[RFC PATCH 1/3] Add API to support AEAD cipher modes

Jussi Kivilinna jussi.kivilinna at iki.fi
Sun Oct 13 12:02:28 CEST 2013 

From: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

* cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_tag): New.
* src/visibility.c (gcry_cipher_authenticate, gcry_cipher_tag): New.
* src/gcrypt.h.in, src/visibility.h: add declarations of these functions.
* src/libgcrypt.defs, src/libgcrypt.vers: export functions.
--

Authenticated Encryption with Associated Data (AEAD) cipher modes
provide authentication tag that can be used to authenticate message. At
the same time it allows one to specify additional (unencrypted data)
that will be authenticated together with the message. This class of
cipher modes requires additional API present in this commit.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
---
 cipher/cipher.c    |   15 +++++++++++++++
 src/gcrypt.h.in    |    7 +++++++
 src/libgcrypt.def  |    2 ++
 src/libgcrypt.vers |    1 +
 src/visibility.c   |   18 ++++++++++++++++++
 src/visibility.h   |    6 ++++++
 6 files changed, 49 insertions(+)

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 75d42d1..2d3a457 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -910,6 +910,21 @@ _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
   return 0;
 }
 
+gcry_error_t
+_gcry_cipher_authenticate (gcry_cipher_hd_t hd,
+                           const void *aad, size_t aadsize)
+{
+  log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+  return gpg_error (GPG_ERR_INV_CIPHER_MODE);
+}
+
+gcry_error_t
+_gcry_cipher_tag (gcry_cipher_hd_t hd, void *out, size_t outsize)
+{
+  log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+  return gpg_error (GPG_ERR_INV_CIPHER_MODE);
+}
+
 
 gcry_error_t
 gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 8646f43..a33dc08 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -940,6 +940,13 @@ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
 gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
                                 const void *iv, size_t ivlen);
 
+/* Provide additional authentication data for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t h,
+                                       const void *aad, size_t aadlen);
+
+/* Get authentication tag for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_tag (gcry_cipher_hd_t h,
+                              void *out, size_t outsize);
 
 /* Reset the handle to the state after open.  */
 #define gcry_cipher_reset(h)  gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 7efb3b9..7d8e679 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -253,5 +253,7 @@ EXPORTS
       gcry_log_debugpnt         @223
       gcry_log_debugsxp         @224
 
+      gcry_cipher_authenticate  @225
+      gcry_cipher_tag           @226
 
 ;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index b1669fd..be20f51 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -51,6 +51,7 @@ GCRYPT_1.6 {
     gcry_cipher_info; gcry_cipher_map_name;
     gcry_cipher_mode_from_oid; gcry_cipher_open;
     gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr;
+    gcry_cipher_authenticate; gcry_cipher_tag;
 
     gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl;
     gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey;
diff --git a/src/visibility.c b/src/visibility.c
index 6e3c755..669537f 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -689,6 +689,24 @@ gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
   return _gcry_cipher_setiv (hd, iv, ivlen);
 }
 
+gcry_error_t
+gcry_cipher_tag (gcry_cipher_hd_t hd, void *out, size_t outsize)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return _gcry_cipher_tag (hd, out, outsize);
+}
+
+gcry_error_t
+gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *aad, size_t aadsize)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return _gcry_cipher_authenticate (hd, aad, aadsize);
+}
+
 gpg_error_t
 gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
 {
diff --git a/src/visibility.h b/src/visibility.h
index cd2a60f..d4db258 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -81,6 +81,8 @@
 #define gcry_cipher_setkey          _gcry_cipher_setkey
 #define gcry_cipher_setiv           _gcry_cipher_setiv
 #define gcry_cipher_setctr          _gcry_cipher_setctr
+#define gcry_cipher_authenticate    _gcry_cipher_authenticate
+#define gcry_cipher_tag             _gcry_cipher_tag
 #define gcry_cipher_ctl             _gcry_cipher_ctl
 #define gcry_cipher_decrypt         _gcry_cipher_decrypt
 #define gcry_cipher_encrypt         _gcry_cipher_encrypt
@@ -297,6 +299,8 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
 #undef gcry_cipher_setkey
 #undef gcry_cipher_setiv
 #undef gcry_cipher_setctr
+#undef gcry_cipher_authenticate
+#undef gcry_cipher_tag
 #undef gcry_cipher_ctl
 #undef gcry_cipher_decrypt
 #undef gcry_cipher_encrypt
@@ -474,6 +478,8 @@ MARK_VISIBLE (gcry_cipher_close)
 MARK_VISIBLE (gcry_cipher_setkey)
 MARK_VISIBLE (gcry_cipher_setiv)
 MARK_VISIBLE (gcry_cipher_setctr)
+MARK_VISIBLE (gcry_cipher_authenticate)
+MARK_VISIBLE (gcry_cipher_tag)
 MARK_VISIBLE (gcry_cipher_ctl)
 MARK_VISIBLE (gcry_cipher_decrypt)
 MARK_VISIBLE (gcry_cipher_encrypt)

More information about the Gcrypt-devel mailing list