Additional data.
This is additional data that goes into the hash, similar to the
authenticated encryption with authenticated data (AEAD) construction in
-.Xr crypto_aead_lock 3monocypher .
+.Xr crypto_lock_aead 3monocypher .
This most likely has no practical application but is exposed for the
sake of completeness.
This parameter may be
.Dt CRYPTO_LOCK 3MONOCYPHER
.Os
.Sh NAME
-.Nm crypto_aead_lock ,
-.Nm crypto_aead_unlock ,
+.Nm crypto_lock_aead ,
+.Nm crypto_unlock_aead ,
.Nm crypto_lock ,
.Nm crypto_unlock
.Nd authenticated encryption with additional data
.Fa "size_t text_size"
.Fc
.Ft void
-.Fo crypto_aead_lock
+.Fo crypto_lock_aead
.Fa "uint8_t mac[16]"
.Fa "uint8_t *cipher_text"
.Fa "const uint8_t key[32]"
.Fa "size_t text_size"
.Fc
.Ft int
-.Fo crypto_aead_unlock
+.Fo crypto_unlock_aead
.Fa "uint8_t *plain_text"
.Fa "const uint8_t key[32]"
.Fa "const uint8_t nonce[24]"
Otherwise, it decrypts the message, then returns zero.
.Em Always check the return value .
.Pp
-.Fn crypto_aead_lock
+.Fn crypto_lock_aead
and
-.Fn crypto_aead_unlock
+.Fn crypto_unlock_aead
are variants of
.Fn crypto_lock
and
.Sh RETURN VALUES
.Fn crypto_lock
and
-.Fn crypto_aead_lock
+.Fn crypto_lock_aead
return nothing.
They cannot fail.
.Fn crypto_unlock
and
-.Fn crypto_aead_unlock
+.Fn crypto_unlock_aead
return 0 on success or -1 if the message was corrupted (i.e.
.Fa mac
mismatched the combination of
Salsa20, and benefits from the same security reduction (proven secure
as long as Chacha20 itself is secure).
.Pp
-.Fn crypto_aead_lock
+.Fn crypto_lock_aead
is equivalent to the following:
.Bd -literal -offset indent
-void crypto_aead_lock(uint8_t mac[16], uint8_t *cipher_text,
+void crypto_lock_aead(uint8_t mac[16], uint8_t *cipher_text,
const uint8_t key[32],
const uint8_t nonce[24],
const uint8_t *ad , size_t ad_size,
These functions are variants of
.Xr crypto_lock 3monocypher ,
.Xr crypto_unlock 3monocypher ,
-.Xr crypto_aead_lock 3monocypher
+.Xr crypto_lock_aead 3monocypher
and
-.Xr crypto_aead_unlock 3monocypher .
+.Xr crypto_unlock_aead 3monocypher .
Prefer those simpler functions if possible.
.Pp
This incremental interface can be used to encrypt and decrypt messages
crypto_lock_final(&ctx, mac);
.Ed
.Sh SEE ALSO
-.Xr crypto_aead_lock 3monocypher ,
-.Xr crypto_aead_unlock 3monocypher ,
.Xr crypto_key_exchange 3monocypher ,
.Xr crypto_lock 3monocypher ,
+.Xr crypto_lock_aead 3monocypher ,
.Xr crypto_unlock 3monocypher ,
+.Xr crypto_unlock_aead 3monocypher ,
.Xr crypto_wipe 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
.Em rest
of the stream to encrypt your message.
This is the approach used by
-.Xr crypto_aead_lock 3monocypher .
+.Xr crypto_lock_aead 3monocypher .
.Ss Protection against side channels
Use
.Xr crypto_verify16 3monocypher
If the message needs to be secret, use
.Xr crypto_key_exchange 3monocypher
and
-.Xr crypto_aead_lock 3monocypher
+.Xr crypto_lock_aead 3monocypher
instead.
.Pp
An incremental interface is available; see
It is meant to erase secrets when they are no longer needed, to reduce
the chances of leaks.
.Sh SEE ALSO
-.Xr crypto_aead_lock 3monocypher ,
-.Xr crypto_aead_unlock 3monocypher ,
.Xr crypto_argon2i 3monocypher ,
.Xr crypto_argon2i_general 3monocypher ,
.Xr crypto_blake2b 3monocypher ,
.Xr crypto_check_update 3monocypher ,
.Xr crypto_key_exchange 3monocypher ,
.Xr crypto_lock 3monocypher ,
+.Xr crypto_lock_aead 3monocypher ,
.Xr crypto_lock_auth_ad 3monocypher ,
.Xr crypto_lock_auth_message 3monocypher ,
.Xr crypto_lock_final 3monocypher ,
.Xr crypto_sign_public_key 3monocypher ,
.Xr crypto_sign_update 3monocypher ,
.Xr crypto_unlock 3monocypher ,
+.Xr crypto_unlock_aead 3monocypher ,
.Xr crypto_unlock_auth_ad 3monocypher ,
.Xr crypto_unlock_auth_message 3monocypher ,
.Xr crypto_unlock_final 3monocypher ,
return mismatch;
}
-void crypto_aead_lock(u8 mac[16],
+void crypto_lock_aead(u8 mac[16],
u8 *cipher_text,
const u8 key[32],
const u8 nonce[24],
crypto_lock_final (&ctx, mac);
}
-int crypto_aead_unlock(u8 *plain_text,
+int crypto_unlock_aead(u8 *plain_text,
const u8 key[32],
const u8 nonce[24],
const u8 mac[16],
const u8 nonce[24],
const u8 *plain_text, size_t text_size)
{
- crypto_aead_lock(mac, cipher_text, key, nonce, 0, 0, plain_text, text_size);
+ crypto_lock_aead(mac, cipher_text, key, nonce, 0, 0, plain_text, text_size);
}
int crypto_unlock(u8 *plain_text,
const u8 mac[16],
const u8 *cipher_text, size_t text_size)
{
- return crypto_aead_unlock(plain_text, key, nonce, mac, 0, 0,
+ return crypto_unlock_aead(plain_text, key, nonce, mac, 0, 0,
cipher_text, text_size);
}
const uint8_t *cipher_text, size_t text_size);
// Direct interface with additional data
-void crypto_aead_lock(uint8_t mac[16],
+void crypto_lock_aead(uint8_t mac[16],
uint8_t *cipher_text,
const uint8_t key[32],
const uint8_t nonce[24],
const uint8_t *ad , size_t ad_size,
const uint8_t *plain_text, size_t text_size);
-int crypto_aead_unlock(uint8_t *plain_text,
+int crypto_unlock_aead(uint8_t *plain_text,
const uint8_t key[32],
const uint8_t nonce[24],
const uint8_t mac[16],
const vector *nonce = in + 1;
const vector *ad = in + 2;
const vector *text = in + 3;
- crypto_aead_lock(out ->buf, out->buf + 16, key->buf, nonce->buf,
+ crypto_lock_aead(out ->buf, out->buf + 16, key->buf, nonce->buf,
ad->buf, ad->size, text->buf, text->size);
}
u8 box[24], box2[24];
u8 out[8];
// AEAD roundtrip
- crypto_aead_lock(box, box+16, key, nonce, ad, 4, plaintext, 8);
- status |= crypto_aead_unlock(out, key, nonce, box, ad, 4, box+16, 8);
+ crypto_lock_aead(box, box+16, key, nonce, ad, 4, plaintext, 8);
+ status |= crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8);
status |= memcmp(plaintext, out, 8);
box[0]++;
- status |= !crypto_aead_unlock(out, key, nonce, box, ad, 4, box+16, 8);
+ status |= !crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8);
// Authenticated roundtrip (easy interface)
// Make and accept message
box[0]--; // undo forgery
// Same result for both interfaces
- crypto_aead_lock(box2, box2 + 16, key, nonce, 0, 0, plaintext, 8);
+ crypto_lock_aead(box2, box2 + 16, key, nonce, 0, 0, plaintext, 8);
status |= memcmp(box, box2, 24);
}
printf("%s: aead\n", status != 0 ? "FAILED" : "OK");
u8 mac1[16], cipher1[256];
u8 mac2[16], cipher2[256];
- crypto_aead_lock(mac1, cipher1, key, nonce,
+ crypto_lock_aead(mac1, cipher1, key, nonce,
ad, ad_size, plain, text_size);
crypto_lock_ctx ctx;
crypto_lock_init (&ctx, key, nonce);
// Now test the round trip.
u8 re_plain1[256];
u8 re_plain2[256];
- status |= crypto_aead_unlock(re_plain1, key, nonce, mac1,
+ status |= crypto_unlock_aead(re_plain1, key, nonce, mac1,
ad, ad_size, cipher1, text_size);
crypto_unlock_init (&ctx, key, nonce);
crypto_unlock_auth_ad(&ctx, ad, ad_size);
crypto_lock_init (&ctx, key, nonce);
crypto_lock_auth_ad(&ctx, ad, i);
crypto_lock_final (&ctx, mac1);
- crypto_aead_lock(mac2, 0, key, nonce, ad, i, 0, 0);
+ crypto_lock_aead(mac2, 0, key, nonce, ad, i, 0, 0);
status |= memcmp(mac1, mac2, 16);
}
{
crypto_unlock_init (&ctx, key, nonce);
crypto_unlock_auth_ad(&ctx, ad, i);
status |= crypto_unlock_final(&ctx, mac1);
- status |= crypto_aead_unlock(0, key, nonce, mac1, ad, i, 0, 0);
+ status |= crypto_unlock_aead(0, key, nonce, mac1, ad, i, 0, 0);
}
}
printf("%s: aead (authentication)\n", status != 0 ? "FAILED" : "OK");
projects / Monocypher.git / commitdiff