DryGASCON authenticated encryption algorithm. More...

#include "aead-common.h"

Macros
#define	DRYGASCON128_MINKEY_SIZE 16
	Minimum Size of the key for DryGASCON128.

#define	DRYGASCON128_FASTKEY_SIZE 32
	Fast Size of the key for DryGASCON128.

#define	DRYGASCON128_SAFEKEY_SIZE 56
	Safe (and fast) Size of the key for DryGASCON128. Safe here means the size of the key helps prevent SPA during key loading.

#define	DRYGASCON128_KEY_SIZE DRYGASCON128_FASTKEY_SIZE
	Size of the key for DryGASCON128 (default to "fast" size).

#define	DRYGASCON128_TAG_SIZE 16
	Size of the authentication tag for DryGASCON128.

#define	DRYGASCON128_NONCE_SIZE 16
	Size of the nonce for DryGASCON128.

#define	DRYGASCON128_HASH_SIZE 32
	Size of the hash output for DryGASCON128-HASH.

#define	DRYGASCON256_KEY_SIZE 32
	Size of the key for DryGASCON256.

#define	DRYGASCON256_TAG_SIZE 32
	Size of the authentication tag for DryGASCON256.

#define	DRYGASCON256_NONCE_SIZE 16
	Size of the nonce for DryGASCON256.

#define	DRYGASCON256_HASH_SIZE 64
	Size of the hash output for DryGASCON256-HASH.

Functions
int	drygascon128k32_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with DryGASCON128 with 32 bytes key. More...

int	drygascon128k32_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with DryGASCON128 with 32 bytes key. More...

int	drygascon128k56_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with DryGASCON128 with 56 bytes key. More...

int	drygascon128k56_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with DryGASCON128 with 56 bytes key. More...

int	drygascon128k16_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with DryGASCON128 with 16 bytes key. More...

int	drygascon128k16_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with DryGASCON128 with 16 bytes key. More...

int	drygascon256_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with DryGASCON256. More...

int	drygascon256_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with DryGASCON256. More...

int	drygascon128_hash (unsigned char out, const unsigned char in, unsigned long long inlen)
	Hashes a block of input data with DRYGASCON128. More...

int	drygascon256_hash (unsigned char out, const unsigned char in, unsigned long long inlen)
	Hashes a block of input data with DRYGASCON256. More...

Variables
aead_cipher_t const	drygascon128k32_cipher
	Meta-information block for the DryGASCON128 cipher with 32 bytes key.

aead_cipher_t const	drygascon128k56_cipher
	Meta-information block for the DryGASCON128 cipher with 56 bytes key.

aead_cipher_t const	drygascon128k16_cipher
	Meta-information block for the DryGASCON128 cipher with 16 bytes key.

aead_cipher_t const	drygascon128_cipher
	Meta-information block for the DryGASCON128 cipher (default to 32 bytes key).

aead_cipher_t const	drygascon256_cipher
	Meta-information block for the DryGASCON256 cipher.

aead_hash_algorithm_t const	drygascon128_hash_algorithm
	Meta-information block for DryGASCON128-HASH.

aead_hash_algorithm_t const	drygascon256_hash_algorithm
	Meta-information block for DryGASCON256-HASH.

Detailed Description

DryGASCON authenticated encryption algorithm.

DryGASCON is a family of authenticated encryption algorithms based around a generalised version of the ASCON permutation. DryGASCON is designed to provide some protection against power analysis.

There are four algorithms in the DryGASCON family:

DryGASCON128 is an authenticated encryption algorithm with a 128-bit key, a 128-bit nonce, and a 128-bit authentication tag.
DryGASCON256 is an authenticated encryption algorithm with a 256-bit key, a 128-bit nonce, and a 128-256 authentication tag.
DryGASCON128-HASH is a hash algorithm with a 256-bit output.
DryGASCON256-HASH is a hash algorithm with a 512-bit output.

DryGASCON128 and DryGASCON128-HASH are the primary members of the family.

References: https://github.com/sebastien-riou/DryGASCON

Function Documentation

int drygascon128_hash	(	unsigned char *	out,
		const unsigned char *	in,
		unsigned long long	inlen
	)

Hashes a block of input data with DRYGASCON128.

Parameters

out	Buffer to receive the hash output which must be at least DRYGASCON128_HASH_SIZE bytes in length.
in	Points to the input data to be hashed.
inlen	Length of the input data in bytes.

Returns: Returns zero on success or -1 if there was an error in the parameters.

int drygascon128k16_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with DryGASCON128 with 16 bytes key.

Use this key size only if you really cannot use the 32 bytes key.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: drygascon128k16_aead_encrypt()

int drygascon128k16_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with DryGASCON128 with 16 bytes key.

Use this key size only if you really cannot use the 32 bytes key.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: drygascon128k16_aead_decrypt()

int drygascon128k32_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with DryGASCON128 with 32 bytes key.

Use this key size if SPA attacks are not a concern in your use case.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to decrypt the packet.

Note that the function blocks if the 16 last bytes of the key are "invalid". Here "invalid" means that 32 bit words shall be different from each other.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: drygascon128k32_aead_encrypt()

int drygascon128k32_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with DryGASCON128 with 32 bytes key.

Use this key size if SPA attacks are not a concern in your use case.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to encrypt the packet.

Note that the function blocks if the 16 last bytes of the key are "invalid". Here "invalid" means that 32 bit words shall be different from each other.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: drygascon128k32_aead_decrypt()

int drygascon128k56_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with DryGASCON128 with 56 bytes key.

Use this key size if you want to prevent SPA attacks

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 56 bytes of the key to use to decrypt the packet.

Note that the function blocks if the 16 last bytes of the key are "invalid". Here "invalid" means that 32 bit words shall be different from each other.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: drygascon128k56_aead_encrypt()

int drygascon128k56_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with DryGASCON128 with 56 bytes key.

Use this key size if you want to prevent SPA attacks

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 56 bytes of the key to use to encrypt the packet.

Note that the function blocks if the 16 last bytes of the key are "invalid". Here "invalid" means that 32 bit words shall be different from each other.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: drygascon128k56_aead_decrypt()

int drygascon256_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with DryGASCON256.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: drygascon256_aead_encrypt()

int drygascon256_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with DryGASCON256.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: drygascon256_aead_decrypt()

int drygascon256_hash	(	unsigned char *	out,
		const unsigned char *	in,
		unsigned long long	inlen
	)

Hashes a block of input data with DRYGASCON256.

Parameters

out	Buffer to receive the hash output which must be at least DRYGASCON256_HASH_SIZE bytes in length.
in	Points to the input data to be hashed.
inlen	Length of the input data in bytes.

Returns: Returns zero on success or -1 if there was an error in the parameters.

Macros

Functions

Variables

Detailed Description

Function Documentation