From patchwork Fri Sep 15 22:37:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9953899 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8D0CA601D5 for ; Fri, 15 Sep 2017 22:38:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 777D829583 for ; Fri, 15 Sep 2017 22:38:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6C6692958B; Fri, 15 Sep 2017 22:38:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD0862958E for ; Fri, 15 Sep 2017 22:38:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751564AbdIOWhc (ORCPT ); Fri, 15 Sep 2017 18:37:32 -0400 Received: from mail-pf0-f181.google.com ([209.85.192.181]:54534 "EHLO mail-pf0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751542AbdIOWhb (ORCPT ); Fri, 15 Sep 2017 18:37:31 -0400 Received: by mail-pf0-f181.google.com with SMTP id d187so2123966pfg.11 for ; Fri, 15 Sep 2017 15:37:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Td5xkhrn+efSHcxzmKsHpliOL8srdUZKByntWLu4q3A=; b=gpH0IkYc0XuaJPTPc2rdF+ev/EuW0gMRDboGmdEiEVzRSFeDJFOPALlBHJv0NXUG4o heSgVYsee6JstFvaEqGPbirJC5b6bDWw6NWcJevefEQn4ZMl2NN8baSkn+SRVsSFF8JV /hRtTuaNIKLUNwaqVaHSdxL3/J3JTErNGIC7w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Td5xkhrn+efSHcxzmKsHpliOL8srdUZKByntWLu4q3A=; b=q8cKIA9staffulqlQpStbc/erF6eviiLCKZBK0cpuzu1r5cjGxECfk07VgqYCLtya5 ZNd5NecO1OtV9fioJ6V3cYxAZ7vgZvclkHHQoTjbBToFHwtOzLzqTOKy1NJAz45tzQYq vfn+0ZverWdJQ/CHRMAOFHjzC5aPRE+S3NOFQE37R1wE6iDyGLRzDUssBGxNRoUY6vXu S2JoFBPClm1wwXVPfv7aJ22CYumEUKtUAYKaF32eKmNNdwG/KB3tTZdhOK4ca1yZ58jf P63suJv3m5kX/OegFaIScSb8oiLIiCWEtr1rK33Cb+GYQoB9yUbT+P9UP/TD6qpn69TB fwhw== X-Gm-Message-State: AHPjjUh9n8CkXtmRPYv/AqLi6wemjc105Ni33sWABvSdUxz22vo85rd9 9swgjQMsA76Oi6K6 X-Google-Smtp-Source: ADKCNb6HMKU6ShanB01DCNFBrutfsxVtYfPsjA2vzi+rt885BFZCvOSlu9Q+OF9IR4zJ1EeqfELeOQ== X-Received: by 10.84.217.76 with SMTP id e12mr16210501plj.202.1505515051410; Fri, 15 Sep 2017 15:37:31 -0700 (PDT) Received: from localhost.localdomain ([12.145.98.253]) by smtp.gmail.com with ESMTPSA id s17sm3649007pgq.25.2017.09.15.15.37.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Sep 2017 15:37:30 -0700 (PDT) From: Ard Biesheuvel To: dhowells@redhat.com Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, ilhan.gurel@gmail.com, Ard Biesheuvel Subject: [PATCH] security: keys: switch big_key encryption to AES in CTR mode Date: Fri, 15 Sep 2017 15:37:23 -0700 Message-Id: <20170915223723.20789-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The ECB chaining mode only supports inputs that are a multiple of the blocksize. Furthermore, it is not recommended for direct use, given that it may reveal recurring patterns in the plaintext, due to the lack of feedback between input blocks. So let's solve both issues at once, and switch to AES in CTR mode. Signed-off-by: Ard Biesheuvel --- security/keys/big_key.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 835c1ab30d01..66ee432dad43 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -50,6 +50,7 @@ enum big_key_op { * Key size for big_key data encryption */ #define ENC_KEY_SIZE 16 +#define ENC_IV_SIZE 16 /* * big_key defined keys take an arbitrary string as the description and an @@ -70,7 +71,7 @@ struct key_type key_type_big_key = { * Crypto names for big_key data encryption */ static const char big_key_rng_name[] = "stdrng"; -static const char big_key_alg_name[] = "ecb(aes)"; +static const char big_key_alg_name[] = "ctr(aes)"; /* * Crypto algorithms for big_key data encryption @@ -83,7 +84,8 @@ static struct crypto_skcipher *big_key_skcipher; */ static inline int big_key_gen_enckey(u8 *key) { - return crypto_rng_get_bytes(big_key_rng, key, ENC_KEY_SIZE); + return crypto_rng_get_bytes(big_key_rng, key, + ENC_KEY_SIZE + ENC_IV_SIZE); } /* @@ -105,7 +107,8 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) NULL, NULL); sg_init_one(&sgio, data, datalen); - skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL); + skcipher_request_set_crypt(req, &sgio, &sgio, datalen, + key + ENC_KEY_SIZE); if (op == BIG_KEY_ENC) ret = crypto_skcipher_encrypt(req); @@ -157,7 +160,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) memset(data + datalen, 0x00, enclen - datalen); /* generate random key */ - enckey = kmalloc(ENC_KEY_SIZE, GFP_KERNEL); + enckey = kmalloc(ENC_KEY_SIZE + ENC_IV_SIZE, GFP_KERNEL); if (!enckey) { ret = -ENOMEM; goto error;