[ipxe-devel] Improving SSL cipher suite?

Michael Brown mcb30 at ipxe.org
Fri Nov 15 21:07:24 UTC 2019


On 13/11/2019 20:05, Santiago Torres-Arias wrote:
> - Move from CBC to GCM -> would require us to implement this new cipher
>    block chaining (for which I can propose patches).
> - Move from RSA key derivation to DSA/EDDSA variants for key derivation.
>    This would require implementing a new key derivation function. (for
>    this one I could also help, but I'd most likely want somebody familiar
>    with the codebase to help me navigate what's the best way forward).
> 
> However, the rest of the stack can still safely remain on RSA, and thus
> we wouldn't need to reimplement other parts for the forseeable future.
> 
> As a result, we would be able to support EDDSA-RSA-AES-GCM suites, which
> are probably best practice for a couple of years.
> 
> What does everybody think?

I would suggest implementing and submitting GCM first, since that is 
likely to be a small and self-contained piece of work.

CBC in iPXE is implemented as a wrapper layer around an arbitrary 
underlying block cipher: GCM should use the same approach.

The CBC implementation is wholly contained in include/ipxe/cbc.h and 
crypto/cbc.c.  This is then wrapped around raw AES using the 
CBC_CIPHER() macro to create aes_cbc_algorithm in crypto/aes.c, and the 
resulting AES-xxx-CBC ciphers are then tested for correctness (and 
performance) in tests/aes_test.c.

As with the existing crypto code, test coverage will be required, and 
should ideally use the published NIST test vectors.

Hope that helps, and thanks in advance!

Michael



More information about the ipxe-devel mailing list