Re: crypto: algif_aead - Switch to new AEAD interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mittwoch, 27. Mai 2015, 17:24:41 schrieb Herbert Xu:

Hi Herbert,

after testing of the new algif_aead interface, I am wondering about the 
following changes which seem to alter the way how the tag is supposed to be 
handled:

> -	return (ctx->used >= (ctx->aead_assoclen + (ctx->enc ? 0 : as)));
> +	return ctx->used >= ctx->aead_assoclen + as;

This change requires that the buffer handed in by user space always has room 
for the tag, regardless whether it is needed or not. Is that intended?

> -		/* add the size needed for the auth tag to be created */
> -		outlen += as;
> -	} else {
> -		/* output data size is input without the authentication tag */
> -		outlen = used - as;

The removal of these make me wonder: with those missing, the output of the 
cipher operation does not have CT || tag (in case of encryption) or PT (in 
case of encryption.

Note, I have updated my user space code to require space for the AD in the 
output buffer. When reverting those changes with the following patch, the code 
works nicely. If I do not apply the patch, the beginning of the CT or PT is as 
expected, but the end is bogus. Also, the tag would be missing.

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 38a6cab..b6af158 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -72,7 +72,7 @@ static inline bool aead_sufficient_data(struct aead_ctx 
*ctx)
 {
        unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx-
>aead_req));
 
-       return ctx->used >= ctx->aead_assoclen + as;
+       return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as);
 }
 
 static void aead_put_sgl(struct sock *sk)
@@ -403,13 +403,19 @@ static int aead_recvmsg(struct socket *sock, struct 
msghdr *msg, size_t ignored,
        if (!aead_sufficient_data(ctx))
                goto unlock;
 
-       outlen = used;
+       if (ctx->enc) {
+               /* add the size needed for the auth tag to be created */
+               outlen = used + as;
+       } else {
+               /* output data size is input without the authentication tag */
+               outlen = used - as;
+       }
 
        /*
         * The cipher operation input data is reduced by the associated data
         * length as this data is processed separately later on.
         */
-       used -= ctx->aead_assoclen + (ctx->enc ? as : 0);
+       used -= ctx->aead_assoclen;
 
        /* convert iovecs of output buffers into scatterlists */
        while (iov_iter_count(&msg->msg_iter)) {



However, when use those changes and I perform the test of libkcapi/test/kcapi 
-y -s, I get the following strange crash which i have no idea where to look 
for the cause (normal sendmsg and vmsplice tests with libkcapi/test/kcapi -y 
and libkcapi/test/kcapi -y -v work flawless)

[  177.112195] Modules linked in: crypto_user ccm algif_aead(E) af_alg 
nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT 
nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 
nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 ebtable_nat ebtable_broute 
bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security 
ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security 
iptable_raw crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel 
aesni_intel aes_x86_64 glue_helper ablk_helper microcode joydev pcspkr 
serio_raw virtio_balloon i2c_piix4 acpi_cpufreq qxl virtio_blk virtio_net 
drm_kms_helper ttm drm virtio_pci virtio_ring virtio [last unloaded: 
algif_aead]
[  177.112306] CPU: 1 PID: 2012 Comm: kcapi Tainted: G            E   4.0.0+ 
#228
[  177.112312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.7.5-20140709_153950- 04/01/2014
[  177.112319] task: ffff88007aaa3300 ti: ffff88007c0a4000 task.ti: 
ffff88007c0a4000
[  177.112324] RIP: 0010:[<ffffffff8118fb6a>]  [<ffffffff8118fb6a>] 
ksize+0x4a/0xf0
[  177.112337] RSP: 0018:ffff88007c0a7d98  EFLAGS: 00010286
[  177.112344] RAX: 00000188000680c0 RBX: ffffeb88000680c0 RCX: 
0000000000000000
[  177.112350] RDX: 0000000000000010 RSI: ffffea0001a033c2 RDI: 
000077ff80000000
[  177.112356] RBP: ffff88007c0a7da8 R08: ffffea0001efa2e0 R09: 
0000000000000007
[  177.112361] R10: ffff880079419bb0 R11: ffff88007aac8b10 R12: 
0000000000000010
[  177.112367] R13: 0000000000000010 R14: ffff88007d0bc920 R15: 
ffff8800796acc00
[  177.112375] FS:  00007f2e2fd8a700(0000) GS:ffff88007fd00000(0000) 
knlGS:0000000000000000
[  177.112381] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  177.112386] CR2: ffffeb88000680c0 CR3: 000000007c044000 CR4: 
00000000000407e0
[  177.112402] Stack:
[  177.112407]  ffff88007c0a7db8 ffffea0001a033c2 ffff88007c0a7dc8 
ffffffff811636bc
[  177.112418]  ffff88007c0a7de8 ffff88007c278800 ffff88007c0a7de8 
ffffffff81563ddf
[  177.112428]  ffff88007c278800 ffff88007a404000 ffff88007c0a7e18 
ffffffffa028f694
[  177.112438] Call Trace:
[  177.112452]  [<ffffffff811636bc>] kzfree+0x1c/0x40
[  177.112478]  [<ffffffff81563ddf>] sock_kzfree_s+0x1f/0x60
[  177.112486]  [<ffffffffa028f694>] aead_sock_destruct+0x54/0xa0 [algif_aead]
[  177.112492]  [<ffffffff815653b3>] __sk_free+0x23/0x140
[  177.112497]  [<ffffffff815654e9>] sk_free+0x19/0x20
[  177.112504]  [<ffffffffa02812f9>] af_alg_release+0x29/0x30 [af_alg]
[  177.112511]  [<ffffffff8156065f>] sock_release+0x1f/0x90
[  177.112517]  [<ffffffff815606e2>] sock_close+0x12/0x20
[  177.112524]  [<ffffffff811ab51c>] __fput+0xdc/0x1f0
[  177.112531]  [<ffffffff811ab67e>] ____fput+0xe/0x10
[  177.112539]  [<ffffffff8106f187>] task_work_run+0xb7/0xf0
[  177.112545]  [<ffffffff81002c31>] do_notify_resume+0x51/0x70
[  177.112553]  [<ffffffff816879bc>] int_signal+0x12/0x17
[  177.112557] Code: 00 ea ff ff 48 83 ec 08 48 01 f8 48 bf 00 00 00 80 ff 77 
00 00 48 0f 42 3d b4 d4 a7 00 48 01 f8 48 c1 e8 0c 48 c1 e0 06 48 01 c3 <48> 
8b 03 f6 c4 80 75 56 48 8b 03 a8 80 74 57 48 8b 43 30 48 8b 
[  177.112630] RIP  [<ffffffff8118fb6a>] ksize+0x4a/0xf0
[  177.112638]  RSP <ffff88007c0a7d98>
[  177.112641] CR2: ffffeb88000680c0
[  177.112646] ---[ end trace 300af93a757958e4 ]---

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux