[PATCH 1/3] cipher: Remove more public key vestiges from cipher internals

[PATCH 1/3] cipher: Remove more public key vestiges from cipher internals

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 1788 bytes --]

---
 ell/cipher.c | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/ell/cipher.c b/ell/cipher.c
index 139331e..ac5248a 100644
--- a/ell/cipher.c
+++ b/ell/cipher.c
@@ -77,17 +77,6 @@ struct af_alg_iv {
 #define SOL_ALG 279
 #endif
 
-#ifndef ALG_OP_SIGN
-#define ALG_OP_SIGN	2
-#endif
-#ifndef ALG_OP_VERIFY
-#define ALG_OP_VERIFY	3
-#endif
-
-#ifndef ALG_SET_PUBKEY
-#define ALG_SET_PUBKEY	6
-#endif
-
 #define is_valid_type(type)  ((type) <= L_CIPHER_DES3_EDE_CBC)
 
 struct l_cipher {
@@ -97,11 +86,10 @@ struct l_cipher {
 };
 
 static int create_alg(const char *alg_type, const char *alg_name,
-			const void *key, size_t key_length, bool public)
+			const void *key, size_t key_length)
 {
 	struct sockaddr_alg salg;
 	int sk;
-	int keyopt;
 	int ret;
 
 	sk = socket(PF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
@@ -118,8 +106,7 @@ static int create_alg(const char *alg_type, const char *alg_name,
 		return -1;
 	}
 
-	keyopt = public ? ALG_SET_PUBKEY : ALG_SET_KEY;
-	if (setsockopt(sk, SOL_ALG, keyopt, key, key_length) < 0) {
+	if (setsockopt(sk, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
 		close(sk);
 		return -1;
 	}
@@ -164,13 +151,11 @@ LIB_EXPORT struct l_cipher *l_cipher_new(enum l_cipher_type type,
 		break;
 	}
 
-	cipher->encrypt_sk = create_alg("skcipher", alg_name, key, key_length,
-					false);
+	cipher->encrypt_sk = create_alg("skcipher", alg_name, key, key_length);
 	if (cipher->encrypt_sk < 0)
 		goto error_free;
 
-	cipher->decrypt_sk = create_alg("skcipher", alg_name, key, key_length,
-					false);
+	cipher->decrypt_sk = create_alg("skcipher", alg_name, key, key_length);
 	if (cipher->decrypt_sk < 0)
 		goto error_close;
 
-- 
2.11.0

[PATCH 2/3] cipher: Add AEAD API with AES-CCM

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 10422 bytes --]

Add new function calls to handle encryption and decryption for
authenticated encryption with associated data (AEAD).

The only AEAD cipher supported so far is AES-CCM.

Requires kernel v4.10 or later for l_cipher_encrypt_aead() and
l_cipher_decrypt_aead() to return the correct length. Earlier kernels have a
bug in AF_ALG aead sockets.
---
 ell/cipher.c | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++++------
 ell/cipher.h |  15 +++++
 2 files changed, 193 insertions(+), 20 deletions(-)

diff --git a/ell/cipher.c b/ell/cipher.c
index ac5248a..7142319 100644
--- a/ell/cipher.c
+++ b/ell/cipher.c
@@ -28,6 +28,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <sys/socket.h>
+#include <alloca.h>
 
 #include "util.h"
 #include "cipher.h"
@@ -86,7 +87,7 @@ struct l_cipher {
 };
 
 static int create_alg(const char *alg_type, const char *alg_name,
-			const void *key, size_t key_length)
+			const void *key, size_t key_length, size_t tag_length)
 {
 	struct sockaddr_alg salg;
 	int sk;
@@ -111,18 +112,26 @@ static int create_alg(const char *alg_type, const char *alg_name,
 		return -1;
 	}
 
+	if (tag_length && setsockopt(sk, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL,
+					tag_length)) {
+		close(sk);
+		return -1;
+	}
+
 	ret = accept4(sk, NULL, 0, SOCK_CLOEXEC);
 	close(sk);
 
 	return ret;
 }
 
-LIB_EXPORT struct l_cipher *l_cipher_new(enum l_cipher_type type,
+LIB_EXPORT struct l_cipher *l_cipher_new_aead(enum l_cipher_type type,
 						const void *key,
-						size_t key_length)
+						size_t key_length,
+						size_t tag_length)
 {
 	struct l_cipher *cipher;
 	const char *alg_name;
+	const char *type_name;
 
 	if (unlikely(!key))
 		return NULL;
@@ -136,26 +145,37 @@ LIB_EXPORT struct l_cipher *l_cipher_new(enum l_cipher_type type,
 	switch (type) {
 	case L_CIPHER_AES:
 		alg_name = "ecb(aes)";
+		type_name = "skcipher";
 		break;
 	case L_CIPHER_AES_CBC:
 		alg_name = "cbc(aes)";
+		type_name = "skcipher";
+		break;
+	case L_CIPHER_AES_CCM:
+		alg_name = "ccm(aes)";
+		type_name = "aead";
 		break;
 	case L_CIPHER_ARC4:
 		alg_name = "ecb(arc4)";
+		type_name = "skcipher";
 		break;
 	case L_CIPHER_DES:
 		alg_name = "ecb(des)";
+		type_name = "skcipher";
 		break;
 	case L_CIPHER_DES3_EDE_CBC:
 		alg_name = "cbc(des3_ede)";
+		type_name = "skcipher";
 		break;
 	}
 
-	cipher->encrypt_sk = create_alg("skcipher", alg_name, key, key_length);
+	cipher->encrypt_sk = create_alg(type_name, alg_name, key, key_length,
+					tag_length);
 	if (cipher->encrypt_sk < 0)
 		goto error_free;
 
-	cipher->decrypt_sk = create_alg("skcipher", alg_name, key, key_length);
+	cipher->decrypt_sk = create_alg(type_name, alg_name, key, key_length,
+					tag_length);
 	if (cipher->decrypt_sk < 0)
 		goto error_close;
 
@@ -168,6 +188,13 @@ error_free:
 	return NULL;
 }
 
+LIB_EXPORT struct l_cipher *l_cipher_new(enum l_cipher_type type,
+						const void *key,
+						size_t key_length)
+{
+	return l_cipher_new_aead(type, key, key_length, 0);
+}
+
 LIB_EXPORT void l_cipher_free(struct l_cipher *cipher)
 {
 	if (unlikely(!cipher))
@@ -179,21 +206,50 @@ LIB_EXPORT void l_cipher_free(struct l_cipher *cipher)
 	l_free(cipher);
 }
 
+static ssize_t build_iv(const void *nonce, uint8_t nonce_len, uint8_t *iv,
+			uint8_t iv_len)
+{
+	const size_t iv_overhead = 2;
+
+	if (nonce_len + iv_overhead > iv_len)
+		return -EINVAL;
+
+	iv[0] = iv_len - iv_overhead - nonce_len;
+	memcpy(iv + 1, nonce, nonce_len);
+
+	/* Assumes that remaining bytes in iv were already zeroed out */
+
+	return iv_len;
+}
+
 static ssize_t operate_cipher(int sk, __u32 operation,
-				const void *in, void *out, size_t len_in,
-				size_t len_out)
+				const void *in, size_t in_len,
+				const void *ad, size_t ad_len,
+				const void *nonce, size_t nonce_len,
+				void *out, size_t out_len,
+				size_t iv_len)
 {
-	char c_msg_buf[CMSG_SPACE(sizeof(operation))];
+	char *c_msg_buf;
+	size_t c_msg_size;
 	struct msghdr msg;
 	struct cmsghdr *c_msg;
-	struct iovec iov;
+	struct iovec iov[2];
 	ssize_t result;
 
-	memset(&c_msg_buf, 0, sizeof(c_msg_buf));
+	c_msg_size = CMSG_SPACE(sizeof(operation));
+	c_msg_size += ad_len ? CMSG_SPACE(sizeof(uint32_t)) : 0;
+	c_msg_size += (nonce && iv_len) ?
+		CMSG_SPACE(sizeof(struct af_alg_iv) + iv_len) : 0;
+
+	c_msg_buf = alloca(c_msg_size);
+
+	memset(c_msg_buf, 0, c_msg_size);
 	memset(&msg, 0, sizeof(msg));
 
+	msg.msg_iov = iov;
+
 	msg.msg_control = c_msg_buf;
-	msg.msg_controllen = sizeof(c_msg_buf);
+	msg.msg_controllen = c_msg_size;
 
 	c_msg = CMSG_FIRSTHDR(&msg);
 	c_msg->cmsg_level = SOL_ALG;
@@ -201,17 +257,75 @@ static ssize_t operate_cipher(int sk, __u32 operation,
 	c_msg->cmsg_len = CMSG_LEN(sizeof(operation));
 	memcpy(CMSG_DATA(c_msg), &operation, sizeof(operation));
 
-	iov.iov_base = (void *) in;
-	iov.iov_len = len_in;
+	if (ad_len) {
+		uint32_t *ad_data;
+
+		c_msg = CMSG_NXTHDR(&msg, c_msg);
+		c_msg->cmsg_level = SOL_ALG;
+		c_msg->cmsg_type = ALG_SET_AEAD_ASSOCLEN;
+		c_msg->cmsg_len = CMSG_LEN(sizeof(*ad_data));
+		ad_data = (void *) CMSG_DATA(c_msg);
+		*ad_data = ad_len;
+
+		iov[0].iov_base = (void *) ad;
+		iov[0].iov_len = ad_len;
+		iov[1].iov_base = (void *) in;
+		iov[1].iov_len = in_len;
+		msg.msg_iovlen = 2;
+	} else {
+		iov[0].iov_base = (void *) in;
+		iov[0].iov_len = in_len;
+		msg.msg_iovlen = 1;
+	}
+
+	if (nonce && iv_len) {
+		struct af_alg_iv *algiv;
 
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
+		c_msg = CMSG_NXTHDR(&msg, c_msg);
+		c_msg->cmsg_level = SOL_ALG;
+		c_msg->cmsg_type = ALG_SET_IV;
+		c_msg->cmsg_len = CMSG_LEN(sizeof(*algiv) + iv_len);
+
+		algiv = (void *)CMSG_DATA(c_msg);
+		algiv->ivlen = iv_len;
+		result = build_iv(nonce, nonce_len, &algiv->iv[0], iv_len);
+		if (result < 0)
+			return result;
+	}
 
 	result = sendmsg(sk, &msg, 0);
 	if (result < 0)
 		return -errno;
 
-	result = read(sk, out, len_out);
+	if (ad) {
+		/*
+		 * When AEAD additional data is passed to sendmsg() for
+		 * use in computing the tag, those bytes also appear at
+		 * the beginning of the encrypt or decrypt results.  Rather
+		 * than force the caller to pad their result buffer with
+		 * the correct number of bytes for the additional data,
+		 * the necessary space is allocated here and then the
+		 * duplicate AAD is discarded.
+		 */
+		iov[0].iov_base = l_malloc(ad_len);
+		iov[0].iov_len = ad_len;
+		iov[1].iov_base = (void *) out;
+		iov[1].iov_len = out_len;
+		msg.msg_iovlen = 2;
+
+		msg.msg_control = NULL;
+		msg.msg_controllen = 0;
+
+		result = recvmsg(sk, &msg, 0);
+
+		if (result > (ssize_t) ad_len)
+			result -= ad_len;
+
+		l_free(iov[0].iov_base);
+	} else {
+		result = read(sk, out, out_len);
+	}
+
 	if (result < 0)
 		return -errno;
 
@@ -227,8 +341,8 @@ LIB_EXPORT bool l_cipher_encrypt(struct l_cipher *cipher,
 	if (unlikely(!in) || unlikely(!out))
 		return false;
 
-	return operate_cipher(cipher->encrypt_sk, ALG_OP_ENCRYPT, in, out, len,
-				len) >= 0;
+	return operate_cipher(cipher->encrypt_sk, ALG_OP_ENCRYPT, in, len,
+				NULL, 0, NULL, 0, out, len, 0) >= 0;
 }
 
 LIB_EXPORT bool l_cipher_decrypt(struct l_cipher *cipher,
@@ -240,8 +354,8 @@ LIB_EXPORT bool l_cipher_decrypt(struct l_cipher *cipher,
 	if (unlikely(!in) || unlikely(!out))
 		return false;
 
-	return operate_cipher(cipher->decrypt_sk, ALG_OP_DECRYPT, in, out, len,
-				len) >= 0;
+	return operate_cipher(cipher->decrypt_sk, ALG_OP_DECRYPT, in, len,
+				NULL, 0, NULL, 0, out, len, 0) >= 0;
 }
 
 LIB_EXPORT bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
@@ -279,3 +393,47 @@ LIB_EXPORT bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
 
 	return true;
 }
+
+static size_t l_cipher_get_ivlen(struct l_cipher *cipher)
+{
+	switch (cipher->type) {
+	case L_CIPHER_AES_CCM:
+		return 16;
+	default:
+		return 0;
+	}
+}
+
+LIB_EXPORT bool l_cipher_encrypt_aead(struct l_cipher *cipher,
+				const void *in, size_t in_len,
+				const void *ad, size_t ad_len,
+				const void *nonce, size_t nonce_len,
+				void *out, size_t out_len)
+{
+	if (unlikely(!cipher))
+		return false;
+
+	if (unlikely(!in) || unlikely(!out))
+		return false;
+
+	return operate_cipher(cipher->encrypt_sk, ALG_OP_ENCRYPT, in, in_len,
+				ad, ad_len, nonce, nonce_len, out, out_len,
+				l_cipher_get_ivlen(cipher)) >= 0;
+}
+
+LIB_EXPORT bool l_cipher_decrypt_aead(struct l_cipher *cipher,
+				const void *in, size_t in_len,
+				const void *ad, size_t ad_len,
+				const void *nonce, size_t nonce_len,
+				void *out, size_t out_len)
+{
+	if (unlikely(!cipher))
+		return false;
+
+	if (unlikely(!in) || unlikely(!out))
+		return false;
+
+	return operate_cipher(cipher->decrypt_sk, ALG_OP_DECRYPT, in, in_len,
+				ad, ad_len, nonce, nonce_len, out, out_len,
+				l_cipher_get_ivlen(cipher)) >= 0;
+}
diff --git a/ell/cipher.h b/ell/cipher.h
index f9ff42f..3aaf05d 100644
--- a/ell/cipher.h
+++ b/ell/cipher.h
@@ -32,6 +32,7 @@ struct l_cipher;
 enum l_cipher_type {
 	L_CIPHER_AES = 0,
 	L_CIPHER_AES_CBC,
+	L_CIPHER_AES_CCM,
 	L_CIPHER_ARC4,
 	L_CIPHER_DES,
 	L_CIPHER_DES3_EDE_CBC,
@@ -39,14 +40,28 @@ enum l_cipher_type {
 
 struct l_cipher *l_cipher_new(enum l_cipher_type type,
 				const void *key, size_t key_length);
+struct l_cipher *l_cipher_new_aead(enum l_cipher_type type,
+					const void *key, size_t key_length,
+					size_t tag_length);
 
 void l_cipher_free(struct l_cipher *cipher);
 
 bool l_cipher_encrypt(struct l_cipher *cipher,
 			const void *in, void *out, size_t len);
 
+bool l_cipher_encrypt_aead(struct l_cipher *cipher,
+				const void *in, size_t in_len,
+				const void *ad, size_t ad_len,
+				const void *nonce, size_t nonce_len,
+				void *out, size_t out_len);
+
 bool l_cipher_decrypt(struct l_cipher *cipher,
 			const void *in, void *out, size_t len);
+bool l_cipher_decrypt_aead(struct l_cipher *cipher,
+				const void *in, size_t in_len,
+				const void *ad, size_t ad_len,
+				const void *nonce, size_t nonce_len,
+				void *out, size_t out_len);
 
 bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
 			size_t iv_length);
-- 
2.11.0

[PATCH 3/3] unit: Add AEAD cipher tests

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 3748 bytes --]

---
 unit/test-cipher.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/unit/test-cipher.c b/unit/test-cipher.c
index eaf97a0..17fa299 100644
--- a/unit/test-cipher.c
+++ b/unit/test-cipher.c
@@ -25,6 +25,7 @@
 #endif
 
 #include <assert.h>
+#include <alloca.h>
 
 #include <ell/ell.h>
 
@@ -122,6 +123,106 @@ static void test_arc4(const void *data)
 	l_cipher_free(cipher);
 }
 
+struct ccm_test_vector {
+	char *aad;
+	char *plaintext;
+	char *key;
+	char *nonce;
+	char *ciphertext;
+	char *tag;
+};
+
+static const struct ccm_test_vector ccm_long_nonce = {
+	.aad =
+	"333b6b8fda49c6e671bad05c7e2cafa88bd47f9b0aef1a358bc87d04f26f6c82",
+	.plaintext =
+	"1293201eb30ddd693b2eb23c1e6c20d5add2202afc71679ca2eba14f73b77bcd",
+	.key = "fa536cf6c309d45c1baaa658f674758d",
+	.nonce = "e0c5241bf0014ca88511d73a30",
+	.ciphertext =
+	"2e54ebaa38da9a2b03a1147495565c31d07e793b01fd28b2adeacac6f76ae84e",
+	.tag = "e0a03b982c5afc8a937373d7d2b0e7a3"
+};
+
+static const struct ccm_test_vector ccm_short_nonce = {
+	.plaintext =
+	"a3b3fdf26d213f83c5f656b00f77253b68959c188767d584914887602c787595",
+	.aad =
+	"fcc20524894b4603fefb8029eff485a513ce4753d0d3a27c3a2c69088fa7fab7",
+	.key = "7d84efac51291e868c7b7702181a3936",
+	.nonce = "1bb3e62620462a",
+	.ciphertext =
+	"3222192ee773cef4a87175b73b3875320f18b7e016d17d52fb01f0f6ca10bb5f",
+	.tag = "ee007aafe91135c39855ebf3db96d7ff"
+};
+
+static const struct ccm_test_vector ccm_no_aad = {
+	.plaintext =
+	"90795fffab99cffdeee5cadafe448ea4df74c480f9d7e1e481ee49adeee2732a",
+	.aad = "",
+	.key = "7b3da7d5ef41b5eef19cf8fb4ca19519",
+	.nonce = "96722de7516afb",
+	.ciphertext =
+	"9160dd0e0a8ddd13bf4acb0c6f3cf4794c5459d36a378cfb4a31e6b00840d78a",
+	.tag = "efd1dc938802cd845a16f32a60eabd0f"
+};
+
+static void test_aes_ccm(const void *data)
+{
+	struct l_cipher *cipher;
+	char *encbuf;
+	size_t encbuflen;
+	char *decbuf;
+	size_t decbuflen;
+	int r;
+	const struct ccm_test_vector *tv = data;
+
+	size_t ptlen;
+	uint8_t *pt = l_util_from_hexstring(tv->plaintext, &ptlen);
+	size_t aadlen;
+	uint8_t *aad = l_util_from_hexstring(tv->aad, &aadlen);
+	size_t keylen;
+	uint8_t *key = l_util_from_hexstring(tv->key, &keylen);
+	size_t noncelen;
+	uint8_t *nonce = l_util_from_hexstring(tv->nonce, &noncelen);
+	size_t ctlen;
+	uint8_t *ct = l_util_from_hexstring(tv->ciphertext, &ctlen);
+	size_t taglen;
+	uint8_t *tag = l_util_from_hexstring(tv->tag, &taglen);
+
+	encbuflen = ctlen + taglen;
+	encbuf = alloca(encbuflen);
+	memset(encbuf, 0, encbuflen);
+	decbuflen = ptlen;
+	decbuf = alloca(decbuflen);
+	memset(decbuf, 0, decbuflen);
+
+	cipher = l_cipher_new_aead(L_CIPHER_AES_CCM, key, keylen, taglen);
+	assert(cipher);
+
+	l_cipher_encrypt_aead(cipher, pt, ptlen, aad, aadlen,
+				nonce, noncelen, encbuf, encbuflen);
+
+	r = memcmp(encbuf, ct, ctlen);
+	assert(!r);
+	r = memcmp(encbuf + ctlen, tag, taglen);
+	assert(!r);
+
+	l_cipher_decrypt_aead(cipher, encbuf, encbuflen, aad, aadlen, nonce,
+				noncelen, decbuf, decbuflen);
+
+	r = memcmp(decbuf, pt, ptlen);
+	assert(!r);
+
+	l_cipher_free(cipher);
+	l_free(pt);
+	l_free(key);
+	l_free(aad);
+	l_free(nonce);
+	l_free(ct);
+	l_free(tag);
+}
+
 int main(int argc, char *argv[])
 {
 	l_test_init(&argc, &argv);
@@ -132,5 +233,9 @@ int main(int argc, char *argv[])
 
 	l_test_add("arc4", test_arc4, NULL);
 
+	l_test_add("aes_ccm long nonce", test_aes_ccm, &ccm_long_nonce);
+	l_test_add("aes_ccm short nonce", test_aes_ccm, &ccm_short_nonce);
+	l_test_add("aes_ccm no AAD", test_aes_ccm, &ccm_no_aad);
+
 	return l_test_run();
 }
-- 
2.11.0

Re: [PATCH 1/3] cipher: Remove more public key vestiges from cipher internals

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 208 bytes --]

Hi Mat,

On 12/20/2016 07:40 PM, Mat Martineau wrote:
> ---
>  ell/cipher.c | 23 ++++-------------------
>  1 file changed, 4 insertions(+), 19 deletions(-)
>

Applied, thanks.

Regards,
-Denis

Re: [PATCH 2/3] cipher: Add AEAD API with AES-CCM

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 1707 bytes --]

Hi Mat,

<snip>

> diff --git a/ell/cipher.h b/ell/cipher.h
> index f9ff42f..3aaf05d 100644
> --- a/ell/cipher.h
> +++ b/ell/cipher.h
> @@ -32,6 +32,7 @@ struct l_cipher;
>  enum l_cipher_type {
>  	L_CIPHER_AES = 0,
>  	L_CIPHER_AES_CBC,
> +	L_CIPHER_AES_CCM,
>  	L_CIPHER_ARC4,
>  	L_CIPHER_DES,
>  	L_CIPHER_DES3_EDE_CBC,
> @@ -39,14 +40,28 @@ enum l_cipher_type {
>
>  struct l_cipher *l_cipher_new(enum l_cipher_type type,
>  				const void *key, size_t key_length);
> +struct l_cipher *l_cipher_new_aead(enum l_cipher_type type,
> +					const void *key, size_t key_length,
> +					size_t tag_length);

I wonder if we should make this a whole new type, similar to how we did 
the asymmetric ciphers before keys took that over?

>
>  void l_cipher_free(struct l_cipher *cipher);
>
>  bool l_cipher_encrypt(struct l_cipher *cipher,
>  			const void *in, void *out, size_t len);
>
> +bool l_cipher_encrypt_aead(struct l_cipher *cipher,
> +				const void *in, size_t in_len,
> +				const void *ad, size_t ad_len,
> +				const void *nonce, size_t nonce_len,
> +				void *out, size_t out_len);

Otherwise we get into a situation that encrypt_aead can be called on a 
regular cipher or encrypt gets called on an aead cipher...

> +
>  bool l_cipher_decrypt(struct l_cipher *cipher,
>  			const void *in, void *out, size_t len);
> +bool l_cipher_decrypt_aead(struct l_cipher *cipher,
> +				const void *in, size_t in_len,
> +				const void *ad, size_t ad_len,
> +				const void *nonce, size_t nonce_len,
> +				void *out, size_t out_len);
>
>  bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
>  			size_t iv_length);
>

Regards,
-Denis

Re: [PATCH 2/3] cipher: Add AEAD API with AES-CCM

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 1867 bytes --]

On Wed, 21 Dec 2016, Denis Kenzior wrote:

> Hi Mat,
>
> <snip>
>
>> diff --git a/ell/cipher.h b/ell/cipher.h
>> index f9ff42f..3aaf05d 100644
>> --- a/ell/cipher.h
>> +++ b/ell/cipher.h
>> @@ -32,6 +32,7 @@ struct l_cipher;
>>  enum l_cipher_type {
>>  	L_CIPHER_AES = 0,
>>  	L_CIPHER_AES_CBC,
>> +	L_CIPHER_AES_CCM,
>>  	L_CIPHER_ARC4,
>>  	L_CIPHER_DES,
>>  	L_CIPHER_DES3_EDE_CBC,
>> @@ -39,14 +40,28 @@ enum l_cipher_type {
>>
>>  struct l_cipher *l_cipher_new(enum l_cipher_type type,
>>  				const void *key, size_t key_length);
>> +struct l_cipher *l_cipher_new_aead(enum l_cipher_type type,
>> +					const void *key, size_t key_length,
>> +					size_t tag_length);
>
> I wonder if we should make this a whole new type, similar to how we did the 
> asymmetric ciphers before keys took that over?

Sure, I can change that.

>
>>
>>  void l_cipher_free(struct l_cipher *cipher);
>>
>>  bool l_cipher_encrypt(struct l_cipher *cipher,
>>  			const void *in, void *out, size_t len);
>> 
>> +bool l_cipher_encrypt_aead(struct l_cipher *cipher,
>> +				const void *in, size_t in_len,
>> +				const void *ad, size_t ad_len,
>> +				const void *nonce, size_t nonce_len,
>> +				void *out, size_t out_len);
>
> Otherwise we get into a situation that encrypt_aead can be called on a 
> regular cipher or encrypt gets called on an aead cipher...
>
>> +
>>  bool l_cipher_decrypt(struct l_cipher *cipher,
>>  			const void *in, void *out, size_t len);
>> +bool l_cipher_decrypt_aead(struct l_cipher *cipher,
>> +				const void *in, size_t in_len,
>> +				const void *ad, size_t ad_len,
>> +				const void *nonce, size_t nonce_len,
>> +				void *out, size_t out_len);
>>
>>  bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
>>  			size_t iv_length);
>>

Regards,

--
Mat Martineau
Intel OTC