lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221027150558.722062-1-pgonda@google.com>
Date:   Thu, 27 Oct 2022 08:05:56 -0700
From:   Peter Gonda <pgonda@...gle.com>
To:     thomas.lendacky@....com
Cc:     Peter Gonda <pgonda@...gle.com>,
        Dionna Glaze <dionnaglaze@...gle.com>,
        Borislav Petkov <bp@...e.de>,
        Michael Roth <michael.roth@....com>,
        Haowen Bai <baihaowen@...zu.com>,
        Yang Yingliang <yangyingliang@...wei.com>,
        Marc Orr <marcorr@...gle.com>,
        David Rientjes <rientjes@...gle.com>,
        Ashish Kalra <Ashish.Kalra@....com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: [PATCH V3 0/2] Fix security issue in SNP guest AES-GCM usage

Currently the ASP and SNP guest use an AES-GCM bases secure channel to
communicate with each other. The IV for this encryption scheme is a
sequence that each party maintains. Currently the ASP requires the
sequence number of the request to be exactly one more than its saved
sequence number and the ASP only increments its saved sequence number
after a successful command. That means if the guest request ever fails
it can only ever retry that exact encrypted command or discontinue its
use of that VMPCK. If it were to try another command it would either
need to reuse the sequence number which is the IC. That can lead to the
encryption scheme failing with AES-GCM. Or if it incremented the
sequence number the ASP would never accept the command due to sequence
number mismatch.

https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf

Cc: Dionna Glaze <dionnaglaze@...gle.com>
Cc: Borislav Petkov <bp@...e.de>
Cc: Tom Lendacky <thomas.lendacky@....com>
Cc: Michael Roth <michael.roth@....com>
Cc: Haowen Bai <baihaowen@...zu.com>
Cc: Yang Yingliang <yangyingliang@...wei.com>
Cc: Marc Orr <marcorr@...gle.com>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Ashish Kalra <Ashish.Kalra@....com>
Cc: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org

Peter Gonda (2):
  virt: sev: Prevent IV reuse in SNP guest driver
  virt: sev: Allow for retrying SNP extended requests

 arch/x86/include/asm/svm.h              |  6 ++
 arch/x86/kernel/sev.c                   | 28 ++++++--
 drivers/virt/coco/sev-guest/sev-guest.c | 93 ++++++++++++++++---------
 3 files changed, 91 insertions(+), 36 deletions(-)

-- 
2.38.0.135.g90850a2211-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ