* [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC
@ 2017-04-27 15:40 Martin Hicks
2017-04-28 11:08 ` Horia Geantă
0 siblings, 1 reply; 2+ messages in thread
From: Martin Hicks @ 2017-04-27 15:40 UTC (permalink / raw)
To: linuxppc-dev, linux-crypto
The max keysize for both of these is 128, not 96. Before, with keysizes
over 96, the memcpy in ahash_setkey() would overwrite memory beyond the
key field.
Signed-off-by: Martin Hicks <mort@bork.org>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 0bba6a1..97dc85e 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev)
* HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
*/
#define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
-#define TALITOS_MAX_KEY_SIZE 96
+#define TALITOS_MAX_KEY_SIZE SHA512_BLOCK_SIZE /* SHA512 has the largest keysize input */
#define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
struct talitos_ctx {
--
1.7.10.4
--
Martin Hicks P.Eng. | mort@bork.org
Bork Consulting Inc. | +1 (613) 266-2296
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC
2017-04-27 15:40 [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC Martin Hicks
@ 2017-04-28 11:08 ` Horia Geantă
0 siblings, 0 replies; 2+ messages in thread
From: Horia Geantă @ 2017-04-28 11:08 UTC (permalink / raw)
To: Martin Hicks, linuxppc-dev@lists.ozlabs.org,
linux-crypto@vger.kernel.org
On 4/27/2017 6:46 PM, Martin Hicks wrote:=0A=
> =0A=
> The max keysize for both of these is 128, not 96. Before, with keysizes=
=0A=
> over 96, the memcpy in ahash_setkey() would overwrite memory beyond the=
=0A=
> key field.=0A=
> =0A=
While here, what about aead_setkey()?=0A=
AFAICT, TALITOS_MAX_KEY_SIZE value has been incorrect since forever; it=0A=
does not cover the maximum values of encryption key + authentication key=0A=
for authenc algorithms.=0A=
=0A=
So, based on algorithms currently registered, I think this should be:=0A=
#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + \=0A=
SHA512_BLOCK_SIZE)=0A=
=0A=
=0A=
> Signed-off-by: Martin Hicks <mort@bork.org>=0A=
Cc: stable@vger.kernel.org # 3.6+=0A=
Fixes: 357fb60502ede ("crypto: talitos - add sha224, sha384 and sha512=0A=
to existing AEAD algorithms")=0A=
=0A=
> ---=0A=
> drivers/crypto/talitos.c | 2 +-=0A=
> 1 file changed, 1 insertion(+), 1 deletion(-)=0A=
> =0A=
> diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c=0A=
> index 0bba6a1..97dc85e 100644=0A=
> --- a/drivers/crypto/talitos.c=0A=
> +++ b/drivers/crypto/talitos.c=0A=
> @@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev=
)=0A=
> * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP=0A=
> */=0A=
> #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)=0A=
> -#define TALITOS_MAX_KEY_SIZE 96=0A=
> +#define TALITOS_MAX_KEY_SIZE SHA512_BLOCK_SIZE /* SHA512 has the larges=
t keysize input */=0A=
> #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLO=
CK_SIZE */=0A=
> =0A=
> struct talitos_ctx {=0A=
> =0A=
=0A=
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-28 11:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-27 15:40 [PATCH] crypto: talitos: Extend max key length for SHA384/512-HMAC Martin Hicks
2017-04-28 11:08 ` Horia Geantă
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).