blob: 864d34916039124dc320818a860d81c0b659a99b [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -06001/* ---------------------------------------------------------------------------
2 *
3 * AEAD API 0.12 - 23-MAY-2012
4 *
5 * This file gives an interface appropriate for many authenticated
6 * encryption with associated data (AEAD) implementations. It does not try
7 * to accommodate all possible options or limitations that an implementation
8 * might have -- you should consult the documentation of your chosen
9 * implementation to find things like RFC 5116 constants, alignment
10 * requirements, whether the incremental interface is supported, etc.
11 *
12 * This file is in the public domain. It is provided "as is", without
13 * warranty of any kind. Use at your own risk.
14 *
15 * Comments are welcome: Ted Krovetz <ted@krovetz>.
16 *
17 * ------------------------------------------------------------------------ */
18
19#ifndef _AE_H_
20#define _AE_H_
21
22#ifdef __cplusplus
23extern "C" {
24#endif
25
26/* --------------------------------------------------------------------------
27 *
28 * Constants
29 *
30 * ----------------------------------------------------------------------- */
31
32/* Return status codes: Negative return values indicate an error occurred.
33 * For full explanations of error values, consult the implementation's
34 * documentation. */
35#define AE_SUCCESS (0) /* Indicates successful completion of call */
36#define AE_INVALID (-1) /* Indicates bad tag during decryption */
37#define AE_NOT_SUPPORTED (-2) /* Indicates unsupported option requested */
38
39/* Flags: When data can be processed "incrementally", these flags are used
40 * to indicate whether the submitted data is the last or not. */
41#define AE_FINALIZE (1) /* This is the last of data */
42#define AE_PENDING (0) /* More data of is coming */
43
44/* --------------------------------------------------------------------------
45 *
46 * AEAD opaque structure definition
47 *
48 * ----------------------------------------------------------------------- */
49
50typedef struct _ae_ctx ae_ctx;
51
52/* --------------------------------------------------------------------------
53 *
54 * Data Structure Routines
55 *
56 * ----------------------------------------------------------------------- */
57
58ae_ctx* ae_allocate(void* misc); /* Allocate ae_ctx, set optional ptr */
59void ae_free(ae_ctx* ctx); /* Deallocate ae_ctx struct */
60int ae_clear(ae_ctx* ctx); /* Undo initialization */
61int ae_ctx_sizeof(void); /* Return sizeof(ae_ctx) */
62/* ae_allocate() allocates an ae_ctx structure, but does not initialize it.
63 * ae_free() deallocates an ae_ctx structure, but does not zero it.
64 * ae_clear() zeroes sensitive values associated with an ae_ctx structure
65 * and deallocates any auxiliary structures allocated during ae_init().
66 * ae_ctx_sizeof() returns sizeof(ae_ctx), to aid in any static allocations.
67 */
68
69/* --------------------------------------------------------------------------
70 *
71 * AEAD Routines
72 *
73 * ----------------------------------------------------------------------- */
74
75int ae_init(ae_ctx* ctx, const void* key, int key_len, int nonce_len, int tag_len);
76/* --------------------------------------------------------------------------
77 *
78 * Initialize an ae_ctx context structure.
79 *
80 * Parameters:
81 * ctx - Pointer to an ae_ctx structure to be initialized
82 * key - Pointer to user-supplied key
83 * key_len - Length of key supplied, in bytes
84 * nonce_len - Length of nonces to be used for this key, in bytes
85 * tag_len - Length of tags to be produced for this key, in bytes
86 *
87 * Returns:
88 * AE_SUCCESS - Success. Ctx ready for use.
89 * AE_NOT_SUPPORTED - An unsupported length was supplied. Ctx is untouched.
90 * Otherwise - Error. Check implementation documentation for codes.
91 *
92 * ----------------------------------------------------------------------- */
93
94int ae_encrypt(ae_ctx* ctx, const void* nonce, const void* pt, int pt_len, const void* ad,
95 int ad_len, void* ct, void* tag, int final);
96/* --------------------------------------------------------------------------
97 *
98 * Encrypt plaintext; provide for authentication of ciphertext/associated data.
99 *
100 * Parameters:
101 * ctx - Pointer to an ae_ctx structure initialized by ae_init.
102 * nonce - Pointer to a nonce_len (defined in ae_init) byte nonce.
103 * pt - Pointer to plaintext bytes to be encrypted.
104 * pt_len - number of bytes pointed to by pt.
105 * ad - Pointer to associated data.
106 * ad_len - number of bytes pointed to by ad.
107 * ct - Pointer to buffer to receive ciphertext encryption.
108 * tag - Pointer to receive authentication tag; or NULL
109 * if tag is to be bundled into the ciphertext.
110 * final - Non-zero if this call completes the plaintext being encrypted.
111 *
112 * If nonce!=NULL then a message is being initiated. If final!=0
113 * then a message is being finalized. If final==0 or nonce==NULL
114 * then the incremental interface is being used. If nonce!=NULL and
115 * ad_len<0, then use same ad as last message.
116 *
117 * Returns:
118 * non-negative - Number of bytes written to ct.
119 * AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
120 * Otherwise - Error. Check implementation documentation for codes.
121 *
122 * ----------------------------------------------------------------------- */
123
124int ae_decrypt(ae_ctx* ctx, const void* nonce, const void* ct, int ct_len, const void* ad,
125 int ad_len, void* pt, const void* tag, int final);
126/* --------------------------------------------------------------------------
127 *
128 * Decrypt ciphertext; provide authenticity of plaintext and associated data.
129 *
130 * Parameters:
131 * ctx - Pointer to an ae_ctx structure initialized by ae_init.
132 * nonce - Pointer to a nonce_len (defined in ae_init) byte nonce.
133 * ct - Pointer to ciphertext bytes to be decrypted.
134 * ct_len - number of bytes pointed to by ct.
135 * ad - Pointer to associated data.
136 * ad_len - number of bytes pointed to by ad.
137 * pt - Pointer to buffer to receive plaintext decryption.
138 * tag - Pointer to tag_len (defined in ae_init) bytes; or NULL
139 * if tag is bundled into the ciphertext. Non-NULL tag is only
140 * read when final is non-zero.
141 * final - Non-zero if this call completes the ciphertext being decrypted.
142 *
143 * If nonce!=NULL then "ct" points to the start of a ciphertext. If final!=0
144 * then "in" points to the final piece of ciphertext. If final==0 or nonce==
145 * NULL then the incremental interface is being used. If nonce!=NULL and
146 * ad_len<0, then use same ad as last message.
147 *
148 * Returns:
149 * non-negative - Number of bytes written to pt.
150 * AE_INVALID - Authentication failure.
151 * AE_NOT_SUPPORTED - Usage mode unsupported (eg, incremental and/or sticky).
152 * Otherwise - Error. Check implementation documentation for codes.
153 *
154 * NOTE !!! NOTE !!! -- The ciphertext should be assumed possibly inauthentic
155 * until it has been completely written and it is
156 * verified that this routine did not return AE_INVALID.
157 *
158 * ----------------------------------------------------------------------- */
159
160#ifdef __cplusplus
161} /* closing brace for extern "C" */
162#endif
163
164#endif /* _AE_H_ */