Spook authenticated encryption algorithm. More...

#include "aead-common.h"

Macros
#define	SPOOK_SU_KEY_SIZE 16
	Size of the key for the single-user version of Spook.

#define	SPOOK_MU_KEY_SIZE 32
	Size of the key for the multi-user version of Spook.

#define	SPOOK_TAG_SIZE 16
	Size of the authentication tag for all Spook family members.

#define	SPOOK_NONCE_SIZE 16
	Size of the nonce for all Spook family members.

Functions
int	spook_128_512_su_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with Spook-128-512-su. More...

int	spook_128_512_su_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with Spook-128-512-su. More...

int	spook_128_384_su_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with Spook-128-384-su. More...

int	spook_128_384_su_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with Spook-128-384-su. More...

int	spook_128_512_mu_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with Spook-128-512-mu. More...

int	spook_128_512_mu_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with Spook-128-512-mu. More...

int	spook_128_384_mu_aead_encrypt (unsigned char c, unsigned long long clen, const unsigned char m, unsigned long long mlen, const unsigned char ad, unsigned long long adlen, const unsigned char nsec, const unsigned char npub, const unsigned char *k)
	Encrypts and authenticates a packet with Spook-128-384-mu. More...

int	spook_128_384_mu_aead_decrypt (unsigned char m, unsigned long long mlen, unsigned char nsec, const unsigned char c, unsigned long long clen, const unsigned char ad, unsigned long long adlen, const unsigned char npub, const unsigned char *k)
	Decrypts and authenticates a packet with Spook-128-384-mu. More...

Variables
aead_cipher_t const	spook_128_512_su_cipher
	Meta-information block for the Spook-128-512-su cipher.

aead_cipher_t const	spook_128_384_su_cipher
	Meta-information block for the Spook-128-384-su cipher.

aead_cipher_t const	spook_128_512_mu_cipher
	Meta-information block for the Spook-128-512-mu cipher.

aead_cipher_t const	spook_128_384_mu_cipher
	Meta-information block for the Spook-128-384-mu cipher.

Detailed Description

Spook authenticated encryption algorithm.

Spook is a family of authenticated encryption algorithms that are built around a tweakable block cipher and a permutation. If the tweakable block cipher is implemented as a masked block cipher, then Spook provides protection against power analysis side channels.

There are four members in the Spook family:

Spook-128-512-su with a 128-bit key, a 128-bit nonce, and a 128-bit tag. Internally the algorithm uses a 512-bit permutation. This is the primary member of the family.
Spook-128-384-su with a 128-bit key, a 128-bit nonce, and a 128-bit tag. Internally the algorithm uses a 384-bit permutation.
Spook-128-512-mu with a 128-bit key, a 128-bit public tweak, a 128-bit nonce, and a 128-bit tag. Internally the algorithm uses a 512-bit permutation.
Spook-128-512-mu with a 128-bit key, a 128-bit public tweak, a 128-bit nonce, and a 128-bit tag. Internally the algorithm uses a 384-bit permutation.

In this library, the "mu" (multi-user) variants combine the 128-bit key and the 128-bit public tweak into a single 256-bit key value. Applications can either view this as a cipher with a 256-bit key, or they can split the key value into secret and public halves. Even with the use of 256-bit keys, Spook only has 128-bit security.

References: https://www.spook.dev/

Function Documentation

int spook_128_384_mu_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with Spook-128-384-mu.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: spook_128_384_mu_aead_encrypt()

int spook_128_384_mu_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with Spook-128-384-mu.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: spook_128_384_mu_aead_decrypt()

int spook_128_384_su_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with Spook-128-384-su.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: spook_128_384_su_aead_encrypt()

int spook_128_384_su_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with Spook-128-384-su.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: spook_128_384_su_aead_decrypt()

int spook_128_512_mu_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with Spook-128-512-mu.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: spook_128_512_mu_aead_encrypt()

int spook_128_512_mu_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with Spook-128-512-mu.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 32 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: spook_128_512_mu_aead_decrypt()

int spook_128_512_su_aead_decrypt	(	unsigned char *	m,
		unsigned long long *	mlen,
		unsigned char *	nsec,
		const unsigned char *	c,
		unsigned long long	clen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with Spook-128-512-su.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
nsec	Secret nonce - not used by this algorithm.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also: spook_128_512_su_aead_encrypt()

int spook_128_512_su_aead_encrypt	(	unsigned char *	c,
		unsigned long long *	clen,
		const unsigned char *	m,
		unsigned long long	mlen,
		const unsigned char *	ad,
		unsigned long long	adlen,
		const unsigned char *	nsec,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with Spook-128-512-su.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
nsec	Secret nonce - not used by this algorithm.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

Returns: 0 on success, or a negative value if there was an error in the parameters.

See Also: spook_128_512_su_aead_decrypt()

Macros

Functions

Variables

Detailed Description

Function Documentation