Page MenuHomeFreeBSD

crypto: Support multiple nonce lengths for AES-CCM.
ClosedPublic

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 3:24 PM
Unknown Object (File)
Fri, Oct 18, 7:07 AM
Unknown Object (File)
Oct 16 2024, 6:26 PM
Unknown Object (File)
Oct 13 2024, 3:21 PM
Unknown Object (File)
Oct 11 2024, 6:39 PM
Unknown Object (File)
Oct 10 2024, 12:21 PM
Unknown Object (File)
Oct 7 2024, 3:51 PM
Unknown Object (File)
Oct 6 2024, 1:53 PM
Subscribers

Details

Summary

Permit nonces of lengths 7 through 13 in the OCF framework and the
cryptosoft driver. A helper function (ccm_max_payload_length) can be
used in OCF drivers to reject CCM requests which are too large for the
specified nonce length.

Sponsored by: Chelsio Communications, The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

The cryptosoft changes were tested both by cryptocheck and the updated crypotest.py at the end of the series that tested all the AES-CCM KAT vectors. Note that the KAT vectors also required later fixes for truncated tags, however, cryptocheck was able to verify variable nonce lengths with a 16 byte tag.

This revision is now accepted and ready to land.Sep 24 2021, 7:33 PM