lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <939f33ed-7d43-06a6-1860-26157eeaec7c@linux.alibaba.com>
Date:   Fri, 8 Oct 2021 11:24:46 +0800
From:   Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To:     Vadim Fedorenko <vfedorenko@...ek.ru>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Boris Pismenny <borisp@...dia.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/tls: support SM4 CCM algorithm



On 10/1/21 6:56 AM, Vadim Fedorenko wrote:
> On 30.09.2021 04:34, Tianjia Zhang wrote:
>> Hi Vadim,
>>
>> On 9/29/21 5:24 AM, Vadim Fedorenko wrote:
>>> On 28.09.2021 07:28, Tianjia Zhang wrote:
>>>> The IV of CCM mode has special requirements, this patch supports CCM
>>>> mode of SM4 algorithm.
>>>>
>>> Have you tried to connect this implementation to application with
>>> user-space implementation of CCM mode? I wonder just because I have an
>>> issue with AES-CCM Kernel TLS implementation when it's connected to
>>> OpenSSL-driven server, but still have no time to fix it correctly.
>>
>> I did not encounter any issue when using KTLS with AES-CCM algorithm, 
>> but the KTLS RX mode on the OpenSSL side does not seem to be supported.
>>
>> I encountered some problems when using the SM4-CCM algorithm of KTLS. 
>> Follow the RFC8998 specification, the handshake has been successful, 
>> and the first data transmission can be successful. After that, I will 
>> encounter the problem of MAC verification failure, but this is issue 
>> on the OpenSSL side. because the problem is still being investigated, 
>> I have not opened the code for the time being.
>>
> Are you sure that this is an issue on the OpenSSL side? Because 
> absolutely the same problem is reported for AES-CCM algo and only when 
> it's offloaded to kernel. Looks like encryption of CCM could be broken 
> somehow.
> 
> I will try to investigate it a bit later from the AES-CCM side.

Yes, but I only used openssl s_server/s_client to do the test. In 
theory, this is not guaranteed to be fully covered. Can you tell us 
about the scenario where your issue occurred? I will try to see if it 
can replay.

Best regards,
Tianjia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ