5869 Need AES CMAC support in KCF+PKCS11

Review Request #40 — Created April 24, 2015 and discarded


5869 Need AES CMAC support in KCF+PKCS11

The SMB3 support we're working on requires AES/CMAC from KCF and PKCS11.
Changes to crypto code seem to scare everyone, so we're putting this out for community review.

We have a test framework for these changes, and we'll have that out for review too before this integrates into illumos.
However, we'd really like review comments on the KCF and PKCS11 changes now.

I've added a pkcs11-specific test in $SRC/lib/pkcs11/test_cmac. While the API will be different in the real framework, it represents the general idea for the tests.

Loading file attachments...

  1. All my comments as on https://www.illumos.org/rb/r/39/ still apply here, presumably.

    I'm not sure how to easily let you reply to them and such, and I'd sure rather not re-type them...

  1. Just an fyi: The version Gordon previously uploaded was a pre-review version that hadn't been cleaned up. E.G., a lot of reviews about comments had already been fixed in this version.

    1. Is this RB current with your lastest?

  1. Ship It!
    1. Is this review "stuck"? If so, why?

    2. Hm.. I forgot to publish my comments (will fix that now) -- the pkcs11 2.40 update requires a very minor amount of fixes for this. I have a patch.

    3. Or rather, the pkcs11 updates require some fixes to this.

  1. This will require a small bit of merge cleanup with the integration of pkcs11 v2.40. I have a merged branch w/ the necessary updates at https://github.com/jasonbking/illumos-gate/tree/cmac if that'd simplify things.

    1. Here is the specific bit: https://github.com/jasonbking/illumos-gate/commit/6f9a9335583c0ea4df82b1c5655d74c5a7abf3bb -- just a minor bit of merge noise.

    2. Thanks. Are you going to carry forward from here on integrating this work?

Review request changed

Status: Discarded