Re: [PATCH] cmac-des3: add meta declaration to Nettle library

dbarysh...@gmail.com writes: > From: Dmitry Baryshkov > > Move cmac-des3 meta information from testsuite/cmac-test.c to main > Nettle library. > > Signed-off-by: Dmitry Baryshkov Thanks, applied. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid

[PATCH] cmac-des3: add meta declaration to Nettle library

From: Dmitry Baryshkov Move cmac-des3 meta information from testsuite/cmac-test.c to main Nettle library. Signed-off-by: Dmitry Baryshkov --- Makefile.in | 2 +- cmac-des3-meta.c | 52 +++ nettle-meta-macs.c| 1 + nettle

[PATCH] nettle-meta: add meta interface for CMAC-DES3 functions

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- cmac-des3-meta.c | 43 +++ nettle-meta-macs.c| 1 + nettle-meta.h | 13 testsuite/cmac-test.c | 12

[PATCH v2 2/6] nettle-meta: Add meta interface for CMAC functions

From: Daiki Ueno Signed-off-by: Daiki Ueno --- Makefile.in | 1 + cmac-aes128-meta.c| 43 +++ cmac-aes256-meta.c| 43 +++ nettle-meta.h | 15 +++ testsuite/cmac-test.c | 24

Re: [PATCH] cmac: add 64-bit mode CMAC

ni...@lysator.liu.se (Niels Möller) writes: > I've now merged this and the cmac_des3 patch onto a branch "cmac64". And now pushed to master, together with the documentation update. Thanks, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to

[PATCH 3/7] nettle-meta: Add meta interface for CMAC functions

From: Daiki Ueno Signed-off-by: Daiki Ueno --- Makefile.in | 1 + cmac-aes128-meta.c| 48 +++ cmac-aes256-meta.c| 48 +++ nettle-meta.h | 15 ++ testsuite/cmac-test.c | 24

Re: [PATCH] cmac: add 64-bit mode CMAC

Hello, чт, 11 июл. 2019 г. в 00:05, Niels Möller : > > Dmitry Eremin-Solenikov writes: > > > --- /dev/null > > +++ b/cmac64.c > > @@ -0,0 +1,177 @@ > > +/* > > + AES-CMAC-128 (rfc 4493) / CMAC-64 > > I've now merged this and the cmac_des3 patch

Re: [PATCH] cmac: add 64-bit mode CMAC

Dmitry Eremin-Solenikov writes: > --- /dev/null > +++ b/cmac64.c > @@ -0,0 +1,177 @@ > +/* > + AES-CMAC-128 (rfc 4493) / CMAC-64 I've now merged this and the cmac_des3 patch onto a branch "cmac64". What's an authoritative reference for cmac64 and cmac using des? R

[PATCH] cmac: add 64-bit mode CMAC

\ gcm-camellia256.c gcm-camellia256-meta.c \ -cmac.c cmac-aes128.c cmac-aes256.c \ +cmac.c cmac64.c cmac-aes128.c cmac-aes256.c \ gosthash94.c gosthash94-meta.c \ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c

Re: [PATCH] cmac: add 64-bit mode CMAC

Hello, вт, 9 июл. 2019 г. в 00:56, Niels Möller : > > Dmitry Eremin-Solenikov writes: > > Patch looks nice, thanks! Is any of the implementation shared with > cmac128? I think it would be nice to move it to a separate source file > cmac64.c. Sharing the cmac.h header file is fine. It shares

Re: [PATCH] cmac: add 64-bit mode CMAC

letion(-) > > diff --git a/cmac.c b/cmac.c > index 70ce8132d9d1..36ad8e58e45e 100644 > --- a/cmac.c > +++ b/cmac.c > @@ -1,9 +1,10 @@ > /* > - AES-CMAC-128 (rfc 4493) > + AES-CMAC-128 (rfc 4493) / CMAC-64 > Copyright (C) Stefan Metzmacher 2012 > C

Re: SIV-CMAC

On Wed, Jul 03, 2019 at 06:26:07AM +0200, Nikos Mavrogiannopoulos wrote: > Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC > for NTS/NTP implementation to verify that the final code is sufficient > for this implementation. I've updated my code to use the Nettle's

Re: SIV-CMAC

Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC for NTS/NTP implementation to verify that the final code is sufficient for this implementation. regards, Nikos On Tue, Jul 2, 2019 at 4:25 PM Niels Möller wrote: > > Nikos Mavrogiannopoulos writes: > > > I pr

Re: [PATCH 2/4] cmac: add 64-bit mode CMAC

ng w" seems unneeded (in nettle_block16, it could > also be retired; it's from a time when Nettle didn't use uint64_t). Ok, I'll drop both usecases. > Maybe one could do without this union and simply use uint64_t, but then > one would need some casts to (uint8_t *). So a union may

Re: [PATCH 2/4] cmac: add 64-bit mode CMAC

Dmitry Eremin-Solenikov writes: > +union nettle_block8 > +{ > + uint8_t b[8]; > + unsigned long w[8 / sizeof(unsigned long)]; > + uint64_t u64; > +}; The "unsigned long w" seems unneeded (in nettle_block16, it could also be retired; it's from a time when Nettle didn't use uint64_t). Maybe

Re: [PATCH 1/4] Move MAC testing code to generic place from cmac-test

Dmitry Eremin-Solenikov writes: > Signed-off-by: Dmitry Eremin-Solenikov > --- > testsuite/cmac-test.c | 100 +++--- > testsuite/testutils.c | 64 +++ > testsuite/testutils.h | 6 +++ > 3 files changed, 96

Re: siv and cmac

On Thu, Jun 6, 2019 at 9:44 AM Niels Möller wrote: > > ni...@lysator.liu.se (Niels Möller) writes: > > > I think the siv code could benefit from a funtion to create a cmac > > digest in one step, without the update/digest split and the intermediate > > buffer. T

Re: SIV-CMAC

Nikos Mavrogiannopoulos writes: > I prefer the second option because I think the zero nonce variant > requires a disproportionate, to its usefullness and use, discussion to > define the "right" semantics. Merged siv-mode to the master branch now. Does it look right to you? Regards, /Niels --

[PATCH 2/4] cmac: add 64-bit mode CMAC

..e93e26947b19 100644 --- a/cmac.c +++ b/cmac.c @@ -1,9 +1,10 @@ /* - AES-CMAC-128 (rfc 4493) + AES-CMAC-128 (rfc 4493) / CMAC-64 Copyright (C) Stefan Metzmacher 2012 Copyright (C) Jeremy Allison 2012 Copyright (C) Michael Adam 2012 Copyright (C) 2017, Red Hat Inc. + Copyright (C

[PATCH 3/4] cmac: add CMAC-DES3 (CMAC-TDES) implementation

Implement CMAC using TrippleDES as underlying cipher. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- cmac-des3.c | 61 +++ cmac.h| 17 testsuite/cmac-test.c | 32 +++ 4

[PATCH 4/4] Expand documentation to cover CMAC-64

+3718,21 @@ as described above, the new value is used unless you call the @node CMAC,, UMAC, Keyed hash functions @subsection @acronym{CMAC} @cindex CMAC +@cindex CMAC-128 +@cindex CMAC-64 @acronym{CMAC} is a message authentication code based on CBC encryption mode. It is suitable for systems

[PATCH 1/4] Move MAC testing code to generic place from cmac-test

Signed-off-by: Dmitry Eremin-Solenikov --- testsuite/cmac-test.c | 100 +++--- testsuite/testutils.c | 64 +++ testsuite/testutils.h | 6 +++ 3 files changed, 96 insertions(+), 74 deletions(-) diff --git a/testsuite/cmac-test.c b

[PATCH v2 4/4] Expand documentation to cover CMAC-64

+3718,21 @@ as described above, the new value is used unless you call the @node CMAC,, UMAC, Keyed hash functions @subsection @acronym{CMAC} @cindex CMAC +@cindex CMAC-128 +@cindex CMAC-64 @acronym{CMAC} is a message authentication code based on CBC encryption mode. It is suitable for systems

Re: siv and cmac

ni...@lysator.liu.se (Niels Möller) writes: > I think the siv code could benefit from a funtion to create a cmac > digest in one step, without the update/digest split and the intermediate > buffer. That would be something like > > cmac128_message(const struct cmac128_key *key, con

Re: siv and cmac

Nikos Mavrogiannopoulos writes: >> Then the key need to be taken out from the cmac128_ctx. I'm trying that >> out, on the branch cmac-layout. Patch below. What do you think? > > Do you see significant performance benefits? Main benefit is that it makes it possible to make th

Re: siv and cmac

On Sat, Jun 1, 2019 at 10:42 AM Niels Möller wrote: > > I think the siv code could benefit from a funtion to create a cmac > digest in one step, without the update/digest split and the intermediate > buffer. That would be something like > > cmac128_message(const struct cmac1

siv and cmac

I think the siv code could benefit from a funtion to create a cmac digest in one step, without the update/digest split and the intermediate buffer. That would be something like cmac128_message(const struct cmac128_key *key, const void *cipher, nettle_crypt_func *encrypt

Re: [PATCH 1/3] Move MAC testing code to generic place from cmac-test

ing a private copy (e.g. in GnuTLS). And while 3DES is obviously close to full deprecation, 3DES-CFB8 is a good way to define and test CFB8 support in Nettle library. > > чт, 1 нояб. 2018 г. в 13:28, Dmitry Eremin-Solenikov : > > > > Signed-off-by: Dmitry Eremin-Solenikov > &

Re: SIV-CMAC

Nikos Mavrogiannopoulos writes: > Thanks. If you added the zero-nonce method, maybe it would be better > to add test vectors for it as well. I'm copying from my last patch > with it: I was about to add the miscreant.js examples (and with nettle's output, which is different), to illustrate

Re: [PATCH 1/3] Move MAC testing code to generic place from cmac-test

Hello, Any chances to get these 3 patches in? чт, 1 нояб. 2018 г. в 13:28, Dmitry Eremin-Solenikov : > > Signed-off-by: Dmitry Eremin-Solenikov > --- > testsuite/cmac-test.c | 100 +++--- > testsuite/testutils.c | 64 +

Re: SIV-CMAC

f" + "deaddada deaddada ffeeddcc bbaa9988" + "77665544 33221100"), + SHEX("74686973 20697320 736f6d65 20706c61" + "696e7465 78742074 6f20656e 63727970" + "74207573 696e6720 534956

Re: SIV-CMAC

Nikos Mavrogiannopoulos writes: > https://gitlab.com/nmav/nettle/merge_requests/4/ I've integrated this onto a branch siv-mode, with some changes (renamed functions to all have the siv_cmac prefix, document that empty nonce may have interop issues and should be considered experimental (but

Re: SIV-CMAC

Simo informed me that I didn't update the CMAC file with the new initializer. Instead of spamming the list with numerous patches, my latest version is at: https://gitlab.com/nmav/nettle/merge_requests/4/ Can be downloaded as patches at: https://gitlab.com/nmav/nettle/merge_requests/4.patch

Re: SIV-CMAC

time, Let's see if that is needed. For key wrapping I know no practical applications. I'd treat it as a separate algorithm, and we can add it later if needed. > > Done. It needed some reorganization, and cmac128_syn is still > > needed in > > an ugly simulation of the CMAC structure

Re: SIV-CMAC

, since this mode uses S1 = associated data, S2 = plaintext. If we need to support several modes, maybe we should have a context struct that lets us do S2V incrementally, one element at a time, siv_add_adata(struct siv_ctx *ctx, size_t length, const uint8_t *data); called zero or more times, foll

Re: SIV-CMAC

On Wed, 2019-04-17 at 20:27 +0200, Nikos Mavrogiannopoulos wrote: > + static const union nettle_block16 const_zero = { .b = { > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } You could save some space/eyes by using .b = 0

Re: SIV-CMAC

iannopoulos Date: Sat, 20 Jan 2018 10:36:05 +0100 Subject: [PATCH 3/3] Added support for AES_SIV_CMAC_256 and AES_SIV_CMAC_512 This AEAD algorithm provides a way to make nonce-reuse a not critical issue. That is particular useful to stateless servers that cannot ensure that the nonce will not

Re: SIV-CMAC

>> then the function would be > >> > >> void > >> siv_cmac_set_key(void *cmac_cipher, void *ctr_cipher, > The idea of the set_key function is to do all preparations that don't > depend on the actual message, so they don't have to be repeated. And > I &

Re: SIV-CMAC

Nikos Mavrogiannopoulos writes: > On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote: >> > +typedef int >> > +nettle_decrypt_message(void *ctx, >> > + size_t nlength, const uint8_t *nonce, >> > + size_t alength, const uint8_t *adata, >> > +

Re: SIV-CMAC

On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote: > Nikos Mavrogiannopoulos writes: > > > This patch adds the SIV-CMAC algorithm to nettle (an update of the > > previous attempt). It is an atypical cipher which fits into the > > encrypt_message interface. > &g

Re: SIV-CMAC

Nikos Mavrogiannopoulos writes: > This patch adds the SIV-CMAC algorithm to nettle (an update of the > previous attempt). It is an atypical cipher which fits into the > encrypt_message interface. Thanks. Some comments below: > --- a/nettle-types.h > +++ b/nettle-types.h &g

SIV-CMAC

This patch adds the SIV-CMAC algorithm to nettle (an update of the previous attempt). It is an atypical cipher which fits into the encrypt_message interface. regards, Nikos From f83c8ae6fcb40f2e7dd65309050a11d7f1ee991c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 20 Jan

[PATCH 1/3] Move MAC testing code to generic place from cmac-test

Signed-off-by: Dmitry Eremin-Solenikov --- testsuite/cmac-test.c | 100 +++--- testsuite/testutils.c | 64 +++ testsuite/testutils.h | 6 +++ 3 files changed, 96 insertions(+), 74 deletions(-) diff --git a/testsuite/cmac-test.c b

[PATCH 3/3] cmac: add CMAC-DES3 (CMAC-TDES) implementation

Implement CMAC using TrippleDES as underlying cipher. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- cmac-des3.c | 61 +++ cmac.h| 17 testsuite/cmac-test.c | 32 +++ 4

[PATCH 2/3] cmac: add 64-bit mode CMAC

Signed-off-by: Dmitry Eremin-Solenikov --- cmac.c | 115 + cmac.h | 58 + nettle-types.h | 7 +++ 3 files changed, 180 insertions(+) diff --git a/cmac.c b/cmac.c index d08bd8325b16..8a70f595b14b 100644

[PATCH 3/3] cmac: add CMAC-DES3 (CMAC-TDES) implementation

Implement CMAC using TrippleDES as underlying cipher. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- cmac-des3.c | 61 +++ cmac.h| 17 testsuite/cmac-test.c | 32 +++ 4

[PATCH 2/3] cmac: add 64-bit mode CMAC

Signed-off-by: Dmitry Eremin-Solenikov --- cmac.c | 115 + cmac.h | 58 + nettle-types.h | 7 +++ 3 files changed, 180 insertions(+) diff --git a/cmac.c b/cmac.c index d08bd8325b16..8a70f595b14b 100644

[PATCH 0/3] Add CMAC-64 and CMAC-DES3 support

To further improve GOST ciphers support in GnuTLS I need 64-bit CMAC variant (since one of GOST ciphers is 64-bit one). Implement CMAC-64 and CMAC-DES3 as a way to prove CMAC-64 correctness. -- With best wishes Dmitry ___ nettle-bugs mailing list

[PATCH 1/3] Move MAC testing code to generic place from cmac-test

Signed-off-by: Dmitry Eremin-Solenikov --- testsuite/cmac-test.c | 100 +++--- testsuite/testutils.c | 64 +++ testsuite/testutils.h | 6 +++ 3 files changed, 96 insertions(+), 74 deletions(-) diff --git a/testsuite/cmac-test.c b

Re: RFC: SIV-CMAC interface [was: API for new AEAD modes]

On Fri, Feb 16, 2018 at 10:17:31AM +0100, Nikos Mavrogiannopoulos wrote: > Thus, I'm sending an RFC for a high level SIV-CMAC interface with an > abstraction function set, which abstract on the cipher. The cipher is > then used for both CTR encryption and CMAC. > (Initially I tried

Re: cmac

ni...@lysator.liu.se (Niels Möller) writes: > Pushed to a branch "cmac-support" Merged to master now, with the additional fix for deallocating memory in the test. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject

Re: cmac

Nikos Mavrogiannopoulos <n...@redhat.com> writes: > While using that code, I realized that the CMAC128_UPDATE was misusing > the 'data' field. In the attached patch I've renamed it to 'src' to > avoid ambiguities. Pushed to a branch "cmac-support", together with Ch

RFC: SIV-CMAC interface [was: API for new AEAD modes]

think of having only a high level one. I've gave up on my attempts for a low-level mode as they were resulting to a very complex to use interface when following nettle conventions, or a very unique interface when trying to capture SIV-CMAC intentions. Thus, I'm sending an RFC for a high level SIV-

Re: cmac

On Thu, 2018-02-15 at 09:45 +0100, Nikos Mavrogiannopoulos wrote: > On Thu, 2018-02-15 at 07:53 +0100, Niels Möller wrote: > > Nikos Mavrogiannopoulos <n...@redhat.com> writes: > > > > > +@acronym{CMAC} is a message authentication code based on CBC > > >

Re: cmac

On Thu, 2018-02-15 at 07:53 +0100, Niels Möller wrote: > Nikos Mavrogiannopoulos <n...@redhat.com> writes: > > > +@acronym{CMAC} is a message authentication code based on CBC > > encryption > > +mode. It is suitable for systems where block ciphers are > > pref

Re: cmac

Nikos Mavrogiannopoulos <n...@redhat.com> writes: > +@acronym{CMAC} is a message authentication code based on CBC encryption > +mode. It is suitable for systems where block ciphers are preferrable > +and perform better than hash functions. @acronym{CMAC} is specified in &

Re: cmac

Nikos Mavrogiannopoulos <n...@redhat.com> writes: > On Wed, 2018-01-17 at 10:59 +0100, Nikos Mavrogiannopoulos wrote: > > Following up on my patchset, this (hopefully final) version introduces > CMAC with AES-256 as well. It also removes the CMAC128_KEY_SIZE > definition

Re: cmac

lowing up on my patchset, this (hopefully final) version introduces CMAC with AES-256 as well. It also removes the CMAC128_KEY_SIZE definition as the key size only depends on the block algorithm used. regards, Nikos From cc60df9f2e083633fe1d258f3d0ddc17da251508 Mon Sep 17 00:00:00 2001 From: Nikos Ma

Re: cmac

ht it but I never run it there. I've now sent a build with the 0001 patch at: https://gitlab.com/nmav/nettle/pipelines/16256301 regards, Nikos From 396f2ba4f3f238073e88364c7a6635d17505687e Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <n...@redhat.com> Date: Wed, 10 Jan 20

Re: cmac

Nikos Mavrogiannopoulos writes: > On Mon, Jan 15, 2018 at 9:37 PM Niels Möller wrote: > >> > + unsigned overflow = b2 & 0x8000; >> > + >> > + b1 <<= 1; >> > + b2 <<= 1; >> > + >> > + if (overflow) >> > +

Re: cmac

On Mon, Jan 15, 2018 at 9:37 PM Niels Möller <ni...@lysator.liu.se> wrote: > Nikos Mavrogiannopoulos <n...@redhat.com> writes: > > > Re-sending as it seems I forgot to remove cmac-internal from makefile. > > I've had a first reading, and a few comments. > Thank y

Re: cmac

Nikos Mavrogiannopoulos <n...@redhat.com> writes: > Re-sending as it seems I forgot to remove cmac-internal from makefile. I've had a first reading, and a few comments. > diff --git a/cmac.c b/cmac.c > new file mode 100644 > index ..b4886808 > --- /dev/null >

Re: cmac

On Fri, 2018-01-12 at 11:51 +0100, Nikos Mavrogiannopoulos wrote: > On Wed, 2018-01-10 at 11:24 +0100, Niels Möller wrote: > > Nikos Mavrogiannopoulos <n...@redhat.com> writes: > > > > > The attached patch brings support for AES-128-CMAC. The code is >

cmac

Hi, The attached patch brings support for AES-128-CMAC. The code is based on the samba code. The rshift and lshift functions come from the AES implementation bundled with samba. regards, Nikos From e68adc5e81ff8814707cddba47118f99778deabc Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos &l