Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
pablo.platt at gmail.com
Fri Nov 1 11:59:31 UTC 2019
Thank you for the explanation.
The use case is a WebRTC server (SFU) that encrypts and authenticate SRTP
Encryption is a major part of CPU load on SFU servers. Reducing it by 50%
will have a large impact.
Is it planned to add aes-128-hmac-sha1 encrypt-then-mac?
On Fri, Nov 1, 2019 at 1:32 PM Matt Caswell <matt at openssl.org> wrote:
> On 01/11/2019 07:56, pablo platt wrote:
> > Hi,
> > Stitching aes-cbc with sha1 can result with x2 performance .
> > Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This
> > issue  says that only mac-then-encrypt is supported in OpenSSL.
> The issue is correct. Only mac-then-encrypt is supported. Furthermore
> these stitched ciphers are specifically targeted at use by libssl and
> are designed for use in SSL/TLS only. They are not general purpose
> ciphers and should not be used directly unless you *really* know what
> you are doing.
> Note that more modern TLS ciphersuites use AEAD modes such as GCM or CCM
> so that mac-then-encrypt vs encrypt-then-mac and "stitched" ciphers are
> irrelevant anyway.
> > Does this implement mac-then-encrypt and relevant ?
>  is the aesni assembler implementation used behind the
> EVP_aes_128_cbc_hmac_sha1() and EVP_aes_256_cbc_hmac_sha1() ciphers,
> i.e. all the same comments I made above apply here. It's
> mac-then-encrypt, and specifically targeted for use in SSL/TLS by
> libssl. It's not intended for general purpose use.
> The documentation says this about these ciphers:
> Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with
> keys of 128 and 256 bits length respectively. The authentication tag is
> 160 bits long.
> WARNING: this is not intended for usage outside of TLS and requires
> calling of some undocumented ctrl functions. These ciphers do not
> conform to the EVP AEAD interface."
> > Is it possible to use the same code with just changing the order to
> > achieve encrypt-then-mac?
> > How can I compile the Perl file to be used from a C program?
> This is an internal file not intended for use outside of OpenSSL and not
> intended to be compiled separately. You might be able to extract it -
> but if so, you're on your own.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users