1 /* --------------------------------------------------------------------------- 2 * 3 * AEAD API 0.12 - 23-MAY-2012 4 * 5 * This file gives an interface appropriate for many authenticated 6 * encryption with associated data (AEAD) implementations. It does not try 7 * to accommodate all possible options or limitations that an implementation 8 * might have -- you should consult the documentation of your chosen 9 * implementation to find things like RFC 5116 constants, alignment 10 * requirements, whether the incremental interface is supported, etc. 11 * 12 * This file is in the public domain. It is provided "as is", without 13 * warranty of any kind. Use at your own risk. 14 * 15 * Comments are welcome: Ted Krovetz <ted@krovetz>. 16 * 17 * ------------------------------------------------------------------------ */ 18 19 #ifndef _AE_H_ 20 #define _AE_H_ 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 /* -------------------------------------------------------------------------- 27 * 28 * Constants 29 * 30 * ----------------------------------------------------------------------- */ 31 32 /* Return status codes: Negative return values indicate an error occurred. 33 * For full explanations of error values, consult the implementation's 34 * documentation. */ 35 #define AE_SUCCESS (0) /* Indicates successful completion of call */ 36 #define AE_INVALID (-1) /* Indicates bad tag during decryption */ 37 #define AE_NOT_SUPPORTED (-2) /* Indicates unsupported option requested */ 38 39 /* Flags: When data can be processed "incrementally", these flags are used 40 * to indicate whether the submitted data is the last or not. */ 41 #define AE_FINALIZE (1) /* This is the last of data */ 42 #define AE_PENDING (0) /* More data of is coming */ 43 44 /* -------------------------------------------------------------------------- 45 * 46 * AEAD opaque structure definition 47 * 48 * ----------------------------------------------------------------------- */ 49 50 typedef struct _ae_ctx ae_ctx; 51 52 /* -------------------------------------------------------------------------- 53 * 54 * Data Structure Routines 55 * 56 * ----------------------------------------------------------------------- */ 57 58 ae_ctx* ae_allocate(void* misc); /* Allocate ae_ctx, set optional ptr */ 59 void ae_free(ae_ctx* ctx); /* Deallocate ae_ctx struct */ 60 int ae_clear(ae_ctx* ctx); /* Undo initialization */ 61 int ae_ctx_sizeof(void); /* Return sizeof(ae_ctx) */ 62 /* ae_allocate() allocates an ae_ctx structure, but does not initialize it. 63 * ae_free() deallocates an ae_ctx structure, but does not zero it. 64 * ae_clear() zeroes sensitive values associated with an ae_ctx structure 65 * and deallocates any auxiliary structures allocated during ae_init(). 66 * ae_ctx_sizeof() returns sizeof(ae_ctx), to aid in any static allocations. 67 */ 68 69 /* -------------------------------------------------------------------------- 70 * 71 * AEAD Routines 72 * 73 * ----------------------------------------------------------------------- */ 74 75 int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len); 76 /* -------------------------------------------------------------------------- 77 * 78 * Initialize an ae_ctx context structure. 79 * 80 * Parameters: 81 * ctx - Pointer to an ae_ctx structure to be initialized 82 * key - Pointer to user-supplied key 83 * key_len - Length of key supplied, in bytes 84 * nonce_len - Length of nonces to be used for this key, in bytes 85 * tag_len - Length of tags to be produced for this key, in bytes 86 * 87 * Returns: 88 * AE_SUCCESS - Success. Ctx ready for use. 89 * AE_NOT_SUPPORTED - An unsupported length was supplied. Ctx is untouched. 90 * Otherwise - Error. Check implementation documentation for codes. 91 * 92 * ----------------------------------------------------------------------- */ 93 94 int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad, 95 int ad_len, void* ct, void* tag, int final); 96 /* -------------------------------------------------------------------------- 97 * 98 * Encrypt plaintext; provide for authentication of ciphertext/associated data. 99 * 100 * Parameters: 101 * ctx - Pointer to an ae_ctx structure initialized by ae_init. 102 * nonce - Pointer to a nonce_len (defined in ae_init) byte nonce. 103 * pt - Pointer to plaintext bytes to be encrypted. 104 * pt_len - number of bytes pointed to by pt. 105 * ad - Pointer to associated data. 106 * ad_len - number of bytes pointed to by ad. 107 * ct - Pointer to buffer to receive ciphertext encryption. 108 * tag - Pointer to receive authentication tag; or NULL 109 * if tag is to be bundled into the ciphertext. 110 * final - Non-zero if this call completes the plaintext being encrypted. 111 * 112 * If nonce!=NULL then a message is being initiated. If final!=0 113 * then a message is being finalized. If final==0 or nonce==NULL 114 * then the incremental interface is being used. If nonce!=NULL and 115 * ad_len<0, then use same ad as last message. 116 * 117 * Returns: 118 * non-negative - Number of bytes written to ct. 119 * AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky). 120 * Otherwise - Error. Check implementation documentation for codes. 121 * 122 * ----------------------------------------------------------------------- */ 123 124 int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad, 125 int ad_len, void* pt, const void* tag, int final); 126 /* -------------------------------------------------------------------------- 127 * 128 * Decrypt ciphertext; provide authenticity of plaintext and associated data. 129 * 130 * Parameters: 131 * ctx - Pointer to an ae_ctx structure initialized by ae_init. 132 * nonce - Pointer to a nonce_len (defined in ae_init) byte nonce. 133 * ct - Pointer to ciphertext bytes to be decrypted. 134 * ct_len - number of bytes pointed to by ct. 135 * ad - Pointer to associated data. 136 * ad_len - number of bytes pointed to by ad. 137 * pt - Pointer to buffer to receive plaintext decryption. 138 * tag - Pointer to tag_len (defined in ae_init) bytes; or NULL 139 * if tag is bundled into the ciphertext. Non-NULL tag is only 140 * read when final is non-zero. 141 * final - Non-zero if this call completes the ciphertext being decrypted. 142 * 143 * If nonce!=NULL then "ct" points to the start of a ciphertext. If final!=0 144 * then "in" points to the final piece of ciphertext. If final==0 or nonce== 145 * NULL then the incremental interface is being used. If nonce!=NULL and 146 * ad_len<0, then use same ad as last message. 147 * 148 * Returns: 149 * non-negative - Number of bytes written to pt. 150 * AE_INVALID - Authentication failure. 151 * AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky). 152 * Otherwise - Error. Check implementation documentation for codes. 153 * 154 * NOTE !!! NOTE !!! -- The ciphertext should be assumed possibly inauthentic 155 * until it has been completely written and it is 156 * verified that this routine did not return AE_INVALID. 157 * 158 * ----------------------------------------------------------------------- */ 159 160 #ifdef __cplusplus 161 } /* closing brace for extern "C" */ 162 #endif 163 164 #endif /* _AE_H_ */ 165
