While looking at extended tests of the aead update function (for the
associated data), I stumbled on a restriction of gcm_update that is
different from most (all?) other update functions in Nettle. According
to the docs,
-- Function: void gcm_update (struct gcm_ctx *CTX, const struct gcm_key
*KEY, size_t LENGTH, const uint8_t *DATA)
Provides associated data to be authenticated. If used, must be
called before ‘gcm_encrypt’ or ‘gcm_decrypt’. All but the last
call for each message _must_ use a length that is a multiple of the
block size.
Would it be worthwhile to drop the restriction of the last sentence, and
allow all calls to gcm_update to use any size? This requirement may be
particularly surprising when using nettle_aead; then gcm has different
requirements for the update function than all other aead algorithms.
I think that might be doable without any ABI break, by the following
hack: reuse the ctr field of struct gcm_context as a block buffer, while
processing the associated data. The ctr field is clearly needed also for
encrypt/decrypt, but we could move initialization for that purpose from
gcm_set_iv to the first call to encrypt/decrypt.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
