thr3ads.net - zfs crypto discuss - [Bug 915] New: key wrapping needs proper IV [Mar 2008]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at defect.opensolaris.org

2008-Mar-31 14:58 UTC

[Bug 915] New: key wrapping needs proper IV

http://defect.opensolaris.org/bz/show_bug.cgi?id=915

           Summary: key wrapping needs proper IV
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: minor
          Priority: P4
         Component: other
        AssignedTo: darrenm at opensolaris.org
        ReportedBy: darrenm at opensolaris.org
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


The key wrap/unwrap functionality is currently using a hardcoded "A6"
IV, this
needs to change to:

The iv needs to be something unique to the dataset key so we
don''t resuse the same iv for different dataset keys when the
wrapping key is the pool level one.
(reuse of same iv with same key)

The iv also needs to change when we rewrap the key due to
wrapping key change (reuse of same iv with different key).

The iv we use for wrapping a dataset key is made up of
the per dataset guid (a randomly generated uint64_t that persists
with the dataset for all time) and a monotonically increasing
number (also a uin64_t).

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

bugzilla-daemon at defect.opensolaris.org

2008-Apr-02 15:50 UTC

head link

[Bug 915] key wrapping needs proper IV

http://defect.opensolaris.org/bz/show_bug.cgi?id=915


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
         Resolution|                            |FIXED




--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org> 
2008-04-02 08:50:55 ---
Integrated along with:

changeset:   6224:ccd937541e42
user:        Darren Moffat <darrenm at opensolaris.org>
date:        Tue Apr 01 17:56:03 2008 +0100
summary:     921 dsl_crypt_key_change needs implementing

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

zfs crypto discuss - Mar 2008 - [Bug 915] New: key wrapping needs proper IV

[Bug 915] New: key wrapping needs proper IV

[Bug 915] key wrapping needs proper IV