164 lines
7.1 KiB
C
164 lines
7.1 KiB
C
/* ---------------------------------------------------------------------------
|
|
*
|
|
* AEAD API 0.12 - 23-MAY-2012
|
|
*
|
|
* This file gives an interface appropriate for many authenticated
|
|
* encryption with associated data (AEAD) implementations. It does not try
|
|
* to accommodate all possible options or limitations that an implementation
|
|
* might have -- you should consult the documentation of your chosen
|
|
* implementation to find things like RFC 5116 constants, alignment
|
|
* requirements, whether the incremental interface is supported, etc.
|
|
*
|
|
* This file is in the public domain. It is provided "as is", without
|
|
* warranty of any kind. Use at your own risk.
|
|
*
|
|
* Comments are welcome: Ted Krovetz <ted@krovetz>.
|
|
*
|
|
* ------------------------------------------------------------------------ */
|
|
|
|
#ifndef _AE_H_
|
|
#define _AE_H_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* Constants
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
/* Return status codes: Negative return values indicate an error occurred.
|
|
* For full explanations of error values, consult the implementation's
|
|
* documentation. */
|
|
#define AE_SUCCESS (0) /* Indicates successful completion of call */
|
|
#define AE_INVALID (-1) /* Indicates bad tag during decryption */
|
|
#define AE_NOT_SUPPORTED (-2) /* Indicates unsupported option requested */
|
|
|
|
/* Flags: When data can be processed "incrementally", these flags are used
|
|
* to indicate whether the submitted data is the last or not. */
|
|
#define AE_FINALIZE (1) /* This is the last of data */
|
|
#define AE_PENDING (0) /* More data of is coming */
|
|
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* AEAD opaque structure definition
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
typedef struct _ae_ctx ae_ctx;
|
|
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* Data Structure Routines
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
ae_ctx* ae_allocate(void* misc); /* Allocate ae_ctx, set optional ptr */
|
|
void ae_free(ae_ctx* ctx); /* Deallocate ae_ctx struct */
|
|
int ae_clear(ae_ctx* ctx); /* Undo initialization */
|
|
int ae_ctx_sizeof(void); /* Return sizeof(ae_ctx) */
|
|
/* ae_allocate() allocates an ae_ctx structure, but does not initialize it.
|
|
* ae_free() deallocates an ae_ctx structure, but does not zero it.
|
|
* ae_clear() zeroes sensitive values associated with an ae_ctx structure
|
|
* and deallocates any auxiliary structures allocated during ae_init().
|
|
* ae_ctx_sizeof() returns sizeof(ae_ctx), to aid in any static allocations.
|
|
*/
|
|
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* AEAD Routines
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len);
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* Initialize an ae_ctx context structure.
|
|
*
|
|
* Parameters:
|
|
* ctx - Pointer to an ae_ctx structure to be initialized
|
|
* key - Pointer to user-supplied key
|
|
* key_len - Length of key supplied, in bytes
|
|
* nonce_len - Length of nonces to be used for this key, in bytes
|
|
* tag_len - Length of tags to be produced for this key, in bytes
|
|
*
|
|
* Returns:
|
|
* AE_SUCCESS - Success. Ctx ready for use.
|
|
* AE_NOT_SUPPORTED - An unsupported length was supplied. Ctx is untouched.
|
|
* Otherwise - Error. Check implementation documentation for codes.
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad,
|
|
int ad_len, void* ct, void* tag, int final);
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* Encrypt plaintext; provide for authentication of ciphertext/associated data.
|
|
*
|
|
* Parameters:
|
|
* ctx - Pointer to an ae_ctx structure initialized by ae_init.
|
|
* nonce - Pointer to a nonce_len (defined in ae_init) byte nonce.
|
|
* pt - Pointer to plaintext bytes to be encrypted.
|
|
* pt_len - number of bytes pointed to by pt.
|
|
* ad - Pointer to associated data.
|
|
* ad_len - number of bytes pointed to by ad.
|
|
* ct - Pointer to buffer to receive ciphertext encryption.
|
|
* tag - Pointer to receive authentication tag; or NULL
|
|
* if tag is to be bundled into the ciphertext.
|
|
* final - Non-zero if this call completes the plaintext being encrypted.
|
|
*
|
|
* If nonce!=NULL then a message is being initiated. If final!=0
|
|
* then a message is being finalized. If final==0 or nonce==NULL
|
|
* then the incremental interface is being used. If nonce!=NULL and
|
|
* ad_len<0, then use same ad as last message.
|
|
*
|
|
* Returns:
|
|
* non-negative - Number of bytes written to ct.
|
|
* AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
|
|
* Otherwise - Error. Check implementation documentation for codes.
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad,
|
|
int ad_len, void* pt, const void* tag, int final);
|
|
/* --------------------------------------------------------------------------
|
|
*
|
|
* Decrypt ciphertext; provide authenticity of plaintext and associated data.
|
|
*
|
|
* Parameters:
|
|
* ctx - Pointer to an ae_ctx structure initialized by ae_init.
|
|
* nonce - Pointer to a nonce_len (defined in ae_init) byte nonce.
|
|
* ct - Pointer to ciphertext bytes to be decrypted.
|
|
* ct_len - number of bytes pointed to by ct.
|
|
* ad - Pointer to associated data.
|
|
* ad_len - number of bytes pointed to by ad.
|
|
* pt - Pointer to buffer to receive plaintext decryption.
|
|
* tag - Pointer to tag_len (defined in ae_init) bytes; or NULL
|
|
* if tag is bundled into the ciphertext. Non-NULL tag is only
|
|
* read when final is non-zero.
|
|
* final - Non-zero if this call completes the ciphertext being decrypted.
|
|
*
|
|
* If nonce!=NULL then "ct" points to the start of a ciphertext. If final!=0
|
|
* then "in" points to the final piece of ciphertext. If final==0 or nonce==
|
|
* NULL then the incremental interface is being used. If nonce!=NULL and
|
|
* ad_len<0, then use same ad as last message.
|
|
*
|
|
* Returns:
|
|
* non-negative - Number of bytes written to pt.
|
|
* AE_INVALID - Authentication failure.
|
|
* AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
|
|
* Otherwise - Error. Check implementation documentation for codes.
|
|
*
|
|
* NOTE !!! NOTE !!! -- The ciphertext should be assumed possibly inauthentic
|
|
* until it has been completely written and it is
|
|
* verified that this routine did not return AE_INVALID.
|
|
*
|
|
* ----------------------------------------------------------------------- */
|
|
|
|
#ifdef __cplusplus
|
|
} /* closing brace for extern "C" */
|
|
#endif
|
|
|
|
#endif /* _AE_H_ */
|