1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/*
* Copyright (C) 2013 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup aead aead
* @{ @ingroup crypto
*/
#ifndef AEAD_H_
#define AEAD_H_
typedef struct aead_t aead_t;
#include <library.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
#include <crypto/iv/iv_gen.h>
/**
* Authenticated encryption / authentication decryption interface.
*/
struct aead_t {
/**
* Encrypt and sign data, sign associated data.
*
* The plain data must be a multiple of get_block_size(), the IV must
* have a length of get_iv_size().
* If encrypted is NULL, the encryption is done inline. The buffer must
* have space for additional get_icv_size() data, the ICV value is
* appended silently to the plain chunk.
*
* @param plain data to encrypt and sign
* @param assoc associated data to sign
* @param iv initialization vector
* @param encrypted allocated encryption result
* @return TRUE if successfully encrypted
*/
bool (*encrypt)(aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
chunk_t *encrypted) __attribute__((warn_unused_result));
/**
* Decrypt and verify data, verify associated data.
*
* The IV must have a length of get_iv_size().
* If plain is NULL, the decryption is done inline. The decrypted data
* is returned in the encrypted chunk, the last get_icv_size() bytes
* contain the verified ICV.
*
* @param encrypted data to decrypt and verify
* @param assoc associated data to verify
* @param iv initialization vector
* @param plain allocated result, if successful
* @return TRUE if MAC verification successful
*/
bool (*decrypt)(aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
chunk_t *plain);
/**
* Get the block size for encryption.
*
* @return block size in bytes
*/
size_t (*get_block_size)(aead_t *this);
/**
* Get the integrity check value size of the algorithm.
*
* @return ICV size in bytes
*/
size_t (*get_icv_size)(aead_t *this);
/**
* Get the size of the initialization vector.
*
* @return IV size in bytes
*/
size_t (*get_iv_size)(aead_t *this);
/**
* Get the IV generator implementation
*
* @return IV generator
*/
iv_gen_t *(*get_iv_gen)(aead_t *this);
/**
* Get the size of the key material (for encryption and authentication).
*
* This includes any additional bytes requires for the implicit nonce part.
* For AEADs based on traditional ciphers, the length is for both
* the integrity and the encryption key in total.
*
* @return key size in bytes
*/
size_t (*get_key_size)(aead_t *this);
/**
* Set the key for encryption and authentication.
*
* If the AEAD uses an implicit nonce, the last part of the key shall
* be the implicit nonce. For AEADs based on traditional ciphers, the
* key shall include both integrity and encryption keys, concatenated
* in that order.
*
* @param key encryption and authentication key
* @return TRUE if key set successfully
*/
bool (*set_key)(aead_t *this,
chunk_t key) __attribute__((warn_unused_result));
/**
* Destroy an aead_t.
*/
void (*destroy)(aead_t *this);
};
/**
* Create a aead instance using traditional transforms.
*
* @param crypter encryption transform for this aead
* @param signer integrity transform for this aead
* @return aead transform
*/
aead_t *aead_create(crypter_t *crypter, signer_t *signer);
#endif /** AEAD_H_ @}*/
|
