Generalized nettle_aead abstraction, and moved to nettle-meta.h.

ChangeLog

 2014-02-12  Niels Möller  <nisse@lysator.liu.se>
 
+	* nettle-meta.h (struct nettle_aead): New generalized version
+	if this struct.
+	(nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
+	(nettle_eax_aes128): Declare, moved from nettle-internal.h.
+	* nettle-internal.h (struct nettle_aead): Deleted struct, moved to
+	nettle-meta.h. Deleted declarations of unused instances.
+	(_NETTLE_AEAD): Deleted macro.
+	* nettle-internal.c (nettle_eax_aes128): Updated for new
+	nettle_aead struct.
+	(nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256):
+	Deleted, moved to new files.
+	* gcm-aes128-meta.c (nettle_gcm_aes128): Moved to new file,
+	updated for new nettle_aead struct.
+	* gcm-aes192-meta.c (nettle_gcm_aes192): Likewise.
+	* gcm-aes256-meta.c (nettle_gcm_aes256): Likewise.
+	* testsuite/testutils.c (test_aead): Take alternative set_nonce
+	function as argument, and use it when nonce size differs from
+	aead->nonce_length.
+	* testsuite/testutils.h (test_aead): Updated prototype.
+	* testsuite/gcm-test.c (nettle_gcm_unified_aes128): Updated for
+	new nettle_aead struct.
+	(test_main): Pass additional argument to test_aead.
+	* testsuite/eax-test.c (test_main): Pass additional NULL argument
+	to test_aead.
+
 	* eax.h (EAX_DIGEST_SIZE): New constant.
 	* gcm.h (GCM_DIGEST_SIZE): Likewise.
 

Makefile.in

@@ -90,9 +90,11 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
 		 chacha-crypt.c chacha-core-internal.c \
 		 chacha-set-key.c chacha-set-nonce.c \
 		 chacha128-set-key.c chacha256-set-key.c \
-		 ctr.c gcm.c \
-		 des.c des3.c des-compat.c eax.c \
-		 gcm-aes.c gcm-aes128.c gcm-aes192.c gcm-aes256.c \
+		 ctr.c des.c des3.c des-compat.c eax.c \
+		 gcm.c gcm-aes.c \
+		 gcm-aes128.c gcm-aes128-meta.c \
+		 gcm-aes192.c gcm-aes192-meta.c \
+		 gcm-aes256.c gcm-aes256-meta.c \
 		 gosthash94.c gosthash94-meta.c \
 		 hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
 		 hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \

gcm-aes128-meta.c

+/* gcm-aes128-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "nettle-meta.h"
+
+#include "gcm.h"
+
+static nettle_set_key_func gcm_aes128_set_nonce_wrapper;
+static void
+gcm_aes128_set_nonce_wrapper (void *ctx, const uint8_t *nonce)
+{
+  gcm_aes128_set_iv (ctx, GCM_IV_SIZE, nonce);
+}
+
+const struct nettle_aead nettle_gcm_aes128 =
+  { "gcm_aes128", sizeof(struct gcm_aes128_ctx),
+    GCM_BLOCK_SIZE, AES128_KEY_SIZE,
+    GCM_IV_SIZE, GCM_DIGEST_SIZE,
+    (nettle_set_key_func *) gcm_aes128_set_key,
+    (nettle_set_key_func *) gcm_aes128_set_key,
+    gcm_aes128_set_nonce_wrapper,
+    (nettle_hash_update_func *) gcm_aes128_update,
+    (nettle_crypt_func *) gcm_aes128_encrypt,
+    (nettle_crypt_func *) gcm_aes128_decrypt,
+    (nettle_hash_digest_func *) gcm_aes128_digest,
+  };

gcm-aes192-meta.c

+/* gcm-aes192-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "nettle-meta.h"
+
+#include "gcm.h"
+
+static nettle_set_key_func gcm_aes192_set_nonce_wrapper;
+static void
+gcm_aes192_set_nonce_wrapper (void *ctx, const uint8_t *nonce)
+{
+  gcm_aes192_set_iv (ctx, GCM_IV_SIZE, nonce);
+}
+
+const struct nettle_aead nettle_gcm_aes192 =
+  { "gcm_aes192", sizeof(struct gcm_aes192_ctx),
+    GCM_BLOCK_SIZE, AES192_KEY_SIZE,
+    GCM_IV_SIZE, GCM_DIGEST_SIZE,
+    (nettle_set_key_func *) gcm_aes192_set_key,
+    (nettle_set_key_func *) gcm_aes192_set_key,
+    gcm_aes192_set_nonce_wrapper,
+    (nettle_hash_update_func *) gcm_aes192_update,
+    (nettle_crypt_func *) gcm_aes192_encrypt,
+    (nettle_crypt_func *) gcm_aes192_decrypt,
+    (nettle_hash_digest_func *) gcm_aes192_digest,
+  };

gcm-aes256-meta.c

+/* gcm-aes256-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "nettle-meta.h"
+
+#include "gcm.h"
+
+static nettle_set_key_func gcm_aes256_set_nonce_wrapper;
+static void
+gcm_aes256_set_nonce_wrapper (void *ctx, const uint8_t *nonce)
+{
+  gcm_aes256_set_iv (ctx, GCM_IV_SIZE, nonce);
+}
+
+const struct nettle_aead nettle_gcm_aes256 =
+  { "gcm_aes256", sizeof(struct gcm_aes256_ctx),
+    GCM_BLOCK_SIZE, AES256_KEY_SIZE,
+    GCM_IV_SIZE, GCM_DIGEST_SIZE,
+    (nettle_set_key_func *) gcm_aes256_set_key,
+    (nettle_set_key_func *) gcm_aes256_set_key,
+    gcm_aes256_set_nonce_wrapper,
+    (nettle_hash_update_func *) gcm_aes256_update,
+    (nettle_crypt_func *) gcm_aes256_encrypt,
+    (nettle_crypt_func *) gcm_aes256_decrypt,
+    (nettle_hash_digest_func *) gcm_aes256_digest,
+  };

nettle-internal.c

@@ -120,16 +120,6 @@ nettle_salsa20r12 = {
   (nettle_crypt_func *) salsa20r12_crypt
 };
 
-#define gcm_aes128_set_nonce gcm_aes128_set_iv
-#define gcm_aes192_set_nonce gcm_aes192_set_iv
-#define gcm_aes256_set_nonce gcm_aes256_set_iv
-const struct nettle_aead
-nettle_gcm_aes128 = _NETTLE_AEAD(gcm, GCM, aes128, 128);
-const struct nettle_aead
-nettle_gcm_aes192 = _NETTLE_AEAD(gcm, GCM, aes192, 192);
-const struct nettle_aead
-nettle_gcm_aes256 = _NETTLE_AEAD(gcm, GCM, aes256, 256);
-
 
 /* eax-aes128 */
 void
@@ -174,5 +164,26 @@ eax_aes128_digest(struct eax_aes128_ctx *ctx,
   EAX_DIGEST(ctx, aes128_encrypt, length, digest);
 }
 
+/* FIXME: Reasonable default? */
+#define EAX_IV_SIZE 16
+
+static nettle_set_key_func eax_aes128_set_nonce_wrapper;
+static void
+eax_aes128_set_nonce_wrapper (void *ctx, const uint8_t *nonce)
+{
+  eax_aes128_set_nonce (ctx, EAX_IV_SIZE, nonce);
+}
+
 const struct nettle_aead
-nettle_eax_aes128 = _NETTLE_AEAD(eax, EAX, aes128, 128);
+nettle_eax_aes128 =
+  { "eax_aes128", sizeof(struct eax_aes128_ctx),
+    EAX_BLOCK_SIZE, AES128_KEY_SIZE,
+    EAX_IV_SIZE, EAX_DIGEST_SIZE,
+    (nettle_set_key_func *) eax_aes128_set_key,
+    (nettle_set_key_func *) eax_aes128_set_key,
+    eax_aes128_set_nonce_wrapper,
+    (nettle_hash_update_func *) eax_aes128_update,
+    (nettle_crypt_func *) eax_aes128_encrypt,
+    (nettle_crypt_func *) eax_aes128_decrypt,
+    (nettle_hash_digest_func *) eax_aes128_digest
+  };

nettle-internal.h

@@ -82,55 +82,6 @@ extern const struct nettle_cipher nettle_openssl_cast128;
 extern const struct nettle_hash nettle_openssl_md5;
 extern const struct nettle_hash nettle_openssl_sha1;
 
-/* Tentative interface for "authenticated encryption with associated
-   data" algorithms. Should be moved to nettle-meta.h when stable. */
-struct nettle_aead
-{
-  const char *name;
-  
-  size_t context_size;
-  /* Block size of the input, and the size of the output digest */
-  size_t block_size;
-
-  /* Suggested key size; other sizes are sometimes possible. */
-  size_t key_size;
-
-  nettle_set_key_func *set_key;
-  nettle_hash_update_func *set_iv;
-  nettle_hash_update_func *update;
-  nettle_crypt_func *encrypt;
-  nettle_crypt_func *decrypt;
-  nettle_hash_digest_func *digest;
-};
-
-#define _NETTLE_AEAD(type, TYPE, name, key_size) {	\
-  #type "-" #name,					\
-  sizeof(struct type##_##name##_ctx),			\
-  TYPE##_BLOCK_SIZE,					\
-  key_size / 8,						\
-  (nettle_set_key_func *) type##_##name##_set_key,	\
-  (nettle_hash_update_func *) type##_##name##_set_nonce,\
-  (nettle_hash_update_func *) type##_##name##_update,	\
-  (nettle_crypt_func *) type##_##name##_encrypt,	\
-  (nettle_crypt_func *) type##_##name##_decrypt,	\
-  (nettle_hash_digest_func *) type##_##name##_digest,	\
-}
-
-extern const struct nettle_aead nettle_gcm_aes128;
-extern const struct nettle_aead nettle_gcm_aes192;
-extern const struct nettle_aead nettle_gcm_aes256;
-
-extern const struct nettle_aead nettle_gcm_camellia128;
-extern const struct nettle_aead nettle_gcm_camellia192;
-extern const struct nettle_aead nettle_gcm_camellia256;
-
-extern const struct nettle_aead nettle_gcm_serpent128;
-extern const struct nettle_aead nettle_gcm_serpent192;
-extern const struct nettle_aead nettle_gcm_serpent256;
-
-extern const struct nettle_aead nettle_gcm_twofish128;
-extern const struct nettle_aead nettle_gcm_twofish192;
-extern const struct nettle_aead nettle_gcm_twofish256;
 
 /* Tentative interface. */
 struct eax_aes128_ctx EAX_CTX(struct aes128_ctx);

nettle-meta.h

@@ -126,6 +126,31 @@ extern const struct nettle_hash nettle_sha3_256;
 extern const struct nettle_hash nettle_sha3_384;
 extern const struct nettle_hash nettle_sha3_512;
 
+struct nettle_aead
+{
+  const char *name;
+  
+  unsigned context_size;
+  /* Block size for encrypt and decrypt. */
+  unsigned block_size;
+  unsigned key_size;
+  unsigned nonce_size;
+  unsigned digest_size;
+
+  nettle_set_key_func *set_encrypt_key;
+  nettle_set_key_func *set_decrypt_key;
+  nettle_set_key_func *set_nonce;
+  nettle_hash_update_func *update;
+  nettle_crypt_func *encrypt;
+  nettle_crypt_func *decrypt;
+  /* FIXME: Drop length argument? */
+  nettle_hash_digest_func *digest;
+};
+
+extern const struct nettle_aead nettle_gcm_aes128;
+extern const struct nettle_aead nettle_gcm_aes192;
+extern const struct nettle_aead nettle_gcm_aes256;
+
 struct nettle_armor
 {
   const char *name;

testsuite/eax-test.c

@@ -6,7 +6,7 @@ test_main(void)
 {
   /* From the EAX specification,
      http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf */
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("233952DEE4D5ED5F9B9C6D6FF80FF478"),	/* key */
 	    SHEX("6BFB914FD07EAE6B"),			/* auth data */
 	    SHEX(""),					/* plaintext */
@@ -14,7 +14,7 @@ test_main(void)
 	    SHEX("62EC67F9C3A4A407FCB2A8C49031A8B3"),	/* nonce */
 	    SHEX("E037830E8389F27B025A2D6527E79D01"));	/* tag */
 
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("91945D3F4DCBEE0BF45EF52255F095A4"),
 	    SHEX("FA3BFD4806EB53FA"),
 	    SHEX("F7FB"),
@@ -22,7 +22,7 @@ test_main(void)
 	    SHEX("BECAF043B0A23D843194BA972C66DEBD"),
 	    SHEX("5C4C9331049D0BDAB0277408F67967E5"));
   
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("01F74AD64077F2E704C0F60ADA3DD523"),
 	    SHEX("234A3463C1264AC6"),
 	    SHEX("1A47CB4933"),
@@ -30,7 +30,7 @@ test_main(void)
 	    SHEX("70C3DB4F0D26368400A10ED05D2BFF5E"),
 	    SHEX("3A59F238A23E39199DC9266626C40F80"));
 
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("D07CF6CBB7F313BDDE66B727AFD3C5E8"),
 	    SHEX("33CCE2EABFF5A79D"),
 	    SHEX("481C9E39B1"),
@@ -38,7 +38,7 @@ test_main(void)
 	    SHEX("8408DFFF3C1A2B1292DC199E46B7D617"),
 	    SHEX("D4C168A4225D8E1FF755939974A7BEDE"));
 
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("35B6D0580005BBC12B0587124557D2C2"),
 	    SHEX("AEB96EAEBE2970E9"),
 	    SHEX("40D0C07DA5E4"),
@@ -46,7 +46,7 @@ test_main(void)
 	    SHEX("FDB6B06676EEDC5C61D74276E1F8E816"),
 	    SHEX("CB0677E536F73AFE6A14B74EE49844DD"));
 
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("BD8E6E11475E60B268784C38C62FEB22"),
 	    SHEX("D4482D1CA78DCE0F"),
 	    SHEX("4DE3B35C3FC039245BD1FB7D"),
@@ -54,7 +54,7 @@ test_main(void)
 	    SHEX("6EAC5C93072D8E8513F750935E46DA1B"),
 	    SHEX("ABB8644FD6CCB86947C5E10590210A4F"));
 
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("7C77D6E813BED5AC98BAA417477A2E7D"),
 	    SHEX("65D2017990D62528"),
 	    SHEX("8B0A79306C9CE7ED99DAE4F87F8DD61636"),
@@ -62,7 +62,7 @@ test_main(void)
 	    SHEX("1A8C98DCD73D38393B2BF1569DEEFC19"),
 	    SHEX("137327D10649B0AA6E1C181DB617D7F2"));
   
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("5FFF20CAFAB119CA2FC73549E20F5B0D"),
 	    SHEX("54B9F04E6A09189A"),
 	    SHEX("1BDA122BCE8A8DBAF1877D962B8592DD2D56"),
@@ -70,7 +70,7 @@ test_main(void)
 	    SHEX("DDE59B97D722156D4D9AFF2BC7559826"),
 	    SHEX("3B60450599BD02C96382902AEF7F832A"));
   
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("A4A4782BCFFD3EC5E7EF6D8C34A56123"),
 	    SHEX("899A175897561D7E"),
 	    SHEX("6CF36720872B8513F6EAB1A8A44438D5EF11"),
@@ -78,7 +78,7 @@ test_main(void)
 	    SHEX("B781FCF2F75FA5A8DE97A9CA48E522EC"),
 	    SHEX("E7F6D2231618102FDB7FE55FF1991700"));
   
-  test_aead(&nettle_eax_aes128,
+  test_aead(&nettle_eax_aes128, NULL,
 	    SHEX("8395FCF1E95BEBD697BD010BC766AAC3"),
 	    SHEX("126735FCC320D25A"),
 	    SHEX("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7"),

testsuite/gcm-test.c

@@ -25,19 +25,27 @@ test_gcm_hash (const struct tstring *msg, const struct tstring *ref)
     }
 }
 
+static nettle_set_key_func gcm_unified_aes128_set_key;
+static nettle_set_key_func gcm_unified_aes128_set_iv;
 static void
-gcm_unified_aes128_set_key (void *ctx, uint8_t *key)
+gcm_unified_aes128_set_key (void *ctx, const uint8_t *key)
 {
   gcm_aes_set_key (ctx, AES128_KEY_SIZE, key);
 }
+static void
+gcm_unified_aes128_set_iv (void *ctx, const uint8_t *iv)
+{
+  gcm_aes_set_iv (ctx, GCM_IV_SIZE, iv);
+}
 static const struct nettle_aead
 nettle_gcm_unified_aes128 = {
   "gcm-aes128",
   sizeof (struct gcm_aes_ctx),
-  GCM_BLOCK_SIZE,
-  AES128_KEY_SIZE,
+  GCM_BLOCK_SIZE, AES128_KEY_SIZE,
+  GCM_IV_SIZE, GCM_DIGEST_SIZE,
+  (nettle_set_key_func *) gcm_unified_aes128_set_key,
   (nettle_set_key_func *) gcm_unified_aes128_set_key,
-  (nettle_hash_update_func *) gcm_aes_set_iv,
+  (nettle_set_key_func *) gcm_unified_aes128_set_iv,
   (nettle_hash_update_func *) gcm_aes_update,
   (nettle_crypt_func *) gcm_aes_encrypt,
   (nettle_crypt_func *) gcm_aes_decrypt,
@@ -54,7 +62,7 @@ test_main(void)
    */
 
   /* Test case 1 */
-  test_aead(&nettle_gcm_aes128,
+  test_aead(&nettle_gcm_aes128, NULL,
 	    SHEX("00000000000000000000000000000000"),	/* key */
 	    SHEX(""),					/* auth data */ 
 	    SHEX(""),					/* plaintext */
@@ -63,7 +71,7 @@ test_main(void)
 	    SHEX("58e2fccefa7e3061367f1d57a4e7455a"));	/* tag */
 
   /* Test case 2 */
-  test_aead(&nettle_gcm_aes128,
+  test_aead(&nettle_gcm_aes128, NULL,
 	    SHEX("00000000000000000000000000000000"),
 	    SHEX(""),
 	    SHEX("00000000000000000000000000000000"),
@@ -72,7 +80,7 @@ test_main(void)
 	    SHEX("ab6e47d42cec13bdf53a67b21257bddf"));
 
   /* Test case 3 */
-  test_aead(&nettle_gcm_aes128,
+  test_aead(&nettle_gcm_aes128, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"),
 	    SHEX(""),
 	    SHEX("d9313225f88406e5a55909c5aff5269a"
@@ -87,7 +95,7 @@ test_main(void)
 	    SHEX("4d5c2af327cd64a62cf35abd2ba6fab4"));
 
   /* Test case 4 */
-  test_aead(&nettle_gcm_aes128,
+  test_aead(&nettle_gcm_aes128, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
 		 "abaddad2"),
@@ -104,6 +112,7 @@ test_main(void)
 
   /* Test case 5 */
   test_aead(&nettle_gcm_aes128,
+	    (nettle_hash_update_func *) gcm_aes128_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
 		 "abaddad2"),
@@ -120,6 +129,7 @@ test_main(void)
 
   /* Test case 6 */
   test_aead(&nettle_gcm_aes128,
+	    (nettle_hash_update_func *) gcm_aes128_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
 		 "abaddad2"),
@@ -139,6 +149,7 @@ test_main(void)
 
   /* Same test, but with old gcm_aes interface */
   test_aead(&nettle_gcm_unified_aes128,
+	    (nettle_hash_update_func *) gcm_aes_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
 		 "abaddad2"),
@@ -157,7 +168,7 @@ test_main(void)
 	    SHEX("619cc5aefffe0bfa462af43c1699d050"));
 
   /* Test case 7 */
-  test_aead(&nettle_gcm_aes192,
+  test_aead(&nettle_gcm_aes192, NULL,
 	    SHEX("00000000000000000000000000000000"
 		 "0000000000000000"),
 	    SHEX(""),
@@ -167,7 +178,7 @@ test_main(void)
 	    SHEX("cd33b28ac773f74ba00ed1f312572435"));
 
   /* Test case 8 */
-  test_aead(&nettle_gcm_aes192,
+  test_aead(&nettle_gcm_aes192, NULL,
 	    SHEX("00000000000000000000000000000000"
 		 "0000000000000000"),
 	    SHEX(""),
@@ -177,7 +188,7 @@ test_main(void)
 	    SHEX("2ff58d80033927ab8ef4d4587514f0fb"));
 
   /* Test case 9 */
-  test_aead(&nettle_gcm_aes192,
+  test_aead(&nettle_gcm_aes192, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c"),
 	    SHEX(""),
@@ -193,7 +204,7 @@ test_main(void)
 	    SHEX("9924a7c8587336bfb118024db8674a14"));
 
   /* Test case 10 */
-  test_aead(&nettle_gcm_aes192,
+  test_aead(&nettle_gcm_aes192, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
@@ -211,6 +222,7 @@ test_main(void)
 
   /* Test case 11 */
   test_aead(&nettle_gcm_aes192,
+	    (nettle_hash_update_func *) gcm_aes192_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
@@ -228,6 +240,7 @@ test_main(void)
 
   /* Test case 12 */
   test_aead(&nettle_gcm_aes192,
+	    (nettle_hash_update_func *) gcm_aes192_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
@@ -247,7 +260,7 @@ test_main(void)
 	    SHEX("dcf566ff291c25bbb8568fc3d376a6d9"));
 
   /* Test case 13 */
-  test_aead(&nettle_gcm_aes256,
+  test_aead(&nettle_gcm_aes256, NULL,
 	    SHEX("00000000000000000000000000000000"
 		 "00000000000000000000000000000000"),
 	    SHEX(""),
@@ -257,7 +270,7 @@ test_main(void)
 	    SHEX("530f8afbc74536b9a963b4f1c4cb738b"));
 
   /* Test case 14 */
-  test_aead(&nettle_gcm_aes256,
+  test_aead(&nettle_gcm_aes256, NULL,
 	    SHEX("00000000000000000000000000000000"
 		 "00000000000000000000000000000000"),
 	    SHEX(""),
@@ -267,7 +280,7 @@ test_main(void)
 	    SHEX("d0d1c8a799996bf0265b98b5d48ab919"));
 
   /* Test case 15 */
-  test_aead(&nettle_gcm_aes256,
+  test_aead(&nettle_gcm_aes256, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c6d6a8f9467308308"),
 	    SHEX(""),
@@ -283,7 +296,7 @@ test_main(void)
 	    SHEX("b094dac5d93471bdec1a502270e3cc6c"));
 
   /* Test case 16 */
-  test_aead(&nettle_gcm_aes256,
+  test_aead(&nettle_gcm_aes256, NULL,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
@@ -301,6 +314,7 @@ test_main(void)
 
   /* Test case 17 */
   test_aead(&nettle_gcm_aes256,
+	    (nettle_hash_update_func *) gcm_aes256_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"
@@ -318,6 +332,7 @@ test_main(void)
 
   /* Test case 18 */
   test_aead(&nettle_gcm_aes256,
+	    (nettle_hash_update_func *) gcm_aes256_set_iv,
 	    SHEX("feffe9928665731c6d6a8f9467308308"
 		 "feffe9928665731c6d6a8f9467308308"),
 	    SHEX("feedfacedeadbeeffeedfacedeadbeef"

testsuite/testutils.c

@@ -468,11 +468,12 @@ test_cipher_stream(const struct nettle_cipher *cipher,
 
 void
 test_aead(const struct nettle_aead *aead,
+	  nettle_hash_update_func *set_nonce,
 	  const struct tstring *key,
 	  const struct tstring *authtext,
 	  const struct tstring *cleartext,
 	  const struct tstring *ciphertext,
-	  const struct tstring *iv,
+	  const struct tstring *nonce,
 	  const struct tstring *digest)
 {
   void *ctx = xalloc(aead->context_size);
@@ -490,9 +491,15 @@ test_aead(const struct nettle_aead *aead,
   
   /* encryption */
   memset(buffer, 0, aead->block_size);
-  aead->set_key(ctx, key->data);
+  aead->set_encrypt_key(ctx, key->data);
 
-  aead->set_iv(ctx, iv->length, iv->data);
+  if (nonce->length != aead->nonce_size)
+    {
+      ASSERT (set_nonce);
+      set_nonce (ctx, nonce->length, nonce->data);
+    }
+  else
+    aead->set_nonce(ctx, nonce->data);
 
   if (authtext->length)
     aead->update(ctx, authtext->length, authtext->data);
@@ -507,7 +514,16 @@ test_aead(const struct nettle_aead *aead,
 
   /* decryption */
   memset(buffer, 0, aead->block_size);
-  aead->set_iv(ctx, iv->length, iv->data);
+
+  aead->set_decrypt_key(ctx, key->data);
+
+  if (nonce->length != aead->nonce_size)
+    {
+      ASSERT (set_nonce);
+      set_nonce (ctx, nonce->length, nonce->data);
+    }
+  else
+    aead->set_nonce(ctx, nonce->data);
 
   if (authtext->length)
     aead->update(ctx, authtext->length, authtext->data);

testsuite/testutils.h

@@ -131,11 +131,12 @@ test_cipher_stream(const struct nettle_cipher *cipher,
 
 void
 test_aead(const struct nettle_aead *aead,
+	  nettle_hash_update_func *set_nonce,
 	  const struct tstring *key,
 	  const struct tstring *authtext,
 	  const struct tstring *cleartext,