/**
* \brief Encrypts a block of data with this SymmetricState object
* and adds the ciphertext to the handshake hash.
*
* \param state The SymmetricState object.
* \param buffer The buffer containing the plaintext on entry and the
* ciphertext plus MAC on exit.
*
* \return NOISE_ERROR_NONE on success.
* \return NOISE_ERROR_INVALID_PARAM if \a state or \a buffer is NULL.
* \return NOISE_ERROR_INVALID_NONCE if the nonce previously overflowed
* \return NOISE_ERROR_INVALID_LENGTH if the ciphertext plus MAC is
* too large to fit within the maximum size of \a buffer and to also
* remain within 65535 bytes.
*
* The plaintext is encrypted in-place with the ciphertext also written
* to \a buffer. There must be enough room on the end of \a buffer
* to hold the extra MAC value that will be appended. In other words,
* it is assumed that the plaintext is in an output buffer ready to be
* transmitted once the data has been encrypted and the final packet
* length has been determined.
*
* The noise_symmetricstate_get_mac_length() function can be used to
* determine the size of the MAC value that will be added, which may
* be zero if the encryption key has not been set up yet.
*
* \sa noise_symmetricstate_decrypt_and_hash(),
* noise_symmetricstate_get_mac_length()
*/
int noise_symmetricstate_encrypt_and_hash
(NoiseSymmetricState *state, NoiseBuffer *buffer)
{
size_t hash_len;
int err;
/* Validate the parameters */
if (!state || !buffer || !(buffer->data))
return NOISE_ERROR_INVALID_PARAM;
/* If the state has been split, then we cannot do this */
if (!state->cipher)
return NOISE_ERROR_INVALID_STATE;
/* Encrypt the plaintext using the underlying cipher */
hash_len = noise_hashstate_get_hash_length(state->hash);
err = noise_cipherstate_encrypt_with_ad
(state->cipher, state->h, hash_len, buffer);
if (err != NOISE_ERROR_NONE)
return err;
/* Feed the ciphertext into the handshake hash */
noise_symmetricstate_mix_hash(state, buffer->data, buffer->size);
return NOISE_ERROR_NONE;
}
/* Measure the performance of an AEAD primitive */
static void perf_cipher(int id)
{
static uint8_t const key[32] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20
};
static uint8_t const ad[32] = {
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x20,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40
};
NoiseCipherState *cipher;
uint8_t data[BLOCK_SIZE + 16];
timestamp_t start, end;
int count;
double elapsed;
NoiseBuffer mbuf;
if (noise_cipherstate_new_by_id(&cipher, id) != NOISE_ERROR_NONE)
return;
memset(data, 0xAA, sizeof(data));
noise_cipherstate_init_key(cipher, key, sizeof(key));
start = current_timestamp();
for (count = 0; count < (MB_COUNT * BLOCKS_PER_MB); ++count) {
noise_buffer_set_inout(mbuf, data, sizeof(data) - 16, sizeof(data));
noise_cipherstate_encrypt_with_ad(cipher, ad, sizeof(ad), &mbuf);
}
end = current_timestamp();
elapsed = elapsed_to_seconds(start, end) / (double)MB_COUNT;
printf("%-20s%8.2f %8.2f\n",
noise_id_to_name(NOISE_CIPHER_CATEGORY, id),
1.0 / elapsed, units / elapsed);
noise_cipherstate_free(cipher);
}
/**
* \brief Encrypts a block of data with this CipherState object.
*
* \param state The CipherState object.
* \param buffer The buffer containing the plaintext on entry and the
* ciphertext plus MAC on exit.
*
* \return NOISE_ERROR_NONE on success.
* \return NOISE_ERROR_INVALID_PARAM if \a state or \a buffer is NULL.
* \return NOISE_ERROR_INVALID_NONCE if the nonce previously overflowed.
* \return NOISE_ERROR_INVALID_LENGTH if the ciphertext plus MAC is
* too large to fit within the maximum size of \a buffer and to also
* remain within 65535 bytes.
*
* This is a convenience function which encrypts the contents of a buffer
* without any associated data. It is otherwise identical to
* noise_cipherstate_encrypt_with_ad().
*
* The plaintext is encrypted in-place with the ciphertext also written
* to \a buffer. There must be enough room on the end of \a buffer to hold
* the extra MAC value that will be appended. In other words, it is
* assumed that the plaintext is in an output buffer ready to be
* transmitted once the data has been encrypted and the final packet
* length has been determined.
*
* The following example demonstrates how to initialize a buffer for
* use with this function. The <tt>message</tt> is a byte array containing
* <tt>plaintext_size</tt> bytes of plaintext on entry. On exit,
* <tt>buffer.size</tt> will contain the number of bytes of ciphertext
* plus MAC to be transmitted:
*
* \code
* NoiseBuffer buffer;
* noise_buffer_set_inout(buffer, message, plaintext_size, sizeof(message));
* noise_cipherstate_encrypt(state, &buffer);
* // Transmit the buffer.size bytes starting at buffer.data
* \endcode
*
* \sa noise_cipherstate_encrypt_with_ad()
*/
int noise_cipherstate_encrypt(NoiseCipherState *state, NoiseBuffer *buffer)
{
return noise_cipherstate_encrypt_with_ad(state, NULL, 0, buffer);
}
