Authenticated encryption functions. More...

Static Public Member Functions
static crsysapi::bvec_t	DecryptWithTag (const bvec_t &data, const bvec_t &key, const bvec_t &iv, const bvec_t &aad, Alg alg, Opts opts=Opts::Default)
	Decrypt data using specified AEAD algorithm in one-off operation with AAD and options. More...

static crsysapi::bvec_t	EncryptWithTag (const bvec_t &data, const bvec_t &key, const bvec_t &iv, const bvec_t &aad, Alg alg, Opts opts=Opts::Default)
	Encrypt data using specified AEAD algorithm in one-off operation with AAD and options. More...

Detailed Description

Authenticated encryption functions.

Member Enumeration Documentation

strong

AEAD algorithm.

Enumerator
Aes_128_Gcm	AEAD_AES_128_GCM authenticated encryption algorithm (RFC 5116)
Aes_256_Gcm	AEAD_AES_256_GCM authenticated encryption algorithm (RFC 5116)
Chacha20_Poly1305	AEAD_CHACHA20_POLY1305 authenticated encryption algorithm (RFC 7539)
Ascon_128	ASCON-128 authenticated encryption ([En/De]cryptWithTag only)
Ascon_128A	ASCON-128A authenticated encryption ([En/De]cryptWithTag only)

Advanced options.

Enumerator
Default	Default options
PrefixIV	Prefix (prepend) the IV (nonce) before the ciphertext in the output.

static crsysapi::bvec_t crsysapi::Aead::DecryptWithTag	(	const bvec_t &	data,
		const bvec_t &	key,
		const bvec_t &	iv,
		const bvec_t &	aad,
		Alg	alg,
		Opts	opts = `Opts::Default`
	)

static

Decrypt data using specified AEAD algorithm in one-off operation with AAD and options.

The authentication tag is expected appended to the input.

Parameters

data	Input data to be encrypted
key	Key of exact length for algorithm (16 or 32 bytes)
iv	(optional) Initialization Vector (IV) (aka nonce) 16 bytes for ASCON else 12 bytes. Set as an empty vector `bvec_t()` if already prefixed to input.
aad	Additional authenticated data (optional) - set as an empty vector `bvec_t()` to ignore.
alg	Authenticated encryption algorithm.
opts	Advanced options. Use `Opts::PrefixIV` to expect the IV to be prepended to the input.

Exceptions

std::runtime_error Exception with error code.

Remarks: The input must include the 16-byte tag appended to the ciphertext and may include a 12/16-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or 28/32 bytes shorter if the Opts::PrefixIV option is used. In all cases the tag must be 16 bytes (128 bits). The IV must be 16 bytes (128 bits) for ASCON-128 otherwise exactly 12 bytes (96 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.

static crsysapi::bvec_t crsysapi::Aead::EncryptWithTag	(	const bvec_t &	data,
		const bvec_t &	key,
		const bvec_t &	iv,
		const bvec_t &	aad,
		Alg	alg,
		Opts	opts = `Opts::Default`
	)

static

Encrypt data using specified AEAD algorithm in one-off operation with AAD and options.

The authentication tag is appended to the output.

Parameters

data	Input data to be encrypted
key	Key of exact length for algorithm (16 or 32 bytes)
iv	Initialization Vector (IV) (aka nonce) 16 bytes for ASCON else 12 bytes (required).
aad	Additional authenticated data (optional) - set as an empty vector `bvec_t()` to ignore.
alg	Authenticated encryption algorithm.
opts	Advanced options. Use `Opts::PrefixIV` to prepend the IV to the output.

Returns: Ciphertext with tag appended in byte array, or empty array on error.

Exceptions

std::runtime_error Exception with error code.

Remarks: The output will either be exactly 16 bytes longer than the input, or 28/32 bytes longer if Opts::PrefixIV is used.