On Wed, May 16, 2007 at 03:20:54PM +0400, lamo at ccs.ru wrote: > > Can you share your cipher with us as well? Or is it some sort of classified > > algorithm? It'll be VERY hard to justify supporting the second kind of > > cipher without some publishable algorithm that exploits the > > copy-SPI-and-replay field. > > > > It's a pity but this is algorithm is classified. And I understand the > burden to implement such algorithm.
Then let me suggest that we first get AES-CCM working, and then if you need *additional* changes you can do that in private, and submit any CDDL-covered changes back. > But I think that actual implementation is irrelevant in this case. I can > provide basic algoritm characteristics as block length, key length, ICV > lenght and etc. The main goal is to implement the support for such kind > of combined mode algorithms. But again, it may turn out that to support > this type of algorithm is not generic enough:( And here I agree with you > completely that we need more examples of such algorithms in public domain. Like I said, let's get the known-open one(s) working first, THEN you can attack your own problem to see if anything needs to be different. > > How do you pass the values that need to be included but aren't part of the > > explicit ciphertext? I don't see how to do that. We need a way to pass AAD > > into a combined-mode cipher. We have a way to do it with MAC algorithms, > > but > > not with ciphers. > > We also have a way to pass it to "dual" algorithms. See > crypto_dual_cipher_mac_ops (9s) for exaple. ( hail to SCF guys ). Yes... perhaps combined-modes can only be accessed via the dual_cipher_mac_ops entry points? And we do *that* already in ESP. >From here on out we are probably veering into design discussions, which is okay by me! We will have to change ESP's preparation (esp_submit*() functions) if ESP's using a combined-mode cipher. > >>> If you're ready to get combined-mode ciphers working with ESP, we're > >>> ready to > >>> help. It's an architectural issue, so we'll need to ARC it, but don't let > >>> that bother you. > >> I'm ready:) > > > > I wish you could share your copy-AAD-into-ciphertext algorithm. As it is, > > if > > you can wait for the crypto folks to deliver AES-CCM, then you could get > > AES-CCM working with IPsec! > > > I'll discuss the possiblity to redesign an algorithm (i.e. to make it > conform to first type of combined mode algorithm same as AES CCM ( GCM)) > with the authors. Seems to me that atm this way is the fastest one:) > After that I can, of course, share the skeleton ( w/o actual algorithm > implementation). But, I think the guys which are on AES CCM case ( which > was mentioned by Darren) will do it faster than me:) Though, we may > compete:) Team IPsec is a bit swamped right now, and AES CCM itself isn't *in* the crypto framework _yet_. If you can get your classified cipher to have its AAD properties identical to AES CCM and GCM, I suspect you'll be in a good position. And I prefer cooperation to competition! :) Dan
