]>
Commit | Line | Data |
---|---|---|
881d07fa ML |
1 | /* |
2 | chronyd/chronyc - Programs for keeping computer clocks accurate. | |
3 | ||
4 | ********************************************************************** | |
5 | * Copyright (C) Miroslav Lichvar 2019 | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of version 2 of the GNU General Public License as | |
9 | * published by the Free Software Foundation. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License along | |
17 | * with this program; if not, write to the Free Software Foundation, Inc., | |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
19 | * | |
20 | ********************************************************************** | |
21 | ||
22 | ======================================================================= | |
23 | ||
24 | SIV ciphers using the Nettle library | |
25 | */ | |
26 | ||
27 | #include "config.h" | |
28 | ||
29 | #include "sysincl.h" | |
30 | ||
2d798bc4 | 31 | #ifdef HAVE_NETTLE_SIV_CMAC |
881d07fa | 32 | #include <nettle/siv-cmac.h> |
2d798bc4 ML |
33 | #else |
34 | #include "siv_nettle_int.c" | |
35 | #endif | |
881d07fa ML |
36 | |
37 | #include "memory.h" | |
38 | #include "siv.h" | |
39 | ||
40 | struct SIV_Instance_Record { | |
41 | struct siv_cmac_aes128_ctx siv; | |
2bb88b45 | 42 | int key_set; |
881d07fa ML |
43 | }; |
44 | ||
45 | /* ================================================== */ | |
46 | ||
47 | SIV_Instance | |
48 | SIV_CreateInstance(SIV_Algorithm algorithm) | |
49 | { | |
50 | SIV_Instance instance; | |
51 | ||
52 | if (algorithm != AEAD_AES_SIV_CMAC_256) | |
53 | return NULL; | |
54 | ||
55 | instance = MallocNew(struct SIV_Instance_Record); | |
2bb88b45 | 56 | instance->key_set = 0; |
881d07fa ML |
57 | |
58 | return instance; | |
59 | } | |
60 | ||
61 | /* ================================================== */ | |
62 | ||
63 | void | |
64 | SIV_DestroyInstance(SIV_Instance instance) | |
65 | { | |
66 | Free(instance); | |
67 | } | |
68 | ||
69 | /* ================================================== */ | |
70 | ||
71 | int | |
72 | SIV_GetKeyLength(SIV_Algorithm algorithm) | |
73 | { | |
32a82a38 ML |
74 | assert(32 <= SIV_MAX_KEY_LENGTH); |
75 | ||
881d07fa ML |
76 | if (algorithm == AEAD_AES_SIV_CMAC_256) |
77 | return 32; | |
78 | return 0; | |
79 | } | |
80 | ||
81 | /* ================================================== */ | |
82 | ||
83 | int | |
84 | SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length) | |
85 | { | |
86 | if (length != 32) | |
87 | return 0; | |
88 | ||
89 | siv_cmac_aes128_set_key(&instance->siv, key); | |
90 | ||
2bb88b45 ML |
91 | instance->key_set = 1; |
92 | ||
881d07fa ML |
93 | return 1; |
94 | } | |
95 | ||
96 | /* ================================================== */ | |
97 | ||
98 | int | |
99 | SIV_GetTagLength(SIV_Instance instance) | |
100 | { | |
32a82a38 ML |
101 | assert(SIV_DIGEST_SIZE <= SIV_MAX_TAG_LENGTH); |
102 | ||
881d07fa ML |
103 | return SIV_DIGEST_SIZE; |
104 | } | |
105 | ||
106 | /* ================================================== */ | |
107 | ||
108 | int | |
109 | SIV_Encrypt(SIV_Instance instance, | |
110 | const unsigned char *nonce, int nonce_length, | |
111 | const void *assoc, int assoc_length, | |
112 | const void *plaintext, int plaintext_length, | |
113 | unsigned char *ciphertext, int ciphertext_length) | |
114 | { | |
2bb88b45 ML |
115 | if (!instance->key_set) |
116 | return 0; | |
117 | ||
881d07fa ML |
118 | if (nonce_length < SIV_MIN_NONCE_SIZE || assoc_length < 0 || |
119 | plaintext_length < 0 || plaintext_length > ciphertext_length || | |
120 | plaintext_length + SIV_DIGEST_SIZE != ciphertext_length) | |
121 | return 0; | |
122 | ||
123 | assert(assoc && plaintext); | |
124 | ||
125 | siv_cmac_aes128_encrypt_message(&instance->siv, nonce_length, nonce, | |
126 | assoc_length, assoc, | |
127 | ciphertext_length, ciphertext, plaintext); | |
128 | return 1; | |
129 | } | |
130 | ||
131 | /* ================================================== */ | |
132 | ||
133 | int | |
134 | SIV_Decrypt(SIV_Instance instance, | |
135 | const unsigned char *nonce, int nonce_length, | |
136 | const void *assoc, int assoc_length, | |
137 | const unsigned char *ciphertext, int ciphertext_length, | |
138 | void *plaintext, int plaintext_length) | |
139 | { | |
2bb88b45 ML |
140 | if (!instance->key_set) |
141 | return 0; | |
142 | ||
881d07fa ML |
143 | if (nonce_length < SIV_MIN_NONCE_SIZE || assoc_length < 0 || |
144 | plaintext_length < 0 || plaintext_length > ciphertext_length || | |
145 | plaintext_length + SIV_DIGEST_SIZE != ciphertext_length) | |
146 | return 0; | |
147 | ||
148 | assert(assoc && plaintext); | |
149 | ||
150 | if (!siv_cmac_aes128_decrypt_message(&instance->siv, nonce_length, nonce, | |
151 | assoc_length, assoc, | |
152 | plaintext_length, plaintext, ciphertext)) | |
153 | return 0; | |
154 | ||
155 | return 1; | |
156 | } |