Thanks, the GCM table code would be appreciated. Test cases, I'd hope
within a couple of weeks. IBM throws a wrapper around OpenSSL, and our test
cases currently test the code via that wrapper, so I have to do more than
just a copy.
CCM - the only problem with it is the NIST standard - you aren't allowed to
produce any decrypted output unless the tags match and you can't check the
tag until you've processed the entire data stream.
Without that I've have coded it with the normal Init/Update/Final pattern
- with that restriction it was easier for me and with the users I support -
to make the limitation explicit. The original coding was Init/Update/Final
so it should be fairly easy to revert.
Peter
From: "Aaron Christensen" <[EMAIL PROTECTED]>
To: openssl-dev@openssl.org
Date: 07/10/2007 05:56
Subject: Re: [openssl.org #1585] NIST CMAC, AES-CCM and AES-GCM modes
Cool. I've been working on an EVP interface for AEAD (part of a project
for my Master's degree), but I haven't implemented gcm (or other) in
openssl, yet. I think I can integrate these two pieces of code. I'd be
interested in your test cases.
I have some gcm code I wrote that is written with support for the tables,
so maybe we can work on bringing that into the code in this patch.
Also, since I haven't taken time to learn about CCM, yet, are there serious
restrictions on implementing an incremental interface for it? My next step
was going to be an attempt to get some of the new SSL/AEAD stuff written,
and it would be nice to be able to use a common EVP-like interface...
Regards,
~Aaron Christensen
On 10/5/07, Peter Waltenberg via RT <[EMAIL PROTECTED]> wrote:
(See attached file: ibm.patch)
This contribution has complied with both local (Australian) and US export
requirements (as IBM is a US based company) and is donated to the OpenSSL
project under the terms of the existing OpenSSL license.
Attached, a patch against OpenSSL 0.9.8e which adds support for the NIST
modes described in SP800-38B (CMAC), SP800-38C (AES-CCM) and the draft
SP800-38D (AES-GCM).
We do have test cases against the NIST know answer data which I'll also
contribute, however those share common code to parse the NIST test data
and
will need to be built manually until someone works out how to integrate
them.
Notes:
AES-CCM doesn't use the normal Init/Update/Final pattern as the standard
mandates that no decrypted data be available unless the tag check passes.
That's so ugly that this may as well be implemented in one pass.
AES-GCM lacks table driven acceleration at this point, if no-one beats me
to it I'll add that in a few months.
Peter
Peter Waltenberg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
