[ipxe-devel] Improving SSL cipher suite?

[Michael Brown]

On 13/11/2019 20:05, Santiago Torres-Arias wrote:
> - Move from CBC to GCM -> would require us to implement this new cipher
>    block chaining (for which I can propose patches).
> - Move from RSA key derivation to DSA/EDDSA variants for key derivation.
>    This would require implementing a new key derivation function. (for
>    this one I could also help, but I'd most likely want somebody familiar
>    with the codebase to help me navigate what's the best way forward).
> 
> However, the rest of the stack can still safely remain on RSA, and thus
> we wouldn't need to reimplement other parts for the forseeable future.
> 
> As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
> are probably best practice for a couple of years.
> 
> What does everybody think?

I would suggest implementing and submitting GCM first, since that is 
likely to be a small and self-contained piece of work.

CBC in iPXE is implemented as a wrapper layer around an arbitrary 
underlying block cipher: GCM should use the same approach.

The CBC implementation is wholly contained in include/ipxe/cbc.h and 
crypto/cbc.c.  This is then wrapped around raw AES using the 
CBC_CIPHER() macro to create aes_cbc_algorithm in crypto/aes.c, and the 
resulting AES-xxx-CBC ciphers are then tested for correctness (and 
performance) in tests/aes_test.c.

As with the existing crypto code, test coverage will be required, and 
should ideally use the published NIST test vectors.

Hope that helps, and thanks in advance!

Michael