On Wed, Nov 26, 2014 at 1:32 PM, Niels Möller nisse@lysator.liu.se wrote:
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
I've done something similar at: https://gitorious.org/gnutls/gnutls/source/0a1102311e443720fc0eb7a83f7dc1b58...
Looks reasonable. You get a pretty large nettle_cipher_st to support all variations, I see. Some comments: _ccm_aes_encrypt looks like it supports ccm with any cipher, right?
Nice catch. Indeed, it is not restricted to AES.
If the aead_*crypt_func functions are intended as the primary interface for aead, I guess you'd want to either retire the auth and tag functions (and you may want additonal helper functions in nettle to make that easy?). Or implement the aead_*crypt functions in terms of the auth and tag functions for everything but ccm.
My plan is to provide a minimal AEAD API such as: https://gitorious.org/gnutls/gnutls/source/0a1102311e443720fc0eb7a83f7dc1b58...
The old auth and tag will be kept for backwards compatibility in AES-GCM, but will not be offered by all AEAD ciphers.
For the _gcm functions, do you see any obstacles to implementing generic _gcm functions (like you do with cbc), which passes the encrypt_block function to nettle's general gcm functions? Note that GCM_CTX intentionally puts the cipher-specific context last, so the offset should always be the same.
Do you mean something like: struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; char xx[1]; }; #define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key) #define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm) #define GCM_CTX_GET_CIPHER(ptr) ((void*)&((struct gcm_cast_st*)ptr)->xx)
It looks indeed simpler. Not sure how valid is the GCM_CTX_GET_CIPHER cast though. It would be nice if nettle's gcm.h provided such macros.
Your auth_func, tag_func, set_key_func and setiv_func seem to duplicate nettle_hash_update, nettle_set_key_func and nettle_hash_digest_func.
Thanks, I should use them.
regards, Nikos