Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK

From: Kees Cook
Date: Wed Jun 27 2018 - 20:10:13 EST

Next message: Guenter Roeck: "Re: [Qemu-devel] Linux kernel configurations for various Microblaze systems"
Previous message: Kostya Serebryany: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
In reply to: Herbert Xu: "Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK"
Next in thread: Kees Cook: "[PATCH v2 10/11] crypto: ahash: Remove VLA usage for AHASH_REQUEST_ON_STACK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 27, 2018 at 3:27 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Jun 27, 2018 at 11:31:09AM -0700, Kees Cook wrote:
>> crypto/lrw.c: crypto_skcipher_set_reqsize(tfm,
>> crypto_skcipher_reqsize(cipher) +
>> crypto/lrw.c- sizeof(struct rctx));
>> ...
>> crypto/cts.c- align = crypto_skcipher_alignmask(tfm);
>> crypto/cts.c- bsize = crypto_skcipher_blocksize(cipher);
>> crypto/cts.c- reqsize = ALIGN(sizeof(struct crypto_cts_reqctx) +
>> crypto/cts.c- crypto_skcipher_reqsize(cipher),
>> crypto/cts.c- crypto_tfm_ctx_alignment()) +
>> crypto/cts.c- (align & ~(crypto_tfm_ctx_alignment() - 1)) + bsize;
>> crypto/cts.c-
>> crypto/cts.c: crypto_skcipher_set_reqsize(tfm, reqsize);
>>
>> What values might be expected here? It seems the entire blocksize
>> needs to be included as well...
>
> But otherwise yes these are the ones that count.

In both cases here, what is "cipher"? i.e. what ciphers could lrw be
wrapping, and what ciphers could cts be wrapping, so that I can
examine the blocksizes, etc?

FWIW, looking at the non-ASYNC wrappers, I see only:

crypto/ctr.c
crypto/cts.c
crypto/lrw.c
crypto/xts.c
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c

Building in all crypto things and running tcrypt with an instrumented
crypto_skcipher_set_reqsize, I see:

# dmesg | grep skcipher_set_req | cut -c16- | sort -u | sort +1 -n
crypto_skcipher_set_reqsize: 8
crypto_skcipher_set_reqsize: 88
crypto_skcipher_set_reqsize: 184
crypto_skcipher_set_reqsize: 256
crypto_skcipher_set_reqsize: 472

The 472 maps to lrw with its 384 struct rctx:

[ 553.843884] tcrypt: testing lrw(twofish)
[ 553.844479] crypto_skcipher_set_reqsize: 8
[ 553.845076] crypto_skcipher_set_reqsize: 88
[ 553.845658] crypto_skcipher_set_reqsize: 472

[ 553.860578] tcrypt: testing lrw(serpent)
[ 553.861349] crypto_skcipher_set_reqsize: 8
[ 553.861960] crypto_skcipher_set_reqsize: 88
[ 553.862534] crypto_skcipher_set_reqsize: 472

[ 553.871676] tcrypt: testing lrw(aes)
[ 553.872398] crypto_skcipher_set_reqsize: 8
[ 553.873002] crypto_skcipher_set_reqsize: 88
[ 553.873574] crypto_skcipher_set_reqsize: 472

[ 553.957282] tcrypt: testing lrw(cast6)
[ 553.958098] crypto_skcipher_set_reqsize: 8
[ 553.958691] crypto_skcipher_set_reqsize: 88
[ 553.959311] crypto_skcipher_set_reqsize: 472

[ 553.982514] tcrypt: testing lrw(camellia)
[ 553.983308] crypto_skcipher_set_reqsize: 8
[ 553.983907] crypto_skcipher_set_reqsize: 88
[ 553.984470] crypto_skcipher_set_reqsize: 472

And while I'm using tcrypt, ahash shows:

44
124
336
368
528
536
568
616
648
728
808

The largest seems to be sha512:

[ 553.883440] tcrypt: testing sha512
[ 553.884179] sha512_mb: crypto_ahash_set_reqsize: 528
[ 553.884904] crypto_ahash_set_reqsize: 728
[ 553.885449] sha512_mb: crypto_ahash_set_reqsize: 808

So ... should I use 472 for skcipher and 808 for ahash?

-Kees

--
Kees Cook
Pixel Security

Next message: Guenter Roeck: "Re: [Qemu-devel] Linux kernel configurations for various Microblaze systems"
Previous message: Kostya Serebryany: "Re: [PATCH v4 00/17] khwasan: kernel hardware assisted address sanitizer"
In reply to: Herbert Xu: "Re: [PATCH v2 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK"
Next in thread: Kees Cook: "[PATCH v2 10/11] crypto: ahash: Remove VLA usage for AHASH_REQUEST_ON_STACK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]