5869 Need AES CMAC support in KCF+PKCS11

Review Request #445 - Created April 25, 2017 and updated

Information
Jason King
illumos-gate
5869
Reviewers
general

5869 Need AES CMAC support in KCF+PKCS11. From Matt Barden matt.barden@nexenta.com

Ran test suite and was successful for all implemented modes (userland CCM and GCM modes are not yet implemented, so they failed with CKR_MECHANISM_INVALID as expected).

Issues

  • 7
  • 32
  • 0
  • 39
Description From Last Updated
I have not reviewed that this correctly implements the RFC algorithm. I'd appreciate getting someone else to do that. Robert Mustacchi Robert Mustacchi
I don't think length should be a signed value if we can avoid it. That way we have defined overflow ... Robert Mustacchi Robert Mustacchi
What happens if offset + len overflow here? Or rather, what's responsible for making sure that before we do any ... Robert Mustacchi Robert Mustacchi
Erm, shouldn't this be unnecessary? Robert Mustacchi Robert Mustacchi
Any particular reason this was moved? Robert Mustacchi Robert Mustacchi
Seems like we need to get an answer to this XXX. What are the implications of getting a hold on ... Robert Mustacchi Robert Mustacchi
We should make a decision and eliminate the XXX. What are the implications for callers based on the different options ... Robert Mustacchi Robert Mustacchi
Jason King
Jason King
Robert Mustacchi
Robert Mustacchi
Robert Mustacchi
Jason King
Review request changed
Loading...