5869 Need AES CMAC support in KCF+PKCS11

Review Request #40 — Created April 24, 2015 and discarded Dec. 4, 2017, 6:18 p.m.

Information
Owner:	mbarden
Repository:	illumos-gate
Branch:
Bugs:	5869
Depends On:
Reviewers
Groups:	general
People:

Description

The SMB3 support we're working on requires AES/CMAC from KCF and PKCS11.
Changes to crypto code seem to scare everyone, so we're putting this out for community review.

Testing Done

We have a test framework for these changes, and we'll have that out for review too before this integrates into illumos.
However, we'd really like review comments on the KCF and PKCS11 changes now.

I've added a pkcs11-specific test in $SRC/lib/pkcs11/test_cmac. While the API will be different in the real framework, it represents the general idea for the tests.

Files

Loading file attachments...

All my comments as on https://www.illumos.org/rb/r/39/ still apply here, presumably.
I'm not sure how to easily let you reply to them and such, and I'd sure rather not re-type them...

Just an fyi: The version Gordon previously uploaded was a pre-review version that hadn't been cleaned up. E.G., a lot of reviews about comments had already been fixed in this version.

gwr Sept. 20, 2015, 12:31 a.m.
```
Is this RB current with your lastest?
```

Change Summary:

Includes a test suite for AES modes in KCF and PKCS (cbc, ccm, cmac, ctr, ecb, gcm)

Diff:

Revision 2 (+5292 -318)

Show changes

	exception_lists/cstyle
	exception_lists/hdrchk
	usr/src/common/crypto/aes/aes_impl.h
	usr/src/common/crypto/aes/aes_modes.c
	usr/src/common/crypto/modes/cbc.c
	usr/src/common/crypto/modes/ctr.c
	usr/src/common/crypto/modes/modes.h
	usr/src/common/crypto/modes/modes.c
	62 more

Added Files:

Ship it!

Ship It!

gwr April 20, 2017, 11:37 p.m.
```
Is this review "stuck"?  If so, why?
```

jbk April 20, 2017, 11:39 p.m.

Hm.. I forgot to publish my comments (will fix that now) -- the pkcs11 2.40 update requires a very minor amount of fixes for this. I have a patch.

jbk April 20, 2017, 11:41 p.m.

Or rather, the pkcs11 updates require some fixes to this.

This will require a small bit of merge cleanup with the integration of pkcs11 v2.40. I have a merged branch w/ the necessary updates at https://github.com/jasonbking/illumos-gate/tree/cmac if that'd simplify things.

jbk April 23, 2017, 1:05 a.m.

Here is the specific bit: https://github.com/jasonbking/illumos-gate/commit/6f9a9335583c0ea4df82b1c5655d74c5a7abf3bb -- just a minor bit of merge noise.

gwr May 14, 2017, 9:38 p.m.

Thanks. Are you going to carry forward from here on integrating this work?

You have a pending review.

Review Board 3.0.18

5869 Need AES CMAC support in KCF+PKCS11

Change Summary:

Diff:

Added Files:

Status: Discarded