PERFORCE change 1200497 for review
John-Mark Gurney
jmg at FreeBSD.org
Fri Sep 19 06:20:15 UTC 2014
http://p4web.freebsd.org/@@1200497?ac=10
Change 1200497 by jmg at jmg_carbon2 on 2014/09/19 06:19:18
document that the nonce/IV is required on every call for both
GCM and ICM... This is because if you call w/ the same key and
use a random IV, it is possible after enough calls that there
might be a collision which would compromise security...
Sponsored by: FreeBSD Foundation
Sponsored by: Rubicon Communications, LLC (Netgate)
Affected files ...
.. //depot/projects/opencrypto/share/man/man7/crypto.7#3 edit
Differences ...
==== //depot/projects/opencrypto/share/man/man7/crypto.7#3 (text+ko) ====
@@ -77,6 +77,8 @@
The associated data (if any) must be provided by the authentication mode op.
The authentication tag will be read/written from/to the offset crd_inject of
the authentication mode.
+.Pp
+Note: You must provide an IV on every call.
.It Dv CRYPTO_AES_ICM
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
@@ -94,6 +96,8 @@
This does mean that if a counter is required that rolls over at 32 bits,
the transaction need to be split into two parts where the counter rolls over.
The counter incremented as a 128-bit big endian number.
+.Pp
+Note: You must provide an IV on every call.
.It Dv CRYPTO_AES_XTS
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
More information about the p4-projects
mailing list