Received: by 10.192.165.148 with SMTP id m20csp5086278imm;
        Tue, 24 Apr 2018 13:29:20 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+rZytUAHrvRnCdu56Gt3phMOe7of1GCQEyv4rxOal0q1qnNdPq5rDnDdburnWRSx3RiZfO
X-Received: by 10.98.207.67 with SMTP id b64mr17023332pfg.248.1524601760013;
        Tue, 24 Apr 2018 13:29:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524601759; cv=none;
        d=google.com; s=arc-20160816;
        b=oS/3XMzVC0I8TISlwXAVSEFYfqvMeMU26KaJHz62RBlxsCQp4zft8TEL1l9QHsaEcG
         LR2n3gF2tvgphJZnFtQQmNWTrc+qCRVigNAAXY+nbeuDFgehHmV5w0JgtsPcnYv8i87h
         QdcXv6muZ+pXpOFcLipacSbwdQicoDjvd5ENW8LjeDQ0yjN5mAZmwjhpVAq+6SxWLyyY
         9cSpaVoEIosU90eVdmCs52FFxnLLdlGdEGgDQQUekX1w4hzPTl/BqNrWxMjXsBVUO0FO
         hnLpFaYyym+it/wgxouQjD1lhxE12h1XI69T7JJtpFAZiDPqD5Myjb99ed6B1ACLbMXa
         Iv7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=;
        b=laZixuKjhGd6Pwlj/dcyTWcHnu63nchE/csqWiXpUehVWMFA+4UFVmS1Ihdm+3shnc
         xmQGGdO3eSmxGFnN+Jbz33YbBM1bcXZWB/+IuLUcqo8TfP5y07G/GS5EkQXfr8X8CeMc
         cOkrNAX4cBR3tJfRh3+49w/x0raHi3RIDo3Dh7OVx0nW7XfJT5Sc+75GhoVOzpuupvJi
         tPxNhPAkoEA8W4L8JwIzIzI5x1OjrZz2vWFeArr5WrCiBifR4YXwvLtTWnhZhPI7hvfh
         6H3ZurcAvGUuGBEiuqdzwKAWtkgCVUt4bosAUaB2z1AK5gyL3PgujINH5jZrnFk3QZeR
         QDiA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=iRybSTdQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1si12101389pga.16.2018.04.24.13.29.02;
        Tue, 24 Apr 2018 13:29:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=iRybSTdQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751167AbeDXU1r (ORCPT <rfc822;testajctc@gmail.com> + 99 others);
        Tue, 24 Apr 2018 16:27:47 -0400
Received: from mail-pg0-f65.google.com ([74.125.83.65]:44976 "EHLO
        mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750842AbeDXU1n (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Apr 2018 16:27:43 -0400
Received: by mail-pg0-f65.google.com with SMTP id 82so1839393pge.11
        for <linux-kernel@vger.kernel.org>; Tue, 24 Apr 2018 13:27:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id;
        bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=;
        b=iRybSTdQRFdF9ZUrGWHqcfHyi7fn9Oy6O0w7hD54a4/vtKlDYsyzfEUCbKj8ju8BX8
         mIjhcOYZ9cjycn5Fw+yWHiBAEQZwEJF899tTD1/8O2mlRV0k38PNMJyI6IxAonTg9ZOy
         ArCeXrPjFReY/BG920fc4Tsb+xeXEV/DsbM9uHSE/0r7RGIcoPjR6d8l549SX7jRk9uR
         i3+Ens+84lS2hECg45NHVUhkCTioOcespQey8CC6LU63dOhoqQjwKHfLtljT7uYbBkls
         5GRHEEKDti+H5Z5fiGUsc7jlZLa88CPcLxFGh7PZrQid8WcPOyPkzkB2pH8G9xDQzQD1
         FIoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=;
        b=D16Uo4tJvOavIcpo45e5RwdeLuIeCUBiL6s+ktloI5+1FHcTJIPubYXqENRoi0S56N
         mX79juPtYN4VtE3VXvjKFOJskwkGs/BILheDaE0CefVP/czJwOKwSs3bEx4ij/FocL3N
         VNav6m57nESGJM6F/BmxFkIemlXVI7eRkdVv74axLOI6npvifhM8ZgGE0Q6TTU5WGIV6
         8jOj8NwFZOlpzPqng+XHoE3g4Op1w5mAPftpgSjxkolPyRfT8NukRLUR6IC+HPEogfXD
         TfK3ktjOh06piW8HFizk5d3QCYz+3JepFAuI40LrkjWAKITWI2dtz7QK+6FWFnK1zKhm
         iBOg==
X-Gm-Message-State: ALQs6tApgzsxD3djt5HuJuDTPXy2VNDIoIZ5KHLWBx1c40xDnNtyJ1yU
        3KOkyvp1ugXk/3gy3kTd1Tzcgw==
X-Received: by 10.98.8.12 with SMTP id c12mr25350426pfd.77.1524601662865;
        Tue, 24 Apr 2018 13:27:42 -0700 (PDT)
Received: from localhost.localdomain ([128.107.241.171])
        by smtp.gmail.com with ESMTPSA id r82sm49943847pfk.187.2018.04.24.13.27.40
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 24 Apr 2018 13:27:41 -0700 (PDT)
From:   Tycho Andersen <tycho@tycho.ws>
To:     David Howells <dhowells@redhat.com>
Cc:     keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Tycho Andersen <tycho@tycho.ws>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        "Jason A . Donenfeld" <Jason@zx2c4.com>,
        Eric Biggers <ebiggers3@gmail.com>
Subject: [PATCH v3 1/3] big key: get rid of stack array allocation
Date:   Tue, 24 Apr 2018 14:26:37 -0600
Message-Id: <20180424202639.19830-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

We're interested in getting rid of all of the stack allocated arrays in the
kernel [1]. This patch simply hardcodes the iv length to match that of the
hardcoded cipher.

[1]: https://lkml.org/lkml/2018/3/7/621

v2: hardcode the length of the nonce to be the GCM AES IV length, and do a
    sanity check in init(), Eric Biggers
v3: * remember to free big_key_aead when sanity check fails
    * define a constant for big key IV size so it can be changed along side
      the algorithm in the code

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: David Howells <dhowells@redhat.com>
CC: James Morris <jmorris@namei.org>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Jason A. Donenfeld <Jason@zx2c4.com>
CC: Eric Biggers <ebiggers3@gmail.com>
---
 security/keys/big_key.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 933623784ccd..2806e70d7f8f 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -22,6 +22,7 @@
 #include <keys/user-type.h>
 #include <keys/big_key-type.h>
 #include <crypto/aead.h>
+#include <crypto/gcm.h>
 
 struct big_key_buf {
 	unsigned int		nr_pages;
@@ -85,6 +86,7 @@ struct key_type key_type_big_key = {
  * Crypto names for big_key data authenticated encryption
  */
 static const char big_key_alg_name[] = "gcm(aes)";
+#define BIG_KEY_IV_SIZE		GCM_AES_IV_SIZE
 
 /*
  * Crypto algorithms for big_key data authenticated encryption
@@ -109,7 +111,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
 	 * an .update function, so there's no chance we'll wind up reusing the
 	 * key to encrypt updated data. Simply put: one key, one encryption.
 	 */
-	u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
+	u8 zero_nonce[BIG_KEY_IV_SIZE];
 
 	aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
 	if (!aead_req)
@@ -425,6 +427,13 @@ static int __init big_key_init(void)
 		pr_err("Can't alloc crypto: %d\n", ret);
 		return ret;
 	}
+
+	if (unlikely(crypto_aead_ivsize(big_key_aead) != BIG_KEY_IV_SIZE)) {
+		WARN(1, "big key algorithm changed?");
+		ret = -EINVAL;
+		goto free_aead;
+	}
+
 	ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
 	if (ret < 0) {
 		pr_err("Can't set crypto auth tag len: %d\n", ret);
-- 
2.17.0