Normalise AEAD direct interface

The AEAD interface had three problems:

- Inconsistent prefix (now fixed, to "crypto_aead").
- Inconsistent ordering of arguments (now the mac is after the output
  text).
- Redundant API without the additional data (now removed).

The result is less than satisfactory to be honest.  If it were just me I
would delete the direct interface entirely, because the streaming one is
almost easier to use...

...save one crucial detail: the choice of the exact algorithm.  The
streaming interfaces offers three init options, each with its pros and
cons.  Users need a default, and it shall be XChacha20.  Those who know
what they are doing can easily use the streaming API anyway.

diff --git a/src/monocypher.c b/src/monocypher.c
index 5f3c61b76674678ae8eca076109f659e39f95b4a..f0a0bafe13450312d9f47d38f447e583c315dfa2 100644 (file)
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -2878,7 +2878,7 @@ int crypto_aead_read(crypto_aead_ctx *ctx, u8 *plain_text, const u8 mac[16],
        return mismatch;
 }
 
-void crypto_lock_aead(u8 mac[16], u8 *cipher_text, const u8 key[32],
+void crypto_aead_lock(u8 *cipher_text, u8 mac[16], const u8 key[32],
                       const u8  nonce[24], const u8 *ad, size_t ad_size,
                       const u8 *plain_text, size_t text_size)
 {
@@ -2889,8 +2889,8 @@ void crypto_lock_aead(u8 mac[16], u8 *cipher_text, const u8 key[32],
        crypto_wipe(&ctx, sizeof(ctx));
 }
 
-int crypto_unlock_aead(u8 *plain_text, const u8 key[32], const u8 nonce[24],
-                       const u8  mac[16], const u8 *ad, size_t ad_size,
+int crypto_aead_unlock(u8 *plain_text, const u8  mac[16], const u8 key[32],
+                       const u8 nonce[24], const u8 *ad, size_t ad_size,
                        const u8 *cipher_text, size_t text_size)
 {
        crypto_aead_ctx ctx;
@@ -2901,19 +2901,6 @@ int crypto_unlock_aead(u8 *plain_text, const u8 key[32], const u8 nonce[24],
        return mismatch;
 }
 
-void crypto_lock(u8 mac[16], u8 *cipher_text, const u8 key[32],
-                 const u8 nonce[24], const u8 *plain_text, size_t text_size)
-{
-       crypto_lock_aead(mac, cipher_text, key, nonce, 0, 0, plain_text, text_size);
-}
-
-int crypto_unlock(u8 *plain_text, const u8 key[32], const u8 nonce[24],
-                  const u8 mac[16], const u8 *cipher_text, size_t text_size)
-{
-       return crypto_unlock_aead(plain_text, key, nonce, mac, 0, 0,
-                                 cipher_text, text_size);
-}
-
 #ifdef MONOCYPHER_CPP_NAMESPACE
 }
 #endif

diff --git a/src/monocypher.h b/src/monocypher.h
index 463f17c08093ab8e714da4707b6de1987e746f67..8dc58696318a9df59975c2ad128ae5ec6bb5814f 100644 (file)
--- a/src/monocypher.h
+++ b/src/monocypher.h
@@ -83,29 +83,17 @@ void crypto_wipe(void *secret, size_t size);
 
 // Authenticated encryption
 // ------------------------
-void crypto_lock(uint8_t        mac[16],
-                 uint8_t       *cipher_text,
-                 const uint8_t  key[32],
-                 const uint8_t  nonce[24],
-                 const uint8_t *plain_text, size_t text_size);
-int crypto_unlock(uint8_t       *plain_text,
-                  const uint8_t  key[32],
-                  const uint8_t  nonce[24],
-                  const uint8_t  mac[16],
-                  const uint8_t *cipher_text, size_t text_size);
-
-// With additional data
-void crypto_lock_aead(uint8_t        mac[16],
-                      uint8_t       *cipher_text,
-                      const uint8_t  key[32],
+void crypto_aead_lock(uint8_t       *cipher_text,
+                      uint8_t        mac  [16],
+                      const uint8_t  key  [32],
                       const uint8_t  nonce[24],
-                      const uint8_t *ad        , size_t ad_size,
+                      const uint8_t *ad,         size_t ad_size,
                       const uint8_t *plain_text, size_t text_size);
-int crypto_unlock_aead(uint8_t       *plain_text,
-                       const uint8_t  key[32],
+int crypto_aead_unlock(uint8_t       *plain_text,
+                       const uint8_t  mac  [16],
+                       const uint8_t  key  [32],
                        const uint8_t  nonce[24],
-                       const uint8_t  mac[16],
-                       const uint8_t *ad         , size_t ad_size,
+                       const uint8_t *ad,          size_t ad_size,
                        const uint8_t *cipher_text, size_t text_size);
 
 // Authenticated stream

diff --git a/tests/speed/speed.c b/tests/speed/speed.c
index 9544b5999f3baa171a033e76dc9aca5b499c1050..dfa0fb83148a6bdf87b231fb878157e584b4fdd1 100644 (file)
--- a/tests/speed/speed.c
+++ b/tests/speed/speed.c
@@ -88,7 +88,7 @@ static u64 authenticated(void)
        RANDOM_INPUT(nonce,   24);
 
        TIMING_START {
-               crypto_lock(mac, out, key, nonce, in, SIZE);
+               crypto_aead_lock(mac, out, key, nonce, 0, 0, in, SIZE);
        }
        TIMING_END;
 }

diff --git a/tests/test.c b/tests/test.c
index 5986634c92e96bb000434da8687005c63e3caa99..8cf2b4dc75cbea991b4791bb43261cac62e96453 100644 (file)
--- a/tests/test.c
+++ b/tests/test.c
@@ -311,7 +311,7 @@ static void aead_ietf(vector_reader *reader)
        vector ad    = next_input(reader);
        vector text  = next_input(reader);
        vector out   = next_output(reader);
-       crypto_lock_aead(out.buf, out.buf + 16, key.buf, nonce.buf,
+       crypto_aead_lock(out.buf + 16, out.buf, key.buf, nonce.buf,
                         ad.buf, ad.size, text.buf, text.size);
 }
 
@@ -339,29 +339,14 @@ static void test_aead()
                RANDOM_INPUT(nonce    , 24);
                RANDOM_INPUT(ad       ,  4);
                RANDOM_INPUT(plaintext,  8);
-               u8 box[24], box2[24];
+               u8 box[24];
                u8 out[8];
                // AEAD roundtrip
-               crypto_lock_aead(box, box+16, key, nonce, ad, 4, plaintext, 8);
-               ASSERT_OK(crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8));
+               crypto_aead_lock(box+16, box, key, nonce, ad, 4, plaintext, 8);
+               ASSERT_OK(crypto_aead_unlock(out, box, key, nonce, ad, 4, box+16, 8));
                ASSERT_EQUAL(plaintext, out, 8);
                box[0]++;
-               ASSERT_KO(crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8));
-
-               // Authenticated roundtrip (easy interface)
-               // Make and accept message
-               crypto_lock(box, box + 16, key, nonce, plaintext, 8);
-               ASSERT_OK(crypto_unlock(out, key, nonce, box, box + 16, 8));
-               // Make sure decrypted text and original text are the same
-               ASSERT_EQUAL(plaintext, out, 8);
-               // Make and reject forgery
-               box[0]++;
-               ASSERT_KO(crypto_unlock(out, key, nonce, box, box + 16, 8));
-               box[0]--; // undo forgery
-
-               // Same result for both interfaces
-               crypto_lock_aead(box2, box2 + 16, key, nonce, 0, 0, plaintext, 8);
-               ASSERT_EQUAL(box, box2, 24);
+               ASSERT_KO(crypto_aead_unlock(out, box, key, nonce, ad, 4, box+16, 8));
        }
 
        printf("\taead incr (roundtrip)\n");

diff --git a/tests/tis-ci.c b/tests/tis-ci.c
index 062623889d1d18ba83aad211ac5bf94e8be912b4..64266c40bf04b9e4171ef37c763d575c658cb3cc 100644 (file)
--- a/tests/tis-ci.c
+++ b/tests/tis-ci.c
@@ -129,7 +129,7 @@ static void aead_ietf(vector_reader *reader)
        vector ad    = next_input(reader);
        vector text  = next_input(reader);
        vector out   = next_output(reader);
-       crypto_lock_aead(out.buf, out.buf + 16, key.buf, nonce.buf,
+       crypto_aead_lock(out.buf + 16, out.buf, key.buf, nonce.buf,
                         ad.buf, ad.size, text.buf, text.size);
 }