5869 Need AES CMAC support in KCF+PKCS11

Review Request #40 - Created April 24, 2015 and updated

Matt Barden

5869 Need AES CMAC support in KCF+PKCS11

The SMB3 support we're working on requires AES/CMAC from KCF and PKCS11.
Changes to crypto code seem to scare everyone, so we're putting this out for community review.

We have a test framework for these changes, and we'll have that out for review too before this integrates into illumos.
However, we'd really like review comments on the KCF and PKCS11 changes now.

I've added a pkcs11-specific test in $SRC/lib/pkcs11/test_cmac. While the API will be different in the real framework, it represents the general idea for the tests.


Rich Lowe
Matt Barden
Matt Barden
Review request changed

Change Summary:

Includes a test suite for AES modes in KCF and PKCS (cbc, ccm, cmac, ctr, ecb, gcm)


Revision 2 (+5292 -318)

Show changes

Added Files:

Gordon Ross
Ship It!
  1. Is this review "stuck"? If so, why?

  2. Hm.. I forgot to publish my comments (will fix that now) -- the pkcs11 2.40 update requires a very minor amount of fixes for this. I have a patch.

  3. Or rather, the pkcs11 updates require some fixes to this.

Jason King

This will require a small bit of merge cleanup with the integration of pkcs11 v2.40. I have a merged branch w/ the necessary updates at https://github.com/jasonbking/illumos-gate/tree/cmac if that'd simplify things.

  1. Here is the specific bit: https://github.com/jasonbking/illumos-gate/commit/6f9a9335583c0ea4df82b1c5655d74c5a7abf3bb -- just a minor bit of merge noise.

  2. Thanks. Are you going to carry forward from here on integrating this work?