Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2583050imm; Mon, 16 Jul 2018 10:21:42 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdnCmlvNqStSlRsh3g/PicJOFpd9OaYWKPYrdG/5fGe0eu/lWZb4/a1Df7+C6orjYzX8Gu9 X-Received: by 2002:a63:5d58:: with SMTP id o24-v6mr16500058pgm.349.1531761702392; Mon, 16 Jul 2018 10:21:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531761702; cv=none; d=google.com; s=arc-20160816; b=eGRyHaBuwRKWAaZwIkHkkebzd0pwd/6K42rRBFD+C/KG1VdIGXOAitFn9ptlEE19zk 55uy7C/QYrbwLqIuCeiGSs70V66yr3pLbkw8aLPELzTsCGtuyYrZ4K/3A/Mr5glbqwek 9fk/2GQEiWJAJTxZAAWwWquQm3lDFWtRWwIELWDMZnsdRIweESTMYiOxI6mUyHjqCWRj 8VgRBOzAOPEHNNOMWGmvqrhs1r+dAycNsTWa3pl22LYeiMPh+qdTPIwO5PXn/L10VkYw yFkssrzISzGRbYyjCL6uayT7VSi8fJ4T6CKOTid16k2LMXoBAxOT+c2xDTiczsJ7bZcM R2/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=vnACoDNnNygQvcyj6ioYnCfcBtKnNbDb0QgZcL3FLnU=; b=QJfTaMWXT5rpYPbR6kDQyOYMHSL/KZFH7Asqz6yQoDpXMJW2XBENyorFVOUUBzA/8E 8RLkVWbqknvQoBTyuCqTfGD4md6DiK1EUl6p1Z47ryiwKrGEvlHs/KLNVcQNHzRuCf7f HsWDOYUsiBwJDGq5QzchoEoXWT+QpzWGyw4U4GQQOsgPoYOL8ndYAJ8/5acnDRtDUhN3 29XYCDNGNrr6Hc1iWKHn4iK6qDL51IxNfzSKrMBCaiP0sHA38FF6kmrya2KbFCwEKk1U AQmvFTIX6Vp1gAzc3JYG+aXD9CJsMuJeFL+EdyXepruzymlQ1ssPF1qCDBPQuj/UT4pU Ic5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RXlkVtvB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s9-v6si8896338plq.197.2018.07.16.10.21.27; Mon, 16 Jul 2018 10:21:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RXlkVtvB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728639AbeGPRsH (ORCPT + 99 others); Mon, 16 Jul 2018 13:48:07 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:45315 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727479AbeGPRsH (ORCPT ); Mon, 16 Jul 2018 13:48:07 -0400 Received: by mail-pg1-f193.google.com with SMTP id z14-v6so1477591pgv.12 for ; Mon, 16 Jul 2018 10:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=vnACoDNnNygQvcyj6ioYnCfcBtKnNbDb0QgZcL3FLnU=; b=RXlkVtvBHJNM2PtI9Y2jfUw6l8nCJmgMXzNMwRymSbZHRX32Pfb/XVG/69U09CuJrY 689UzKQ25vobM9TI4+mczsNMX3elLqzWH3GLwfmdkwJ60X0TAC3VwMYcc5vlmNwkAMJD 8DuMjVfJdyvnBq4QmM961frkxRuOEvkUbv4jPtfWfmm5d3OZA8gveHynCCFK684qMiC8 2TqBgCErLR/eQYGKAoAv2kAwyfckFdsd9bangZdO/FdN7TxU14kyZ0CeXEKKZyh7esA2 IcT5zY4rIe9mRjuI07B9c1QbigpT8TuhAXiuXEn9DIxLkvCEEAPgDIrYNBjebXLi3Z6y ZK7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=vnACoDNnNygQvcyj6ioYnCfcBtKnNbDb0QgZcL3FLnU=; b=PT2fU0AdHq/LuIkTDsD9bOSB8bpzRwxuiOCMTEJVrxFIsBnS28L106DmBSS6wLva1I r5YdduBl23MPMJejalxvO+AxIYumfb3E4+9JqVq504aCPdSrocKAxq5msLPbbBd8qgJz egxyiCdhzWad419BANXXSX9q+/tJvfoUFe1N46vbSkMDCwJauXk0tusdwXv14XEsskQC fq/1v2gX4S9OyLWKBEfYlu0Qsa3z9pDmiMkSOo0mNe/lgzTKZlraHd9eJmGtcbK/WfQu 9alrBaCfweM9++ajmbYHugLDZK8J888eXROHyTdwWFu+2JxQw9Im1IjkXY2VSKuLilTZ F3rw== X-Gm-Message-State: AOUpUlFSR3c/miNiEzNUoceoqc5/gPZBS5RexICdQXvcGrPTn8Ddnv3W vvTh5FXgpCRoRgV1x042byz7ew== X-Received: by 2002:a62:c8c2:: with SMTP id i63-v6mr19033313pfk.73.1531761584824; Mon, 16 Jul 2018 10:19:44 -0700 (PDT) Received: from google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id g25-v6sm50599189pge.52.2018.07.16.10.19.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 16 Jul 2018 10:19:44 -0700 (PDT) Date: Mon, 16 Jul 2018 10:19:42 -0700 From: Eric Biggers To: Kees Cook Cc: Alasdair Kergon , Mike Snitzer , Herbert Xu , Arnd Bergmann , "Gustavo A. R. Silva" , dm-devel@redhat.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] dm crypt: Convert essiv from ahash to shash Message-ID: <20180716171942.GA77258@google.com> References: <20180716035912.GA32261@beast> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180716035912.GA32261@beast> User-Agent: Mutt/1.10+35 (c786a508) (2018-06-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 15, 2018 at 08:59:12PM -0700, Kees Cook wrote: > In preparing to remove all stack VLA usage from the kernel[1], this > removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of > the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash > to direct shash. The stack allocation will be made a fixed size in a > later patch to the crypto subsystem. > > [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com > > Signed-off-by: Kees Cook Reviewed-by: Eric Biggers > --- > drivers/md/dm-crypt.c | 31 ++++++++++++++----------------- > 1 file changed, 14 insertions(+), 17 deletions(-) > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > index b61b069c33af..c4c922990090 100644 > --- a/drivers/md/dm-crypt.c > +++ b/drivers/md/dm-crypt.c > @@ -99,7 +99,7 @@ struct crypt_iv_operations { > }; > > struct iv_essiv_private { > - struct crypto_ahash *hash_tfm; > + struct crypto_shash *hash_tfm; > u8 *salt; > }; > > @@ -327,25 +327,22 @@ static int crypt_iv_plain64be_gen(struct crypt_config *cc, u8 *iv, > static int crypt_iv_essiv_init(struct crypt_config *cc) > { > struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; > - AHASH_REQUEST_ON_STACK(req, essiv->hash_tfm); > - struct scatterlist sg; > + SHASH_DESC_ON_STACK(desc, essiv->hash_tfm); > struct crypto_cipher *essiv_tfm; > int err; > > - sg_init_one(&sg, cc->key, cc->key_size); > - ahash_request_set_tfm(req, essiv->hash_tfm); > - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); > - ahash_request_set_crypt(req, &sg, essiv->salt, cc->key_size); > + desc->tfm = essiv->hash_tfm; > + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; > > - err = crypto_ahash_digest(req); > - ahash_request_zero(req); > + err = crypto_shash_digest(desc, cc->key, cc->key_size, essiv->salt); > + shash_desc_zero(desc); > if (err) > return err; > > essiv_tfm = cc->iv_private; > > err = crypto_cipher_setkey(essiv_tfm, essiv->salt, > - crypto_ahash_digestsize(essiv->hash_tfm)); > + crypto_shash_digestsize(essiv->hash_tfm)); > if (err) > return err; > > @@ -356,7 +353,7 @@ static int crypt_iv_essiv_init(struct crypt_config *cc) > static int crypt_iv_essiv_wipe(struct crypt_config *cc) > { > struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; > - unsigned salt_size = crypto_ahash_digestsize(essiv->hash_tfm); > + unsigned salt_size = crypto_shash_digestsize(essiv->hash_tfm); > struct crypto_cipher *essiv_tfm; > int r, err = 0; > > @@ -408,7 +405,7 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc) > struct crypto_cipher *essiv_tfm; > struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; > > - crypto_free_ahash(essiv->hash_tfm); > + crypto_free_shash(essiv->hash_tfm); > essiv->hash_tfm = NULL; > > kzfree(essiv->salt); > @@ -426,7 +423,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, > const char *opts) > { > struct crypto_cipher *essiv_tfm = NULL; > - struct crypto_ahash *hash_tfm = NULL; > + struct crypto_shash *hash_tfm = NULL; > u8 *salt = NULL; > int err; > > @@ -436,14 +433,14 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, > } > > /* Allocate hash algorithm */ > - hash_tfm = crypto_alloc_ahash(opts, 0, CRYPTO_ALG_ASYNC); > + hash_tfm = crypto_alloc_shash(opts, 0, 0); > if (IS_ERR(hash_tfm)) { > ti->error = "Error initializing ESSIV hash"; > err = PTR_ERR(hash_tfm); > goto bad; > } > > - salt = kzalloc(crypto_ahash_digestsize(hash_tfm), GFP_KERNEL); > + salt = kzalloc(crypto_shash_digestsize(hash_tfm), GFP_KERNEL); > if (!salt) { > ti->error = "Error kmallocing salt storage in ESSIV"; > err = -ENOMEM; > @@ -454,7 +451,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, > cc->iv_gen_private.essiv.hash_tfm = hash_tfm; > > essiv_tfm = alloc_essiv_cipher(cc, ti, salt, > - crypto_ahash_digestsize(hash_tfm)); > + crypto_shash_digestsize(hash_tfm)); > if (IS_ERR(essiv_tfm)) { > crypt_iv_essiv_dtr(cc); > return PTR_ERR(essiv_tfm); > @@ -465,7 +462,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, > > bad: > if (hash_tfm && !IS_ERR(hash_tfm)) > - crypto_free_ahash(hash_tfm); > + crypto_free_shash(hash_tfm); > kfree(salt); > return err; > } > -- > 2.17.1 > > > -- > Kees Cook > Pixel Security