On 13/11/2019 20:05, Santiago Torres-Arias wrote:
- Move from CBC to GCM -> would require us to implement this new cipher
block chaining (for which I can propose patches).
- Move from RSA key derivation to DSA/EDDSA variants for key derivation.
This would require implementing a new key derivation function. (for
this one I could also help, but I'd most likely want somebody familiar
with the codebase to help me navigate what's the best way forward).
However, the rest of the stack can still safely remain on RSA, and thus
we wouldn't need to reimplement other parts for the forseeable future.
As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
are probably best practice for a couple of years.
What does everybody think?
I would suggest implementing and submitting GCM first, since that is
likely to be a small and self-contained piece of work.
CBC in iPXE is implemented as a wrapper layer around an arbitrary
underlying block cipher: GCM should use the same approach.
The CBC implementation is wholly contained in include/ipxe/cbc.h and
crypto/cbc.c. This is then wrapped around raw AES using the
CBC_CIPHER() macro to create aes_cbc_algorithm in crypto/aes.c, and the
resulting AES-xxx-CBC ciphers are then tested for correctness (and
performance) in tests/aes_test.c.
As with the existing crypto code, test coverage will be required, and
should ideally use the published NIST test vectors.
Hope that helps, and thanks in advance!
Michael
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
