diff mbox series

net/tls: Fix authentication failure in CCM mode

Message ID 20211129093212.4053-1-tianjia.zhang@linux.alibaba.com (mailing list archive)
State Accepted
Commit 5961060692f8b17cd2080620a3d27b95d2ae05ca
Delegated to: Netdev Maintainers
Headers show
Series net/tls: Fix authentication failure in CCM mode | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

tianjia.zhang Nov. 29, 2021, 9:32 a.m. UTC 
When the TLS cipher suite uses CCM mode, including AES CCM and
SM4 CCM, the first byte of the B0 block is flags, and the real
IV starts from the second byte. The XOR operation of the IV and
rec_seq should be skip this byte, that is, add the iv_offset.

Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: Vakul Garg <vakul.garg@nxp.com>
Cc: stable@vger.kernel.org # v5.2+
---
 net/tls/tls_sw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Nov. 29, 2021, 12:50 p.m. UTC | #1 
Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Mon, 29 Nov 2021 17:32:12 +0800 you wrote:
> When the TLS cipher suite uses CCM mode, including AES CCM and
> SM4 CCM, the first byte of the B0 block is flags, and the real
> IV starts from the second byte. The XOR operation of the IV and
> rec_seq should be skip this byte, that is, add the iv_offset.
> 
> Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> Cc: Vakul Garg <vakul.garg@nxp.com>
> Cc: stable@vger.kernel.org # v5.2+
> 
> [...]

Here is the summary with links:
  - net/tls: Fix authentication failure in CCM mode
    https://git.kernel.org/netdev/net/c/5961060692f8

You are awesome, thank you!
Vadim Fedorenko Nov. 29, 2021, 10:39 p.m. UTC | #2 
On 29.11.2021 09:32, Tianjia Zhang wrote:
> When the TLS cipher suite uses CCM mode, including AES CCM and
> SM4 CCM, the first byte of the B0 block is flags, and the real
> IV starts from the second byte. The XOR operation of the IV and
> rec_seq should be skip this byte, that is, add the iv_offset.
> 
> Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Nice catch, thanks!
This is what I was talking about last time.

Tested-by: Vadim Fedorenko <vfedorenko@novek.ru>
tianjia.zhang Dec. 1, 2021, 9:55 a.m. UTC | #3 
Hi Vadim,

On 11/30/21 6:39 AM, Vadim Fedorenko wrote:
> On 29.11.2021 09:32, Tianjia Zhang wrote:
>> When the TLS cipher suite uses CCM mode, including AES CCM and
>> SM4 CCM, the first byte of the B0 block is flags, and the real
>> IV starts from the second byte. The XOR operation of the IV and
>> rec_seq should be skip this byte, that is, add the iv_offset.
>>
>> Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
>> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> 
> Nice catch, thanks!
> This is what I was talking about last time.
> 
> Tested-by: Vadim Fedorenko <vfedorenko@novek.ru>

David has applied this patch, the tested tag may not be added, still 
thanks for your test.

Kind regards,
Tianjia
diff mbox series

Patch

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d3e7ff90889e..dfe623a4e72f 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -521,7 +521,7 @@  static int tls_do_encryption(struct sock *sk,
 	memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
 	       prot->iv_size + prot->salt_size);
 
-	xor_iv_with_seq(prot, rec->iv_data, tls_ctx->tx.rec_seq);
+	xor_iv_with_seq(prot, rec->iv_data + iv_offset, tls_ctx->tx.rec_seq);
 
 	sge->offset += prot->prepend_size;
 	sge->length -= prot->prepend_size;
@@ -1499,7 +1499,7 @@  static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 	else
 		memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size);
 
-	xor_iv_with_seq(prot, iv, tls_ctx->rx.rec_seq);
+	xor_iv_with_seq(prot, iv + iv_offset, tls_ctx->rx.rec_seq);
 
 	/* Prepare AAD */
 	tls_make_aad(aad, rxm->full_len - prot->overhead_size +