[Git][NTPsec/ntpsec][master] 6 commits: nts.adoc: Capitalize a MUST
Hal Murray
hmurray at megapathdsl.net
Fri Feb 8 22:12:44 UTC 2019
> Unfortunately, in this case, I'm not sure if OpenSSL implements cipher
> strings for AEAD selection. I don't think they do. So _if_ we implement more
> than AES_SIV_CMAC_256, we may have to roll our own. However, _if_ we have to
> roll our own, we should make it behave similarly to OpenSSL cipher strings.
There are 2 string "registries" in this area.
IANA maintains one. That's what we use on the wire. It's started in RFC
5116. RFC 5297 covers the case we want. The magic number is 15.
The other one is in the crypto part of OpenSSL. They support strings like
"MD5" and "SHA1" for simple crypto algorithms. You can feed those to the CMAC
routines that we use for shared key authentication.
OpenSSL doesn't support what we need yet.
Daniel has code that does.
https://github.com/dfoxfranke/libaes_siv
It doesn't build on NetBSD and gets warnings on FreeBSD.
My plan is to ignore the requested options, wire "15" in to the protocol and call Daniel's code directly. We can clean things up when we have a selection of algorithms to use.
--
These are my opinions. I hate spam.
More information about the devel
mailing list