X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BoarSSL;a=blobdiff_plain;f=Crypto%2FIBlockCipher.cs;h=0a9f4690f3da9bf4317a8446c3e6075c27fa6649;hp=6a51b99283c89bdf12359b0dbfb67971dd6ba9f9;hb=HEAD;hpb=c16004e3afb8aa2524aeec88aa7c9c67400e93c1

diff --git a/Crypto/IBlockCipher.cs b/Crypto/IBlockCipher.cs
index 6a51b99..0a9f469 100644
--- a/Crypto/IBlockCipher.cs
+++ b/Crypto/IBlockCipher.cs
@@ -138,6 +138,60 @@ public interface IBlockCipher {
 	 */
 	uint CTRRun(byte[] iv, uint cc, byte[] data, int off, int len);
 
+	/*
+	 * Do combined CTR encryption/decryption and CBC-MAC. The CTR
+	 * mode uses full-block increments (counter value is the
+	 * big-endian interpretation of the complete block); the ctr[]
+	 * array contains the initial value for the counter (used to
+	 * encrypt or decrypt the full block) and it is updated by
+	 * this method as blocks are processed.
+	 *
+	 * The cbcmac[] array has full block width and contains the
+	 * running value for CBC-MAC, computed over the _encrypted_ data.
+	 *
+	 * The flag 'encrypt' is true when encrypting, false when
+	 * decrypting. Note that CTR encryption and decryption are
+	 * identical; thus, the only effect of this flag is to decide
+	 * whether CBC-MAC should be applied on the blocks before or
+	 * after CTR encryption/decryption.
+	 *
+	 * The data is provided in the data[] buffer, and is
+	 * encrypted/decrypted in place. Its length MUST be a multiple
+	 * of the block size.
+	 */
+	void CTRCBCRun(byte[] ctr, byte[] cbcmac, bool encrypt, byte[] data);
+
+	/*
+	 * Do combined CTR encryption/decryption and CBC-MAC. The CTR
+	 * mode uses full-block increments (counter value is the
+	 * big-endian interpretation of the complete block); the ctr[]
+	 * array contains the initial value for the counter (used to
+	 * encrypt or decrypt the full block) and it is updated by
+	 * this method as blocks are processed.
+	 *
+	 * The cbcmac[] array has full block width and contains the
+	 * running value for CBC-MAC, computed over the _encrypted_ data.
+	 *
+	 * The flag 'encrypt' is true when encrypting, false when
+	 * decrypting. Note that CTR encryption and decryption are
+	 * identical; thus, the only effect of this flag is to decide
+	 * whether CBC-MAC should be applied on the blocks before or
+	 * after CTR encryption/decryption.
+	 *
+	 * The data is provided in the data[] buffer, and is
+	 * encrypted/decrypted in place. Its length MUST be a multiple
+	 * of the block size.
+	 */
+	void CTRCBCRun(byte[] ctr, byte[] cbcmac, bool encrypt,
+		byte[] data, int off, int len);
+
+	/*
+	 * Perform CBC-MAC: the cbcmac[] block is updated with the
+	 * CBC-MAC of the data. Data length must be a multiple of the
+	 * block size.
+	 */
+	void CBCMac(byte[] cbcmac, byte[] data, int off, int len);
+
 	/*
 	 * Duplicate this engine. This creates a new, independent
 	 * instance that implements the same function, and starts with