GNU bug report logs -
#65826
[PATCH] Add nonce support for gnutls-hash-mac
Previous Next
To reply to this bug, email your comments to 65826 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Fri, 08 Sep 2023 16:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
SK Kim <tttuuu888 <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Fri, 08 Sep 2023 16:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
As far as I understood, currently `gnutls-hash-mac' does not support nonce
input, so there is no way to properly hash with some MAC algorithms which
require nonce. (e.g AES-GMAC-128)
So I suggest adding an optional argument NONCE to `gnutls-hash-mac' to
support MAC algorithms with nonce.
What I have tested after applying the attached patch are as below.
1. AES-GMC-128/192/256 works correctly.
2. NONCE does not affect SHA256/SHA512 hash results, even if presented.
Since NONCE is added as an optional argument, I believe it will not even
affect existing code using the 'gnutls-hash-mac' function.
Thanks.
Seungki Kim
[Message part 2 (text/html, inline)]
[0001-add-nonce-support-for-gnutls-hash-mac.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Fri, 08 Sep 2023 16:19:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 65826 <at> debbugs.gnu.org (full text, mbox):
SK Kim <tttuuu888 <at> gmail.com> writes:
> As far as I understood, currently `gnutls-hash-mac' does not support nonce
> input, so there is no way to properly hash with some MAC algorithms which
> require nonce. (e.g AES-GMAC-128)
> So I suggest adding an optional argument NONCE to `gnutls-hash-mac' to
> support MAC algorithms with nonce.
>
> What I have tested after applying the attached patch are as below.
> 1. AES-GMC-128/192/256 works correctly.
> 2. NONCE does not affect SHA256/SHA512 hash results, even if presented.
>
> Since NONCE is added as an optional argument, I believe it will not even
> affect existing code using the 'gnutls-hash-mac' function.
Sounds useful. Could you add unit tests for this, though? In
particular, it would be good to test your number 1 and 2 above.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Fri, 08 Sep 2023 16:34:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 65826 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thank you for your good suggestion.
It seems like test/lisp/net/gnutls-tests.el would be the right place to add
unit tests for my patch.(Please let me know if it is not)
I will update the patch adding unit tests on this thread as soon as it is
ready.
Thanks.
2023년 9월 9일 (토) 오전 1:18, Stefan Kangas <stefankangas <at> gmail.com>님이 작성:
> SK Kim <tttuuu888 <at> gmail.com> writes:
>
> > As far as I understood, currently `gnutls-hash-mac' does not support
> nonce
> > input, so there is no way to properly hash with some MAC algorithms which
> > require nonce. (e.g AES-GMAC-128)
> > So I suggest adding an optional argument NONCE to `gnutls-hash-mac' to
> > support MAC algorithms with nonce.
> >
> > What I have tested after applying the attached patch are as below.
> > 1. AES-GMC-128/192/256 works correctly.
> > 2. NONCE does not affect SHA256/SHA512 hash results, even if presented.
> >
> > Since NONCE is added as an optional argument, I believe it will not even
> > affect existing code using the 'gnutls-hash-mac' function.
>
> Sounds useful. Could you add unit tests for this, though? In
> particular, it would be good to test your number 1 and 2 above.
>
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Fri, 08 Sep 2023 16:42:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 65826 <at> debbugs.gnu.org (full text, mbox):
Seungki Kim <tttuuu888 <at> gmail.com> writes:
> It seems like test/lisp/net/gnutls-tests.el would be the right place to add
> unit tests for my patch.(Please let me know if it is not)
It looks like the right place, yes.
> I will update the patch adding unit tests on this thread as soon as it is
> ready.
Great, thank you.
I'm also copying in Ted Zlatanov in case he has any comments.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Sat, 09 Sep 2023 05:51:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 65826 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I would like to update the patch to add more unit tests covering
SHA256/512, AES-GMAC-128/192/256 with nonce arguments.
GMAC test vectors are from NIST CAVP SP 800-38D.
I tried to keep the existing format as much as possible while only adding
additional unit tests.
Thanks.
2023년 9월 9일 (토) 오전 1:41, Stefan Kangas <stefankangas <at> gmail.com>님이 작성:
> Seungki Kim <tttuuu888 <at> gmail.com> writes:
>
> > It seems like test/lisp/net/gnutls-tests.el would be the right place to
> add
> > unit tests for my patch.(Please let me know if it is not)
>
> It looks like the right place, yes.
>
> > I will update the patch adding unit tests on this thread as soon as it is
> > ready.
>
> Great, thank you.
>
> I'm also copying in Ted Zlatanov in case he has any comments.
>
[Message part 2 (text/html, inline)]
[0002-add-unit-tests-for-gnutls-hash-mac.patch (text/x-patch, attachment)]
Severity set to 'wishlist' from 'normal'
Request was from
Stefan Kangas <stefankangas <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Sun, 10 Sep 2023 07:47:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#65826; Package
emacs.
(Sun, 10 Sep 2023 11:07:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 65826 <at> debbugs.gnu.org (full text, mbox):
On Sat, 9 Sep 2023 14:50:02 +0900 Seungki Kim <tttuuu888 <at> gmail.com> wrote:
SK> I would like to update the patch to add more unit tests covering
SK> SHA256/512, AES-GMAC-128/192/256 with nonce arguments.
SK> GMAC test vectors are from NIST CAVP SP 800-38D.
SK> I tried to keep the existing format as much as possible while only adding
SK> additional unit tests.
Wow, it's really good to add this test coverage.
Thank you for working on it.
Ted
This bug report was last modified 1 year and 279 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.