Page MenuHomeFreeBSD
Differential D32111

crypto: Support multiple nonce lengths for AES-CCM.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Sep 4, 1:07 PM
Unknown Object (File)
Sun, Aug 24, 6:21 PM
Unknown Object (File)
Thu, Aug 14, 10:11 PM
Unknown Object (File)
Thu, Aug 14, 10:05 PM
Unknown Object (File)
Sun, Aug 10, 7:18 AM
Unknown Object (File)
Aug 5 2025, 4:20 AM
Unknown Object (File)
Jul 11 2025, 2:44 PM
Unknown Object (File)
Jul 8 2025, 2:47 PM
View All Files
Subscribers
emaste
imp
jmg

Details

Reviewers
sef
kithrup_mac.com
Group Reviewers
manpages
Commits
rGfd464d2f78f3: crypto: Support multiple nonce lengths for AES-CCM.
rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM.
Summary

Permit nonces of lengths 7 through 13 in the OCF framework and the
cryptosoft driver. A helper function (ccm_max_payload_length) can be
used in OCF drivers to reject CCM requests which are too large for the
specified nonce length.

Sponsored by: Chelsio Communications, The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41712
Build 38601: arc lint + arc unit

Event Timeline

jhb created this revision.Sep 24 2021, 6:04 PM
Herald added a reviewer: manpages. · View Herald TranscriptSep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp. · View Herald Transcript
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32110: cryptocheck: Support multiple IV sizes for AES-CCM..
jhb added a child revision: D32112: aesni: Support multiple nonce lengths for AES-CCM..
Harbormaster completed remote builds in B41712: Diff 95645.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:11 PM

The cryptosoft changes were tested both by cryptocheck and the updated crypotest.py at the end of the series that tested all the AES-CCM KAT vectors. Note that the KAT vectors also required later fixes for truncated tags, however, cryptocheck was able to verify variable nonce lengths with a 16 byte tag.

jhb added a reviewer: sef.Sep 24 2021, 6:14 PM
kithrup_mac.com accepted this revision.Sep 24 2021, 7:33 PM
This revision is now accepted and ready to land.Sep 24 2021, 7:33 PM
Closed by commit rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM. (authored by jhb). · Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGae18720d2792: crypto: Support multiple nonce lengths for AES-CCM..
jhb added a commit: rGfd464d2f78f3: crypto: Support multiple nonce lengths for AES-CCM..Oct 21 2021, 10:04 PM

Revision Contents
Changeset List

PathSize
share/
man/
man7/
16 lines
sys/
opencrypto/
56 lines
29 lines
17 lines
5 lines

Diff 95645

View Options

share/man/man7/crypto.7

Loading...
View Options

sys/opencrypto/crypto.c

Loading...
View Options

sys/opencrypto/cryptodev.h

Loading...
View Options

sys/opencrypto/cryptosoft.c

Loading...
View Options

sys/opencrypto/xform_aes_icm.c

Loading...