[RFC PATCH 2/3] Add API for initializing AEAD modes

Jussi Kivilinna jussi.kivilinna at iki.fi
Sun Oct 13 12:02:33 CEST 2013


--

AEAD modes may have different requirements for initialization. For example,
CCM mode needs to know length of encrypted data in advance. So, would it make
sense to add variadic API function for initilizing AEAD mode? The one that
this patch adds is:
 gcry_error_t gcry_cipher_aead_init (gcry_cipher_hd_t hd, ...);

With this API, CCM mode could be initialized by calling gcry_cipher_aead_init
using arguments (CCM needs the length of encrypted data, and the length of
authentication tag at begining):
 'gcry_cipher_hd_t hd, void *nonce, int noncelen, int cryptlen, int taglen'.

GCM mode, in the other hand, could omit the length of data and tag from
initialization and just provide nonce and nonce_len.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 cipher/cipher.c    |   21 +++++++++++++++++++++
 src/g10lib.h       |    4 ++++
 src/gcrypt.h.in    |    5 ++++-
 src/libgcrypt.def  |    1 +
 src/libgcrypt.vers |    2 +-
 src/visibility.c   |   16 ++++++++++++++++
 src/visibility.h   |    3 +++
 7 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 2d3a457..8ebab7c 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -910,18 +910,39 @@ _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
   return 0;
 }
 
+
 gcry_error_t
 _gcry_cipher_authenticate (gcry_cipher_hd_t hd,
                            const void *aad, size_t aadsize)
 {
   log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+
+  (void)aad;
+  (void)aadsize;
+
   return gpg_error (GPG_ERR_INV_CIPHER_MODE);
 }
 
+
 gcry_error_t
 _gcry_cipher_tag (gcry_cipher_hd_t hd, void *out, size_t outsize)
 {
   log_fatal ("gcry_cipher_tag: invalid mode %d\n", hd->mode );
+
+  (void)out;
+  (void)outsize;
+
+  return gpg_error (GPG_ERR_INV_CIPHER_MODE);
+}
+
+
+gcry_error_t
+_gcry_cipher_aead_vinit (gcry_cipher_hd_t hd, va_list arg_ptr)
+{
+  log_fatal ("gcry_cipher_aead_init: invalid mode %d\n", hd->mode );
+
+  (void)arg_ptr;
+
   return gpg_error (GPG_ERR_INV_CIPHER_MODE);
 }
 
diff --git a/src/g10lib.h b/src/g10lib.h
index c1ba2f7..e4f9e7e 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -190,6 +190,10 @@ void _gcry_detect_hw_features (unsigned int);
 const char *_gcry_mpi_get_hw_config (void);
 
 
+/*-- cipher/cipher.c --*/
+gcry_error_t _gcry_cipher_aead_vinit (gcry_cipher_hd_t hd, va_list arg_ptr);
+
+
 /*-- cipher/pubkey.c --*/
 
 /* FIXME: shouldn't this go into mpi.h?  */
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index a33dc08..2fffd69 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -940,7 +940,7 @@ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
 gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
                                 const void *iv, size_t ivlen);
 
-/* Provide additional authentication data for AEAD modes/ciphers. */
+/* Provide additional authentication data for AEAD modes/ciphers.  */
 gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t h,
                                        const void *aad, size_t aadlen);
 
@@ -948,6 +948,9 @@ gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t h,
 gcry_error_t gcry_cipher_tag (gcry_cipher_hd_t h,
                               void *out, size_t outsize);
 
+/* Initialization for different AEAD modes.  */
+gcry_error_t gcry_cipher_aead_init (gcry_cipher_hd_t hd, ...);
+
 /* Reset the handle to the state after open.  */
 #define gcry_cipher_reset(h)  gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
 
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 7d8e679..176958e 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -255,5 +255,6 @@ EXPORTS
 
       gcry_cipher_authenticate  @225
       gcry_cipher_tag           @226
+      gcry_cipher_aead_init     @227
 
 ;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index be20f51..5b837d6 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -51,7 +51,7 @@ GCRYPT_1.6 {
     gcry_cipher_info; gcry_cipher_map_name;
     gcry_cipher_mode_from_oid; gcry_cipher_open;
     gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr;
-    gcry_cipher_authenticate; gcry_cipher_tag;
+    gcry_cipher_authenticate; gcry_cipher_tag; gcry_cipher_aead_init;
 
     gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl;
     gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey;
diff --git a/src/visibility.c b/src/visibility.c
index 669537f..ed53a14 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -707,6 +707,22 @@ gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *aad, size_t aadsize)
   return _gcry_cipher_authenticate (hd, aad, aadsize);
 }
 
+gcry_error_t
+gcry_cipher_aead_init (gcry_cipher_hd_t hd, ...)
+{
+  va_list arg_ptr;
+  gcry_error_t err;
+
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  va_start (arg_ptr, hd);
+  err = _gcry_cipher_aead_vinit (hd, arg_ptr);
+  va_end (arg_ptr);
+
+  return err;
+}
+
 gpg_error_t
 gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
 {
diff --git a/src/visibility.h b/src/visibility.h
index d4db258..a992ef5 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -83,6 +83,7 @@
 #define gcry_cipher_setctr          _gcry_cipher_setctr
 #define gcry_cipher_authenticate    _gcry_cipher_authenticate
 #define gcry_cipher_tag             _gcry_cipher_tag
+#define gcry_cipher_aead_init       _gcry_cipher_aead_init
 #define gcry_cipher_ctl             _gcry_cipher_ctl
 #define gcry_cipher_decrypt         _gcry_cipher_decrypt
 #define gcry_cipher_encrypt         _gcry_cipher_encrypt
@@ -301,6 +302,7 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
 #undef gcry_cipher_setctr
 #undef gcry_cipher_authenticate
 #undef gcry_cipher_tag
+#undef gcry_cipher_aead_init
 #undef gcry_cipher_ctl
 #undef gcry_cipher_decrypt
 #undef gcry_cipher_encrypt
@@ -480,6 +482,7 @@ MARK_VISIBLE (gcry_cipher_setiv)
 MARK_VISIBLE (gcry_cipher_setctr)
 MARK_VISIBLE (gcry_cipher_authenticate)
 MARK_VISIBLE (gcry_cipher_tag)
+MARK_VISIBLE (gcry_cipher_aead_init)
 MARK_VISIBLE (gcry_cipher_ctl)
 MARK_VISIBLE (gcry_cipher_decrypt)
 MARK_VISIBLE (gcry_cipher_encrypt)




More information about the Gcrypt-devel mailing list