Commit e57d2fe2 authored by Niels Möller's avatar Niels Möller

New gcm-aes interface.

parent 187631fa
2014-01-26 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
(_NETTLE_AEAD): ... new name, and deleted old definition. Also use
_set_nonce instead of _set_iv.
* nettle-internal.c (nettle_gcm_aes128, nettle_gcm_aes192)
(nettle_gcm_aes256): Define in terms of new interface.
(nettle_eax_aes128): Updated for _NETTLE_AEAD changes.
* testsuite/gcm-test.c (test_gcm_hash): Likewise use struct
gcm_aes128_ctx.
(test_main): Added a testcase using the old interface based on
struct gcm_aes_ctx.
* examples/nettle-benchmark.c (time_gcm): Update to use new struct
gcm_aes128_ctx. Also use name "gcm-aes128" in output.
* gcm.h: New interface for gcm_aes128, gcm_aes192, gcm_aes256,
using the new AES interface.
(GCM_CTX): Reorder fields, putting the cipher context
last.
* Makefile.in (nettle_SOURCES): Added gcm-aes128.c, gcm-aes192.c,
and gcm-aes256.c.
* gcm-aes128.c: New file.
* gcm-aes192.c: New file
* gcm-aes256.c: New file.
2014-01-25 Niels Möller <nisse@lysator.liu.se>
* gcm.h (GCM_SET_KEY): Deleted length argument.
......
......@@ -87,7 +87,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
camellia256-meta.c \
cast128.c cast128-meta.c \
blowfish.c \
cbc.c ctr.c gcm.c gcm-aes.c \
cbc.c ctr.c gcm.c \
gcm-aes.c gcm-aes128.c gcm-aes192.c gcm-aes256.c \
des.c des3.c des-compat.c eax.c \
hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \
......
......@@ -422,31 +422,31 @@ time_gcm(void)
static uint8_t data[BENCH_BLOCK];
struct bench_hash_info hinfo;
struct bench_cipher_info cinfo;
struct gcm_aes_ctx ctx;
struct gcm_aes128_ctx ctx;
uint8_t key[16];
uint8_t key[AES128_KEY_SIZE];
uint8_t iv[GCM_IV_SIZE];
gcm_aes_set_key(&ctx, sizeof(key), key);
gcm_aes_set_iv(&ctx, sizeof(iv), iv);
gcm_aes128_set_key(&ctx, sizeof(key), key);
gcm_aes128_set_iv(&ctx, sizeof(iv), iv);
hinfo.ctx = &ctx;
hinfo.update = (nettle_hash_update_func *) gcm_aes_update;
hinfo.update = (nettle_hash_update_func *) gcm_aes128_update;
hinfo.data = data;
display("gcm-aes", "update", GCM_BLOCK_SIZE,
display("gcm-aes128", "update", GCM_BLOCK_SIZE,
time_function(bench_hash, &hinfo));
cinfo.ctx = &ctx;
cinfo.crypt = (nettle_crypt_func *) gcm_aes_encrypt;
cinfo.crypt = (nettle_crypt_func *) gcm_aes128_encrypt;
cinfo.data = data;
display("gcm-aes", "encrypt", GCM_BLOCK_SIZE,
display("gcm-aes128", "encrypt", GCM_BLOCK_SIZE,
time_function(bench_cipher, &cinfo));
cinfo.crypt = (nettle_crypt_func *) gcm_aes_decrypt;
cinfo.crypt = (nettle_crypt_func *) gcm_aes128_decrypt;
display("gcm-aes", "decrypt", GCM_BLOCK_SIZE,
display("gcm-aes128", "decrypt", GCM_BLOCK_SIZE,
time_function(bench_cipher, &cinfo));
}
......
/* gcm-aes128.c
*
* Galois counter mode using AES128 as the underlying cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2011, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "gcm.h"
void
gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, size_t length, const uint8_t *key)
{
assert (length == AES128_KEY_SIZE);
GCM_SET_KEY(ctx, aes128_set_encrypt_key, aes128_encrypt, key);
}
void
gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *iv)
{
GCM_SET_IV (ctx, length, iv);
}
void
gcm_aes128_update (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *data)
{
GCM_UPDATE (ctx, length, data);
}
void
gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_ENCRYPT(ctx, aes128_encrypt, length, dst, src);
}
void
gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_DECRYPT(ctx, aes128_encrypt, length, dst, src);
}
void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *digest)
{
GCM_DIGEST(ctx, aes128_encrypt, length, digest);
}
/* gcm-aes192.c
*
* Galois counter mode using AES192 as the underlying cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2011, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "gcm.h"
void
gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, size_t length, const uint8_t *key)
{
assert (length == AES192_KEY_SIZE);
GCM_SET_KEY(ctx, aes192_set_encrypt_key, aes192_encrypt, key);
}
void
gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *iv)
{
GCM_SET_IV (ctx, length, iv);
}
void
gcm_aes192_update (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *data)
{
GCM_UPDATE (ctx, length, data);
}
void
gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_ENCRYPT(ctx, aes192_encrypt, length, dst, src);
}
void
gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_DECRYPT(ctx, aes192_encrypt, length, dst, src);
}
void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *digest)
{
GCM_DIGEST(ctx, aes192_encrypt, length, digest);
}
/* gcm-aes256.c
*
* Galois counter mode using AES256 as the underlying cipher.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2011, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "gcm.h"
void
gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, size_t length, const uint8_t *key)
{
assert (length == AES256_KEY_SIZE);
GCM_SET_KEY(ctx, aes256_set_encrypt_key, aes256_encrypt, key);
}
void
gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *iv)
{
GCM_SET_IV (ctx, length, iv);
}
void
gcm_aes256_update (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *data)
{
GCM_UPDATE (ctx, length, data);
}
void
gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_ENCRYPT(ctx, aes256_encrypt, length, dst, src);
}
void
gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
GCM_DECRYPT(ctx, aes256_encrypt, length, dst, src);
}
void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *digest)
{
GCM_DIGEST(ctx, aes256_encrypt, length, digest);
}
......@@ -5,13 +5,10 @@
*
*/
/* NOTE: Tentative interface, subject to change. No effort will be
made to avoid incompatible changes. */
/* nettle, low-level cryptographics library
*
* Copyright (C) 2011 Niels Möller
* Copyright (C) 2011 Katholieke Universiteit Leuven
* Copyright (C) 2011, 2014 Niels Möller
*
* Contributed by Nikos Mavrogiannopoulos
*
......@@ -48,6 +45,27 @@ extern "C" {
#define gcm_decrypt nettle_gcm_decrypt
#define gcm_digest nettle_gcm_digest
#define gcm_aes128_set_key nettle_gcm_aes128_set_key
#define gcm_aes128_set_iv nettle_gcm_aes128_set_iv
#define gcm_aes128_update nettle_gcm_aes128_update
#define gcm_aes128_encrypt nettle_gcm_aes128_encrypt
#define gcm_aes128_decrypt nettle_gcm_aes128_decrypt
#define gcm_aes128_digest nettle_gcm_aes128_digest
#define gcm_aes192_set_key nettle_gcm_aes192_set_key
#define gcm_aes192_set_iv nettle_gcm_aes192_set_iv
#define gcm_aes192_update nettle_gcm_aes192_update
#define gcm_aes192_encrypt nettle_gcm_aes192_encrypt
#define gcm_aes192_decrypt nettle_gcm_aes192_decrypt
#define gcm_aes192_digest nettle_gcm_aes192_digest
#define gcm_aes256_set_key nettle_gcm_aes256_set_key
#define gcm_aes256_set_iv nettle_gcm_aes256_set_iv
#define gcm_aes256_update nettle_gcm_aes256_update
#define gcm_aes256_encrypt nettle_gcm_aes256_encrypt
#define gcm_aes256_decrypt nettle_gcm_aes256_decrypt
#define gcm_aes256_digest nettle_gcm_aes256_digest
#define gcm_aes_set_key nettle_gcm_aes_set_key
#define gcm_aes_set_iv nettle_gcm_aes_set_iv
#define gcm_aes_update nettle_gcm_aes_update
......@@ -65,7 +83,7 @@ struct gcm_key
{
union nettle_block16 h[1 << GCM_TABLE_BITS];
};
/* Per-message state, depending on the iv */
struct gcm_ctx {
/* Original counter block */
......@@ -109,10 +127,9 @@ gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
size_t length, uint8_t *digest);
/* Convenience macrology (not sure how useful it is) */
/* All-in-one context, with cipher, hash subkey, and message state. */
/* All-in-one context, with hash subkey, message state, and cipher. */
#define GCM_CTX(type) \
{ type cipher; struct gcm_key key; struct gcm_ctx gcm; }
{ struct gcm_key key; struct gcm_ctx gcm; type cipher; }
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define GCM_SET_KEY(ctx, set_key, encrypt, key) \
......@@ -147,6 +164,84 @@ gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
(nettle_crypt_func *) (encrypt), \
(length), (digest)))
struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);
void
gcm_aes128_set_key(struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *key);
/* FIXME: Define _update and _set_iv as some kind of aliaes,
there's nothing aes-specific. */
void
gcm_aes128_update (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *digest);
struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);
void
gcm_aes192_set_key(struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *key);
void
gcm_aes192_update (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *digest);
struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);
void
gcm_aes256_set_key(struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *key);
void
gcm_aes256_update (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *digest);
/* Old aes interface, for backwards compatibility */
struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
void
......
......@@ -107,12 +107,16 @@ nettle_salsa20r12 = {
(nettle_crypt_func *) salsa20r12_crypt
};
#define gcm_aes128_set_nonce gcm_aes128_set_iv
#define gcm_aes192_set_nonce gcm_aes192_set_iv
#define gcm_aes256_set_nonce gcm_aes256_set_iv
const struct nettle_aead
nettle_gcm_aes128 = _NETTLE_AEAD(gcm, GCM, aes, 128);
nettle_gcm_aes128 = _NETTLE_AEAD(gcm, GCM, aes128, 128);
const struct nettle_aead
nettle_gcm_aes192 = _NETTLE_AEAD(gcm, GCM, aes, 192);
nettle_gcm_aes192 = _NETTLE_AEAD(gcm, GCM, aes192, 192);
const struct nettle_aead
nettle_gcm_aes256 = _NETTLE_AEAD(gcm, GCM, aes, 256);
nettle_gcm_aes256 = _NETTLE_AEAD(gcm, GCM, aes256, 256);
/* Old, unified, interface */
const struct nettle_cipher nettle_unified_aes128
......@@ -172,8 +176,5 @@ eax_aes128_digest(struct eax_aes128_ctx *ctx,
EAX_DIGEST(ctx, aes128_encrypt, length, digest);
}
/* FIXME: Rename to set_nonce, in struct nettle_aead. */
#define eax_aes128_set_iv eax_aes128_set_nonce
const struct nettle_aead
nettle_eax_aes128 = _NETTLE_AEAD_FIX(eax, EAX, aes128, 128);
nettle_eax_aes128 = _NETTLE_AEAD(eax, EAX, aes128, 128);
......@@ -103,25 +103,12 @@ struct nettle_aead
};
#define _NETTLE_AEAD(type, TYPE, name, key_size) { \
#type "-" #name #key_size, \
sizeof(struct type##_##name##_ctx), \
TYPE##_BLOCK_SIZE, \
key_size / 8, \
(nettle_set_key_func *) type##_##name##_set_key, \
(nettle_set_key_func *) type##_##name##_set_iv, \
(nettle_hash_update_func *) type##_##name##_update, \
(nettle_crypt_func *) type##_##name##_encrypt, \
(nettle_crypt_func *) type##_##name##_decrypt, \
(nettle_hash_digest_func *) type##_##name##_digest, \
}
#define _NETTLE_AEAD_FIX(type, TYPE, name, key_size) { \
#type "-" #name, \
sizeof(struct type##_##name##_ctx), \
TYPE##_BLOCK_SIZE, \
key_size / 8, \
(nettle_set_key_func *) type##_##name##_set_key, \
(nettle_set_key_func *) type##_##name##_set_iv, \
(nettle_set_key_func *) type##_##name##_set_nonce, \
(nettle_hash_update_func *) type##_##name##_update, \
(nettle_crypt_func *) type##_##name##_encrypt, \
(nettle_crypt_func *) type##_##name##_decrypt, \
......
......@@ -5,15 +5,15 @@
static void
test_gcm_hash (const struct tstring *msg, const struct tstring *ref)
{
struct gcm_aes_ctx ctx;
struct gcm_aes128_ctx ctx;
const uint8_t z16[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
uint8_t digest[16];
ASSERT (ref->length == sizeof(digest));
gcm_aes_set_key (&ctx, 16, z16);
gcm_aes_set_iv (&ctx, 16, z16);
gcm_aes_update (&ctx, msg->length, msg->data);
gcm_aes_digest (&ctx, sizeof(digest), digest);
gcm_aes128_set_key (&ctx, 16, z16);
gcm_aes128_set_iv (&ctx, 16, z16);
gcm_aes128_update (&ctx, msg->length, msg->data);
gcm_aes128_digest (&ctx, sizeof(digest), digest);
if (!MEMEQ (ref->length, ref->data, digest))
{
fprintf (stderr, "gcm_hash failed, msg: %s\nOutput: ", msg->data);
......@@ -25,6 +25,27 @@ test_gcm_hash (const struct tstring *msg, const struct tstring *ref)
}
}
static void
gcm_aes128_set_key_wrapper (void *ctx, size_t length, const uint8_t *key)
{
ASSERT (length == AES128_KEY_SIZE);
gcm_aes_set_key (ctx, length, key);
}
static const struct nettle_aead
nettle_gcm_unified_aes128 = {
"gcm-aes128",
sizeof (struct gcm_aes_ctx),
GCM_BLOCK_SIZE,
AES128_KEY_SIZE,
gcm_aes128_set_key_wrapper,
(nettle_set_key_func *) gcm_aes_set_iv,
(nettle_hash_update_func *) gcm_aes_update,
(nettle_crypt_func *) gcm_aes_encrypt,
(nettle_crypt_func *) gcm_aes_decrypt,
(nettle_hash_digest_func *) gcm_aes_digest
};
void
test_main(void)
{
......@@ -117,6 +138,25 @@ test_main(void)
"16aedbf5a0de6a57a637b39b"),
SHEX("619cc5aefffe0bfa462af43c1699d050"));
/* Same test, but with old gcm_aes interface */
test_aead(&nettle_gcm_unified_aes128,
SHEX("feffe9928665731c6d6a8f9467308308"),
SHEX("feedfacedeadbeeffeedfacedeadbeef"
"abaddad2"),
SHEX("d9313225f88406e5a55909c5aff5269a"
"86a7a9531534f7da2e4c303d8a318a72"
"1c3c0c95956809532fcf0e2449a6b525"
"b16aedf5aa0de657ba637b39"),
SHEX("8ce24998625615b603a033aca13fb894"
"be9112a5c3a211a8ba262a3cca7e2ca7"
"01e4a9a4fba43c90ccdcb281d48c7c6f"
"d62875d2aca417034c34aee5"),
SHEX("9313225df88406e555909c5aff5269aa"
"6a7a9538534f7da1e4c303d2a318a728"
"c3c0c95156809539fcf0e2429a6b5254"
"16aedbf5a0de6a57a637b39b"),
SHEX("619cc5aefffe0bfa462af43c1699d050"));
/* Test case 7 */
test_aead(&nettle_gcm_aes192,
SHEX("00000000000000000000000000000000"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment