Use a counter with a random base for explicit IVs in GCM.
ClosedPublic
Actions

Authored by jhb on Oct 22 2019, 10:07 PM.

Details

Reviewers

Commits

rS354028: Use a counter with a random base for explicit IVs in GCM.

Summary

This permits constructing the entire TLS header in ktls_frame()
rather than ktls_seq(). This also matches the approach used by
OpenSSL which uses an incrementing nonce as the explicit IV
rather than the sequence number.

Test Plan

tested with ktls_ocf with both cryptosoft and ccr
used wireshark to verify incrementing nonces

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Oct 22 2019, 10:07 PM

Harbormaster completed remote builds in B27160: Diff 63557.Oct 22 2019, 10:07 PM

Would you be able to test this with the current ISA-L module (and verify it works ok on your end)?

Works fine running on a Netflix cache.

This revision is now accepted and ready to land.Oct 23 2019, 11:08 PM

Closed by commit rS354028: Use a counter with a random base for explicit IVs in GCM. (authored by jhb). · Explain WhyOct 24 2019, 6:13 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rS354028: Use a counter with a random base for explicit IVs in GCM..

Herald added a subscriber: imp. · View Herald TranscriptOct 24 2019, 6:13 PM

Revision Contents
Changeset List

Path

Size

head/

sys/

kern/

uipc_ktls.c

47 lines

Diff 63641

View Options

Use a counter with a random base for explicit IVs in GCM.ClosedPublicActions