Re: AES_XCBC?
Because Variety is the spice of life On 7 December 2017 at 23:41, f masood via dev-tech-cryptowrote: > can you elaborate why you're focusing on NSS not OPENSSL for this task ? > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: AES_XCBC?
can you elaborate why you're focusing on NSS not OPENSSL for this task ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: AES_XCBC?
On Wed, 6 Dec 2017, f masood via dev-tech-crypto wrote: On Wednesday, December 6, 2017 at 7:51:13 PM UTC+5, Andrew Cagney wrote: I'm looking at implementing AES_XCBC using NSS. That is: AES-XCBC-MAC-96: https://tools.ietf.org/html/rfc3566#section-4 AES-XCBC-MAC-PRF: https://tools.ietf.org/html/rfc4434 (the latter adds a recursive rule for building a fixed size key from a variable key) reading NSS's "documentation", I've turned up AES_MAC, but I'm guessing that that is just implementing the primitive https://en.wikipedia.org/wiki/CBC-MAC using AES. Is there anything else, or will I be needing to implement things by wrapping this primitive? (and if so, was there a test I could look at for the existing code?) Andrew What version of NSS are you targeting ? Libreswan can handle something not being available in some versions of NSS. If it is not supported, we'd like the support to be added to a new version of NSS. I dont think that currently NSS has support of this XCBC, so you'll have to do changes and then compile ? It's fine for libreswan to not support it if support is missing in NSS. Whats your scenario? I mean are you going to use this cihersuite for ipsec application ? It will be used as IKE algorithm. IPsec (ESP) crypto is handled by the kernel. Paul -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: AES_XCBC?
On Wednesday, December 6, 2017 at 7:51:13 PM UTC+5, Andrew Cagney wrote: > I'm looking at implementing AES_XCBC using NSS. That is: > > AES-XCBC-MAC-96: https://tools.ietf.org/html/rfc3566#section-4 > AES-XCBC-MAC-PRF: https://tools.ietf.org/html/rfc4434 > > (the latter adds a recursive rule for building a fixed size key from a > variable key) > > reading NSS's "documentation", I've turned up AES_MAC, but I'm > guessing that that is just implementing the primitive > https://en.wikipedia.org/wiki/CBC-MAC using AES. > > Is there anything else, or will I be needing to implement things by > wrapping this primitive? (and if so, was there a test I could look at > for the existing code?) > > Andrew What version of NSS are you targeting ? I dont think that currently NSS has support of this XCBC, so you'll have to do changes and then compile ? Whats your scenario? I mean are you going to use this cihersuite for ipsec application ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
AES_XCBC?
I'm looking at implementing AES_XCBC using NSS. That is: AES-XCBC-MAC-96: https://tools.ietf.org/html/rfc3566#section-4 AES-XCBC-MAC-PRF: https://tools.ietf.org/html/rfc4434 (the latter adds a recursive rule for building a fixed size key from a variable key) reading NSS's "documentation", I've turned up AES_MAC, but I'm guessing that that is just implementing the primitive https://en.wikipedia.org/wiki/CBC-MAC using AES. Is there anything else, or will I be needing to implement things by wrapping this primitive? (and if so, was there a test I could look at for the existing code?) Andrew -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto