go/aead/subtle/chacha20poly1305.go - third_party/tink - Git at Google

 // Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package subtle

 import (
 	"fmt"

 	"golang.org/x/crypto/chacha20poly1305"
 	internalaead "github.com/google/tink/go/internal/aead"
 	"github.com/google/tink/go/subtle/random"
 	"github.com/google/tink/go/tink"
 )

 const (
 	poly1305TagSize = 16
 )

 // ChaCha20Poly1305 is an implementation of AEAD interface.
 type ChaCha20Poly1305 struct {
 	Key                           []byte
 	chaCha20Poly1305InsecureNonce *internalaead.ChaCha20Poly1305InsecureNonce
 }

 // Assert that ChaCha20Poly1305 implements the AEAD interface.
 var _ tink.AEAD = (*ChaCha20Poly1305)(nil)

 // NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance.
 // The key argument should be a 32-bytes key.
 func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error) {
 	chaCha20Poly1305InsecureNonce, err := internalaead.NewChaCha20Poly1305InsecureNonce(key)
 	return &ChaCha20Poly1305{
 		Key:                           key,
 		chaCha20Poly1305InsecureNonce: chaCha20Poly1305InsecureNonce,
 	}, err
 }

 // Encrypt encrypts plaintext with associatedData.
 // The resulting ciphertext consists of two parts:
 // (1) the nonce used for encryption and (2) the actual ciphertext.
 func (ca *ChaCha20Poly1305) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error) {
 	nonce := random.GetRandomBytes(chacha20poly1305.NonceSize)
 	ct, err := ca.chaCha20Poly1305InsecureNonce.Encrypt(nonce, plaintext, associatedData)
 	if err != nil {
 		return nil, err
 	}
 	return append(nonce, ct...), nil
 }

 // Decrypt decrypts ciphertext with associatedData.
 func (ca *ChaCha20Poly1305) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error) {
 	if len(ciphertext) < chacha20poly1305.NonceSize+poly1305TagSize {
 		return nil, fmt.Errorf("chacha20poly1305: ciphertext too short")
 	}
 	nonce := ciphertext[:chacha20poly1305.NonceSize]
 	return ca.chaCha20Poly1305InsecureNonce.Decrypt(nonce, ciphertext[chacha20poly1305.NonceSize:], associatedData)
 }
	// Copyright 2020 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package subtle

	import (
	"fmt"

	"golang.org/x/crypto/chacha20poly1305"
	internalaead "github.com/google/tink/go/internal/aead"
	"github.com/google/tink/go/subtle/random"
	"github.com/google/tink/go/tink"
	)

	const (
	poly1305TagSize = 16
	)

	// ChaCha20Poly1305 is an implementation of AEAD interface.
	type ChaCha20Poly1305 struct {
	Key []byte
	chaCha20Poly1305InsecureNonce *internalaead.ChaCha20Poly1305InsecureNonce
	}

	// Assert that ChaCha20Poly1305 implements the AEAD interface.
	var _ tink.AEAD = (*ChaCha20Poly1305)(nil)

	// NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance.
	// The key argument should be a 32-bytes key.
	func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error) {
	chaCha20Poly1305InsecureNonce, err := internalaead.NewChaCha20Poly1305InsecureNonce(key)
	return &ChaCha20Poly1305{
	Key: key,
	chaCha20Poly1305InsecureNonce: chaCha20Poly1305InsecureNonce,
	}, err
	}

	// Encrypt encrypts plaintext with associatedData.
	// The resulting ciphertext consists of two parts:
	// (1) the nonce used for encryption and (2) the actual ciphertext.
	func (ca *ChaCha20Poly1305) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error) {
	nonce := random.GetRandomBytes(chacha20poly1305.NonceSize)
	ct, err := ca.chaCha20Poly1305InsecureNonce.Encrypt(nonce, plaintext, associatedData)
	if err != nil {
	return nil, err
	}
	return append(nonce, ct...), nil
	}

	// Decrypt decrypts ciphertext with associatedData.
	func (ca *ChaCha20Poly1305) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error) {
	if len(ciphertext) < chacha20poly1305.NonceSize+poly1305TagSize {
	return nil, fmt.Errorf("chacha20poly1305: ciphertext too short")
	}
	nonce := ciphertext[:chacha20poly1305.NonceSize]
	return ca.chaCha20Poly1305InsecureNonce.Decrypt(nonce, ciphertext[chacha20poly1305.NonceSize:], associatedData)
	}