTestStatus=true)
 Interface for all crypto algorithms. More...
 
virtual std::string AlgorithmName () const
 Provides the name of this algorithm. More...
 
virtual std::string AlgorithmProvider () const
 Retrieve the provider of this algorithm. More...
 
virtual ClonableClone () const
 Copies this object. More...
 
- Static Public Member Functions inherited from AlgorithmImpl< SimpleKeyingInterfaceImpl< Poly1305TLS_Base, Poly1305TLS_Base >, Poly1305TLS_Base >
static std::string StaticAlgorithmName ()
 The algorithm name. More...
 
- Static Public Member Functions inherited from Poly1305TLS_Base
static std::string StaticAlgorithmName ()
 
- Static Public Member Functions inherited from FixedKeyLength< 32 >
static size_t StaticGetValidKeyLength (size_t keylength)
 The default key length for the algorithm provided by a static function. More...
 
- Static Public Attributes inherited from Poly1305TLS_Base
static const int DIGESTSIZE =16
 
static const int BLOCKSIZE =16
 
- Static Public Attributes inherited from FixedKeyLength< 32 >
static const int KEYLENGTH
 The default key length used by the algorithm provided as a constant. More...
 
static const int MIN_KEYLENGTH
 The minimum key length used by the algorithm provided as a constant. More...
 
static const int MAX_KEYLENGTH
 The maximum key length used by the algorithm provided as a constant. More...
 
static const int DEFAULT_KEYLENGTH
 The default key length used by the algorithm provided as a constant. More...
 
static const int IV_REQUIREMENT
 The default IV requirements for the algorithm provided as a constant. More...
 
static const int IV_LENGTH
 The default IV length used by the algorithm provided as a constant. More...
 

Detailed Description

Poly1305-TLS message authentication code.

This is the IETF's variant of Bernstein's Poly1305 from RFC 8439. IETF Poly1305 is called Poly1305TLS in the Crypto++ library. It is _slightly_ different from the Bernstein implementation. Poly1305-TLS can be used for cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

The key is 32 bytes and a concatenation key = {r,s}, where r is additional key that gets clamped and s is the nonce. The key is clamped internally so there is no need to perform the operation before setting the key.

Each message must have a unique security context, which means the key must be changed after each message. It can be accomplished in one of two ways. First, you can create a new Poly1305 object with a new key each time its needed.

  SecByteBlock key(32);
  prng.GenerateBlock(key, key.size());

  Poly1305TLS poly1305(key, key.size());
  poly1305.Update(...);
  poly1305.Final(...);

Second, you can create a Poly1305 object, and use a new key for each message. The keys can be generated directly using a RandomNumberGenerator() derived class.

  SecByteBlock key(32);
  prng.GenerateBlock(key, key.size());

  // First message
  Poly1305TLS poly1305(key, key.size());
  poly1305.Update(...);
  poly1305.Final(...);

  // Second message
  prng.GenerateBlock(key, key.size());
  poly1305.SetKey(key, key.size());
  poly1305.Update(...);
  poly1305.Final(...);
  ...
Warning
Each message must have a unique security context. The Poly1305-TLS class does not enforce a fresh key or nonce for each message.
Since
Crypto++ 8.1
See also
MessageAuthenticationCode(), RFC 8439, ChaCha20 and Poly1305 for IETF Protocols

Definition at line 237 of file poly1305.h.


The documentation for this class was generated from the following file: