Commit | Line | Data |
---|---|---|
96a5a09c MW |
1 | /* -*-c-*- |
2 | * | |
3 | * Generic authenticated encryption interface | |
4 | * | |
5 | * (c) 2018 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Catacomb. | |
11 | * | |
12 | * Catacomb is free software: you can redistribute it and/or modify it | |
13 | * under the terms of the GNU Library General Public License as published | |
14 | * by the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * Catacomb is distributed in the hope that it will be useful, but | |
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
20 | * Library General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU Library General Public | |
23 | * License along with Catacomb. If not, write to the Free Software | |
24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
25 | * USA. | |
26 | */ | |
27 | ||
28 | /*----- Header files ------------------------------------------------------*/ | |
29 | ||
30 | #include "gaead.h" | |
31 | ||
32 | /*----- Main code ---------------------------------------------------------*/ | |
33 | ||
34 | /* --- @gaead_encrypt@ --- * | |
35 | * | |
36 | * Arguments: @const gaead_key *k@ = the AEAD key, already prepared | |
37 | * @const void *n@, @size_t nsz@ = nonce | |
38 | * @const void *h@, @size_t hsz@ = additional `header' data | |
39 | * @const void *m@, @size_t msz@ = message input | |
40 | * @void *c@, @size_t *csz_input@ = ciphertext output | |
41 | * @void *t@, @size_t tsz@ = tag output | |
42 | * | |
43 | * Returns: Zero on success, @-1@ if the output buffer is too small. | |
44 | * | |
45 | * Use: Encrypts and authenticates a message in a single operation. | |
46 | * This just saves a bunch of messing about with the various | |
47 | * @gaead_...@ objects. | |
48 | * | |
49 | * On entry, @*csz_inout@ should be the capacity of the | |
50 | * ciphertext buffer; on exit, it will be updated with the | |
51 | * actual size of ciphertext produced. The function will not | |
52 | * fail if @*csz_inout >= msz + k->c->ohd@. | |
53 | */ | |
54 | ||
55 | int gaead_encrypt(const gaead_key *k, const void *n, size_t nsz, | |
56 | const void *h, size_t hsz, | |
57 | const void *m, size_t msz, | |
58 | void *c, size_t *csz_inout, | |
59 | void *t, size_t tsz) | |
60 | { | |
61 | gaead_enc *e = 0; | |
62 | gaead_aad *a = 0; | |
63 | buf b; | |
64 | int rc; | |
65 | ||
66 | buf_init(&b, c, *csz_inout); | |
67 | e = GAEAD_ENC(k, n, nsz, hsz, msz, tsz); if (!e) { rc = -1; goto end; } | |
68 | if (hsz) { a = GAEAD_AAD(e); GAEAD_HASH(a, h, hsz); } | |
69 | rc = GAEAD_ENCRYPT(e, m, msz, &b); if (rc) goto end; | |
70 | rc = GAEAD_DONE(e, a, &b, t, tsz); | |
71 | end: | |
72 | if (rc >= 0) *csz_inout = BLEN(&b); | |
73 | if (e) GAEAD_DESTROY(e); | |
74 | if (a) GAEAD_DESTROY(a); | |
75 | return (rc); | |
76 | } | |
77 | ||
78 | /* --- @gaead_decrypt@ --- * | |
79 | * | |
80 | * Arguments: @const gaead_key *k@ = the AEAD key, already prepared | |
81 | * @const void *n@, @size_t nsz@ = nonce | |
82 | * @const void *h@, @size_t hsz@ = additional `header' data | |
83 | * @const void *c@, @size_t csz@ = ciphertext input | |
84 | * @void *m@, @size_t *msz_inout@ = message output | |
85 | * @const void *t@, @size_t tsz@ = tag input | |
86 | * | |
87 | * Returns: @+1@ if everything is good; zero for authentication failure, | |
88 | * @-1@ for other problems. | |
89 | * | |
90 | * Use: Decrypts and verifies a message in a single operation. | |
91 | * This just saves a bunch of messing about with the various | |
92 | * @gaead_...@ objects. | |
93 | * | |
94 | * On entry, @*msz_inout@ should be the capacity of the | |
95 | * message buffer; on exit, it will be updated with the | |
96 | * actual size of message produced. The function will not | |
97 | * fail if @*msz_inout >= csz@. | |
98 | */ | |
99 | ||
100 | int gaead_decrypt(const gaead_key *k, const void *n, size_t nsz, | |
101 | const void *h, size_t hsz, | |
102 | const void *c, size_t csz, | |
103 | void *m, size_t *msz_inout, | |
104 | const void *t, size_t tsz) | |
105 | { | |
106 | gaead_dec *d = 0; | |
107 | gaead_aad *a = 0; | |
108 | buf b; | |
109 | int rc; | |
110 | ||
111 | buf_init(&b, m, *msz_inout); | |
112 | d = GAEAD_DEC(k, n, nsz, hsz, csz, tsz); if (!d) { rc = -1; goto end; } | |
113 | if (hsz) { a = GAEAD_AAD(d); GAEAD_HASH(a, h, hsz); } | |
114 | rc = GAEAD_DECRYPT(d, c, csz, &b); if (rc) goto end; | |
115 | rc = GAEAD_DONE(d, a, &b, t, tsz); | |
116 | end: | |
117 | if (rc >= 0) *msz_inout = BLEN(&b); | |
118 | if (d) GAEAD_DESTROY(d); | |
119 | if (a) GAEAD_DESTROY(a); | |
120 | return (rc); | |
121 | } | |
122 | ||
123 | /*----- That's all, folks -------------------------------------------------*/ |