monocypher: add crypto_lock/4 and crypto_unlock/4

3 files changed, 129 insertions, 6 deletions

diff --git a/README.md b/README.md
index 5781b1c..54ad9b6 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,13 @@ Contributions to bind more functions are very welcome.
 
 See also the [Monocypher documentation](https://monocypher.org/manual/).
 
+#### Authenticated Encryption
+
+- [X] `crypto_lock`
+- [X] `crypto_unlock`
+- [ ] `crypto_lock_aead`
+- [ ] `crypto_unlock_aead`
+
 #### Hashing
 
 - [X] `crypto_blake2b`
diff --git a/c_src/monocypher_nif.c b/c_src/monocypher_nif.c
index 1dd7816..209dd66 100644
--- a/c_src/monocypher_nif.c
+++ b/c_src/monocypher_nif.c
@@ -5,6 +5,106 @@
 #include <erl_nif.h>
 #include "monocypher.h"
 
+/* Authenticated Encryption */
+
+static ERL_NIF_TERM crypto_lock_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+
+    ErlNifBinary mac;
+    if(!enif_inspect_binary(env, argv[0], &mac)) {
+        return enif_make_badarg(env);
+    }
+
+    // mac size must be exactly 16 bytes.
+    if(mac.size != 16) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary key;
+    if(!enif_inspect_binary(env, argv[1], &key)) {
+        return enif_make_badarg(env);
+    }
+
+    // key size must be exactly 32 bytes.
+    if(key.size != 32) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary nonce;
+    if(!enif_inspect_binary(env, argv[2], &nonce)) {
+        return enif_make_badarg(env);
+    }
+
+    // nonce size must be exactly 24 bytes.
+    if(nonce.size != 24) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary plain_text;
+    if(!enif_inspect_binary(env, argv[3], &plain_text)) {
+        return enif_make_badarg(env);
+    }
+
+    // create a new binary for the cipher_text
+    ERL_NIF_TERM cipher_text_term;
+    unsigned char* cipher_text = enif_make_new_binary(env, plain_text.size, &cipher_text_term);
+
+    crypto_lock(mac.data, cipher_text, key.data, nonce.data, plain_text.data, plain_text.size);
+
+    return cipher_text_term;
+}
+
+static ERL_NIF_TERM crypto_unlock_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{
+
+    ErlNifBinary key;
+    if(!enif_inspect_binary(env, argv[0], &key)) {
+        return enif_make_badarg(env);
+    }
+
+    // key size must be exactly 32 bytes.
+    if(key.size != 32) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary nonce;
+    if(!enif_inspect_binary(env, argv[1], &nonce)) {
+        return enif_make_badarg(env);
+    }
+
+    // nonce size must be exactly 24 bytes.
+    if(nonce.size != 24) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary mac;
+    if(!enif_inspect_binary(env, argv[2], &mac)) {
+        return enif_make_badarg(env);
+    }
+
+    // mac size must be exactly 16 bytes.
+    if(mac.size != 16) {
+        return enif_make_badarg(env);
+    }
+
+    ErlNifBinary cipher_text;
+    if(!enif_inspect_binary(env, argv[3], &cipher_text)) {
+        return enif_make_badarg(env);
+    }
+
+    // create a new binary for the plain_text
+    ERL_NIF_TERM plain_text_term;
+    unsigned char* plain_text = enif_make_new_binary(env, cipher_text.size, &plain_text_term);
+    
+    int unlock_return_value = crypto_unlock(plain_text, key.data, nonce.data, mac.data, cipher_text.data, cipher_text.size);
+
+    if (unlock_return_value == 0) {
+        return enif_make_tuple2(env, enif_make_atom_len(env, "ok", 2), plain_text_term);
+    } else {
+        return enif_make_tuple2(env, enif_make_atom_len(env, "error", 5), enif_make_int(env, unlock_return_value));
+    }
+}
+
 /* Hashing */
 
 static ERL_NIF_TERM crypto_blake2b_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
@@ -139,12 +239,12 @@ static ERL_NIF_TERM crypto_ietf_chacha20_ctr_nif(ErlNifEnv* env, int argc, const
 
 static ErlNifFunc nif_funs[] =
 {
+    {"crypto_lock", 4, crypto_lock_nif},
+    {"crypto_unlock", 4, crypto_unlock_nif},
     {"crypto_blake2b", 1, crypto_blake2b_nif},
     {"crypto_blake2b_general", 3, crypto_blake2b_general_nif},
     {"crypto_ietf_chacha20", 3, crypto_ietf_chacha20_nif},
     {"crypto_ietf_chacha20_ctr", 4, crypto_ietf_chacha20_ctr_nif}
-    /* {"crypto_lock", 6, crypto_lock_nif}, */
-    /* {"crypto_unlock", 6, crypto_unlock_nif} */
 };
 
 ERL_NIF_INIT(monocypher, nif_funs, NULL, NULL, NULL, NULL);
diff --git a/src/monocypher.erl b/src/monocypher.erl
index 4c359bb..acdf488 100644
--- a/src/monocypher.erl
+++ b/src/monocypher.erl
@@ -3,15 +3,29 @@
 % SPDX-License-Identifier: LGPL-3.0-or-later
 
 -module(monocypher).
--export([crypto_blake2b/1]).
--export([crypto_blake2b_general/3]).
--export([crypto_ietf_chacha20/3]).
--export([crypto_ietf_chacha20_ctr/4]).
+-export([crypto_lock/4,
+         crypto_unlock/4]).
+-export([crypto_blake2b/1,
+         crypto_blake2b_general/3]).
+-export([crypto_ietf_chacha20/3,
+         crypto_ietf_chacha20_ctr/4]).
 -on_load(init/0).
 
 -define(APPNAME, monocypher).
 -define(LIBNAME, monocypher).
 
+%% Authenticated Encryption
+
+-spec crypto_lock(binary(), binary(), binary(), binary()) -> binary().
+crypto_lock(_,_,_,_) ->
+    not_loaded(?LINE).
+
+-spec crypto_unlock(binary(), binary(), binary(), binary()) -> {'ok', binary()} | {'error', integer()}.
+crypto_unlock(_,_,_,_) ->
+    not_loaded(?LINE).
+
+%% Hashing
+
 -spec crypto_blake2b(binary()) -> binary().
 crypto_blake2b(_) ->
     not_loaded(?LINE).
@@ -20,6 +34,8 @@ crypto_blake2b(_) ->
 crypto_blake2b_general(_,_,_) ->
     not_loaded(?LINE).
 
+%% IETF ChaCha20
+
 -spec crypto_ietf_chacha20(binary(), binary(), binary()) -> binary().
 crypto_ietf_chacha20(_,_,_) ->
     not_loaded(?LINE).