public virtual byte[] Decrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> ciphertext, ReadOnlySpan <byte> associatedData = default)
{
if (ciphertext.Length + nonce.Length < _snuffle.NonceSizeInBytes + Poly1305.MAC_TAG_SIZE_IN_BYTES)
{
throw new ArgumentException($"The {nameof(ciphertext)} is too short.");
}
if (nonce.IsEmpty || nonce.Length != _snuffle.NonceSizeInBytes)
{
throw new ArgumentException(_snuffle.FormatNonceLengthExceptionMessage(_snuffle.GetType().Name, nonce.Length, _snuffle.NonceSizeInBytes));
}
var limit = ciphertext.Length - Poly1305.MAC_TAG_SIZE_IN_BYTES;
try
{
Poly1305.VerifyMac(GetMacKey(nonce), GetMacDataRfc8439(associatedData, ciphertext.Slice(0, limit)), ciphertext.Slice(limit, Poly1305.MAC_TAG_SIZE_IN_BYTES));
}
catch (Exception ex)
{
throw new CryptographicException(AEAD_EXCEPTION_INVALID_TAG, ex);
}
return(_snuffle.Decrypt(ciphertext.Slice(0, limit), nonce));
}
/// <summary>
/// Decrypts the <paramref name="ciphertext"/> into the <paramref name="plaintext"/> provided destination buffer if the authentication <paramref name="tag"/> can be validated.
/// </summary>
/// <param name="nonce">The nonce associated with this message, which must match the value provided during encryption.</param>
/// <param name="ciphertext">The encrypted content to decrypt.</param>
/// <param name="tag">The authentication tag produced for this message during encryption.</param>
/// <param name="plaintext">The byte span to receive the decrypted contents.</param>
/// <param name="associatedData">Extra data associated with this message, which must match the value provided during encryption.</param>
/// <exception cref="CryptographicException">The tag value could not be verified, or the decryption operation otherwise failed.</exception>
public void Decrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> ciphertext, ReadOnlySpan <byte> tag, Span <byte> plaintext, ReadOnlySpan <byte> associatedData = default)
{
if (nonce.IsEmpty || nonce.Length != _snuffle.NonceSizeInBytes)
{
throw new ArgumentException(Snuffle.FormatNonceLengthExceptionMessage(_snuffle.GetType().Name, nonce.Length, _snuffle.NonceSizeInBytes));
}
try
{
var aadPaddedLen = GetPaddedLength(associatedData, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var ciphertextPaddedLen = GetPaddedLength(ciphertext, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var macData = new Span <byte>(new byte[aadPaddedLen + ciphertextPaddedLen + Poly1305.MAC_TAG_SIZE_IN_BYTES]);
PrepareMacDataRfc8439(macData, associatedData, aadPaddedLen, ciphertext, ciphertextPaddedLen);
Poly1305.VerifyMac(GetMacKey(nonce), macData, tag);
}
catch (CryptographicException ex) when(ex.Message.Contains("length"))
{
throw;
}
catch (Exception ex)
{
throw new CryptographicException(AEAD_EXCEPTION_INVALID_TAG, ex);
}
_snuffle.Decrypt(ciphertext, nonce, plaintext);
}