From 3780fa98afe497187a038cd994848ab111712712 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 16 Aug 2019 12:33:22 +0100
Subject: [PATCH] symm/gaead.h: Specify a flag for `AEAD' schemes which don't
 do AAD.

This is a useful shape, and, in particular, it covers the NaCl
`crypto_secretbox' transform.
---
 symm/gaead.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/symm/gaead.h b/symm/gaead.h
index cad250c9..33feb366 100644
--- a/symm/gaead.h
+++ b/symm/gaead.h
@@ -124,7 +124,8 @@ typedef struct gaead_aadops {
 
   void (*hash)(gaead_aad */*a*/, const void */*h*/, size_t /*hsz*/);
 	/* Feed header (additional authenticated) data into the AAD-hashing
-	 * object.
+	 * object.  If the @AEADF_NOAAD@ class flag is set then @hsz@ must be
+	 * zero.
 	 */
 
   void (*destroy)(gaead_aad */*a*/);
@@ -262,6 +263,7 @@ typedef struct gcaead {
 #define AEADF_PCTSZ 4u			/*   Precommit to tag size */
 #define AEADF_AADNDEP 8u		/*   AAD hash is nonce-dependent */
 #define AEADF_AADFIRST 16u		/*   AAD must precede msg/ct */
+#define AEADF_NOAAD 32u			/*   AAD is not permitted */
 
   gaead_key *(*key)(const void */*k*/, size_t /*ksz*/);
 	/* Return a key object (above) with the given key material. */
-- 
2.11.0