++2019-06-06 Niels Möller <nisse@lysator.liu.se>
++
++ Update for cmac changes, enabling const for the _message fucntions.
++ * siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument,
++ and use a local struct cmac128_ctx for message-specific state.
++ (siv_cmac_set_key): Take a struct cmac128_key as argument. Updated
++ callers.
++ (siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const
++ struct cmac128_key as argument. Updated callers.
++
++ * siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key
++ rather than struct cmac128_ctx.
++
++ * siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message)
++ (siv_cmac_aes256_decrypt_message): Likewise.
++ * siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message)
++ (siv_cmac_aes128_decrypt_message): The ctx argument made const.
++
+2019-05-15 Niels Möller <nisse@lysator.liu.se>
+
+ * siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE):
+ New constants.
+ * testsuite/siv-test.c: Simplify tests a little.
+
+ * siv-cmac.h (SIV_MIN_NONCE_SIZE): New constant, 1.
+ * siv-cmac.c (_siv_s2v): Require non-empty nonce.
+ * nettle.texinfo (SIV-CMAC): Update documentation.
+
+2019-05-06 Niels Möller <nisse@lysator.liu.se>
+
+ SIV-CMAC mode, based on patch by Nikos Mavrogiannopoulos:
+ * siv-cmac.h (SIV_BLOCK_SIZE, SIV_DIGEST_SIZE): New constants.
+ (SIV_CMAC_CTX): New macro.
+ (struct siv_cmac_aes128_ctx, struct siv_cmac_aes256_ctx): New
+ context structs.
+ * siv-cmac.c (_siv_s2v, siv_cmac_set_key)
+ (siv_cmac_encrypt_message)
+ (siv_cmac_decrypt_message): New file, new functions.
+ * siv-cmac-aes128.c (siv_cmac_aes128_set_key)
+ (siv_cmac_aes128_encrypt_message)
+ (siv_cmac_aes128_decrypt_message): New file, new functions.
+ * siv-cmac-aes256.c (siv_cmac_aes256_set_key)
+ (siv_cmac_aes256_encrypt_message)
+ (siv_cmac_aes256_decrypt_message): New file, new functions.
+ * Makefile.in (nettle_SOURCES): Add siv-cmac source files.
+ (HEADERS): Add siv-cmac.h.
+ * testsuite/siv-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added siv-test.c
+ * nettle.texinfo (SIV-CMAC): Documentation.
+
+2019-04-30 Niels Möller <nisse@lysator.liu.se>
+
+ Based on a patch contributed by Nikos Mavrogiannopoulos.
+ * cmac.c (_cmac128_block_mulx): Renamed function...
+ (block_mulx): ... from old name.
+ * cmac-internal.h (_cmac128_block_mulx): New file, declare function.
+ * Makefile.in (DISTFILES): Added cmac-internal.h.
+
+ 2019-06-05 Niels Möller <nisse@lysator.liu.se>
+
+ Further separation of CMAC per-message state from the
+ message-independent subkeys, analogous to the gcm implementation.
+ * cmac.h (struct cmac128_ctx): Remove key, instead a struct
+ cmac128_key should be passed separately to functions that need it.
+ (CMAC128_CTX): Include both a struct cmac128_key and a struct
+ cmac128_ctx.
+ (CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly.
+
+ * cmac.c (cmac128_set_key): Change argument type from cmac128_ctx
+ to cmac128_key. Use a nettle_block16 for the constant zero block.
+ (cmac128_init): New function, to initialize a cmac128_ctx.
+ (cmac128_digest): Add cmac128_key argument. Move padding memset
+ into the block handling a partial block. Call cmac128_init to
+ reset state.
+
+ 2019-06-01 Niels Möller <nisse@lysator.liu.se>
+
+ * cmac.h (struct cmac128_key): New struct.
+ * cmac.h (struct cmac128_ctx): Use struct cmac128_key.
+ * cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
+
+ 2019-05-12 Niels Möller <nisse@lysator.liu.se>
+
+ Delete old libdes/openssl compatibility interface.
+ * des-compat.c: Delete file.
+ * des-compat.h: Delete file.
+ * testsuite/des-compat-test.c: Delete file.
+ * nettle.texinfo (Compatibility functions): Delete mention in documentation.
+
+ 2019-05-11 Niels Möller <nisse@lysator.liu.se>
+
+ * NEWS: More updates for Nettle-3.5.
+
2019-04-27 Niels Möller <nisse@lysator.liu.se>
From Simo Sorce:
#endif /* !WORDS_BIGENDIAN */
void
- cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher,
+ cmac128_set_key(struct cmac128_key *key, const void *cipher,
nettle_cipher_func *encrypt)
{
- static const uint8_t const_zero[] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- union nettle_block16 *L = &ctx->block;
- memset(ctx, 0, sizeof(*ctx));
+ static const union nettle_block16 zero_block;
+ union nettle_block16 L;
/* step 1 - generate subkeys k1 and k2 */
- encrypt(cipher, 16, L->b, const_zero);
+ encrypt(cipher, 16, L.b, zero_block.b);
- _cmac128_block_mulx(&ctx->K1, L);
- _cmac128_block_mulx(&ctx->K2, &ctx->K1);
- block_mulx(&key->K1, &L);
- block_mulx(&key->K2, &key->K1);
++ _cmac128_block_mulx(&key->K1, &L);
++ _cmac128_block_mulx(&key->K2, &key->K1);
+ }
+
+ void
+ cmac128_init(struct cmac128_ctx *ctx)
+ {
+ memset(&ctx->X, 0, sizeof(ctx->X));
+ ctx->index = 0;
}
#define MIN(x,y) ((x)<(y)?(x):(y))
--- /dev/null
- siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes128, key);
+/* siv-cmac-aes128.c
+
+ AES-SIV, RFC5297
+
+ Copyright (C) 2017 Nikos Mavrogiannopoulos
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "aes.h"
+#include "siv-cmac.h"
+#include "cmac.h"
+#include "ctr.h"
+#include "memxor.h"
+#include "memops.h"
+#include "cmac-internal.h"
+
+void
+siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key)
+{
- siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx,
++ siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes128, key);
+}
+
+void
- siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes128, &ctx->siv_cipher,
++siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src)
+{
- siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx,
++ siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
++ &nettle_aes128, &ctx->ctr_cipher,
+ nlength, nonce, alength, adata,
+ clength, dst, src);
+}
+
+int
- return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes128, &ctx->siv_cipher,
++siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t mlength, uint8_t *dst, const uint8_t *src)
+{
++ return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
++ &nettle_aes128, &ctx->ctr_cipher,
+ nlength, nonce, alength, adata,
+ mlength, dst, src);
+}
--- /dev/null
- siv_cmac_set_key(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher, &ctx->siv_cipher, &nettle_aes256, key);
+/* siv-cmac-aes256.c
+
+ AES-SIV, RFC5297
+
+ Copyright (C) 2017 Nikos Mavrogiannopoulos
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "aes.h"
+#include "siv-cmac.h"
+#include "cmac.h"
+#include "ctr.h"
+#include "memxor.h"
+#include "memops.h"
+#include "cmac-internal.h"
+
+void
+siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key)
+{
- siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx,
++ siv_cmac_set_key(&ctx->cmac_key, &ctx->cmac_cipher, &ctx->ctr_cipher, &nettle_aes256, key);
+}
+
+void
- siv_cmac_encrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes256, &ctx->siv_cipher,
++siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src)
+{
- siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx,
- size_t nlength, const uint8_t *nonce,
- size_t alength, const uint8_t *adata,
- size_t mlength, uint8_t *dst, const uint8_t *src)
++ siv_cmac_encrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
++ &nettle_aes256, &ctx->ctr_cipher,
+ nlength, nonce, alength, adata,
+ clength, dst, src);
+}
+
+int
- return siv_cmac_decrypt_message(&ctx->siv_cmac.ctx, &ctx->siv_cmac.cipher,
- &nettle_aes256, &ctx->siv_cipher,
++siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx,
++ size_t nlength, const uint8_t *nonce,
++ size_t alength, const uint8_t *adata,
++ size_t mlength, uint8_t *dst, const uint8_t *src)
+{
++ return siv_cmac_decrypt_message(&ctx->cmac_key, &ctx->cmac_cipher,
++ &nettle_aes256, &ctx->ctr_cipher,
+ nlength, nonce, alength, adata,
+ mlength, dst, src);
+}
--- /dev/null
- struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
+/* siv-cmac.c
+
+ SIV-CMAC, RFC5297
+
+ Copyright (C) 2017 Nikos Mavrogiannopoulos
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "aes.h"
+#include "siv-cmac.h"
+#include "cmac.h"
+#include "ctr.h"
+#include "memxor.h"
+#include "memops.h"
+#include "cmac-internal.h"
+#include "nettle-internal.h"
+
+/* This is an implementation of S2V for the AEAD case where
+ * vectors if zero, are considered as S empty components */
+static void
+_siv_s2v (const struct nettle_cipher *nc,
-
++ const struct cmac128_key *cmac_key,
++ const void *cmac_cipher,
+ size_t alength, const uint8_t * adata,
+ size_t nlength, const uint8_t * nonce,
+ size_t plength, const uint8_t * pdata, uint8_t * v)
+{
+ union nettle_block16 D, S, T;
+ static const union nettle_block16 const_zero = {.b = 0 };
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, const_zero.b);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, D.b);
++ struct cmac128_ctx cmac_ctx;
+ assert (nlength >= SIV_MIN_NONCE_SIZE);
+
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, alength, adata);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b);
++ cmac128_init(&cmac_ctx);
++ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, const_zero.b);
++ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, D.b);
+
+ _cmac128_block_mulx (&D, &D);
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, nlength, nonce);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, S.b);
++ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, alength, adata);
++ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
+ memxor (D.b, S.b, 16);
+
+ _cmac128_block_mulx (&D, &D);
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, plength - 16, pdata);
++ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, nlength, nonce);
++ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
+ memxor (D.b, S.b, 16);
+
+ /* Sn */
+ if (plength >= 16)
+ {
- cmac128_update (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, T.b);
- cmac128_digest (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt, 16, v);
++ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, plength - 16, pdata);
+
+ pdata += plength - 16;
+
+ memxor3 (T.b, pdata, D.b, 16);
+ }
+ else
+ {
+ union nettle_block16 pad;
+
+ _cmac128_block_mulx (&T, &D);
+ memcpy (pad.b, pdata, plength);
+ pad.b[plength] = 0x80;
+ if (plength + 1 < 16)
+ memset (&pad.b[plength + 1], 0, 16 - plength - 1);
+
+ memxor (T.b, pad.b, 16);
+ }
+
- siv_cmac_set_key (struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx,
++ cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, T.b);
++ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, v);
+}
+
+void
- nc->set_encrypt_key (cmac_cipher_ctx, key);
- cmac128_set_key (siv_cmac_ctx, cmac_cipher_ctx, nc->encrypt);
- nc->set_encrypt_key (cipher_ctx, key + nc->key_size);
++siv_cmac_set_key (struct cmac128_key *cmac_key, void *cmac_cipher, void *siv_cipher,
+ const struct nettle_cipher *nc, const uint8_t * key)
+{
- siv_cmac_encrypt_message (struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
++ nc->set_encrypt_key (cmac_cipher, key);
++ cmac128_set_key (cmac_key, cmac_cipher, nc->encrypt);
++ nc->set_encrypt_key (siv_cipher, key + nc->key_size);
+}
+
+void
- const void *cipher_ctx,
++siv_cmac_encrypt_message (const struct cmac128_key *cmac_key,
++ const void *cmac_cipher,
+ const struct nettle_cipher *nc,
- _siv_s2v (nc, siv_cmac_ctx, cmac_cipher_ctx, alength, adata, nlength, nonce, slength, src, siv.b);
++ const void *ctr_cipher,
+ size_t nlength, const uint8_t * nonce,
+ size_t alength, const uint8_t * adata,
+ size_t clength, uint8_t * dst, const uint8_t * src)
+{
+ union nettle_block16 siv;
+ size_t slength;
+
+ assert (clength >= SIV_DIGEST_SIZE);
+ slength = clength - SIV_DIGEST_SIZE;
+
+ /* create CTR nonce */
- ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength,
++ _siv_s2v (nc, cmac_key, cmac_cipher, alength, adata, nlength, nonce, slength, src, siv.b);
+
+ memcpy (dst, siv.b, SIV_DIGEST_SIZE);
+ siv.b[8] &= ~0x80;
+ siv.b[12] &= ~0x80;
+
- siv_cmac_decrypt_message (struct cmac128_ctx *siv_cmac_ctx,
- const void *cmac_cipher_ctx,
++ ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, siv.b, slength,
+ dst + SIV_DIGEST_SIZE, src);
+}
+
+int
- const void *cipher_ctx,
++siv_cmac_decrypt_message (const struct cmac128_key *cmac_key,
++ const void *cmac_cipher,
+ const struct nettle_cipher *nc,
- ctr_crypt (cipher_ctx, nc->encrypt, AES_BLOCK_SIZE, ctr.b,
++ const void *ctr_cipher,
+ size_t nlength, const uint8_t * nonce,
+ size_t alength, const uint8_t * adata,
+ size_t mlength, uint8_t * dst, const uint8_t * src)
+{
+ union nettle_block16 siv;
+ union nettle_block16 ctr;
+
+ memcpy (ctr.b, src, SIV_DIGEST_SIZE);
+ ctr.b[8] &= ~0x80;
+ ctr.b[12] &= ~0x80;
+
- siv_cmac_ctx, cmac_cipher_ctx, alength, adata,
++ ctr_crypt (ctr_cipher, nc->encrypt, AES_BLOCK_SIZE, ctr.b,
+ mlength, dst, src + SIV_DIGEST_SIZE);
+
+ /* create CTR nonce */
+ _siv_s2v (nc,
++ cmac_key, cmac_cipher, alength, adata,
+ nlength, nonce, mlength, dst, siv.b);
+
+ return memeql_sec (siv.b, src, SIV_DIGEST_SIZE);
+}
--- /dev/null
- siv_cmac_set_key(struct cmac128_ctx *siv_cmac_ctx, void *cmac_cipher_ctx, void *cipher_ctx,
+/* siv-cmac.h
+
+ AES-SIV, RFC5297
+
+ Copyright (C) 2017 Nikos Mavrogiannopoulos
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_SIV_H_INCLUDED
+#define NETTLE_SIV_H_INCLUDED
+
+#include "nettle-types.h"
+#include "nettle-meta.h"
+#include "cmac.h"
+#include "aes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define siv_cmac_set_key nettle_siv_cmac_set_key
+#define siv_cmac_encrypt_message nettle_siv_cmac_encrypt_message
+#define siv_cmac_decrypt_message nettle_siv_cmac_decrypt_message
+#define siv_cmac_aes128_set_key nettle_siv_cmac_aes128_set_key
+#define siv_cmac_aes128_encrypt_message nettle_siv_cmac_aes128_encrypt_message
+#define siv_cmac_aes128_decrypt_message nettle_siv_cmac_aes128_decrypt_message
+#define siv_cmac_aes256_set_key nettle_siv_cmac_aes256_set_key
+#define siv_cmac_aes256_encrypt_message nettle_siv_cmac_aes256_encrypt_message
+#define siv_cmac_aes256_decrypt_message nettle_siv_cmac_aes256_decrypt_message
+
+/* For SIV, the block size of the underlying cipher shall be 128 bits. */
+#define SIV_BLOCK_SIZE 16
+#define SIV_DIGEST_SIZE 16
+#define SIV_MIN_NONCE_SIZE 1
+
+void
- siv_cmac_encrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx,
++siv_cmac_set_key(struct cmac128_key *cmac_key, void *cmac_cipher, void *ctr_cipher,
+ const struct nettle_cipher *nc,
+ const uint8_t *key);
+
+void
- const void *cipher_ctx,
++siv_cmac_encrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher_ctx,
+ const struct nettle_cipher *nc,
- siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_cipher_ctx,
++ const void *ctr_ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
- const void *cipher_ctx,
++siv_cmac_decrypt_message(const struct cmac128_key *cmac_key, const void *cmac_cipher,
+ const struct nettle_cipher *nc,
- #define SIV_CMAC_CTX(type) { struct CMAC128_CTX(type) siv_cmac; type siv_cipher; }
++ const void *ctr_cipher,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t mlength, uint8_t *dst, const uint8_t *src);
+
+/*
+ * SIV mode requires the aad and plaintext when building the IV, which
+ * prevents streaming processing and it incompatible with the AEAD API.
+ */
+
- siv_cmac_aes128_encrypt_message(struct siv_cmac_aes128_ctx *ctx,
++#define SIV_CMAC_CTX(type) { struct cmac128_key cmac_key; type cmac_cipher; type ctr_cipher; }
+
+/* SIV_CMAC_AES128 */
+#define SIV_CMAC_AES128_KEY_SIZE 32
+
+struct siv_cmac_aes128_ctx SIV_CMAC_CTX(struct aes128_ctx);
+
+void
+siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key);
+
+void
- siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx,
++siv_cmac_aes128_encrypt_message(const struct siv_cmac_aes128_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
- siv_cmac_aes256_encrypt_message(struct siv_cmac_aes256_ctx *ctx,
++siv_cmac_aes128_decrypt_message(const struct siv_cmac_aes128_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t mlength, uint8_t *dst, const uint8_t *src);
+
+/* SIV_CMAC_AES256 */
+#define SIV_CMAC_AES256_KEY_SIZE 64
+
+struct siv_cmac_aes256_ctx SIV_CMAC_CTX(struct aes256_ctx);
+
+void
+siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key);
+
+void
- siv_cmac_aes256_decrypt_message(struct siv_cmac_aes256_ctx *ctx,
++siv_cmac_aes256_encrypt_message(const struct siv_cmac_aes256_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t clength, uint8_t *dst, const uint8_t *src);
+
+int
++siv_cmac_aes256_decrypt_message(const struct siv_cmac_aes256_ctx *ctx,
+ size_t nlength, const uint8_t *nonce,
+ size_t alength, const uint8_t *adata,
+ size_t mlength, uint8_t *dst, const uint8_t *src);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_SIV_H_INCLUDED */
projects / thirdparty / nettle.git / commitdiff
