/* * Copyright (C) 2020 Southern Storm Software, Pty Ltd. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ #ifndef LWCRYPTO_SKINNY_AEAD_H #define LWCRYPTO_SKINNY_AEAD_H #include "aead-common.h" /** * \file skinny-aead.h * \brief Authenticated encryption based on the SKINNY block cipher. * * SKINNY-AEAD is a family of authenticated encryption algorithms * that are built around the SKINNY tweakable block cipher. There * are six members in the family: * * \li SKINNY-AEAD-M1 has a 128-bit key, a 128-bit nonce, and a 128-bit tag, * based around the SKINNY-128-384 tweakable block cipher. This is the * primary member of the family. * \li SKINNY-AEAD-M2 has a 128-bit key, a 96-bit nonce, and a 128-bit tag, * based around the SKINNY-128-384 tweakable block cipher. * \li SKINNY-AEAD-M3 has a 128-bit key, a 128-bit nonce, and a 64-bit tag, * based around the SKINNY-128-384 tweakable block cipher. * \li SKINNY-AEAD-M4 has a 128-bit key, a 96-bit nonce, and a 64-bit tag, * based around the SKINNY-128-384 tweakable block cipher. * \li SKINNY-AEAD-M5 has a 128-bit key, a 96-bit nonce, and a 128-bit tag, * based around the SKINNY-128-256 tweakable block cipher. * \li SKINNY-AEAD-M6 has a 128-bit key, a 96-bit nonce, and a 64-bit tag, * based around the SKINNY-128-256 tweakable block cipher. * * The SKINNY-AEAD family also includes two hash algorithms: * * \li SKINNY-tk3-HASH with a 256-bit hash output, based around the * SKINNY-128-384 tweakable block cipher. This is the primary hashing * member of the family. * \li SKINNY-tk2-HASH with a 256-bit hash output, based around the * SKINNY-128-256 tweakable block cipher. * * References: https://sites.google.com/site/skinnycipher/home */ #ifdef __cplusplus extern "C" { #endif /** * \brief Size of the key for all SKINNY-AEAD family members. */ #define SKINNY_AEAD_KEY_SIZE 16 /** * \brief Size of the authentication tag for SKINNY-AEAD-M1. */ #define SKINNY_AEAD_M1_TAG_SIZE 16 /** * \brief Size of the nonce for SKINNY-AEAD-M1. */ #define SKINNY_AEAD_M1_NONCE_SIZE 16 /** * \brief Size of the authentication tag for SKINNY-AEAD-M2. */ #define SKINNY_AEAD_M2_TAG_SIZE 16 /** * \brief Size of the nonce for SKINNY-AEAD-M2. */ #define SKINNY_AEAD_M2_NONCE_SIZE 12 /** * \brief Size of the authentication tag for SKINNY-AEAD-M3. */ #define SKINNY_AEAD_M3_TAG_SIZE 8 /** * \brief Size of the nonce for SKINNY-AEAD-M3. */ #define SKINNY_AEAD_M3_NONCE_SIZE 16 /** * \brief Size of the authentication tag for SKINNY-AEAD-M4. */ #define SKINNY_AEAD_M4_TAG_SIZE 8 /** * \brief Size of the nonce for SKINNY-AEAD-M4. */ #define SKINNY_AEAD_M4_NONCE_SIZE 12 /** * \brief Size of the authentication tag for SKINNY-AEAD-M5. */ #define SKINNY_AEAD_M5_TAG_SIZE 16 /** * \brief Size of the nonce for SKINNY-AEAD-M5. */ #define SKINNY_AEAD_M5_NONCE_SIZE 12 /** * \brief Size of the authentication tag for SKINNY-AEAD-M6. */ #define SKINNY_AEAD_M6_TAG_SIZE 8 /** * \brief Size of the nonce for SKINNY-AEAD-M6. */ #define SKINNY_AEAD_M6_NONCE_SIZE 12 /** * \brief Meta-information block for the SKINNY-AEAD-M1 cipher. */ extern aead_cipher_t const skinny_aead_m1_cipher; /** * \brief Meta-information block for the SKINNY-AEAD-M2 cipher. */ extern aead_cipher_t const skinny_aead_m2_cipher; /** * \brief Meta-information block for the SKINNY-AEAD-M3 cipher. */ extern aead_cipher_t const skinny_aead_m3_cipher; /** * \brief Meta-information block for the SKINNY-AEAD-M4 cipher. */ extern aead_cipher_t const skinny_aead_m4_cipher; /** * \brief Meta-information block for the SKINNY-AEAD-M5 cipher. */ extern aead_cipher_t const skinny_aead_m5_cipher; /** * \brief Meta-information block for the SKINNY-AEAD-M6 cipher. */ extern aead_cipher_t const skinny_aead_m6_cipher; /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M1. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 16 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 16 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m1_decrypt() */ int skinny_aead_m1_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M1. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 16 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 16 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m1_encrypt() */ int skinny_aead_m1_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M2. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 16 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m2_decrypt() */ int skinny_aead_m2_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M2. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 16 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m2_encrypt() */ int skinny_aead_m2_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M3. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 8 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 16 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m3_decrypt() */ int skinny_aead_m3_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M3. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 8 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 16 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m3_encrypt() */ int skinny_aead_m3_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M4. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 8 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m4_decrypt() */ int skinny_aead_m4_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M4. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 8 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m4_encrypt() */ int skinny_aead_m4_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M5. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 16 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m5_decrypt() */ int skinny_aead_m5_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M5. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 16 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m5_encrypt() */ int skinny_aead_m5_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); /** * \brief Encrypts and authenticates a packet with SKINNY-AEAD-M6. * * \param c Buffer to receive the output. * \param clen On exit, set to the length of the output which includes * the ciphertext and the 8 byte authentication tag. * \param m Buffer that contains the plaintext message to encrypt. * \param mlen Length of the plaintext message in bytes. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param nsec Secret nonce - not used by this algorithm. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to encrypt the packet. * * \return 0 on success, or a negative value if there was an error in * the parameters. * * \sa skinny_aead_m6_decrypt() */ int skinny_aead_m6_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k); /** * \brief Decrypts and authenticates a packet with SKINNY-AEAD-M6. * * \param m Buffer to receive the plaintext message on output. * \param mlen Receives the length of the plaintext message on output. * \param nsec Secret nonce - not used by this algorithm. * \param c Buffer that contains the ciphertext and authentication * tag to decrypt. * \param clen Length of the input data in bytes, which includes the * ciphertext and the 8 byte authentication tag. * \param ad Buffer that contains associated data to authenticate * along with the packet but which does not need to be encrypted. * \param adlen Length of the associated data in bytes. * \param npub Points to the public nonce for the packet which must * be 12 bytes in length. * \param k Points to the 16 bytes of the key to use to decrypt the packet. * * \return 0 on success, -1 if the authentication tag was incorrect, * or some other negative number if there was an error in the parameters. * * \sa skinny_aead_m6_encrypt() */ int skinny_aead_m6_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k); #ifdef __cplusplus } #endif #endif