Ping.... Is there anyone looking at this potential bug??
-----Original Message-----
From: Chaoxing Lin
Sent: Friday, March 08, 2013 11:38 AM
To: 'linux-crypto@vger.kernel.org'
Subject: potential bug in GMAC implementation. not work in ESN mode
I was testing ipsec with GMAC and found that the rfc4543 GMAC implementation in
kernel software crypto work in "esp=aes256gmac-noesn!" mode.
It does not work in in "esp=aes256gmac-esn!" mode. The tunnel was established
but no data traffic is possible.
Looking at source code, I found this piece of code is suspicious.
Line 1146~1147 tries to put req->assoc to assoc[1]. But I think this way only
works when req->assoc has only one segment. In ESN mode, req->assoc contains 3
segments (SPI, SN-hi, SN-low). Line 1146~1147 will only attach SPI segment(with
total length) in assoc.
Please let me know whether I understand it right.
Thanks,
Chaoxing
Source from kernel 3.8.2
path: root/crypto/gcm.c
1136: /* construct the aad */
1137: dstp = sg_page(dst);
vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset;
sg_init_table(payload, 2);
sg_set_buf(payload, req->iv, 8);
scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2);
assoclen += 8 + req->cryptlen - (enc ? 0 : authsize);
sg_init_table(assoc, 2);
1146: sg_set_page(assoc, sg_page(req->assoc), req->assoc->length,
1147: req->assoc->offset);
scatterwalk_crypto_chain(assoc, payload, 0, 2);
aead_request_set_tfm(subreq, ctx->child);
aead_request_set_callback(subreq, req->base.flags, req->base.complete,
req->base.data);
aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv);
1154: aead_request_set_assoc(subreq, assoc, assoclen);
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
