Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I modified gnutls to use that code. I noticed that the context size is quite excessive (may be an issue when is used as stack variable), but as I understand there is not much that can be done about it.
The block buffer and the l1 subkeys need about 1 Kbyte each.
Something I noticed is that for the nonce increment you could also use the INCREMENT macro used in ctr.
Right. But I first need to modify the INCREMENT macro to support length == 1, otherwise it wont work for a single-byte nonce.
Also because I work using an abstraction layer, and the umac_set_key() is different from hmac_xhash_set_key() which all have a length parameter, requires me to use a wrapper over it. It may be nicer (for me at least) if umac_set_key() accepted the length as well.
I don't think I want to add a key_length parameter, if all I can do with it is an assert (key_length == 16). Is there any other reasonable use? I guess one could pass a longer key (192 or 256 bits) to aes_set_encrypt_key, but that's beyond the umac spec.
In nettle in general, algorithms with a fix key size never gets a key size argument; that's for the next abstraction layer to unify, if desired.
Regards, /Niels