siv: add functions to return min and max nonce length

While AES-SIV-CMAC allows nonces of any length, AES-GCM-SIV requires
exactly 12 bytes, which is less than the unpadded minimum length of 16
used in the NTS authenticator field. These functions will be needed to
support both ciphers in the NTS code.

diff --git a/siv.h b/siv.h
index e303d343baec57e17ce78ee67cd0e9b14d43188c..868edbd49f9bd876fc5907fb6989b0e72577292e 100644 (file)
--- a/siv.h
+++ b/siv.h
@@ -53,6 +53,10 @@ extern int SIV_GetKeyLength(SIV_Algorithm algorithm);
 
 extern int SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length);
 
+extern int SIV_GetMinNonceLength(SIV_Instance instance);
+
+extern int SIV_GetMaxNonceLength(SIV_Instance instance);
+
 extern int SIV_GetTagLength(SIV_Instance instance);
 
 extern int SIV_Encrypt(SIV_Instance instance,

diff --git a/siv_gnutls.c b/siv_gnutls.c
index aba2babf430dd83f4707aae845267d69b5baabe5..95387f0d4cd4f1264760ae81f8edd794e25343e6 100644 (file)
--- a/siv_gnutls.c
+++ b/siv_gnutls.c
@@ -195,6 +195,22 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 
 /* ================================================== */
 
+int
+SIV_GetMinNonceLength(SIV_Instance instance)
+{
+  return 1;
+}
+
+/* ================================================== */
+
+int
+SIV_GetMaxNonceLength(SIV_Instance instance)
+{
+  return INT_MAX;
+}
+
+/* ================================================== */
+
 int
 SIV_GetTagLength(SIV_Instance instance)
 {

diff --git a/siv_nettle.c b/siv_nettle.c
index 04bc9ad262201908677735f08d41358e7b90fc4c..800beb71aad44e20c52175cf6872923ea92c84bc 100644 (file)
--- a/siv_nettle.c
+++ b/siv_nettle.c
@@ -144,6 +144,22 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
 
 /* ================================================== */
 
+int
+SIV_GetMinNonceLength(SIV_Instance instance)
+{
+  return instance->min_nonce_length;
+}
+
+/* ================================================== */
+
+int
+SIV_GetMaxNonceLength(SIV_Instance instance)
+{
+  return instance->max_nonce_length;
+}
+
+/* ================================================== */
+
 int
 SIV_GetTagLength(SIV_Instance instance)
 {

diff --git a/test/unit/siv.c b/test/unit/siv.c
index 2465c6808b324ef30177079f8ee9b6cbc47319bd..54f435d4edd3adcd7d2b29dd94de21239394795e 100644 (file)
--- a/test/unit/siv.c
+++ b/test/unit/siv.c
@@ -244,6 +244,12 @@ test_unit(void)
     }
 
     TEST_CHECK(SIV_GetKeyLength(tests[i].algorithm) == tests[i].key_length);
+    TEST_CHECK(SIV_GetMinNonceLength(siv) >= 1);
+    TEST_CHECK(SIV_GetMinNonceLength(siv) <= 12);
+    TEST_CHECK(SIV_GetMaxNonceLength(siv) >= 12);
+    TEST_CHECK(SIV_GetMinNonceLength(siv) <= SIV_GetMaxNonceLength(siv));
+    if (fixed_nonce_length)
+      TEST_CHECK(SIV_GetMinNonceLength(siv) == SIV_GetMaxNonceLength(siv));
 
     r = SIV_Encrypt(siv, tests[i].nonce, tests[i].nonce_length,
                     tests[i].assoc, tests[i].assoc_length,