Date: Fri, 19 Sep 2014 06:20:15 GMT From: John-Mark Gurney <jmg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 1200497 for review Message-ID: <201409190620.s8J6KFLe006156@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@1200497?ac=10 Change 1200497 by jmg@jmg_carbon2 on 2014/09/19 06:19:18 document that the nonce/IV is required on every call for both GCM and ICM... This is because if you call w/ the same key and use a random IV, it is possible after enough calls that there might be a collision which would compromise security... Sponsored by: FreeBSD Foundation Sponsored by: Rubicon Communications, LLC (Netgate) Affected files ... .. //depot/projects/opencrypto/share/man/man7/crypto.7#3 edit Differences ... ==== //depot/projects/opencrypto/share/man/man7/crypto.7#3 (text+ko) ==== @@ -77,6 +77,8 @@ The associated data (if any) must be provided by the authentication mode op. The authentication tag will be read/written from/to the offset crd_inject of the authentication mode. +.Pp +Note: You must provide an IV on every call. .It Dv CRYPTO_AES_ICM .Bl -tag -width "Block size :" -compact -offset indent .It IV size : @@ -94,6 +96,8 @@ This does mean that if a counter is required that rolls over at 32 bits, the transaction need to be split into two parts where the counter rolls over. The counter incremented as a 128-bit big endian number. +.Pp +Note: You must provide an IV on every call. .It Dv CRYPTO_AES_XTS .Bl -tag -width "Block size :" -compact -offset indent .It IV size :
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409190620.s8J6KFLe006156>