lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Oct 2022 08:05:56 -0700 From: Peter Gonda <pgonda@...gle.com> To: thomas.lendacky@....com Cc: Peter Gonda <pgonda@...gle.com>, Dionna Glaze <dionnaglaze@...gle.com>, Borislav Petkov <bp@...e.de>, Michael Roth <michael.roth@....com>, Haowen Bai <baihaowen@...zu.com>, Yang Yingliang <yangyingliang@...wei.com>, Marc Orr <marcorr@...gle.com>, David Rientjes <rientjes@...gle.com>, Ashish Kalra <Ashish.Kalra@....com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org Subject: [PATCH V3 0/2] Fix security issue in SNP guest AES-GCM usage Currently the ASP and SNP guest use an AES-GCM bases secure channel to communicate with each other. The IV for this encryption scheme is a sequence that each party maintains. Currently the ASP requires the sequence number of the request to be exactly one more than its saved sequence number and the ASP only increments its saved sequence number after a successful command. That means if the guest request ever fails it can only ever retry that exact encrypted command or discontinue its use of that VMPCK. If it were to try another command it would either need to reuse the sequence number which is the IC. That can lead to the encryption scheme failing with AES-GCM. Or if it incremented the sequence number the ASP would never accept the command due to sequence number mismatch. https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf Cc: Dionna Glaze <dionnaglaze@...gle.com> Cc: Borislav Petkov <bp@...e.de> Cc: Tom Lendacky <thomas.lendacky@....com> Cc: Michael Roth <michael.roth@....com> Cc: Haowen Bai <baihaowen@...zu.com> Cc: Yang Yingliang <yangyingliang@...wei.com> Cc: Marc Orr <marcorr@...gle.com> Cc: David Rientjes <rientjes@...gle.com> Cc: Ashish Kalra <Ashish.Kalra@....com> Cc: linux-kernel@...r.kernel.org Cc: kvm@...r.kernel.org Peter Gonda (2): virt: sev: Prevent IV reuse in SNP guest driver virt: sev: Allow for retrying SNP extended requests arch/x86/include/asm/svm.h | 6 ++ arch/x86/kernel/sev.c | 28 ++++++-- drivers/virt/coco/sev-guest/sev-guest.c | 93 ++++++++++++++++--------- 3 files changed, 91 insertions(+), 36 deletions(-) -- 2.38.0.135.g90850a2211-goog
Powered by blists - more mailing lists