Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for AES-GCM-SIV using OpenSSL>=3.2.0 #9843

Merged
merged 1 commit into from
Dec 2, 2023
Merged

Add support for AES-GCM-SIV using OpenSSL>=3.2.0 #9843

merged 1 commit into from
Dec 2, 2023

Conversation

facutuesca
Copy link
Contributor

@facutuesca facutuesca commented Nov 9, 2023
edited
Loading

OpenSSL 3.2.0 has added support for AES-GCM-SIV (issue, PR). It is defined in RFC 8452.

This PR adds support for it through the Rust bindings. The implementation is based on already existing AEADs, but adapted to the specifics of AES-GCM-SIV.

The test vectors are from OpenSSL (source)

This PR is part of #9795.

@facutuesca facutuesca force-pushed the add-aes-gcm-siv branch 7 times, most recently from f67ef4e to 34aed6a Compare November 9, 2023 20:27
@alex alex mentioned this pull request Nov 10, 2023
Open
8 tasks
@alex
Copy link
Member

alex commented Nov 23, 2023

Should be possible to get this to green now that 3.2.0 is out, and we're using it in CI

alex
alex reviewed Nov 27, 2023
View reviewed changes
Copy link
Member

@alex alex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

src/rust/src/backend/aead.rs Outdated Show resolved Hide resolved
src/rust/src/backend/aead.rs Outdated Show resolved Hide resolved
docs/development/test-vectors.rst Outdated Show resolved Hide resolved
@facutuesca facutuesca force-pushed the add-aes-gcm-siv branch 8 times, most recently from 5587e45 to 8e83704 Compare November 27, 2023 22:07
@facutuesca facutuesca mentioned this pull request Nov 27, 2023
Merged
@reaperhulk
Copy link
Member

vectors are merged, although let's make sure we have an AAD non-zero, PT zero test case too since OpenSSL has had bugs with that type of split in AEADs in the past. Assuming GCM-SIV allows that 😄

@alex
Copy link
Member

alex commented Dec 2, 2023

There's a workaround for the benchmark issue on main, so you can rebase

@reaperhulk reaperhulk merged commit ca4f406 into pyca:main Dec 2, 2023
57 checks passed
@facutuesca facutuesca deleted the add-aes-gcm-siv branch December 2, 2023 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex alex alex left review comments

@reaperhulk reaperhulk reaperhulk approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@facutuesca @alex @reaperhulk