search

openzfs / zfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
10.48k stars 1.74k forks source link

Use sharded counter for nonces #11422

Open DemiMarie opened 3 years ago

DemiMarie commented 3 years ago

Describe the feature would like to see added to OpenZFS

I would like to see OpenZFS use a sharded counter for encryption. This can be implemented by using a CPU-local 32-bit counter for the least significant bits. When it overflows, a global counter is atomically incremented, and the new value is used for the most significant bits.

How will this feature improve OpenZFS?

Currently, OpenZFS uses a random nonce for every encryption. This forces it to rotate keys frequently, and still risks nonce reuse in certain scenarios. This allows guaranteeing that nonces will never be reused, which means that keys only need to be derived once.

Additional context

This would allow AES-GCM to replace AES-CCM as the default encryption method.

ahrens commented 3 years ago

@tcaputi could you comment on how significant this improvement would be?