From: Loup Vaillant Date: Mon, 12 Feb 2018 20:25:59 +0000 (+0100) Subject: Renamed crypto_aead_(un)lock to crypto_(un)lock_aead X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=a02e04b1586bef1fe40671aea8b539a51d4b6024;p=Monocypher.git Renamed crypto_aead_(un)lock to crypto_(un)lock_aead Related to #89 This is better for consistency (now authenticated encryption always begins by "crypto_lock" or "crypto_unlock"), and has the added benefit of warning developers of the major breaking changes triggered by IETF padding. --- diff --git a/doc/man/man3/crypto_argon2i.3monocypher b/doc/man/man3/crypto_argon2i.3monocypher index 4965703..f64c392 100644 --- a/doc/man/man3/crypto_argon2i.3monocypher +++ b/doc/man/man3/crypto_argon2i.3monocypher @@ -166,7 +166,7 @@ Must be zero if there is no key. Additional data. This is additional data that goes into the hash, similar to the authenticated encryption with authenticated data (AEAD) construction in -.Xr crypto_aead_lock 3monocypher . +.Xr crypto_lock_aead 3monocypher . This most likely has no practical application but is exposed for the sake of completeness. This parameter may be diff --git a/doc/man/man3/crypto_lock.3monocypher b/doc/man/man3/crypto_lock.3monocypher index 615e05f..3ff52da 100644 --- a/doc/man/man3/crypto_lock.3monocypher +++ b/doc/man/man3/crypto_lock.3monocypher @@ -2,8 +2,8 @@ .Dt CRYPTO_LOCK 3MONOCYPHER .Os .Sh NAME -.Nm crypto_aead_lock , -.Nm crypto_aead_unlock , +.Nm crypto_lock_aead , +.Nm crypto_unlock_aead , .Nm crypto_lock , .Nm crypto_unlock .Nd authenticated encryption with additional data @@ -28,7 +28,7 @@ .Fa "size_t text_size" .Fc .Ft void -.Fo crypto_aead_lock +.Fo crypto_lock_aead .Fa "uint8_t mac[16]" .Fa "uint8_t *cipher_text" .Fa "const uint8_t key[32]" @@ -39,7 +39,7 @@ .Fa "size_t text_size" .Fc .Ft int -.Fo crypto_aead_unlock +.Fo crypto_unlock_aead .Fa "uint8_t *plain_text" .Fa "const uint8_t key[32]" .Fa "const uint8_t nonce[24]" @@ -122,9 +122,9 @@ returns -1 immediately. Otherwise, it decrypts the message, then returns zero. .Em Always check the return value . .Pp -.Fn crypto_aead_lock +.Fn crypto_lock_aead and -.Fn crypto_aead_unlock +.Fn crypto_unlock_aead are variants of .Fn crypto_lock and @@ -168,12 +168,12 @@ An incremental interface is available; see .Sh RETURN VALUES .Fn crypto_lock and -.Fn crypto_aead_lock +.Fn crypto_lock_aead return nothing. They cannot fail. .Fn crypto_unlock and -.Fn crypto_aead_unlock +.Fn crypto_unlock_aead return 0 on success or -1 if the message was corrupted (i.e. .Fa mac mismatched the combination of @@ -260,10 +260,10 @@ XChacha20 derives from Chacha20 the same way XSalsa20 derives from Salsa20, and benefits from the same security reduction (proven secure as long as Chacha20 itself is secure). .Pp -.Fn crypto_aead_lock +.Fn crypto_lock_aead is equivalent to the following: .Bd -literal -offset indent -void crypto_aead_lock(uint8_t mac[16], uint8_t *cipher_text, +void crypto_lock_aead(uint8_t mac[16], uint8_t *cipher_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t *ad , size_t ad_size, diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher index 79247b1..e7a41f6 100644 --- a/doc/man/man3/crypto_lock_init.3monocypher +++ b/doc/man/man3/crypto_lock_init.3monocypher @@ -79,9 +79,9 @@ These functions are variants of .Xr crypto_lock 3monocypher , .Xr crypto_unlock 3monocypher , -.Xr crypto_aead_lock 3monocypher +.Xr crypto_lock_aead 3monocypher and -.Xr crypto_aead_unlock 3monocypher . +.Xr crypto_unlock_aead 3monocypher . Prefer those simpler functions if possible. .Pp This incremental interface can be used to encrypt and decrypt messages @@ -262,11 +262,11 @@ for (size_t i = 0; i < 500; i += 100) { crypto_lock_final(&ctx, mac); .Ed .Sh SEE ALSO -.Xr crypto_aead_lock 3monocypher , -.Xr crypto_aead_unlock 3monocypher , .Xr crypto_key_exchange 3monocypher , .Xr crypto_lock 3monocypher , +.Xr crypto_lock_aead 3monocypher , .Xr crypto_unlock 3monocypher , +.Xr crypto_unlock_aead 3monocypher , .Xr crypto_wipe 3monocypher , .Xr intro 3monocypher .Sh STANDARDS diff --git a/doc/man/man3/crypto_poly1305.3monocypher b/doc/man/man3/crypto_poly1305.3monocypher index 73df8fe..fccbd1a 100644 --- a/doc/man/man3/crypto_poly1305.3monocypher +++ b/doc/man/man3/crypto_poly1305.3monocypher @@ -184,7 +184,7 @@ use the .Em rest of the stream to encrypt your message. This is the approach used by -.Xr crypto_aead_lock 3monocypher . +.Xr crypto_lock_aead 3monocypher . .Ss Protection against side channels Use .Xr crypto_verify16 3monocypher diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher index 0cda408..8c2d02f 100644 --- a/doc/man/man3/crypto_sign.3monocypher +++ b/doc/man/man3/crypto_sign.3monocypher @@ -84,7 +84,7 @@ rarely secret. If the message needs to be secret, use .Xr crypto_key_exchange 3monocypher and -.Xr crypto_aead_lock 3monocypher +.Xr crypto_lock_aead 3monocypher instead. .Pp An incremental interface is available; see diff --git a/doc/man/man3/intro.3monocypher b/doc/man/man3/intro.3monocypher index 04f0fd4..19cdf97 100644 --- a/doc/man/man3/intro.3monocypher +++ b/doc/man/man3/intro.3monocypher @@ -60,8 +60,6 @@ wipes a buffer. It is meant to erase secrets when they are no longer needed, to reduce the chances of leaks. .Sh SEE ALSO -.Xr crypto_aead_lock 3monocypher , -.Xr crypto_aead_unlock 3monocypher , .Xr crypto_argon2i 3monocypher , .Xr crypto_argon2i_general 3monocypher , .Xr crypto_blake2b 3monocypher , @@ -82,6 +80,7 @@ the chances of leaks. .Xr crypto_check_update 3monocypher , .Xr crypto_key_exchange 3monocypher , .Xr crypto_lock 3monocypher , +.Xr crypto_lock_aead 3monocypher , .Xr crypto_lock_auth_ad 3monocypher , .Xr crypto_lock_auth_message 3monocypher , .Xr crypto_lock_final 3monocypher , @@ -98,6 +97,7 @@ the chances of leaks. .Xr crypto_sign_public_key 3monocypher , .Xr crypto_sign_update 3monocypher , .Xr crypto_unlock 3monocypher , +.Xr crypto_unlock_aead 3monocypher , .Xr crypto_unlock_auth_ad 3monocypher , .Xr crypto_unlock_auth_message 3monocypher , .Xr crypto_unlock_final 3monocypher , diff --git a/src/monocypher.c b/src/monocypher.c index b55d532..9a49137 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -1777,7 +1777,7 @@ int crypto_unlock_final(crypto_lock_ctx *ctx, const u8 mac[16]) return mismatch; } -void crypto_aead_lock(u8 mac[16], +void crypto_lock_aead(u8 mac[16], u8 *cipher_text, const u8 key[32], const u8 nonce[24], @@ -1791,7 +1791,7 @@ void crypto_aead_lock(u8 mac[16], crypto_lock_final (&ctx, mac); } -int crypto_aead_unlock(u8 *plain_text, +int crypto_unlock_aead(u8 *plain_text, const u8 key[32], const u8 nonce[24], const u8 mac[16], @@ -1818,7 +1818,7 @@ void crypto_lock(u8 mac[16], const u8 nonce[24], const u8 *plain_text, size_t text_size) { - crypto_aead_lock(mac, cipher_text, key, nonce, 0, 0, plain_text, text_size); + crypto_lock_aead(mac, cipher_text, key, nonce, 0, 0, plain_text, text_size); } int crypto_unlock(u8 *plain_text, @@ -1827,6 +1827,6 @@ int crypto_unlock(u8 *plain_text, const u8 mac[16], const u8 *cipher_text, size_t text_size) { - return crypto_aead_unlock(plain_text, key, nonce, mac, 0, 0, + return crypto_unlock_aead(plain_text, key, nonce, mac, 0, 0, cipher_text, text_size); } diff --git a/src/monocypher.h b/src/monocypher.h index f099888..b8b602d 100644 --- a/src/monocypher.h +++ b/src/monocypher.h @@ -99,13 +99,13 @@ int crypto_unlock(uint8_t *plain_text, const uint8_t *cipher_text, size_t text_size); // Direct interface with additional data -void crypto_aead_lock(uint8_t mac[16], +void crypto_lock_aead(uint8_t mac[16], uint8_t *cipher_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t *ad , size_t ad_size, const uint8_t *plain_text, size_t text_size); -int crypto_aead_unlock(uint8_t *plain_text, +int crypto_unlock_aead(uint8_t *plain_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t mac[16], diff --git a/tests/test.c b/tests/test.c index 8136406..d7c8a77 100644 --- a/tests/test.c +++ b/tests/test.c @@ -122,7 +122,7 @@ static void aead_ietf(const vector in[], vector *out) const vector *nonce = in + 1; const vector *ad = in + 2; const vector *text = in + 3; - crypto_aead_lock(out ->buf, out->buf + 16, key->buf, nonce->buf, + crypto_lock_aead(out ->buf, out->buf + 16, key->buf, nonce->buf, ad->buf, ad->size, text->buf, text->size); } @@ -636,11 +636,11 @@ static int p_aead() u8 box[24], box2[24]; u8 out[8]; // AEAD roundtrip - crypto_aead_lock(box, box+16, key, nonce, ad, 4, plaintext, 8); - status |= crypto_aead_unlock(out, key, nonce, box, ad, 4, box+16, 8); + crypto_lock_aead(box, box+16, key, nonce, ad, 4, plaintext, 8); + status |= crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8); status |= memcmp(plaintext, out, 8); box[0]++; - status |= !crypto_aead_unlock(out, key, nonce, box, ad, 4, box+16, 8); + status |= !crypto_unlock_aead(out, key, nonce, box, ad, 4, box+16, 8); // Authenticated roundtrip (easy interface) // Make and accept message @@ -654,7 +654,7 @@ static int p_aead() box[0]--; // undo forgery // Same result for both interfaces - crypto_aead_lock(box2, box2 + 16, key, nonce, 0, 0, plaintext, 8); + crypto_lock_aead(box2, box2 + 16, key, nonce, 0, 0, plaintext, 8); status |= memcmp(box, box2, 24); } printf("%s: aead\n", status != 0 ? "FAILED" : "OK"); @@ -683,7 +683,7 @@ static int p_lock_incremental() u8 mac1[16], cipher1[256]; u8 mac2[16], cipher2[256]; - crypto_aead_lock(mac1, cipher1, key, nonce, + crypto_lock_aead(mac1, cipher1, key, nonce, ad, ad_size, plain, text_size); crypto_lock_ctx ctx; crypto_lock_init (&ctx, key, nonce); @@ -698,7 +698,7 @@ static int p_lock_incremental() // Now test the round trip. u8 re_plain1[256]; u8 re_plain2[256]; - status |= crypto_aead_unlock(re_plain1, key, nonce, mac1, + status |= crypto_unlock_aead(re_plain1, key, nonce, mac1, ad, ad_size, cipher1, text_size); crypto_unlock_init (&ctx, key, nonce); crypto_unlock_auth_ad(&ctx, ad, ad_size); @@ -742,7 +742,7 @@ static int p_auth() crypto_lock_init (&ctx, key, nonce); crypto_lock_auth_ad(&ctx, ad, i); crypto_lock_final (&ctx, mac1); - crypto_aead_lock(mac2, 0, key, nonce, ad, i, 0, 0); + crypto_lock_aead(mac2, 0, key, nonce, ad, i, 0, 0); status |= memcmp(mac1, mac2, 16); } { @@ -750,7 +750,7 @@ static int p_auth() crypto_unlock_init (&ctx, key, nonce); crypto_unlock_auth_ad(&ctx, ad, i); status |= crypto_unlock_final(&ctx, mac1); - status |= crypto_aead_unlock(0, key, nonce, mac1, ad, i, 0, 0); + status |= crypto_unlock_aead(0, key, nonce, mac1, ad, i, 0, 0); } } printf("%s: aead (authentication)\n", status != 0 ? "FAILED" : "OK");