Re: SIV-CMAC

Nikos Mavrogiannopoulos Wed, 08 May 2019 05:07:06 -0700

Thanks. If you added the zero-nonce method, maybe it would be better
to add test vectors for it as well. I'm copying from my last patch
with it:


+  /*
+   * Example with no nonce, no AD and no plaintext; taken from
+   * https://github.com/miscreant/miscreant/blob/master/vectors/aes_siv.tjson
+   * however we don't interoperate.
+   */
+  test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_aes128_cmac_ctx),
+          &nettle_aes128,
+          SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0"
+               "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"),
+          SHEX(""),
+          SHEX(""),
+          SHEX(""),
+          SHEX("949f99cb cc3eb5da6 d3c45d0 f59aa9c7"));
+
+  /*
+   * Example with no nonce, no AD and plaintext; taken from
+   * https://github.com/miscreant/miscreant/blob/master/vectors/aes_siv.tjson
+   */
+  test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_aes128_cmac_ctx),
+          &nettle_aes128,
+          SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0"
+               "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"),
+          SHEX(""),
+          SHEX(""),
+          SHEX("00112233 44556677 8899aabb ccddeeff"),
+          SHEX("f304f912 863e303d 5b540e50 57c7010c"
+               "942ffaf4 5b0e5ca5 fb9a56a5 263bb065"));
+  /*
+   * Example without nonce length < 16 (RFC5297)
+   */
+  test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_aes128_cmac_ctx),
+          &nettle_aes128,
+          SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0"
+               "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"),
+          SHEX(""),
+          SHEX("10111213 14151617 18191a1b 1c1d1e1f"
+               "20212223 24252627"),
+          SHEX("11223344 55667788 99aabbcc ddee"),
+          SHEX("85632d07 c6e8f37f 950acd32 0a2ecc93"
+               "40c02b96 90c4dc04 daef7f6a fe5c"));
+
+  /*
+   * Example without nonce length > 16
+   */
+  test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_aes128_cmac_ctx),
+          &nettle_aes128,
+          SHEX("7f7e7d7c 7b7a7978 77767574 73727170"
+               "40414243 44454647 48494a4b 4c4d4e4f"),
+          SHEX(""),
+          SHEX("00112233 44556677 8899aabb ccddeeff"
+               "deaddada deaddada ffeeddcc bbaa9988"
+               "77665544 33221100"),
+          SHEX("74686973 20697320 736f6d65 20706c61"
+               "696e7465 78742074 6f20656e 63727970"
+               "74207573 696e6720 5349562d 414553"),
+          SHEX("c12ccaa7 54e1b3fa 4f416c18 415625ca"
+               "472fbee de5bc03f 34934819 a9abb20b5"
+               "8cd019c 470ac832 f6eb9ddf 0656c5dce"
+               "ffe611a 5a5ca3e1 c3c12da5 6e4bb87"));
+  /* AES-SIV-CMAC-512 (AES-256)
+   */
+  test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_aes256_cmac_ctx),
+          &nettle_aes256,
+          SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d"
+               "2d568e91 a38e5414 8abdc0b6 e86caf87"
+               "695c0a8a df4c5f8e b2c6c8b1 36529864"
+               "f3b84b3a e8e3676c e760c461 f3a13e83"),
+          SHEX(""),
+          SHEX("10111213 14151617 18191a1b 1c1d1e1f"
+               "20212223 24252627"),
+          SHEX("11223344 55667788 99aabbcc ddee"),
+          SHEX("ae2b1bd1 ba7fcd6a 4f9f7eb2 4b40f766"
+               "86053ffd c384cb19 76031f46 3013"));
+
+  /*
+   * Example without nonce length > 16
+   */
+  test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_aes256_cmac_ctx),
+          &nettle_aes256,
+          SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d"
+               "2d568e91 a38e5414 8abdc0b6 e86caf87"
+               "695c0a8a df4c5f8e b2c6c8b1 36529864"
+               "f3b84b3a e8e3676c e760c461 f3a13e83"),
+          SHEX(""),
+          SHEX("00112233 44556677 8899aabb ccddeeff"
+               "deaddada deaddada ffeeddcc bbaa9988"
+               "77665544 33221100"),
+          SHEX("74686973 20697320 736f6d65 20706c61"
+               "696e7465 78742074 6f20656e 63727970"
+               "74207573 696e6720 5349562d 414553"),
+          SHEX("79476aaa 388374fe 97d0db51 596cb5ee"
+               "a933e001 412026c7 956c82dd b753b1af"
+               "3d7d49ac 474a800a c14b4bab a4542067"
+               "83647ef9 51315dab b7a2c05b 288ba8"));

On Mon, May 6, 2019 at 7:45 PM Niels Möller <[email protected]> wrote:
>
> Nikos Mavrogiannopoulos <[email protected]> writes:
>
> > https://gitlab.com/nmav/nettle/merge_requests/4/
>
> I've integrated this onto a branch siv-mode, with some changes (renamed
> functions to all have the siv_cmac prefix, document that empty nonce may
> have interop issues and should be considered experimental (but still
> allow it), and dropped some macros and unrelated changes (which would
> belong on a different branch). Please have a look, and say if I've
> messed up something.
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
> Internet email is subject to wholesale government surveillance.
> _______________________________________________
> nettle-bugs mailing list
> [email protected]
> http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Re: SIV-CMAC

Reply via email to