[openssl-dev] Auth and cipher ordering in AEAD ciphers
Short, Todd
tshort at akamai.com
Tue Jul 5 14:59:48 UTC 2016
AEAD ciphers within OpenSSL include AES-GCM, AES-CCM and ChaCha20-Poly1305 (among others). AES-128 CBC SHA1-HMAC is not considered AEAD.
See https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption for examples.
The ciphers as described below are meant for TLS, thus they do MAC-then-Encrypt (MtE), although there is an EtM TLS extension.
You will need to use either individual crypto operations to do what you want, if the combinations offered by OpenSSL differ from the standards (e.g. IPSec) that you need to follow.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
On Jul 5, 2016, at 6:28 AM, Nikhil Agarwal <nikhil.agarwal at nxp.com<mailto:nikhil.agarwal at nxp.com>> wrote:
For AEAD ciphers like NID_aes_128_cbc_hmac_sha1, I could not find any control interface defined to control authentication and cipher ordering.(i.e. whether to perform cipher first and then authentication or vice versa.(IPSEC vs. TLS use-case)). If such an interface exist with OPENSSL can someone please help me in pointing that out? If no, is there any plan to introduce it? Also is there any interface for to specify difference packet range/length for cipher in Auth in AEAD case?
Thanks in advance
Nikhil
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160705/7c41e16e/attachment.html>
More information about the openssl-dev
mailing list