Implement OCB mode, RFC 7253.

author: Niels Möller <nisse@lysator.liu.se> 2023-02-07 20:04:03 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2023-02-07 20:34:38 +0100
commit: 9cf0e2d2675268a403194d85a78a44e8cbdf562b (patch)
tree: b27e147fe172aaba9f1c1ad1aadada10dc27393b /ocb.h
parent: eb48e209db6fb6d6ce0005de88ba362b6fcbe933 (diff)
download: nettle-9cf0e2d2675268a403194d85a78a44e8cbdf562b.tar.gz
1 files changed, 188 insertions, 0 deletions
diff --git a/ocb.h b/ocb.h
new file mode 100644
index 00000000..8d79cdf6
--- /dev/null
+++ b/ocb.h
@@ -0,0 +1,188 @@
+/* ocb.h
+
+   OCB AEAD mode, RFC 7253
+
+   Copyright (C) 2021 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_OCB_H_INCLUDED
+#define NETTLE_OCB_H_INCLUDED
+
+#include "nettle-types.h"
+#include "aes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define ocb_set_key nettle_ocb_set_key
+#define ocb_set_nonce nettle_ocb_set_nonce
+#define ocb_update nettle_ocb_update
+#define ocb_encrypt nettle_ocb_encrypt
+#define ocb_decrypt nettle_ocb_decrypt
+#define ocb_digest nettle_ocb_digest
+#define ocb_encrypt_message nettle_ocb_encrypt_message
+#define ocb_decrypt_message nettle_ocb_decrypt_message
+#define ocb_aes128_set_encrypt_key nettle_ocb_aes128_set_encrypt_key
+#define ocb_aes128_set_decrypt_key nettle_ocb_aes128_set_decrypt_key
+#define ocb_aes128_set_nonce nettle_ocb_aes128_set_nonce
+#define ocb_aes128_update nettle_ocb_aes128_update
+#define ocb_aes128_encrypt nettle_ocb_aes128_encrypt
+#define ocb_aes128_decrypt nettle_ocb_aes128_decrypt
+#define ocb_aes128_digest nettle_ocb_aes128_digest
+#define ocb_aes128_encrypt_message nettle_ocb_aes128_encrypt_message
+#define ocb_aes128_decrypt_message nettle_ocb_aes128_decrypt_message
+
+#define OCB_BLOCK_SIZE 16
+#define OCB_DIGEST_SIZE 16
+
+struct ocb_key {
+  /* L_*, L_$ and L_0, and one reserved entry */
+  union nettle_block16 L[4];
+};
+
+struct ocb_ctx {
+  /* Initial offset, Offset_0 in the spec. */
+  union nettle_block16 initial;
+  /* Offset, updated per block. */
+  union nettle_block16 offset;
+  /* Authentication for the associated data */
+  union nettle_block16 sum;
+  /* Authentication for the message */
+  union nettle_block16 checksum;
+  /* Count of processed blocks. */
+  size_t data_count;
+  size_t message_count;
+};
+
+void
+ocb_set_key (struct ocb_key *key, const void *cipher, nettle_cipher_func *f);
+
+void
+ocb_set_nonce (struct ocb_ctx *ctx,
+	       const void *cipher, nettle_cipher_func *f,
+	       size_t tag_length, size_t nonce_length, const uint8_t *nonce);
+
+void
+ocb_update (struct ocb_ctx *ctx, const struct ocb_key *key,
+	    const void *cipher, nettle_cipher_func *f,
+	    size_t length, const uint8_t *data);
+
+void
+ocb_encrypt (struct ocb_ctx *ctx, const struct ocb_key *key,
+	     const void *cipher, nettle_cipher_func *f,
+	     size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_decrypt (struct ocb_ctx *ctx, const struct ocb_key *key,
+	     const void *encrypt_ctx, nettle_cipher_func *encrypt,
+	     const void *decrypt_ctx, nettle_cipher_func *decrypt,
+	     size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_digest (const struct ocb_ctx *ctx, const struct ocb_key *key,
+	    const void *cipher, nettle_cipher_func *f,
+	    size_t length, uint8_t *digest);
+
+
+void
+ocb_encrypt_message (const struct ocb_key *ocb_key,
+		     const void *cipher, nettle_cipher_func *f,
+		     size_t nlength, const uint8_t *nonce,
+		     size_t alength, const uint8_t *adata,
+		     size_t tlength,
+		     size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
+ocb_decrypt_message (const struct ocb_key *ocb_key,
+		     const void *encrypt_ctx, nettle_cipher_func *encrypt,
+		     const void *decrypt_ctx, nettle_cipher_func *decrypt,
+		     size_t nlength, const uint8_t *nonce,
+		     size_t alength, const uint8_t *adata,
+		     size_t tlength,
+		     size_t mlength, uint8_t *dst, const uint8_t *src);
+
+/* OCB-AES */
+/* This struct represents an expanded key for ocb-aes encryption. For
+   decryption, a separate decryption context is needed as well. */
+struct ocb_aes128_encrypt_key
+{
+  struct ocb_key ocb;
+  struct aes128_ctx encrypt;
+};
+
+void
+ocb_aes128_set_encrypt_key (struct ocb_aes128_encrypt_key *ocb, const uint8_t *key);
+
+void
+ocb_aes128_set_decrypt_key (struct ocb_aes128_encrypt_key *ocb, struct aes128_ctx *decrypt,
+			    const uint8_t *key);
+
+void
+ocb_aes128_set_nonce (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
+		      size_t tag_length, size_t nonce_length, const uint8_t *nonce);
+
+void
+ocb_aes128_update (struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
+		   size_t length, const uint8_t *data);
+
+void
+ocb_aes128_encrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
+		   size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_aes128_decrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
+		   const struct aes128_ctx *decrypt,
+		   size_t length, uint8_t *dst, const uint8_t *src);
+
+void
+ocb_aes128_digest(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
+		  size_t length, uint8_t *digest);
+
+void
+ocb_aes128_encrypt_message (const struct ocb_aes128_encrypt_key *key,
+			    size_t nlength, const uint8_t *nonce,
+			    size_t alength, const uint8_t *adata,
+			    size_t tlength,
+			    size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
+ocb_aes128_decrypt_message (const struct ocb_aes128_encrypt_key *key,
+			    const struct aes128_ctx *decrypt,
+			    size_t nlength, const uint8_t *nonce,
+			    size_t alength, const uint8_t *adata,
+			    size_t tlength,
+			    size_t mlength, uint8_t *dst, const uint8_t *src);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_OCB_H_INCLUDED */
author	Niels Möller <nisse@lysator.liu.se>	2023-02-07 20:04:03 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2023-02-07 20:34:38 +0100
commit	9cf0e2d2675268a403194d85a78a44e8cbdf562b (patch)
tree	b27e147fe172aaba9f1c1ad1aadada10dc27393b /ocb.h
parent	eb48e209db6fb6d6ce0005de88ba362b6fcbe933 (diff)
download	nettle-9cf0e2d2675268a403194d85a78a44e8cbdf562b.tar.gz