3 * Generic authenticated encryption interface
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
32 /*----- Main code ---------------------------------------------------------*/
34 /* --- @gaead_encrypt@ --- *
36 * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
37 * @const void *n@, @size_t nsz@ = nonce
38 * @const void *h@, @size_t hsz@ = additional `header' data
39 * @const void *m@, @size_t msz@ = message input
40 * @void *c@, @size_t *csz_input@ = ciphertext output
41 * @void *t@, @size_t tsz@ = tag output
43 * Returns: Zero on success, @-1@ if the output buffer is too small.
45 * Use: Encrypts and authenticates a message in a single operation.
46 * This just saves a bunch of messing about with the various
47 * @gaead_...@ objects.
49 * On entry, @*csz_inout@ should be the capacity of the
50 * ciphertext buffer; on exit, it will be updated with the
51 * actual size of ciphertext produced. The function will not
52 * fail if @*csz_inout >= msz + k->c->ohd@.
55 int gaead_encrypt(const gaead_key
*k
, const void *n
, size_t nsz
,
56 const void *h
, size_t hsz
,
57 const void *m
, size_t msz
,
58 void *c
, size_t *csz_inout
,
66 buf_init(&b
, c
, *csz_inout
);
67 e
= GAEAD_ENC(k
, n
, nsz
, hsz
, msz
, tsz
); if (!e
) { rc
= -1; goto end
; }
68 if (hsz
) { a
= GAEAD_AAD(e
); GAEAD_HASH(a
, h
, hsz
); }
69 rc
= GAEAD_ENCRYPT(e
, m
, msz
, &b
); if (rc
) goto end
;
70 rc
= GAEAD_DONE(e
, a
, &b
, t
, tsz
);
72 if (rc
>= 0) *csz_inout
= BLEN(&b
);
73 if (e
) GAEAD_DESTROY(e
);
74 if (a
) GAEAD_DESTROY(a
);
78 /* --- @gaead_decrypt@ --- *
80 * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
81 * @const void *n@, @size_t nsz@ = nonce
82 * @const void *h@, @size_t hsz@ = additional `header' data
83 * @const void *c@, @size_t csz@ = ciphertext input
84 * @void *m@, @size_t *msz_inout@ = message output
85 * @const void *t@, @size_t tsz@ = tag input
87 * Returns: @+1@ if everything is good; zero for authentication failure,
88 * @-1@ for other problems.
90 * Use: Decrypts and verifies a message in a single operation.
91 * This just saves a bunch of messing about with the various
92 * @gaead_...@ objects.
94 * On entry, @*msz_inout@ should be the capacity of the
95 * message buffer; on exit, it will be updated with the
96 * actual size of message produced. The function will not
97 * fail if @*msz_inout >= csz@.
100 int gaead_decrypt(const gaead_key
*k
, const void *n
, size_t nsz
,
101 const void *h
, size_t hsz
,
102 const void *c
, size_t csz
,
103 void *m
, size_t *msz_inout
,
104 const void *t
, size_t tsz
)
111 buf_init(&b
, m
, *msz_inout
);
112 d
= GAEAD_DEC(k
, n
, nsz
, hsz
, csz
, tsz
); if (!d
) { rc
= -1; goto end
; }
113 if (hsz
) { a
= GAEAD_AAD(d
); GAEAD_HASH(a
, h
, hsz
); }
114 rc
= GAEAD_DECRYPT(d
, c
, csz
, &b
); if (rc
) goto end
;
115 rc
= GAEAD_DONE(d
, a
, &b
, t
, tsz
);
117 if (rc
>= 0) *msz_inout
= BLEN(&b
);
118 if (d
) GAEAD_DESTROY(d
);
119 if (a
) GAEAD_DESTROY(a
);
123 /*----- That's all, folks -------------------------------------------------*/