Cool. I've been working on an EVP interface for AEAD (part of a project for my Master's degree), but I haven't implemented gcm (or other) in openssl, yet. I think I can integrate these two pieces of code. I'd be interested in your test cases.
I have some gcm code I wrote that is written with support for the tables, so maybe we can work on bringing that into the code in this patch. Also, since I haven't taken time to learn about CCM, yet, are there serious restrictions on implementing an incremental interface for it? My next step was going to be an attempt to get some of the new SSL/AEAD stuff written, and it would be nice to be able to use a common EVP-like interface... Regards, ~Aaron Christensen On 10/5/07, Peter Waltenberg via RT <[EMAIL PROTECTED]> wrote: > > > (See attached file: ibm.patch) > > This contribution has complied with both local (Australian) and US export > requirements (as IBM is a US based company) and is donated to the OpenSSL > project under the terms of the existing OpenSSL license. > > Attached, a patch against OpenSSL 0.9.8e which adds support for the NIST > modes described in SP800-38B (CMAC), SP800-38C (AES-CCM) and the draft > SP800-38D (AES-GCM). > > We do have test cases against the NIST know answer data which I'll also > contribute, however those share common code to parse the NIST test data > and > will need to be built manually until someone works out how to integrate > them. > > Notes: > AES-CCM doesn't use the normal Init/Update/Final pattern as the standard > mandates that no decrypted data be available unless the tag check passes. > That's so ugly that this may as well be implemented in one pass. > > AES-GCM lacks table driven acceleration at this point, if no-one beats me > to it I'll add that in a few months. > > Peter > Peter Waltenberg > > >
