[gnutls-devel] GnuTLS | Add support for AES CMAC mac (!786)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Oct 26 23:50:24 CEST 2018


0. Why are you adding all these algorithms to GnuTLS? (You have added CFB8, now comes CMAC and I saw that you were working on XTS.) Do you have any application in mind, which would benefit from using GnuTLS, rather than using Nettle directly?

1. Could you please change just `CMAC_128`/`CMAC_256` to `AES_CMAC_128`/`AES_CMAC_256` (and so on for lower case names). Nettle code uses cmac128 for generic 128-bit-block CMAC version (e.g. for GOST ciphers I'm adding `cmac64_*` interface). However CMAC code is not specific to AES (NIST defines TDEA-CMAC-xxx, CMAC computed using 3DES as basis).

2. [NIST SP800-38B](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf) contained test vectors with tags which are exactly 16 bytes long. It is replaced now, but [examples for AES-CMAC](https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf) page also has 16-byte tags. Could you please re-verify them and just attribute them to NIST SP800-38A?

3. I think it's find to always return 16 bytes. If anybody wants, he can handle tag truncation manually.

4. Which part of GnuTLS MAC interface seems misnamed to you?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/786#note_112236320
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181026/94fa5d96/attachment.html>

More information about the Gnutls-devel mailing list