Lightweight Cryptography Primitives
 All Data Structures Files Functions Variables Typedefs Macros Pages
Macros | Functions
romulus-m-aead.h File Reference

Romulus-M authenticated encryption algorithm. More...

#include <stddef.h>

Go to the source code of this file.

Macros

#define ROMULUS_M_KEY_SIZE   16
 Size of the key for Romulus-M.
 
#define ROMULUS_M_TAG_SIZE   16
 Size of the authentication tag for Romulus-M.
 
#define ROMULUS_M_NONCE_SIZE   16
 Size of the nonce for Romulus-M.
 

Functions

int romulus_m_aead_encrypt (unsigned char *c, size_t *clen, const unsigned char *m, size_t mlen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
 Encrypts and authenticates a packet with Romulus-M. More...
 
int romulus_m_aead_decrypt (unsigned char *m, size_t *mlen, const unsigned char *c, size_t clen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
 Decrypts and authenticates a packet with Romulus-M. More...
 

Detailed Description

Romulus-M authenticated encryption algorithm.

Romulus is a family of authenticated encryption algorithms that are built around the SKINNY-128-384+ tweakable block cipher. This API implements the Romulus-N variant which has a 128-bit key, a 128-bit nonce, and a 128-bit tag.

The Romulus-M variant is resistant to nonce reuse as long as the combination of the associated data and plaintext is unique. If the same associated data and plaintext are reused under the same nonce, then the scheme will leak that the same plaintext has been sent for a second time but will not reveal the plaintext itself.

References: https://romulusae.github.io/romulus/

Function Documentation

int romulus_m_aead_decrypt ( unsigned char *  m,
size_t *  mlen,
const unsigned char *  c,
size_t  clen,
const unsigned char *  ad,
size_t  adlen,
const unsigned char *  npub,
const unsigned char *  k 
)

Decrypts and authenticates a packet with Romulus-M.

Parameters
mBuffer to receive the plaintext message on output.
mlenReceives the length of the plaintext message on output.
cBuffer that contains the ciphertext and authentication tag to decrypt.
clenLength of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
adBuffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlenLength of the associated data in bytes.
npubPoints to the public nonce for the packet which must be 16 bytes in length.
kPoints to the 16 bytes of the key to use to decrypt the packet.
Returns
0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.
See Also
romulus_m_aead_encrypt()
int romulus_m_aead_encrypt ( unsigned char *  c,
size_t *  clen,
const unsigned char *  m,
size_t  mlen,
const unsigned char *  ad,
size_t  adlen,
const unsigned char *  npub,
const unsigned char *  k 
)

Encrypts and authenticates a packet with Romulus-M.

Parameters
cBuffer to receive the output.
clenOn exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
mBuffer that contains the plaintext message to encrypt.
mlenLength of the plaintext message in bytes.
adBuffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlenLength of the associated data in bytes.
npubPoints to the public nonce for the packet which must be 16 bytes in length.
kPoints to the 16 bytes of the key to use to encrypt the packet.
Returns
0 on success, or a negative value if there was an error in the parameters.
See Also
romulus_m_aead_decrypt()