Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:

I am trying to figure out how to wrap around CCM and GCM, and it seems like a hard task. They are totally incompatible.

Right, ccm is a bit alien, in that it doesn't support any incremental operation.

Would it make sense instead of have an equivalent of ccm_decrypt_message() in gcm as well, and make that the AEAD API?

To get _message functions, I'd like to define some functions (or even macros?) like

void aead_encrypt_message(const struct nettle_aead *aead, void *ctx, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t clength, uint8_t *dst, const uint8_t *src);

int aead_decrypt_message(const struct nettle_aead *aead, void *ctx, const uint8_t *nonce, size_t alength, const uint8_t *adata, size_t tlength, size_t mlength, uint8_t *dst, const uint8_t *src);

And then one could write trivial wrappers like gcm_aes128_encrypt_message just passing in the right aead object.

That should be almost compatible with the ccm_*_message functions, except that ccm allows arbitrary nonce-size, and the nettle_aead interface uses a fixed nonce size. Which is an undesirable mismatch, not sure how to best deal with that.

Do you think that's a reasonable approach?

Regards, /Niels