Message ID | 20211129093212.4053-1-tianjia.zhang@linux.alibaba.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 5961060692f8b17cd2080620a3d27b95d2ae05ca |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | net/tls: Fix authentication failure in CCM mode | expand |
Hello: This patch was applied to netdev/net.git (master) by David S. Miller <davem@davemloft.net>: On Mon, 29 Nov 2021 17:32:12 +0800 you wrote: > When the TLS cipher suite uses CCM mode, including AES CCM and > SM4 CCM, the first byte of the B0 block is flags, and the real > IV starts from the second byte. The XOR operation of the IV and > rec_seq should be skip this byte, that is, add the iv_offset. > > Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers") > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > Cc: Vakul Garg <vakul.garg@nxp.com> > Cc: stable@vger.kernel.org # v5.2+ > > [...] Here is the summary with links: - net/tls: Fix authentication failure in CCM mode https://git.kernel.org/netdev/net/c/5961060692f8 You are awesome, thank you!
On 29.11.2021 09:32, Tianjia Zhang wrote: > When the TLS cipher suite uses CCM mode, including AES CCM and > SM4 CCM, the first byte of the B0 block is flags, and the real > IV starts from the second byte. The XOR operation of the IV and > rec_seq should be skip this byte, that is, add the iv_offset. > > Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers") > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Nice catch, thanks! This is what I was talking about last time. Tested-by: Vadim Fedorenko <vfedorenko@novek.ru>
Hi Vadim, On 11/30/21 6:39 AM, Vadim Fedorenko wrote: > On 29.11.2021 09:32, Tianjia Zhang wrote: >> When the TLS cipher suite uses CCM mode, including AES CCM and >> SM4 CCM, the first byte of the B0 block is flags, and the real >> IV starts from the second byte. The XOR operation of the IV and >> rec_seq should be skip this byte, that is, add the iv_offset. >> >> Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers") >> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> > > Nice catch, thanks! > This is what I was talking about last time. > > Tested-by: Vadim Fedorenko <vfedorenko@novek.ru> David has applied this patch, the tested tag may not be added, still thanks for your test. Kind regards, Tianjia
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index d3e7ff90889e..dfe623a4e72f 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -521,7 +521,7 @@ static int tls_do_encryption(struct sock *sk, memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv, prot->iv_size + prot->salt_size); - xor_iv_with_seq(prot, rec->iv_data, tls_ctx->tx.rec_seq); + xor_iv_with_seq(prot, rec->iv_data + iv_offset, tls_ctx->tx.rec_seq); sge->offset += prot->prepend_size; sge->length -= prot->prepend_size; @@ -1499,7 +1499,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, else memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size); - xor_iv_with_seq(prot, iv, tls_ctx->rx.rec_seq); + xor_iv_with_seq(prot, iv + iv_offset, tls_ctx->rx.rec_seq); /* Prepare AAD */ tls_make_aad(aad, rxm->full_len - prot->overhead_size +
When the TLS cipher suite uses CCM mode, including AES CCM and SM4 CCM, the first byte of the B0 block is flags, and the real IV starts from the second byte. The XOR operation of the IV and rec_seq should be skip this byte, that is, add the iv_offset. Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers") Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Cc: Vakul Garg <vakul.garg@nxp.com> Cc: stable@vger.kernel.org # v5.2+ --- net/tls/tls_sw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)