3 * Generic authenticated encryption interface
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
32 /*----- Main code ---------------------------------------------------------*/
34 /* --- @gaead_szokcommon@ --- *
36 * Arguments: @const gcaead *aec@ = pointer to AEAD class
37 * @size_t nsz@, @size_t hsz@, @size_t msz@, @size_t tsz@ =
38 * nonce, header, message, and tag sizes
40 * Returns: Nonzero if the sizes are acceptable to the AEAD scheme in
43 * Use: Generic implementation for sensible AEAD schemes.
46 int gaead_szokcommon(const gcaead
*aec
,
47 size_t nsz
, size_t hsz
, size_t msz
, size_t tsz
)
49 if (keysz(nsz
, aec
->noncesz
) != nsz
) return (0);
50 if (keysz(tsz
, aec
->tagsz
) != tsz
) return (0);
51 if (hsz
&& (aec
->f
&AEADF_NOAAD
)) return (0);
55 /* --- @gaead_encrypt@ --- *
57 * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
58 * @const void *n@, @size_t nsz@ = nonce
59 * @const void *h@, @size_t hsz@ = additional `header' data
60 * @const void *m@, @size_t msz@ = message input
61 * @void *c@, @size_t *csz_input@ = ciphertext output
62 * @void *t@, @size_t tsz@ = tag output
64 * Returns: Zero on success, @-1@ if the output buffer is too small.
66 * Use: Encrypts and authenticates a message in a single operation.
67 * This just saves a bunch of messing about with the various
68 * @gaead_...@ objects.
70 * On entry, @*csz_inout@ should be the capacity of the
71 * ciphertext buffer; on exit, it will be updated with the
72 * actual size of ciphertext produced. The function will not
73 * fail if @*csz_inout >= msz + k->c->ohd@.
76 int gaead_encrypt(const gaead_key
*k
, const void *n
, size_t nsz
,
77 const void *h
, size_t hsz
,
78 const void *m
, size_t msz
,
79 void *c
, size_t *csz_inout
,
87 buf_init(&b
, c
, *csz_inout
);
88 e
= GAEAD_ENC(k
, n
, nsz
, hsz
, msz
, tsz
); if (!e
) { rc
= -1; goto end
; }
89 if (hsz
) { a
= GAEAD_AAD(e
); GAEAD_HASH(a
, h
, hsz
); }
90 rc
= GAEAD_ENCRYPT(e
, m
, msz
, &b
); if (rc
) goto end
;
91 rc
= GAEAD_DONE(e
, a
, &b
, t
, tsz
);
93 if (rc
>= 0) *csz_inout
= BLEN(&b
);
94 if (e
) GAEAD_DESTROY(e
);
95 if (a
) GAEAD_DESTROY(a
);
99 /* --- @gaead_decrypt@ --- *
101 * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
102 * @const void *n@, @size_t nsz@ = nonce
103 * @const void *h@, @size_t hsz@ = additional `header' data
104 * @const void *c@, @size_t csz@ = ciphertext input
105 * @void *m@, @size_t *msz_inout@ = message output
106 * @const void *t@, @size_t tsz@ = tag input
108 * Returns: @+1@ if everything is good; zero for authentication failure,
109 * @-1@ for other problems.
111 * Use: Decrypts and verifies a message in a single operation.
112 * This just saves a bunch of messing about with the various
113 * @gaead_...@ objects.
115 * On entry, @*msz_inout@ should be the capacity of the
116 * message buffer; on exit, it will be updated with the
117 * actual size of message produced. The function will not
118 * fail if @*msz_inout >= csz@.
121 int gaead_decrypt(const gaead_key
*k
, const void *n
, size_t nsz
,
122 const void *h
, size_t hsz
,
123 const void *c
, size_t csz
,
124 void *m
, size_t *msz_inout
,
125 const void *t
, size_t tsz
)
132 buf_init(&b
, m
, *msz_inout
);
133 d
= GAEAD_DEC(k
, n
, nsz
, hsz
, csz
, tsz
); if (!d
) { rc
= -1; goto end
; }
134 if (hsz
) { a
= GAEAD_AAD(d
); GAEAD_HASH(a
, h
, hsz
); }
135 rc
= GAEAD_DECRYPT(d
, c
, csz
, &b
); if (rc
) goto end
;
136 rc
= GAEAD_DONE(d
, a
, &b
, t
, tsz
);
138 if (rc
>= 0) *msz_inout
= BLEN(&b
);
139 if (d
) GAEAD_DESTROY(d
);
140 if (a
) GAEAD_DESTROY(a
);
144 /*----- That's all, folks -------------------------------------------------*/