From patchwork Thu Jul 22 09:17:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmad Fatoum X-Patchwork-Id: 1508605 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=h6lFmtJQ; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GVn3S6Cy6z9sXM for ; Thu, 22 Jul 2021 19:20:04 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=iEA2I6auhhNuc/2EmNlHS/4IcO6vXjEXmrx+Zr+9aGQ=; b=h6lFmtJQ/+p0mH Lw719TJWF3p5K04cPiqrGX2WGbU3iB6n5v19BzDM87QLmYH6j7PLsnyDmqavxJ1rAmburiecGELWV IPTm1gc3P4HLxYc26TcmXm6pGoILoJZmBLqXyEzLQPS5jLG1m8F9YmxU7Kvva7lf6UfEYjfW7LYwD 9uSUYqALLAOrInt/aPB9fgo+lhWqSjtq2/+ceiBTRrKO4X/LIeOFnkQIYHjLpgsU4/P3Bjo8k4Ypw BS7Kne8ePUOuwgvOCLrM68ysNzKPTJrWLKKPh1LqddARw4dKj/DDQAYdcenYtcQpqVIVkvoAEA8KU S1ijyhoj2LVWcjpGIgCw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6UrV-000qkh-61; Thu, 22 Jul 2021 09:19:25 +0000 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6Uqb-000qVO-RP for linux-mtd@lists.infradead.org; Thu, 22 Jul 2021 09:18:31 +0000 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m6UqE-0001NL-VW; Thu, 22 Jul 2021 11:18:06 +0200 Received: from afa by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1m6UqC-0001Cm-EB; Thu, 22 Jul 2021 11:18:04 +0200 From: Ahmad Fatoum To: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Song Liu , Richard Weinberger Cc: kernel@pengutronix.de, Ahmad Fatoum , linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v1 1/4] keys: introduce key_extract_material helper Date: Thu, 22 Jul 2021 11:17:59 +0200 Message-Id: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: afa@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-mtd@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210722_021829_909946_99B6E33D X-CRM114-Status: GOOD ( 22.07 ) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: While keys of differing type have a common struct key definition, there is no common scheme to the payload and key material extraction differs. For kernel functionality that supports different key types, this means duplicated code for key material extraction and because key type is discriminated by a pointer to a global, users need to replica [...] Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [2001:67c:670:201:290:27ff:fe1d:cc33 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org While keys of differing type have a common struct key definition, there is no common scheme to the payload and key material extraction differs. For kernel functionality that supports different key types, this means duplicated code for key material extraction and because key type is discriminated by a pointer to a global, users need to replicate reachability checks as well, so builtin code doesn't depend on a key type symbol offered by a module. Make this easier by adding a common helper with initial support for user, logon, encrypted and trusted keys. The code is taken from dm-crypt, which is migrated to use the helper in a later commit. The implementation must be partially in a header to support configurations where the key type symbol is defined in a module, but key support in general is built-in. Signed-off-by: Ahmad Fatoum --- I am not sure whether the chosen header and source file are the best places for this. This could be made header-only too if that's preferred. To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" To: Alasdair Kergon To: Mike Snitzer To: dm-devel@redhat.com To: Song Liu To: Richard Weinberger Cc: linux-kernel@vger.kernel.org Cc: linux-raid@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org --- include/linux/key.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ security/keys/key.c | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) diff --git a/include/linux/key.h b/include/linux/key.h index 7febc4881363..916612f5b313 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -20,6 +20,8 @@ #include #include #include +#include +#include #ifdef __KERNEL__ #include @@ -487,6 +489,48 @@ extern void key_fsuid_changed(struct cred *new_cred); extern void key_fsgid_changed(struct cred *new_cred); extern void key_init(void); +/* + * internal use, so key core code need not link against + * all supported key types + * */ +enum __key_type { + KEY_TYPE_UNKNOWN, KEY_TYPE_USER, KEY_TYPE_ENCRYPTED, KEY_TYPE_TRUSTED +}; + +const void *__key_extract_material(const struct key *key, enum __key_type type, + unsigned int *len); + +/** + * key_extract_material - Extract decrypted data out of a key + * @key: a logon, user, encrypted or trusted key + * @len: pointer to variable to store key size into + * + * Extract decrypted data out of supported key types + * + * Returns a pointer to the key material if successfull or an error + * pointer if key type is not compiled in, the buffer is too + * small or the key was revoked. + */ +static inline const void *key_extract_material(const struct key *key, + unsigned int *len) +{ + extern struct key_type key_type_user; + extern struct key_type key_type_logon; + extern struct key_type key_type_encrypted; + extern struct key_type key_type_trusted; + enum __key_type type = KEY_TYPE_UNKNOWN; + const struct key_type *t = key->type; + + if (t == &key_type_logon || t == &key_type_user) + type = KEY_TYPE_USER; + else if (IS_REACHABLE(CONFIG_ENCRYPTED_KEYS) && t == &key_type_encrypted) + type = KEY_TYPE_ENCRYPTED; + else if (IS_REACHABLE(CONFIG_TRUSTED_KEYS) && t == &key_type_trusted) + type = KEY_TYPE_TRUSTED; + + return __key_extract_material(key, type, len); +} + #else /* CONFIG_KEYS */ #define key_validate(k) 0 @@ -504,6 +548,7 @@ extern void key_init(void); #define key_init() do { } while(0) #define key_free_user_ns(ns) do { } while(0) #define key_remove_domain(d) do { } while(0) +#define key_extract_material(k, l) ERR_PTR(-EINVAL) #endif /* CONFIG_KEYS */ #endif /* __KERNEL__ */ diff --git a/security/keys/key.c b/security/keys/key.c index c45afdd1dfbb..69cd1cb8c413 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -15,6 +15,9 @@ #include #include #include +#include +#include +#include #include "internal.h" struct kmem_cache *key_jar; @@ -1140,6 +1143,43 @@ int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep) } EXPORT_SYMBOL(generic_key_instantiate); +const void *__key_extract_material(const struct key *key, + enum __key_type type, unsigned int *len) +{ + const struct encrypted_key_payload *ekp; + const struct trusted_key_payload *tkp; + const struct user_key_payload *ukp; + + switch (type) { + case KEY_TYPE_USER: + ukp = user_key_payload_locked(key); + if (!ukp) + break; + + *len = ukp->datalen; + return ukp->data; + case KEY_TYPE_ENCRYPTED: + ekp = key->payload.data[0]; + if (!ekp) + break; + + *len = ekp->decrypted_datalen; + return ekp->decrypted_data; + case KEY_TYPE_TRUSTED: + tkp = key->payload.data[0]; + if (!tkp) + break; + + *len = tkp->key_len; + return tkp->key; + default: + return ERR_PTR(-EINVAL); + } + + return ERR_PTR(-EKEYREVOKED); +} +EXPORT_SYMBOL(__key_extract_material); + /** * register_key_type - Register a type of key. * @ktype: The new key type. From patchwork Thu Jul 22 09:18:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmad Fatoum X-Patchwork-Id: 1508606 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=22WG6vr/; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GVn494pB4z9sWw for ; Thu, 22 Jul 2021 19:20:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=n08tkb7CKQA3yDnvA32D3Zl2Qdm6dhC/22j698SBfOk=; b=22WG6vr/WMVyNf Kh4/x9zMDUoz7yGTQWx7EUQ/EKgwFsR1TnDjVFJHjXookVZX6+DMPW9N/cRBJBGlliQlWqM03l6lE 83qXtEfWO55aJ3PXr6Cs3G2HJ7uCNXOuxX2a6LETaCDrKW2SnKvIgwvpjW0ht+6mffjYh9ED44Ibz e9vble6VqCkZPw/K9mH4qOHgSeTXnf6SZNFEAk8C74PvQUbCcRdoaWD+aSQN9DnUxcynLGx41olVa /A0u255KQZpgXxxQWp89ofIlh5a5CMIyYYxItL276nIfInRX+U6pcJauMJKHEKXO9Rf3cFat+N781 Tv6MH8kboBR9vzYYDTQQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6Us2-000qvw-Nq; Thu, 22 Jul 2021 09:19:58 +0000 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6Uqj-000qWj-1b for linux-mtd@lists.infradead.org; Thu, 22 Jul 2021 09:18:38 +0000 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m6UqE-0001NM-VX; Thu, 22 Jul 2021 11:18:06 +0200 Received: from afa by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1m6UqC-0001Cr-FA; Thu, 22 Jul 2021 11:18:04 +0200 From: Ahmad Fatoum To: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Song Liu , Richard Weinberger Cc: kernel@pengutronix.de, Ahmad Fatoum , linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v1 2/4] dm: crypt: use new key_extract_material helper Date: Thu, 22 Jul 2021 11:18:00 +0200 Message-Id: <7ac4a9ae0a3c2dfdf41611f3fe78fe63a6e57b94.1626945419.git-series.a.fatoum@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: References: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: afa@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-mtd@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210722_021837_130748_A4007C6C X-CRM114-Status: GOOD ( 15.83 ) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: There is a common function now to extract key material out of a few different key types, which includes all types currently supported by dm-crypt. Make use of it. Signed-off-by: Ahmad Fatoum --- To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org There is a common function now to extract key material out of a few different key types, which includes all types currently supported by dm-crypt. Make use of it. Signed-off-by: Ahmad Fatoum --- To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" To: Alasdair Kergon To: Mike Snitzer To: dm-devel@redhat.com To: Song Liu To: Richard Weinberger Cc: linux-kernel@vger.kernel.org Cc: linux-raid@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org --- drivers/md/dm-crypt.c | 65 ++++++-------------------------------------- 1 file changed, 9 insertions(+), 56 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 50f4cbd600d5..576d6b7ce231 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2421,61 +2421,14 @@ static bool contains_whitespace(const char *str) return false; } -static int set_key_user(struct crypt_config *cc, struct key *key) -{ - const struct user_key_payload *ukp; - - ukp = user_key_payload_locked(key); - if (!ukp) - return -EKEYREVOKED; - - if (cc->key_size != ukp->datalen) - return -EINVAL; - - memcpy(cc->key, ukp->data, cc->key_size); - - return 0; -} - -static int set_key_encrypted(struct crypt_config *cc, struct key *key) -{ - const struct encrypted_key_payload *ekp; - - ekp = key->payload.data[0]; - if (!ekp) - return -EKEYREVOKED; - - if (cc->key_size != ekp->decrypted_datalen) - return -EINVAL; - - memcpy(cc->key, ekp->decrypted_data, cc->key_size); - - return 0; -} - -static int set_key_trusted(struct crypt_config *cc, struct key *key) -{ - const struct trusted_key_payload *tkp; - - tkp = key->payload.data[0]; - if (!tkp) - return -EKEYREVOKED; - - if (cc->key_size != tkp->key_len) - return -EINVAL; - - memcpy(cc->key, tkp->key, cc->key_size); - - return 0; -} - static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) { char *new_key_string, *key_desc; int ret; + unsigned int len; struct key_type *type; struct key *key; - int (*set_key)(struct crypt_config *cc, struct key *key); + const void *key_material; /* * Reject key_string with whitespace. dm core currently lacks code for @@ -2493,18 +2446,14 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string if (!strncmp(key_string, "logon:", key_desc - key_string + 1)) { type = &key_type_logon; - set_key = set_key_user; } else if (!strncmp(key_string, "user:", key_desc - key_string + 1)) { type = &key_type_user; - set_key = set_key_user; } else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) && !strncmp(key_string, "encrypted:", key_desc - key_string + 1)) { type = &key_type_encrypted; - set_key = set_key_encrypted; } else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) && !strncmp(key_string, "trusted:", key_desc - key_string + 1)) { type = &key_type_trusted; - set_key = set_key_trusted; } else { return -EINVAL; } @@ -2521,14 +2470,18 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string down_read(&key->sem); - ret = set_key(cc, key); - if (ret < 0) { + key_material = key_extract_material(key, &len); + if (!IS_ERR(key_material) && len != cc->key_size) + key_material = ERR_PTR(-EINVAL); + if (IS_ERR(key_material)) { up_read(&key->sem); key_put(key); kfree_sensitive(new_key_string); - return ret; + return PTR_ERR(key_material); } + memcpy(cc->key, key_material, len); + up_read(&key->sem); key_put(key); From patchwork Thu Jul 22 09:18:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmad Fatoum X-Patchwork-Id: 1508602 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=nQspUARo; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GVn2W4KRCz9sWw for ; Thu, 22 Jul 2021 19:19:15 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9WxwbgD8b8LS79KJ1bPFbflbjWoe1qbTOXtcDE227WQ=; b=nQspUARoj66mey 4/UXMLyp+8WwsYo16Hy94qYR3PFWJmNjFBsOl3R+PxL9cx/3T1aaJ7Pl8xBsRJE+6qabx11K+SN/v mSqb/+US1JFzQhamnmFVNAuELKn8pfWPg2GSx+q4CRdlrbl313v9m+VV4CGMaOcwGRRrwz71DXGwB 2Bk/M4cfogHWk2h3wL9yqI97j+jn+kdcbPHV5WOWyG5CKreWvk4Lar4Wand2GoID9vwYOMZbSVuZU HdDByVWk9v4dUKFehCK6vM1q3v+doKftBHWs1GmrYSRr8itqD5DozIoM5WjIUuvA2Di8Yni5YMPo7 +f7szvyMQLGChnOJbdhQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6Uqc-000qVq-Pu; Thu, 22 Jul 2021 09:18:30 +0000 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6UqZ-000qU2-Ct for linux-mtd@lists.infradead.org; Thu, 22 Jul 2021 09:18:28 +0000 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m6UqE-0001NN-VX; Thu, 22 Jul 2021 11:18:06 +0200 Received: from afa by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1m6UqC-0001Cw-GC; Thu, 22 Jul 2021 11:18:04 +0200 From: Ahmad Fatoum To: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Song Liu , Richard Weinberger Cc: kernel@pengutronix.de, Ahmad Fatoum , linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v1 3/4] ubifs: auth: remove never hit key type error check Date: Thu, 22 Jul 2021 11:18:01 +0200 Message-Id: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: afa@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-mtd@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210722_021827_487762_95D7DEE5 X-CRM114-Status: GOOD ( 12.75 ) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: key_request accepts a key type as its first argument. If it returns a valid pointer, it should always have this same requested key type. Indeed other request_key users surveyed such as dm-crypt, ecryptfs and fscrypt v1 also don't check the key type. Therefore drop the apparently unneeded check. Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [2001:67c:670:201:290:27ff:fe1d:cc33 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org key_request accepts a key type as its first argument. If it returns a valid pointer, it should always have this same requested key type. Indeed other request_key users surveyed such as dm-crypt, ecryptfs and fscrypt v1 also don't check the key type. Therefore drop the apparently unneeded check. Signed-off-by: Ahmad Fatoum --- To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" To: Alasdair Kergon To: Mike Snitzer To: dm-devel@redhat.com To: Song Liu To: Richard Weinberger Cc: linux-kernel@vger.kernel.org Cc: linux-raid@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org --- fs/ubifs/auth.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c index e564d5ff8781..6a0b8d858d81 100644 --- a/fs/ubifs/auth.c +++ b/fs/ubifs/auth.c @@ -286,12 +286,6 @@ int ubifs_init_authentication(struct ubifs_info *c) down_read(&keyring_key->sem); - if (keyring_key->type != &key_type_logon) { - ubifs_err(c, "key type must be logon"); - err = -ENOKEY; - goto out; - } - ukp = user_key_payload_locked(keyring_key); if (!ukp) { /* key was revoked before we acquired its semaphore */ From patchwork Thu Jul 22 09:18:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmad Fatoum X-Patchwork-Id: 1508604 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=udUO70gT; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GVn364Mypz9sXM for ; Thu, 22 Jul 2021 19:19:46 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LY+r4ze5kRG5mcDni40qkxTGIQ3DVj1YxYw+FLX3FPQ=; b=udUO70gTFc+RQg jUCss4HSQc0q5xVpN0lMWYVurnGI4qpS9YPhw1FfGS6NOd3bSIgnwBQh5LgarptmKEYJ5HigR37Ve Gbvpc80HdS7bHDaHnKzuKFqsrxT0hZgknftKjoCHjGN0dlFCa4VuxUZO32uTrOWVauP9ArTPuoviz I4EcpZGpPajKfKl8BdbItgKmnGoH2TX/Wh1Jx6Voi4nd1GA/jdJg4FJXxifcDtrAD8o55/16bZ/Vk oXd9W2ao4iSHnLvDI8FaVk624PT41esl8OVfLdihX/fnQ8uuSjCjYEzyB9XUwD4myDHXbpB2l5q8x YmG2OOAUE86UtE3CUouw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6Ur7-000qcL-KK; Thu, 22 Jul 2021 09:19:01 +0000 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m6UqZ-000qU3-CA for linux-mtd@lists.infradead.org; Thu, 22 Jul 2021 09:18:30 +0000 Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m6UqF-0001NO-DL; Thu, 22 Jul 2021 11:18:07 +0200 Received: from afa by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1m6UqC-0001D1-HE; Thu, 22 Jul 2021 11:18:04 +0200 From: Ahmad Fatoum To: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Song Liu , Richard Weinberger , Jonathan Corbet Cc: kernel@pengutronix.de, Ahmad Fatoum , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-raid@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v1 4/4] ubifs: auth: consult encrypted and trusted keys if no logon key was found Date: Thu, 22 Jul 2021 11:18:02 +0200 Message-Id: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: afa@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-mtd@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210722_021827_489690_D8D06EBB X-CRM114-Status: GOOD ( 19.51 ) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently, UBIFS auth_key can only be a logon key: This is a user key that's provided to the kernel in plaintext and that then remains within the kernel. Linux also supports trusted and encrypted keys [...] Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [2001:67c:670:201:290:27ff:fe1d:cc33 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Currently, UBIFS auth_key can only be a logon key: This is a user key that's provided to the kernel in plaintext and that then remains within the kernel. Linux also supports trusted and encrypted keys, which have stronger guarantees: They are only exposed to userspace in encrypted form and, in the case of trusted keys, can be directly rooted to a trust source like a TPM chip. Add support for auth_key to be either a logon, encrypted or trusted key. At mount time, the keyring will be searched for a key with the supplied name in that order. Signed-off-by: Ahmad Fatoum --- To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" To: Alasdair Kergon To: Mike Snitzer To: dm-devel@redhat.com To: Song Liu To: Richard Weinberger To: Jonathan Corbet Cc: linux-kernel@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-raid@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org --- Documentation/filesystems/ubifs.rst | 2 +- fs/ubifs/auth.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Documentation/filesystems/ubifs.rst b/Documentation/filesystems/ubifs.rst index e6ee99762534..12d08458b3d7 100644 --- a/Documentation/filesystems/ubifs.rst +++ b/Documentation/filesystems/ubifs.rst @@ -101,7 +101,7 @@ compr=zlib override default compressor and set it to "zlib" auth_key= specify the key used for authenticating the filesystem. Passing this option makes authentication mandatory. The passed key must be present in the kernel keyring - and must be of type 'logon' + and must be of type 'logon', 'encrypted' or 'trusted'. auth_hash_name= The hash algorithm used for authentication. Used for both hashing and for creating HMACs. Typical values include "sha256" or "sha512" diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c index 6a0b8d858d81..af8e9eb58a60 100644 --- a/fs/ubifs/auth.c +++ b/fs/ubifs/auth.c @@ -14,6 +14,8 @@ #include #include #include +#include +#include #include #include "ubifs.h" @@ -256,9 +258,10 @@ out_destroy: int ubifs_init_authentication(struct ubifs_info *c) { struct key *keyring_key; - const struct user_key_payload *ukp; int err; + unsigned int len; char hmac_name[CRYPTO_MAX_ALG_NAME]; + const void *key_material; if (!c->auth_hash_name) { ubifs_err(c, "authentication hash name needed with authentication"); @@ -277,6 +280,10 @@ int ubifs_init_authentication(struct ubifs_info *c) c->auth_hash_name); keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_ENCRYPTED_KEYS)) + keyring_key = request_key(&key_type_encrypted, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_TRUSTED_KEYS)) + keyring_key = request_key(&key_type_trusted, c->auth_key_name, NULL); if (IS_ERR(keyring_key)) { ubifs_err(c, "Failed to request key: %ld", @@ -286,12 +293,10 @@ int ubifs_init_authentication(struct ubifs_info *c) down_read(&keyring_key->sem); - ukp = user_key_payload_locked(keyring_key); - if (!ukp) { - /* key was revoked before we acquired its semaphore */ - err = -EKEYREVOKED; + key_material = key_extract_material(keyring_key, &len); + err = PTR_ERR_OR_ZERO(key_material); + if (err < 0) goto out; - } c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0); if (IS_ERR(c->hash_tfm)) { @@ -324,7 +329,7 @@ int ubifs_init_authentication(struct ubifs_info *c) goto out_free_hmac; } - err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen); + err = crypto_shash_setkey(c->hmac_tfm, key_material, len); if (err) goto out_free_hmac;