LinuxLists.cc - [PATCH] crypto: gcm - fix assumption that assoc has one segment

2013-03-28 19:54:08

Subject: [PATCH] crypto: gcm - fix assumption that assoc has one segment

rfc4543(gcm(*)) code for GMAC assumes that assoc scatterlist always contains
only one segment and only makes use of this first segment. However ipsec passes
assoc with three segments when using 'extended sequence number' thus in this
case rfc4543(gcm(*)) fails to function correctly. Patch fixes this issue.

Reported-by: Chaoxing Lin <[email protected]>
Tested-by: Chaoxing Lin <[email protected]>
Cc: [email protected]
Signed-off-by: Jussi Kivilinna <[email protected]>
---
crypto/gcm.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/crypto/gcm.c b/crypto/gcm.c
index 137ad1e..13ccbda 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -44,6 +44,7 @@ struct crypto_rfc4543_ctx {

struct crypto_rfc4543_req_ctx {
u8 auth_tag[16];
+ u8 assocbuf[32];
struct scatterlist cipher[1];
struct scatterlist payload[2];
struct scatterlist assoc[2];
@@ -1133,9 +1134,19 @@ static struct aead_request *crypto_rfc4543_crypt(struct aead_request *req,
scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2);
assoclen += 8 + req->cryptlen - (enc ? 0 : authsize);

- sg_init_table(assoc, 2);
- sg_set_page(assoc, sg_page(req->assoc), req->assoc->length,
- req->assoc->offset);
+ if (req->assoc->length == req->assoclen) {
+ sg_init_table(assoc, 2);
+ sg_set_page(assoc, sg_page(req->assoc), req->assoc->length,
+ req->assoc->offset);
+ } else {
+ BUG_ON(req->assoclen > sizeof(rctx->assocbuf));
+
+ scatterwalk_map_and_copy(rctx->assocbuf, req->assoc, 0,
+ req->assoclen, 0);
+
+ sg_init_table(assoc, 2);
+ sg_set_buf(assoc, rctx->assocbuf, req->assoclen);
+ }
scatterwalk_crypto_chain(assoc, payload, 0, 2);

aead_request_set_tfm(subreq, ctx->child);

2013-04-02 09:57:07

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH] crypto: gcm - fix assumption that assoc has one segment

On Thu, Mar 28, 2013 at 09:54:03PM +0200, Jussi Kivilinna wrote:
> rfc4543(gcm(*)) code for GMAC assumes that assoc scatterlist always contains
> only one segment and only makes use of this first segment. However ipsec passes
> assoc with three segments when using 'extended sequence number' thus in this
> case rfc4543(gcm(*)) fails to function correctly. Patch fixes this issue.
>
> Reported-by: Chaoxing Lin <[email protected]>
> Tested-by: Chaoxing Lin <[email protected]>
> Cc: [email protected]
> Signed-off-by: Jussi Kivilinna <[email protected]>

Patch applied. Thanks!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt