lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM0PR04MB6004B49C47CA3E8F264812DCE7FCA@AM0PR04MB6004.eurprd04.prod.outlook.com>
Date:   Mon, 25 Sep 2023 09:03:52 +0000
From:   Gaurav Jain <gaurav.jain@....com>
To:     Kamlesh Gurudasani <kamlesh@...com>,
        Eric Biggers <ebiggers@...nel.org>
CC:     Horia Geanta <horia.geanta@....com>,
        Pankaj Gupta <pankaj.gupta@....com>,
        Varun Sethi <V.Sethi@....com>,
        Meenakshi Aggarwal <meenakshi.aggarwal@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Aisheng Dong <aisheng.dong@....com>,
        Silvano Di Ninno <silvano.dininno@....com>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        dl-linux-imx <linux-imx@....com>
Subject: RE: [EXTERNAL] RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 +
 Poly1305 self test failure

Hi Kamlesh

> -----Original Message-----
> From: Kamlesh Gurudasani <kamlesh@...com>
> Sent: Friday, September 22, 2023 12:47 PM
> To: Gaurav Jain <gaurav.jain@....com>; Eric Biggers <ebiggers@...nel.org>
> Cc: Horia Geanta <horia.geanta@....com>; Pankaj Gupta
> <pankaj.gupta@....com>; Varun Sethi <V.Sethi@....com>; Meenakshi
> Aggarwal <meenakshi.aggarwal@....com>; Herbert Xu
> <herbert@...dor.apana.org.au>; David S . Miller <davem@...emloft.net>;
> Aisheng Dong <aisheng.dong@....com>; Silvano Di Ninno
> <silvano.dininno@....com>; linux-crypto@...r.kernel.org; linux-
> kernel@...r.kernel.org; dl-linux-imx <linux-imx@....com>
> Subject: Re: [EXTERNAL] RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 +
> Poly1305 self test failure
> 
> Caution: This is an external email. Please take care when clicking links or
> opening attachments. When in doubt, report the message using the 'Report this
> email' button
> 
> 
> Gaurav Jain <gaurav.jain@....com> writes:
> 
> > Hi Eric
> >
> >> -----Original Message-----
> >> From: Eric Biggers <ebiggers@...nel.org>
> >> Sent: Friday, September 22, 2023 8:11 AM
> >> To: Gaurav Jain <gaurav.jain@....com>
> >> Cc: Horia Geanta <horia.geanta@....com>; Pankaj Gupta
> >> <pankaj.gupta@....com>; Varun Sethi <V.Sethi@....com>; Meenakshi
> >> Aggarwal <meenakshi.aggarwal@....com>; Herbert Xu
> >> <herbert@...dor.apana.org.au>; David S . Miller
> >> <davem@...emloft.net>; Aisheng Dong <aisheng.dong@....com>; Silvano
> >> Di Ninno <silvano.dininno@....com>; linux-crypto@...r.kernel.org;
> >> linux- kernel@...r.kernel.org; dl-linux-imx <linux-imx@....com>
> >> Subject: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305
> >> self test failure
> >>
> >> Caution: This is an external email. Please take care when clicking
> >> links or opening attachments. When in doubt, report the message using
> >> the 'Report this email' button
> >>
> >>
> >> On Thu, Sep 21, 2023 at 06:12:37PM +0530, Gaurav Jain wrote:
> >> > key buffer is not copied in chachapoly_setkey function, results in
> >> > wrong output for encryption/decryption operation.
> >> >
> >> > fix this by memcpy the key in caam_ctx key arrary
> Not sure, but do you mean array*?
> 
> >> >
> >> > Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 +
> >> > Poly1305")
> >> > Signed-off-by: Gaurav Jain <gaurav.jain@....com>
> >> > ---
> >> >  drivers/crypto/caam/caamalg.c | 3 ++-
> >> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >> >
> >> > diff --git a/drivers/crypto/caam/caamalg.c
> >> > b/drivers/crypto/caam/caamalg.c index eba2d750c3b0..066f08a3a040
> >> > 100644
> >> > --- a/drivers/crypto/caam/caamalg.c
> >> > +++ b/drivers/crypto/caam/caamalg.c
> >> > @@ -575,7 +575,8 @@ static int chachapoly_setkey(struct crypto_aead
> >> > *aead,
> >> const u8 *key,
> >> >       if (keylen != CHACHA_KEY_SIZE + saltlen)
> >> >               return -EINVAL;
> >> >
> >> > -     ctx->cdata.key_virt = key;
> >> > +     memcpy(ctx->key, key, keylen);
> >> > +     ctx->cdata.key_virt = ctx->key;
> >> >       ctx->cdata.keylen = keylen - saltlen;
> >> >
> >>
> >> Huh, so this driver just ignored the key?  Is anyone using the
> >> ChaCha20Poly1305 support in this driver?  Based on this bug existing,
> >> that seems unlikely.  If that's the case, wouldn't it be better just
> >> to remove the ChaCha20Poly1305 support from this driver so that the code
> doesn't need to be maintained?
> >
> > This algorithm is used in IPSEC and we are also going to use
> ChaCha20Poly1305 support for Kernel TLS.
> > Gaurav
> Does this mean IPSEC doesn't call setkey() or the key value was such that it didn't
> affect even after failing to actually set the key?
Our test passed with older kernel versions, This issue was caught in testing with the latest kernel version only.

Regards
Gaurav 
> 
> -Kamlesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ