search for: aead

https://bugzilla.mindrot.org/show_bug.cgi?id=3553 Bug ID: 3553 Summary: PROTOCOL.key format specification is incorrect for encryption using AEAD transports Product: Portable OpenSSH Version: 9.3p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter...

...etain forward secrecy through the use of EDH, but this doesn't leave much in the way of allowable algorithms on my server: $ openssl ciphers -V 'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH' 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x9E - DHE-RSA-AES1...

...tin, Thank you for this new version which I have testes successfully with the stm32 hash & cryp drivers. As a general comment on this patchset, I would say that it does not cover all async requests: typically I need (for the pending stm32 cryp driver uprade) to use CryptoEngine to process AEAD requests which is not covered here. Could you please consider adding the 'transfer' and 'finalize' EXPORTed functions for aead requests? (the implementation is quite trivial) Have also a look at struct acomp_req (acompress.h) and struct kpp_request (kpp.h) which also use "...

When testing chacha20-poly1305, I noticed that aes-gcm is significantly faster than aes-ctr or aes-cbs with umac. Even on systems w/o aes-ni or other recent instruction set additions. And there seems to be consensus in the crypto community that AEAD ciphers are the way forward. As such, it promoting the AEAD ciphers to the head of the preference list looks like a good idea. That would mean either: #define KEX_DEFAULT_ENCRYPT \ AESGCM_CIPHER_MODES \ "chacha20-poly1305 at openssh.com," \ "aes128-ctr,aes1...

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like: ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 that has protocol SSLv3? Disabling SSLv3 protocol, apache will use only TLSv1.2 cypher proto...

...uired an updated cmake) but... building without testsuite and without clustering (ctdb) allows samba-4.10.2 to compile with this old python (2.7.5) and gnutls (3.3.29) During the configure/rpmbuild phase, I noticed those messages: ------------------------------------------ No gnutls support for AEAD encryption Building without DMAPI support: no suitable DMAPI library found WARNING: ans1Parser hasn't been found! Please install it (e.g. libtasn1-bin) ------------------------------------------ I wonder if these might be 'impactful'.. Would someone enlighten me on what purpose those...

On Fri, Jan 26, 2018 at 08:15:28PM +0100, Corentin Labbe wrote: > Hello > > The current crypto_engine support only ahash and ablkcipher request. > My first patch which try to add skcipher was Nacked, it will add too many functions > and adding other algs(aead, asymetric_key) will make the situation worst. > > This patchset remove all algs specific stuff and now only process generic crypto_async_request. > > The requests handler function pointer are now moved out of struct engine and > are now stored directly in a crypto_engine_reqctx. &...

Hi Corentin, I am fine with this proposal: it is generic enough and I have been able to test and run the crypto engine with aead_request without changing any single line of code. This is what I need to be able to send the AEAD extension of the stm32-cryp driver (successfully tested with your engine upgrade proposal). I have also tested the stm32-hash patch. Note that stm32-cryp (new driver applied by Herbert recently...

...gt; On Fri, Jan 26, 2018 at 08:15:28PM +0100, Corentin Labbe wrote: > > Hello > > > > The current crypto_engine support only ahash and ablkcipher request. > > My first patch which try to add skcipher was Nacked, it will add too many functions > > and adding other algs(aead, asymetric_key) will make the situation worst. > > > > This patchset remove all algs specific stuff and now only process generic crypto_async_request. > > > > The requests handler function pointer are now moved out of struct engine and > > are now stored directly in...

Thanks again. This is the lsmod output: # lsmod aead 4256 0 arc4 1312 2 b43 324014 0 bcma 28621 1 b43, button_hotplug 2800 0 cfg80211 172273 2 b43,mac80211, cifs 190077 0 compat 651 3 b43,mac80211,cfg80211, crc16...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...with NIST curves over Ed25519? Also why are smaller key, curve and hash sizes preferred over bigger ones? The default ciphers are: chacha20-poly1305 at openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm at openssh.com,aes256-gcm at openssh.com Why is CTR mode preferred over GCM? Usually, AEAD ciphers are preferred over non-AEAD ones. The default MACs are: umac-64-etm at openssh.com,umac-128-etm at openssh.com, hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com, hmac-sha1-etm at openssh.com, umac-64 at openssh.com,umac-128 at openssh.com, hmac-sha2-256,hmac-sha2-512,hmac...

Hello The current crypto_engine support only ahash and ablkcipher request. My first patch which try to add skcipher was Nacked, it will add too many functions and adding other algs(aead, asymetric_key) will make the situation worst. This patchset remove all algs specific stuff and now only process generic crypto_async_request. The requests handler function pointer are now moved out of struct engine and are now stored directly in a crypto_engine_reqctx. The original proposal of...

Hello The current crypto_engine support only ahash and ablkcipher request. My first patch which try to add skcipher was Nacked, it will add too many functions and adding other algs(aead, asymetric_key) will make the situation worst. This patchset remove all algs specific stuff and now only process generic crypto_async_request. The requests handler function pointer are now moved out of struct engine and are now stored directly in a crypto_engine_reqctx. The original proposal of...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...pto/cavium/cpt/cptvf_main.c | 6 ++-- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 12 +++---- drivers/crypto/cavium/nitrox/nitrox_lib.c | 4 +-- drivers/crypto/cavium/zip/zip_crypto.c | 6 ++-- drivers/crypto/ccp/ccp-crypto-rsa.c | 6 ++-- drivers/crypto/ccree/cc_aead.c | 4 +-- drivers/crypto/ccree/cc_buffer_mgr.c | 4 +-- drivers/crypto/ccree/cc_cipher.c | 6 ++-- drivers/crypto/ccree/cc_hash.c | 8 ++--- drivers/crypto/ccree/cc_request_mgr.c | 2 +- drivers/crypto/marvell/cesa/hash.c...

...ther it is not loaded, or the usb serial and/or hid drivers are not loaded, which appear to have been used on your Debian box. - Tim On February 24, 2014 1:12:36 AM CST, Josu Lazkano <josu.lazkano at gmail.com> wrote: >Thanks again. > >This is the lsmod output: > ># lsmod >aead 4256 0 >arc4 1312 2 >b43 324014 0 >bcma 28621 1 b43, >button_hotplug 2800 0 >cfg80211 172273 2 b43,mac80211, >cifs 190077 0 >compat 651 3 b...