Properly constrain use of nonces with AEAD crypto
idra at samba.org
idra at samba.org
Thu May 21 02:01:26 MDT 2015
The current AEAD crypto primitives we have access to and use (AES-128-CCM and
AES-128-GCM) have a very annoying failure mode if a nonce is ever reused with
the same key.
The attached patch adds checks to avoid ever wrapping and resusing a nonce.
It passes a custom autobuild.
Please review and push.
Simo.
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-In-CCM-and-GCM-mode-we-can-t-reuse-nonces.patch
Type: text/x-diff
Size: 6889 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150521/0dee8039/attachment.patch>
More information about the samba-technical
mailing list