adding new custom cipher to NSS
Hello everyone. I have a small research oriented project in which I have to add a custom similar to AES like cipher to the NSS which will later be used by the Thunderbird for TLS establishment. Can someone guide me the steps or bird eye view of how to accomplish this. At the moment I have added/defined my ciphers in the following files by doing my own limited research: i. sslproto.h ii. sslenum.c iii. ssl3con.c iv. ssl3ecc.c the ciphersuite name is === TLS_ECDHE_ECDSA_WITH_MYAES_128_GCM_SHA256 HEX number given to it === OXC02A however when I compile the following error comes in: ssl3con.c(184): error C2078 too many initalizers ssl3con.c(293): error C2065 cipher myaes_128_gcm : undeclared identifier and alot more errors ... If someone can give me an example or just some high level guidance for defining the custom CIPHER I will be very very thankful. ps: i know adding a custom cipher is not recommended and can cause security issues but its a research oriented project. NSS version is NSS_3_19_2_WITH_CKBI_1_98_BRANCH -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Adding a custom new ciphersuite to NSS
Any one who can give me a broad level idea ? At the moment I have downloaded the SRC CODE of TB from Source Forge and right now doing changes in the Mozilla/NSS directory... but at compile time issues came. Also, what can be the faster way for compilation ? I mean, I have compiled TB without doing any changes and it was successfully built (firs time). Now I want to build TB fast by only doing the changes I have made in the NSS folder. On Wednesday, November 22, 2017 at 8:16:24 PM UTC+5, f masood wrote: > Hello everyone. > > I have a small research oriented project in which I have to add a custom > similar to AES like cipher to the NSS which will later be used by the > Thunderbird for TLS establishment. > > Can someone guide me the steps or bird eye view of how to accomplish this. At > the moment I have added/defined my ciphers in the following files by doing my > own limited research: > > i. sslproto.h > ii. sslenum.c > iii. ssl3con.c > iv. ssl3ecc.c > > the ciphersuite name is === TLS_ECDHE_ECDSA_WITH_MYAES_128_GCM_SHA256 > > HEX number given to it === OXC02A > > > however when I compile the following error comes in: > ssl3con.c(184): error C2078 too many initalizers > ssl3con.c(293): error C2065 cipher myaes_128_gcm : undeclared identifier > > and alot more errors ... > > If someone can give me an example or just some high level guidance for > defining the custom CIPHER I will be very very thankful. > > ps: i know adding a custom cipher is not recommended and can cause security > issues but its a research oriented project. NSS version is > NSS_3_19_2_WITH_CKBI_1_98_BRANCH -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: AES_XCBC?
On Wednesday, December 6, 2017 at 7:51:13 PM UTC+5, Andrew Cagney wrote: > I'm looking at implementing AES_XCBC using NSS. That is: > > AES-XCBC-MAC-96: https://tools.ietf.org/html/rfc3566#section-4 > AES-XCBC-MAC-PRF: https://tools.ietf.org/html/rfc4434 > > (the latter adds a recursive rule for building a fixed size key from a > variable key) > > reading NSS's "documentation", I've turned up AES_MAC, but I'm > guessing that that is just implementing the primitive > https://en.wikipedia.org/wiki/CBC-MAC using AES. > > Is there anything else, or will I be needing to implement things by > wrapping this primitive? (and if so, was there a test I could look at > for the existing code?) > > Andrew What version of NSS are you targeting ? I dont think that currently NSS has support of this XCBC, so you'll have to do changes and then compile ? Whats your scenario? I mean are you going to use this cihersuite for ipsec application ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: AES_XCBC?
can you elaborate why you're focusing on NSS not OPENSSL for this task ? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
