I think the siv code could benefit from a funtion to create a cmac
digest in one step, without the update/digest split and the intermediate
buffer. That would be something like
cmac128_message(const struct cmac128_key *key, const void *cipher,
nettle_crypt_func *encrypt,
size_t digest_length, uint8_t *digest,
size_t message_length, const uint8_t *message);
Then the key need to be taken out from the cmac128_ctx. I'm trying that
out, on the branch cmac-layout. Patch below. What do you think?
Regards,
/Niels
commit 9b41e3b82b567abb68c1b7fc3b1e6b1a4ed87b26
Author: Niels Möller <[email protected]>
Date: 2019-06-01 10:30:29 +0200
New struct cmac128_key.
diff --git a/ChangeLog b/ChangeLog
index 53cdc41d..a7a4355f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-06-01 Niels Möller <[email protected]>
+
+ * cmac.h (struct cmac128_key): New struct.
+ * cmac.h (struct cmac128_ctx): Use struct cmac128_key.
+ * cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
+
2019-05-12 Niels Möller <[email protected]>
Delete old libdes/openssl compatibility interface.
diff --git a/cmac.c b/cmac.c
index ed3b5eb8..07d805f3 100644
--- a/cmac.c
+++ b/cmac.c
@@ -83,8 +83,8 @@ cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher,
/* step 1 - generate subkeys k1 and k2 */
encrypt(cipher, 16, L->b, const_zero);
- block_mulx(&ctx->K1, L);
- block_mulx(&ctx->K2, &ctx->K1);
+ block_mulx(&ctx->key.K1, L);
+ block_mulx(&ctx->key.K2, &ctx->key.K1);
}
#define MIN(x,y) ((x)<(y)?(x):(y))
@@ -148,11 +148,11 @@ cmac128_digest(struct cmac128_ctx *ctx, const void
*cipher,
if (ctx->index < 16)
{
ctx->block.b[ctx->index] = 0x80;
- memxor(ctx->block.b, ctx->K2.b, 16);
+ memxor(ctx->block.b, ctx->key.K2.b, 16);
}
else
{
- memxor(ctx->block.b, ctx->K1.b, 16);
+ memxor(ctx->block.b, ctx->key.K1.b, 16);
}
memxor3(Y.b, ctx->block.b, ctx->X.b, 16);
diff --git a/cmac.h b/cmac.h
index 6d107982..9d972ea5 100644
--- a/cmac.h
+++ b/cmac.h
@@ -55,18 +55,22 @@ extern "C" {
#define cmac_aes256_update nettle_cmac_aes256_update
#define cmac_aes256_digest nettle_cmac_aes256_digest
-struct cmac128_ctx
+struct cmac128_key
{
- /* Key */
union nettle_block16 K1;
union nettle_block16 K2;
+};
+
+struct cmac128_ctx
+{
+ struct cmac128_key key;
/* MAC state */
union nettle_block16 X;
/* Block buffer */
- union nettle_block16 block;
size_t index;
+ union nettle_block16 block;
};
void
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
