Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
virt: Prevent AES-GCM IV reuse in SNP guest driver
The ASP and an SNP guest use a series of AES-GCM keys called VMPCKs to communicate securely with each other. The IV to this scheme is a sequence number that both the ASP and the guest track. Currently this sequence number in a guest request must exactly match the sequence number tracked by the ASP. This means that if the guest sees an error from the host during a request it can only retry that exact request or disable the VMPCK to prevent an IV reuse. AES-GCM cannot tolerate IV reuse see: https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf Fixes: fce96cf ("virt: Add SEV-SNP guest driver") Signed-off-by: Peter Gonda <pgonda@google.com> Reported-by: Peter Gonda <pgonda@google.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Cc: Haowen Bai <baihaowen@meizu.com> Cc: Yang Yingliang <yangyingliang@huawei.com> Cc: Marc Orr <marcorr@google.com> Cc: David Rientjes <rientjes@google.com> Cc: Ashish Kalra <Ashish.Kalra@amd.com> Cc: linux-kernel@vger.kernel.org Cc: kvm@vger.kernel.org
- Loading branch information