Would you be able to incorporate the GMAC ESN bug fix in 3.9? Thanks, Chaoxing -------------------------------- Thanks Jussi, the patch fixes the problem. You may commit it officially. Chaoxing -----Original Message----- From: Jussi Kivilinna [mailto:jussi.kivilinna@xxxxxx] Sent: Tuesday, March 26, 2013 4:16 PM To: Chaoxing Lin Cc: linux-crypto@xxxxxxxxxxxxxxx Subject: Re: potential bug in GMAC implementation. not work in ESN mode On 25.03.2013 18:12, Chaoxing Lin wrote: > 2nd ping.... > > Nobody is maintaining crypto/gcm.c? > > > > -----Original Message----- > From: Chaoxing Lin > Sent: Friday, March 08, 2013 11:38 AM > To: 'linux-crypto@xxxxxxxxxxxxxxx' > Subject: potential bug in GMAC implementation. not work in ESN mode > > I was testing ipsec with GMAC and found that the rfc4543 GMAC implementation in kernel software crypto work in "esp=aes256gmac-noesn!" mode. > It does not work in in "esp=aes256gmac-esn!" mode. The tunnel was established but no data traffic is possible. > > Looking at source code, I found this piece of code is suspicious. > Line 1146~1147 tries to put req->assoc to assoc[1]. But I think this way only works when req->assoc has only one segment. In ESN mode, req->assoc contains 3 segments (SPI, SN-hi, SN-low). Line 1146~1147 will only attach SPI segment(with total length) in assoc. > > Please let me know whether I understand it right. Your analysis seems correct. Does attached the patch fix the problem? (I've only compile tested it.) -Jussi > Thanks, > > Chaoxing > > > Source from kernel 3.8.2 > path: root/crypto/gcm.c > > 1136: /* construct the aad */ > 1137: dstp = sg_page(dst); > vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; > > sg_init_table(payload, 2); > sg_set_buf(payload, req->iv, 8); > scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2); > assoclen += 8 + req->cryptlen - (enc ? 0 : authsize); > > sg_init_table(assoc, 2); > 1146: sg_set_page(assoc, sg_page(req->assoc), req->assoc->length, > 1147: req->assoc->offset); > scatterwalk_crypto_chain(assoc, payload, 0, 2); > > aead_request_set_tfm(subreq, ctx->child); > aead_request_set_callback(subreq, req->base.flags, req->base.complete, > req->base.data); > aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); > 1154: aead_request_set_assoc(subreq, assoc, assoclen); > -- > To unsubscribe from this list: send the line "unsubscribe > linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -----Original Message----- From: linux-crypto-owner@xxxxxxxxxxxxxxx [mailto:linux-crypto-owner@xxxxxxxxxxxxxxx] On Behalf Of Herbert Xu Sent: Thursday, March 28, 2013 4:29 AM To: Linus Torvalds; David S. Miller; Linux Kernel Mailing List; Linux Crypto Mailing List Subject: Crypto Fixes for 3.9 Hi Linus: This push removes IPsec ESN support from the talitos/caam drivers since they were implemented incorrectly, causing interoperability problems if ESN is used with them. Please pull from git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git or master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git Horia Geanta (2): Revert "crypto: talitos - add IPsec ESN support" Revert "crypto: caam - add IPsec ESN support" drivers/crypto/caam/caamalg.c | 27 ++------------------------- drivers/crypto/caam/compat.h | 1 - drivers/crypto/talitos.c | 30 ++---------------------------- 3 files changed, 4 insertions(+), 54 deletions(-) Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
