Implement AES-GCM-SIV #16721
Comments
beldmit
added
the
issue: feature request
t8m
added
branch: master
|
Hello, We are a team of new contributors whose goal is to answer security issues on open source projects. In response to your ticket, we tried to implement AES-GCM-SIV in OpenSSL inspired by what was done for AES-GCM. Here you will find our implementation of this algorithm: Unfortunately, due to a lack of knowledge of the OpenSSL architecture (with the providers directory), we were unable to integrate it correctly so that it was available for use. In the hope that our contribution will advance the problem, Contribution by Project Opensource. |
|
I can't speak for the OMC, but there might be some licensing issues here. Specifically, OpenSSL uses the Apache 2.0 license and I'm not seeing any formal licensing in that repository. Then there's the matter of CLAs. If those issues are resolved, I'd be willing to look at this; I was the one that ported the AES-SIV code. Ref: RFC-8452 |
All contributors who were involved in writing the code would have to submit CLAs to us (https://www.openssl.org/policies/cla.html). We would also need some statement formally contributing the code to us. Usually when code is contributed it occurs through a PR which is deemed as sufficient indication that the authors are contributing the code - but there is no PR here. The licensing of the original code is not really a problem: if the authors sign a CLA, and formally contribute the code under that CLA, then the CLA allows us to relicence it to Apache 2. |
I was mostly checking to see if there was already Apache, BSD, MIT or GPL licensing attached. I suspect that any GPL flavor would be an issue. |
|
Actually, it looks as though they applied an Apache 2.0 license on it: Project-Opensource/AES-GCM-SIV@5ac1d57 |
|
We would still need CLAs signed. |
|
Hello, We sent the signed CLAs by email. |
|
@t8m @mattcaswell unless someone else really wants to do this, feel free to assign this to me. |
|
Hello, we sent our CLA to the email address: legal@opensslfoundation.org, but we received an email telling us this:
How should we proceed ? |
|
That's the correct address, I didn't see anything come in. No idea why :( @levitte, any idea? |
|
We also tried with another mail service, but the result is the same. : -( |
|
@levitte?? |
|
Are there any updates regarding the CLA status? |
|
Could you please resend the CLAs to legal@opensslfoundation.org, we had some server problems recently. |
|
Email is working fine again! |
|
What's the status of this? |
Fixes openssl#16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in openssl#16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so.
Fixes openssl#16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in openssl#16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so.
Fixes openssl#16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in openssl#16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18693)
and others
AES GCM SIV is specified in RFC 8452
The text was updated successfully, but these errors were encountered: