>> - EVP support for the CTR128 modes *1) (AES and Camellia), as these >> are required in the GCTR [SP800-38D] function of the GCM (instead of >> a block-wise use of the ECB mode), >> > > Andy has added EVP support for CTR128 already.
Unfortunately, I do not have access to the CVS. So, as I had needed it some time before, I did it in my project development. Just had a look at [http://cvs.openssl.org/filediff?f=openssl/crypto/objects/objects.txt&v1=1.85&v2=1.86] where the CTR is now implemented for AES (not Camellia). The only further difference to my implementation seems to be the name: AES-nnn-CTR128 (to allow further CTR modes) instead of AES-nnn-CTR. Might be this will not be necessary. > I don't see why the existing EVP_CIPHER interface isn't suitable. You add a > new flag for GCM/CCM mode and pass or retrieve additional information via > standardized ctrls. The difficulties I see are the restricted parameters at EVP_CipherInit_ex(), EVP_CipherUpdate(), and EVP_CipherFinal_ex(). For the GCM (and other AEAD modes) the EVP_CipherInit_ex() would require an additional iv-length parameter. Besides the EVP_CipherUpdate(), an extra function for EVP_AadUpdate() (same syntax as HMAC_Update) will be necessary, and the EVP_CipherFinal_ex() will require extra parameters for *md and its length (similar to HMAC_Final 2nd&3rd parameter). Alternatively *outm and *outl of EVP_CipherFinal_ex() could be "abused" to give the digest back. Putting an EVP_AadUpdate() function into EVP_CIPHER_CTX_ctrl(), would mean that the base functionality of the GCM will not available without using the ctrl, which would make the GMAC and GCM uncomfortable to use. > If you add a whole new API you end up needing new algorithm tables, new ENGINE > functions, new BIOs etc. The reason for my idea of an AEAD was just to keep the list of algo - mode combinations small. (Engines could still be used by the internal calling of the CTR algorithm.) But if this is not an issue, adding an EVP_AadUpdate() at least would be fine. Peter-Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
