On Wed, Apr 18, 2012, Muschick, Paul wrote: > So, it's ironic that only after I post to the mailing list, I solve my first > problem. For visitors from the future, to fully add a new cipher suite, you > can't forget to add your cipher's EVP_CIPHER* accessor function (generated by > the BLOCK_CIPHER_custom macro) to SSL_library_init() in ssl_algs.c. > > Now that that's done, my client and server are negotiating the desired cipher > suite, but I'm getting the error SSL_R_CIPHER_OR_HASH_UNAVAILABLE. It seems > that CCM is defined as not using AEAD, but the flavor of CCM I'm trying to > enable uses AEAD, specifically AEAD_AES_128_CCM as defined in section 5.3 of > RFC 5116. > > Could someone tell me for sure that, while GCM is an AEAD algorithm, CCM is > not? > > My confusion lies in the fact I'm not familiar with encryption, plus one of > my reference documents, "AES-CCM ECC Cipher Suites for TLS" > (http://tools.ietf.org/html/draft-mcgrew-tls-aes-ccm-ecc-01), talks about CCM > and AEAD in the same breath. > > Also, RFC 5116 "An Interface and Algorithms for Authenticated Encryption" > (http://tools.ietf.org/html/rfc5116#page-14) defines 2 AEAD algorithms for > AES-CCM. Is that not the same CCM as OpenSSL already supports? >
Well it is AEAD but that flag is not set in the EVP_CIPHER structure because the relevant functionality for the EVP_CTRL_AEAD_TLS1_AAD ctrl is not currently implemented. You'd need to either follow the GCM example or add some mode specific code to the TLS code to ensure the IV is set up correctly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
