hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-12-18 22:15:46 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
3693b18840
HardenedBSD/sys
History
Conrad Meyer 3693b18840 opencrypto: Loosen restriction on HMAC key sizes 
Theoretically, HMACs do not actually have any limit on key sizes.
Transforms should compact input keys larger than the HMAC block size by
using the transform (hash) on the input key.

(Short input keys are padded out with zeros to the HMAC block size.)

Still, not all FreeBSD crypto drivers that provide HMAC functionality
handle longer-than-blocksize keys appropriately, so enforce a "maximum" key
length in the crypto API for auth_hashes that previously expressed a
requirement.  (The "maximum" is the size of a single HMAC block for the
given transform.)  Unconstrained auth_hashes are left as-is.

I believe the previous hardcoded sizes were committed in the original
import of opencrypto from OpenBSD and are due to specific protocol
details of IPSec.  Note that none of the previous sizes actually matched
the appropriate HMAC block size.

The previous hardcoded sizes made the SHA tests in cryptotest.py
useless for testing FreeBSD crypto drivers; none of the NIST-KAT example
inputs had keys sized to the previous expectations.

The following drivers were audited to check that they handled keys up to
the block size of the HMAC safely:

  Software HMAC:
    * padlock(4)
    * cesa
    * glxsb
    * safe(4)
    * ubsec(4)

  Hardware accelerated HMAC:
    * ccr(4)
    * hifn(4)
    * sec(4) (Only supports up to 64 byte keys despite claiming to
      support SHA2 HMACs, but validates input key sizes)
    * cryptocteon (MIPS)
    * nlmsec (MIPS)
    * rmisec (MIPS) (Amusingly, does not appear to use key material at
      all -- presumed broken)

Reviewed by:	jhb (previous version), rlibby (previous version)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12437
2017-09-26 16:18:10 +00:00
..
amd64
arm Remove the VIRT kernel config, it's now useable through GENERIC. 2017-09-24 13:28:24 +00:00
arm64
boot libefi: efipart_floppy() will should not pass acpi pointer if the HID test fails 2017-09-25 19:49:56 +00:00
bsm
cam
cddl fix r324011, MFV of r323535, 8585 improve batching done in zil_commit() 2017-09-26 15:38:16 +00:00
compat Small style(9) issue: spaces vs TAB. 2017-09-24 20:57:03 +00:00
conf
contrib Modernize the use of vm_page_unwire(). Since r288122, vm_page_unwire() 2017-09-24 22:29:11 +00:00
crypto opencrypto: Loosen restriction on HMAC key sizes 2017-09-26 16:18:10 +00:00
ddb
dev Fix gcc compilation issues in the mvneta driver 2017-09-25 02:06:51 +00:00
fs Use tmpfs_print for tmpfs FIFOs. 2017-09-25 20:26:16 +00:00
gdb
geom g_resize_provider_event: Do not invoke orphan method twice 2017-09-24 19:59:26 +00:00
gnu
i386
isa
kern Log signal number passed to PT_STEP requests in KTR_PTRACE traces. 2017-09-25 20:38:55 +00:00
kgssapi
libkern
mips
modules
net
net80211
netgraph
netinet
netinet6
netipsec opencrypto: Loosen restriction on HMAC key sizes 2017-09-26 16:18:10 +00:00
netpfil
netsmb
nfs
nfsclient
nfsserver
nlm
ofed
opencrypto opencrypto: Loosen restriction on HMAC key sizes 2017-09-26 16:18:10 +00:00
powerpc
riscv
rpc
security
sparc64
sys
teken
tests
tools
ufs
vm Change vm_page_try_to_free() to require a managed page. Essentially, 2017-09-24 23:35:01 +00:00
x86
xdr
xen
Makefile