--- /dev/null
+/* -*-c-*-
+ *
+ * Generic authenticated encryption interface
+ *
+ * (c) 2018 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Library General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb. If not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "gaead.h"
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @gaead_encrypt@ --- *
+ *
+ * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
+ * @const void *n@, @size_t nsz@ = nonce
+ * @const void *h@, @size_t hsz@ = additional `header' data
+ * @const void *m@, @size_t msz@ = message input
+ * @void *c@, @size_t *csz_input@ = ciphertext output
+ * @void *t@, @size_t tsz@ = tag output
+ *
+ * Returns: Zero on success, @-1@ if the output buffer is too small.
+ *
+ * Use: Encrypts and authenticates a message in a single operation.
+ * This just saves a bunch of messing about with the various
+ * @gaead_...@ objects.
+ *
+ * On entry, @*csz_inout@ should be the capacity of the
+ * ciphertext buffer; on exit, it will be updated with the
+ * actual size of ciphertext produced. The function will not
+ * fail if @*csz_inout >= msz + k->c->ohd@.
+ */
+
+int gaead_encrypt(const gaead_key *k, const void *n, size_t nsz,
+ const void *h, size_t hsz,
+ const void *m, size_t msz,
+ void *c, size_t *csz_inout,
+ void *t, size_t tsz)
+{
+ gaead_enc *e = 0;
+ gaead_aad *a = 0;
+ buf b;
+ int rc;
+
+ buf_init(&b, c, *csz_inout);
+ e = GAEAD_ENC(k, n, nsz, hsz, msz, tsz); if (!e) { rc = -1; goto end; }
+ if (hsz) { a = GAEAD_AAD(e); GAEAD_HASH(a, h, hsz); }
+ rc = GAEAD_ENCRYPT(e, m, msz, &b); if (rc) goto end;
+ rc = GAEAD_DONE(e, a, &b, t, tsz);
+end:
+ if (rc >= 0) *csz_inout = BLEN(&b);
+ if (e) GAEAD_DESTROY(e);
+ if (a) GAEAD_DESTROY(a);
+ return (rc);
+}
+
+/* --- @gaead_decrypt@ --- *
+ *
+ * Arguments: @const gaead_key *k@ = the AEAD key, already prepared
+ * @const void *n@, @size_t nsz@ = nonce
+ * @const void *h@, @size_t hsz@ = additional `header' data
+ * @const void *c@, @size_t csz@ = ciphertext input
+ * @void *m@, @size_t *msz_inout@ = message output
+ * @const void *t@, @size_t tsz@ = tag input
+ *
+ * Returns: @+1@ if everything is good; zero for authentication failure,
+ * @-1@ for other problems.
+ *
+ * Use: Decrypts and verifies a message in a single operation.
+ * This just saves a bunch of messing about with the various
+ * @gaead_...@ objects.
+ *
+ * On entry, @*msz_inout@ should be the capacity of the
+ * message buffer; on exit, it will be updated with the
+ * actual size of message produced. The function will not
+ * fail if @*msz_inout >= csz@.
+ */
+
+int gaead_decrypt(const gaead_key *k, const void *n, size_t nsz,
+ const void *h, size_t hsz,
+ const void *c, size_t csz,
+ void *m, size_t *msz_inout,
+ const void *t, size_t tsz)
+{
+ gaead_dec *d = 0;
+ gaead_aad *a = 0;
+ buf b;
+ int rc;
+
+ buf_init(&b, m, *msz_inout);
+ d = GAEAD_DEC(k, n, nsz, hsz, csz, tsz); if (!d) { rc = -1; goto end; }
+ if (hsz) { a = GAEAD_AAD(d); GAEAD_HASH(a, h, hsz); }
+ rc = GAEAD_DECRYPT(d, c, csz, &b); if (rc) goto end;
+ rc = GAEAD_DONE(d, a, &b, t, tsz);
+end:
+ if (rc >= 0) *msz_inout = BLEN(&b);
+ if (d) GAEAD_DESTROY(d);
+ if (a) GAEAD_DESTROY(a);
+ return (rc);
+}
+
+/*----- That's all, folks -------------------------------------------------*/