git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Ilya Dryomov <idryomov@gmail.com>
	Mon, 27 Apr 2020 14:07:46 +0000 (16:07 +0200)
committer	Ilya Dryomov <idryomov@gmail.com>
	Wed, 17 Jun 2020 19:56:43 +0000 (21:56 +0200)
commit	7e4388f16eb19ed29df53b335ce2abfbf095e7fc
tree	a4abcb1871c11136bb58105938613f156307b6a7	tree \| snapshot
parent	2966b2a5d34c098a5da2ba33fe1f37db3811c291	commit \| diff

msg/async/crypto_onwire: implement msgr2.1 nonce format

Move to a 64-bit counter to avoid wrapping and having to reset
the session before the counter repeats.  This is in line with NIST
Recommendation for GCM [1]:

  "... this Recommendation suggests, but does not require, that
  the leading (i.e., leftmost) 32 bits of the IV hold the fixed
  field; and that the trailing (i.e., rightmost) 64 bits hold the
  invocation field."

See commit bb61e6a5adc3 ("msg/async/ProtocolV2: avoid AES-GCM nonce
reuse vulnerabilities").

[1] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

src/msg/async/ProtocolV2.cc		diff \| blob \| history
src/msg/async/crypto_onwire.cc		diff \| blob \| history
src/msg/async/crypto_onwire.h		diff \| blob \| history