Received: by 2002:a05:7412:3290:b0:fa:6e18:a558 with SMTP id ev16csp756646rdb; Fri, 26 Jan 2024 09:38:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IFJs9PrgvND3Xu1cDH/9a8PDgGXTi+8jMGYcoynzuWdOBTLoSzKuckRO1u3IGMABoTpTlyH X-Received: by 2002:ac8:5a8e:0:b0:42a:2775:fa8 with SMTP id c14-20020ac85a8e000000b0042a27750fa8mr267184qtc.108.1706290734794; Fri, 26 Jan 2024 09:38:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706290734; cv=pass; d=google.com; s=arc-20160816; b=Atzv64UAZF99YWcgwXLIQzBA42naOpokD9X/dbJpJHc8cqRC9OKbj5NPRFdLL70Yr3 u5vVQjQcZopsShTYVZwl86WZj4VbsZtxMN4D6t76roHbShXN0e3xMGwyUZAqNYvscvo7 wi40QCXo70uDpSDstuFDAIJDKRxgfoe1nDq+aNRFRyXO/z6fCLmmStgtEVKheR3AmEGS 9XUFgGTxU3ENi3UiddJY/fC1lL3k+X2mE0xRxVTwjjw3jaPjaFQ/7N9y5YtybDxC0aiW qFFv8SupRorpTcjqVeBWh/F5NjKybH6k1Jia4XaRhAc56bV7wlKnI1FCE7t0cC55XHTB q82Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature:message-id; bh=hrNyYEKOGi6GDPwxj18KT3Z3avOcsu6ZH6V/ZzqbE58=; fh=4hF93TmZBqt6L3UJbXyLx4z9hpK8g6FxgSYLCWmprBw=; b=fQh/y6YwPf0H5px21o+JtwqXUkZ5FgD+Mhckiz1qkLF+GL8dY4yBjXChCpM84Qb0nA ssx6z6RrTfjJ/XF0AOxlTNlR9lABr+CQiA3sCXW5Cj0DZ0zzkCG3MVS47OQ7ArXIIKxI IbZrig+WHokBbdDcxqf+LrrLZMt2/8SQezKeI2nJpOQrQ4KJNpnKSs0ZBarQ0stHjIZi twqtv8kuRoYKMzEQQAjk6xoa096WDTws3jCvdXUzrQc15MGKQpig2wQrkQpB81+uhE/y aec4dcEM2XgzHQmRgnEYEaikhiOy9Eguphg4QUcKbf7h1Stk7qJmHKRXamPeUUokdqpv wy9A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=f1+j2jRx; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-crypto+bounces-1686-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1686-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id q19-20020a05622a04d300b0042a2e3dbf01si1618023qtx.759.2024.01.26.09.38.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 09:38:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1686-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=f1+j2jRx; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-crypto+bounces-1686-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1686-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4A8E31C22467 for ; Fri, 26 Jan 2024 17:38:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B130A2031F; Fri, 26 Jan 2024 17:38:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="f1+j2jRx" X-Original-To: linux-crypto@vger.kernel.org Received: from out-186.mta0.migadu.com (out-186.mta0.migadu.com [91.218.175.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F0FD208A3 for ; Fri, 26 Jan 2024 17:38:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.186 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706290728; cv=none; b=DR3EEz+JpCQ4bIONh7XPlOIfNGbEvzdXdJDHSM+AZFN9E+IhMIRlawQpG4o1yB6Zn94DiYSx+w6kISA1FkE1jux01zMcVw2w5ci6w9IgGjWBw9I7pMqfaGJg7wc13aTnrN+xIc5ZL5XRZxK+bnFpiPYJhIlz7WuryLuoQErDyLo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706290728; c=relaxed/simple; bh=ofuQOEbQQFzE0GCfYJoMi9Q3uD0EeA4A29bglOPy/LA=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=T26MT+enFNfWAJMEkx1ZLe4k/YRDS5KA3q0Fhpfd8aR9c4O+felpLLYdwCPEn7fOW1zdj3tuUclUI6irSMyH8PogtY1gsaELQq3JiqkAOdH7gFryxlt8YsUiHijg0+x+w4VZFxv9FPsleCb/3VeW7WPlXvNkhyuMQuPTcqvKslE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=f1+j2jRx; arc=none smtp.client-ip=91.218.175.186 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1706290723; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hrNyYEKOGi6GDPwxj18KT3Z3avOcsu6ZH6V/ZzqbE58=; b=f1+j2jRxHnceOOU3X1qIJXeHPH/lliU0My8D+iJacSp615kLkXvFZoouPy+6aEwjSzpE36 xUsCDywGERV9zVuMMfcKS9V4swaD6V24uAfHekt4L6/B299PzoKs718N7UOOMYmoWF68ap pvhp8ZGZon06J23aL3HWECXI7Q3iPU0= Date: Fri, 26 Jan 2024 17:38:36 +0000 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next v8 1/3] bpf: make common crypto API for TC/XDP programs Content-Language: en-US To: Martin KaFai Lau , Vadim Fedorenko Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org, bpf@vger.kernel.org, Victor Stewart , Jakub Kicinski , Andrii Nakryiko , Alexei Starovoitov , Mykola Lysenko , Herbert Xu References: <20240115220803.1973440-1-vadfed@meta.com> <3d2d5f4e-c554-4648-bcec-839d83585123@linux.dev> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Vadim Fedorenko In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT On 26/01/2024 10:30, Vadim Fedorenko wrote: > On 25/01/2024 22:34, Martin KaFai Lau wrote: >> On 1/25/24 3:19 AM, Vadim Fedorenko wrote: >>> On 25/01/2024 01:10, Martin KaFai Lau wrote: >>>> On 1/15/24 2:08 PM, Vadim Fedorenko wrote: >>>>> +static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx, >>>>> +                const struct bpf_dynptr_kern *src, >>>>> +                struct bpf_dynptr_kern *dst, >>>>> +                const struct bpf_dynptr_kern *siv, >>>>> +                bool decrypt) >>>>> +{ >>>>> +    u32 src_len, dst_len, siv_len; >>>>> +    const u8 *psrc; >>>>> +    u8 *pdst, *piv; >>>>> +    int err; >>>>> + >>>>> +    if (ctx->type->get_flags(ctx->tfm) & CRYPTO_TFM_NEED_KEY) >>>> >>>> nit. Does the indirect call get_flags() return different values? >>>> Should it be rejected earlier, e.g. in bpf_crypto_ctx_create()? >>> >>> Well, that is the common pattern in crypto subsys to check flags. >>> But after looking at it second time, I think I have to refactor this >>> part. CRYPTO_TFM_NEED_KEY is set during tfm creation if algo requires >>> the key. And it's freed when the key setup is successful. As there is no >>> way bpf programs can modify tfm directly we can move this check to >>> bpf_crypto_ctx_create() to key setup part and avoid indirect call in >>> this place. >>>> >>>>> +        return -EINVAL; >>>>> + >>>>> +    if (__bpf_dynptr_is_rdonly(dst)) >>>>> +        return -EINVAL; >>>>> + >>>>> +    siv_len = __bpf_dynptr_size(siv); >>>>> +    src_len = __bpf_dynptr_size(src); >>>>> +    dst_len = __bpf_dynptr_size(dst); >>>>> +    if (!src_len || !dst_len) >>>>> +        return -EINVAL; >>>>> + >>>>> +    if (siv_len != (ctx->type->ivsize(ctx->tfm) + >>>>> ctx->type->statesize(ctx->tfm))) >>>> >>>> Same here, two indirect calls per en/decrypt kfunc call. Does the >>>> return value change? >>> >>> I have to check the size of IV provided by the caller, and then to avoid >>> indirect calls I have to store these values somewhere in ctx. It gives a >>> direct access to these values to bpf programs, which can potentially >>> abuse them. Not sure if it's good to open such opportunity. >> >> I don't think it makes any difference considering tfm has already been >> accessible in ctx->tfm. > > Fair. I'll do it then. > >> A noob question, what secret is in the siv len? > > No secrets in the values themself. The problem I see is that user (bpf > program) can adjust them to avoid proper validation and then pass > smaller buffer and trigger read/write out-of-bounds. I've done more tests, and looks like verifier will block programs that are trying to write directly to the struct. In this case no abuse is possible and it's safe to export the value into ctx and avoid indirect calls. > >> btw, unrelated, based on the selftest in patch 3, is it supporting any >> siv_len > 0 for now? > > Well, it should. I see no reasons not to support it. But to test it > properly another cipher should be used. I'll think about extending tests > >> >>> >>>> >>>>> +        return -EINVAL; >>>>> + >>>>> +    psrc = __bpf_dynptr_data(src, src_len); >>>>> +    if (!psrc) >>>>> +        return -EINVAL; >>>>> +    pdst = __bpf_dynptr_data_rw(dst, dst_len); >>>>> +    if (!pdst) >>>>> +        return -EINVAL; >>>>> + >>>>> +    piv = siv_len ? __bpf_dynptr_data_rw(siv, siv_len) : NULL; >>>>> +    if (siv_len && !piv) >>>>> +        return -EINVAL; >>>>> + >>>>> +    err = decrypt ? ctx->type->decrypt(ctx->tfm, psrc, pdst, >>>>> src_len, piv) >>>>> +              : ctx->type->encrypt(ctx->tfm, psrc, pdst, src_len, >>>>> piv); >>>>> + >>>>> +    return err; >>>>> +} >>>> >>> >> >