|
Lightweight Cryptography Primitives
|
|
Lightweight Cryptography Primitives
|
Masked version of the Gimli authenticated encryption algorithm. More...
#include "aead-common.h"Go to the source code of this file.
Data Structures | |
| union | gimli24_hash_state_t |
| State information for GIMLI-24-HASH incremental modes. More... | |
Macros | |
| #define | GIMLI24_KEY_SIZE 32 |
| Size of the key for GIMLI-24. | |
| #define | GIMLI24_NONCE_SIZE 16 |
| Size of the nonce for GIMLI-24. | |
| #define | GIMLI24_TAG_SIZE 16 |
| Size of the authentication tag for GIMLI-24. | |
| #define | GIMLI24_HASH_SIZE 32 |
| Size of the hash output for GIMLI-24. | |
Functions | |
| int | gimli24_aead_encrypt (unsigned char *c, unsigned long long *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k) |
| Encrypts and authenticates a packet with GIMLI-24 using the full AEAD mode. More... | |
| int | gimli24_aead_decrypt (unsigned char *m, unsigned long long *mlen, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) |
| Decrypts and authenticates a packet with GIMLI-24 using the full AEAD mode. More... | |
| int | gimli24_hash (unsigned char *out, const unsigned char *in, unsigned long long inlen) |
| Hashes a block of input data with GIMLI-24 to generate a hash value. More... | |
| void | gimli24_hash_init (gimli24_hash_state_t *state) |
| Initializes the state for a GIMLI-24-HASH hashing operation. More... | |
| void | gimli24_hash_absorb (gimli24_hash_state_t *state, const unsigned char *in, unsigned long long inlen) |
| Aborbs more input data into a GIMLI-24-HASH state. More... | |
| void | gimli24_hash_squeeze (gimli24_hash_state_t *state, unsigned char *out, unsigned long long outlen) |
| Squeezes output data from an GIMLI-24-HASH state. More... | |
| void | gimli24_hash_finalize (gimli24_hash_state_t *state, unsigned char *out) |
| Returns the final hash value from a GIMLI-24-HASH hashing operation. More... | |
Variables | |
| aead_cipher_t const | gimli24_cipher |
| Meta-information block for the GIMLI-24 cipher. | |
| aead_hash_algorithm_t const | gimli24_hash_algorithm |
| Meta-information block for the GIMLI-24-HASH algorithm. More... | |
Masked version of the Gimli authenticated encryption algorithm.
Gimli authenticated encryption algorithm.
This algorithm is experimental and is not one of the NIST competition submissions. It uses a masked version of the GIMLI24 permutation to absorb the key and nonce in the first block, and then switches to the regular GIMLI24 permutation for the associated data and plaintext.
The theory (as yet unproven) is that this construction will provide some protection for the key against power analysis side channels. Please let me know what I've done wrong if this theory is incorrect.
References: https://gimli.cr.yp.to/
GIMLI-24-CIPHER has a 256-bit key, a 128-bit nonce, and a 128-bit tag. It is the spiritual successor to the widely used ChaCha20 and has a similar design.
This library also includes an implementation of the hash algorithm GIMLI-24-HASH in both regular hashing and XOF modes.
References: https://gimli.cr.yp.to/
| int gimli24_aead_decrypt | ( | unsigned char * | m, |
| unsigned long long * | mlen, | ||
| unsigned char * | nsec, | ||
| const unsigned char * | c, | ||
| unsigned long long | clen, | ||
| const unsigned char * | ad, | ||
| unsigned long long | adlen, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Decrypts and authenticates a packet with GIMLI-24 using the full AEAD mode.
| m | Buffer to receive the plaintext message on output. |
| mlen | Receives the length of the plaintext message on output. |
| nsec | Secret nonce - not used by this algorithm. |
| c | Buffer that contains the ciphertext and authentication tag to decrypt. |
| clen | Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 32 bytes of the key to use to decrypt the packet. |
| int gimli24_aead_encrypt | ( | unsigned char * | c, |
| unsigned long long * | clen, | ||
| const unsigned char * | m, | ||
| unsigned long long | mlen, | ||
| const unsigned char * | ad, | ||
| unsigned long long | adlen, | ||
| const unsigned char * | nsec, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Encrypts and authenticates a packet with GIMLI-24 using the full AEAD mode.
| c | Buffer to receive the output. |
| clen | On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag. |
| m | Buffer that contains the plaintext message to encrypt. |
| mlen | Length of the plaintext message in bytes. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| nsec | Secret nonce - not used by this algorithm. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 32 bytes of the key to use to encrypt the packet. |
| int gimli24_hash | ( | unsigned char * | out, |
| const unsigned char * | in, | ||
| unsigned long long | inlen | ||
| ) |
Hashes a block of input data with GIMLI-24 to generate a hash value.
| out | Buffer to receive the hash output which must be at least GIMLI24_HASH_SIZE bytes in length. |
| in | Points to the input data to be hashed. |
| inlen | Length of the input data in bytes. |
| void gimli24_hash_absorb | ( | gimli24_hash_state_t * | state, |
| const unsigned char * | in, | ||
| unsigned long long | inlen | ||
| ) |
Aborbs more input data into a GIMLI-24-HASH state.
| state | Hash state to be updated. |
| in | Points to the input data to be absorbed into the state. |
| inlen | Length of the input data to be absorbed into the state. |
| void gimli24_hash_finalize | ( | gimli24_hash_state_t * | state, |
| unsigned char * | out | ||
| ) |
Returns the final hash value from a GIMLI-24-HASH hashing operation.
| state | Hash state to be finalized. |
| out | Points to the output buffer to receive the hash value. |
| void gimli24_hash_init | ( | gimli24_hash_state_t * | state | ) |
Initializes the state for a GIMLI-24-HASH hashing operation.
| state | Hash state to be initialized. |
| void gimli24_hash_squeeze | ( | gimli24_hash_state_t * | state, |
| unsigned char * | out, | ||
| unsigned long long | outlen | ||
| ) |
Squeezes output data from an GIMLI-24-HASH state.
| state | Hash state to squeeze the output data from. |
| out | Points to the output buffer to receive the squeezed data. |
| outlen | Number of bytes of data to squeeze out of the state. |
| aead_hash_algorithm_t const gimli24_hash_algorithm |
Meta-information block for the GIMLI-24-HASH algorithm.
This meta-information block can also be used in XOF mode.
1.8.6