lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7639295.Yx6QIQScqO@tachyon.chronox.de>
Date:	Mon, 05 Jan 2015 11:26:48 +0100
From:	Stephan Mueller <smueller@...onox.de>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	'LKML' <linux-kernel@...r.kernel.org>, linux-crypto@...r.kernel.org
Subject: Re: [PATCH] crypto: AEAD: add check for presence of auth tag

Am Montag, 5. Januar 2015, 21:19:01 schrieb Herbert Xu:

Hi Herbert,

> On Tue, Dec 30, 2014 at 10:16:03PM +0100, Stephan Mueller wrote:
> > The AEAD decryption operation requires the authentication tag to be
> > present as part of the cipher text buffer. The added check verifies that
> > the caller provides a cipher text buffer with at least the
> > authentication tag.
> > 
> > As the cipher text is provided as a scatterlist, loop through the
> > scatterlist until we know we have sufficient cipher text bytes to invoke
> > the AEAD decryption operation.
> 
> There is no need to vet the scatterlist.  For kernel users it's
> up to them to ensure that the length is valid with respect to the
> sg list.
> 
> For the user-space interface obviously you should ensure that a
> valid length is supplied.

Then it seems I misunderstood you in your last comments. I thought the check 
that the authentication tag is present should be moved to the crypto API so 
that all users benefit from it.

As the authentication tag is "inline" in the ciphertext data stream, the only 
way I see to check for its presence is to verify that sufficient ciphertext is 
provided.

If the AEAD user space interface should perform the check, then the code drop 
provided with patch v6 would already cover that.

Could you please help me understand where that check should be and what should 
be done at the crypto API level?

Thanks

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ