On Wed, Jul 03, 2019 at 06:26:07AM +0200, Nikos Mavrogiannopoulos wrote:
> Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC
> for NTS/NTP implementation to verify that the final code is sufficient
> for this implementation.
I've updated my code to use th
Looks good to me, but I'm adding Mirek in CC who is using SIV-AES-CMAC
for NTS/NTP implementation to verify that the final code is sufficient
for this implementation.
regards,
Nikos
On Tue, Jul 2, 2019 at 4:25 PM Niels Möller wrote:
>
> Nikos Mavrogiannopoulos writes:
>
> > I prefer the second
Nikos Mavrogiannopoulos writes:
> I prefer the second option because I think the zero nonce variant
> requires a disproportionate, to its usefullness and use, discussion to
> define the "right" semantics.
Merged siv-mode to the master branch now. Does it look right to you?
Regards,
/Niels
--
I prefer the second option because I think the zero nonce variant requires a
disproportionate, to its usefullness and use, discussion to define the "right"
semantics.
On May 11, 2019 7:49:31 AM UTC, ni...@lysator.liu.se wrote:
>Nikos Mavrogiannopoulos writes:
>
>> Thanks. If you added the zero
Nikos Mavrogiannopoulos writes:
> Thanks. If you added the zero-nonce method, maybe it would be better
> to add test vectors for it as well. I'm copying from my last patch
> with it:
I was about to add the miscreant.js examples (and with nettle's output,
which is different), to illustrate intero
quot;),
+ SHEX("00112233 44556677 8899aabb ccddeeff"
+ "deaddada deaddada ffeeddcc bbaa9988"
+ "77665544 33221100"),
+ SHEX("74686973 20697320 736f6d65 20706c61"
+ "696e7465 78742074 6f20656e 63727970"
Nikos Mavrogiannopoulos writes:
> https://gitlab.com/nmav/nettle/merge_requests/4/
I've integrated this onto a branch siv-mode, with some changes (renamed
functions to all have the siv_cmac prefix, document that empty nonce may
have interop issues and should be considered experimental (but still
Simo informed me that I didn't update the CMAC file with the new
initializer. Instead of spamming the list with numerous patches, my
latest version is at:
https://gitlab.com/nmav/nettle/merge_requests/4/
Can be downloaded as patches at:
https://gitlab.com/nmav/nettle/merge_requests/4.patch
On Th
MIN(x,y) ((x)<(y)?(x):(y))
diff --git a/nettle-internal.h b/nettle-internal.h
index dc379f1f..2937a710 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -78,6 +78,8 @@
#define NETTLE_MAX_HASH_CONTEXT_SIZE (sizeof(struct sha3_224_ctx))
#define NETTLE_MAX_SEXP_ASSOC 17
#define NETTLE_MAX_CIPH
Nikos Mavrogiannopoulos writes:
>> In this function, you treat empty associated data or nonce as those
>> elements missing in the input vector to S2V. E.g., if both adata and
>> nonce are empty, the input vector is { plaintext }, one single
>> element.
>> But it could also be { "", "", plaintext
On Wed, 2019-04-17 at 20:27 +0200, Nikos Mavrogiannopoulos wrote:
> + static const union nettle_block16 const_zero = { .b = {
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
You could save some space/eyes by using .b = 0 (assuming
f(struct aes256_ctx))
/* Doesn't quite fit with the other algorithms, because of the weak
* keys. Weak keys are not reported, the functions will simply crash
diff --git a/nettle.texinfo b/nettle.texinfo
index 596c7098..b83c13d0 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -97,6 +97,7
6.c cfb.c \
+ siv-cmac.c siv-aes128-cmac.c siv-aes256-cmac.c \
cnd-memcpy.c \
chacha-crypt.c chacha-core-internal.c \
chacha-poly1305.c chacha-poly1305-meta.c \
@@ -198,7 +199,8 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
gcm.h gosthash94.h hmac.h \
knuth
Nikos Mavrogiannopoulos writes:
> On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote:
>> > +typedef int
>> > +nettle_decrypt_message(void *ctx,
>> > + size_t nlength, const uint8_t *nonce,
>> > + size_t alength, const uint8_t *adata,
>> > + size
On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote:
> Nikos Mavrogiannopoulos writes:
>
> > This patch adds the SIV-CMAC algorithm to nettle (an update of the
> > previous attempt). It is an atypical cipher which fits into the
> > encrypt_message interface.
>
&g
Nikos Mavrogiannopoulos writes:
> This patch adds the SIV-CMAC algorithm to nettle (an update of the
> previous attempt). It is an atypical cipher which fits into the
> encrypt_message interface.
Thanks. Some comments below:
> --- a/nettle-types.h
> +++ b/nettle-types.h
&g
This patch adds the SIV-CMAC algorithm to nettle (an update of the
previous attempt). It is an atypical cipher which fits into the
encrypt_message interface.
regards,
Nikos
From f83c8ae6fcb40f2e7dd65309050a11d7f1ee991c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos
Date: Sat, 20 Jan
On Fri, Feb 16, 2018 at 10:17:31AM +0100, Nikos Mavrogiannopoulos wrote:
> Thus, I'm sending an RFC for a high level SIV-CMAC interface with an
> abstraction function set, which abstract on the cipher. The cipher is
> then used for both CTR encryption and CMAC.
> (Initially I
the more I think of having only a high level one.
I've gave up on my attempts for a low-level mode as they were resulting
to a very complex to use interface when following nettle conventions,
or a very unique interface when trying to capture SIV-CMAC intentions.
Thus, I'm sending an RFC f
19 matches
Mail list logo
