From f8c206ed23e98a62c2b4d17237d6c0a2f6050843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= Date: Wed, 15 May 2019 10:24:48 +0200 Subject: [PATCH] New SIV key size constants. Use in tests. --- ChangeLog | 4 +++ siv-cmac.h | 4 +++ testsuite/siv-test.c | 64 ++++++++++++++++++-------------------------- 3 files changed, 34 insertions(+), 38 deletions(-) diff --git a/ChangeLog b/ChangeLog index d1336130..3f210b25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2019-05-15 Niels Möller + * siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE): + New constants. + * testsuite/siv-test.c: Simplify tests a little. + * siv-cmac.h (SIV_MIN_NONCE_SIZE): New constant, 1. * siv-cmac.c (_siv_s2v): Require non-empty nonce. * nettle.texinfo (SIV-CMAC): Update documentation. diff --git a/siv-cmac.h b/siv-cmac.h index a56dfd79..881a59ba 100644 --- a/siv-cmac.h +++ b/siv-cmac.h @@ -88,6 +88,8 @@ siv_cmac_decrypt_message(struct cmac128_ctx *siv_cmac_ctx, const void *cmac_ciph #define SIV_CMAC_CTX(type) { struct CMAC128_CTX(type) siv_cmac; type siv_cipher; } /* SIV_CMAC_AES128 */ +#define SIV_CMAC_AES128_KEY_SIZE 32 + struct siv_cmac_aes128_ctx SIV_CMAC_CTX(struct aes128_ctx); void @@ -106,6 +108,8 @@ siv_cmac_aes128_decrypt_message(struct siv_cmac_aes128_ctx *ctx, size_t mlength, uint8_t *dst, const uint8_t *src); /* SIV_CMAC_AES256 */ +#define SIV_CMAC_AES256_KEY_SIZE 64 + struct siv_cmac_aes256_ctx SIV_CMAC_CTX(struct aes256_ctx); void diff --git a/testsuite/siv-test.c b/testsuite/siv-test.c index b2d5ccb4..627e3844 100644 --- a/testsuite/siv-test.c +++ b/testsuite/siv-test.c @@ -112,8 +112,7 @@ test_cipher_siv(const char *name, nettle_set_key_func *siv_set_key, nettle_encrypt_message_func *siv_encrypt, nettle_decrypt_message_func *siv_decrypt, - unsigned context_size, - const struct nettle_cipher *cipher, + size_t context_size, size_t key_size, const struct tstring *key, const struct tstring *nonce, const struct tstring *authdata, @@ -125,12 +124,11 @@ test_cipher_siv(const char *name, uint8_t *de_data; int ret; - ASSERT (key->length == cipher->key_size*2); + ASSERT (key->length == key_size); ASSERT (cleartext->length + SIV_DIGEST_SIZE == ciphertext->length); de_data = xalloc(cleartext->length+SIV_DIGEST_SIZE); en_data = xalloc(ciphertext->length); - cipher->set_encrypt_key(ctx, key->data); /* Ensure we get the same answers using the all-in-one API. */ memset(de_data, 0, cleartext->length); @@ -175,17 +173,19 @@ test_cipher_siv(const char *name, free(de_data); } -#define test_siv_aes128(name, ctx_size, cipher, key, nonce, authdata, cleartext, ciphertext) \ - test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes128_set_key, \ - (nettle_encrypt_message_func*)siv_cmac_aes128_encrypt_message, \ - (nettle_decrypt_message_func*)siv_cmac_aes128_decrypt_message, ctx_size, cipher, \ - key, nonce, authdata, cleartext, ciphertext) +#define test_siv_aes128(name, key, nonce, authdata, cleartext, ciphertext) \ + test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes128_set_key, \ + (nettle_encrypt_message_func*)siv_cmac_aes128_encrypt_message, \ + (nettle_decrypt_message_func*)siv_cmac_aes128_decrypt_message, \ + sizeof(struct siv_cmac_aes128_ctx), SIV_CMAC_AES128_KEY_SIZE, \ + key, nonce, authdata, cleartext, ciphertext) -#define test_siv_aes256(name, ctx_size, cipher, key, nonce, authdata, cleartext, ciphertext) \ - test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes256_set_key, \ - (nettle_encrypt_message_func*)siv_cmac_aes256_encrypt_message, \ - (nettle_decrypt_message_func*)siv_cmac_aes256_decrypt_message, ctx_size, cipher, \ - key, nonce, authdata, cleartext, ciphertext) +#define test_siv_aes256(name, key, nonce, authdata, cleartext, ciphertext) \ + test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes256_set_key, \ + (nettle_encrypt_message_func*)siv_cmac_aes256_encrypt_message, \ + (nettle_decrypt_message_func*)siv_cmac_aes256_decrypt_message, \ + sizeof(struct siv_cmac_aes256_ctx), SIV_CMAC_AES256_KEY_SIZE, \ + key, nonce, authdata, cleartext, ciphertext) void test_main(void) @@ -195,8 +195,7 @@ test_main(void) /* * Example with small nonce, no AD and no plaintext */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("01"), @@ -206,8 +205,7 @@ test_main(void) /* * Example with small nonce, no AD and plaintext */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("02"), @@ -219,8 +217,7 @@ test_main(void) /* * Example with length < 16 */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("02"), @@ -233,8 +230,7 @@ test_main(void) /* * Example with length > 16 */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("020304"), @@ -252,8 +248,7 @@ test_main(void) /* * Example with single AAD, length > 16 */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), @@ -271,8 +266,7 @@ test_main(void) /* * Example with single AAD, length < 16 */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), @@ -285,8 +279,7 @@ test_main(void) /* AES-SIV-CMAC-512 (AES-256) from dchest/siv repo */ - test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_cmac_aes256_ctx), - &nettle_aes256, + test_siv_aes256("SIV_CMAC_AES256", SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "6f6e6d6c 6b6a6968 67666564 63626160" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff" @@ -301,8 +294,7 @@ test_main(void) /* AES-SIV-CMAC-512 (AES-256) */ - test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_cmac_aes256_ctx), - &nettle_aes256, + test_siv_aes256("SIV_CMAC_AES256", SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -317,8 +309,7 @@ test_main(void) /* * Example with length > 16 */ - test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_cmac_aes256_ctx), - &nettle_aes256, + test_siv_aes256("SIV_CMAC_AES256", SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -338,8 +329,7 @@ test_main(void) /* * Example with single AAD, length > 16 */ - test_siv_aes256("AES_SIV_CMAC512", sizeof(struct siv_cmac_aes256_ctx), - &nettle_aes256, + test_siv_aes256("SIV_CMAC_AES256", SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -362,8 +352,7 @@ test_main(void) * Example from miscreant.js with no AD * https://github.com/miscreant/miscreant.js/blob/master/vectors/aes_siv_aead.tjson */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("10111213 1415161718191a1b1 c1d1e1f2" @@ -376,8 +365,7 @@ test_main(void) /* * Example from miscreant.js with AD */ - test_siv_aes128("AES_SIV_CMAC256", sizeof(struct siv_cmac_aes128_ctx), - &nettle_aes128, + test_siv_aes128("SIV_CMAC_AES128", SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), -- 2.24.1