bip324_8h_source.html

// Copyright (c) 2023 The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#ifndef BITCOIN_BIP324_H

#define BITCOIN_BIP324_H


#include <array>

#include <cstddef>

#include <optional>


#include <crypto/chacha20.h>

#include <crypto/chacha20poly1305.h>

#include <key.h>

#include <pubkey.h>

#include <span.h>


class BIP324Cipher

{

public:

    static constexpr unsigned SESSION_ID_LEN{32};

    static constexpr unsigned GARBAGE_TERMINATOR_LEN{16};

    static constexpr unsigned REKEY_INTERVAL{224};

    static constexpr unsigned LENGTH_LEN{3};

    static constexpr unsigned HEADER_LEN{1};

    static constexpr unsigned EXPANSION = LENGTH_LEN + HEADER_LEN + FSChaCha20Poly1305::EXPANSION;

    static constexpr std::byte IGNORE_BIT{0x80};


private:

    std::optional<FSChaCha20> m_send_l_cipher;

    std::optional<FSChaCha20> m_recv_l_cipher;

    std::optional<FSChaCha20Poly1305> m_send_p_cipher;

    std::optional<FSChaCha20Poly1305> m_recv_p_cipher;


    CKey m_key;

    EllSwiftPubKey m_our_pubkey;


    std::array<std::byte, SESSION_ID_LEN> m_session_id;

    std::array<std::byte, GARBAGE_TERMINATOR_LEN> m_send_garbage_terminator;

    std::array<std::byte, GARBAGE_TERMINATOR_LEN> m_recv_garbage_terminator;


public:

    BIP324Cipher() = delete;


    BIP324Cipher(const CKey& key, Span<const std::byte> ent32) noexcept;


    BIP324Cipher(const CKey& key, const EllSwiftPubKey& pubkey) noexcept;


    const EllSwiftPubKey& GetOurPubKey() const noexcept { return m_our_pubkey; }


    void Initialize(const EllSwiftPubKey& their_pubkey, bool initiator, bool self_decrypt = false) noexcept;


    explicit operator bool() const noexcept { return m_send_l_cipher.has_value(); }


    void Encrypt(Span<const std::byte> contents, Span<const std::byte> aad, bool ignore, Span<std::byte> output) noexcept;


    unsigned DecryptLength(Span<const std::byte> input) noexcept;


    bool Decrypt(Span<const std::byte> input, Span<const std::byte> aad, bool& ignore, Span<std::byte> contents) noexcept;


    Span<const std::byte> GetSessionID() const noexcept { return m_session_id; }


    Span<const std::byte> GetSendGarbageTerminator() const noexcept { return m_send_garbage_terminator; }


    Span<const std::byte> GetReceiveGarbageTerminator() const noexcept { return m_recv_garbage_terminator; }

};


#endif // BITCOIN_BIP324_H

chacha20.h

chacha20poly1305.h

BIP324Cipher
The BIP324 packet cipher, encapsulating its key derivation, stream cipher, and AEAD.
Definition: bip324.h:20

BIP324Cipher::GetReceiveGarbageTerminator
Span< const std::byte > GetReceiveGarbageTerminator() const noexcept
Get the expected Garbage Terminator to receive.
Definition: bip324.h:93

BIP324Cipher::GetSendGarbageTerminator
Span< const std::byte > GetSendGarbageTerminator() const noexcept
Get the Garbage Terminator to send.
Definition: bip324.h:90

BIP324Cipher::REKEY_INTERVAL
static constexpr unsigned REKEY_INTERVAL
Definition: bip324.h:24

BIP324Cipher::GARBAGE_TERMINATOR_LEN
static constexpr unsigned GARBAGE_TERMINATOR_LEN
Definition: bip324.h:23

BIP324Cipher::HEADER_LEN
static constexpr unsigned HEADER_LEN
Definition: bip324.h:26

BIP324Cipher::DecryptLength
unsigned DecryptLength(Span< const std::byte > input) noexcept
Decrypt the length of a packet.
Definition: bip324.cpp:89

BIP324Cipher::m_our_pubkey
EllSwiftPubKey m_our_pubkey
Definition: bip324.h:37

BIP324Cipher::GetOurPubKey
const EllSwiftPubKey & GetOurPubKey() const noexcept
Retrieve our public key.
Definition: bip324.h:54

BIP324Cipher::IGNORE_BIT
static constexpr std::byte IGNORE_BIT
Definition: bip324.h:28

BIP324Cipher::BIP324Cipher
BIP324Cipher()=delete
No default constructor; keys must be provided to create a BIP324Cipher.

BIP324Cipher::Decrypt
bool Decrypt(Span< const std::byte > input, Span< const std::byte > aad, bool &ignore, Span< std::byte > contents) noexcept
Decrypt a packet.
Definition: bip324.cpp:100

BIP324Cipher::GetSessionID
Span< const std::byte > GetSessionID() const noexcept
Get the Session ID.
Definition: bip324.h:87

BIP324Cipher::m_recv_p_cipher
std::optional< FSChaCha20Poly1305 > m_recv_p_cipher
Definition: bip324.h:34

BIP324Cipher::m_key
CKey m_key
Definition: bip324.h:36

BIP324Cipher::m_recv_garbage_terminator
std::array< std::byte, GARBAGE_TERMINATOR_LEN > m_recv_garbage_terminator
Definition: bip324.h:41

BIP324Cipher::m_session_id
std::array< std::byte, SESSION_ID_LEN > m_session_id
Definition: bip324.h:39

BIP324Cipher::m_send_garbage_terminator
std::array< std::byte, GARBAGE_TERMINATOR_LEN > m_send_garbage_terminator
Definition: bip324.h:40

BIP324Cipher::Encrypt
void Encrypt(Span< const std::byte > contents, Span< const std::byte > aad, bool ignore, Span< std::byte > output) noexcept
Encrypt a packet.
Definition: bip324.cpp:73

BIP324Cipher::m_recv_l_cipher
std::optional< FSChaCha20 > m_recv_l_cipher
Definition: bip324.h:32

BIP324Cipher::LENGTH_LEN
static constexpr unsigned LENGTH_LEN
Definition: bip324.h:25

BIP324Cipher::EXPANSION
static constexpr unsigned EXPANSION
Definition: bip324.h:27

BIP324Cipher::Initialize
void Initialize(const EllSwiftPubKey &their_pubkey, bool initiator, bool self_decrypt=false) noexcept
Initialize when the other side's public key is received.
Definition: bip324.cpp:34

BIP324Cipher::m_send_p_cipher
std::optional< FSChaCha20Poly1305 > m_send_p_cipher
Definition: bip324.h:33

BIP324Cipher::SESSION_ID_LEN
static constexpr unsigned SESSION_ID_LEN
Definition: bip324.h:22

BIP324Cipher::m_send_l_cipher
std::optional< FSChaCha20 > m_send_l_cipher
Definition: bip324.h:31

CKey
An encapsulated private key.
Definition: key.h:35

FSChaCha20Poly1305::EXPANSION
static constexpr auto EXPANSION
Expansion when encrypting.
Definition: chacha20poly1305.h:105

Span< const std::byte >

key.h

pubkey.h

span.h

EllSwiftPubKey
An ElligatorSwift-encoded public key.
Definition: pubkey.h:310