From patchwork Tue Apr 24 20:26:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 10360917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 54DB7601BE for ; Tue, 24 Apr 2018 20:28:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 45EFF20748 for ; Tue, 24 Apr 2018 20:28:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A4C32785D; Tue, 24 Apr 2018 20:28:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 36BA020748 for ; Tue, 24 Apr 2018 20:27:58 +0000 (UTC) Received: (qmail 25704 invoked by uid 550); 24 Apr 2018 20:27:56 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 25677 invoked from network); 24 Apr 2018 20:27:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=; b=iRybSTdQRFdF9ZUrGWHqcfHyi7fn9Oy6O0w7hD54a4/vtKlDYsyzfEUCbKj8ju8BX8 mIjhcOYZ9cjycn5Fw+yWHiBAEQZwEJF899tTD1/8O2mlRV0k38PNMJyI6IxAonTg9ZOy ArCeXrPjFReY/BG920fc4Tsb+xeXEV/DsbM9uHSE/0r7RGIcoPjR6d8l549SX7jRk9uR i3+Ens+84lS2hECg45NHVUhkCTioOcespQey8CC6LU63dOhoqQjwKHfLtljT7uYbBkls 5GRHEEKDti+H5Z5fiGUsc7jlZLa88CPcLxFGh7PZrQid8WcPOyPkzkB2pH8G9xDQzQD1 FIoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=IcY/S5ZAzHbKulcj9WVk/KdMuvl+h2gFrtIzyQskksg=; b=LcNeahiRQuaWWiCqv3+9kNSSi3EwBNhfxmfqvc3/VIS2Pof4GV8TsLDG9odNLmBkko lbUz3h8/Bp3rCnbBQ+mgXeBCQmfQHaOc7uE8hgJgIedkh4h0X7k+ilj1wnx/CQxFBe41 mHHGJSbS/JtTSCpQ5GDUQu/2OgLHB7jRlc+zfGF67YEaO5MISfHgeJhW6q/eAWmRq80l O/JX7nZ4Wj1RDhS+naIPlEi7RhvvRSMt2xDmgJ0z6/0+HZGyPvj/q+C48xZcrJgNzFkq II470mr6iW5g1/04Nlft5qJ0VwmB4VsdDVrB68OXqcaA7E0JZtF1KiYtpDrvfbpVOFa+ TW+g== X-Gm-Message-State: ALQs6tAz2gbql8TxcwM60+ULV4ijBpIdnLimotiPngRAcod2Eb3MCX6K 2FFdvW1pvVUzNSc3eapJaU76FbPm5g8= X-Google-Smtp-Source: AIpwx48f46NAEcOa1R2uqQ1RQxuoYwc2/i1YkZ8iiLMkTuO/V1el4SHFUdjGiZOKEzaWvEdil/QODw== X-Received: by 10.98.8.12 with SMTP id c12mr25350426pfd.77.1524601662865; Tue, 24 Apr 2018 13:27:42 -0700 (PDT) From: Tycho Andersen To: David Howells Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Tycho Andersen , James Morris , "Serge E. Hallyn" , "Jason A . Donenfeld" , Eric Biggers Subject: [PATCH v3 1/3] big key: get rid of stack array allocation Date: Tue, 24 Apr 2018 14:26:37 -0600 Message-Id: <20180424202639.19830-1-tycho@tycho.ws> X-Mailer: git-send-email 2.17.0 X-Virus-Scanned: ClamAV using ClamSMTP We're interested in getting rid of all of the stack allocated arrays in the kernel [1]. This patch simply hardcodes the iv length to match that of the hardcoded cipher. [1]: https://lkml.org/lkml/2018/3/7/621 v2: hardcode the length of the nonce to be the GCM AES IV length, and do a sanity check in init(), Eric Biggers v3: * remember to free big_key_aead when sanity check fails * define a constant for big key IV size so it can be changed along side the algorithm in the code Signed-off-by: Tycho Andersen CC: David Howells CC: James Morris CC: "Serge E. Hallyn" CC: Jason A. Donenfeld CC: Eric Biggers Reviewed-by: Kees Cook --- security/keys/big_key.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 933623784ccd..2806e70d7f8f 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -22,6 +22,7 @@ #include #include #include +#include struct big_key_buf { unsigned int nr_pages; @@ -85,6 +86,7 @@ struct key_type key_type_big_key = { * Crypto names for big_key data authenticated encryption */ static const char big_key_alg_name[] = "gcm(aes)"; +#define BIG_KEY_IV_SIZE GCM_AES_IV_SIZE /* * Crypto algorithms for big_key data authenticated encryption @@ -109,7 +111,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat * an .update function, so there's no chance we'll wind up reusing the * key to encrypt updated data. Simply put: one key, one encryption. */ - u8 zero_nonce[crypto_aead_ivsize(big_key_aead)]; + u8 zero_nonce[BIG_KEY_IV_SIZE]; aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL); if (!aead_req) @@ -425,6 +427,13 @@ static int __init big_key_init(void) pr_err("Can't alloc crypto: %d\n", ret); return ret; } + + if (unlikely(crypto_aead_ivsize(big_key_aead) != BIG_KEY_IV_SIZE)) { + WARN(1, "big key algorithm changed?"); + ret = -EINVAL; + goto free_aead; + } + ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE); if (ret < 0) { pr_err("Can't set crypto auth tag len: %d\n", ret);