Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I am trying to figure out how to wrap around CCM and GCM, and it seems like a hard task. They are totally incompatible.
Right, ccm is a bit alien, in that it doesn't support any incremental operation.
Would it make sense instead of have an equivalent of ccm_decrypt_message() in gcm as well, and make that the AEAD API?
To get _message functions, I'd like to define some functions (or even macros?) like
void aead_encrypt_message(const struct nettle_aead *aead, void *ctx, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t clength, uint8_t *dst, const uint8_t *src);
int aead_decrypt_message(const struct nettle_aead *aead, void *ctx, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t mlength, uint8_t *dst, const uint8_t *src);
And then one could write trivial wrappers like gcm_aes128_encrypt_message just passing in the right aead object.
That should be almost compatible with the ccm_*_message functions, except that ccm allows arbitrary nonce-size, and the nettle_aead interface uses a fixed nonce size. Which is an undesirable mismatch, not sure how to best deal with that.
Do you think that's a reasonable approach?
Regards, /Niels