Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev/marvell mvcesa(4): Don't use prev msg's last block a...



details:   https://anonhg.NetBSD.org/src/rev/e2254d0d4fdf
branches:  trunk
changeset: 934635:e2254d0d4fdf
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sun Jun 14 23:29:23 2020 +0000

description:
mvcesa(4): Don't use prev msg's last block as IV for next msg in CBC.

This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive adversary
can exploit this to verify plaintext guesses.

XXX Compile-tested only.

diffstat:

 sys/dev/marvell/mvcesa.c |  17 ++++++-----------
 1 files changed, 6 insertions(+), 11 deletions(-)

diffs (58 lines):

diff -r 61ef727925e4 -r e2254d0d4fdf sys/dev/marvell/mvcesa.c
--- a/sys/dev/marvell/mvcesa.c  Sun Jun 14 23:24:20 2020 +0000
+++ b/sys/dev/marvell/mvcesa.c  Sun Jun 14 23:29:23 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: mvcesa.c,v 1.2 2018/09/03 16:29:31 riastradh Exp $     */
+/*     $NetBSD: mvcesa.c,v 1.3 2020/06/14 23:29:23 riastradh Exp $     */
 /*
  * Copyright (c) 2008 KIYOHARA Takashi
  * All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mvcesa.c,v 1.2 2018/09/03 16:29:31 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mvcesa.c,v 1.3 2020/06/14 23:29:23 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/bus.h>
@@ -56,7 +56,6 @@
        int ses_used;
 
        int ses_klen;
-       uint32_t ses_iv[4];
        uint32_t ses_key[8];
 
        uint32_t ses_hminner[5];        /* HMAC inner state */
@@ -236,9 +235,6 @@
                                return EINVAL;
                        enc = 1;
 
-                       cprng_fast(ses->ses_iv,
-                           c->cri_alg == CRYPTO_AES_CBC ? 16 : 8);
-
                        /* Go ahead and compute key in CESA's byte order */
                        ses->ses_klen = c->cri_klen;
                        memcpy(ses->ses_key, c->cri_key, c->cri_klen / 8);
@@ -406,8 +402,10 @@
                                dir = MVCESA_DESE_C_DIRECTION_ENC;
                                if (crd->crd_flags & CRD_F_IV_EXPLICIT)
                                        iv = (uint32_t *)crd->crd_iv;
-                               else
-                                       iv = ses->ses_iv;
+                               else {
+                                       cprng_fast(ivbuf, sizeof(ivbuf));
+                                       iv = ivbuf;
+                               }
                                if (!(crd->crd_flags & CRD_F_IV_PRESENT)) {
                                        if (m != NULL)
                                                m_copyback(m, crd->crd_inject,
@@ -760,8 +758,5 @@
                }
        }
 
-       if (dir == MVCESA_DESE_C_DIRECTION_ENC)
-               memcpy(ses->ses_iv, iv, sizeof(ses->ses_iv));
-
        return 0;
 }



Home | Main Index | Thread Index | Old Index