lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1976848.LqsUs5V3zD@tachyon.chronox.de>
Date:	Sat, 17 Jan 2015 19:23:42 +0100
From:	Stephan Mueller <smueller@...onox.de>
To:	tadeusz.struk@...el.com, aidan.o.mahony@...el.com,
	gabriele.paoloni@...el.com, adrian.hoban@...el.com
Cc:	linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
	'LKML' <linux-kernel@...r.kernel.org>
Subject: Intel GCM: __driver-gcm-aes-aesni setkey missing

Hi Gabriele, Adrian, Tadeusz, Aidan,

during testing of my algif_aead patch with the different GCM implementations I 
am able to trigger a kernel crash from user space using __driver-gcm-aes-
aesni.

As I hope that algif_aead is going to be included, unprivileged userspace 
would then reliably crash the kernel -- with the current kernel code, 
userspace has no interface to trigger the issue.

Looking into the kernel code I think I see where the issue is. The crash 
happens when setkey is invoked. The kernel crypto API defines setkey as the 
following:

static inline int crypto_aead_setkey(struct crypto_aead *tfm, const u8 *key,
                                     unsigned int keylen)
{
        struct aead_tfm *crt = crypto_aead_crt(tfm);

        return crt->setkey(crt->base, key, keylen);
}

This means that the kernel crypto API expects that ciphers always implement a 
setkey callback.

However, __driver-gcm-aes-aesni does not implement a setkey:

                .aead = {
                        .encrypt        = __driver_rfc4106_encrypt,
                        .decrypt        = __driver_rfc4106_decrypt,
                },

As I am not sure what the purpose of __driver-gcm-aes-aesni is (only a backend 
for RFC4106 GCM or a regular cipher), I did not yet create a patch. IMHO there 
are two solutions:

- either create a valid setkey callback so that a key is set

- or create a noop setkey that returns -EOPNOTSUPP which effectively disables 
that cipher for regular consumption.

Note, if it is only a backend for the RFC4106 implementation, may I ask why 
__driver-gcm-aes-aesni is implemented as a separate cipher that is registered 
with the kernel crypto API?

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ