tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: api - prevent helper ciphers from being used

Several hardware related cipher implementations are implemented as
follows: a "helper" cipher implementation is registered with the
kernel crypto API.

Such helper ciphers are never intended to be called by normal users. In
some cases, calling them via the normal crypto API may even cause
failures including kernel crashes. In a normal case, the "wrapping"
ciphers that use the helpers ensure that these helpers are invoked
such that they cannot cause any calamity.

Considering the AF_ALG user space interface, unprivileged users can
call all ciphers registered with the crypto API, including these
helper ciphers that are not intended to be called directly. That
means, with AF_ALG user space may invoke these helper ciphers
and may cause undefined states or side effects.

To avoid any potential side effects with such helpers, the patch
prevents the helpers to be called directly. A new cipher type
flag is added: CRYPTO_ALG_INTERNAL. This flag shall be used
to mark helper ciphers. These ciphers can only be used if the
caller invoke the cipher with CRYPTO_ALG_INTERNAL in the type and
mask field.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Stephan Mueller and committed by
Herbert Xu 06ca7f68 fa50d7ee

+16
+10
crypto/api.c
··· 257 257 mask |= CRYPTO_ALG_TESTED; 258 258 } 259 259 260 + /* 261 + * If the internal flag is set for a cipher, require a caller to 262 + * to invoke the cipher with the internal flag to use that cipher. 263 + * Also, if a caller wants to allocate a cipher that may or may 264 + * not be an internal cipher, use type | CRYPTO_ALG_INTERNAL and 265 + * !(mask & CRYPTO_ALG_INTERNAL). 266 + */ 267 + if (!((type | mask) & CRYPTO_ALG_INTERNAL)) 268 + mask |= CRYPTO_ALG_INTERNAL; 269 + 260 270 larval = crypto_larval_lookup(name, type, mask); 261 271 if (IS_ERR(larval) || !crypto_is_larval(larval)) 262 272 return larval;
+6
include/linux/crypto.h
··· 95 95 #define CRYPTO_ALG_KERN_DRIVER_ONLY 0x00001000 96 96 97 97 /* 98 + * Mark a cipher as a service implementation only usable by another 99 + * cipher and never by a normal user of the kernel crypto API 100 + */ 101 + #define CRYPTO_ALG_INTERNAL 0x00002000 102 + 103 + /* 98 104 * Transform masks and values (for crt_flags). 99 105 */ 100 106 #define CRYPTO_TFM_REQ_MASK 0x000fff00