Page MenuHomeFreeBSD
Differential D32111

crypto: Support multiple nonce lengths for AES-CCM.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 6, 12:57 AM
Unknown Object (File)
Feb 21 2024, 9:04 AM
Unknown Object (File)
Feb 21 2024, 9:04 AM
Unknown Object (File)
Feb 21 2024, 9:04 AM
Unknown Object (File)
Feb 21 2024, 1:54 AM
Unknown Object (File)
Jan 17 2024, 2:17 PM
Unknown Object (File)
Jan 13 2024, 12:55 PM
Unknown Object (File)
Dec 24 2023, 5:27 AM
View All 38 Files
Subscribers
emaste
imp
jmg

Details

Reviewers
sef
kithrup_mac.com
Group Reviewers
manpages
Commits
rGfd464d2f78f3: crypto: Support multiple nonce lengths for AES-CCM.
rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM.
Summary

Permit nonces of lengths 7 through 13 in the OCF framework and the
cryptosoft driver. A helper function (ccm_max_payload_length) can be
used in OCF drivers to reject CCM requests which are too large for the
specified nonce length.

Sponsored by: Chelsio Communications, The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Sep 24 2021, 6:04 PM
Herald added a reviewer: manpages. · View Herald TranscriptSep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp. · View Herald Transcript
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32110: cryptocheck: Support multiple IV sizes for AES-CCM..
jhb added a child revision: D32112: aesni: Support multiple nonce lengths for AES-CCM..
Harbormaster completed remote builds in B41712: Diff 95645.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:11 PM

The cryptosoft changes were tested both by cryptocheck and the updated crypotest.py at the end of the series that tested all the AES-CCM KAT vectors. Note that the KAT vectors also required later fixes for truncated tags, however, cryptocheck was able to verify variable nonce lengths with a 16 byte tag.

jhb added a reviewer: sef.Sep 24 2021, 6:14 PM
kithrup_mac.com accepted this revision.Sep 24 2021, 7:33 PM
This revision is now accepted and ready to land.Sep 24 2021, 7:33 PM
Closed by commit rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM. (authored by jhb). · Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM..
jhb added a commit: rGfd464d2f78f3: crypto: Support multiple nonce lengths for AES-CCM..Oct 21 2021, 10:04 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
18 lines
sys/
opencrypto/
56 lines
29 lines
17 lines
7 lines

Diff 96380

View Options

share/man/man7/crypto.7

Loading...
View Options

sys/opencrypto/crypto.c

Loading...
View Options

sys/opencrypto/cryptodev.h

Loading...
View Options

sys/opencrypto/cryptosoft.c

Loading...
View Options

sys/opencrypto/xform_aes_icm.c

Loading...