siv: set key directly with gnutls

A new function is provided by the latest gnutls (should be in 3.7.5) to
set the key of an AEAD cipher. If available, use it to avoid destroying
and creating a new SIV instance with each key change.

This improves the server NTS-NTP performance if using gnutls for SIV.

configure

@@ -988,6 +988,12 @@ if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then
       then
         EXTRA_OBJECTS="$EXTRA_OBJECTS siv_gnutls.o"
         add_def HAVE_SIV
+        if test_code 'gnutls_aead_cipher_set_key()' 'gnutls/crypto.h' \
+          "$test_cflags" "$test_link $LIBS" '
+            return gnutls_aead_cipher_set_key(NULL, NULL);'
+        then
+          add_def HAVE_GNUTLS_AEAD_CIPHER_SET_KEY
+        fi
       else
         if test_code 'AES128 in nettle' 'nettle/aes.h' '' "$LIBS" \
           'aes128_set_encrypt_key(NULL, NULL);'

siv_gnutls.c

@@ -165,17 +165,29 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
   datum.data = (unsigned char *)key;
   datum.size = length;
 
-  /* Initialise a new cipher with the provided key (gnutls does not seem to
+#ifdef HAVE_GNUTLS_AEAD_CIPHER_SET_KEY
-     have a function to change the key directly) */
+  if (instance->cipher) {
+    r = gnutls_aead_cipher_set_key(instance->cipher, &datum);
+    if (r < 0) {
+      DEBUG_LOG("Could not set cipher key : %s", gnutls_strerror(r));
+      return 0;
+    }
+
+    return 1;
+  }
+#endif
+
+  /* Initialise a new cipher with the provided key */
   r = gnutls_aead_cipher_init(&cipher, instance->algorithm, &datum);
   if (r < 0) {
     DEBUG_LOG("Could not initialise %s : %s", "cipher", gnutls_strerror(r));
     return 0;
   }
 
-  /* Replace the previous cipher */
+  /* Destroy the previous cipher (if its key could not be changed directly) */
   if (instance->cipher)
     gnutls_aead_cipher_deinit(instance->cipher);
+
   instance->cipher = cipher;
 
   return 1;