Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3553187ybi;
        Tue, 18 Jun 2019 02:42:03 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxAg+o874ceEtl5X/3606cSIyAzcnTuTJKgfUFL68cwWk68H6O/64CMxXiOND2eyLKhMkSb
X-Received: by 2002:a17:902:b20d:: with SMTP id t13mr588958plr.229.1560850922931;
        Tue, 18 Jun 2019 02:42:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560850922; cv=none;
        d=google.com; s=arc-20160816;
        b=bnjtKyxW90TPIUX+vX00Ij9PSgG9Ju9tNYvG0O59AMv6BiT5qSIIW7v3tMuhmJ5Bgq
         gdfTWkY4S9AT+liOpZIEHVda5qanTtZiUOQcozMzJ/Ykgfb3w4oKJMZ/kc8cgkUN78ME
         6/Hj1eXP0Jfz1iUlFrDxxfJrov8mGBbmd9SDYRAevdraGuXHWut5Vx4PNSlD3bb3ySBD
         OTN48DvEooRAoW9wEch1QaT3qREDBKZSbLCjCZvlNysnTsMvmFs+uChzjvShzc6TYzrL
         X88na/6spNrDlv59SwqdZhMDavPIxkP7bkDFvUXq4ACCEM08NQtdPjmNZz1gKQSWyjlZ
         gdBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=O3Ncl71p7lzVXgKkRwrjXIIwyt50nJ3KDmUjaxlB9AQ=;
        b=XkdBYUUncKdOidPUfgGpv0zyHSqCOVJ0n9nwXe3fy95VHS9zHVVLQQwvck2/KRm4Us
         nvmbh1fpLne54EJhD+szakv3eusjt4IT2qQrhuZ1JtTlh/a4UmRIRGYl3eNgD0u/9gYO
         WwHkO8oTnxatwA0ciQR/2berkKaFC+2pCRA9e1xyQQg34JLCFF38NIJYZ/a5ujSsd63j
         Q8ezWr6qY761wzzp9SGg1Ite8SSe+zG0YLHMg9LV1dhcZ9jRVIKKJCu4ziW09iax4DiR
         0bdYW++YHIsTGMnedKnRepgRJU6q8HVQbjTuC4dfH8l6JsvnL7DeoQTj1cUlVnO6L1ud
         IFkA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=SmPpnKId;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s29si4141776pgn.5.2019.06.18.02.41.49;
        Tue, 18 Jun 2019 02:42:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=SmPpnKId;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729389AbfFRJls (ORCPT <rfc822;venktesh.bolla@gmail.com>
        + 99 others); Tue, 18 Jun 2019 05:41:48 -0400
Received: from mail-io1-f65.google.com ([209.85.166.65]:39352 "EHLO
        mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729329AbfFRJlr (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 18 Jun 2019 05:41:47 -0400
Received: by mail-io1-f65.google.com with SMTP id r185so22277159iod.6
        for <linux-crypto@vger.kernel.org>; Tue, 18 Jun 2019 02:41:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=O3Ncl71p7lzVXgKkRwrjXIIwyt50nJ3KDmUjaxlB9AQ=;
        b=SmPpnKIdO03ICXlO41/ekNNXbkBI9XyYTzoC11R7zFcCD+Ea6KQLUumFSFBgR6sbuy
         krAXHMBTQW0v7FDxVJc1KymISd0P1VmHg3PV9bf5O98CLWTv8z07mRKO3GIu5thc+Bs9
         K+33VsZ4y3K0ZogKS/npywpmRrXNH/Qkl5aTyRfEF4+q+ji7kqYyId5cobIJs2kgDJbG
         Qhn6VifCGkyydzVHQcpBT6YRUOPTocqSr//e1HXPix/AJXiV8KRj+nZ2DH17Vpq9axmt
         4plhWLz06OO9IdLDB1skNfyhBUIbozb4nk0Ub0dj4xeIL0vaI46xmlcx3kfGju6ND81k
         hZXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=O3Ncl71p7lzVXgKkRwrjXIIwyt50nJ3KDmUjaxlB9AQ=;
        b=bL8NkAXt2U67vE92pGj83E4SwpRF0SH7Z0OTMy1HKts0ZWEVg/PTrdd27PQ2NB93R5
         QobYLsx0pyOlTj/fQD2TnbVG8xsMM0FwslD1tmhQ4Fkp3eJo/tgmk2C4KKlET7o8P0aJ
         JSKYs21OdsUzTUtp2SswioG5JfOyQitdnaHqbiSC3JHvP1+HkEqJF1sn/AvsalwQYSpO
         +H2ElINpArnIomEUd0xb/WNLZwI6ILRcC45nL2D7fKMr3XFGAExV1GCNv+S4qDS+CAO3
         kC+u2mglMG9VmegB4fg5dxQScOLK0WwGNV6nnSEVb+CPpQAVD4ZZ2wVaheq4IaIt+VSe
         0Mug==
X-Gm-Message-State: APjAAAXqsIN+FNjRLOtxH37TOR/+38rl+WJPCeotaX5L9wfHDydg0kfG
        FaXzMzY2kuJcRYpwEMTRD9PeFM97+q+MOjoX++EZ8g==
X-Received: by 2002:a5d:8794:: with SMTP id f20mr16488425ion.128.1560850906822;
 Tue, 18 Jun 2019 02:41:46 -0700 (PDT)
MIME-Version: 1.0
References: <20190618093207.13436-1-ard.biesheuvel@linaro.org>
 <20190618093207.13436-2-ard.biesheuvel@linaro.org> <CANn89iJuTq36KMf1madQH08g6K0a-Uj-PDH80ao9zuEw+WNcZg@mail.gmail.com>
In-Reply-To: <CANn89iJuTq36KMf1madQH08g6K0a-Uj-PDH80ao9zuEw+WNcZg@mail.gmail.com>
From:   Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date:   Tue, 18 Jun 2019 11:41:35 +0200
Message-ID: <CAKv+Gu894bEEzpKNDTaNiiNJTFoUTYQuFjBBm-ezdkrzW5fyNQ@mail.gmail.com>
Subject: Re: [PATCH 1/2] net: fastopen: make key handling more robust against
 future changes
To:     Eric Dumazet <edumazet@google.com>
Cc:     netdev <netdev@vger.kernel.org>,
        Eric Biggers <ebiggers@kernel.org>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        David Miller <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Jason Baron <jbaron@akamai.com>,
        Christoph Paasch <cpaasch@apple.com>,
        David Laight <David.Laight@aculab.com>,
        Yuchung Cheng <ycheng@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, 18 Jun 2019 at 11:39, Eric Dumazet <edumazet@google.com> wrote:
>
> On Tue, Jun 18, 2019 at 2:32 AM Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> >
> > Some changes to the TCP fastopen code to make it more robust
> > against future changes in the choice of key/cookie size, etc.
> >
> > - Instead of keeping the SipHash key in an untyped u8[] buffer
> >   and casting it to the right type upon use, use the correct
> >   siphash_key_t type directly. This ensures that the key will
> >   appear at the correct alignment if we ever change the way
> >   these data structures are allocated. (Currently, they are
> >   only allocated via kmalloc so they always appear at the
> >   correct alignment)
> >
> > - Use DIV_ROUND_UP when sizing the u64[] array to hold the
> >   cookie, so it is always of sufficient size, even when
> >   TCP_FASTOPEN_COOKIE_MAX is no longer a multiple of 8.
> >
> > - Add a key length check to tcp_fastopen_reset_cipher(). No
> >   callers exist currently that fail this check (they all pass
> >   compile constant values that equal TCP_FASTOPEN_KEY_LENGTH),
> >   but future changes might create problems, e.g., by leaving part
> >   of the key uninitialized, or overflowing the key buffers.
> >
> > Note that none of these are functional changes wrt the current
> > state of the code.
> >
> ...
>
> > -       memcpy(ctx->key[0], primary_key, len);
> > +       if (unlikely(len != TCP_FASTOPEN_KEY_LENGTH)) {
> > +               pr_err("TCP: TFO key length %u invalid\n", len);
> > +               err = -EINVAL;
> > +               goto out;
> > +       }
>
>
> Why a pr_err() is there ?
>
> Can unpriv users flood the syslog ?

They can if they could do so before: there was a call to
crypto_cipher_setkey() in the original pre-SipHash code which would
also result in a pr_err() on an invalid key length. That call got
removed along with the AES cipher handling, and this basically
reinstates it, as suggested by EricB.