bugzilla-daemon at defect.opensolaris.org
2008-Apr-22 22:34 UTC
[Bug 1444] New: keywrap algorithm should include integrity check
http://defect.opensolaris.org/bz/show_bug.cgi?id=1444
Summary: keywrap algorithm should include integrity check
Classification: Development
Product: zfs-crypto
Version: unspecified
Platform: Other
OS/Version: Solaris
Status: ACCEPTED
Severity: minor
Priority: P2
Component: other
AssignedTo: darrenm at opensolaris.org
ReportedBy: darrenm at opensolaris.org
QAContact: hua.tang at sun.com
CC: zfs-crypto-discuss at opensolaris.org
Estimated Hours: 0.0
The keywrapping needs to include a cryptographic integrity check so that we
know we are unwrapping the correct and untampered with key.
Using the NIST AES keywrap algorithm would provide this capability. So does
AES CCM mode. Since ZFS Crypto is already using AES CCM mode and the Solaris
cryptographic framework doesn''t currently have the NIST AES keywrap as
a
mechanism this phase of ZFS Crypto will use AES CCM with a 16 byte MAC.
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-May-06 20:23 UTC
[Bug 1444] keywrap algorithm should include integrity check
http://defect.opensolaris.org/bz/show_bug.cgi?id=1444
Darren J Moffat <darrenm at opensolaris.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ACCEPTED |CLOSED
Resolution| |FIXINSOURCE
--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org>
2008-05-06 13:23:53 ---
A broken version of this is already in the gate, and I forgot to mark this as
integrated. So I''ll just use this bug to integrate the fixed version.
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.