Dan McDonald wrote:
[skip]
> Like I said, let's get the known-open one(s) working first, THEN you can
> attack your own problem to see if anything needs to be different.
>
I had no intention to ATTACK:) I just shared my view with community (
the possibility to discuss is, I hope, one of the main reason we have
the community, right?) 'cause I really excited by having OpenSolaris
open source and even more I'll be happy seeing its getting more and more
beautiful each day:)
>>> How do you pass the values that need to be included but aren't part of the
>>> explicit ciphertext? I don't see how to do that. We need a way to pass AAD
>>> into a combined-mode cipher. We have a way to do it with MAC algorithms,
>>> but
>>> not with ciphers.
>> We also have a way to pass it to "dual" algorithms. See
>> crypto_dual_cipher_mac_ops (9s) for exaple. ( hail to SCF guys ).
>
> Yes... perhaps combined-modes can only be accessed via the
> dual_cipher_mac_ops entry points? And we do *that* already in ESP.
>
>>From here on out we are probably veering into design discussions, which is
> okay by me! We will have to change ESP's preparation (esp_submit*()
> functions) if ESP's using a combined-mode cipher.
Completely agree with you
[skip]
>
> Team IPsec is a bit swamped right now, and AES CCM itself isn't *in* the
> crypto framework _yet_. If you can get your classified cipher to have its
> AAD properties identical to AES CCM and GCM, I suspect you'll be in a good
> position. And I prefer cooperation to competition! :)
Of course, I meant "friendly competition":) Though, cooperation is
definely what it should be:)
Thank you for your time.
Was a pleasure to discuss this matter with you all.
Best regards,
alexz.
