1 /* ---------------------------------------------------------------------------
2  *
3  * AEAD API 0.12 - 23-MAY-2012
4  *
5  * This file gives an interface appropriate for many authenticated
6  * encryption with associated data (AEAD) implementations. It does not try
7  * to accommodate all possible options or limitations that an implementation
8  * might have -- you should consult the documentation of your chosen
9  * implementation to find things like RFC 5116 constants, alignment
10  * requirements, whether the incremental interface is supported, etc.
11  *
12  * This file is in the public domain. It is provided "as is", without
13  * warranty of any kind. Use at your own risk.
14  *
15  * Comments are welcome: Ted Krovetz <ted@krovetz>.
16  *
17  * ------------------------------------------------------------------------ */
18 
19 #ifndef _AE_H_
20 #define _AE_H_
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 /* --------------------------------------------------------------------------
27  *
28  * Constants
29  *
30  * ----------------------------------------------------------------------- */
31 
32 /* Return status codes: Negative return values indicate an error occurred.
33  * For full explanations of error values, consult the implementation's
34  * documentation.                                                          */
35 #define AE_SUCCESS (0)        /* Indicates successful completion of call  */
36 #define AE_INVALID (-1)       /* Indicates bad tag during decryption      */
37 #define AE_NOT_SUPPORTED (-2) /* Indicates unsupported option requested   */
38 
39 /* Flags: When data can be processed "incrementally", these flags are used
40  * to indicate whether the submitted data is the last or not.               */
41 #define AE_FINALIZE (1) /* This is the last of data                  */
42 #define AE_PENDING (0)  /* More data of is coming                    */
43 
44 /* --------------------------------------------------------------------------
45  *
46  * AEAD opaque structure definition
47  *
48  * ----------------------------------------------------------------------- */
49 
50 typedef struct _ae_ctx ae_ctx;
51 
52 /* --------------------------------------------------------------------------
53  *
54  * Data Structure Routines
55  *
56  * ----------------------------------------------------------------------- */
57 
58 ae_ctx* ae_allocate(void* misc); /* Allocate ae_ctx, set optional ptr   */
59 void ae_free(ae_ctx* ctx);       /* Deallocate ae_ctx struct            */
60 int ae_clear(ae_ctx* ctx);       /* Undo initialization                 */
61 int ae_ctx_sizeof(void);         /* Return sizeof(ae_ctx)               */
62 /* ae_allocate() allocates an ae_ctx structure, but does not initialize it.
63  * ae_free() deallocates an ae_ctx structure, but does not zero it.
64  * ae_clear() zeroes sensitive values associated with an ae_ctx structure
65  * and deallocates any auxiliary structures allocated during ae_init().
66  * ae_ctx_sizeof() returns sizeof(ae_ctx), to aid in any static allocations.
67  */
68 
69 /* --------------------------------------------------------------------------
70  *
71  * AEAD Routines
72  *
73  * ----------------------------------------------------------------------- */
74 
75 int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len);
76 /* --------------------------------------------------------------------------
77  *
78  * Initialize an ae_ctx context structure.
79  *
80  * Parameters:
81  *  ctx       - Pointer to an ae_ctx structure to be initialized
82  *  key       - Pointer to user-supplied key
83  *  key_len   - Length of key supplied, in bytes
84  *  nonce_len - Length of nonces to be used for this key, in bytes
85  *  tag_len   - Length of tags to be produced for this key, in bytes
86  *
87  * Returns:
88  *  AE_SUCCESS       - Success. Ctx ready for use.
89  *  AE_NOT_SUPPORTED - An unsupported length was supplied. Ctx is untouched.
90  *  Otherwise        - Error. Check implementation documentation for codes.
91  *
92  * ----------------------------------------------------------------------- */
93 
94 int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad,
95                int ad_len, void* ct, void* tag, int final);
96 /* --------------------------------------------------------------------------
97  *
98  * Encrypt plaintext; provide for authentication of ciphertext/associated data.
99  *
100  * Parameters:
101  *  ctx    - Pointer to an ae_ctx structure initialized by ae_init.
102  *  nonce  - Pointer to a nonce_len (defined in ae_init) byte nonce.
103  *  pt     - Pointer to plaintext bytes to be encrypted.
104  *  pt_len - number of bytes pointed to by pt.
105  *  ad     - Pointer to associated data.
106  *  ad_len - number of bytes pointed to by ad.
107  *  ct     - Pointer to buffer to receive ciphertext encryption.
108  *  tag    - Pointer to receive authentication tag; or NULL
109  *           if tag is to be bundled into the ciphertext.
110  *  final  - Non-zero if this call completes the plaintext being encrypted.
111  *
112  * If nonce!=NULL then a message is being initiated. If final!=0
113  * then a message is being finalized. If final==0 or nonce==NULL
114  * then the incremental interface is being used. If nonce!=NULL and
115  * ad_len<0, then use same ad as last message.
116  *
117  * Returns:
118  *  non-negative     - Number of bytes written to ct.
119  *  AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
120  *  Otherwise        - Error. Check implementation documentation for codes.
121  *
122  * ----------------------------------------------------------------------- */
123 
124 int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad,
125                int ad_len, void* pt, const void* tag, int final);
126 /* --------------------------------------------------------------------------
127  *
128  * Decrypt ciphertext; provide authenticity of plaintext and associated data.
129  *
130  * Parameters:
131  *  ctx    - Pointer to an ae_ctx structure initialized by ae_init.
132  *  nonce  - Pointer to a nonce_len (defined in ae_init) byte nonce.
133  *  ct     - Pointer to ciphertext bytes to be decrypted.
134  *  ct_len - number of bytes pointed to by ct.
135  *  ad     - Pointer to associated data.
136  *  ad_len - number of bytes pointed to by ad.
137  *  pt     - Pointer to buffer to receive plaintext decryption.
138  *  tag    - Pointer to tag_len (defined in ae_init) bytes; or NULL
139  *           if tag is bundled into the ciphertext. Non-NULL tag is only
140  *           read when final is non-zero.
141  *  final  - Non-zero if this call completes the ciphertext being decrypted.
142  *
143  * If nonce!=NULL then "ct" points to the start of a ciphertext. If final!=0
144  * then "in" points to the final piece of ciphertext. If final==0 or nonce==
145  * NULL then the incremental interface is being used. If nonce!=NULL and
146  * ad_len<0, then use same ad as last message.
147  *
148  * Returns:
149  *  non-negative     - Number of bytes written to pt.
150  *  AE_INVALID       - Authentication failure.
151  *  AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
152  *  Otherwise        - Error. Check implementation documentation for codes.
153  *
154  * NOTE !!! NOTE !!! -- The ciphertext should be assumed possibly inauthentic
155  *                      until it has been completely written and it is
156  *                      verified that this routine did not return AE_INVALID.
157  *
158  * ----------------------------------------------------------------------- */
159 
160 #ifdef __cplusplus
161 } /* closing brace for extern "C" */
162 #endif
163 
164 #endif /* _AE_H_ */
165