Received: by 10.192.165.148 with SMTP id m20csp4866478imm; Tue, 8 May 2018 16:15:13 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpwUf+F5S9j+NaLrviCCpmHvUnEZIVx69kE4PfoNoB+k1oCESxEAmYImtYd18OvPp/UnIe3 X-Received: by 2002:a65:510a:: with SMTP id f10-v6mr23857385pgq.248.1525821313547; Tue, 08 May 2018 16:15:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525821313; cv=none; d=google.com; s=arc-20160816; b=KMH40kXZ+Q6XeORmxJcRuNikoJN4nsz5eUqGsKdu3py8Z71WfvFZ7QkjqY8n7gQRTU 5QGFFoe6ytlbs217/a+9tHTbwZwdm+BtQD671+nUwVnht4voLYRp1SBm97z/vd+KkO3C LdKwUadFP/f3/tkrQysO2ocpk27oD15Ru4FN1yB/Cbry68SjsQiJ341lYK7bkIxJ/DZn 6F7Qnj/5wfViSH6WSkCQmBcT9ZCyS2u5ytOKgM0Q3hlES56b3LvD/87c0LnlIkfZbsjI N8WL1hq9DNqCOZqfTXqJmQN9LPekw72c9tzdZiyZtoqGQk+9lyZwwKCfi7gbNZnzeROd JxYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=gWPUTBDR//6rUzeKHy5gSNo4VZGObS9i00ZetjukK/Y=; b=hgwpzkvc/h3HGWLv4+Le7Y0u8filvyndIgXeaj/MjrSw4hQdBapLxRdaz+LqA64HhC 6dC4yjc1TlfvM3q0yIL2/hjYsgqLxa5iPSqfZmqW+7j3iQBpt7bJN8q+wyS+RRdSp5M0 20gymVE0CevFv1LyAQE3t7QqsjZI/JkNIX+g/nL/w8Eh8ZTIvbeq+iRLSVg6uYmmFmfC /MA/7jLco0E9F/o2A5SMKqePTzoyU4RMCAk6ephFSMbuokPaap6HIvOWalR2T3LAP/bG VkOxaoOrzHRtc30Xy4QdV9iUjwoCGmcIOlpp8FWYrFxx2A5g7TT9KfiJkfGqRVjIqAIH oLEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=mq/wpDr0; dkim=fail header.i=@chromium.org header.s=google header.b=jTnIoofb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o14-v6si16611548pgc.664.2018.05.08.16.14.58; Tue, 08 May 2018 16:15:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=mq/wpDr0; dkim=fail header.i=@chromium.org header.s=google header.b=jTnIoofb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756052AbeEHXOa (ORCPT + 99 others); Tue, 8 May 2018 19:14:30 -0400 Received: from mail-vk0-f68.google.com ([209.85.213.68]:33954 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755913AbeEHXO1 (ORCPT ); Tue, 8 May 2018 19:14:27 -0400 Received: by mail-vk0-f68.google.com with SMTP id t63-v6so20719799vkb.1 for ; Tue, 08 May 2018 16:14:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=gWPUTBDR//6rUzeKHy5gSNo4VZGObS9i00ZetjukK/Y=; b=mq/wpDr0ORYRqgaqhfLkNJ4YtschimeJ82fB6LR6rbtuhOlxXrEotocbbkPs2p7ZO+ ds1miTlgS7A3ALiIdcAZ0HtIHzpFNVScdFssZGCH3F8OJtsoxaFQVQWNKymu8bKogM6q lUHY+eSSXe9kTpqbTpH8sJEHSPpsVZb6aHNKKzmKgYRXuuaduUkh4moK2g5wlQH2xNWe uGWM+7CdOe27yE22OtMXyGi+1sU+7aNDFpwR2H5mGJngkfYnjMQo+hk5lMwF/gE3pH19 7qwlaxaQ4WZALzJ/vETzhLeLxVFwbOfqefAeAf92uYHNgqoDQ/Z7tGpyMJfVN7r/JY/z jffA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=gWPUTBDR//6rUzeKHy5gSNo4VZGObS9i00ZetjukK/Y=; b=jTnIoofbJbBMFWuszNuv7sgMa3KiPNyaWrxpUcw4bFGYna8AyxadE7F2On4c7GUfkt 2Wi3e7cgdmw+XMZU3tiFlwKF7ydHcJYUTOsLaVlLMod7yl0J6jVqtyFJALeFwfHD8Fqc zAA8M8drGIuAjSw/jV+rZsUFzDRlm72va453c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=gWPUTBDR//6rUzeKHy5gSNo4VZGObS9i00ZetjukK/Y=; b=PBjUrpG+RX1jIsZozeAOler99uYT7o8RqlHEC3WsCHH9QX/uVItUur+wttAkOg4Hki AuubF3VWDT0+FbyrC68fCx68PmnCS2PScXHzCOvJ77zB7simCn25oRbtPsFqs4d+biWC Wvu9J3eBQINOQSriQDYMOf4eWD91D9sVNuWXOB4tV5JCTAZl132wBbMxMbv3Aiyh7ikg i7LMRG8EWgCNynX6ZfUnzQz4fakwz3Mjh+LT1y9HabOMLMEtT0UX9VANguwW2mAVSKWF 6L5PZlohcibAD0zlzjoXchItjzhJeZ5AgPnvKqlFn3HBgxyvtWHFbElIROJMqVk1ybiy MR4Q== X-Gm-Message-State: ALQs6tAStYllUac2XlqhVqOzUZBTQLzSHb29f8Pxx7edRcBTZvXq3h7K pAzTtxrcxHTSGXcy5ZVbf7LLxuygGKiPQ7Y7TrBtUMLG X-Received: by 2002:a1f:824a:: with SMTP id e71-v6mr34836870vkd.7.1525821266286; Tue, 08 May 2018 16:14:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.11.209 with HTTP; Tue, 8 May 2018 16:14:25 -0700 (PDT) In-Reply-To: <20180424202639.19830-1-tycho@tycho.ws> References: <20180424202639.19830-1-tycho@tycho.ws> From: Kees Cook Date: Tue, 8 May 2018 16:14:25 -0700 X-Google-Sender-Auth: KyOrOiMal08mnUMGHkWX-mGZWuE Message-ID: Subject: Re: [PATCH v3 1/3] big key: get rid of stack array allocation To: Tycho Andersen Cc: David Howells , keyrings@vger.kernel.org, linux-security-module , LKML , Kernel Hardening , James Morris , "Serge E. Hallyn" , "Jason A . Donenfeld" , Eric Biggers Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 24, 2018 at 1:26 PM, Tycho Andersen wrote: > We're interested in getting rid of all of the stack allocated arrays in the > kernel [1]. This patch simply hardcodes the iv length to match that of the > hardcoded cipher. > > [1]: https://lkml.org/lkml/2018/3/7/621 > > v2: hardcode the length of the nonce to be the GCM AES IV length, and do a > sanity check in init(), Eric Biggers > v3: * remember to free big_key_aead when sanity check fails > * define a constant for big key IV size so it can be changed along side > the algorithm in the code > > Signed-off-by: Tycho Andersen > CC: David Howells > CC: James Morris > CC: "Serge E. Hallyn" > CC: Jason A. Donenfeld > CC: Eric Biggers Please consider this and patches 2 and 3: Reviewed-by: Kees Cook James, are these something you can take into your tree? Thanks! -Kees > --- > security/keys/big_key.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/security/keys/big_key.c b/security/keys/big_key.c > index 933623784ccd..2806e70d7f8f 100644 > --- a/security/keys/big_key.c > +++ b/security/keys/big_key.c > @@ -22,6 +22,7 @@ > #include > #include > #include > +#include > > struct big_key_buf { > unsigned int nr_pages; > @@ -85,6 +86,7 @@ struct key_type key_type_big_key = { > * Crypto names for big_key data authenticated encryption > */ > static const char big_key_alg_name[] = "gcm(aes)"; > +#define BIG_KEY_IV_SIZE GCM_AES_IV_SIZE > > /* > * Crypto algorithms for big_key data authenticated encryption > @@ -109,7 +111,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat > * an .update function, so there's no chance we'll wind up reusing the > * key to encrypt updated data. Simply put: one key, one encryption. > */ > - u8 zero_nonce[crypto_aead_ivsize(big_key_aead)]; > + u8 zero_nonce[BIG_KEY_IV_SIZE]; > > aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL); > if (!aead_req) > @@ -425,6 +427,13 @@ static int __init big_key_init(void) > pr_err("Can't alloc crypto: %d\n", ret); > return ret; > } > + > + if (unlikely(crypto_aead_ivsize(big_key_aead) != BIG_KEY_IV_SIZE)) { > + WARN(1, "big key algorithm changed?"); > + ret = -EINVAL; > + goto free_aead; > + } > + > ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE); > if (ret < 0) { > pr_err("Can't set crypto auth tag len: %d\n", ret); > -- > 2.17.0 > -- Kees Cook Pixel Security