diff options
| author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 17:07:53 +0300 |
|---|---|---|
| committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 17:07:53 +0300 |
| commit | 95654041f2aa62f71aac4d8614dafe8433d10f95 (patch) | |
| tree | fcfa0452bf9b196425a36ffa20911d30dd2274d5 /cipher/cipher.c | |
| parent | a5a277a9016ccb34f1858a65e0ed1791b2fc3db3 (diff) | |
| download | libgcrypt-95654041f2aa62f71aac4d8614dafe8433d10f95.tar.gz | |
Add API to support AEAD cipher modes
* cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag)
(_gcry_cipher_gettag): New.
* doc/gcrypt.texi: Add documentation for new API functions.
* src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag)
(gcry_cipher_gettag): New.
* src/gcrypt.h.in, src/visibility.h: add declarations of these
functions.
* src/libgcrypt.defs, src/libgcrypt.vers: export functions.
--
Authenticated Encryption with Associated Data (AEAD) cipher modes
provide authentication tag that can be used to authenticate message. At
the same time it allows one to specify additional (unencrypted data)
that will be authenticated together with the message. This class of
cipher modes requires additional API present in this commit.
This patch is based on original patch by Dmitry Eremin-Solenikov.
Changes in v2:
- Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
for giving tag (checktag) for decryption and reading tag (gettag) after
encryption.
- Change gcry_cipher_authenticate to gcry_cipher_setaad, since
additional parameters needed for some AEAD modes (in this case CCM,
which needs the length of encrypted data and tag for MAC
initialization).
- Add some documentation.
Changes in v3:
- Change gcry_cipher_setaad back to gcry_cipher_authenticate. Additional
parameters (encrypt_len, tag_len, aad_len) for CCM will be given
through GCRY_CTL_SET_CCM_LENGTHS.
Changes in v4:
- log_fatal => log_error
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/cipher.c')
| -rw-r--r-- | cipher/cipher.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/cipher/cipher.c b/cipher/cipher.c index 75d42d14..d6d3021c 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -910,6 +910,40 @@ _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) return 0; } +gcry_error_t +_gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, + size_t abuflen) +{ + log_error ("gcry_cipher_authenticate: invalid mode %d\n", hd->mode); + + (void)abuf; + (void)abuflen; + + return gpg_error (GPG_ERR_INV_CIPHER_MODE); +} + +gcry_error_t +_gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) +{ + log_error ("gcry_cipher_gettag: invalid mode %d\n", hd->mode); + + (void)outtag; + (void)taglen; + + return gpg_error (GPG_ERR_INV_CIPHER_MODE); +} + +gcry_error_t +_gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) +{ + log_error ("gcry_cipher_checktag: invalid mode %d\n", hd->mode); + + (void)intag; + (void)taglen; + + return gpg_error (GPG_ERR_INV_CIPHER_MODE); +} + gcry_error_t gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) |