Offset Codebook (OCB3) AEAD mode as specified in RFC 7253. More...
Detailed Description
Offset Codebook (OCB3) AEAD mode as specified in RFC 7253.
NOTE: The OCB algorithm is covered by patents in the USA owned by Phillip Rogaway. A free licence is granted for any open-source or non-military project. Check http://web.cs.ucdavis.edu/~rogaway/ocb/grant.htm for details.
Definition in file ocb.h.
Include dependency graph for ocb.h:Go to the source code of this file.
Functions | |
| int32_t | cipher_encrypt_ocb (const cipher_t *cipher, const uint8_t *auth_data, size_t auth_data_len, uint8_t tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *input, size_t input_len, uint8_t *output) |
| Encrypt and authenticate data of arbitrary length in OCB mode. More... | |
| int32_t | cipher_decrypt_ocb (const cipher_t *cipher, const uint8_t *auth_data, size_t auth_data_len, uint8_t tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *input, size_t input_len, uint8_t *output) |
| Decrypt and verify the authentication of OCB encrypted data. More... | |
OCB error codes | |
| #define | OCB_ERR_INVALID_NONCE_LENGTH (-2) |
| Returned if a nonce of bad length (empty or more than 15 bytes) was used. | |
| #define | OCB_ERR_INVALID_BLOCK_LENGTH (-3) |
| OCB only works with ciphers with a block size of 128 bit. | |
| #define | OCB_ERR_INVALID_DATA_LENGTH (-3) |
| Returned if the amount of input data cannot be handled by this implementation. | |
| #define | OCB_ERR_INVALID_TAG_LENGTH (-4) |
| Returned if a tag of bad length was requested (empty or more than 16 bytes) | |
| #define | OCB_ERR_INVALID_TAG (-5) |
| Returned if the authentication failed during decryption. | |
Function Documentation
◆ cipher_decrypt_ocb()
| int32_t cipher_decrypt_ocb | ( | const cipher_t * | cipher, |
| const uint8_t * | auth_data, | ||
| size_t | auth_data_len, | ||
| uint8_t | tag_len, | ||
| const uint8_t * | nonce, | ||
| size_t | nonce_len, | ||
| const uint8_t * | input, | ||
| size_t | input_len, | ||
| uint8_t * | output | ||
| ) |
Decrypt and verify the authentication of OCB encrypted data.
- Parameters
-
cipher Already initialized cipher struct auth_data Additional data to authenticate in MAC auth_data_len Length of additional data tag_len Length of the appended tag (at least 1, at most 16 bytes) nonce Nonce for the encryption (must be unique) nonce_len Length of the nonce in bytes (at most 15) input pointer to the ciphertext with the tag appended input_len length of the input data. input_len - tag_len must be smaller than INT32_MAX (2^31-1) output pointer to allocated memory for the plaintext data. It has to be of size input_len - tag_len. Will contain only zeroes, if the authentication fails.
- Returns
- Length of the plaintext data or a (negative) error code
◆ cipher_encrypt_ocb()
| int32_t cipher_encrypt_ocb | ( | const cipher_t * | cipher, |
| const uint8_t * | auth_data, | ||
| size_t | auth_data_len, | ||
| uint8_t | tag_len, | ||
| const uint8_t * | nonce, | ||
| size_t | nonce_len, | ||
| const uint8_t * | input, | ||
| size_t | input_len, | ||
| uint8_t * | output | ||
| ) |
Encrypt and authenticate data of arbitrary length in OCB mode.
- Parameters
-
cipher Already initialized cipher struct auth_data Additional data to authenticate in MAC auth_data_len Length of additional data tag_len Length of the appended tag (at least 1, at most 16 bytes) nonce Nonce for the encryption (must be unique) nonce_len Length of the nonce in bytes (at most 15) input pointer to input data to encrypt input_len length of the input data. input_len + tag_len must be smaller than INT32_MAX (2^31-1) output pointer to allocated memory for encrypted data. The tag will be appended to the ciphertext. It has to be of size data_len + tag_len.
- Returns
- Length of the encrypted data (including the tag) or a (negative) error code
