Crypto++  8.0
Free C++ class library of cryptographic schemes
chacha.h
Go to the documentation of this file.
1 // chacha.h - written and placed in the public domain by Jeffrey Walton.
2 // Based on Wei Dai's Salsa20, Botan's SSE2 implementation,
3 // and Bernstein's reference ChaCha family implementation at
4 // http://cr.yp.to/chacha.html.
5 
6 /// \file chacha.h
7 /// \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers
8 /// \details Crypto++ provides Bernstein and ECRYPT's ChaCha from <a href="http://cr.yp.to/chacha/chacha-20080128.pdf">ChaCha,
9 /// a variant of Salsa20</a> (2008.01.28). Bernstein's implementation is _slightly_ different from the TLS working group's
10 /// implementation for cipher suites <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
11 /// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
12 /// \since Crypto++ 5.6.4
13 
14 #ifndef CRYPTOPP_CHACHA_H
15 #define CRYPTOPP_CHACHA_H
16 
17 #include "strciphr.h"
18 #include "secblock.h"
19 
20 NAMESPACE_BEGIN(CryptoPP)
21 
22 /// \brief ChaCha stream cipher information
23 /// \since Crypto++ 5.6.4
24 struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>
25 {
26  /// \brief The algorithm name
27  /// \returns the algorithm name
28  /// \details StaticAlgorithmName returns the algorithm's name as a static
29  /// member function.
30  /// \details Bernstein named the cipher variants ChaCha8, ChaCha12 and
31  /// ChaCha20. More generally, Bernstein called the family ChaCha{r}.
32  /// AlgorithmName() provides the exact name once rounds are set.
33  static const char* StaticAlgorithmName() {
34  return "ChaCha";
35  }
36 };
37 
38 /// \brief ChaCha stream cipher implementation
39 /// \since Crypto++ 5.6.4
40 class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<word32, 16>
41 {
42 public:
43  ~ChaCha_Policy() {}
44  ChaCha_Policy() : m_rounds(0) {}
45 
46 protected:
47  void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
48  void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
49  void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);
50  bool CipherIsRandomAccess() const {return true;}
51  void SeekToIteration(lword iterationCount);
52  unsigned int GetAlignment() const;
53  unsigned int GetOptimalBlockSize() const;
54 
55  std::string AlgorithmName() const;
56  std::string AlgorithmProvider() const;
57 
58  // MultiBlockSafe detects a condition that can arise in the SIMD
59  // implementations where we overflow one of the 32-bit state words
60  // during addition in an intermediate result. Conditions to trigger
61  // issue include a user seeks to around 2^32 blocks (256 GB of data).
62  // https://github.com/weidai11/cryptopp/issues/732
63  inline bool MultiBlockSafe(unsigned int blocks) const;
64 
66  unsigned int m_rounds;
67 };
68 
69 /// \brief ChaCha stream cipher
70 /// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working
71 /// group's implementation for cipher suites
72 /// <tt>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>,
73 /// <tt>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</tt>, and
74 /// <tt>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</tt>.
75 /// \sa <a href="http://cr.yp.to/chacha/chacha-20080208.pdf">ChaCha, a variant of Salsa20</a> (2008.01.28).
76 /// \since Crypto++ 5.6.4
78 {
80  typedef Encryption Decryption;
81 };
82 
83 NAMESPACE_END
84 
85 #endif // CRYPTOPP_CHACHA_H
static const char * StaticAlgorithmName()
The algorithm name.
Definition: chacha.h:33
ChaCha stream cipher information.
Definition: chacha.h:24
ChaCha stream cipher.
Definition: chacha.h:77
Base class for additive stream ciphers.
Definition: strciphr.h:201
unsigned int GetAlignment() const
Provides data alignment requirements.
Definition: strciphr.h:213
Classes and functions for secure memory allocations.
ChaCha stream cipher implementation.
Definition: chacha.h:40
virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)=0
Operates the keystream.
Interface for algorithms that take byte strings as keys.
Definition: cryptlib.h:613
Inherited by keyed algorithms with variable key length.
Definition: seckey.h:165
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Definition: argnames.h:21
Classes for implementing stream ciphers.
Provides Encryption and Decryption typedefs used by derived classes to implement a symmetric cipher...
Definition: seckey.h:413
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:88
Crypto++ library namespace.
SymmetricCipher implementation.
Definition: strciphr.h:664
Interface for retrieving values given their names.
Definition: cryptlib.h:293