On Wed, 6 Dec 2017, f masood via dev-tech-crypto wrote:
On Wednesday, December 6, 2017 at 7:51:13 PM UTC+5, Andrew Cagney wrote:
I'm looking at implementing AES_XCBC using NSS. That is:
AES-XCBC-MAC-96: https://tools.ietf.org/html/rfc3566#section-4
AES-XCBC-MAC-PRF: https://tools.ietf.org/html/rfc4434
(the latter adds a recursive rule for building a fixed size key from a
variable key)
reading NSS's "documentation", I've turned up AES_MAC, but I'm
guessing that that is just implementing the primitive
https://en.wikipedia.org/wiki/CBC-MAC using AES.
Is there anything else, or will I be needing to implement things by
wrapping this primitive? (and if so, was there a test I could look at
for the existing code?)
Andrew
What version of NSS are you targeting ?
Libreswan can handle something not being available in some versions of
NSS. If it is not supported, we'd like the support to be added to a new
version of NSS.
I dont think that currently NSS has support of this XCBC, so you'll have to do
changes and then compile ?
It's fine for libreswan to not support it if support is missing in NSS.
Whats your scenario? I mean are you going to use this cihersuite for ipsec
application ?
It will be used as IKE algorithm. IPsec (ESP) crypto is handled by the
kernel.
Paul
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto