We have added the Galois/Counter Mode for AES to wolfSSL. It adds an Authenticated Data with Associated Data (AEAD) cipher to TLS v1.2 where the cipher provides its own message authentication. The following cipher suites are available:
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
We offer four different implementations balancing speed versus memory consumption. If available, it will use 64-bit or 32-bit math. For embedded SSL applications, there is a speedy 8-bit version that uses RAM-based lookup tables (8KB per session) that is speed comparable to the 64-bit version and a slower 8-bit version that doesn`t take up any additional RAM.
AES with GCM will be available in our next release. The latest sources are available in our GitHub repository. To enable AES with GCM in wolfSSL, configure the build with the option “–enable-aesgcm”. The configure option may be modified with the options “=word32”, “=table”, or “=small”, i.e. “–enable-aesgcm=table”.
We are very excited to offer this new cipher. Adding AES with GCM makes wolfSSL compatible with NSA Suite B.