From: Andy Lutomirski <luto@amacapital.net>
To: Andy Lutomirski <luto@kernel.org>,
"David S. Miller" <davem@davemloft.net>
Cc: X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Borislav Petkov <bp@alien8.de>, Nadav Amit <nadav.amit@gmail.com>,
Kees Cook <keescook@chromium.org>,
Brian Gerst <brgerst@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Josh Poimboeuf <jpoimboe@redhat.com>, Jann Horn <jann@thejh.net>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Marcel Holtmann <marcel@holtmann.org>,
Gustavo Padovan <gustavo@padovan.org>,
Johan Hedberg <johan.hedberg@gmail.com>,
linux-bluetooth@vger.kernel.org,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one()
Date: Thu, 14 Jul 2016 12:10:45 -0700 [thread overview]
Message-ID: <CALCETrXYNM_b41J30eSuuhKtPRUANFpTh6bfuHM4-_RYGuZbZw@mail.gmail.com> (raw)
In-Reply-To: <264af59a3060c2bc2a725cfc66a8fa68219d1c4a.1468270393.git.luto@kernel.org>
On Mon, Jul 11, 2016 at 1:53 PM, Andy Lutomirski <luto@kernel.org> wrote:
> SMP does ECB crypto on stack buffers. This is complicated and
> fragile, and it will not work if the stack is virtually allocated.
>
> Switch to the crypto_cipher interface, which is simpler and safer.
Hi Dave-
It looks like we're delaying virtually mapped stacks to 4.9. That
means that there's time for this to go in through net-next. Could you
queue it up?
--Andy
>
> Cc: Marcel Holtmann <marcel@holtmann.org>
> Cc: Gustavo Padovan <gustavo@padovan.org>
> Cc: Johan Hedberg <johan.hedberg@gmail.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: linux-bluetooth@vger.kernel.org
> Cc: netdev@vger.kernel.org
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
> Acked-and-tested-by: Johan Hedberg <johan.hedberg@intel.com>
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> ---
> net/bluetooth/smp.c | 67 ++++++++++++++++++++++-------------------------------
> 1 file changed, 28 insertions(+), 39 deletions(-)
>
> diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
> index 50976a6481f3..4c1a16a96ae5 100644
> --- a/net/bluetooth/smp.c
> +++ b/net/bluetooth/smp.c
> @@ -22,9 +22,9 @@
>
> #include <linux/debugfs.h>
> #include <linux/scatterlist.h>
> +#include <linux/crypto.h>
> #include <crypto/b128ops.h>
> #include <crypto/hash.h>
> -#include <crypto/skcipher.h>
>
> #include <net/bluetooth/bluetooth.h>
> #include <net/bluetooth/hci_core.h>
> @@ -88,7 +88,7 @@ struct smp_dev {
> u8 min_key_size;
> u8 max_key_size;
>
> - struct crypto_skcipher *tfm_aes;
> + struct crypto_cipher *tfm_aes;
> struct crypto_shash *tfm_cmac;
> };
>
> @@ -127,7 +127,7 @@ struct smp_chan {
> u8 dhkey[32];
> u8 mackey[16];
>
> - struct crypto_skcipher *tfm_aes;
> + struct crypto_cipher *tfm_aes;
> struct crypto_shash *tfm_cmac;
> };
>
> @@ -361,10 +361,8 @@ static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
> * s1 and ah.
> */
>
> -static int smp_e(struct crypto_skcipher *tfm, const u8 *k, u8 *r)
> +static int smp_e(struct crypto_cipher *tfm, const u8 *k, u8 *r)
> {
> - SKCIPHER_REQUEST_ON_STACK(req, tfm);
> - struct scatterlist sg;
> uint8_t tmp[16], data[16];
> int err;
>
> @@ -378,7 +376,7 @@ static int smp_e(struct crypto_skcipher *tfm, const u8 *k, u8 *r)
> /* The most significant octet of key corresponds to k[0] */
> swap_buf(k, tmp, 16);
>
> - err = crypto_skcipher_setkey(tfm, tmp, 16);
> + err = crypto_cipher_setkey(tfm, tmp, 16);
> if (err) {
> BT_ERR("cipher setkey failed: %d", err);
> return err;
> @@ -387,16 +385,7 @@ static int smp_e(struct crypto_skcipher *tfm, const u8 *k, u8 *r)
> /* Most significant octet of plaintextData corresponds to data[0] */
> swap_buf(r, data, 16);
>
> - sg_init_one(&sg, data, 16);
> -
> - skcipher_request_set_tfm(req, tfm);
> - skcipher_request_set_callback(req, 0, NULL, NULL);
> - skcipher_request_set_crypt(req, &sg, &sg, 16, NULL);
> -
> - err = crypto_skcipher_encrypt(req);
> - skcipher_request_zero(req);
> - if (err)
> - BT_ERR("Encrypt data error %d", err);
> + crypto_cipher_encrypt_one(tfm, data, data);
>
> /* Most significant octet of encryptedData corresponds to data[0] */
> swap_buf(data, r, 16);
> @@ -406,7 +395,7 @@ static int smp_e(struct crypto_skcipher *tfm, const u8 *k, u8 *r)
> return err;
> }
>
> -static int smp_c1(struct crypto_skcipher *tfm_aes, const u8 k[16],
> +static int smp_c1(struct crypto_cipher *tfm_aes, const u8 k[16],
> const u8 r[16], const u8 preq[7], const u8 pres[7], u8 _iat,
> const bdaddr_t *ia, u8 _rat, const bdaddr_t *ra, u8 res[16])
> {
> @@ -455,7 +444,7 @@ static int smp_c1(struct crypto_skcipher *tfm_aes, const u8 k[16],
> return err;
> }
>
> -static int smp_s1(struct crypto_skcipher *tfm_aes, const u8 k[16],
> +static int smp_s1(struct crypto_cipher *tfm_aes, const u8 k[16],
> const u8 r1[16], const u8 r2[16], u8 _r[16])
> {
> int err;
> @@ -471,7 +460,7 @@ static int smp_s1(struct crypto_skcipher *tfm_aes, const u8 k[16],
> return err;
> }
>
> -static int smp_ah(struct crypto_skcipher *tfm, const u8 irk[16],
> +static int smp_ah(struct crypto_cipher *tfm, const u8 irk[16],
> const u8 r[3], u8 res[3])
> {
> u8 _res[16];
> @@ -759,7 +748,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn)
> kzfree(smp->slave_csrk);
> kzfree(smp->link_key);
>
> - crypto_free_skcipher(smp->tfm_aes);
> + crypto_free_cipher(smp->tfm_aes);
> crypto_free_shash(smp->tfm_cmac);
>
> /* Ensure that we don't leave any debug key around if debug key
> @@ -1359,9 +1348,9 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
> if (!smp)
> return NULL;
>
> - smp->tfm_aes = crypto_alloc_skcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
> + smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(smp->tfm_aes)) {
> - BT_ERR("Unable to create ECB crypto context");
> + BT_ERR("Unable to create AES crypto context");
> kzfree(smp);
> return NULL;
> }
> @@ -1369,7 +1358,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
> smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
> if (IS_ERR(smp->tfm_cmac)) {
> BT_ERR("Unable to create CMAC crypto context");
> - crypto_free_skcipher(smp->tfm_aes);
> + crypto_free_cipher(smp->tfm_aes);
> kzfree(smp);
> return NULL;
> }
> @@ -3120,7 +3109,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
> {
> struct l2cap_chan *chan;
> struct smp_dev *smp;
> - struct crypto_skcipher *tfm_aes;
> + struct crypto_cipher *tfm_aes;
> struct crypto_shash *tfm_cmac;
>
> if (cid == L2CAP_CID_SMP_BREDR) {
> @@ -3132,9 +3121,9 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
> if (!smp)
> return ERR_PTR(-ENOMEM);
>
> - tfm_aes = crypto_alloc_skcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
> + tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(tfm_aes)) {
> - BT_ERR("Unable to create ECB crypto context");
> + BT_ERR("Unable to create AES crypto context");
> kzfree(smp);
> return ERR_CAST(tfm_aes);
> }
> @@ -3142,7 +3131,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
> tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0);
> if (IS_ERR(tfm_cmac)) {
> BT_ERR("Unable to create CMAC crypto context");
> - crypto_free_skcipher(tfm_aes);
> + crypto_free_cipher(tfm_aes);
> kzfree(smp);
> return ERR_CAST(tfm_cmac);
> }
> @@ -3156,7 +3145,7 @@ create_chan:
> chan = l2cap_chan_create();
> if (!chan) {
> if (smp) {
> - crypto_free_skcipher(smp->tfm_aes);
> + crypto_free_cipher(smp->tfm_aes);
> crypto_free_shash(smp->tfm_cmac);
> kzfree(smp);
> }
> @@ -3203,7 +3192,7 @@ static void smp_del_chan(struct l2cap_chan *chan)
> smp = chan->data;
> if (smp) {
> chan->data = NULL;
> - crypto_free_skcipher(smp->tfm_aes);
> + crypto_free_cipher(smp->tfm_aes);
> crypto_free_shash(smp->tfm_cmac);
> kzfree(smp);
> }
> @@ -3440,7 +3429,7 @@ void smp_unregister(struct hci_dev *hdev)
>
> #if IS_ENABLED(CONFIG_BT_SELFTEST_SMP)
>
> -static int __init test_ah(struct crypto_skcipher *tfm_aes)
> +static int __init test_ah(struct crypto_cipher *tfm_aes)
> {
> const u8 irk[16] = {
> 0x9b, 0x7d, 0x39, 0x0a, 0xa6, 0x10, 0x10, 0x34,
> @@ -3460,7 +3449,7 @@ static int __init test_ah(struct crypto_skcipher *tfm_aes)
> return 0;
> }
>
> -static int __init test_c1(struct crypto_skcipher *tfm_aes)
> +static int __init test_c1(struct crypto_cipher *tfm_aes)
> {
> const u8 k[16] = {
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> @@ -3490,7 +3479,7 @@ static int __init test_c1(struct crypto_skcipher *tfm_aes)
> return 0;
> }
>
> -static int __init test_s1(struct crypto_skcipher *tfm_aes)
> +static int __init test_s1(struct crypto_cipher *tfm_aes)
> {
> const u8 k[16] = {
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> @@ -3686,7 +3675,7 @@ static const struct file_operations test_smp_fops = {
> .llseek = default_llseek,
> };
>
> -static int __init run_selftests(struct crypto_skcipher *tfm_aes,
> +static int __init run_selftests(struct crypto_cipher *tfm_aes,
> struct crypto_shash *tfm_cmac)
> {
> ktime_t calltime, delta, rettime;
> @@ -3764,27 +3753,27 @@ done:
>
> int __init bt_selftest_smp(void)
> {
> - struct crypto_skcipher *tfm_aes;
> + struct crypto_cipher *tfm_aes;
> struct crypto_shash *tfm_cmac;
> int err;
>
> - tfm_aes = crypto_alloc_skcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
> + tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(tfm_aes)) {
> - BT_ERR("Unable to create ECB crypto context");
> + BT_ERR("Unable to create AES crypto context");
> return PTR_ERR(tfm_aes);
> }
>
> tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(tfm_cmac)) {
> BT_ERR("Unable to create CMAC crypto context");
> - crypto_free_skcipher(tfm_aes);
> + crypto_free_cipher(tfm_aes);
> return PTR_ERR(tfm_cmac);
> }
>
> err = run_selftests(tfm_aes, tfm_cmac);
>
> crypto_free_shash(tfm_cmac);
> - crypto_free_skcipher(tfm_aes);
> + crypto_free_cipher(tfm_aes);
>
> return err;
> }
> --
> 2.7.4
>
--
Andy Lutomirski
AMA Capital Management, LLC
next prev parent reply other threads:[~2016-07-14 19:11 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-11 20:53 [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() Andy Lutomirski
2016-07-14 19:10 ` Andy Lutomirski [this message]
2016-07-14 20:30 ` Marcel Holtmann
2016-07-14 20:41 ` David Miller
2016-07-11 20:53 ` [PATCH v5 02/32] x86/mm/hotplug: Don't remove PGD entries in remove_pagetable() Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated Andy Lutomirski
2016-07-22 4:43 ` [kernel-hardening] " Valdis.Kletnieks
2016-07-22 5:34 ` Andy Lutomirski
2016-07-22 10:21 ` Ingo Molnar
2016-07-22 18:21 ` Andy Lutomirski
2016-07-22 18:31 ` Andy Lutomirski
2016-07-22 20:11 ` Ingo Molnar
2016-07-23 5:21 ` Valdis.Kletnieks
2016-07-23 14:58 ` Nicolai Stange
2016-07-28 9:26 ` Valdis.Kletnieks
2016-07-11 20:53 ` [PATCH v5 04/32] x86/mm: Remove kernel_unmap_pages_in_pgd() and efi_cleanup_page_tables() Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 05/32] mm: Track NR_KERNEL_STACK in KiB instead of number of stacks Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 06/32] mm: Fix memcg stack accounting for sub-page stacks Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 07/32] fork: Add generic vmalloced stack support Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 08/32] dma-api: Teach the "DMA-from-stack" check about vmapped stacks Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 09/32] x86/dumpstack: When OOPSing, rewind the stack before do_exit() Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 10/32] x86/dumpstack: Honor supplied @regs arg Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 11/32] x86/dumpstack: Try harder to get a call trace on stack overflow Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 12/32] x86/dumpstack/64: Handle faults when printing the "Stack:" part of an OOPS Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 13/32] x86/mm/64: In vmalloc_fault(), use CR3 instead of current->active_mm Andy Lutomirski
2016-07-12 17:51 ` [kernel-hardening] " Dave Hansen
2016-07-12 18:03 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks Andy Lutomirski
2016-07-13 7:53 ` Ingo Molnar
2016-07-13 18:42 ` Andy Lutomirski
2016-07-14 8:34 ` Ingo Molnar
2016-07-14 16:51 ` Andy Lutomirski
2016-07-14 18:45 ` Ingo Molnar
2016-07-11 20:53 ` [PATCH v5 15/32] x86/mm: Improve stack-overflow #PF handling Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 16/32] x86: Move uaccess_err and sig_on_uaccess_err to thread_struct Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 17/32] x86: Move addr_limit " Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code Andy Lutomirski
2016-07-12 11:57 ` Brian Gerst
2016-07-12 23:01 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 19/32] x86/smp: Remove stack_smp_processor_id() Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 20/32] x86/smp: Remove unnecessary initialization of thread_info::cpu Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 21/32] x86/asm: Move 'status' from struct thread_info to struct thread_struct Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 22/32] kdb: Use task_cpu() instead of task_thread_info()->cpu Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 23/32] printk: When dumping regs, show the stack, not thread_info Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 24/32] x86/entry: Get rid of pt_regs_to_thread_info() Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 25/32] um: Stop conflating task_struct::stack with thread_info Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 26/32] sched: Allow putting thread_info into task_struct Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 27/32] x86: Move " Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 28/32] sched: Add try_get_task_stack() and put_task_stack() Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 29/32] kthread: to_live_kthread() needs try_get_task_stack() Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 30/32] x86/dumpstack: Pin the target stack in save_stack_trace_tsk() Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 31/32] sched: Free the stack early if CONFIG_THREAD_INFO_IN_TASK Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 32/32] fork: Cache two thread stacks per cpu if CONFIG_VMAP_STACK is set Andy Lutomirski
2016-07-12 8:56 ` [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup Herbert Xu
2016-07-13 8:54 ` Christian Borntraeger
2016-07-13 18:36 ` Andy Lutomirski
2016-07-13 18:53 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrXYNM_b41J30eSuuhKtPRUANFpTh6bfuHM4-_RYGuZbZw@mail.gmail.com \
--to=luto@amacapital.net \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=davem@davemloft.net \
--cc=gustavo@padovan.org \
--cc=heiko.carstens@de.ibm.com \
--cc=jann@thejh.net \
--cc=johan.hedberg@gmail.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=marcel@holtmann.org \
--cc=nadav.amit@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).