From: Daiki Ueno dueno@redhat.com
As discussed in: https://lists.lysator.liu.se/pipermail/nettle-bugs/2019/007662.html
This moves `struct nettle_mac` to nettle-meta.h and provide the meta interface for all defined MAC algorithms.
Each meta interface shall provide the following 4 functions:
nettle_set_key_func *set_key; nettle_set_key_func *set_nonce; nettle_hash_update_func *update; nettle_hash_digest_func *digest;
where set_nonce is only used by UMAC, and expects that the nonce has always the same length as AES_BLOCK_SIZE. For CMAC and HMAC, a no-op set_nonce function is defined.
Also the signature of set_key is slightly different from hmac_*_set_key in that it doesn't take key length as an argument. A wrapper function is provided to clamp the length to hash block size.
Daiki Ueno (7): hmac: Add set_key_expanded function nettle-meta: Move struct nettle_mac to nettle-meta.h nettle-meta: Add meta interface for CMAC functions nettle-meta: Add meta interface for HMAC functions nettle-meta: Add meta interface for UMAC functions nettle-meta: Expose all defined MACs through nettle_macs tests: Add test for meta interface for MAC algorithms
Makefile.in | 7 +++- cmac-aes128-meta.c | 48 ++++++++++++++++++++++ cmac-aes256-meta.c | 48 ++++++++++++++++++++++ hmac-md5-meta.c | 46 ++++++++++++++++++++++ hmac-md5.c | 7 ++++ hmac-ripemd160-meta.c | 46 ++++++++++++++++++++++ hmac-ripemd160.c | 7 ++++ hmac-sha1-meta.c | 46 ++++++++++++++++++++++ hmac-sha1.c | 7 ++++ hmac-sha224-meta.c | 46 ++++++++++++++++++++++ hmac-sha224.c | 7 ++++ hmac-sha256-meta.c | 46 ++++++++++++++++++++++ hmac-sha256.c | 7 ++++ hmac-sha384-meta.c | 46 ++++++++++++++++++++++ hmac-sha384.c | 7 ++++ hmac-sha512-meta.c | 46 ++++++++++++++++++++++ hmac-sha512.c | 7 ++++ hmac.c | 48 ++++++++++++++-------- hmac.h | 45 +++++++++++++++++++++ nettle-meta-macs.c | 61 ++++++++++++++++++++++++++++ nettle-meta.h | 81 ++++++++++++++++++++++++++++++++++++++ testsuite/.gitignore | 1 + testsuite/.test-rules.make | 3 ++ testsuite/Makefile.in | 2 +- testsuite/cmac-test.c | 24 ----------- testsuite/meta-mac-test.c | 37 +++++++++++++++++ testsuite/testutils.h | 29 -------------- umac128-meta.c | 47 ++++++++++++++++++++++ umac32-meta.c | 47 ++++++++++++++++++++++ umac64-meta.c | 47 ++++++++++++++++++++++ umac96-meta.c | 47 ++++++++++++++++++++++ 31 files changed, 922 insertions(+), 71 deletions(-) create mode 100644 cmac-aes128-meta.c create mode 100644 cmac-aes256-meta.c create mode 100644 hmac-md5-meta.c create mode 100644 hmac-ripemd160-meta.c create mode 100644 hmac-sha1-meta.c create mode 100644 hmac-sha224-meta.c create mode 100644 hmac-sha256-meta.c create mode 100644 hmac-sha384-meta.c create mode 100644 hmac-sha512-meta.c create mode 100644 nettle-meta-macs.c create mode 100644 testsuite/meta-mac-test.c create mode 100644 umac128-meta.c create mode 100644 umac32-meta.c create mode 100644 umac64-meta.c create mode 100644 umac96-meta.c
From: Daiki Ueno dueno@redhat.com
This adds a set_key_expanded to all HMACs, to provide a compatible signature with nettle_set_key_func. This function is similar to set_key, but assumes the input is already expanded to the hash block size.
Signed-off-by: Daiki Ueno dueno@redhat.com --- hmac-md5.c | 7 +++++++ hmac-ripemd160.c | 7 +++++++ hmac-sha1.c | 7 +++++++ hmac-sha224.c | 7 +++++++ hmac-sha256.c | 7 +++++++ hmac-sha384.c | 7 +++++++ hmac-sha512.c | 7 +++++++ hmac.c | 48 ++++++++++++++++++++++++++++++++---------------- hmac.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 126 insertions(+), 16 deletions(-)
diff --git a/hmac-md5.c b/hmac-md5.c index a27e64f6..b5a9c4d0 100644 --- a/hmac-md5.c +++ b/hmac-md5.c @@ -44,6 +44,13 @@ hmac_md5_set_key(struct hmac_md5_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_md5, key_length, key); }
+void +hmac_md5_set_key_expanded(struct hmac_md5_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_md5, key); +} + void hmac_md5_update(struct hmac_md5_ctx *ctx, size_t length, const uint8_t *data) diff --git a/hmac-ripemd160.c b/hmac-ripemd160.c index 24e2cbe7..d4ba5fea 100644 --- a/hmac-ripemd160.c +++ b/hmac-ripemd160.c @@ -44,6 +44,13 @@ hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_ripemd160, key_length, key); }
+void +hmac_ripemd160_set_key_expanded(struct hmac_ripemd160_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_ripemd160, key); +} + void hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx, size_t length, const uint8_t *data) diff --git a/hmac-sha1.c b/hmac-sha1.c index 5e7188f9..3d299b5d 100644 --- a/hmac-sha1.c +++ b/hmac-sha1.c @@ -44,6 +44,13 @@ hmac_sha1_set_key(struct hmac_sha1_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_sha1, key_length, key); }
+void +hmac_sha1_set_key_expanded(struct hmac_sha1_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_sha1, key); +} + void hmac_sha1_update(struct hmac_sha1_ctx *ctx, size_t length, const uint8_t *data) diff --git a/hmac-sha224.c b/hmac-sha224.c index c5bc8750..18dc3307 100644 --- a/hmac-sha224.c +++ b/hmac-sha224.c @@ -44,6 +44,13 @@ hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_sha224, key_length, key); }
+void +hmac_sha224_set_key_expanded(struct hmac_sha224_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_sha224, key); +} + void hmac_sha224_digest(struct hmac_sha224_ctx *ctx, size_t length, uint8_t *digest) diff --git a/hmac-sha256.c b/hmac-sha256.c index af5cc0f1..a89e0f6b 100644 --- a/hmac-sha256.c +++ b/hmac-sha256.c @@ -44,6 +44,13 @@ hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_sha256, key_length, key); }
+void +hmac_sha256_set_key_expanded(struct hmac_sha256_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_sha256, key); +} + void hmac_sha256_update(struct hmac_sha256_ctx *ctx, size_t length, const uint8_t *data) diff --git a/hmac-sha384.c b/hmac-sha384.c index 30008b5f..c3904053 100644 --- a/hmac-sha384.c +++ b/hmac-sha384.c @@ -44,6 +44,13 @@ hmac_sha384_set_key(struct hmac_sha512_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_sha384, key_length, key); }
+void +hmac_sha384_set_key_expanded(struct hmac_sha512_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_sha384, key); +} + void hmac_sha384_digest(struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest) diff --git a/hmac-sha512.c b/hmac-sha512.c index de64637a..4fff1f35 100644 --- a/hmac-sha512.c +++ b/hmac-sha512.c @@ -44,6 +44,13 @@ hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, HMAC_SET_KEY(ctx, &nettle_sha512, key_length, key); }
+void +hmac_sha512_set_key_expanded(struct hmac_sha512_ctx *ctx, + const uint8_t *key) +{ + HMAC_SET_KEY_EXPANDED(ctx, &nettle_sha512, key); +} + void hmac_sha512_update(struct hmac_sha512_ctx *ctx, size_t length, const uint8_t *data) diff --git a/hmac.c b/hmac.c index 6ac5e11a..925b9c3b 100644 --- a/hmac.c +++ b/hmac.c @@ -48,10 +48,10 @@ #define IPAD 0x36 #define OPAD 0x5c
-void -hmac_set_key(void *outer, void *inner, void *state, - const struct nettle_hash *hash, - size_t key_length, const uint8_t *key) +static void +_hmac_set_key(void *outer, void *inner, void *state, + const struct nettle_hash *hash, + size_t key_length, const uint8_t *key) { TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE); TMP_ALLOC(pad, hash->block_size); @@ -59,6 +59,26 @@ hmac_set_key(void *outer, void *inner, void *state, hash->init(outer); hash->init(inner);
+ assert(key_length <= hash->block_size); + + memset(pad, OPAD, hash->block_size); + memxor(pad, key, key_length); + + hash->update(outer, hash->block_size, pad); + + memset(pad, IPAD, hash->block_size); + memxor(pad, key, key_length); + + hash->update(inner, hash->block_size, pad); + + memcpy(state, inner, hash->context_size); +} + +void +hmac_set_key(void *outer, void *inner, void *state, + const struct nettle_hash *hash, + size_t key_length, const uint8_t *key) +{ if (key_length > hash->block_size) { /* Reduce key to the algorithm's hash size. Use the area pointed @@ -75,19 +95,15 @@ hmac_set_key(void *outer, void *inner, void *state, key_length = hash->digest_size; }
- assert(key_length <= hash->block_size); - - memset(pad, OPAD, hash->block_size); - memxor(pad, key, key_length); - - hash->update(outer, hash->block_size, pad); - - memset(pad, IPAD, hash->block_size); - memxor(pad, key, key_length); - - hash->update(inner, hash->block_size, pad); + _hmac_set_key(outer, inner, state, hash, key_length, key); +}
- memcpy(state, inner, hash->context_size); +void +hmac_set_key_expanded(void *outer, void *inner, void *state, + const struct nettle_hash *hash, + const uint8_t *key) +{ + _hmac_set_key(outer, inner, state, hash, hash->block_size, key); }
void diff --git a/hmac.h b/hmac.h index 40a8e77a..6ce17aec 100644 --- a/hmac.h +++ b/hmac.h @@ -47,25 +47,33 @@ extern "C" {
/* Namespace mangling */ #define hmac_set_key nettle_hmac_set_key +#define hmac_set_key_expanded nettle_hmac_set_key_expanded #define hmac_update nettle_hmac_update #define hmac_digest nettle_hmac_digest #define hmac_md5_set_key nettle_hmac_md5_set_key +#define hmac_md5_set_key_expanded nettle_hmac_md5_set_key_expanded #define hmac_md5_update nettle_hmac_md5_update #define hmac_md5_digest nettle_hmac_md5_digest #define hmac_ripemd160_set_key nettle_hmac_ripemd160_set_key +#define hmac_ripemd160_set_key_expanded nettle_hmac_ripemd160_set_key_expanded #define hmac_ripemd160_update nettle_hmac_ripemd160_update #define hmac_ripemd160_digest nettle_hmac_ripemd160_digest #define hmac_sha1_set_key nettle_hmac_sha1_set_key +#define hmac_sha1_set_key_expanded nettle_hmac_sha1_set_key_expanded #define hmac_sha1_update nettle_hmac_sha1_update #define hmac_sha1_digest nettle_hmac_sha1_digest #define hmac_sha224_set_key nettle_hmac_sha224_set_key +#define hmac_sha224_set_key_expanded nettle_hmac_sha224_set_key_expanded #define hmac_sha224_digest nettle_hmac_sha224_digest #define hmac_sha256_set_key nettle_hmac_sha256_set_key +#define hmac_sha256_set_key_expanded nettle_hmac_sha256_set_key_expanded #define hmac_sha256_update nettle_hmac_sha256_update #define hmac_sha256_digest nettle_hmac_sha256_digest #define hmac_sha384_set_key nettle_hmac_sha384_set_key +#define hmac_sha384_set_key_expanded nettle_hmac_sha384_set_key_expanded #define hmac_sha384_digest nettle_hmac_sha384_digest #define hmac_sha512_set_key nettle_hmac_sha512_set_key +#define hmac_sha512_set_key_expanded nettle_hmac_sha512_set_key_expanded #define hmac_sha512_update nettle_hmac_sha512_update #define hmac_sha512_digest nettle_hmac_sha512_digest
@@ -74,6 +82,11 @@ hmac_set_key(void *outer, void *inner, void *state, const struct nettle_hash *hash, size_t length, const uint8_t *key);
+void +hmac_set_key_expanded(void *outer, void *inner, void *state, + const struct nettle_hash *hash, + const uint8_t *key); + /* This function is not strictly needed, it's s just the same as the * hash update function. */ void @@ -94,6 +107,10 @@ hmac_digest(const void *outer, const void *inner, void *state, hmac_set_key( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \ (hash), (length), (key) )
+#define HMAC_SET_KEY_EXPANDED(ctx, hash, key) \ + hmac_set_key_expanded( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \ + (hash), (key) ) + #define HMAC_DIGEST(ctx, hash, length, digest) \ hmac_digest( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \ (hash), (length), (digest) ) @@ -107,6 +124,10 @@ void hmac_md5_set_key(struct hmac_md5_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_md5_set_key_expanded(struct hmac_md5_ctx *ctx, + const uint8_t *key); + void hmac_md5_update(struct hmac_md5_ctx *ctx, size_t length, const uint8_t *data); @@ -123,6 +144,10 @@ void hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_ripemd160_set_key_expanded(struct hmac_ripemd160_ctx *ctx, + const uint8_t *key); + void hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx, size_t length, const uint8_t *data); @@ -139,6 +164,10 @@ void hmac_sha1_set_key(struct hmac_sha1_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_sha1_set_key_expanded(struct hmac_sha1_ctx *ctx, + const uint8_t *key); + void hmac_sha1_update(struct hmac_sha1_ctx *ctx, size_t length, const uint8_t *data); @@ -154,6 +183,10 @@ void hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_sha256_set_key_expanded(struct hmac_sha256_ctx *ctx, + const uint8_t *key); + void hmac_sha256_update(struct hmac_sha256_ctx *ctx, size_t length, const uint8_t *data); @@ -169,6 +202,10 @@ void hmac_sha224_set_key(struct hmac_sha224_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_sha224_set_key_expanded(struct hmac_sha224_ctx *ctx, + const uint8_t *key); + #define hmac_sha224_update nettle_hmac_sha256_update
void @@ -182,6 +219,10 @@ void hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_sha512_set_key_expanded(struct hmac_sha512_ctx *ctx, + const uint8_t *key); + void hmac_sha512_update(struct hmac_sha512_ctx *ctx, size_t length, const uint8_t *data); @@ -197,6 +238,10 @@ void hmac_sha384_set_key(struct hmac_sha512_ctx *ctx, size_t key_length, const uint8_t *key);
+void +hmac_sha384_set_key_expanded(struct hmac_sha512_ctx *ctx, + const uint8_t *key); + #define hmac_sha384_update nettle_hmac_sha512_update
void
Hello,
пт, 19 июл. 2019 г. в 16:38, Daiki Ueno ueno@gnu.org:
From: Daiki Ueno dueno@redhat.com
This adds a set_key_expanded to all HMACs, to provide a compatible signature with nettle_set_key_func. This function is similar to set_key, but assumes the input is already expanded to the hash block size.
I'd suggest not to define a separate hmac_set_key_expanded(). Will the folllowing function work for you?
static nettle_set_key_func hmac_md5_set_key_wrapper static void hmac_md5_set_key_wrapper(void *ctx, const uint8_t *key) { hmac_md5_set_key(ctx, MD5_BLOCK_SIZE, key); }
It will be less intrusive and more in line with other set_key wrappers.
From: Daiki Ueno dueno@redhat.com
The struct was defined in testutils.h as the interface was not stable. This generalizes the interface to cover all defined MAC algorithms in nettle.
Signed-off-by: Daiki Ueno dueno@redhat.com --- nettle-meta.h | 22 ++++++++++++++++++++++ testsuite/testutils.h | 29 ----------------------------- 2 files changed, 22 insertions(+), 29 deletions(-)
diff --git a/nettle-meta.h b/nettle-meta.h index 74e50e59..b03da208 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -238,6 +238,28 @@ extern const struct nettle_armor nettle_base64; extern const struct nettle_armor nettle_base64url; extern const struct nettle_armor nettle_base16;
+struct nettle_mac +{ + const char *name; + + /* Size of the context struct */ + unsigned context_size; + + /* Size of digests */ + unsigned digest_size; + + /* Suggested key size; other sizes are sometimes possible */ + unsigned key_size; + + /* Suggested nonce size; 0 if nonce is not used */ + unsigned nonce_size; + + nettle_set_key_func *set_key; + nettle_set_key_func *set_nonce; + nettle_hash_update_func *update; + nettle_hash_digest_func *digest; +}; + #ifdef __cplusplus } #endif diff --git a/testsuite/testutils.h b/testsuite/testutils.h index f4ea38da..78daf62b 100644 --- a/testsuite/testutils.h +++ b/testsuite/testutils.h @@ -79,35 +79,6 @@ test_main(void);
extern int verbose;
-/* FIXME: When interface stabilizes, move to nettle-meta.h */ -struct nettle_mac -{ - const char *name; - - /* Size of the context struct */ - unsigned context_size; - - /* Size of digests */ - unsigned digest_size; - - /* Suggested key size; other sizes are sometimes possible. */ - unsigned key_size; - - nettle_set_key_func *set_key; - nettle_hash_update_func *update; - nettle_hash_digest_func *digest; -}; - -#define _NETTLE_HMAC(name, NAME, keysize) { \ - #name, \ - sizeof(struct hmac_##name##_ctx), \ - NAME##_DIGEST_SIZE, \ - NAME##_DIGEST_SIZE, \ - hmac_##name##_set_key, \ - hmac_##name##_update, \ - hmac_##name##_digest, \ -} - /* Test functions deallocate their inputs when finished.*/ void test_cipher(const struct nettle_cipher *cipher,
From: Daiki Ueno dueno@redhat.com
Signed-off-by: Daiki Ueno dueno@redhat.com --- Makefile.in | 1 + cmac-aes128-meta.c | 48 +++++++++++++++++++++++++++++++++++++++++++ cmac-aes256-meta.c | 48 +++++++++++++++++++++++++++++++++++++++++++ nettle-meta.h | 15 ++++++++++++++ testsuite/cmac-test.c | 24 ---------------------- 5 files changed, 112 insertions(+), 24 deletions(-) create mode 100644 cmac-aes128-meta.c create mode 100644 cmac-aes256-meta.c
diff --git a/Makefile.in b/Makefile.in index b54e64b0..6a425e16 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,6 +103,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gcm-camellia128.c gcm-camellia128-meta.c \ gcm-camellia256.c gcm-camellia256-meta.c \ cmac.c cmac-aes128.c cmac-aes256.c \ + cmac-aes128-meta.c cmac-aes256-meta.c \ gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ diff --git a/cmac-aes128-meta.c b/cmac-aes128-meta.c new file mode 100644 index 00000000..73cf396c --- /dev/null +++ b/cmac-aes128-meta.c @@ -0,0 +1,48 @@ +/* cmac-aes128-meta.c + + Copyright (C) 2013, 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "nettle-meta.h" + +#include "cmac.h" + +static void +cmac_aes128_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_cmac_aes128 += _NETTLE_CMAC(cmac_aes128, AES128); diff --git a/cmac-aes256-meta.c b/cmac-aes256-meta.c new file mode 100644 index 00000000..e7bf745c --- /dev/null +++ b/cmac-aes256-meta.c @@ -0,0 +1,48 @@ +/* cmac-aes256-meta.c + + Copyright (C) 2013, 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "nettle-meta.h" + +#include "cmac.h" + +static void +cmac_aes256_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_cmac_aes256 += _NETTLE_CMAC(cmac_aes256, AES256); diff --git a/nettle-meta.h b/nettle-meta.h index b03da208..656c30de 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -260,6 +260,21 @@ struct nettle_mac nettle_hash_digest_func *digest; };
+#define _NETTLE_CMAC(name, AES) { \ + #name, \ + sizeof(struct name##_ctx), \ + CMAC128_DIGEST_SIZE, \ + AES##_KEY_SIZE, \ + 0, \ + (nettle_set_key_func *) name##_set_key, \ + name##_set_nonce_wrapper, \ + (nettle_hash_update_func *) name##_update, \ + (nettle_hash_digest_func *) name##_digest, \ +} + +extern const struct nettle_mac nettle_cmac_aes128; +extern const struct nettle_mac nettle_cmac_aes256; + #ifdef __cplusplus } #endif diff --git a/testsuite/cmac-test.c b/testsuite/cmac-test.c index b1d4aa30..42188ece 100644 --- a/testsuite/cmac-test.c +++ b/testsuite/cmac-test.c @@ -2,30 +2,6 @@ #include "nettle-internal.h" #include "cmac.h"
-const struct nettle_mac nettle_cmac_aes128 = -{ - "CMAC-AES128", - sizeof(struct cmac_aes128_ctx), - CMAC128_DIGEST_SIZE, - AES128_KEY_SIZE, - - (nettle_set_key_func*) cmac_aes128_set_key, - (nettle_hash_update_func*) cmac_aes128_update, - (nettle_hash_digest_func*) cmac_aes128_digest -}; - -const struct nettle_mac nettle_cmac_aes256 = -{ - "CMAC-AES256", - sizeof(struct cmac_aes256_ctx), - CMAC128_DIGEST_SIZE, - AES256_KEY_SIZE, - - (nettle_set_key_func*) cmac_aes256_set_key, - (nettle_hash_update_func*) cmac_aes256_update, - (nettle_hash_digest_func*) cmac_aes256_digest -}; - #define test_cmac_aes128(key, msg, ref) \ test_mac(&nettle_cmac_aes128, key, msg, ref)
From: Daiki Ueno dueno@redhat.com
Signed-off-by: Daiki Ueno dueno@redhat.com --- Makefile.in | 3 +++ hmac-md5-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-ripemd160-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-sha1-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-sha224-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-sha256-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-sha384-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ hmac-sha512-meta.c | 46 +++++++++++++++++++++++++++++++++++++++++++ nettle-meta.h | 20 +++++++++++++++++++ 9 files changed, 345 insertions(+) create mode 100644 hmac-md5-meta.c create mode 100644 hmac-ripemd160-meta.c create mode 100644 hmac-sha1-meta.c create mode 100644 hmac-sha224-meta.c create mode 100644 hmac-sha256-meta.c create mode 100644 hmac-sha384-meta.c create mode 100644 hmac-sha512-meta.c
diff --git a/Makefile.in b/Makefile.in index 6a425e16..9031d959 100644 --- a/Makefile.in +++ b/Makefile.in @@ -107,6 +107,9 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \ hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \ + hmac-md5-meta.c hmac-ripemd160-meta.c hmac-sha1-meta.c \ + hmac-sha224-meta.c hmac-sha256-meta.c hmac-sha384-meta.c \ + hmac-sha512-meta.c \ knuth-lfib.c hkdf.c \ md2.c md2-meta.c md4.c md4-meta.c \ md5.c md5-compress.c md5-compat.c md5-meta.c \ diff --git a/hmac-md5-meta.c b/hmac-md5-meta.c new file mode 100644 index 00000000..4ed99b5e --- /dev/null +++ b/hmac-md5-meta.c @@ -0,0 +1,46 @@ +/* hmac-md5-meta.c + + Copyright (C) 2002 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_md5_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_md5 += _NETTLE_HMAC(hmac_md5, MD5); diff --git a/hmac-ripemd160-meta.c b/hmac-ripemd160-meta.c new file mode 100644 index 00000000..6c354ac2 --- /dev/null +++ b/hmac-ripemd160-meta.c @@ -0,0 +1,46 @@ +/* hmac-ripemd160-meta.c + + Copyright (C) 2011 Andres Mejia + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_ripemd160_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_ripemd160 += _NETTLE_HMAC(hmac_ripemd160, RIPEMD160); diff --git a/hmac-sha1-meta.c b/hmac-sha1-meta.c new file mode 100644 index 00000000..d6a70802 --- /dev/null +++ b/hmac-sha1-meta.c @@ -0,0 +1,46 @@ +/* hmac-sha1-meta.c + + Copyright (C) 2002 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_sha1_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_sha1 += _NETTLE_HMAC(hmac_sha1, SHA1); diff --git a/hmac-sha224-meta.c b/hmac-sha224-meta.c new file mode 100644 index 00000000..f715ce64 --- /dev/null +++ b/hmac-sha224-meta.c @@ -0,0 +1,46 @@ +/* hmac-sha224-meta.c + + Copyright (C) 2002, 2010 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_sha224_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_sha224 += _NETTLE_HMAC(hmac_sha224, SHA224); diff --git a/hmac-sha256-meta.c b/hmac-sha256-meta.c new file mode 100644 index 00000000..bc3ae45e --- /dev/null +++ b/hmac-sha256-meta.c @@ -0,0 +1,46 @@ +/* hmac-sha256-meta.c + + Copyright (C) 2002 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_sha256_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_sha256 += _NETTLE_HMAC(hmac_sha256, SHA256); diff --git a/hmac-sha384-meta.c b/hmac-sha384-meta.c new file mode 100644 index 00000000..a15e48b6 --- /dev/null +++ b/hmac-sha384-meta.c @@ -0,0 +1,46 @@ +/* hmac-sha384-meta.c + + Copyright (C) 2002, 2010 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_sha384_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_sha384 += _NETTLE_HMAC(hmac_sha384, SHA384); diff --git a/hmac-sha512-meta.c b/hmac-sha512-meta.c new file mode 100644 index 00000000..0efcb216 --- /dev/null +++ b/hmac-sha512-meta.c @@ -0,0 +1,46 @@ +/* hmac-sha512-meta.c + + Copyright (C) 2002, 2010 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "hmac.h" + +static void +hmac_sha512_set_nonce_wrapper (void *ctx UNUSED, const uint8_t *key UNUSED) +{ +} + +const struct nettle_mac nettle_hmac_sha512 += _NETTLE_HMAC(hmac_sha512, SHA512); diff --git a/nettle-meta.h b/nettle-meta.h index 656c30de..f2a73d9b 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -272,9 +272,29 @@ struct nettle_mac (nettle_hash_digest_func *) name##_digest, \ }
+#define _NETTLE_HMAC(name, HASH) { \ + #name, \ + sizeof(struct name##_ctx), \ + HASH##_DIGEST_SIZE, \ + HASH##_BLOCK_SIZE, \ + 0, \ + (nettle_set_key_func *) name##_set_key_expanded, \ + name##_set_nonce_wrapper, \ + (nettle_hash_update_func *) name##_update, \ + (nettle_hash_digest_func *) name##_digest, \ +} + extern const struct nettle_mac nettle_cmac_aes128; extern const struct nettle_mac nettle_cmac_aes256;
+extern const struct nettle_mac nettle_hmac_md5; +extern const struct nettle_mac nettle_hmac_ripemd160; +extern const struct nettle_mac nettle_hmac_sha1; +extern const struct nettle_mac nettle_hmac_sha224; +extern const struct nettle_mac nettle_hmac_sha256; +extern const struct nettle_mac nettle_hmac_sha384; +extern const struct nettle_mac nettle_hmac_sha512; + #ifdef __cplusplus } #endif
From: Daiki Ueno dueno@redhat.com
Signed-off-by: Daiki Ueno dueno@redhat.com --- Makefile.in | 1 + nettle-meta.h | 17 +++++++++++++++++ umac128-meta.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ umac32-meta.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ umac64-meta.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ umac96-meta.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 206 insertions(+) create mode 100644 umac128-meta.c create mode 100644 umac32-meta.c create mode 100644 umac64-meta.c create mode 100644 umac96-meta.c
diff --git a/Makefile.in b/Makefile.in index 9031d959..4cfc5005 100644 --- a/Makefile.in +++ b/Makefile.in @@ -138,6 +138,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \ umac-poly64.c umac-poly128.c umac-set-key.c \ umac32.c umac64.c umac96.c umac128.c \ + umac32-meta.c umac64-meta.c umac96-meta.c umac128-meta.c \ version.c \ write-be32.c write-le32.c write-le64.c \ yarrow256.c yarrow_key_event.c \ diff --git a/nettle-meta.h b/nettle-meta.h index f2a73d9b..55229501 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -284,6 +284,18 @@ struct nettle_mac (nettle_hash_digest_func *) name##_digest, \ }
+#define _NETTLE_UMAC(name, NAME) { \ + #name, \ + sizeof(struct name##_ctx), \ + NAME##_DIGEST_SIZE, \ + UMAC_BLOCK_SIZE, \ + AES_BLOCK_SIZE, \ + (nettle_set_key_func *) name##_set_key, \ + name##_set_nonce_wrapper, \ + (nettle_hash_update_func *) name##_update, \ + (nettle_hash_digest_func *) name##_digest, \ +} + extern const struct nettle_mac nettle_cmac_aes128; extern const struct nettle_mac nettle_cmac_aes256;
@@ -295,6 +307,11 @@ extern const struct nettle_mac nettle_hmac_sha256; extern const struct nettle_mac nettle_hmac_sha384; extern const struct nettle_mac nettle_hmac_sha512;
+extern const struct nettle_mac nettle_umac32; +extern const struct nettle_mac nettle_umac64; +extern const struct nettle_mac nettle_umac96; +extern const struct nettle_mac nettle_umac128; + #ifdef __cplusplus } #endif diff --git a/umac128-meta.c b/umac128-meta.c new file mode 100644 index 00000000..9f6a7e34 --- /dev/null +++ b/umac128-meta.c @@ -0,0 +1,47 @@ +/* umac128-meta.c + + Copyright (C) 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "umac.h" + +static void +umac128_set_nonce_wrapper (void *ctx, const uint8_t *key) +{ + umac128_set_nonce (ctx, AES_BLOCK_SIZE, key); +} + +const struct nettle_mac nettle_umac128 += _NETTLE_UMAC(umac128, UMAC128); diff --git a/umac32-meta.c b/umac32-meta.c new file mode 100644 index 00000000..2b4f9c14 --- /dev/null +++ b/umac32-meta.c @@ -0,0 +1,47 @@ +/* umac32-meta.c + + Copyright (C) 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "umac.h" + +static void +umac32_set_nonce_wrapper (void *ctx, const uint8_t *key) +{ + umac32_set_nonce (ctx, AES_BLOCK_SIZE, key); +} + +const struct nettle_mac nettle_umac32 += _NETTLE_UMAC(umac32, UMAC32); diff --git a/umac64-meta.c b/umac64-meta.c new file mode 100644 index 00000000..0351aaed --- /dev/null +++ b/umac64-meta.c @@ -0,0 +1,47 @@ +/* umac64-meta.c + + Copyright (C) 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "umac.h" + +static void +umac64_set_nonce_wrapper (void *ctx, const uint8_t *key) +{ + umac64_set_nonce (ctx, AES_BLOCK_SIZE, key); +} + +const struct nettle_mac nettle_umac64 += _NETTLE_UMAC(umac64, UMAC64); diff --git a/umac96-meta.c b/umac96-meta.c new file mode 100644 index 00000000..2feba8c8 --- /dev/null +++ b/umac96-meta.c @@ -0,0 +1,47 @@ +/* umac96-meta.c + + Copyright (C) 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "nettle-meta.h" + +#include "umac.h" + +static void +umac96_set_nonce_wrapper (void *ctx, const uint8_t *key) +{ + umac96_set_nonce (ctx, AES_BLOCK_SIZE, key); +} + +const struct nettle_mac nettle_umac96 += _NETTLE_UMAC(umac96, UMAC96);
From: Daiki Ueno dueno@redhat.com
Signed-off-by: Daiki Ueno dueno@redhat.com --- Makefile.in | 2 +- nettle-meta-macs.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++ nettle-meta.h | 7 ++++++ 3 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 nettle-meta-macs.c
diff --git a/Makefile.in b/Makefile.in index 4cfc5005..8efe2f88 100644 --- a/Makefile.in +++ b/Makefile.in @@ -116,7 +116,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ memeql-sec.c memxor.c memxor3.c \ nettle-lookup-hash.c \ nettle-meta-aeads.c nettle-meta-armors.c \ - nettle-meta-ciphers.c nettle-meta-hashes.c \ + nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \ pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \ poly1305-aes.c poly1305-internal.c \ realloc.c \ diff --git a/nettle-meta-macs.c b/nettle-meta-macs.c new file mode 100644 index 00000000..6575ed66 --- /dev/null +++ b/nettle-meta-macs.c @@ -0,0 +1,61 @@ +/* nettle-meta-macs.c + + Copyright (C) 2011 Daniel Kahn Gillmor + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stddef.h> + +#include "nettle-meta.h" + +const struct nettle_mac * const _nettle_macs[] = { + &nettle_cmac_aes128, + &nettle_cmac_aes256, + &nettle_hmac_md5, + &nettle_hmac_ripemd160, + &nettle_hmac_sha1, + &nettle_hmac_sha224, + &nettle_hmac_sha256, + &nettle_hmac_sha384, + &nettle_hmac_sha512, + &nettle_umac32, + &nettle_umac64, + &nettle_umac96, + &nettle_umac128, + NULL +}; + +const struct nettle_mac * const * +nettle_get_macs (void) +{ + return _nettle_macs; +} diff --git a/nettle-meta.h b/nettle-meta.h index 55229501..c7e7ab0f 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -296,6 +296,13 @@ struct nettle_mac (nettle_hash_digest_func *) name##_digest, \ }
+/* null-terminated list of macs implemented by this + version of nettle */ +const struct nettle_mac * const * _NETTLE_ATTRIBUTE_PURE +nettle_get_macs (void); + +#define nettle_macs (nettle_get_macs()) + extern const struct nettle_mac nettle_cmac_aes128; extern const struct nettle_mac nettle_cmac_aes256;
From: Daiki Ueno dueno@redhat.com
Signed-off-by: Daiki Ueno dueno@redhat.com --- testsuite/.gitignore | 1 + testsuite/.test-rules.make | 3 +++ testsuite/Makefile.in | 2 +- testsuite/meta-mac-test.c | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 testsuite/meta-mac-test.c
diff --git a/testsuite/.gitignore b/testsuite/.gitignore index 066bcee2..a57feccb 100644 --- a/testsuite/.gitignore +++ b/testsuite/.gitignore @@ -56,6 +56,7 @@ /meta-armor-test /meta-cipher-test /meta-hash-test +/meta-mac-test /pbkdf2-test /pkcs1-test /pkcs1-sec-decrypt-test diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index efb7df3c..87e288c5 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -160,6 +160,9 @@ meta-aead-test$(EXEEXT): meta-aead-test.$(OBJEXT) meta-armor-test$(EXEEXT): meta-armor-test.$(OBJEXT) $(LINK) meta-armor-test.$(OBJEXT) $(TEST_OBJS) -o meta-armor-test$(EXEEXT)
+meta-mac-test$(EXEEXT): meta-mac-test.$(OBJEXT) + $(LINK) meta-mac-test.$(OBJEXT) $(TEST_OBJS) -o meta-mac-test$(EXEEXT) + buffer-test$(EXEEXT): buffer-test.$(OBJEXT) $(LINK) buffer-test.$(OBJEXT) $(TEST_OBJS) -o buffer-test$(EXEEXT)
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index f8f85701..d688c242 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -31,7 +31,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ poly1305-test.c chacha-poly1305-test.c \ hmac-test.c umac-test.c \ meta-hash-test.c meta-cipher-test.c\ - meta-aead-test.c meta-armor-test.c \ + meta-aead-test.c meta-armor-test.c meta-mac-test.c \ buffer-test.c yarrow-test.c xts-test.c pbkdf2-test.c
TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \ diff --git a/testsuite/meta-mac-test.c b/testsuite/meta-mac-test.c new file mode 100644 index 00000000..dcc9fbca --- /dev/null +++ b/testsuite/meta-mac-test.c @@ -0,0 +1,37 @@ +#include "testutils.h" +#include "nettle-internal.h" +#include "nettle-meta.h" + +const char* macs[] = { + "cmac_aes128", + "cmac_aes256", + "hmac_md5", + "hmac_ripemd160", + "hmac_sha1", + "hmac_sha224", + "hmac_sha256", + "hmac_sha384", + "hmac_sha512", + "umac32", + "umac64", + "umac96", + "umac128", +}; + +void +test_main(void) +{ + int i, j; + int count = sizeof(macs)/sizeof(*macs); + for (i = 0; i < count; i++) { + for (j = 0; NULL != nettle_macs[j]; j++) { + if (0 == strcmp(macs[i], nettle_macs[j]->name)) + break; + } + ASSERT(NULL != nettle_macs[j]); /* make sure we found a matching aead */ + } + i = 0; + while (NULL != nettle_macs[i]) + i++; + ASSERT(i == count); /* we are not missing testing any hashes */ +}
Hello,
пт, 19 июл. 2019 г. в 16:38, Daiki Ueno ueno@gnu.org:
From: Daiki Ueno dueno@redhat.com
As discussed in: https://lists.lysator.liu.se/pipermail/nettle-bugs/2019/007662.html
This moves `struct nettle_mac` to nettle-meta.h and provide the meta interface for all defined MAC algorithms.
Great!
Each meta interface shall provide the following 4 functions:
nettle_set_key_func *set_key; nettle_set_key_func *set_nonce; nettle_hash_update_func *update; nettle_hash_digest_func *digest;
where set_nonce is only used by UMAC, and expects that the nonce has always the same length as AES_BLOCK_SIZE. For CMAC and HMAC, a no-op set_nonce function is defined.
Will it be usefull to support length + data as arguments of set_nonce function? Especially if we try to add AES-GMAC a first level citizen.
Also it might look good to define (internal) mac_set_nonce_null() function and use it from the HMAC/CMAC meta interface.
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Each meta interface shall provide the following 4 functions:
nettle_set_key_func *set_key; nettle_set_key_func *set_nonce; nettle_hash_update_func *update; nettle_hash_digest_func *digest;
where set_nonce is only used by UMAC, and expects that the nonce has always the same length as AES_BLOCK_SIZE. For CMAC and HMAC, a no-op set_nonce function is defined.
Will it be usefull to support length + data as arguments of set_nonce function? Especially if we try to add AES-GMAC a first level citizen.
Maybe I'm missing the context, but wouldn't AES-GMAC better fit in `struct nettle_aead` as it is a special case of AES-GCM?
The struct also has set_nonce function defined as nettle_set_key_func *.
Also it might look good to define (internal) mac_set_nonce_null() function and use it from the HMAC/CMAC meta interface.
Indeed, it makes sense. I will update the series with it after making hmac_*_set_key_expanded internal as suggested.
Thank you for the comments!
Regards,
Hello,
сб, 20 июл. 2019 г. в 12:00, Daiki Ueno ueno@gnu.org:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
Each meta interface shall provide the following 4 functions:
nettle_set_key_func *set_key; nettle_set_key_func *set_nonce; nettle_hash_update_func *update; nettle_hash_digest_func *digest;
where set_nonce is only used by UMAC, and expects that the nonce has always the same length as AES_BLOCK_SIZE. For CMAC and HMAC, a no-op set_nonce function is defined.
Will it be usefull to support length + data as arguments of set_nonce function? Especially if we try to add AES-GMAC a first level citizen.
Maybe I'm missing the context, but wouldn't AES-GMAC better fit in `struct nettle_aead` as it is a special case of AES-GCM?
It is, but it is defined as a MAC algorithm.
The struct also has set_nonce function defined as nettle_set_key_func *.
Hmm, I've missed that point. Then I have no objections.
Also it might look good to define (internal) mac_set_nonce_null() function and use it from the HMAC/CMAC meta interface.
Indeed, it makes sense. I will update the series with it after making hmac_*_set_key_expanded internal as suggested.
Thank you for the comments!
Thank you!
nettle-bugs@lists.lysator.liu.se
-
Daiki Ueno -
Dmitry Eremin-Solenikov