I just pushed some changes that should help your testing

Hal Murray hmurray at megapathdsl.net
Mon Apr 1 11:19:25 UTC 2019

I split out the ssl parts of processing in nts_server.  I didn't change 
nts_client yet.

I think I put the routines you want into nts.h


I think you can test cookies.  That will exercise the AES_SIV crypto routines.

You will need to call nts_cookie_init (to setup the crypto context)

If you call nts_cookie_init2, it will read in the "old" cookie passwords from 
a file.
You can point it at the right file by storing a filename in ntsconfig.KI,
else it uses a default.

You can avoid a file by calling  nts_make_cookie_key

To make a cookie, you have to feed nts_make_cookie
  a place to put the cookie  (NTS_MAX_COOKIELEN)
  aean - code for crypto algorithm to use.  Legal values are
  AEAD_AES_SIV_CMAC_xxx for xxx in 256, 384, and 512
  2 keys - you will have to invent them
  keylength: matches aean, values are 32, 48, and 64

unpack cookie should give you back aead, and the 2 keys and length

If you call nts_make_cookie the current key gets pushed to the old key
and the previous old key is lost.  If you call it again, the initial good key 
is lost and unpack_cookie will fail.

These are my opinions.  I hate spam.

More information about the devel mailing list