Thanks, the GCM table code would be appreciated. Test cases, I'd hope within a couple of weeks. IBM throws a wrapper around OpenSSL, and our test cases currently test the code via that wrapper, so I have to do more than just a copy.
CCM - the only problem with it is the NIST standard - you aren't allowed to produce any decrypted output unless the tags match and you can't check the tag until you've processed the entire data stream. Without that I've have coded it with the normal Init/Update/Final pattern - with that restriction it was easier for me and with the users I support - to make the limitation explicit. The original coding was Init/Update/Final so it should be fairly easy to revert. Peter From: "Aaron Christensen" <[EMAIL PROTECTED]> To: openssl-dev@openssl.org Date: 07/10/2007 05:56 Subject: Re: [openssl.org #1585] NIST CMAC, AES-CCM and AES-GCM modes Cool. I've been working on an EVP interface for AEAD (part of a project for my Master's degree), but I haven't implemented gcm (or other) in openssl, yet. I think I can integrate these two pieces of code. I'd be interested in your test cases. I have some gcm code I wrote that is written with support for the tables, so maybe we can work on bringing that into the code in this patch. Also, since I haven't taken time to learn about CCM, yet, are there serious restrictions on implementing an incremental interface for it? My next step was going to be an attempt to get some of the new SSL/AEAD stuff written, and it would be nice to be able to use a common EVP-like interface... Regards, ~Aaron Christensen On 10/5/07, Peter Waltenberg via RT <[EMAIL PROTECTED]> wrote: (See attached file: ibm.patch) This contribution has complied with both local (Australian) and US export requirements (as IBM is a US based company) and is donated to the OpenSSL project under the terms of the existing OpenSSL license. Attached, a patch against OpenSSL 0.9.8e which adds support for the NIST modes described in SP800-38B (CMAC), SP800-38C (AES-CCM) and the draft SP800-38D (AES-GCM). We do have test cases against the NIST know answer data which I'll also contribute, however those share common code to parse the NIST test data and will need to be built manually until someone works out how to integrate them. Notes: AES-CCM doesn't use the normal Init/Update/Final pattern as the standard mandates that no decrypted data be available unless the tag check passes. That's so ugly that this may as well be implemented in one pass. AES-GCM lacks table driven acceleration at this point, if no-one beats me to it I'll add that in a few months. Peter Peter Waltenberg ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]