Implemented EAX.

author: Niels Möller <nisse@lysator.liu.se> 2013-10-05 20:52:11 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2013-10-05 20:52:11 +0200
commit: ffec6637e0297eb2cc97f8f7ffbb34af184b8f11 (patch)
tree: 60af841dcbe5f31ae9f566befdadff51caca7357 /eax.h
parent: 6438331a930470f997b8f94d73ef63985a9e4f87 (diff)
download: nettle-ffec6637e0297eb2cc97f8f7ffbb34af184b8f11.tar.gz
1 files changed, 146 insertions, 0 deletions
diff --git a/eax.h b/eax.h
new file mode 100644
index 00000000..58bb412d
--- /dev/null
+++ b/eax.h
@@ -0,0 +1,146 @@
+/* eax.h
+ *
+ * EAX mode, see http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_EAX_H_INCLUDED
+#define NETTLE_EAX_H_INCLUDED
+
+#include "aes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define eax_set_key nettle_eax_set_key
+#define eax_set_nonce nettle_eax_set_nonce
+#define eax_update nettle_eax_update
+#define eax_encrypt nettle_eax_encrypt
+#define eax_decrypt nettle_eax_decrypt
+#define eax_digest nettle_eax_digest
+
+#define eax_aes_set_key nettle_eax_aes_set_key
+#define eax_aes_set_nonce nettle_eax_aes_set_nonce
+#define eax_aes_update nettle_eax_aes_update
+#define eax_aes_encrypt nettle_eax_aes_encrypt
+#define eax_aes_decrypt nettle_eax_aes_decrypt
+#define eax_aes_digest nettle_eax_aes_digest
+
+/* Restricted to block ciphers with 128 bit block size. FIXME: Reflect
+   this in naming? */
+
+#define EAX_BLOCK_SIZE 16
+
+/* FIXME: Ensure nice alignment. See gcm.h, union gcm_block. */
+
+/* Values independent of message and nonce */
+struct eax_key
+{
+  uint8_t pad_block[EAX_BLOCK_SIZE];
+  uint8_t pad_partial[EAX_BLOCK_SIZE];
+};
+
+struct eax_ctx
+{
+  uint8_t omac_nonce[EAX_BLOCK_SIZE];
+  uint8_t omac_data[EAX_BLOCK_SIZE];
+  uint8_t omac_message[EAX_BLOCK_SIZE];
+  uint8_t ctr[EAX_BLOCK_SIZE];
+};
+
+void
+eax_set_key (struct eax_key *key, void *cipher, nettle_crypt_func *f);
+
+void
+eax_set_nonce (struct eax_ctx *eax, const struct eax_key *key,
+	       void *cipher, nettle_crypt_func *f,
+	       size_t nonce_length, const uint8_t *nonce);
+
+void
+eax_update (struct eax_ctx *eax, const struct eax_key *key,
+	    void *cipher, nettle_crypt_func *f,
+	    size_t data_length, const uint8_t *data);
+
+void
+eax_encrypt (struct eax_ctx *eax, const struct eax_key *key,
+	     void *cipher, nettle_crypt_func *f,
+	     size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+eax_decrypt (struct eax_ctx *eax, const struct eax_key *key,
+	     void *cipher, nettle_crypt_func *f,
+	     size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+eax_digest (struct eax_ctx *eax, const struct eax_key *key,
+	    void *cipher, nettle_crypt_func *f,
+	    size_t length, uint8_t *digest);
+
+/* Put the cipher last, to get cipher-independent offsets for the EAX
+ * state. */
+#define EAX_CTX(type) \
+  { struct eax_key key; struct eax_ctx eax; type cipher; }
+
+#define EAX_SET_KEY(ctx, set_key, encrypt, length, data)		\
+  do {									\
+    (set_key)(&(ctx)->cipher, (length), (data));			\
+    if (0) (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0);	\
+    eax_set_key (&(ctx)->key, &(ctx)->cipher, (nettle_crypt_func *) encrypt); \
+  } while (0)
+
+#define EAX_SET_NONCE(ctx, encrypt, length, nonce) \
+  (0 ? (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0)	\
+   : eax_set_nonce (&(ctx)->eax, &(ctx)->key,			\
+		    &(ctx)->cipher, (nettle_crypt_func *) (encrypt),	\
+		    (length), (nonce)))
+
+#define EAX_UPDATE(ctx, encrypt, length, data)				\
+  (0 ? (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0)		\
+   : eax_update (&(ctx)->eax, &(ctx)->key,				\
+		 &(ctx)->cipher, (nettle_crypt_func *) (encrypt),	\
+		 (length), (data)))
+
+#define EAX_ENCRYPT(ctx, encrypt, length, dst, src)			\
+  (0 ? (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0)		\
+   : eax_encrypt (&(ctx)->eax, &(ctx)->key,				\
+		 &(ctx)->cipher, (nettle_crypt_func *) (encrypt),	\
+		  (length), (dst), (src)))
+
+#define EAX_DECRYPT(ctx, encrypt, length, dst, src)			\
+  (0 ? (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0)		\
+   : eax_decrypt (&(ctx)->eax, &(ctx)->key,				\
+		 &(ctx)->cipher, (nettle_crypt_func *) (encrypt),	\
+		  (length), (dst), (src)))
+
+#define EAX_DIGEST(ctx, encrypt, length, digest)			\
+  (0 ? (encrypt) (&(ctx)->cipher, 0, (void *) 0, (void *) 0)		\
+   : eax_digest (&(ctx)->eax, &(ctx)->key,				\
+		 &(ctx)->cipher, (nettle_crypt_func *) (encrypt),	\
+		 (length), (digest)))
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_EAX_H_INCLUDED */
author	Niels Möller <nisse@lysator.liu.se>	2013-10-05 20:52:11 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2013-10-05 20:52:11 +0200
commit	ffec6637e0297eb2cc97f8f7ffbb34af184b8f11 (patch)
tree	60af841dcbe5f31ae9f566befdadff51caca7357 /eax.h
parent	6438331a930470f997b8f94d73ef63985a9e4f87 (diff)
download	nettle-ffec6637e0297eb2cc97f8f7ffbb34af184b8f11.tar.gz