On Sat, 2018-01-27 at 09:57 +0100, Nikos Mavrogiannopoulos wrote:
But then when would generate the actual IV? When data are added gradually, one would have to require order in the calling of functions, to ensure that one would generate the IV to be used by the encryption functions. For example require
siv_aes128_cmac_set_key siv_aes128_cmac_extra_adata siv_aes128_cmac_extra_adata siv_aes_128_cmac_set_nonce (must be last and must be called even if there is no nonce, and will generate and save the IV) siv_aes128_cmac_decrypt (which will use the saved in ctx IV)
or
siv_aes128_cmac_set_key siv_aes128_cmac_extra_adata siv_aes128_cmac_extra _adata siv_aes_128_cmac_set_nonce siv_aes_128_cmac_get_iv siv_aes128_cmac_ decrypt (which will use the provided in param IV)
I'm also not sure how to check the tag? Make siv_aes128_cmac_decrypt() check it and return an int, or provide a digest function which will return the generated IV and let the caller do something with it?
Shouldn't the siv_aes128_cmac_extra_adata be named siv_aes128_cmac_update? (though its semantics would be different from other AEAD ciphers as updating with "ab" is different than two calls with "a" and "b").
Overall, the more I look how a low level API for SIV would look like, the more I think of having only a high level one.
I've gave up on my attempts for a low-level mode as they were resulting to a very complex to use interface when following nettle conventions, or a very unique interface when trying to capture SIV-CMAC intentions.
Thus, I'm sending an RFC for a high level SIV-CMAC interface with an abstraction function set, which abstract on the cipher. The cipher is then used for both CTR encryption and CMAC. (Initially I tried abstracting over cipher and MAC, which caused a very complex interface, such as functions with 13+ parameters).
That abstraction seems to have a cost on safety as in _siv_s2v() function I simulated the cipher context using an array. Is there a better way to capture that on nettle?
This patch works on top of the proposed CMAC interface.
regards, Nikos