Cryptography Reference
In-Depth Information
To this end, modify the
CipherSuite
structure declaration to include a sec-
tion for AEAD ciphers as shown in Listing 9-25.
Listing 9-25:
“tls.h” CipherSuite declaration with AEAD support
typedef struct
{
…
void (*new_digest)( digest_ctx *context );
int (*aead_encrypt)( const unsigned char *plaintext,
const int plaintext_len,
const unsigned char *addldata,
const int addldata_len,
unsigned char ciphertext[],
void *iv,
const unsigned char *key );
int (*aead_decrypt)( const unsigned char *ciphertext,
const int ciphertext_len,
const unsigned char *addldata,
const int addldata_len,
unsigned char plaintext[],
void *iv,
const unsigned char *key );
}
CipherSuite;
Now, to add support for the standardized AES_GCM cipher mode, you must
just add another element to the list of cipher
suites
declared in Listing 6-10.
Unfortunately, RFC 5288 assigns the cipher suite ID
0x9C
to AES-GCM. Remember
that the
suites
array is positional; if you skip an element, you have to insert a
NULL placeholder. Cipher suite ID
0x9C
works out to element 156. Prior to this
chapter, the last element in this array was 58. To keep up with this method of
inserting new ciphers, you'd have to include 98 empty elements in this array.
Instead, just expand the list as shown in Listing 9-26.
Listing 9-26:
“tls.h” aes-gcm cipher suite
typedef enum
{
...
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
MAX_SUPPORTED_CIPHER_SUITE =
0x009D
} CipherSuiteIdentifier
Now, rather than explicitly declaring this new cipher suite in the array initial-
izer, add it to the
init_tls
call as shown in Listing 9-27.
Search WWH ::
Custom Search