Received: by 2002:a05:7412:3290:b0:fa:6e18:a558 with SMTP id ev16csp513929rdb; Fri, 26 Jan 2024 02:34:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IF16i6XiMHQFvZGk6K/54wKf/H4isq26FiXDk+5QboFqoHpBsApY3KLGLe+28Q4ptT+IqH6 X-Received: by 2002:a17:906:168f:b0:a30:fb95:9387 with SMTP id s15-20020a170906168f00b00a30fb959387mr1148245ejd.75.1706265291499; Fri, 26 Jan 2024 02:34:51 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706265291; cv=pass; d=google.com; s=arc-20160816; b=P+E/IqwjZLclSb9vS7yTmhHyHoSj7y5Pz4YK398O8rlQKz7DPv72iaaIg5ecEJRt+1 6SLnF5aiA9FyuFDubxh3dhmh3aDHfxAVlMlqiBTRxCc5m0G4alD5GbiA7ccJl7ZznOiG jvvKcrprKqpFlGMhEt6Oo8h/j+MOZy5ouC7X1T7vL6UKsKgYNA4AM1CQSSO5+ITpFC99 RMTYWYSUqszwRIm+vgrDoOvDwCP30fdzO6vc7ukCmJ5moDmfbP0Qks40ryUWLH5h5tXO b/J/Fd1bVUKR22bphJlAfCXjMh5WVDqnyP4yomIUMQGjFK/I4wXIb4q1Nubx5nmJzp6I eNRg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature:message-id; bh=GQ5cQQbN07W3Mr8WJy7OQCLh5hYQXPQPQN6G40syBwQ=; fh=4hF93TmZBqt6L3UJbXyLx4z9hpK8g6FxgSYLCWmprBw=; b=UtIlpSE+q/Ur6VAIaP1TvZ/Okcdud9AravIqONQQgbE8f5k2blZ3R2pGj3GCdKPNEA apLgY+5p9V3jhrOhbC+CpHjAYt5+I4kLUi0I4IumMmC+YYvkCvG2O+/7CK/Xaz6DCdrU A3KAV2GvU6WpnihpQs36uicdA480X8YA+0DUq17y7yCtUmiZhKpkmO8mSqu9C2hoNkDa I0Mbvui7g1DAi+mLBQvvO3HjGboemonFqmK2B4ARyNOZYdainaDdVRnQCNv2PP3QBskh 3q7NODF/9rY74ff+AgwPCWNRdPEYTUWh6olUFW9rhtYqD/dWQwz5Z+kdfp4IyETuc56F SpQQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=wX446PTZ; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-crypto+bounces-1674-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1674-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id lh12-20020a170906f8cc00b00a3498eb636asi438779ejb.682.2024.01.26.02.34.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 02:34:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1674-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=wX446PTZ; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-crypto+bounces-1674-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1674-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 18A331F21A91 for ; Fri, 26 Jan 2024 10:34:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 95BA117730; Fri, 26 Jan 2024 10:31:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="wX446PTZ" X-Original-To: linux-crypto@vger.kernel.org Received: from out-174.mta0.migadu.com (out-174.mta0.migadu.com [91.218.175.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 960BE17582 for ; Fri, 26 Jan 2024 10:30:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706265060; cv=none; b=NWxSg4T3LiUBr8vb22LIa0eGdtqlv+We0UyKQx6yYbZ/oA7SNnBQAE7H3ry7oBtzhVQJQQ+ilTtPsl2j6g8CGNd4iYicLd5Pm5pIDZvd951Xub37c6Ohflu7B8KGy4egaYooSze9nGruwe+ZXmQ4Ksp8mVmOD52lsmV4JGWQqKA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706265060; c=relaxed/simple; bh=8lg/b7eX807+j1J3wZYy8O4FO7Zd4a5U1Nff7rJUlWM=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Yp3jm6Zt+v5HCLiCcgdEpIKkTd8qF8fN1GKb0MNDTxTEm5fnpMPIlJCGH/fhSorLeFPA+F+b+DqLGSR2wLo2wOWzofUpm5FGz6kd79mZPJaG7y48tPsK9bExVRJ5hkEQpUGmm7ND3thixccigOqVlvcG//Npt+F11WQQojw5gFo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=wX446PTZ; arc=none smtp.client-ip=91.218.175.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1706265056; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GQ5cQQbN07W3Mr8WJy7OQCLh5hYQXPQPQN6G40syBwQ=; b=wX446PTZNwlaRGbnarns756kx9vXUVcwAQ0IMJWhtOzdLSXSNzC5yv3VXQY/VD63MpQsF0 MKtrioPpboc/H4N6vRPsJK8ORZO8CnpZ5Q+/D5/9D4CP1vcl9Kb09wsj0R5dJK44gDM0PY 0yeMrn/aLlSjNM68CEv2zt1y1Htxt4Y= Date: Fri, 26 Jan 2024 10:30:50 +0000 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next v8 1/3] bpf: make common crypto API for TC/XDP programs Content-Language: en-US To: Martin KaFai Lau , Vadim Fedorenko Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org, bpf@vger.kernel.org, Victor Stewart , Jakub Kicinski , Andrii Nakryiko , Alexei Starovoitov , Mykola Lysenko , Herbert Xu References: <20240115220803.1973440-1-vadfed@meta.com> <3d2d5f4e-c554-4648-bcec-839d83585123@linux.dev> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Vadim Fedorenko In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT On 25/01/2024 22:34, Martin KaFai Lau wrote: > On 1/25/24 3:19 AM, Vadim Fedorenko wrote: >> On 25/01/2024 01:10, Martin KaFai Lau wrote: >>> On 1/15/24 2:08 PM, Vadim Fedorenko wrote: >>>> +static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx, >>>> +                const struct bpf_dynptr_kern *src, >>>> +                struct bpf_dynptr_kern *dst, >>>> +                const struct bpf_dynptr_kern *siv, >>>> +                bool decrypt) >>>> +{ >>>> +    u32 src_len, dst_len, siv_len; >>>> +    const u8 *psrc; >>>> +    u8 *pdst, *piv; >>>> +    int err; >>>> + >>>> +    if (ctx->type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) >>> >>> nit. Does the indirect call get_flags() return different values? >>> Should it be rejected earlier, e.g. in bpf_crypto_ctx_create()? >> >> Well, that is the common pattern in crypto subsys to check flags. >> But after looking at it second time, I think I have to refactor this >> part. CRYPTO_TFM_NEED_KEY is set during tfm creation if algo requires >> the key. And it's freed when the key setup is successful. As there is no >> way bpf programs can modify tfm directly we can move this check to >> bpf_crypto_ctx_create() to key setup part and avoid indirect call in >> this place. >>> >>>> +        return -EINVAL; >>>> + >>>> +    if (__bpf_dynptr_is_rdonly(dst)) >>>> +        return -EINVAL; >>>> + >>>> +    siv_len = __bpf_dynptr_size(siv); >>>> +    src_len = __bpf_dynptr_size(src); >>>> +    dst_len = __bpf_dynptr_size(dst); >>>> +    if (!src_len || !dst_len) >>>> +        return -EINVAL; >>>> + >>>> +    if (siv_len != (ctx->type->ivsize(ctx->tfm) + >>>> ctx->type->statesize(ctx->tfm))) >>> >>> Same here, two indirect calls per en/decrypt kfunc call. Does the >>> return value change? >> >> I have to check the size of IV provided by the caller, and then to avoid >> indirect calls I have to store these values somewhere in ctx. It gives a >> direct access to these values to bpf programs, which can potentially >> abuse them. Not sure if it's good to open such opportunity. > > I don't think it makes any difference considering tfm has already been > accessible in ctx->tfm. Fair. I'll do it then. > A noob question, what secret is in the siv len? No secrets in the values themself. The problem I see is that user (bpf program) can adjust them to avoid proper validation and then pass smaller buffer and trigger read/write out-of-bounds. > btw, unrelated, based on the selftest in patch 3, is it supporting any > siv_len > 0 for now? Well, it should. I see no reasons not to support it. But to test it properly another cipher should be used. I'll think about extending tests > >> >>> >>>> +        return -EINVAL; >>>> + >>>> +    psrc = __bpf_dynptr_data(src, src_len); >>>> +    if (!psrc) >>>> +        return -EINVAL; >>>> +    pdst = __bpf_dynptr_data_rw(dst, dst_len); >>>> +    if (!pdst) >>>> +        return -EINVAL; >>>> + >>>> +    piv = siv_len ? __bpf_dynptr_data_rw(siv, siv_len) : NULL; >>>> +    if (siv_len && !piv) >>>> +        return -EINVAL; >>>> + >>>> +    err = decrypt ? ctx->type->decrypt(ctx->tfm, psrc, pdst, >>>> src_len, piv) >>>> +              : ctx->type->encrypt(ctx->tfm, psrc, pdst, src_len, >>>> piv); >>>> + >>>> +    return err; >>>> +} >>> >> >