/* Data format is iv | enc(4 byte len | ptxt | 0 padding) | tag
*/
- int dipe_aes_encrypt(uint8_t* key, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
+ int dipe_aes_encrypt(uint8_t* key, uint8_t* iv, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
struct gcm_aes128_ctx ctx;
- uint8_t iv[12];
uint8_t block[16];
uint32_t coded_ptxtlen;
- ctxt_len -= (12 + 16); /* IV + Tag */
- if (ctxt_len < ptxt_len) return -1;
+ ctxt_len -= 16; /* Tag */
+ if (ctxt_len < ptxt_len + 4) return 0;
- getrandom(iv, 12, 0);
- memcpy(ctxt, iv, 12);
- ctxt += 12;
memset(block, 0, 16);
gcm_aes128_set_key(&ctx, key);
gcm_aes128_set_iv(&ctx, 12, iv);
return 0;
}
- int dipe_aes_decrypt(uint8_t* key, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
+ int dipe_aes_decrypt(uint8_t* key, uint8_t* iv, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
struct gcm_aes128_ctx ctx;
uint8_t block[16];
gcm_aes128_set_key(&ctx, key);
- gcm_aes128_set_iv(&ctx, 12, ctxt);
- ctxt += 12; len -= 12;
+ gcm_aes128_set_iv(&ctx, 12, iv);
len -= 16; /* GCM tag */
cap_len = dipe_serialize_ctxt(param, cap, (uint8_t*)ctxt);
ctxt += cap_len; ctxt_len -= cap_len;
- dipe_aes_encrypt(aes, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
+ dipe_aes_encrypt(aes, aes+16, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
dipe_free_ctxt(cap);
element_clear(key);
dipe_free_ctxt(cap);
element_clear(key);
- return dipe_aes_decrypt(aes, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
+ return dipe_aes_decrypt(aes, aes+16, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
}
/* Note: we're generating random-looking bytes here. Therefore we
}
size_t dipe_ciphertext_overhead(dipe_param_t param, size_t dimension) {
- size_t overhead = 12 + 16 + 4 /* IV + Tag + Size */;
+ size_t overhead = 16 + 4 /* IV + Tag + Size */;
element_t t;
element_init_G1(t, param->pairing);