Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ChaChaPoly for TLS session tickets #1917

Open
gilles-peskine-arm opened this issue Aug 3, 2018 · 1 comment
Open

Allow ChaChaPoly for TLS session tickets #1917

gilles-peskine-arm opened this issue Aug 3, 2018 · 1 comment
Labels
component-crypto Crypto primitives and low-level interfaces component-tls enhancement

Comments

@gilles-peskine-arm
Copy link
Contributor

Type: Enhancement
Priority: Minor

From code inspection (context: #1915), we only allow GCM and CCM modes to wrap SSL session tickets. (mbedtls_ssl_ticket_setup checks that cipher_info->mode is MBEDTLS_MODE_CCM or MBEDTLS_MODE_GCM.) We should allow any AEAD mode, including ChaChaPoly.

More generally, instead of having to enumerate the authenticated modes all the time, the cipher module should expose a function mbedtls_cipher_mode_is_authenticated.
@gilles-peskine-arm gilles-peskine-arm added enhancement component-tls component-crypto Crypto primitives and low-level interfaces labels Aug 3, 2018
@ciarmcom
Copy link

ciarmcom commented Aug 7, 2018

ARM Internal Ref: IOTSSL-2465

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-crypto Crypto primitives and low-level interfaces component-tls enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@daverodgman @ciarmcom @gilles-peskine-arm @hanno-becker