dbarysh...@gmail.com writes:
> From: Dmitry Baryshkov
>
> Move cmac-des3 meta information from testsuite/cmac-test.c to main
> Nettle library.
>
> Signed-off-by: Dmitry Baryshkov
Thanks, applied.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid
From: Dmitry Baryshkov
Move cmac-des3 meta information from testsuite/cmac-test.c to main
Nettle library.
Signed-off-by: Dmitry Baryshkov
---
Makefile.in | 2 +-
cmac-des3-meta.c | 52 +++
nettle-meta-macs.c| 1 +
nettle
From: Dmitry Eremin-Solenikov
Signed-off-by: Dmitry Eremin-Solenikov
---
Makefile.in | 2 +-
cmac-des3-meta.c | 43 +++
nettle-meta-macs.c| 1 +
nettle-meta.h | 13
testsuite/cmac-test.c | 12
From: Daiki Ueno
Signed-off-by: Daiki Ueno
---
Makefile.in | 1 +
cmac-aes128-meta.c| 43 +++
cmac-aes256-meta.c| 43 +++
nettle-meta.h | 15 +++
testsuite/cmac-test.c | 24
ni...@lysator.liu.se (Niels Möller) writes:
> I've now merged this and the cmac_des3 patch onto a branch "cmac64".
And now pushed to master, together with the documentation update.
Thanks,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to
From: Daiki Ueno
Signed-off-by: Daiki Ueno
---
Makefile.in | 1 +
cmac-aes128-meta.c| 48 +++
cmac-aes256-meta.c| 48 +++
nettle-meta.h | 15 ++
testsuite/cmac-test.c | 24
Hello,
чт, 11 июл. 2019 г. в 00:05, Niels Möller :
>
> Dmitry Eremin-Solenikov writes:
>
> > --- /dev/null
> > +++ b/cmac64.c
> > @@ -0,0 +1,177 @@
> > +/*
> > + AES-CMAC-128 (rfc 4493) / CMAC-64
>
> I've now merged this and the cmac_des3 patch
Dmitry Eremin-Solenikov writes:
> --- /dev/null
> +++ b/cmac64.c
> @@ -0,0 +1,177 @@
> +/*
> + AES-CMAC-128 (rfc 4493) / CMAC-64
I've now merged this and the cmac_des3 patch onto a branch "cmac64".
What's an authoritative reference for cmac64 and cmac using des?
R
\
gcm-camellia256.c gcm-camellia256-meta.c \
-cmac.c cmac-aes128.c cmac-aes256.c \
+cmac.c cmac64.c cmac-aes128.c cmac-aes256.c \
gosthash94.c gosthash94-meta.c \
hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c
Hello,
вт, 9 июл. 2019 г. в 00:56, Niels Möller :
>
> Dmitry Eremin-Solenikov writes:
>
> Patch looks nice, thanks! Is any of the implementation shared with
> cmac128? I think it would be nice to move it to a separate source file
> cmac64.c. Sharing the cmac.h header file is fine.
It shares
letion(-)
>
> diff --git a/cmac.c b/cmac.c
> index 70ce8132d9d1..36ad8e58e45e 100644
> --- a/cmac.c
> +++ b/cmac.c
> @@ -1,9 +1,10 @@
> /*
> - AES-CMAC-128 (rfc 4493)
> + AES-CMAC-128 (rfc 4493) / CMAC-64
> Copyright (C) Stefan Metzmacher 2012
> C
On Wed, Jul 03, 2019 at 06:26:07AM +0200, Nikos Mavrogiannopoulos wrote:
> Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC
> for NTS/NTP implementation to verify that the final code is sufficient
> for this implementation.
I've updated my code to use the Nettle's
Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC
for NTS/NTP implementation to verify that the final code is sufficient
for this implementation.
regards,
Nikos
On Tue, Jul 2, 2019 at 4:25 PM Niels Möller wrote:
>
> Nikos Mavrogiannopoulos writes:
>
> > I pr
ng w" seems unneeded (in nettle_block16, it could
> also be retired; it's from a time when Nettle didn't use uint64_t).
Ok, I'll drop both usecases.
> Maybe one could do without this union and simply use uint64_t, but then
> one would need some casts to (uint8_t *). So a union may
Dmitry Eremin-Solenikov writes:
> +union nettle_block8
> +{
> + uint8_t b[8];
> + unsigned long w[8 / sizeof(unsigned long)];
> + uint64_t u64;
> +};
The "unsigned long w" seems unneeded (in nettle_block16, it could
also be retired; it's from a time when Nettle didn't use uint64_t).
Maybe
Dmitry Eremin-Solenikov writes:
> Signed-off-by: Dmitry Eremin-Solenikov
> ---
> testsuite/cmac-test.c | 100 +++---
> testsuite/testutils.c | 64 +++
> testsuite/testutils.h | 6 +++
> 3 files changed, 96
On Thu, Jun 6, 2019 at 9:44 AM Niels Möller wrote:
>
> ni...@lysator.liu.se (Niels Möller) writes:
>
> > I think the siv code could benefit from a funtion to create a cmac
> > digest in one step, without the update/digest split and the intermediate
> > buffer. T
Nikos Mavrogiannopoulos writes:
> I prefer the second option because I think the zero nonce variant
> requires a disproportionate, to its usefullness and use, discussion to
> define the "right" semantics.
Merged siv-mode to the master branch now. Does it look right to you?
Regards,
/Niels
--
..e93e26947b19 100644
--- a/cmac.c
+++ b/cmac.c
@@ -1,9 +1,10 @@
/*
- AES-CMAC-128 (rfc 4493)
+ AES-CMAC-128 (rfc 4493) / CMAC-64
Copyright (C) Stefan Metzmacher 2012
Copyright (C) Jeremy Allison 2012
Copyright (C) Michael Adam 2012
Copyright (C) 2017, Red Hat Inc.
+ Copyright (C
Implement CMAC using TrippleDES as underlying cipher.
Signed-off-by: Dmitry Eremin-Solenikov
---
Makefile.in | 2 +-
cmac-des3.c | 61 +++
cmac.h| 17
testsuite/cmac-test.c | 32 +++
4
+3718,21 @@ as described above, the new value is used unless you
call the
@node CMAC,, UMAC, Keyed hash functions
@subsection @acronym{CMAC}
@cindex CMAC
+@cindex CMAC-128
+@cindex CMAC-64
@acronym{CMAC} is a message authentication code based on CBC encryption
mode. It is suitable for systems
Signed-off-by: Dmitry Eremin-Solenikov
---
testsuite/cmac-test.c | 100 +++---
testsuite/testutils.c | 64 +++
testsuite/testutils.h | 6 +++
3 files changed, 96 insertions(+), 74 deletions(-)
diff --git a/testsuite/cmac-test.c b
+3718,21 @@ as described above, the new value is used unless you
call the
@node CMAC,, UMAC, Keyed hash functions
@subsection @acronym{CMAC}
@cindex CMAC
+@cindex CMAC-128
+@cindex CMAC-64
@acronym{CMAC} is a message authentication code based on CBC encryption
mode. It is suitable for systems
ni...@lysator.liu.se (Niels Möller) writes:
> I think the siv code could benefit from a funtion to create a cmac
> digest in one step, without the update/digest split and the intermediate
> buffer. That would be something like
>
> cmac128_message(const struct cmac128_key *key, con
Nikos Mavrogiannopoulos writes:
>> Then the key need to be taken out from the cmac128_ctx. I'm trying that
>> out, on the branch cmac-layout. Patch below. What do you think?
>
> Do you see significant performance benefits?
Main benefit is that it makes it possible to make th
On Sat, Jun 1, 2019 at 10:42 AM Niels Möller wrote:
>
> I think the siv code could benefit from a funtion to create a cmac
> digest in one step, without the update/digest split and the intermediate
> buffer. That would be something like
>
> cmac128_message(const struct cmac1
I think the siv code could benefit from a funtion to create a cmac
digest in one step, without the update/digest split and the intermediate
buffer. That would be something like
cmac128_message(const struct cmac128_key *key, const void *cipher,
nettle_crypt_func *encrypt
ing a private copy (e.g. in
GnuTLS). And while
3DES is obviously close to full deprecation, 3DES-CFB8 is a good way to define
and test CFB8 support in Nettle library.
>
> чт, 1 нояб. 2018 г. в 13:28, Dmitry Eremin-Solenikov :
> >
> > Signed-off-by: Dmitry Eremin-Solenikov
> &
Nikos Mavrogiannopoulos writes:
> Thanks. If you added the zero-nonce method, maybe it would be better
> to add test vectors for it as well. I'm copying from my last patch
> with it:
I was about to add the miscreant.js examples (and with nettle's output,
which is different), to illustrate
Hello,
Any chances to get these 3 patches in?
чт, 1 нояб. 2018 г. в 13:28, Dmitry Eremin-Solenikov :
>
> Signed-off-by: Dmitry Eremin-Solenikov
> ---
> testsuite/cmac-test.c | 100 +++---
> testsuite/testutils.c | 64 +
f"
+ "deaddada deaddada ffeeddcc bbaa9988"
+ "77665544 33221100"),
+ SHEX("74686973 20697320 736f6d65 20706c61"
+ "696e7465 78742074 6f20656e 63727970"
+ "74207573 696e6720 534956
Nikos Mavrogiannopoulos writes:
> https://gitlab.com/nmav/nettle/merge_requests/4/
I've integrated this onto a branch siv-mode, with some changes (renamed
functions to all have the siv_cmac prefix, document that empty nonce may
have interop issues and should be considered experimental (but
Simo informed me that I didn't update the CMAC file with the new
initializer. Instead of spamming the list with numerous patches, my
latest version is at:
https://gitlab.com/nmav/nettle/merge_requests/4/
Can be downloaded as patches at:
https://gitlab.com/nmav/nettle/merge_requests/4.patch
time,
Let's see if that is needed. For key wrapping I know no practical
applications. I'd treat it as a separate algorithm, and we can add it
later if needed.
> > Done. It needed some reorganization, and cmac128_syn is still
> > needed in
> > an ugly simulation of the CMAC structure
, since this mode uses S1 = associated data, S2 =
plaintext.
If we need to support several modes, maybe we should have a context
struct that lets us do S2V incrementally, one element at a time,
siv_add_adata(struct siv_ctx *ctx, size_t length, const uint8_t *data);
called zero or more times, foll
On Wed, 2019-04-17 at 20:27 +0200, Nikos Mavrogiannopoulos wrote:
> + static const union nettle_block16 const_zero = { .b = {
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
You could save some space/eyes by using .b = 0
iannopoulos
Date: Sat, 20 Jan 2018 10:36:05 +0100
Subject: [PATCH 3/3] Added support for AES_SIV_CMAC_256 and AES_SIV_CMAC_512
This AEAD algorithm provides a way to make nonce-reuse a not critical
issue. That is particular useful to stateless servers that cannot ensure
that the nonce will not
>> then the function would be
> >>
> >> void
> >> siv_cmac_set_key(void *cmac_cipher, void *ctr_cipher,
> The idea of the set_key function is to do all preparations that don't
> depend on the actual message, so they don't have to be repeated. And
> I
&
Nikos Mavrogiannopoulos writes:
> On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote:
>> > +typedef int
>> > +nettle_decrypt_message(void *ctx,
>> > + size_t nlength, const uint8_t *nonce,
>> > + size_t alength, const uint8_t *adata,
>> > +
On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote:
> Nikos Mavrogiannopoulos writes:
>
> > This patch adds the SIV-CMAC algorithm to nettle (an update of the
> > previous attempt). It is an atypical cipher which fits into the
> > encrypt_message interface.
>
&g
Nikos Mavrogiannopoulos writes:
> This patch adds the SIV-CMAC algorithm to nettle (an update of the
> previous attempt). It is an atypical cipher which fits into the
> encrypt_message interface.
Thanks. Some comments below:
> --- a/nettle-types.h
> +++ b/nettle-types.h
&g
This patch adds the SIV-CMAC algorithm to nettle (an update of the
previous attempt). It is an atypical cipher which fits into the
encrypt_message interface.
regards,
Nikos
From f83c8ae6fcb40f2e7dd65309050a11d7f1ee991c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos
Date: Sat, 20 Jan
Signed-off-by: Dmitry Eremin-Solenikov
---
testsuite/cmac-test.c | 100 +++---
testsuite/testutils.c | 64 +++
testsuite/testutils.h | 6 +++
3 files changed, 96 insertions(+), 74 deletions(-)
diff --git a/testsuite/cmac-test.c b
Implement CMAC using TrippleDES as underlying cipher.
Signed-off-by: Dmitry Eremin-Solenikov
---
Makefile.in | 2 +-
cmac-des3.c | 61 +++
cmac.h| 17
testsuite/cmac-test.c | 32 +++
4
Signed-off-by: Dmitry Eremin-Solenikov
---
cmac.c | 115 +
cmac.h | 58 +
nettle-types.h | 7 +++
3 files changed, 180 insertions(+)
diff --git a/cmac.c b/cmac.c
index d08bd8325b16..8a70f595b14b 100644
Implement CMAC using TrippleDES as underlying cipher.
Signed-off-by: Dmitry Eremin-Solenikov
---
Makefile.in | 2 +-
cmac-des3.c | 61 +++
cmac.h| 17
testsuite/cmac-test.c | 32 +++
4
Signed-off-by: Dmitry Eremin-Solenikov
---
cmac.c | 115 +
cmac.h | 58 +
nettle-types.h | 7 +++
3 files changed, 180 insertions(+)
diff --git a/cmac.c b/cmac.c
index d08bd8325b16..8a70f595b14b 100644
To further improve GOST ciphers support in GnuTLS I need 64-bit CMAC
variant (since one of GOST ciphers is 64-bit one). Implement CMAC-64 and
CMAC-DES3 as a way to prove CMAC-64 correctness.
--
With best wishes
Dmitry
___
nettle-bugs mailing list
Signed-off-by: Dmitry Eremin-Solenikov
---
testsuite/cmac-test.c | 100 +++---
testsuite/testutils.c | 64 +++
testsuite/testutils.h | 6 +++
3 files changed, 96 insertions(+), 74 deletions(-)
diff --git a/testsuite/cmac-test.c b
On Fri, Feb 16, 2018 at 10:17:31AM +0100, Nikos Mavrogiannopoulos wrote:
> Thus, I'm sending an RFC for a high level SIV-CMAC interface with an
> abstraction function set, which abstract on the cipher. The cipher is
> then used for both CTR encryption and CMAC.
> (Initially I tried
ni...@lysator.liu.se (Niels Möller) writes:
> Pushed to a branch "cmac-support"
Merged to master now, with the additional fix for deallocating memory in
the test.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject
Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> While using that code, I realized that the CMAC128_UPDATE was misusing
> the 'data' field. In the attached patch I've renamed it to 'src' to
> avoid ambiguities.
Pushed to a branch "cmac-support", together with Ch
think of having only a high level one.
I've gave up on my attempts for a low-level mode as they were resulting
to a very complex to use interface when following nettle conventions,
or a very unique interface when trying to capture SIV-CMAC intentions.
Thus, I'm sending an RFC for a high level SIV-
On Thu, 2018-02-15 at 09:45 +0100, Nikos Mavrogiannopoulos wrote:
> On Thu, 2018-02-15 at 07:53 +0100, Niels Möller wrote:
> > Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> >
> > > +@acronym{CMAC} is a message authentication code based on CBC
> > >
On Thu, 2018-02-15 at 07:53 +0100, Niels Möller wrote:
> Nikos Mavrogiannopoulos <n...@redhat.com> writes:
>
> > +@acronym{CMAC} is a message authentication code based on CBC
> > encryption
> > +mode. It is suitable for systems where block ciphers are
> > pref
Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> +@acronym{CMAC} is a message authentication code based on CBC encryption
> +mode. It is suitable for systems where block ciphers are preferrable
> +and perform better than hash functions. @acronym{CMAC} is specified in
&
Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> On Wed, 2018-01-17 at 10:59 +0100, Nikos Mavrogiannopoulos wrote:
>
> Following up on my patchset, this (hopefully final) version introduces
> CMAC with AES-256 as well. It also removes the CMAC128_KEY_SIZE
> definition
lowing up on my patchset, this (hopefully final) version introduces
CMAC with AES-256 as well. It also removes the CMAC128_KEY_SIZE
definition as the key size only depends on the block algorithm used.
regards,
Nikos
From cc60df9f2e083633fe1d258f3d0ddc17da251508 Mon Sep 17 00:00:00 2001
From: Nikos Ma
ht it but I never run it there. I've now sent a build with the 0001
patch at:
https://gitlab.com/nmav/nettle/pipelines/16256301
regards,
Nikos
From 396f2ba4f3f238073e88364c7a6635d17505687e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <n...@redhat.com>
Date: Wed, 10 Jan 20
Nikos Mavrogiannopoulos writes:
> On Mon, Jan 15, 2018 at 9:37 PM Niels Möller wrote:
>
>> > + unsigned overflow = b2 & 0x8000;
>> > +
>> > + b1 <<= 1;
>> > + b2 <<= 1;
>> > +
>> > + if (overflow)
>> > +
On Mon, Jan 15, 2018 at 9:37 PM Niels Möller <ni...@lysator.liu.se> wrote:
> Nikos Mavrogiannopoulos <n...@redhat.com> writes:
>
> > Re-sending as it seems I forgot to remove cmac-internal from makefile.
>
> I've had a first reading, and a few comments.
>
Thank y
Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> Re-sending as it seems I forgot to remove cmac-internal from makefile.
I've had a first reading, and a few comments.
> diff --git a/cmac.c b/cmac.c
> new file mode 100644
> index ..b4886808
> --- /dev/null
>
On Fri, 2018-01-12 at 11:51 +0100, Nikos Mavrogiannopoulos wrote:
> On Wed, 2018-01-10 at 11:24 +0100, Niels Möller wrote:
> > Nikos Mavrogiannopoulos <n...@redhat.com> writes:
> >
> > > The attached patch brings support for AES-128-CMAC. The code is
>
Hi,
The attached patch brings support for AES-128-CMAC. The code is based
on the samba code. The rshift and lshift functions come from the AES
implementation bundled with samba.
regards,
Nikos
From e68adc5e81ff8814707cddba47118f99778deabc Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos &l
64 matches
Mail list logo