5869 Need AES CMAC support in KCF+PKCS11
Review Request #40 - Created April 24, 2015 and discarded
| Information | |
|---|---|
| Matt Barden | |
| illumos-gate | |
| 5869 | |
| Reviewers | |
| general | |
5869 Need AES CMAC support in KCF+PKCS11
The SMB3 support we're working on requires AES/CMAC from KCF and PKCS11.
Changes to crypto code seem to scare everyone, so we're putting this out for community review.
We have a test framework for these changes, and we'll have that out for review too before this integrates into illumos.
However, we'd really like review comments on the KCF and PKCS11 changes now.I've added a pkcs11-specific test in $SRC/lib/pkcs11/test_cmac. While the API will be different in the real framework, it represents the general idea for the tests.
Files
All my comments as on https://www.illumos.org/rb/r/39/ still apply here, presumably.
I'm not sure how to easily let you reply to them and such, and I'd sure rather not re-type them...
Just an fyi: The version Gordon previously uploaded was a pre-review version that hadn't been cleaned up. E.G., a lot of reviews about comments had already been fixed in this version.
Change Summary:
Includes a test suite for AES modes in KCF and PKCS (cbc, ccm, cmac, ctr, ecb, gcm)
Diff: |
Revision 2 (+5292 -318) |
|---|---|
Added Files: |
Ship It!
This will require a small bit of merge cleanup with the integration of pkcs11 v2.40. I have a merged branch w/ the necessary updates at https://github.com/jasonbking/illumos-gate/tree/cmac if that'd simplify things.