21#define HASH_MD5_LENGTH 16
22#define HASH_SHA1_LENGTH 20
23#define HASH_SHA2_224_LENGTH 28
24#define HASH_SHA2_256_LENGTH 32
25#define HASH_SHA2_384_LENGTH 48
26#define HASH_SHA2_512_LENGTH 64
27#define AEAD_AES_128_GCM_KEY_LENGTH 16
28#define AEAD_AES_256_GCM_KEY_LENGTH 32
29#define AEAD_CHACHA20POLY1305_KEY_LENGTH 32
30#define AEAD_MAX_KEY_LENGTH 32
31#define HPKE_AEAD_NONCE_LENGTH 12
32#define HPKE_AEAD_AUTH_TAG_LENGTH 16
33#define HPKE_HKDF_SHA256 1
34#define HPKE_HKDF_SHA384 2
35#define HPKE_HKDF_SHA512 3
36#define HPKE_AEAD_AES_128_GCM 1
37#define HPKE_AEAD_AES_256_GCM 2
38#define HPKE_AEAD_CHACHA20POLY1305 3
39#define HPKE_SUIT_ID_LEN 10
40#define HPKE_SUIT_PREFIX "HPKE"
41#define HPKE_VERSION_ID "HPKE-v1"
42#define HPKE_MAX_KDF_LEN HASH_SHA2_512_LENGTH
43#define HPKE_MODE_BASE 0
44#define HPKE_MODE_PSK 1
45#define HPKE_MODE_AUTH 2
46#define HPKE_MODE_AUTH_PSK 3
66 const void *
buffer,
size_t length,
67 const void *key,
size_t keylen);
87 const void *
buffer,
size_t length,
88 const void *key,
size_t keylen);
103WS_DLL_PUBLIC gcry_error_t
crypt_des_ecb(uint8_t *output,
const uint8_t *
buffer,
const uint8_t *key56);
122 gcry_sexp_t pk,
bool pkcs1_padding,
char **err);
142WS_DLL_PUBLIC
size_t rsa_decrypt(
const unsigned len,
const unsigned char* data,
144 gcry_sexp_t pk,
const char* flags,
char **err);
161WS_DLL_PUBLIC gcry_error_t
162hkdf_expand(
int hashalgo,
const uint8_t *prk,
unsigned prk_len,
const uint8_t *
info,
unsigned info_len,
163 uint8_t *out,
unsigned out_len);
182static inline gcry_error_t
183hkdf_extract(
int hashalgo,
const uint8_t *salt,
size_t salt_len,
const uint8_t *ikm,
size_t ikm_len, uint8_t *prk)
186 return ws_hmac_buffer(hashalgo, prk, ikm, ikm_len, salt, salt_len);
200WS_DLL_PUBLIC uint16_t
214WS_DLL_PUBLIC uint16_t
227WS_DLL_PUBLIC uint16_t
242WS_DLL_PUBLIC uint16_t
259hpke_suite_id(uint16_t kem_id, uint16_t kdf_id, uint16_t aead_id, uint8_t *suite_id);
281WS_DLL_PUBLIC gcry_error_t
283 const uint8_t *salt,
unsigned salt_len,
284 const uint8_t *suite_id,
285 const uint8_t *ikm,
unsigned ikm_len,
286 uint8_t mode, uint8_t *key, uint8_t *base_nonce);
300WS_DLL_PUBLIC gcry_error_t
301hpke_setup_aead(gcry_cipher_hd_t* cipher, uint16_t aead_id, uint8_t *key);
316WS_DLL_PUBLIC gcry_error_t
318 uint8_t *base_nonce,
size_t nonce_len);
Definition mcast_stream.h:30
Definition file-pcapng.h:57
WS_DLL_PUBLIC gcry_error_t hpke_set_nonce(gcry_cipher_hd_t cipher, uint64_t seq, uint8_t *base_nonce, size_t nonce_len)
Set the nonce for an AEAD cipher using sequence number and base nonce.
Definition wsgcrypt.c:427
WS_DLL_PUBLIC gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
Compute CMAC over a buffer using the specified algorithm.
Definition wsgcrypt.c:33
WS_DLL_PUBLIC uint16_t hpke_aead_key_len(uint16_t aead_id)
Return the key length for a given AEAD algorithm identifier.
Definition wsgcrypt.c:291
WS_DLL_PUBLIC gcry_error_t hkdf_expand(int hashalgo, const uint8_t *prk, unsigned prk_len, const uint8_t *info, unsigned info_len, uint8_t *out, unsigned out_len)
Perform HKDF-Expand as defined in RFC 5869.
Definition wsgcrypt.c:197
WS_DLL_PUBLIC uint16_t hpke_aead_nonce_len(uint16_t aead_id)
Return the nonce length for a given AEAD algorithm identifier.
Definition wsgcrypt.c:306
WS_DLL_PUBLIC gcry_error_t hpke_setup_aead(gcry_cipher_hd_t *cipher, uint16_t aead_id, uint8_t *key)
Initialize AEAD cipher context for HPKE.
Definition wsgcrypt.c:405
WS_DLL_PUBLIC gcry_error_t crypt_des_ecb(uint8_t *output, const uint8_t *buffer, const uint8_t *key56)
Encrypt 8 bytes using DES in ECB mode.
Definition wsgcrypt.c:52
WS_DLL_PUBLIC size_t rsa_decrypt_inplace(const unsigned len, unsigned char *data, gcry_sexp_t pk, bool pkcs1_padding, char **err)
Perform RSA decryption in-place.
Definition wsgcrypt.c:82
WS_DLL_PUBLIC gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
Compute HMAC over a buffer using the specified algorithm.
Definition wsgcrypt.c:15
WS_DLL_PUBLIC gcry_error_t hpke_key_schedule(uint16_t kdf_id, uint16_t aead_id, const uint8_t *salt, unsigned salt_len, const uint8_t *suite_id, const uint8_t *ikm, unsigned ikm_len, uint8_t mode, uint8_t *key, uint8_t *base_nonce)
Derive HPKE key and base nonce using the key schedule.
Definition wsgcrypt.c:377
WS_DLL_PUBLIC size_t rsa_decrypt(const unsigned len, const unsigned char *data, uint8_t **plain, gcry_sexp_t pk, const char *flags, char **err)
Perform RSA decryption and allocate a buffer for the resulta.
Definition wsgcrypt.c:141
WS_DLL_PUBLIC uint16_t hpke_hkdf_len(uint16_t kdf_id)
Return the output length of the HKDF for a given KDF identifier.
Definition wsgcrypt.c:276
WS_DLL_PUBLIC void hpke_suite_id(uint16_t kem_id, uint16_t kdf_id, uint16_t aead_id, uint8_t *suite_id)
Construct the HPKE suite identifier.
Definition wsgcrypt.c:332
WS_DLL_PUBLIC uint16_t hpke_aead_auth_tag_len(uint16_t aead_id)
Return the authentication tag length for a given AEAD algorithm identifier.
Definition wsgcrypt.c:319
1.9.8