From 5dd173c05014fc0b31bb4f407ac20bea2b0dc8cf Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 10 Oct 2022 12:25:47 +0200 Subject: [PATCH] siv: add functions to return min and max nonce length While AES-SIV-CMAC allows nonces of any length, AES-GCM-SIV requires exactly 12 bytes, which is less than the unpadded minimum length of 16 used in the NTS authenticator field. These functions will be needed to support both ciphers in the NTS code. --- siv.h | 4 ++++ siv_gnutls.c | 16 ++++++++++++++++ siv_nettle.c | 16 ++++++++++++++++ test/unit/siv.c | 6 ++++++ 4 files changed, 42 insertions(+) diff --git a/siv.h b/siv.h index e303d34..868edbd 100644 --- a/siv.h +++ b/siv.h @@ -53,6 +53,10 @@ extern int SIV_GetKeyLength(SIV_Algorithm algorithm); extern int SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length); +extern int SIV_GetMinNonceLength(SIV_Instance instance); + +extern int SIV_GetMaxNonceLength(SIV_Instance instance); + extern int SIV_GetTagLength(SIV_Instance instance); extern int SIV_Encrypt(SIV_Instance instance, diff --git a/siv_gnutls.c b/siv_gnutls.c index aba2bab..95387f0 100644 --- a/siv_gnutls.c +++ b/siv_gnutls.c @@ -195,6 +195,22 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length) /* ================================================== */ +int +SIV_GetMinNonceLength(SIV_Instance instance) +{ + return 1; +} + +/* ================================================== */ + +int +SIV_GetMaxNonceLength(SIV_Instance instance) +{ + return INT_MAX; +} + +/* ================================================== */ + int SIV_GetTagLength(SIV_Instance instance) { diff --git a/siv_nettle.c b/siv_nettle.c index 04bc9ad..800beb7 100644 --- a/siv_nettle.c +++ b/siv_nettle.c @@ -144,6 +144,22 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length) /* ================================================== */ +int +SIV_GetMinNonceLength(SIV_Instance instance) +{ + return instance->min_nonce_length; +} + +/* ================================================== */ + +int +SIV_GetMaxNonceLength(SIV_Instance instance) +{ + return instance->max_nonce_length; +} + +/* ================================================== */ + int SIV_GetTagLength(SIV_Instance instance) { diff --git a/test/unit/siv.c b/test/unit/siv.c index 2465c68..54f435d 100644 --- a/test/unit/siv.c +++ b/test/unit/siv.c @@ -244,6 +244,12 @@ test_unit(void) } TEST_CHECK(SIV_GetKeyLength(tests[i].algorithm) == tests[i].key_length); + TEST_CHECK(SIV_GetMinNonceLength(siv) >= 1); + TEST_CHECK(SIV_GetMinNonceLength(siv) <= 12); + TEST_CHECK(SIV_GetMaxNonceLength(siv) >= 12); + TEST_CHECK(SIV_GetMinNonceLength(siv) <= SIV_GetMaxNonceLength(siv)); + if (fixed_nonce_length) + TEST_CHECK(SIV_GetMinNonceLength(siv) == SIV_GetMaxNonceLength(siv)); r = SIV_Encrypt(siv, tests[i].nonce, tests[i].nonce_length, tests[i].assoc, tests[i].assoc_length,