Crypto++  5.6.5
Free C++ class library of cryptographic schemes
Public Member Functions | Static Public Attributes | List of all members
Poly1305< T > Class Template Reference

Poly1305 message authentication code. More...

+ Inheritance diagram for Poly1305< T >:

Public Member Functions

 Poly1305 ()
 Construct a Poly1305.
 
 Poly1305 (const byte *key, size_t keyLength=DEFAULT_KEYLENGTH, const byte *nonce=NULL, size_t nonceLength=0)
 Construct a Poly1305. More...
 
- Public Member Functions inherited from MessageAuthenticationCodeFinal< Poly1305_Base< T > >
 MessageAuthenticationCodeFinal ()
 Construct a default MessageAuthenticationCodeFinal. More...
 
 MessageAuthenticationCodeFinal (const byte *key)
 Construct a BlockCipherFinal. More...
 
 MessageAuthenticationCodeFinal (const byte *key, size_t length)
 Construct a BlockCipherFinal. More...
 
- Public Member Functions inherited from ClonableImpl< MessageAuthenticationCodeFinal< Poly1305_Base< T > >, MessageAuthenticationCodeImpl< Poly1305_Base< T > > >
ClonableClone () const
 
- Public Member Functions inherited from AlgorithmImpl< SimpleKeyingInterfaceImpl< Poly1305_Base< T >, Poly1305_Base< T > >, Poly1305_Base< T > >
std::string AlgorithmName () const
 The algorithm name. More...
 
- Public Member Functions inherited from SimpleKeyingInterfaceImpl< Poly1305_Base< T >, Poly1305_Base< T > >
size_t MinKeyLength () const
 The minimum key length used by the algorithm. More...
 
size_t MaxKeyLength () const
 The maximum key length used by the algorithm. More...
 
size_t DefaultKeyLength () const
 The default key length used by the algorithm. More...
 
size_t GetValidKeyLength (size_t keylength) const
 Provides a valid key length for the algorithm. More...
 
SimpleKeyingInterface::IV_Requirement IVRequirement () const
 The default IV requirements for the algorithm. More...
 
unsigned int IVSize () const
 The default initialization vector length for the algorithm. More...
 
- Public Member Functions inherited from Poly1305_Base< T >
void Resynchronize (const byte *iv, int ivLength=-1)
 Resynchronize with an IV. More...
 
void GetNextIV (RandomNumberGenerator &rng, byte *iv)
 Retrieves a secure IV for the next message. More...
 
void UncheckedSetKey (const byte *key, unsigned int length, const NameValuePairs &params)
 Sets the key for this object without performing parameter validation. More...
 
void Update (const byte *input, size_t length)
 Updates a hash with additional input. More...
 
void TruncatedFinal (byte *mac, size_t size)
 Computes the hash of the current message. More...
 
void Restart ()
 Restart the hash. More...
 
unsigned int BlockSize () const
 Provides the block size of the compression function. More...
 
unsigned int DigestSize () const
 Provides the digest size of the hash. More...
 
- Public Member Functions inherited from SimpleKeyingInterface
virtual bool IsValidKeyLength (size_t keylength) const
 Returns whether keylength is a valid key length. More...
 
virtual void SetKey (const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
 Sets or reset the key of this object. More...
 
void SetKeyWithRounds (const byte *key, size_t length, int rounds)
 Sets or reset the key of this object. More...
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv, size_t ivLength)
 Sets or reset the key of this object. More...
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv)
 Sets or reset the key of this object. More...
 
bool IsResynchronizable () const
 Determines if the object can be resynchronized. More...
 
bool CanUseRandomIVs () const
 Determines if the object can use random IVs. More...
 
bool CanUsePredictableIVs () const
 Determines if the object can use random but possibly predictable IVs. More...
 
bool CanUseStructuredIVs () const
 Determines if the object can use structured IVs. More...
 
unsigned int DefaultIVLength () const
 Provides the default size of an IV. More...
 
virtual unsigned int MinIVLength () const
 Provides the minimum size of an IV. More...
 
virtual unsigned int MaxIVLength () const
 Provides the maximum size of an IV. More...
 
- Public Member Functions inherited from HashTransformation
HashTransformationRef ()
 Provides a reference to this object. More...
 
virtual byte * CreateUpdateSpace (size_t &size)
 Request space which can be written into by the caller. More...
 
virtual void Final (byte *digest)
 Computes the hash of the current message. More...
 
unsigned int TagSize () const
 Provides the tag size of the hash. More...
 
virtual unsigned int OptimalBlockSize () const
 Provides the input block size most efficient for this hash. More...
 
virtual unsigned int OptimalDataAlignment () const
 Provides input and output data alignment for optimal performance. More...
 
virtual void CalculateDigest (byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message. More...
 
virtual bool Verify (const byte *digest)
 Verifies the hash of the current message. More...
 
virtual bool VerifyDigest (const byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message. More...
 
virtual void CalculateTruncatedDigest (byte *digest, size_t digestSize, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message. More...
 
virtual bool TruncatedVerify (const byte *digest, size_t digestLength)
 Verifies the hash of the current message. More...
 
virtual bool VerifyTruncatedDigest (const byte *digest, size_t digestLength, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message. More...
 
- Public Member Functions inherited from Algorithm
 Algorithm (bool checkSelfTestStatus=true)
 Interface for all crypto algorithms. More...
 

Static Public Attributes

static const int DEFAULT_KEYLENGTH =Poly1305_Base<T>::DEFAULT_KEYLENGTH
 
- Static Public Attributes inherited from Poly1305_Base< T >
static const int DIGESTSIZE =T::BLOCKSIZE
 
static const int BLOCKSIZE =T::BLOCKSIZE
 
- Static Public Attributes inherited from FixedKeyLength< 32, SimpleKeyingInterface::UNIQUE_IV, 16 >
static const int KEYLENGTH
 The default key length used by the algorithm provided as a constant. More...
 
static const int MIN_KEYLENGTH
 The minimum key length used by the algorithm provided as a constant. More...
 
static const int MAX_KEYLENGTH
 The maximum key length used by the algorithm provided as a constant. More...
 
static const int DEFAULT_KEYLENGTH
 The default key length used by the algorithm provided as a constant. More...
 
static const int IV_REQUIREMENT
 The default IV requirements for the algorithm provided as a constant. More...
 
static const int IV_LENGTH
 The default IV length used by the algorithm provided as a constant. More...
 

Additional Inherited Members

- Public Types inherited from SimpleKeyingInterface
enum  IV_Requirement {
  UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV,
  NOT_RESYNCHRONIZABLE
}
 Secure IVs requirements as enumerated values. More...
 
- Static Public Member Functions inherited from AlgorithmImpl< SimpleKeyingInterfaceImpl< Poly1305_Base< T >, Poly1305_Base< T > >, Poly1305_Base< T > >
static std::string StaticAlgorithmName ()
 The algorithm name. More...
 
- Static Public Member Functions inherited from Poly1305_Base< T >
static std::string StaticAlgorithmName ()
 
- Static Public Member Functions inherited from FixedKeyLength< 32, SimpleKeyingInterface::UNIQUE_IV, 16 >
static size_t StaticGetValidKeyLength (size_t keylength)
 The default key length for the algorithm provided by a static function. More...
 

Detailed Description

template<class T>
class Poly1305< T >

Poly1305 message authentication code.

Template Parameters
Tclass derived from BlockCipherDocumentation with 16-byte key and 16-byte blocksize

Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce.

Each message must use a unique security context, which means either the key or nonce must be changed after each message. It can be accomplished in one of two ways. First, you can create a new Poly1305 object with a key and nonce each time its needed.

  SecByteBlock key(32), nonce(16);
  prng.GenerateBlock(key, key.size());
  prng.GenerateBlock(nonce, nonce.size());
  Poly1305<AES> poly1305(key, key.size(), nonce, nonce.size());
  poly1305.Update(...);
  poly1305.Final(...);

Second, you can create a Poly1305 object, reuse the key, and set a fresh nonce for each message. The second and subsequent nonces can be generated directly using a RandomNumberGenerator() derived class; or it can be generated using GetNextIV().

  SecByteBlock key(32), nonce(16);
  prng.GenerateBlock(key, key.size());
  prng.GenerateBlock(nonce, nonce.size());
  // First message
  Poly1305<AES> poly1305(key, key.size());
  poly1305.Resynchronize(nonce);
  poly1305.Update(...);
  poly1305.Final(...);
  // Second message
  poly1305.GetNextIV(prng, nonce);
  poly1305.Resynchronize(nonce);
  poly1305.Update(...);
  poly1305.Final(...);
  ...
Warning
The Poly1305 class does not enforce a fresh nonce for each message. The source code will assert in debug builds to alert of nonce reuse. No action is taken in release builds.
See also
Daniel J. Bernstein The Poly1305-AES Message-Authentication Code (20050329) and Andy Polyakov Poly1305 Revised
Since
Crypto++ 6.0

Definition at line 146 of file poly1305.h.

Constructor & Destructor Documentation

◆ Poly1305()

template<class T >
Poly1305< T >::Poly1305 ( const byte *  key,
size_t  keyLength = DEFAULT_KEYLENGTH,
const byte *  nonce = NULL,
size_t  nonceLength = 0 
)
inline

Construct a Poly1305.

Parameters
keya byte array used to key the cipher
keyLengththe size of the byte array, in bytes
noncea byte array used to key the cipher
nonceLengththe size of the byte array, in bytes

key is the 32-byte key composed of the 16-byte AES key and the 16 additional key bytes used for r.

Each message requires a unique security context. You can use GetNextIV() and Resynchronize() to set a new nonce under a key for a message.

Definition at line 163 of file poly1305.h.


The documentation for this class was generated from the following file: