Re: x509 parsing bug + fuzzing crypto in the userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 24. November 2017, 17:18:08 CET schrieb Dmitry Vyukov:

Hi Dmitry,
> 
> >                 {"rfc7539esp", []int{ALG_BLKCIPHER, ALG_HASH}},
> >                 {"rfc7539", []int{ALG_BLKCIPHER, ALG_HASH}},
> >                 {"rfc4543", []int{ALG_AEAD}},
> >                 {"rfc4106", []int{ALG_AEAD}},
> > 
> > These are no ciphers per se, but simply formatting mechanisms. For
> > example, to make use of rfc4106, you must split the IV: the first four
> > bytes need to be appended to the key and the trailing 8 bytes are used as
> > the IV. Any other formatting should cause an error. Besides, these
> > implementations should only work with some AEAD ciphers like GCM.
> 
> So rfc4543 consumes AEAD and itself is a AEAD (can be passed whenever
> AEAD is requried), right?

Yes. Again, it is purely formatting of input data.

> If yes, then it works the way you described
> (minus the part that is works only with _some_ AEAD ciphers, fuzzer
> will try to blindly combine it with all of them).
> 
> rfc7539 consumes 2 args, not 1, right? I figured out that it consumes
> BLKCIPHER and HASH.

Right, it is intended for the combo of chacha20 and poly1305.

> >                 {"generic-gcm-aesni", nil},
> > 
> > Does this exist?
> 
> I can create it:
> 
> strcpy(addr.salg_type, "aead");
> strcpy(addr.salg_name, "generic-gcm-aesni");
> 
> bind(3, {sa_family=0x26 /* AF_??? */,
> sa_data="aead\0\0\0\0\0\0\0\0\0\0"}, 88) = 0

Ok, I have not seen that one before.

> > xts() is a template.
> > 
> > Note, starting with 4.9, you must use xts(ecb(aes)).
> 
> "xts(aes)" also works on upstream (4.15):
> 
> strcpy(addr.salg_type, "skcipher");
> strcpy(addr.salg_name, "xts(aes)");
> 
> bind(3, {sa_family=0x26 /* AF_??? */, sa_data="skcipher\0\0\0\0\0\0"}, 88) =
> 0

Ok, I stand corrected. At one point, this did not work :-)


Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux