isap-k-aead-pk.h File Reference

ISAP-K authenticated encryption algorithm with pre-computed keys. More...

#include "isap-k-aead.h"

Go to the source code of this file.

Data Structures
struct	isap_keccak_128a_key_t
	Pre-computed key information for ISAP-K-128A. More...
struct	isap_keccak_128_key_t
	Pre-computed key information for ISAP-K-128. More...

Functions
int	isap_keccak_128a_aead_pk_init (isap_keccak_128a_key_t *pk, const unsigned char *k)
	Initializes a pre-computed key for ISAP-K-128A. More...
int	isap_keccak_128a_aead_pk_encrypt (unsigned char *c, size_t *clen, const unsigned char *m, size_t mlen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const isap_keccak_128a_key_t *pk)
	Encrypts and authenticates a packet with ISAP-K-128A and pre-computed keys. More...
int	isap_keccak_128a_aead_pk_decrypt (unsigned char *m, size_t *mlen, const unsigned char *c, size_t clen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const isap_keccak_128a_key_t *pk)
	Decrypts and authenticates a packet with ISAP-K-128A and pre-computed keys. More...
int	isap_keccak_128_aead_pk_init (isap_keccak_128_key_t *pk, const unsigned char *k)
	Initializes a pre-computed key for ISAP-K-128. More...
int	isap_keccak_128_aead_pk_encrypt (unsigned char *c, size_t *clen, const unsigned char *m, size_t mlen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const isap_keccak_128_key_t *pk)
	Encrypts and authenticates a packet with ISAP-K-128 and pre-computed keys. More...
int	isap_keccak_128_aead_pk_decrypt (unsigned char *m, size_t *mlen, const unsigned char *c, size_t clen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const isap_keccak_128_key_t *pk)
	Decrypts and authenticates a packet with ISAP-K-128 and pre-computed keys. More...

Detailed Description

ISAP-K authenticated encryption algorithm with pre-computed keys.

This version of ISAP-K provides an alternative API where the keys are expanded ahead of time. This is intended to limit leakage of information about the key bits. The key is loaded once during a session rather than repeatedly each time encryption or decryption is performed.

If a device has a long-lived key, then the pre-computed key could be stored in ROM or flash memory and thus avoid leakage of loading the key bits at runtime.

References: https://isap.iaik.tugraz.at/

Function Documentation

int isap_keccak_128_aead_pk_decrypt	(	unsigned char *	m,
		size_t *	mlen,
		const unsigned char *	c,
		size_t	clen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const isap_keccak_128_key_t *	pk
	)

Decrypts and authenticates a packet with ISAP-K-128 and pre-computed keys.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
pk	Points to the pre-computed key value.

Returns

0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also

isap_keccak_128_aead_pk_encrypt(), isap_keccak_128_aead_pk_init()

int isap_keccak_128_aead_pk_encrypt	(	unsigned char *	c,
		size_t *	clen,
		const unsigned char *	m,
		size_t	mlen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const isap_keccak_128_key_t *	pk
	)

Encrypts and authenticates a packet with ISAP-K-128 and pre-computed keys.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
pk	Points to the pre-computed key value.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

isap_keccak_128_aead_pk_decrypt(), isap_keccak_128_aead_pk_init()

int isap_keccak_128_aead_pk_init	(	isap_keccak_128_key_t *	pk,
		const unsigned char *	k
	)

Initializes a pre-computed key for ISAP-K-128.

Parameters

pk	Points to the object to receive the pre-computed key value.
k	Points to the 16 bytes of the key.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

isap_keccak_128_aead_pk_encrypt(), isap_keccak_128_aead_pk_decrypt()

int isap_keccak_128a_aead_pk_decrypt	(	unsigned char *	m,
		size_t *	mlen,
		const unsigned char *	c,
		size_t	clen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const isap_keccak_128a_key_t *	pk
	)

Decrypts and authenticates a packet with ISAP-K-128A and pre-computed keys.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
pk	Points to the pre-computed key value.

Returns

0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See Also

isap_keccak_128a_aead_pk_encrypt(), isap_keccak_128a_aead_pk_init()

int isap_keccak_128a_aead_pk_encrypt	(	unsigned char *	c,
		size_t *	clen,
		const unsigned char *	m,
		size_t	mlen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const isap_keccak_128a_key_t *	pk
	)

Encrypts and authenticates a packet with ISAP-K-128A and pre-computed keys.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
pk	Points to the pre-computed key value.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

isap_keccak_128a_aead_pk_decrypt(), isap_keccak_128a_aead_pk_init()

int isap_keccak_128a_aead_pk_init	(	isap_keccak_128a_key_t *	pk,
		const unsigned char *	k
	)

Initializes a pre-computed key for ISAP-K-128A.

Parameters

pk	Points to the object to receive the pre-computed key value.
k	Points to the 16 bytes of the key.

Returns

0 on success, or a negative value if there was an error in the parameters.

See Also

isap_keccak_128a_aead_pk_encrypt(), isap_keccak_128a_aead_pk_decrypt()