LinuxLists.cc - [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC

2017-04-27 15:46:35

Subject: [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC

The max keysize for both of these is 128, not 96. Before, with keysizes
over 96, the memcpy in ahash_setkey() would overwrite memory beyond the
key field.

Signed-off-by: Martin Hicks <[email protected]>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 0bba6a1..97dc85e 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev)
* HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
*/
#define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
-#define TALITOS_MAX_KEY_SIZE 96
+#define TALITOS_MAX_KEY_SIZE SHA512_BLOCK_SIZE /* SHA512 has the largest keysize input */
#define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */

struct talitos_ctx {
--
1.7.10.4

--
Martin Hicks P.Eng. | [email protected]
Bork Consulting Inc. | +1 (613) 266-2296

2017-04-28 11:08:35

by Horia Geanta

[permalink] [raw]

Subject: Re: [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC

On 4/27/2017 6:46 PM, Martin Hicks wrote:
>
> The max keysize for both of these is 128, not 96. Before, with keysizes
> over 96, the memcpy in ahash_setkey() would overwrite memory beyond the
> key field.
>
While here, what about aead_setkey()?
AFAICT, TALITOS_MAX_KEY_SIZE value has been incorrect since forever; it
does not cover the maximum values of encryption key + authentication key
for authenc algorithms.

So, based on algorithms currently registered, I think this should be:
#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + \
SHA512_BLOCK_SIZE)

> Signed-off-by: Martin Hicks <[email protected]>
Cc: [email protected] # 3.6+
Fixes: 357fb60502ede ("crypto: talitos - add sha224, sha384 and sha512
to existing AEAD algorithms")

> ---
> drivers/crypto/talitos.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
> index 0bba6a1..97dc85e 100644
> --- a/drivers/crypto/talitos.c
> +++ b/drivers/crypto/talitos.c
> @@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev)
> * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
> */
> #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
> -#define TALITOS_MAX_KEY_SIZE 96
> +#define TALITOS_MAX_KEY_SIZE SHA512_BLOCK_SIZE /* SHA512 has the largest keysize input */
> #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
>
> struct talitos_ctx {
>