|
Lightweight Cryptography Primitives
|
|
Lightweight Cryptography Primitives
|
Romulus-M authenticated encryption algorithm. More...
#include <stddef.h>Go to the source code of this file.
Macros | |
| #define | ROMULUS_M_KEY_SIZE 16 |
| Size of the key for Romulus-M. | |
| #define | ROMULUS_M_TAG_SIZE 16 |
| Size of the authentication tag for Romulus-M. | |
| #define | ROMULUS_M_NONCE_SIZE 16 |
| Size of the nonce for Romulus-M. | |
Functions | |
| int | romulus_m_aead_encrypt (unsigned char *c, size_t *clen, const unsigned char *m, size_t mlen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k) |
| Encrypts and authenticates a packet with Romulus-M. More... | |
| int | romulus_m_aead_decrypt (unsigned char *m, size_t *mlen, const unsigned char *c, size_t clen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k) |
| Decrypts and authenticates a packet with Romulus-M. More... | |
Romulus-M authenticated encryption algorithm.
Romulus is a family of authenticated encryption algorithms that are built around the SKINNY-128-384+ tweakable block cipher. This API implements the Romulus-N variant which has a 128-bit key, a 128-bit nonce, and a 128-bit tag.
The Romulus-M variant is resistant to nonce reuse as long as the combination of the associated data and plaintext is unique. If the same associated data and plaintext are reused under the same nonce, then the scheme will leak that the same plaintext has been sent for a second time but will not reveal the plaintext itself.
References: https://romulusae.github.io/romulus/
| int romulus_m_aead_decrypt | ( | unsigned char * | m, |
| size_t * | mlen, | ||
| const unsigned char * | c, | ||
| size_t | clen, | ||
| const unsigned char * | ad, | ||
| size_t | adlen, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Decrypts and authenticates a packet with Romulus-M.
| m | Buffer to receive the plaintext message on output. |
| mlen | Receives the length of the plaintext message on output. |
| c | Buffer that contains the ciphertext and authentication tag to decrypt. |
| clen | Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 16 bytes of the key to use to decrypt the packet. |
| int romulus_m_aead_encrypt | ( | unsigned char * | c, |
| size_t * | clen, | ||
| const unsigned char * | m, | ||
| size_t | mlen, | ||
| const unsigned char * | ad, | ||
| size_t | adlen, | ||
| const unsigned char * | npub, | ||
| const unsigned char * | k | ||
| ) |
Encrypts and authenticates a packet with Romulus-M.
| c | Buffer to receive the output. |
| clen | On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag. |
| m | Buffer that contains the plaintext message to encrypt. |
| mlen | Length of the plaintext message in bytes. |
| ad | Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted. |
| adlen | Length of the associated data in bytes. |
| npub | Points to the public nonce for the packet which must be 16 bytes in length. |
| k | Points to the 16 bytes of the key to use to encrypt the packet. |
1.8.6