diff options
Diffstat (limited to 'src/ocb/ocb.h')
-rw-r--r-- | src/ocb/ocb.h | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/src/ocb/ocb.h b/src/ocb/ocb.h new file mode 100644 index 0000000..37bed85 --- /dev/null +++ b/src/ocb/ocb.h @@ -0,0 +1,116 @@ +/* + * ocb.h + * + * Author: Ted Krovetz (tdk@acm.org) + * History: 1 April 2000 - first release (TK) - version 0.9 + * + * OCB-AES-n reference code based on NIST submission "OCB Mode" + * (dated 1 April 2000), submitted by Phillip Rogaway, with + * auxiliary submitters Mihir Bellare, John Black, and Ted Krovetz. + * + * This code is freely available, and may be modified as desired. + * Please retain the authorship and change history. + * Note that OCB mode itself is patent pending. + * + * This code is NOT optimized for speed; it is only + * designed to clarify the algorithm and to provide a point + * of comparison for other implementations. + * + * Limitiations: Assumes a 4-byte integer and pointers are + * 32-bit aligned. Acts on a byte string of less than 2^{36} - 16 bytes. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __OCB__H +#define __OCB__H + +#ifndef AES_KEY_BITLEN +#define AES_KEY_BITLEN 128 /* Must be 128, 192, 256 */ +#endif + +#if ((AES_KEY_BITLEN != 128) && \ + (AES_KEY_BITLEN != 192) && \ + (AES_KEY_BITLEN != 256)) +#error Bad -- AES_KEY_BITLEN must be one of 128, 192 or 256!! +#endif + +/* Opaque forward declaration of key structure */ +typedef struct _keystruct keystruct; + +/* + * "ocb_aes_init" optionally creates an ocb keystructure in memory + * and then initializes it using the supplied "enc_key". "tag_len" + * specifies the length of tags that will subsequently be generated + * and verified. If "key" is NULL a new structure will be created, but + * if "key" is non-NULL, then it is assumed that it points to a previously + * allocated structure, and that structure is initialized. "ocb_aes_init" + * returns a pointer to the initialized structure, or NULL if an error + * occurred. + */ +keystruct * /* Init'd keystruct or NULL */ +ocb_aes_init(void *enc_key, /* AES key */ + unsigned tag_len, /* Length of tags to be used */ + keystruct *key); /* OCB key structure. NULL means */ + /* Allocate/init new, non-NULL */ + /* means init existing structure */ + +/* "ocb_done deallocates a key structure and returns NULL */ +keystruct * +ocb_done(keystruct *key); + +/* + * "ocb_aes_encrypt takes a key structure, four buffers and a length + * parameter as input. "pt_len" bytes that are pointed to by "pt" are + * encrypted and written to the buffer pointed to by "ct". A tag of length + * "tag_len" (set in ocb_aes_init) is written to the "tag" buffer. "nonce" + * must be a 16-byte buffer which changes for each new message being + * encrypted. "ocb_aes_encrypt" always returns a value of 1. + */ +void +ocb_aes_encrypt(keystruct *key, /* Initialized key struct */ + void *nonce, /* 16-byte nonce */ + void *pt, /* Buffer for (incoming) plaintext */ + unsigned pt_len, /* Byte length of pt */ + void *ct, /* Buffer for (outgoing) ciphertext */ + void *tag); /* Buffer for generated tag */ + + +/* + * "ocb_aes_decrypt takes a key structure, four buffers and a length + * parameter as input. "ct_len" bytes that are pointed to by "ct" are + * decrypted and written to the buffer pointed to by "pt". A tag of length + * "tag_len" (set in ocb_aes_init) is read from the "tag" buffer. "nonce" + * must be a 16-byte buffer which changes for each new message being + * encrypted. "ocb_aes_decrypt" returns 0 if the supplied + * tag is not correct for the supplied message, otherwise 1 is returned if + * the tag is correct. + */ +int /* Returns 0 iff tag is incorrect */ +ocb_aes_decrypt(keystruct *key, /* Initialized key struct */ + void *nonce, /* 16-byte nonce */ + void *ct, /* Buffer for (incoming) ciphertext */ + unsigned ct_len, /* Byte length of ct */ + void *pt, /* Buffer for (outgoing) plaintext */ + void *tag); /* Tag to be verified */ + + + + +void +pmac_aes (keystruct *key, /* Initialized key struct */ + void *in, /* Buffer for (incoming) message */ + unsigned in_len, /* Byte length of message */ + void *tag); /* 16-byte buffer for generated tag */ + +#endif /* __OCB__H */ |