lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 Mar 2013 13:05:16 +0000
From:	Chaoxing Lin <Chaoxing.Lin@...ra-3eti.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: RE: Crypto Fixes for 3.9

Would you be able to incorporate the GMAC ESN bug fix in 3.9?

Thanks,

Chaoxing


--------------------------------
Thanks Jussi, the patch fixes the problem.

You may commit it officially.

Chaoxing

-----Original Message-----
From: Jussi Kivilinna [mailto:jussi.kivilinna@....fi]
Sent: Tuesday, March 26, 2013 4:16 PM
To: Chaoxing Lin
Cc: linux-crypto@...r.kernel.org
Subject: Re: potential bug in GMAC implementation. not work in ESN mode

On 25.03.2013 18:12, Chaoxing Lin wrote:
> 2nd ping....
> 
> Nobody is maintaining crypto/gcm.c?
> 
> 
> 
> -----Original Message-----
> From: Chaoxing Lin
> Sent: Friday, March 08, 2013 11:38 AM
> To: 'linux-crypto@...r.kernel.org'
> Subject: potential bug in GMAC implementation. not work in ESN mode
> 
> I was testing ipsec with GMAC and found that the rfc4543 GMAC implementation in kernel software crypto work in "esp=aes256gmac-noesn!" mode.
> It does not work in in "esp=aes256gmac-esn!" mode. The tunnel was established but no data traffic is possible.
> 
> Looking at source code, I found this piece of code is suspicious.
> Line 1146~1147 tries to put req->assoc to assoc[1]. But I think this way only works when req->assoc has only one segment. In ESN mode, req->assoc contains 3 segments (SPI, SN-hi, SN-low). Line 1146~1147 will only attach SPI segment(with total length) in assoc.
> 
> Please let me know whether I understand it right.

Your analysis seems correct. Does attached the patch fix the problem? (I've only compile tested it.)

-Jussi

> Thanks,
> 
> Chaoxing
> 
> 
> Source from kernel 3.8.2
> path: root/crypto/gcm.c
> 
> 1136: /* construct the aad */
> 1137:	dstp = sg_page(dst);
> 	vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
> 
> 	sg_init_table(payload, 2);
> 	sg_set_buf(payload, req->iv, 8);
> 	scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2);
> 	assoclen += 8 + req->cryptlen - (enc ? 0 : authsize);
> 
> 	sg_init_table(assoc, 2);
> 1146:	sg_set_page(assoc, sg_page(req->assoc), req->assoc->length,
> 1147:		    req->assoc->offset);
> 	scatterwalk_crypto_chain(assoc, payload, 0, 2);
> 
> 	aead_request_set_tfm(subreq, ctx->child);
> 	aead_request_set_callback(subreq, req->base.flags, req->base.complete,
> 				  req->base.data);
> 	aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv);
> 1154:	aead_request_set_assoc(subreq, assoc, assoclen);
> --
> To unsubscribe from this list: send the line "unsubscribe 
> linux-crypto" in the body of a message to majordomo@...r.kernel.org 
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


-----Original Message-----
From: linux-crypto-owner@...r.kernel.org [mailto:linux-crypto-owner@...r.kernel.org] On Behalf Of Herbert Xu
Sent: Thursday, March 28, 2013 4:29 AM
To: Linus Torvalds; David S. Miller; Linux Kernel Mailing List; Linux Crypto Mailing List
Subject: Crypto Fixes for 3.9

Hi Linus:

This push removes IPsec ESN support from the talitos/caam drivers since they were implemented incorrectly, causing interoperability problems if ESN is used with them.

Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git

or

master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git


Horia Geanta (2):
      Revert "crypto: talitos - add IPsec ESN support"
      Revert "crypto: caam - add IPsec ESN support"

 drivers/crypto/caam/caamalg.c |   27 ++-------------------------
 drivers/crypto/caam/compat.h  |    1 -
 drivers/crypto/talitos.c      |   30 ++----------------------------
 3 files changed, 4 insertions(+), 54 deletions(-)

Thanks,
--
Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@...r.kernel.org More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ