public virtual byte[] Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
var ciphertext = _snuffle.Encrypt(plaintext, nonce);
var tag = Poly1305.ComputeMac(GetMacKey(nonce), GetMacDataRfc8439(associatedData, ciphertext));
return(CryptoBytes.Combine(ciphertext, tag));
}
public virtual byte[] Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
var ciphertext = _snuffle.Encrypt(plaintext, nonce);
using (var macKey = GetMacKey(nonce))
using (var macData = GetMacDataRfc8439(associatedData, ciphertext))
{
var tag = Poly1305.ComputeMac(macKey.Span, macData.Span);
macKey.Span.Clear();
macData.Span.Clear();
// Array.Resize(ref ciphertext, ciphertext.Length + Poly1305.MAC_TAG_SIZE_IN_BYTES);
// Array.Copy(tag, 0, ciphertext, ciphertext.Length - Poly1305.MAC_TAG_SIZE_IN_BYTES, tag.Length);
// return ciphertext;
// return ciphertext.Concat(tag).ToArray(); // could be inefficient
return(CryptoBytes.Combine(ciphertext, tag));
}
}
/// <summary>
/// Encrypts the <paramref name="plaintext"/> into the <paramref name="ciphertext"/> destination buffer and computes an authentication tag into a separate buffer with <see cref="Poly1305"/> authentication based on an <paramref name="associatedData"/> and a <paramref name="nonce"/>.
/// </summary>
/// <param name="nonce">The nonce associated with this message, which should be a unique value for every operation with the same key.</param>
/// <param name="plaintext">The content to encrypt.</param>
/// <param name="ciphertext">The byte span to receive the encrypted contents.</param>
/// <param name="tag">The byte span to receive the generated authentication tag.</param>
/// <param name="associatedData">Extra data associated with this message, which must also be provided during decryption.</param>
/// <exception cref="CryptographicException">plaintext or nonce</exception>
public void Encrypt(ReadOnlySpan <byte> nonce, ReadOnlySpan <byte> plaintext, Span <byte> ciphertext, Span <byte> tag, ReadOnlySpan <byte> associatedData = default)
{
//if (plaintext.Length > int.MaxValue - _snuffle.NonceSizeInBytes() - Poly1305.MAC_TAG_SIZE_IN_BYTES)
// throw new ArgumentException($"The {nameof(plaintext)} is too long.");
_snuffle.Encrypt(plaintext, nonce, ciphertext);
var aadPaddedLen = GetPaddedLength(associatedData, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var ciphertextPaddedLen = GetPaddedLength(ciphertext, Poly1305.MAC_TAG_SIZE_IN_BYTES);
var macData = new Span <byte>(new byte[aadPaddedLen + ciphertextPaddedLen + Poly1305.MAC_TAG_SIZE_IN_BYTES]);
PrepareMacDataRfc8439(macData, associatedData, aadPaddedLen, ciphertext, ciphertextPaddedLen);
Poly1305.ComputeMac(GetMacKey(nonce), macData, tag);
}
