Received: by 10.213.65.68 with SMTP id h4csp943226imn;
        Tue, 20 Mar 2018 21:08:54 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuWHUrQiBmVlS1Wi0ZFSdiB4jL4OS9juLDteivTHU3fBpglvwXlEYnFIJYquRmt55UrUOmV
X-Received: by 10.99.36.193 with SMTP id k184mr13840525pgk.80.1521605334746;
        Tue, 20 Mar 2018 21:08:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521605334; cv=none;
        d=google.com; s=arc-20160816;
        b=ErJ4k2hi2U5wb3yb6MqKF/GJelBmDbcX4Fx5pB06fJr1YnSiDjX+p6c9iuqc3suJVp
         jn7aarv9tRsOJO1EKi73r/o22OZYXq3HIDdMtRSRR8a5O29NDykVEcmwehxzR85XaI6z
         PI8pp4veucOCA/NSdosW4/oZdYrBM7f+2ndgDqRWT5nuAVQ2DkmNao7pjYTMYyg0LIC5
         Q/aDMRgwMdfkSvk7SNzGcrhmCdkMbmD+RKCCrfUGOU7Q/7SO3ped1+bzhHNDcOc2oVJY
         1+RibWSPJ/3BLz1O2IAjbquWh6h/MR7hYvoutV2IjOPptf/lG+Jdhmrgfkmgf1/4WwNq
         taug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=E2LIocWiokbgsXrBr+6kSkZ4TGkhxU+9FlfI9rmuzjE=;
        b=Nhl6S5rkmzIeky59dk+mdee5AC+CYxqRhuHiV2ENYY1ie2O3r3tb8A1yhLyxx1gzPy
         leYrGXdy49L/tMQyKH/5bO6VAuBrVIJIsWJS7uy2yYqfyn22BSHeXEtObZ1Uw8p9z+fu
         koKhJbWqmnm1rkdF033Eg/OE0Mr+kL5rQXKipzTbccEnqXoQRL12gL5oYDIMtPwUo2ov
         RBecYeAtfIl12qQvoDuEh/VCJNZqcN6U6sbKNvamKZbi3Rz3Q1ZIpwXgBYoMopt6SJnX
         8wq9YzEKuK4Q77FbciYKueNQqYJYWxua0lez/f2aMC4S2LG1Lad6AATtl5dHypQ26HnG
         Nhsg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=ncO766/r;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v6-v6si3063292plg.618.2018.03.20.21.08.40;
        Tue, 20 Mar 2018 21:08:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=ncO766/r;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751652AbeCUEGD (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Wed, 21 Mar 2018 00:06:03 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:43139 "EHLO
        mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751521AbeCUEGA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Mar 2018 00:06:00 -0400
Received: by mail-pf0-f196.google.com with SMTP id j2so1535844pff.10
        for <linux-kernel@vger.kernel.org>; Tue, 20 Mar 2018 21:06:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=E2LIocWiokbgsXrBr+6kSkZ4TGkhxU+9FlfI9rmuzjE=;
        b=ncO766/rIRvO2sjeEhDdbtHUjw209L4G3yByEUUm/Ho6NJUWp+4hXrnOM2Uf/u78v9
         KvhuzuBUx8/9/eHKNxgdNbMKKP/NvcUFL2gydDxnMheI9artPPvOmN7ID4vFk/pRC/CF
         FSrAD1vD75lbOL7/ewx11xJ0BzeD+kICvXJ+mC7UASDWlU3kaJ/Lym+tMsTW1ZoL7ldm
         PYxds/2TdsNVg7QsuV6I1dy8heN07BXTBhAggRZ7TQfE9T40wtpXuIRbKq3no1L+xVgq
         24qsyTAaIpGIVB1yZe5iAOcq11L3FE9iN2AHHeaMKvPwFKEDTQND6fTyRIZW02Oa6H/+
         6VyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=E2LIocWiokbgsXrBr+6kSkZ4TGkhxU+9FlfI9rmuzjE=;
        b=OdxLuXsoudZLwgQ7i8LnPt03iuAwK8ptaOCurXwVkP8tpJxOnAe5UBOD2h9YCfBY8S
         HOZ7tZhGHVqTVk1uIXFomLaA3zgwmMZ9yTpG1C2I6ajfgFVDtw0MWkv6YELm7QxgvitK
         xtCapONbqsME23P5J9VtnbS81nczY/MHNL7Z7uZ8PQJGMTJ91o96O7KU9qrF35/k/Wy5
         44tO21R/CTov9T/a0W5Cz8so9QHlTZiXsmIpfxId933p8V6X50kkNCCa+VQsc9Xnjrb0
         wKt1Oa3BiCSFBQhh7g2m1U0hrGX1KDL5d9bz78WmIuGXX17Nf7K5fR3IEstKCVythKp1
         mXpg==
X-Gm-Message-State: AElRT7Fw3rzv3RFol5cmrZdwxz+cw8Yfrx++KROLz40cXXEzbgamaVTQ
        RrIWg1lG25gpdIYZoe3JVYxJbb6W
X-Received: by 10.101.102.79 with SMTP id z15mr13701020pgv.181.1521605159583;
        Tue, 20 Mar 2018 21:05:59 -0700 (PDT)
Received: from cisco ([128.107.241.170])
        by smtp.gmail.com with ESMTPSA id b18sm5676945pfi.34.2018.03.20.21.05.57
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 20 Mar 2018 21:05:58 -0700 (PDT)
Date:   Tue, 20 Mar 2018 22:05:53 -0600
From:   Tycho Andersen <tycho@tycho.ws>
To:     Eric Biggers <ebiggers3@gmail.com>
Cc:     David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        "Jason A . Donenfeld" <Jason@zx2c4.com>
Subject: Re: [PATCH 1/2] big key: get rid of stack array allocation
Message-ID: <20180321040553.GC18067@cisco>
References: <20180313042907.29598-1-tycho@tycho.ws>
 <20180315015139.GA641@zzz.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180315015139.GA641@zzz.localdomain>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Eric,

On Wed, Mar 14, 2018 at 06:51:39PM -0700, Eric Biggers wrote:
> On Mon, Mar 12, 2018 at 10:29:06PM -0600, Tycho Andersen wrote:
> > We're interested in getting rid of all of the stack allocated arrays in the
> > kernel [1]. This patch removes one in keys by switching to malloc/free.
> > Note that we use kzalloc, to avoid leaking the nonce. I'm not sure this is
> > really necessary, but extra paranoia seems prudent.
> > 
> > Manually tested using the program from the add_key man page to trigger
> > big_key.
> > 
> > [1]: https://lkml.org/lkml/2018/3/7/621
> > 
> > Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> > CC: David Howells <dhowells@redhat.com>
> > CC: James Morris <jmorris@namei.org>
> > CC: "Serge E. Hallyn" <serge@hallyn.com>
> > CC: Jason A. Donenfeld <Jason@zx2c4.com>
> > ---
> >  security/keys/big_key.c | 12 +++++++++---
> >  1 file changed, 9 insertions(+), 3 deletions(-)
> > 
> > diff --git a/security/keys/big_key.c b/security/keys/big_key.c
> > index fa728f662a6f..70f9f785c59d 100644
> > --- a/security/keys/big_key.c
> > +++ b/security/keys/big_key.c
> > @@ -108,13 +108,18 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
> >  	 * an .update function, so there's no chance we'll wind up reusing the
> >  	 * key to encrypt updated data. Simply put: one key, one encryption.
> >  	 */
> > -	u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
> > +	u8 *zero_nonce;
> > +
> > +	zero_nonce = kzalloc(crypto_aead_ivsize(big_key_aead), GFP_KERNEL);
> > +	if (!zero_nonce)
> > +		return -ENOMEM;
> >  
> >  	aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
> > -	if (!aead_req)
> > +	if (!aead_req) {
> > +		kfree(zero_nonce);
> >  		return -ENOMEM;
> > +	}
> >  
> > -	memset(zero_nonce, 0, sizeof(zero_nonce));
> >  	aead_request_set_crypt(aead_req, buf->sg, buf->sg, datalen, zero_nonce);
> >  	aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
> >  	aead_request_set_ad(aead_req, 0);
> > @@ -131,6 +136,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
> >  error:
> >  	mutex_unlock(&big_key_aead_lock);
> >  	aead_request_free(aead_req);
> > +	kzfree(zero_nonce);
> >  	return ret;
> 
> A dynamic allocation here doesn't make sense -- the algorithm is hard-coded to
> AES-GCM, so the IV size is fixed.  You should just include <crypto/gcm.h> and
> use GCM_AES_IV_LEN.  As a sanity check you can add
> 'BUG_ON(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_LEN' to big_key_init().
> 
> kzfree() also doesn't make sense since the nonce is not secret information.

Thanks, I've fixed this for v2.

Cheers,

Tycho