Open rfjakob opened 2 years ago
@aead I report a similiar error. It's in aesGcmXORKeyStream
. This is only a problem for long messges. not familiar with assembly, can't figure it out myself.
unexpected fault address 0x0
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x6f6041]
goroutine 1 [running, locked to thread]:
runtime.throw(0x1c48f29, 0x5)
/usr/local/go/src/runtime/panic.go:1117 +0x72 fp=0xc0001ef7e0 sp=0xc0001ef7b0 pc=0x436652
runtime.sigpanic()
/usr/local/go/src/runtime/signal_unix.go:741 +0x268 fp=0xc0001ef818 sp=0xc0001ef7e0 pc=0x44cf08
github.com/secure-io/siv-go.aesGcmXORKeyStream(0xc000134780, 0x1d, 0x1d, 0xc000122a8c, 0x1d, 0x2d, 0xc00010a3c0, 0x10, 0x10, 0xc0002081e0, ...)
/project/vendor/github.com/secure-io/siv-go/aes_gcm_amd64.s:146 +0xaa1 fp=0xc0001ef820 sp=0xc0001ef818 pc=0x6f6041
github.com/secure-io/siv-go.(*aesGcmSivAsm).open(0xc00012c420, 0xc000134780, 0x1d, 0x1d, 0xc000122a80, 0xc, 0x39, 0xc000122a8c, 0x2d, 0x2d, ...)
/project/vendor/github.com/secure-io/siv-go/aes_gcm_amd64.go:67 +0x248 fp=0xc0001ef8f0 sp=0xc0001ef820 pc=0x6f36a8
github.com/secure-io/siv-go.(*aesGcmSiv).Open(0xc000330ad0, 0x0, 0x0, 0x0, 0xc000122a80, 0xc, 0x39, 0xc000122a8c, 0x2d, 0x2d, ...)
/project/vendor/github.com/secure-io/siv-go/aes_gcm.go:58 +0x183 fp=0xc0001ef990 sp=0xc0001ef8f0 pc=0x6f2d63
The issue is here:
This assumes SI (= &src[i]) is 16-byte aligned, but it need not be. This can be solved by an unaligned load:
MOVOU 0(SI), X9
PXOR X9, X0
But I'm hesitant to submit a PR, since this problem occurs in several more places throughout the code.
I haven't implemented CMAC, but: https://github.com/ericlagergren/siv
FWIW: Tink also has AES-GCM-SIV. Unfortunately, it is not hardware accelerated.
Testing current master ( 5ff40651e2c4476835bf9f18a6bee513f588d9bc ):