[RFC 1/2] Add API to support AEAD cipher modes

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Fri Aug 2 09:14:14 CEST 2013 

* cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_tag): New.
* src/visibility.c (gcry_cipher_authenticate, gcry_cipher_tag): New.
* src/gcrypt.h.in, src/visibility.h: add declarations of these functions.
* src/libgcrypt.defs, src/libgcrypt.vers: export functions.

--
Authenticated Encryption with Associated Data (AEAD) cipher modes
provide authentication tag that can be used to authenticate message. At
the same time it allows one to specify additional (unencrypted data)
that will be authenticated together with the message. This class of
cipher modes requires additional API present in this commit.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
---
 cipher/cipher.c    |   15 +++++++++++++++
 src/gcrypt.h.in    |    7 +++++++
 src/libgcrypt.def  |    2 ++
 src/libgcrypt.vers |    1 +
 src/visibility.c   |   18 ++++++++++++++++++
 src/visibility.h   |    6 ++++++
 6 files changed, 49 insertions(+)

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 08d6165..99bd3cd 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1174,6 +1174,21 @@ _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
   return 0;
 }
 
+gcry_error_t
+_gcry_cipher_authenticate (gcry_cipher_hd_t hd,
+                           const void *aad, size_t aadsize)
+{
+  log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+  return gpg_error (GPG_ERR_INV_CIPHER_MODE);
+}
+
+gcry_error_t
+_gcry_cipher_tag (gcry_cipher_hd_t hd, void *out, size_t outsize)
+{
+  log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+  return gpg_error (GPG_ERR_INV_CIPHER_MODE);
+}
+
 
 gcry_error_t
 gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 06d6663..faedb33 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -910,6 +910,13 @@ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
 gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
                                 const void *iv, size_t ivlen);
 
+/* Provide additional authentication data for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t h,
+                                       const void *aad, size_t aadlen);
+
+/* Get authentication tag for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_tag (gcry_cipher_hd_t h,
+                              void *out, size_t outsize);
 
 /* Reset the handle to the state after open.  */
 #define gcry_cipher_reset(h)  gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index bbc8f43..58695fa 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -239,5 +239,7 @@ EXPORTS
 
       gcry_sexp_get_buffer      @214
 
+      gcry_cipher_authenticate  @215
+      gcry_cipher_tag           @216
 
 ;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 473ee68..94235f4 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -50,6 +50,7 @@ GCRYPT_1.6 {
     gcry_cipher_info; gcry_cipher_map_name;
     gcry_cipher_mode_from_oid; gcry_cipher_open;
     gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr;
+    gcry_cipher_authenticate; gcry_cipher_tag;
 
     gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl;
     gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey;
diff --git a/src/visibility.c b/src/visibility.c
index bb51d58..6f69ed3 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -658,6 +658,24 @@ gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
   return _gcry_cipher_setiv (hd, iv, ivlen);
 }
 
+gcry_error_t
+gcry_cipher_tag (gcry_cipher_hd_t hd, void *out, size_t outsize)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return _gcry_cipher_tag (hd, out, outsize);
+}
+
+gcry_error_t
+gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *aad, size_t aadsize)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return _gcry_cipher_authenticate (hd, aad, aadsize);
+}
+
 gpg_error_t
 gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
 {
diff --git a/src/visibility.h b/src/visibility.h
index 54da016..9b8065a 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -80,6 +80,8 @@
 #define gcry_cipher_setkey          _gcry_cipher_setkey
 #define gcry_cipher_setiv           _gcry_cipher_setiv
 #define gcry_cipher_setctr          _gcry_cipher_setctr
+#define gcry_cipher_authenticate    _gcry_cipher_authenticate
+#define gcry_cipher_tag             _gcry_cipher_tag
 #define gcry_cipher_ctl             _gcry_cipher_ctl
 #define gcry_cipher_decrypt         _gcry_cipher_decrypt
 #define gcry_cipher_encrypt         _gcry_cipher_encrypt
@@ -296,6 +298,8 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
 #undef gcry_cipher_setkey
 #undef gcry_cipher_setiv
 #undef gcry_cipher_setctr
+#undef gcry_cipher_authenticate
+#undef gcry_cipher_tag
 #undef gcry_cipher_ctl
 #undef gcry_cipher_decrypt
 #undef gcry_cipher_encrypt
@@ -472,6 +476,8 @@ MARK_VISIBLE (gcry_cipher_close)
 MARK_VISIBLE (gcry_cipher_setkey)
 MARK_VISIBLE (gcry_cipher_setiv)
 MARK_VISIBLE (gcry_cipher_setctr)
+MARK_VISIBLE (gcry_cipher_authenticate)
+MARK_VISIBLE (gcry_cipher_tag)
 MARK_VISIBLE (gcry_cipher_ctl)
 MARK_VISIBLE (gcry_cipher_decrypt)
 MARK_VISIBLE (gcry_cipher_encrypt)
-- 
1.7.10.4

More information about the Gcrypt-devel mailing list