| | | 1 | | using System.Diagnostics; |
| | | 2 | | using System.Security.Cryptography; |
| | | 3 | | |
| | | 4 | | namespace NLightning.Infrastructure.Crypto.Ciphers; |
| | | 5 | | |
| | | 6 | | using Domain.Crypto.Constants; |
| | | 7 | | using Factories; |
| | | 8 | | using Interfaces; |
| | | 9 | | |
| | | 10 | | /// <summary> |
| | | 11 | | /// AEAD_XCHACHA20_POLY1305 from <see href="https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha">draft-irtf-cf |
| | | 12 | | /// The 96-bit nonce is formed by encoding 32 bits of zeros followed by little-endian encoding of n. |
| | | 13 | | /// </summary> |
| | | 14 | | public sealed class XChaCha20Poly1305 : IDisposable |
| | | 15 | | { |
| | | 16 | | private readonly ICryptoProvider _cryptoProvider; |
| | | 17 | | |
| | 0 | 18 | | public XChaCha20Poly1305() |
| | | 19 | | { |
| | 0 | 20 | | _cryptoProvider = CryptoFactory.GetCryptoProvider(); |
| | 0 | 21 | | } |
| | | 22 | | |
| | | 23 | | /// <summary> |
| | | 24 | | /// Encrypts plaintext using a cipher key of 32 bytes, 24-byte nonce, and optional authentication data. |
| | | 25 | | /// Writes the resulting ciphertext and authentication tag into the provided ciphertext buffer. |
| | | 26 | | /// Returns the length of the ciphertext, including the authentication tag. |
| | | 27 | | /// </summary> |
| | | 28 | | /// <param name="key">A 32-byte encryption key.</param> |
| | | 29 | | /// <param name="publicNonce"> |
| | | 30 | | /// A 24-byte public nonce used for encryption, ensuring uniqueness for each encryption operation |
| | | 31 | | /// </param> |
| | | 32 | | /// <param name="authenticationData">Optional additional data to authenticate, which is not encrypted.</param> |
| | | 33 | | /// <param name="plaintext">The plaintext to be encrypted.</param> |
| | | 34 | | /// <param name="ciphertext"> |
| | | 35 | | /// A buffer to store the resulting ciphertext and authentication tag. |
| | | 36 | | /// Must be large enough to hold plaintext length plus 16 bytes. |
| | | 37 | | /// </param> |
| | | 38 | | /// <returns>The total number of bytes written to the ciphertext buffer, including the authentication tag.</returns> |
| | | 39 | | /// <exception cref="CryptographicException">Thrown when the encryption process fails.</exception> |
| | | 40 | | public int Encrypt(ReadOnlySpan<byte> key, ReadOnlySpan<byte> publicNonce, ReadOnlySpan<byte> authenticationData, |
| | | 41 | | ReadOnlySpan<byte> plaintext, Span<byte> ciphertext) |
| | | 42 | | { |
| | | 43 | | Debug.Assert(key.Length == CryptoConstants.PRIVKEY_LEN); |
| | | 44 | | Debug.Assert(ciphertext.Length >= plaintext.Length + CryptoConstants.XCHACHA20_POLY1305_TAG_LEN); |
| | | 45 | | |
| | 0 | 46 | | var result = _cryptoProvider.AeadXChaCha20Poly1305IetfEncrypt(key, publicNonce, authenticationData, plaintext, |
| | 0 | 47 | | ciphertext, out var length); |
| | | 48 | | |
| | 0 | 49 | | if (result != 0) |
| | | 50 | | { |
| | 0 | 51 | | throw new CryptographicException("Encryption failed."); |
| | | 52 | | } |
| | | 53 | | |
| | | 54 | | Debug.Assert(length == plaintext.Length + CryptoConstants.CHACHA20_POLY1305_TAG_LEN); |
| | 0 | 55 | | return (int)length; |
| | | 56 | | } |
| | | 57 | | |
| | | 58 | | /// <summary> |
| | | 59 | | /// Decrypts ciphertext using a 32-byte cipher key, 24-byte nonce, and optional authentication data. |
| | | 60 | | /// Writes the resulting plaintext into the provided plaintext buffer. Returns the length of the plaintext. |
| | | 61 | | /// </summary> |
| | | 62 | | /// <param name="key">A 32-byte decryption key.</param> |
| | | 63 | | /// <param name="publicNonce"> |
| | | 64 | | /// A 24-byte public nonce used for decryption. It must match the nonce used during encryption. |
| | | 65 | | /// </param> |
| | | 66 | | /// <param name="authenticationData"> |
| | | 67 | | /// Optional additional data that was authenticated during encryption but not encrypted. |
| | | 68 | | /// </param> |
| | | 69 | | /// <param name="ciphertext"> |
| | | 70 | | /// The ciphertext and authentication tag. The buffer should be at least the length of the plaintext plus 16 bytes. |
| | | 71 | | /// </param> |
| | | 72 | | /// <param name="plaintext"> |
| | | 73 | | /// A buffer to store the resulting plaintext. It must be large enough to store the decrypted data. |
| | | 74 | | /// </param> |
| | | 75 | | /// <returns>The total number of bytes written to the plaintext buffer.</returns> |
| | | 76 | | /// <exception cref="CryptographicException">Thrown when the decryption process fails.</exception> |
| | | 77 | | public int Decrypt(ReadOnlySpan<byte> key, ReadOnlySpan<byte> publicNonce, ReadOnlySpan<byte> authenticationData, |
| | | 78 | | ReadOnlySpan<byte> ciphertext, Span<byte> plaintext) |
| | | 79 | | { |
| | | 80 | | Debug.Assert(key.Length == CryptoConstants.PRIVKEY_LEN); |
| | | 81 | | Debug.Assert(ciphertext.Length >= CryptoConstants.XCHACHA20_POLY1305_TAG_LEN); |
| | | 82 | | Debug.Assert(plaintext.Length >= ciphertext.Length - CryptoConstants.XCHACHA20_POLY1305_TAG_LEN); |
| | | 83 | | |
| | 0 | 84 | | var result = _cryptoProvider.AeadXChaCha20Poly1305IetfDecrypt(key, publicNonce, authenticationData, ciphertext, |
| | 0 | 85 | | plaintext, out var length); |
| | | 86 | | |
| | 0 | 87 | | if (result != 0) |
| | | 88 | | { |
| | 0 | 89 | | throw new CryptographicException("Decryption failed."); |
| | | 90 | | } |
| | | 91 | | |
| | | 92 | | Debug.Assert(length == ciphertext.Length - CryptoConstants.CHACHA20_POLY1305_TAG_LEN); |
| | 0 | 93 | | return (int)length; |
| | | 94 | | } |
| | | 95 | | |
| | | 96 | | public void Dispose() |
| | | 97 | | { |
| | 0 | 98 | | _cryptoProvider.Dispose(); |
| | 0 | 99 | | } |
| | | 100 | | } |