| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Sep 2023 12:47:29 +0530
From: Kamlesh Gurudasani <kamlesh@...com>
To: Gaurav Jain <gaurav.jain@....com>,
Eric Biggers <ebiggers@...nel.org>
CC: Horia Geanta <horia.geanta@....com>,
Pankaj Gupta <pankaj.gupta@....com>,
Varun Sethi <V.Sethi@....com>,
Meenakshi Aggarwal <meenakshi.aggarwal@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>,
Aisheng Dong <aisheng.dong@....com>,
Silvano Di Ninno <silvano.dininno@....com>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
dl-linux-imx <linux-imx@....com>
Subject: Re: [EXTERNAL] RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20
+ Poly1305 self test failure
Gaurav Jain <gaurav.jain@....com> writes:
> Hi Eric
>
>> -----Original Message-----
>> From: Eric Biggers <ebiggers@...nel.org>
>> Sent: Friday, September 22, 2023 8:11 AM
>> To: Gaurav Jain <gaurav.jain@....com>
>> Cc: Horia Geanta <horia.geanta@....com>; Pankaj Gupta
>> <pankaj.gupta@....com>; Varun Sethi <V.Sethi@....com>; Meenakshi
>> Aggarwal <meenakshi.aggarwal@....com>; Herbert Xu
>> <herbert@...dor.apana.org.au>; David S . Miller <davem@...emloft.net>;
>> Aisheng Dong <aisheng.dong@....com>; Silvano Di Ninno
>> <silvano.dininno@....com>; linux-crypto@...r.kernel.org; linux-
>> kernel@...r.kernel.org; dl-linux-imx <linux-imx@....com>
>> Subject: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305 self test
>> failure
>>
>> Caution: This is an external email. Please take care when clicking links or
>> opening attachments. When in doubt, report the message using the 'Report this
>> email' button
>>
>>
>> On Thu, Sep 21, 2023 at 06:12:37PM +0530, Gaurav Jain wrote:
>> > key buffer is not copied in chachapoly_setkey function, results in
>> > wrong output for encryption/decryption operation.
>> >
>> > fix this by memcpy the key in caam_ctx key arrary
Not sure, but do you mean array*?
>> >
>> > Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 +
>> > Poly1305")
>> > Signed-off-by: Gaurav Jain <gaurav.jain@....com>
>> > ---
>> > drivers/crypto/caam/caamalg.c | 3 ++-
>> > 1 file changed, 2 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/drivers/crypto/caam/caamalg.c
>> > b/drivers/crypto/caam/caamalg.c index eba2d750c3b0..066f08a3a040
>> > 100644
>> > --- a/drivers/crypto/caam/caamalg.c
>> > +++ b/drivers/crypto/caam/caamalg.c
>> > @@ -575,7 +575,8 @@ static int chachapoly_setkey(struct crypto_aead *aead,
>> const u8 *key,
>> > if (keylen != CHACHA_KEY_SIZE + saltlen)
>> > return -EINVAL;
>> >
>> > - ctx->cdata.key_virt = key;
>> > + memcpy(ctx->key, key, keylen);
>> > + ctx->cdata.key_virt = ctx->key;
>> > ctx->cdata.keylen = keylen - saltlen;
>> >
>>
>> Huh, so this driver just ignored the key? Is anyone using the ChaCha20Poly1305
>> support in this driver? Based on this bug existing, that seems unlikely. If that's
>> the case, wouldn't it be better just to remove the ChaCha20Poly1305 support
>> from this driver so that the code doesn't need to be maintained?
>
> This algorithm is used in IPSEC and we are also going to use ChaCha20Poly1305 support for Kernel TLS.
> Gaurav
Does this mean IPSEC doesn't call setkey() or the key value was such
that it didn't affect even after failing to actually set the key?
-Kamlesh
Powered by blists - more mailing lists