* [PATCH] net/tls: Fix authentication failure in CCM mode
@ 2021-11-29 9:32 Tianjia Zhang
2021-11-29 12:50 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Tianjia Zhang @ 2021-11-29 9:32 UTC (permalink / raw)
To: David S. Miller, Jakub Kicinski, Boris Pismenny, John Fastabend,
Daniel Borkmann, Vakul Garg, netdev, linux-kernel, stable
Cc: Tianjia Zhang
When the TLS cipher suite uses CCM mode, including AES CCM and
SM4 CCM, the first byte of the B0 block is flags, and the real
IV starts from the second byte. The XOR operation of the IV and
rec_seq should be skip this byte, that is, add the iv_offset.
Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: Vakul Garg <vakul.garg@nxp.com>
Cc: stable@vger.kernel.org # v5.2+
---
net/tls/tls_sw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d3e7ff90889e..dfe623a4e72f 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -521,7 +521,7 @@ static int tls_do_encryption(struct sock *sk,
memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
prot->iv_size + prot->salt_size);
- xor_iv_with_seq(prot, rec->iv_data, tls_ctx->tx.rec_seq);
+ xor_iv_with_seq(prot, rec->iv_data + iv_offset, tls_ctx->tx.rec_seq);
sge->offset += prot->prepend_size;
sge->length -= prot->prepend_size;
@@ -1499,7 +1499,7 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
else
memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size);
- xor_iv_with_seq(prot, iv, tls_ctx->rx.rec_seq);
+ xor_iv_with_seq(prot, iv + iv_offset, tls_ctx->rx.rec_seq);
/* Prepare AAD */
tls_make_aad(aad, rxm->full_len - prot->overhead_size +
--
2.32.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net/tls: Fix authentication failure in CCM mode
2021-11-29 9:32 [PATCH] net/tls: Fix authentication failure in CCM mode Tianjia Zhang
@ 2021-11-29 12:50 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-11-29 12:50 UTC (permalink / raw)
To: Tianjia Zhang
Cc: davem, kuba, borisp, john.fastabend, daniel, vakul.garg, netdev,
linux-kernel, stable
Hello:
This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:
On Mon, 29 Nov 2021 17:32:12 +0800 you wrote:
> When the TLS cipher suite uses CCM mode, including AES CCM and
> SM4 CCM, the first byte of the B0 block is flags, and the real
> IV starts from the second byte. The XOR operation of the IV and
> rec_seq should be skip this byte, that is, add the iv_offset.
>
> Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> Cc: Vakul Garg <vakul.garg@nxp.com>
> Cc: stable@vger.kernel.org # v5.2+
>
> [...]
Here is the summary with links:
- net/tls: Fix authentication failure in CCM mode
https://git.kernel.org/netdev/net/c/5961060692f8
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-29 14:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-29 9:32 [PATCH] net/tls: Fix authentication failure in CCM mode Tianjia Zhang
2021-11-29 12:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox