Crypto++ 8.9
Free C++ class library of cryptographic schemes
|
Poly1305-TLS message authentication code. More...
#include <poly1305.h>
Additional Inherited Members | |
Public Member Functions inherited from ClonableImpl< DERIVED, BASE > | |
Clonable * | Clone () const |
Create a copy of this object. | |
Poly1305-TLS message authentication code.
This is the IETF's variant of Bernstein's Poly1305 from RFC 8439. IETF Poly1305 is called Poly1305TLS in the Crypto++ library. It is _slightly_ different from the Bernstein implementation. Poly1305-TLS can be used for cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
.
The key is 32 bytes and a concatenation key = {r,s}
, where r
is additional key that gets clamped and s
is the nonce. The key is clamped internally so there is no need to perform the operation before setting the key.
Each message must have a unique security context, which means the key must be changed after each message. It can be accomplished in one of two ways. First, you can create a new Poly1305 object with a new key each time its needed.
SecByteBlock key(32); prng.GenerateBlock(key, key.size()); Poly1305TLS poly1305(key, key.size()); poly1305.Update(...); poly1305.Final(...);
Second, you can create a Poly1305 object, and use a new key for each message. The keys can be generated directly using a RandomNumberGenerator() derived class.
SecByteBlock key(32); prng.GenerateBlock(key, key.size()); // First message Poly1305TLS poly1305(key, key.size()); poly1305.Update(...); poly1305.Final(...); // Second message prng.GenerateBlock(key, key.size()); poly1305.SetKey(key, key.size()); poly1305.Update(...); poly1305.Final(...); ...
Definition at line 237 of file poly1305.h.