Niels Möller | 22 Apr 21:42 2014
Picon
Picon
Picon

Rename, MD5_DATA_SIZE -> MD5_BLOCK_SIZE, etc ?

In another forum, it was suggested that UMAC_DATA_SIZE be renamed to
UMAC_BLOCK_SIZE, and for consistency one could do the same with, e.g.,
MD5_DATA_SIZE. For the time being, the old names should be kept for
backwards compatibility.

Unlike block sizes for ciphers, these *_DATA_SIZE constants are rarely
needed by applications; they are in the public headers mainly because
they determine the buffer sizes in the context structs, and they are
also needed for the HMAC construction. So the naming is not totally
illogical, but I think using *_BLOCK_SIZE would be more consistent.

What do you think?

Regards,
/Niels

--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Owen Kirby | 13 Apr 06:49 2014

[PATCH] Some CCM mode documentation

Here's a first stab at assembling some documentation about CCM mode and its API. 
It's probably still in need some some good proofreading for grammar and consistency.

Some minor nits that I noticed about the API while writing it:
  - ccm_decrypt_message uses const void * for the cipher context, but all the
    other interfaces use void * for this. 
  - passing the clength rather mlength to ccm_decrypt_message could be a little
    confusing when compared to the rest of the API. In retrospect, I think Neils's
    initial suggestion on this API was probably the better way to go.

Cheers,
Owen

From 0b0651a6e754652d9ce1aa7c2f6f7cbc3fc498bc Mon Sep 17 00:00:00 2001
From: Owen Kirby <osk@...>
Date: Sat, 12 Apr 2014 21:31:39 -0700
Subject: [PATCH]   Added CCM mode to the documentation.

---
 nettle.texinfo |  225 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 224 insertions(+), 1 deletion(-)

diff --git a/nettle.texinfo b/nettle.texinfo
index 68883a5..c988eb6 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
 <at>  <at>  -88,6 +88,7  <at>  <at>  Cipher modes
 * CBC::                         
 * CTR::                         
 * GCM::                         
(Continue reading)

Niels Möller | 11 Apr 19:49 2014
Picon
Picon
Picon

Feature removals

I'm considering removing the following features:

* des-compat.h and all its functions. This provides some level of
  compatiblity with libdes (and possibly also old versions of
  openssl/ssleay). I've not heard of anyone actually using this.

* rsa-compat.h and all its functions. Compatibility with RSAREF. I've
  never heard of anyone actually using this either.

* The nettle_next_prime function. No longer used internally in Nettle's
  key generation functions, and applications should use the
  corresponding GMP function instead.

Any objections? If you know of any use of these features, please speak
up.

(In case a feature is removed and it later turns out to be a mistake,
I'm open to reintroduce features in an update, but I believe there's
little need to keep these around).

And any other cruft which should be removed while we're at it?

Regards,
/Niels

--

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Nikos Mavrogiannopoulos | 10 Apr 19:15 2014

[PATCH] Enabled tests for openssl curves secp256r1 and secp192r1.

This patch allows comparing the performance differences in secp256r1
(the curve mostly used in the web), between nettle and openssl.

regards,
Nikos

_______________________________________________
nettle-bugs mailing list
nettle-bugs@...
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Owen Kirby | 20 Mar 22:31 2014

[PATCH v3] CCM Cipher Modes

Latest round of changes to the CCM modes, this moves the processing of L(a) into
ccm_set_nonce() and updates the all-at-once API to concatenate the ciphertext and
digest together.

Cheers,
Owen

2014-03-20	Owen Kirby	<osk-P9r0bUo1+ibQT0dZR+AlfA <at> public.gmane.org>
* ccm.c (ccm_digest, ccm_set_nonce): Moved L(a) generation into ccm_set_nonce()
* ccm.c (ccm_encrypt_message): Modified API to append the tag to the ciphertext.
* ccm.c (ccm_decrypt_message): Modified API to parse the tag from the ciphertext.
* ccm.h (struct ccm_ctx): Removed alen parameter, and made blength unsigned.
* testsuite/ccm-test.c: Updated the test vectors for the all-at-once API.

2014-03-14	Owen Kirby	<osk-P9r0bUo1+ibQT0dZR+AlfA <at> public.gmane.org>
* ccm-aes.c: Removed legacy AES API.
* ccm.c (ccm_encrypt_message): Added all-at-once API for CCM mode ciphers.
* ccm.c (ccm_digest): Added assert to ensure CCM digest length <= block size.
* ccm.h: Updated copyright for CCM modes to Owen Kirby and Exegin Technologies.
* ccm.c: Minor changes to CCM IV and nonce building functions.
* ccm-aesXXX.c: Added all-at-once API, and removed the CCM helper macros.
* testsuite/ccm-test.c: Added tests for the cipher-specific CCM functions.
* testsuite/.test-rules.make: Fixed the building of the CCM self-test.

From 7643b88984cc71deb16ae2f3e91a6e7a0e2b8023 Mon Sep 17 00:00:00 2001
From: Owen Kirby <osk-P9r0bUo1+ibQT0dZR+AlfA <at> public.gmane.org>
Date: Wed, 20 Mar 2014 14:28:56 -0800
Subject: [PATCH]   Support for CCM mode ciphers.

---
(Continue reading)

Joachim Strömbergson | 20 Mar 20:02 2014
Picon

[REVISED PATCH] Update of sha512.c to add support for sha512_224 and sha512_256.


Aloha!

And here is the patch for sha512.c in unified diff format. Hopfully the
attachment will also be signed now. ;-)

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim <at> secworks.se
========================================================================
--- /Users/js/Sandbox/external/nettle/sha512.c	2014-01-03 19:29:24.000000000 +0100
+++ sha512.c	2014-03-20 18:03:50.000000000 +0100
 <at>  <at>  -71,13 +71,13  <at>  <at> 
   0x72BE5D74F27B896FULL,0x80DEB1FE3B1696B1ULL,
   0x9BDC06A725C71235ULL,0xC19BF174CF692694ULL,
   0xE49B69C19EF14AD2ULL,0xEFBE4786384F25E3ULL,
-  0xFC19DC68B8CD5B5ULL,0x240CA1CC77AC9C65ULL,
+  0x0FC19DC68B8CD5B5ULL,0x240CA1CC77AC9C65ULL,
   0x2DE92C6F592B0275ULL,0x4A7484AA6EA6E483ULL,
   0x5CB0A9DCBD41FBD4ULL,0x76F988DA831153B5ULL,
   0x983E5152EE66DFABULL,0xA831C66D2DB43210ULL,
   0xB00327C898FB213FULL,0xBF597FC7BEEF0EE4ULL,
   0xC6E00BF33DA88FC2ULL,0xD5A79147930AA725ULL,
-  0x6CA6351E003826FULL,0x142929670A0E6E70ULL,
+  0x06CA6351E003826FULL,0x142929670A0E6E70ULL,
(Continue reading)

Joachim Strömbergson | 20 Mar 19:55 2014
Picon

[REVISED PATCH] Update of sha2.h to add sha512_224 and sha512_256.

Aloha!

Ok here is a revised patch with defines of update functions like for
sha384. This patch is in unified format.

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim <at> secworks.se
========================================================================
--- /Users/js/Sandbox/external/nettle/sha2.h	2014-01-03 19:29:24.000000000 +0100
+++ sha2.h	2014-03-20 19:52:06.000000000 +0100
 <at>  <at>  -44,6 +44,12  <at>  <at> 
 #define sha512_update nettle_sha512_update
 #define sha512_digest nettle_sha512_digest

+#define sha512_224_init   nettle_sha512_224_init
+#define sha512_224_digest nettle_sha512_224_digest
+#define sha512_256_init   nettle_sha512_256_init
+#define sha512_256_digest nettle_sha512_256_digest
+
+  
 /* SHA256 */

 #define SHA256_DIGEST_SIZE 32
 <at>  <at>  -125,7 +131,8  <at>  <at> 
(Continue reading)

Joachim Strömbergson | 20 Mar 18:23 2014
Picon

[PATCH] Add support for SHA-512-224 and SHA-512-256 in sha512.c


Aloha!

Note that this patch also adds zero extension to a few of the constants
in the K constant table to fix the layout. Does not affect the
functionality per se.

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim <at> secworks.se
========================================================================
74c74
<   0xFC19DC68B8CD5B5ULL,0x240CA1CC77AC9C65ULL,
---
>   0x0FC19DC68B8CD5B5ULL,0x240CA1CC77AC9C65ULL,
80c80
<   0x6CA6351E003826FULL,0x142929670A0E6E70ULL,
---
>   0x06CA6351E003826FULL,0x142929670A0E6E70ULL,
99c99
<   0x6F067AA72176FBAULL,0xA637DC5A2C898A6ULL,
---
>   0x06F067AA72176FBAULL,0x0A637DC5A2C898A6ULL,
239a240,305
> 
(Continue reading)

Joachim Strömbergson | 20 Mar 18:21 2014
Picon

[PATCH] Add support for SHA-512-224 and SHA-512-256 in sha2.h


Aloha!

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim <at> secworks.se
========================================================================
46a47,52
> #define sha512_224_init   nettle_sha512_224_init
> #define sha512_224_digest nettle_sha512_224_digest
> #define sha512_256_init   nettle_sha512_256_init
> #define sha512_256_digest nettle_sha512_256_digest
> 
>   
128c134,135
< 
---
>   
>   
151a159,177
> 
> /* SHA512_224 and SHA512_256, two truncated versions of SHA512 
> with different initial states. */
> void
> sha512_224_init(struct sha512_ctx *ctx);
(Continue reading)

Joachim Strömbergson | 19 Mar 15:00 2014
Picon

Support for FIPS 180-4 SHA-512/256?


Aloha!

Looking at sha2.h it seems that Nettle does not support the truncated
SHA-512 versions SHA-512/224 and SHA-512/256 as defined in FIPS 180-4,
correct?

If not is that something that would be interesting to add? It is not a
very big addition - basically add more variants of the H0-constants and
then truncate. The benefit for users would be better performance on 64
bit CPUs compared to SHA-256 and SHA-224.

--

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim <at> secworks.se
========================================================================
Owen Kirby | 15 Mar 01:06 2014

[PATCH v2] CCM Cipher Modes

I've incorporated a few of your suggestions and updated my patch for the CCM cipher
modes. This improves the API coverage in the CCM test suite, adds the all-at-once
API for message processing, and fixes the copyright of the CCM mode source code.

Thanks,
Owen

ChangeLog from V1 of the patch:

2014-03-14	Owen Kirby	<osk-P9r0bUo1+ibQT0dZR+AlfA <at> public.gmane.org>
* ccm-aes.c: Removed legacy AES API.
* ccm.c (ccm_encrypt_message): Added all-at-once API for CCM mode ciphers.
* ccm.c (ccm_digest): Added assert to ensure CCM digest length <= block size.
* ccm.h: Updated copyright for CCM modes to Owen Kirby and Exegin Technologies.
* ccm.c: Minor changes to CCM IV and nonce building functions.
* ccm-aesXXX.c: Added all-at-once API, and removed the CCM helper macros.
* testsuite/ccm-test.c: Added tests for the cipher-specific CCM functions.
* testsuite/.test-rules.make: Fixed the building of the CCM self-test.

From 0e40ade7f0f3e41783973e53c50b10ba497e52e7 Mon Sep 17 00:00:00 2001
From: Owen Kirby <osk-P9r0bUo1+ibQT0dZR+AlfA <at> public.gmane.org>
Date: Wed, 5 Mar 2014 19:40:56 -0800
Subject: [PATCH]   Support for CCM mode ciphers.

---
 Makefile.in                |    1 +
 ccm-aes128.c               |  101 +++++++
 ccm-aes192.c               |  102 +++++++
 ccm-aes256.c               |  103 +++++++
 ccm.c                      |  253 ++++++++++++++++
(Continue reading)


Gmane