diff options
author | Niels Möller <nisse@lysator.liu.se> | 2022-12-06 21:14:18 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2023-02-06 20:20:01 +0100 |
commit | f3858a5a4f09a7472b073dab4b6e9621fb72d4d1 (patch) | |
tree | 8548115389e5719d8188d5ff5b6ba377a630a587 | |
parent | 5b6890f779a4e03a44819993c1319c0d00e2b967 (diff) | |
download | nettle-f3858a5a4f09a7472b073dab4b6e9621fb72d4d1.tar.gz |
Rework ocb-aes128 interface, new struct ocb_aes128_encrypt_key.
-rw-r--r-- | ocb-aes128-meta.c | 65 | ||||
-rw-r--r-- | ocb-aes128.c | 60 | ||||
-rw-r--r-- | ocb.h | 36 |
3 files changed, 109 insertions, 52 deletions
diff --git a/ocb-aes128-meta.c b/ocb-aes128-meta.c index 13095781..35f95f6e 100644 --- a/ocb-aes128-meta.c +++ b/ocb-aes128-meta.c @@ -39,11 +39,56 @@ #define OCB_NONCE_SIZE 12 +struct ocb_aes128_ctx +{ + struct ocb_ctx ocb; + struct ocb_aes128_encrypt_key key; + struct aes128_ctx decrypt; +}; + +static void +set_encrypt_key_wrapper (struct ocb_aes128_ctx *ctx, const uint8_t *key) +{ + ocb_aes128_set_encrypt_key(&ctx->key, key); +} + +static void +set_decrypt_key_wrapper (struct ocb_aes128_ctx *ctx, const uint8_t *key) +{ + ocb_aes128_set_decrypt_key(&ctx->key, &ctx->decrypt, key); +} + +static void +set_nonce_wrapper (struct ocb_aes128_ctx *ctx, const uint8_t *nonce) +{ + ocb_aes128_set_nonce (&ctx->ocb, &ctx->key, + OCB_DIGEST_SIZE, OCB_NONCE_SIZE, nonce); +} + +static void +update_wrapper (struct ocb_aes128_ctx *ctx, size_t length, const uint8_t *data) +{ + ocb_aes128_update (&ctx->ocb, &ctx->key, length, data); +} + +static void +encrypt_wrapper (struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src) +{ + ocb_aes128_encrypt (&ctx->ocb, &ctx->key, length, dst, src); +} + +static void +decrypt_wrapper (struct ocb_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src) +{ + ocb_aes128_decrypt (&ctx->ocb, &ctx->key, &ctx->decrypt, length, dst, src); +} + static void -ocb_aes128_set_nonce12 (struct ocb_aes128_ctx *ctx, - const uint8_t *nonce) +digest_wrapper (struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest) { - ocb_aes128_set_nonce (ctx, OCB_NONCE_SIZE, nonce); + ocb_aes128_digest (&ctx->ocb, &ctx->key, length, digest); } const struct nettle_aead @@ -51,11 +96,11 @@ nettle_ocb_aes128 = { "ocb_aes128", sizeof(struct ocb_aes128_ctx), OCB_BLOCK_SIZE, AES128_KEY_SIZE, OCB_NONCE_SIZE, OCB_DIGEST_SIZE, - (nettle_set_key_func *) ocb_aes128_set_key, - (nettle_set_key_func *) ocb_aes128_set_key, - (nettle_set_key_func *) ocb_aes128_set_nonce12, - (nettle_hash_update_func *) ocb_aes128_update, - (nettle_crypt_func *) ocb_aes128_encrypt, - (nettle_crypt_func *) ocb_aes128_decrypt, - (nettle_hash_digest_func *) ocb_aes128_digest + (nettle_set_key_func *) set_encrypt_key_wrapper, + (nettle_set_key_func *) set_decrypt_key_wrapper, + (nettle_set_key_func *) set_nonce_wrapper, + (nettle_hash_update_func *) update_wrapper, + (nettle_crypt_func *) encrypt_wrapper, + (nettle_crypt_func *) decrypt_wrapper, + (nettle_hash_digest_func *) digest_wrapper }; diff --git a/ocb-aes128.c b/ocb-aes128.c index 6c1b70dc..c72ada2c 100644 --- a/ocb-aes128.c +++ b/ocb-aes128.c @@ -36,79 +36,83 @@ #include "ocb.h" void -ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key) +ocb_aes128_set_encrypt_key (struct ocb_aes128_encrypt_key *ocb_key, const uint8_t *key) { - aes128_set_encrypt_key (&ctx->encrypt, key); - aes128_invert_key (&ctx->decrypt, &ctx->encrypt); - ocb_set_key (&ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt); + aes128_set_encrypt_key (&ocb_key->encrypt, key); + ocb_set_key (&ocb_key->ocb, &ocb_key->encrypt, (nettle_cipher_func *) aes128_encrypt); } void -ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx, - size_t nonce_length, const uint8_t *nonce) +ocb_aes128_set_decrypt_key (struct ocb_aes128_encrypt_key *ocb_key, struct aes128_ctx *decrypt, + const uint8_t *key) { - ocb_set_nonce (&ctx->ocb, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - OCB_DIGEST_SIZE, nonce_length, nonce); + ocb_aes128_set_encrypt_key (ocb_key, key); + aes128_invert_key (decrypt, &ocb_key->encrypt); } void -ocb_aes128_update (struct ocb_aes128_ctx *ctx, +ocb_aes128_set_nonce (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + size_t tag_length, size_t nonce_length, const uint8_t *nonce) +{ + ocb_set_nonce (ctx, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, + tag_length, nonce_length, nonce); +} + +void +ocb_aes128_update (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, size_t length, const uint8_t *data) { - ocb_update (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + ocb_update (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, length, data); } void -ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx, +ocb_aes128_encrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, size_t length, uint8_t *dst, const uint8_t *src) { - ocb_encrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + ocb_encrypt (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, length, dst, src); } void -ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx, +ocb_aes128_decrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + const struct aes128_ctx *decrypt, size_t length, uint8_t *dst, const uint8_t *src) { - ocb_decrypt (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, - &ctx->decrypt, (nettle_cipher_func *) aes128_decrypt, + ocb_decrypt (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, + decrypt, (nettle_cipher_func *) aes128_decrypt, length, dst, src); } void -ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest) +ocb_aes128_digest(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + size_t length, uint8_t *digest) { - ocb_digest (&ctx->ocb, &ctx->key, &ctx->encrypt, (nettle_cipher_func *) aes128_encrypt, + ocb_digest (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, length, digest); } void -ocb_aes128_encrypt_message (const struct aes128_ctx *cipher, +ocb_aes128_encrypt_message (const struct ocb_aes128_encrypt_key *key, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t clength, uint8_t *dst, const uint8_t *src) { - struct ocb_key key; - ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt); - ocb_encrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt, + ocb_encrypt_message (&key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, nlength, nonce, alength, adata, tlength, clength, dst, src); } int -ocb_aes128_decrypt_message (const struct aes128_ctx *cipher, +ocb_aes128_decrypt_message (const struct ocb_aes128_encrypt_key *key, + const struct aes128_ctx *decrypt, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t mlength, uint8_t *dst, const uint8_t *src) { - struct ocb_key key; - struct aes128_ctx decrypt_ctx; - aes128_invert_key (&decrypt_ctx, cipher); - ocb_set_key (&key, cipher, (nettle_cipher_func *) aes128_encrypt); - return ocb_decrypt_message (&key, cipher, (nettle_cipher_func *) aes128_encrypt, - &decrypt_ctx, (nettle_cipher_func *) aes128_decrypt, + return ocb_decrypt_message (&key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, + &decrypt, (nettle_cipher_func *) aes128_decrypt, nlength, nonce, alength, adata, tlength, mlength, dst, src); } @@ -50,7 +50,8 @@ extern "C" { #define ocb_digest nettle_ocb_digest #define ocb_encrypt_message nettle_ocb_encrypt_message #define ocb_decrypt_message nettle_ocb_decrypt_message -#define ocb_aes128_set_key nettle_ocb_aes128_set_key +#define ocb_aes128_set_encrypt_key nettle_ocb_aes128_set_encrypt_key +#define ocb_aes128_set_decrypt_key nettle_ocb_aes128_set_decrypt_key #define ocb_aes128_set_nonce nettle_ocb_aes128_set_nonce #define ocb_aes128_update nettle_ocb_aes128_update #define ocb_aes128_encrypt nettle_ocb_aes128_encrypt @@ -140,45 +141,52 @@ ocb_decrypt_message (const struct ocb_key *ocb_key, size_t mlength, uint8_t *dst, const uint8_t *src); /* OCB-AES */ -struct ocb_aes128_ctx +/* This struct represents an expanded key for ocb-aes encryption. For + decryption, a separate decryption context is needed as well. */ +struct ocb_aes128_encrypt_key { - struct ocb_key key; - struct ocb_ctx ocb; + struct ocb_key ocb; struct aes128_ctx encrypt; - struct aes128_ctx decrypt; }; void -ocb_aes128_set_key (struct ocb_aes128_ctx *ctx, const uint8_t *key); +ocb_aes128_set_encrypt_key (struct ocb_aes128_encrypt_key *ocb, const uint8_t *key); void -ocb_aes128_set_nonce (struct ocb_aes128_ctx *ctx, - size_t nonce_length, const uint8_t *nonce); +ocb_aes128_set_decrypt_key (struct ocb_aes128_encrypt_key *ocb, struct aes128_ctx *decrypt, + const uint8_t *key); void -ocb_aes128_update (struct ocb_aes128_ctx *ctx, +ocb_aes128_set_nonce (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + size_t tag_length, size_t nonce_length, const uint8_t *nonce); + +void +ocb_aes128_update (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, size_t length, const uint8_t *data); void -ocb_aes128_encrypt(struct ocb_aes128_ctx *ctx, +ocb_aes128_encrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, size_t length, uint8_t *dst, const uint8_t *src); void -ocb_aes128_decrypt(struct ocb_aes128_ctx *ctx, +ocb_aes128_decrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + const struct aes128_ctx *decrypt, size_t length, uint8_t *dst, const uint8_t *src); void -ocb_aes128_digest(struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest); +ocb_aes128_digest(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key, + size_t length, uint8_t *digest); void -ocb_aes128_encrypt_message (const struct aes128_ctx *cipher, +ocb_aes128_encrypt_message (const struct ocb_aes128_encrypt_key *key, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t clength, uint8_t *dst, const uint8_t *src); int -ocb_aes128_decrypt_message (const struct aes128_ctx *cipher, +ocb_aes128_decrypt_message (const struct ocb_aes128_encrypt_key *key, + const struct aes128_ctx *decrypt, size_t nlength, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, |