On Thu, Jun 6, 2019 at 9:44 AM Niels Möller nisse@lysator.liu.se wrote:
nisse@lysator.liu.se (Niels Möller) writes:
I think the siv code could benefit from a funtion to create a cmac digest in one step, without the update/digest split and the intermediate buffer. That would be something like
cmac128_message(const struct cmac128_key *key, const void *cipher, nettle_crypt_func *encrypt, size_t digest_length, uint8_t *digest, size_t message_length, const uint8_t *message);
I haven't added a function like this, but I've now done the changes needed for const context to the siv_*_message functions.
For CMAC, the lowest-level functions now take cmac128_key and cmac128_ctx as separate arguments, the former const where appropriate. These changes pushed to master, and it's similar to how gcm is done.
I then merged these changes into the siv-mode branch, and updated it accordingly. The _siv_s2v function now takes a const struct cmac128_key argument, and uses a local struct cmac128_ctx with _init, _update, _digest to process the strings with cmac. This enables use of const further up the call chain.
That seems nice. Let me know if you need anything from me regarding that.
regards, Nikos