From patchwork Tue Apr 24 20:26:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 10360911 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8EE27601BE for ; Tue, 24 Apr 2018 20:27:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 75D0820748 for ; Tue, 24 Apr 2018 20:27:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6A75B2785D; Tue, 24 Apr 2018 20:27:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B2EE020748 for ; Tue, 24 Apr 2018 20:27:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750862AbeDXU1p (ORCPT ); Tue, 24 Apr 2018 16:27:45 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:43051 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750815AbeDXU1n (ORCPT ); Tue, 24 Apr 2018 16:27:43 -0400 Received: by mail-pg0-f67.google.com with SMTP id f132so11674401pgc.10 for ; Tue, 24 Apr 2018 13:27:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=; b=iRybSTdQRFdF9ZUrGWHqcfHyi7fn9Oy6O0w7hD54a4/vtKlDYsyzfEUCbKj8ju8BX8 mIjhcOYZ9cjycn5Fw+yWHiBAEQZwEJF899tTD1/8O2mlRV0k38PNMJyI6IxAonTg9ZOy ArCeXrPjFReY/BG920fc4Tsb+xeXEV/DsbM9uHSE/0r7RGIcoPjR6d8l549SX7jRk9uR i3+Ens+84lS2hECg45NHVUhkCTioOcespQey8CC6LU63dOhoqQjwKHfLtljT7uYbBkls 5GRHEEKDti+H5Z5fiGUsc7jlZLa88CPcLxFGh7PZrQid8WcPOyPkzkB2pH8G9xDQzQD1 FIoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=; b=oyY7pBEHH9sSRppmv2VZXfUNQ4IyCPY4RSE+26bNvagNpKSfRu0rwknzNlOtcQMghC Vrgwb0k8AACqVqdw3tBsy9Bzvx42ArJ7XkObYxhsTDLxOodtuggunLvoPURs0q+bfZJi fI+LReHeuD/NXbgUWiQ6lGdWrYO/0PSoldQnWUit+Y1prlREijltnhcwjQVEXtBFfKqM 8LfjVrOpT4q0YVU8SiHqEt0qu0uFcQX7ixCu9J83MyzylkMApL+KUe6an30I+pV8hDgl ffBicGWT1oV2mKGHMKD6LNlBgDLFuxvOMvkSGdnb9qHEKP/esKG6K8bwBb8qb897EQVp YUkA== X-Gm-Message-State: ALQs6tAoGHhvW7yJdlAM+Lhp3quMkyTeAv2Bk3zMMuqlU1xPKVP/EYEE Vgur7OaD76NdcSaO0YpTJSQVnw== X-Google-Smtp-Source: AIpwx48f46NAEcOa1R2uqQ1RQxuoYwc2/i1YkZ8iiLMkTuO/V1el4SHFUdjGiZOKEzaWvEdil/QODw== X-Received: by 10.98.8.12 with SMTP id c12mr25350426pfd.77.1524601662865; Tue, 24 Apr 2018 13:27:42 -0700 (PDT) Received: from localhost.localdomain ([128.107.241.171]) by smtp.gmail.com with ESMTPSA id r82sm49943847pfk.187.2018.04.24.13.27.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Apr 2018 13:27:41 -0700 (PDT) From: Tycho Andersen To: David Howells Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Tycho Andersen , James Morris , "Serge E. Hallyn" , "Jason A . Donenfeld" , Eric Biggers Subject: [PATCH v3 1/3] big key: get rid of stack array allocation Date: Tue, 24 Apr 2018 14:26:37 -0600 Message-Id: <20180424202639.19830-1-tycho@tycho.ws> X-Mailer: git-send-email 2.17.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP We're interested in getting rid of all of the stack allocated arrays in the kernel [1]. This patch simply hardcodes the iv length to match that of the hardcoded cipher. [1]: https://lkml.org/lkml/2018/3/7/621 v2: hardcode the length of the nonce to be the GCM AES IV length, and do a sanity check in init(), Eric Biggers v3: * remember to free big_key_aead when sanity check fails * define a constant for big key IV size so it can be changed along side the algorithm in the code Signed-off-by: Tycho Andersen CC: David Howells CC: James Morris CC: "Serge E. Hallyn" CC: Jason A. Donenfeld CC: Eric Biggers Reviewed-by: Kees Cook --- security/keys/big_key.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 933623784ccd..2806e70d7f8f 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -22,6 +22,7 @@ #include #include #include +#include struct big_key_buf { unsigned int nr_pages; @@ -85,6 +86,7 @@ struct key_type key_type_big_key = { * Crypto names for big_key data authenticated encryption */ static const char big_key_alg_name[] = "gcm(aes)"; +#define BIG_KEY_IV_SIZE GCM_AES_IV_SIZE /* * Crypto algorithms for big_key data authenticated encryption @@ -109,7 +111,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat * an .update function, so there's no chance we'll wind up reusing the * key to encrypt updated data. Simply put: one key, one encryption. */ - u8 zero_nonce[crypto_aead_ivsize(big_key_aead)]; + u8 zero_nonce[BIG_KEY_IV_SIZE]; aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL); if (!aead_req) @@ -425,6 +427,13 @@ static int __init big_key_init(void) pr_err("Can't alloc crypto: %d\n", ret); return ret; } + + if (unlikely(crypto_aead_ivsize(big_key_aead) != BIG_KEY_IV_SIZE)) { + WARN(1, "big key algorithm changed?"); + ret = -EINVAL; + goto free_aead; + } + ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE); if (ret < 0) { pr_err("Can't set crypto auth tag len: %d\n", ret);