[Swan-dev] Adding AES-GCM and AES-CCM
Paul Wouters
paul at nohats.ca
Sat Dec 27 21:24:15 EET 2014
On Wed, 24 Dec 2014, Andrew Cagney wrote:
> , in addition to receiving:
>
> - the key
> - the starting variable (aka IV/counter-block/nonce/...)
> - the data to be encrypted/decrypted
>
> is minimally going to require:
>
> - any extra data that doesn't need encrypting but does need to be
> hashed (i.e., the ike header)
> - space to put the hash result (the struct will need to specify how
> much space is needed)
>
> I can think of several ways of achieving this:
>
> - just add more parameters to the existing method
>
> - add a second method (with the extra/changed parameters) that sits
> beside the above
>
> - define an entirely new struct for this family of algorithms
>
> I suspect that adding a second method will be the least intrusive and
> most robust. But someone else, closer to the code, might have a
> stronger intuition :-)
Whatever results in the least amount of switch cases all over the code?
A second method sounds fine with me, possible determined by some new
flag in the encryper struct? Perhaps an enum for type of crypto
operation? (CBC, CTR, CCM, GCM, ...)
In the future, there might be more ECP related crypto operations as well
that will look very different.
Paul
More information about the Swan-dev
mailing list