Re: libkcapi tests are failing on kernels 5.5+

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Dienstag, 21. April 2020, 11:19:36 CEST schrieb Stephan Mueller:

Hi Herbert,

could you please help us with the answer to the question below?

> Am Dienstag, 21. April 2020, 10:08:14 CEST schrieb Ondrej Mosnáček:
> 
> Hi Ondrej,
> 
> > Hi all,
> > 
> > the libkcapi [1] tests are failing on kernels 5.5-rc1 and above [2].
> > All encryption/decryption tests that use 'ctr(aes)' and a message size
> > that is not a multiple of 16 fail due to kcapi-enc returning different
> > output than expected.
> 
> Confirmed.
> 
> On the recent kernels, the data generated by kcapi-enc contains trailing
> zero bytes for data that is a fraction of the block size.
> 
> I think the issue is in the following kernel code in _skcipher_recvmsg:
> 
>         unsigned int bs = crypto_skcipher_chunksize(tfm);
> 
>         /*
>          * If more buffers are to be expected to be processed, process only
>          * full block size buffers.
>          */
>         if (ctx->more || len < ctx->used)
>                 len -= len % bs;
> 
> 
> The kernel truncates the size to be processed to the chunk size. As the
> chunksize returns the block size of the underlying cipher (e.g. AES -> 16),
> the kernel code will not process non-aligned data.
> 
> Herbert, could you help me identifying what exactly was the root cause for
> the patch 5b0fe9552336338acb52756daf65dd7a4eeca73f ? I.e. it seems that
> stream ciphers made out of a block cipher would not generate the data part
> that is a fraction of the block size (e.g. CTR, CTS).
> 
> Ciao
> Stephan


Ciao
Stephan
-- 
atsec information security GmbH, Steinstraße 70, 81667 München, Germany
Phone:     +49 89 442 49 830 - Fax:       +49 89 442 49 831
Mobile DE: +49 172 216 55 78 - Mobile US: +1 737 346 1613
HRB: 129439 (Amtsgericht München)
GF: Salvatore la Pietra, Staffan Persson, Manuela Gambarotto
atsec it security news blog - atsec-information-security.blogspot.com






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux