[Swan-dev] Adding AES-GCM and AES-CCM
Andrew Cagney
andrew.cagney at gmail.com
Wed Dec 24 21:28:53 EET 2014
Hi,
I'm looking to add AES_GCM and AES_CCM, the're different in that they
do both encryption/hashing decryption/verifying via a single
interface. For a good discussion see:
https://tools.ietf.org/html/rfc5116
This means that "struct encrypt_desc", crypto method:
void (*do_crypt)(u_int8_t *dat,
size_t datasize,
PK11SymKey *key,
u_int8_t *iv,
bool enc);
, in addition to receiving:
- the key
- the starting variable (aka IV/counter-block/nonce/...)
- the data to be encrypted/decrypted
is minimally going to require:
- any extra data that doesn't need encrypting but does need to be
hashed (i.e., the ike header)
- space to put the hash result (the struct will need to specify how
much space is needed)
I can think of several ways of achieving this:
- just add more parameters to the existing method
- add a second method (with the extra/changed parameters) that sits
beside the above
- define an entirely new struct for this family of algorithms
I suspect that adding a second method will be the least intrusive and
most robust. But someone else, closer to the code, might have a
stronger intuition :-)
Either way, I'll hack something up post boxing day.
Andrew
More information about the Swan-dev
mailing list