wbond / asn1crypto

Python ASN.1 library with a focus on performance and a pythonic API
MIT License
335 stars 140 forks source link

RFC5084: AES_GCM #278

Open weddige opened 5 months ago

weddige commented 5 months ago

As far as I can see, AES_GCM is not supported by asn1crypto. Was this a conscious decision, or is this an open TODO?

jinhua115 commented 5 months ago

这是来自QQ邮箱的假期自动回复邮件。你好,我最近正在休假中,无法亲自回复你的邮件。我将在假期结束后,尽快给你回复。

MatthiasValvekens commented 5 months ago

asn1crypto includes various OIDs that relate to AES-GCM, though? Not sure what you mean.

Just in case it wasn't clear: asn1crypto doesn't actually implement any cryptography as such, it's a library to help encode/decode ASN.1 values that are commonly used in cryptographic applications. The cryptographic operations themselves are left to other libraries (e.g. pyca's cryptography is one that comes with AES-GCM support).

weddige commented 5 months ago

Sorry, I should have been more precise. I was talking about https://github.com/wbond/asn1crypto/blob/b763a757bb2bef2ab63620611ddd8006d5e9e4a2/asn1crypto/algos.py#L792

From RFC5084 there is only aes128_ccm, aes192_ccm and aes256_ccm. The _gcm versions are missing and so is an GCM equivalent of CcmParams (although this should look identical). Not sure, if anything else is missing, as I am stuck here.

Would you be interested in a pull request, in case that I decide to add the missing bits? Not sure yet, how I will continue, but this might be the easiest path for me.

mmb-davidsmith commented 5 months ago

@weddige - I'm also running into this right now. In addition, there aren't any tests / examples I can find in the repo on how I would then use something like aes256_gcm to build an encrypted message.

mmb-davidsmith commented 5 months ago

I managed to get this working by defining something like the following in my class and then inserting it for parameters when building my EncryptionAlgorithm instance.

class GcmParams(core.Sequence):
    # https://tools.ietf.org/html/rfc5084
    # aes_ICVlen: 12 | 13 | 14 | 15 | 16
    _fields = [
        ('aes_nonce', core.OctetString),
        ('aes_icvlen', core.Integer),
    ]
MatthiasValvekens commented 5 months ago

Re: the question about PRs: I'm not the maintainer of this library, but I suppose nobody would object to a PR adding those types :)

By the way, I use some variant of that monkeypatching trick all the time to add ASN.1 definitions that are not part of the library. It's quite useful, and usually not too bad as far as hacks go...

weddige commented 5 months ago

In the end, I decided to not use AES_GCM, as another application wasn't supporting it as well. So no PR from me anytime soon. But I still think it would be great to have GCM included by default.