|
Lightweight Cryptography Primitives
|
|
Lightweight Cryptography Primitives
|
ESTATE authenticated encryption algorithm. More...
#include "aead-common.h"Go to the source code of this file.
Macros | |
| #define | ESTATE_TWEGIFT_KEY_SIZE 16 |
| Size of the key for ESTATE_TweGIFT-128. | |
| #define | ESTATE_TWEGIFT_TAG_SIZE 16 |
| Size of the authentication tag for ESTATE_TweGIFT-128. | |
| #define | ESTATE_TWEGIFT_NONCE_SIZE 16 |
| Size of the nonce for ESTATE_TweGIFT-128. | |
Functions | |
| int | estate_twegift_aead_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k) |
| Encrypts and authenticates a packet with ESTATE_TweGIFT-128. More... | |
| int | estate_twegift_aead_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) |
| Decrypts and authenticates a packet with ESTATE_TweGIFT-128. More... | |
Variables | |
| aead_cipher_t const | estate_twegift_cipher |
| Meta-information block for the ESTATE_TweGIFT-128 cipher. | |
ESTATE authenticated encryption algorithm.
ESTATE_TweGIFT-128 is an authenticated encryption algorithm with a 128-bit key, a 128-bit nonce, and a 128-bit tag. It is a two-pass algorithm that is built around a tweaked version of the GIFT-128 block cipher, the FCBC authentication mode, and the OFB encryption mode.
ESTATE is resistant against nonce reuse as long as the combination of the associated data and plaintext is unique.
If a nonce is reused then two packets with the same nonce, associated data, and plaintext will encrypt to the same ciphertext. This will leak that the same plaintext has been sent for a second time but will not reveal the plaintext itself.
The ESTATE family also includes variants build around tweaked versions of the AES block cipher. We do not implement those variants in this library.
| int estate_twegift_aead_decrypt | ( | unsigned char * | m, |
| unsigned long long * | mlen, | ||
| unsigned char * | nsec, | ||
| const unsigned char * | c, | ||
| unsigned long long | clen, | ||
| const unsigned char * | ad, | ||
| unsigned long long | adlen, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Decrypts and authenticates a packet with ESTATE_TweGIFT-128.
| m | Buffer to receive the plaintext message on output. |
| mlen | Receives the length of the plaintext message on output. |
| nsec | Secret nonce - not used by this algorithm. |
| c | Buffer that contains the ciphertext and authentication tag to decrypt. |
| clen | Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 16 bytes of the key to use to decrypt the packet. |
| int estate_twegift_aead_encrypt | ( | unsigned char * | c, |
| unsigned long long * | clen, | ||
| const unsigned char * | m, | ||
| unsigned long long | mlen, | ||
| const unsigned char * | ad, | ||
| unsigned long long | adlen, | ||
| const unsigned char * | nsec, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Encrypts and authenticates a packet with ESTATE_TweGIFT-128.
| c | Buffer to receive the output. |
| clen | On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag. |
| m | Buffer that contains the plaintext message to encrypt. |
| mlen | Length of the plaintext message in bytes. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| nsec | Secret nonce - not used by this algorithm. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 16 bytes of the key to use to encrypt the packet. |
1.8.6