On Wed, Nov 26, 2014 at 1:32 PM, Niels Möller <[email protected]> wrote: > Nikos Mavrogiannopoulos <[email protected]> writes: >> I've done something similar at: >> https://gitorious.org/gnutls/gnutls/source/0a1102311e443720fc0eb7a83f7dc1b587e55379:lib/nettle/cipher.c > Looks reasonable. You get a pretty large nettle_cipher_st to support all > variations, I see. Some comments: > _ccm_aes_encrypt looks like it supports ccm with any cipher, right?
Nice catch. Indeed, it is not restricted to AES. > If the aead_*crypt_func functions are intended as the primary interface > for aead, I guess you'd want to either retire the auth and tag functions > (and you may want additonal helper functions in nettle to make that > easy?). Or implement the aead_*crypt functions in terms of the auth and > tag functions for everything but ccm. My plan is to provide a minimal AEAD API such as: https://gitorious.org/gnutls/gnutls/source/0a1102311e443720fc0eb7a83f7dc1b587e55379:lib/includes/gnutls/crypto.h#L67 The old auth and tag will be kept for backwards compatibility in AES-GCM, but will not be offered by all AEAD ciphers. > For the _gcm functions, do you see any obstacles to implementing generic > _gcm functions (like you do with cbc), which passes the encrypt_block > function to nettle's general gcm functions? Note that GCM_CTX > intentionally puts the cipher-specific context last, so the offset > should always be the same. Do you mean something like: struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; char xx[1]; }; #define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key) #define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm) #define GCM_CTX_GET_CIPHER(ptr) ((void*)&((struct gcm_cast_st*)ptr)->xx) It looks indeed simpler. Not sure how valid is the GCM_CTX_GET_CIPHER cast though. It would be nice if nettle's gcm.h provided such macros. > Your auth_func, tag_func, set_key_func and setiv_func seem to duplicate > nettle_hash_update, nettle_set_key_func and nettle_hash_digest_func. Thanks, I should use them. regards, Nikos _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
