libtomcrypt
libtomcrypt copied to clipboard
libtom
[PoC/RFC] Add SIV
Checklist
- [ ] documentation is added or updated
- [x] tests are added or updated
This is a PoC/RFC for adding the enc+auth mode RFC5297 SIV - Synthetic Initialization Vector.
Feel free to tear it apart, improvements on the API welcome.
I had to decide how to process the AD's
- incremental
- by passing a vararg
- by passing an array of pointers
1 wasn't really an option AFAIU the RFC whether 2 or 3 I was like ¯\_(ツ)_/¯ so I went for 3
I didn't really look if it would make sense to have the context exposed so we could split the processing up in init()->add_ad()->{en,de}crypt()->done()
Does this enable implementation of AES-GCM-SIV?
https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-06
I haven't looked at that draft yet but this PR implements the "predecessor"
I've read a bit through the ML and I think we should wait until the RFC is finished to prevent something like #256.
Okay I played a bit with the implementation and I'm going to add an incremental add_AD() function.
Also there should be a siv_memory() function which has to support multiple AD's in one function call. I think I'll go the varargs way for that as it's already used as a pattern in the library whereas the array of pointers isn't. Any better ideas?
Just FYI - there is a bunch of AES-GCM-SIV test vectors in wycheproof test suite (look for aes_gcm_siv_test.json).
ust FYI - there is a bunch of AES-GCM-SIV test vectors in wycheproof test suite
thanks, but they don't help me now as this is only AES-SIV :)
I found those: https://github.com/randombit/botan/blob/master/src/tests/data/aead/siv.vec https://github.com/cryptomator/siv-mode/blob/master/src/test/resources/testcases.txt (attention, the file has 17mb ... you probably shouldn't click on the link ;) )
and I planned to hand-pick some of the cryptomator/siv-mode
Now exists as RFC8452 (April 2019):
- AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption
- https://tools.ietf.org/html/rfc8452