nettle-lookup-hash.c \
nettle-meta-aeads.c nettle-meta-armors.c \
nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \
- ocb.c ocb-aes128-meta.c \
+ ocb.c ocb-aes128.c ocb-aes128-meta.c \
pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \
pbkdf2-hmac-sha256.c pbkdf2-hmac-sha384.c pbkdf2-hmac-sha512.c \
poly1305-aes.c poly1305-internal.c poly1305-update.c \
#include "ocb.h"
#include "nettle-meta.h"
-#define OCB_IV_SIZE 12
-
-struct ocb_aes128_ctx
-{
- struct ocb_key key;
- struct ocb_ctx ocb;
- struct aes128_ctx encrypt;
- struct aes128_ctx decrypt;
-};
-
-static void
-ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key)
-{
- aes128_set_encrypt_key (&ctx->encrypt, key);
- aes128_invert_key (&ctx->decrypt, &ctx->encrypt);
- ocb_set_key (&ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt);
-}
-
-static void
-ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx,
- const uint8_t *iv)
-{
- ocb_set_nonce (&ctx->ocb, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
- OCB_DIGEST_SIZE, OCB_IV_SIZE, iv);
-}
-
-static void
-ocb_aes128_update (struct ocb_aes128_ctx *ctx,
- size_t length, const uint8_t *data)
-{
- ocb_update (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
- length, data);
-}
-
-static void
-ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx,
- size_t length, uint8_t *dst, const uint8_t *src)
-{
- ocb_encrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
- length, dst, src);
-}
-
-static void
-ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx,
- size_t length, uint8_t *dst, const uint8_t *src)
-{
- ocb_decrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
- &ctx->decrypt, (nettle_cipher_func *) aes128_decrypt,
- length, dst, src);
-}
+#define OCB_NONCE_SIZE 12
static void
-ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest)
+ocb_aes128_set_nonce12 (struct ocb_aes128_ctx *ctx,
+ const uint8_t *nonce)
{
- ocb_digest (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
- length, digest);
+ ocb_aes128_set_nonce (ctx, OCB_NONCE_SIZE, nonce);
}
const struct nettle_aead
nettle_ocb_aes128 =
{ "ocb_aes128", sizeof(struct ocb_aes128_ctx),
OCB_BLOCK_SIZE, AES128_KEY_SIZE,
- OCB_IV_SIZE, OCB_DIGEST_SIZE,
+ OCB_NONCE_SIZE, OCB_DIGEST_SIZE,
(nettle_set_key_func *) ocb_aes128_set_key,
(nettle_set_key_func *) ocb_aes128_set_key,
- (nettle_set_key_func *) ocb_aes128_set_nonce,
+ (nettle_set_key_func *) ocb_aes128_set_nonce12,
(nettle_hash_update_func *) ocb_aes128_update,
(nettle_crypt_func *) ocb_aes128_encrypt,
(nettle_crypt_func *) ocb_aes128_decrypt,
--- /dev/null
+/* ocb-aes128.c
+
+ Copyright (C) 2022 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ocb.h"
+
+void
+ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key)
+{
+ aes128_set_encrypt_key (&ctx->encrypt, key);
+ aes128_invert_key (&ctx->decrypt, &ctx->encrypt);
+ ocb_set_key (&ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt);
+}
+
+void
+ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx,
+ size_t nonce_length, const uint8_t *nonce)
+{
+ ocb_set_nonce (&ctx->ocb, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
+ OCB_DIGEST_SIZE, nonce_length, nonce);
+}
+
+void
+ocb_aes128_update (struct ocb_aes128_ctx *ctx,
+ size_t length, const uint8_t *data)
+{
+ ocb_update (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
+ length, data);
+}
+
+void
+ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx,
+ size_t length, uint8_t *dst, const uint8_t *src)
+{
+ ocb_encrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
+ length, dst, src);
+}
+
+void
+ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx,
+ size_t length, uint8_t *dst, const uint8_t *src)
+{
+ ocb_decrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
+ &ctx->decrypt, (nettle_cipher_func *) aes128_decrypt,
+ length, dst, src);
+}
+
+void
+ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest)
+{
+ ocb_digest (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt,
+ length, digest);
+}
+
+void
+ocb_aes128_encrypt_message (const struct aes128_ctx *cipher,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src)
+{
+ struct ocb_key key;
+ ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt);
+ ocb_encrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt,
+ tlength, nlength, nonce, alength, adata, clength, dst, src);
+}
+
+int
+ocb_aes128_decrypt_message (const struct aes128_ctx *cipher,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t plength, uint8_t *dst, const uint8_t *src)
+{
+ struct ocb_key key;
+ struct aes128_ctx decrypt_ctx;
+ aes128_invert_key (&decrypt_ctx, cipher);
+ ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt);
+ return ocb_decrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt,
+ &decrypt_ctx, (nettle_cipher_func *) aes128_decrypt,
+ tlength, nlength, nonce, alength, adata,
+ plength, dst, src);
+}
#include "ocb.h"
#include "block-internal.h"
#include "bswap-internal.h"
+#include "memops.h"
/* Returns 64 bits from the concatenation (u0, u1), starting from bit offset. */
static inline uint64_t
f (cipher, OCB_BLOCK_SIZE, block.b, block.b);
memxor3 (digest, block.b, ctx->sum.b, length);
}
+
+void
+ocb_encrypt_message (const struct ocb_key *key,
+ const void *cipher, nettle_cipher_func *f,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src)
+{
+ struct ocb_ctx ctx;
+ assert (clength >= tlength);
+ ocb_set_nonce (&ctx, cipher, f, tlength, nlength, nonce);
+ ocb_update (&ctx, key, cipher, f, alength, adata);
+ ocb_encrypt (&ctx, key, cipher, f, clength - tlength, dst, src);
+ ocb_digest (&ctx, key, cipher, f, tlength, dst + clength - tlength);
+}
+
+int
+ocb_decrypt_message (const struct ocb_key *key,
+ const void *encrypt_ctx, nettle_cipher_func *encrypt,
+ const void *decrypt_ctx, nettle_cipher_func *decrypt,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t plength, uint8_t *dst, const uint8_t *src)
+{
+ struct ocb_ctx ctx;
+ union nettle_block16 digest;
+ ocb_set_nonce (&ctx, encrypt_ctx, encrypt, tlength, nlength, nonce);
+ ocb_update (&ctx, key, encrypt_ctx, encrypt, alength, adata);
+ ocb_decrypt (&ctx, key, encrypt_ctx, encrypt, decrypt_ctx, decrypt,
+ plength, dst, src);
+ ocb_digest (&ctx, key, encrypt_ctx, encrypt, tlength, digest.b);
+ return memeql_sec(digest.b, src + plength, tlength);
+}
#define NETTLE_OCB_H_INCLUDED
#include "nettle-types.h"
+#include "aes.h"
#ifdef __cplusplus
extern "C" {
#define ocb_encrypt nettle_ocb_encrypt
#define ocb_decrypt nettle_ocb_decrypt
#define ocb_digest nettle_ocb_digest
+#define ocb_encrypt_message nettle_ocb_encrypt_message
+#define ocb_decrypt_message nettle_ocb_decrypt_message
+#define ocb_aes128_set_key nettle_ocb_aes128_set_key
+#define ocb_aes128_update nettle_ocb_aes128_update
+#define ocb_aes128_encrypt nettle_ocb_aes128_encrypt
+#define ocb_aes128_decrypt nettle_ocb_aes128_decrypt
+#define ocb_aes128_digest nettle_ocb_aes128_digest
+#define ocb_aes128_encrypt_message nettle_ocb_aes128_encrypt_message
+#define ocb_aes128_decrypt_message nettle_ocb_aes128_decrypt_message
#define OCB_BLOCK_SIZE 16
#define OCB_DIGEST_SIZE 16
void
ocb_encrypt_message (const struct ocb_key *ocb_key,
const void *cipher, nettle_cipher_func *f,
+ size_t tlength,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t clength, uint8_t *dst, const uint8_t *src);
-void
+int
ocb_decrypt_message (const struct ocb_key *ocb_key,
const void *encrypt_ctx, nettle_cipher_func *encrypt,
const void *decrypt_ctx, nettle_cipher_func *decrypt,
+ size_t tlength,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
- size_t clength, uint8_t *dst, const uint8_t *src);
+ size_t plength, uint8_t *dst, const uint8_t *src);
+
+/* OCB-AES */
+struct ocb_aes128_ctx
+{
+ struct ocb_key key;
+ struct ocb_ctx ocb;
+ struct aes128_ctx encrypt;
+ struct aes128_ctx decrypt;
+};
+
+void
+ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key);
+
+void
+ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx,
+ size_t nonce_length, const uint8_t *nonce);
+
+void
+ocb_aes128_update (struct ocb_aes128_ctx *ctx,
+ size_t length, const uint8_t *data);
+
+void
+ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx,
+ size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx,
+ size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest);
+
+void
+ocb_aes128_encrypt_message (const struct aes128_ctx *cipher,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
+ocb_aes128_decrypt_message (const struct aes128_ctx *cipher,
+ size_t tlength,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src);
#ifdef __cplusplus
}
projects / thirdparty / nettle.git / commitdiff
