Received: by 10.223.164.221 with SMTP id h29csp3972655wrb;
        Tue, 31 Oct 2017 07:45:11 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QagChDFCAprjH+pD8TrXGDeCnDRsbm9GToKjBDk/V7M9ptnPGdq7TtXw3u18mvTLoNcea3
X-Received: by 10.98.73.67 with SMTP id w64mr2311562pfa.338.1509461111591;
        Tue, 31 Oct 2017 07:45:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509461111; cv=none;
        d=google.com; s=arc-20160816;
        b=kvBAyjAvtaMPDXJW5hzxMvUwblc81VokdGZ+YCA8sGZMIhWCZebYjDr4NE/4ObBskI
         vTSs/4Q1Lg1ak3utBFlStiU2UPeFouXx98dDiLihww5UQEnUdOjV3T6jn3ogTGKxnidp
         p6p9gPFJ9QxBlBLyUAfZ01rK9nKdRk/M7vIOE0BHp6iraNbH95P1WU7C/4YYSXS78QSp
         RFcWB48IltlptovmgqH/UqHzCdQ/BuAaVONjnLooji4cDTZMSOQOKHvPO8qBEy3Ldf/8
         viFNNCGfads/OZifWf+4LHx4SsifMM/LvaFgSSJqkPl+vreDqFukrzqcdf/OAIvvSTVc
         Brsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=7zd+w4Kg9d6WEZkIA1FDcHVB+TjRKnwRLATjXQaj/BI=;
        b=j3CNSOtXQgXa6o7VJ6xP3KB2FY5lekN4SpOGOpmhOuuy48kpAlpypimy9qUGcO8+mB
         uj7Me3QC6qvKJlAUfYZPx0hYYQx8WevXfNSrzmUSj96ZMTegPXdjiKqGNznsjX0cWAia
         JsOb6m0kTotol2qvhlyicbBMHn1yIJELMFW/1oE19Q2He1pKulqhV7P5rMPBxJDoaxsU
         kANuw/ZVwpoz60+ZYI1tRo8UAJD4KLwkx8HmJBF6fwXpmNPLQxbXfbqvLfsR4Q90YapN
         icv0ihUiPCLoQahZMefkqxntHAu+LJuP3cdOJtUKoFReb5yINyHTD4D8td6H9nh92QUB
         MBIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dxLgGa1H;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i1si1757003pfi.590.2017.10.31.07.44.57;
        Tue, 31 Oct 2017 07:45:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dxLgGa1H;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753435AbdJaOnI (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Tue, 31 Oct 2017 10:43:08 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:44314 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751408AbdJaOnG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 31 Oct 2017 10:43:06 -0400
Received: by mail-wm0-f66.google.com with SMTP id n74so13310819wmi.1;
        Tue, 31 Oct 2017 07:43:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=7zd+w4Kg9d6WEZkIA1FDcHVB+TjRKnwRLATjXQaj/BI=;
        b=dxLgGa1HogUEkdJOezPQ4RLrBCRR/hls1LIVk454MMvEVVOJrPOsicpLRN6DE134ZF
         /8IqrtxhYDhTwHG+q9RiO9Y2JGgw5N1v5PioegPTWCQw1I8fHqCJwMMZL7IIHzNn+wa9
         9GOfvJR8uCIC7YiEAz5Yr+EnaEXDNRD5iWX8mcKSwNNatMoJgGMhUT7xOy4Cwv0DJ6Ll
         VokzVGqm6u64ZYRoMiHcoJjnpTlMSTxJZD7YhNjI4Dn2geWt9afh7PZx7VAAb14rN4v3
         0TC23wJ/BY4YDdGf1EdSaT59AoyYHZqK1b4EKeujqWTToS5AJUSbw3Gr2kQYc68Rki5M
         OJzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=7zd+w4Kg9d6WEZkIA1FDcHVB+TjRKnwRLATjXQaj/BI=;
        b=RPasalQx+ygfVIfg5CDjZpaZzSbadxtqG6YECLcHfqnh/Zp+jiy7myHOOBZiDGlf+l
         MvwTAh2GOhGoHvSLFhUYPlRibVZ/almnErTLeuVH2THN54qP4bJZCJE5aNBprSpojJM3
         IV6HkaqtXw6IVSFYUMLe+gCNkvXfhHCoE1wMAoLu62iqT3vrO/MuDXwZ10OtPJEPrgPg
         pPaBdKpjSba8wsbvtorEX8dfazKwFGsA2NCe2k6pcpzmBeo7GUZNDxXMCeJ3I6LYCxSJ
         QlCQvTv4K77MDxYPjiLw7jpw+x1dwFcO+/lKUkBkQzY94iuttTwjwZ0425XJmZHIO76c
         uAQQ==
X-Gm-Message-State: AMCzsaV6Q5LN59HyHBO55+tvles9R/MCRPHWp4NagHnVlfMpG0aO4zRR
        aY6OY9W8eEbLnacHY86KSFo=
X-Received: by 10.28.145.13 with SMTP id t13mr2007878wmd.40.1509460985023;
        Tue, 31 Oct 2017 07:43:05 -0700 (PDT)
Received: from localhost.localdomain (146.187.3.109.rev.sfr.net. [109.3.187.146])
        by smtp.gmail.com with ESMTPSA id v15sm1690375wmf.25.2017.10.31.07.43.03
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 31 Oct 2017 07:43:04 -0700 (PDT)
From:   Romain Izard <romain.izard.pro@gmail.com>
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>,
        Tudor Ambarus <tudor.ambarus@microchip.com>
Cc:     linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        Romain Izard <romain.izard.pro@gmail.com>
Subject: [PATCH] crypto: ccm - preserve the IV buffer
Date:   Tue, 31 Oct 2017 15:42:35 +0100
Message-Id: <20171031144235.22818-1-romain.izard.pro@gmail.com>
X-Mailer: git-send-email 2.14.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The IV buffer used during CCM operations is used twice, during both the
hashing step and the ciphering step.

When using a hardware accelerator that updates the contents of the IV
buffer at the end of ciphering operations, the value will be modified.
In the decryption case, the subsequent setup of the hashing algorithm
will interpret the updated IV instead of the original value, which can
lead to out-of-bounds writes.

Reuse the idata buffer, only used in the hashing step, to preserve the
IV's value during the ciphering step in the decryption case.

Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
---
 crypto/ccm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ccm.c b/crypto/ccm.c
index 1ce37ae0ce56..0a083342ec8c 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -363,7 +363,7 @@ static int crypto_ccm_decrypt(struct aead_request *req)
 	unsigned int cryptlen = req->cryptlen;
 	u8 *authtag = pctx->auth_tag;
 	u8 *odata = pctx->odata;
-	u8 *iv = req->iv;
+	u8 *iv = pctx->idata;
 	int err;
 
 	cryptlen -= authsize;
@@ -379,6 +379,8 @@ static int crypto_ccm_decrypt(struct aead_request *req)
 	if (req->src != req->dst)
 		dst = pctx->dst;
 
+	memcpy(iv, req->iv, 16);
+
 	skcipher_request_set_tfm(skreq, ctx->ctr);
 	skcipher_request_set_callback(skreq, pctx->flags,
 				      crypto_ccm_decrypt_done, req);
-- 
2.14.1


From 1583057098903773328@xxx Fri Nov 03 14:54:56 +0000 2017
X-GM-THRID: 1583057098903773328
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread