[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54BB0E42.9070209@intel.com>
Date: Sat, 17 Jan 2015 17:37:06 -0800
From: Tadeusz Struk <tadeusz.struk@...el.com>
To: Stephan Mueller <smueller@...onox.de>, aidan.o.mahony@...el.com,
gabriele.paoloni@...el.com, adrian.hoban@...el.com
CC: linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
'LKML' <linux-kernel@...r.kernel.org>
Subject: Re: Intel GCM: __driver-gcm-aes-aesni setkey missing
Hi Stephan,
On 01/17/2015 10:23 AM, Stephan Mueller wrote:
> during testing of my algif_aead patch with the different GCM implementations I
> am able to trigger a kernel crash from user space using __driver-gcm-aes-
> aesni.
>
> As I hope that algif_aead is going to be included, unprivileged userspace
> would then reliably crash the kernel -- with the current kernel code,
> userspace has no interface to trigger the issue.
Yes, that's a problem.
>
> As I am not sure what the purpose of __driver-gcm-aes-aesni is (only a backend
> for RFC4106 GCM or a regular cipher), I did not yet create a patch. IMHO there
> are two solutions:
>
> - either create a valid setkey callback so that a key is set
>
> - or create a noop setkey that returns -EOPNOTSUPP which effectively disables
> that cipher for regular consumption.
__driver-gcm-aes-aesni is only a helper for rfc4106-gcm-aesni and it
never supposed to be used on it's own. I think implementing a setkey
function that only returns an error would be a good solution for this.
Another question is what if someone will ignore the error or skip the
setsockopt(ALG_SET_KEY) altogether and still call the sendmsg() and
read() to trigger encrypt()?
> Note, if it is only a backend for the RFC4106 implementation, may I ask why
> __driver-gcm-aes-aesni is implemented as a separate cipher that is registered
> with the kernel crypto API?
This is because we need to have one instance of the helper tfm with its
context per each of the rfc4106-gcm-aesni tfm instance and that was one
convenient way to do this.
Tadeusz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists