Page MenuHomeFreeBSD
Differential D27834

Reject AES-GCM and AES-CCM sessions with per-op keys.
AbandonedPublic
Actions

Authored by jhb on Dec 30 2020, 12:49 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 18, 6:47 PM
Unknown Object (File)
Thu, Apr 11, 7:24 PM
Unknown Object (File)
Feb 10 2024, 6:02 PM
Unknown Object (File)
Dec 20 2023, 8:23 AM
Unknown Object (File)
Dec 14 2023, 2:03 AM
Unknown Object (File)
Dec 2 2023, 9:38 AM
Unknown Object (File)
Sep 25 2023, 3:07 AM
Unknown Object (File)
Aug 15 2023, 12:33 PM
View All 13 Files
Subscribers
gallatin
imp

Details

Reviewers
jmg
cem
Summary

The implementations of AES-GCM and AES-CCM in cryptosoft don't support
per-op keys (crp_cipher_key), so reject sessions that don't use a
static key for the session.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 35776
Build 32665: arc lint + arc unit

Event Timeline

jhb created this revision.Dec 30 2020, 12:49 AM
Herald added a reviewer: jmg. · View Herald TranscriptDec 30 2020, 12:49 AM
Herald added a subscriber: imp. · View Herald Transcript
jhb requested review of this revision.Dec 30 2020, 12:49 AM
jhb added a parent revision: D27833: Restructure the crypto(7) manpage and add authentication algorithms..
jhb added a child revision: D27835: Tidy some crypto-related lines in sys/conf/files..
Harbormaster completed remote builds in B35776: Diff 81350.Dec 30 2020, 12:50 AM
jhb added a reviewer: cem.Dec 30 2020, 12:55 AM
jhb added a subscriber: gallatin.
cem accepted this revision.Dec 30 2020, 2:16 AM
cem added inline comments.
sys/opencrypto/cryptosoft.c
1276–1277

Maybe add a comment about this being an implementation limitation?

This revision is now accepted and ready to land.Dec 30 2020, 2:16 AM
jhb added a comment.Dec 30 2020, 6:57 PM

Hmm, looking at xform_aes_icm.c, it seems that the key schedule can't be safely shared between operations regardless as the iv is stored in the context. What would really be nice would be to store the context on the stack, but otherwise, a per-session mutex should be used to protect the context. Getting a single session to use concurrent operations across threads seems hard, though if GELI ever used ccm or gcm perhaps that could happen. However, given that honoring crp_cipher_key wouldn't make the races "worse", I think it might be better to just add the simple change to support crp_cipher_key instead of this change.

jhb abandoned this revision.Jan 21 2021, 12:29 AM
jhb added a comment.Feb 17 2021, 10:35 PM

Replaced by D28752.

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
2 lines

Diff 81350

View Options

sys/opencrypto/cryptosoft.c

Loading...