diff options
author | Niels Möller <nisse@lysator.liu.se> | 2022-11-30 20:59:00 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2023-02-06 20:20:01 +0100 |
commit | 9a1f31c5bf9a4bef5cd06c56d1575886fc2347b1 (patch) | |
tree | 8982273690fbb05411331e892e8c1438727f840a | |
parent | 21cdfd4aeed83e1b00cb9e2aaf6533b67fd07eb1 (diff) | |
download | nettle-9a1f31c5bf9a4bef5cd06c56d1575886fc2347b1.tar.gz |
More ocb functions
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | ocb-aes128-meta.c | 61 | ||||
-rw-r--r-- | ocb-aes128.c | 114 | ||||
-rw-r--r-- | ocb.c | 36 | ||||
-rw-r--r-- | ocb.h | 61 |
5 files changed, 216 insertions, 58 deletions
diff --git a/Makefile.in b/Makefile.in index 4f4242e0..70fb24df 100644 --- a/Makefile.in +++ b/Makefile.in @@ -134,7 +134,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \ nettle-lookup-hash.c \ nettle-meta-aeads.c nettle-meta-armors.c \ nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \ - ocb.c ocb-aes128-meta.c \ + ocb.c ocb-aes128.c ocb-aes128-meta.c \ pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \ pbkdf2-hmac-sha256.c pbkdf2-hmac-sha384.c pbkdf2-hmac-sha512.c \ poly1305-aes.c poly1305-internal.c poly1305-update.c \ diff --git a/ocb-aes128-meta.c b/ocb-aes128-meta.c index 487e90ea..13095781 100644 --- a/ocb-aes128-meta.c +++ b/ocb-aes128-meta.c @@ -37,72 +37,23 @@ #include "ocb.h" #include "nettle-meta.h" -#define OCB_IV_SIZE 12 - -struct ocb_aes128_ctx -{ - struct ocb_key key; - struct ocb_ctx ocb; - struct aes128_ctx encrypt; - struct aes128_ctx decrypt; -}; - -static void -ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key) -{ - aes128_set_encrypt_key (&ctx->encrypt, key); - aes128_invert_key (&ctx->decrypt, &ctx->encrypt); - ocb_set_key (&ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt); -} - -static void -ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx, - const uint8_t *iv) -{ - ocb_set_nonce (&ctx->ocb, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - OCB_DIGEST_SIZE, OCB_IV_SIZE, iv); -} - -static void -ocb_aes128_update (struct ocb_aes128_ctx *ctx, - size_t length, const uint8_t *data) -{ - ocb_update (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - length, data); -} - -static void -ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx, - size_t length, uint8_t *dst, const uint8_t *src) -{ - ocb_encrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - length, dst, src); -} - -static void -ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx, - size_t length, uint8_t *dst, const uint8_t *src) -{ - ocb_decrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - &ctx->decrypt, (nettle_cipher_func *) aes128_decrypt, - length, dst, src); -} +#define OCB_NONCE_SIZE 12 static void -ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest) +ocb_aes128_set_nonce12 (struct ocb_aes128_ctx *ctx, + const uint8_t *nonce) { - ocb_digest (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - length, digest); + ocb_aes128_set_nonce (ctx, OCB_NONCE_SIZE, nonce); } const struct nettle_aead nettle_ocb_aes128 = { "ocb_aes128", sizeof(struct ocb_aes128_ctx), OCB_BLOCK_SIZE, AES128_KEY_SIZE, - OCB_IV_SIZE, OCB_DIGEST_SIZE, + OCB_NONCE_SIZE, OCB_DIGEST_SIZE, (nettle_set_key_func *) ocb_aes128_set_key, (nettle_set_key_func *) ocb_aes128_set_key, - (nettle_set_key_func *) ocb_aes128_set_nonce, + (nettle_set_key_func *) ocb_aes128_set_nonce12, (nettle_hash_update_func *) ocb_aes128_update, (nettle_crypt_func *) ocb_aes128_encrypt, (nettle_crypt_func *) ocb_aes128_decrypt, diff --git a/ocb-aes128.c b/ocb-aes128.c new file mode 100644 index 00000000..a24649fe --- /dev/null +++ b/ocb-aes128.c @@ -0,0 +1,114 @@ +/* ocb-aes128.c + + Copyright (C) 2022 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "ocb.h" + +void +ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key) +{ + aes128_set_encrypt_key (&ctx->encrypt, key); + aes128_invert_key (&ctx->decrypt, &ctx->encrypt); + ocb_set_key (&ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt); +} + +void +ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx, + size_t nonce_length, const uint8_t *nonce) +{ + ocb_set_nonce (&ctx->ocb, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + OCB_DIGEST_SIZE, nonce_length, nonce); +} + +void +ocb_aes128_update (struct ocb_aes128_ctx *ctx, + size_t length, const uint8_t *data) +{ + ocb_update (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + length, data); +} + +void +ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src) +{ + ocb_encrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + length, dst, src); +} + +void +ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src) +{ + ocb_decrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + &ctx->decrypt, (nettle_cipher_func *) aes128_decrypt, + length, dst, src); +} + +void +ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest) +{ + ocb_digest (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + length, digest); +} + +void +ocb_aes128_encrypt_message (const struct aes128_ctx *cipher, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src) +{ + struct ocb_key key; + ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt); + ocb_encrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt, + tlength, nlength, nonce, alength, adata, clength, dst, src); +} + +int +ocb_aes128_decrypt_message (const struct aes128_ctx *cipher, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t plength, uint8_t *dst, const uint8_t *src) +{ + struct ocb_key key; + struct aes128_ctx decrypt_ctx; + aes128_invert_key (&decrypt_ctx, cipher); + ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt); + return ocb_decrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt, + &decrypt_ctx, (nettle_cipher_func *) aes128_decrypt, + tlength, nlength, nonce, alength, adata, + plength, dst, src); +} @@ -40,6 +40,7 @@ #include "ocb.h" #include "block-internal.h" #include "bswap-internal.h" +#include "memops.h" /* Returns 64 bits from the concatenation (u0, u1), starting from bit offset. */ static inline uint64_t @@ -241,3 +242,38 @@ ocb_digest (const struct ocb_ctx *ctx, const struct ocb_key *key, f (cipher, OCB_BLOCK_SIZE, block.b, block.b); memxor3 (digest, block.b, ctx->sum.b, length); } + +void +ocb_encrypt_message (const struct ocb_key *key, + const void *cipher, nettle_cipher_func *f, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src) +{ + struct ocb_ctx ctx; + assert (clength >= tlength); + ocb_set_nonce (&ctx, cipher, f, tlength, nlength, nonce); + ocb_update (&ctx, key, cipher, f, alength, adata); + ocb_encrypt (&ctx, key, cipher, f, clength - tlength, dst, src); + ocb_digest (&ctx, key, cipher, f, tlength, dst + clength - tlength); +} + +int +ocb_decrypt_message (const struct ocb_key *key, + const void *encrypt_ctx, nettle_cipher_func *encrypt, + const void *decrypt_ctx, nettle_cipher_func *decrypt, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t plength, uint8_t *dst, const uint8_t *src) +{ + struct ocb_ctx ctx; + union nettle_block16 digest; + ocb_set_nonce (&ctx, encrypt_ctx, encrypt, tlength, nlength, nonce); + ocb_update (&ctx, key, encrypt_ctx, encrypt, alength, adata); + ocb_decrypt (&ctx, key, encrypt_ctx, encrypt, decrypt_ctx, decrypt, + plength, dst, src); + ocb_digest (&ctx, key, encrypt_ctx, encrypt, tlength, digest.b); + return memeql_sec(digest.b, src + plength, tlength); +} @@ -35,6 +35,7 @@ #define NETTLE_OCB_H_INCLUDED #include "nettle-types.h" +#include "aes.h" #ifdef __cplusplus extern "C" { @@ -47,6 +48,15 @@ extern "C" { #define ocb_encrypt nettle_ocb_encrypt #define ocb_decrypt nettle_ocb_decrypt #define ocb_digest nettle_ocb_digest +#define ocb_encrypt_message nettle_ocb_encrypt_message +#define ocb_decrypt_message nettle_ocb_decrypt_message +#define ocb_aes128_set_key nettle_ocb_aes128_set_key +#define ocb_aes128_update nettle_ocb_aes128_update +#define ocb_aes128_encrypt nettle_ocb_aes128_encrypt +#define ocb_aes128_decrypt nettle_ocb_aes128_decrypt +#define ocb_aes128_digest nettle_ocb_aes128_digest +#define ocb_aes128_encrypt_message nettle_ocb_aes128_encrypt_message +#define ocb_aes128_decrypt_message nettle_ocb_aes128_decrypt_message #define OCB_BLOCK_SIZE 16 #define OCB_DIGEST_SIZE 16 @@ -114,17 +124,64 @@ ocb_digest (const struct ocb_ctx *ctx, const struct ocb_key *key, void ocb_encrypt_message (const struct ocb_key *ocb_key, const void *cipher, nettle_cipher_func *f, + size_t tlength, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t clength, uint8_t *dst, const uint8_t *src); -void +int ocb_decrypt_message (const struct ocb_key *ocb_key, const void *encrypt_ctx, nettle_cipher_func *encrypt, const void *decrypt_ctx, nettle_cipher_func *decrypt, + size_t tlength, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, - size_t clength, uint8_t *dst, const uint8_t *src); + size_t plength, uint8_t *dst, const uint8_t *src); + +/* OCB-AES */ +struct ocb_aes128_ctx +{ + struct ocb_key key; + struct ocb_ctx ocb; + struct aes128_ctx encrypt; + struct aes128_ctx decrypt; +}; + +void +ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key); + +void +ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx, + size_t nonce_length, const uint8_t *nonce); + +void +ocb_aes128_update (struct ocb_aes128_ctx *ctx, + size_t length, const uint8_t *data); + +void +ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest); + +void +ocb_aes128_encrypt_message (const struct aes128_ctx *cipher, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src); + +int +ocb_aes128_decrypt_message (const struct aes128_ctx *cipher, + size_t tlength, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src); #ifdef __cplusplus } |