From patchwork Tue Apr 24 01:03:19 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tycho Andersen <tycho@tycho.ws>
X-Patchwork-Id: 10358461
Return-Path: 
 <kernel-hardening-return-13101-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	F208C6038F for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 24 Apr 2018 01:35:01 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E51CC28CC0
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 24 Apr 2018 01:35:01 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D648828CCA; Tue, 24 Apr 2018 01:35:01 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 0E77D28CC0
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Tue, 24 Apr 2018 01:34:58 +0000 (UTC)
Received: (qmail 14279 invoked by uid 550); 24 Apr 2018 01:34:56 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 14258 invoked from network); 24 Apr 2018 01:34:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=tycho-ws.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=Yk/g0djB0jPedGHm0mvrwwxkD9dHO9VodP3jlVLORRA=;
	b=t7EqQ7OwSvqlonY1p2bHNguhWOyg6kd//p6qgb6+jPXr1wlatKHXdcC270qZp0l5/H
	6CUPlepWKsRXoX+0pUbJauik4NApScSd+ITwLqAvvqsscnbX6lly8kXcCFEzw9/eq29n
	Na9BXRs3htGQ3zzc6PA9XPkcBltyd2Hn7VDyv0+lNlnb/v7AqHJxZCHDgRngrxJLVsRD
	enJjBX+XTcC8kdHdJEQaX6ZIA2Rc6ySTaNhlVRs9MV8sFMWjtw13hQIKjGnOm8x6SRwL
	eevgGcgU8a1xIvDAVcVP2lueivd9byBS55LugtZXOCBab9/6k4ilL5RHdx13CWt8mCyN
	Ud7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=Yk/g0djB0jPedGHm0mvrwwxkD9dHO9VodP3jlVLORRA=;
	b=qWnpuwhMJv3NAhj1OvyFBnXw7fp86NEq+i+PuAl8YIhmTNtxO0bFwULggpk7SSder1
	Pmye5gZDT1NscddKf4/TGYCBJ1t/L6g/3/aJGTVfYvK7LNg0hgAbEtFvoPYc20lWxCWC
	/QxDRvuhzOdvm7OCmbO9mO4bBuSKyrUxtSSCjdk2+FRDcGDf37O8eO1SULG0EMQjaY83
	ERW5n/nvfrU/oCbfP+IZrqBsnmyqKHXUyfmgYb+ah0Pt4Vd2gihdcAzMxJBgReT1yD1B
	WnC/n/civFbwAMEvtc2OqyYT7E1JytRshg1ZiOIc2uQpl6nJO6f0rq8jRGZU3Jxll7dE
	Dcsw==
X-Gm-Message-State: ALQs6tDFQ0RKwa6pRXIvkWjl7PzIPEqhiCLyEEuBkkVkvPmOH/LDiAGK
	1lG6xI+7KC9yyOMAeWMtlOiPWDQjM/M=
X-Google-Smtp-Source: 
 AIpwx48GjcCzkaRjXjMCRjlZbf6lJd0WX/oXNHxrEngLye++PCeo+1KbVWWS47kjKpiRfgaooSSR9A==
X-Received: by 2002:a9d:441d:: with SMTP id
	u29-v6mr16452287ote.70.1524531812937;
	Mon, 23 Apr 2018 18:03:32 -0700 (PDT)
From: Tycho Andersen <tycho@tycho.ws>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
	Tycho Andersen <tycho@tycho.ws>, James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"Jason A . Donenfeld" <Jason@zx2c4.com>,
	Eric Biggers <ebiggers3@gmail.com>
Subject: [PATCH 1/3] big key: get rid of stack array allocation
Date: Mon, 23 Apr 2018 19:03:19 -0600
Message-Id: <20180424010321.14739-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.17.0
X-Virus-Scanned: ClamAV using ClamSMTP

We're interested in getting rid of all of the stack allocated arrays in the
kernel [1]. This patch simply hardcodes the iv length to match that of the
hardcoded cipher.

[1]: https://lkml.org/lkml/2018/3/7/621

v2: hardcode the length of the nonce to be the GCM AES IV length, and do a
    sanity check in init(), Eric Biggers

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: David Howells <dhowells@redhat.com>
CC: James Morris <jmorris@namei.org>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Jason A. Donenfeld <Jason@zx2c4.com>
CC: Eric Biggers <ebiggers3@gmail.com>
---
 security/keys/big_key.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 933623784ccd..75c46786a166 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -22,6 +22,7 @@
 #include <keys/user-type.h>
 #include <keys/big_key-type.h>
 #include <crypto/aead.h>
+#include <crypto/gcm.h>
 
 struct big_key_buf {
 	unsigned int		nr_pages;
@@ -109,7 +110,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
 	 * an .update function, so there's no chance we'll wind up reusing the
 	 * key to encrypt updated data. Simply put: one key, one encryption.
 	 */
-	u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
+	u8 zero_nonce[GCM_AES_IV_SIZE];
 
 	aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
 	if (!aead_req)
@@ -425,6 +426,12 @@ static int __init big_key_init(void)
 		pr_err("Can't alloc crypto: %d\n", ret);
 		return ret;
 	}
+
+	if (unlikely(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_SIZE)) {
+		WARN(1, "big key algorithm changed?");
+		return -EINVAL;
+	}
+
 	ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
 	if (ret < 0) {
 		pr_err("Can't set crypto auth tag len: %d\n", ret);