crypto: af_alg - Support symmetric encryption via keyring keys

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We want to leverage keyring to store sensitive keys, and then use those
keys for symmetric encryption via the crypto API. Among the key types we
wish to support are: user, logon, encrypted, and trusted.

User key types are already able to have their data copied to user space,
but logon does not support this. Further, trusted and encrypted keys will
return their encrypted data back to user space on read, which does not
make them ideal for symmetric encryption.

To support symmetric encryption for these key types, add a new
ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This
allows users to pass a key_serial_t to the crypto API to perform
symmetric encryption. The behavior is the same as ALG_SET_KEY, but
the crypto key data is copied in kernel space from a keyring key,
which allows for the support of logon, encrypted, and trusted key types.

Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set
to leverage this feature. This follows the asymmetric_key type where key
lookup calls eventually lead to keyring_search_rcu() without the
KEYRING_SEARCH_NO_CHECK_PERM flag set.

Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Frederick Lawler and committed by

Herbert Xu 3 years ago 7984ceb1 9dcd71c8

+147 -4

3 changed files

expand all

Documentation

crypto

userspace-if.rst

crypto

af_alg.c

include

uapi

linux

if_alg.h

+12 -3

Documentation/crypto/userspace-if.rst

··· 131 131 digest, the flag MSG_TRUNC is set by the kernel. 132 132 133 133 In order to set a message digest key, the calling application must use 134 - the setsockopt() option of ALG_SET_KEY. If the key is not set the HMAC 135 - operation is performed without the initial HMAC state change caused by 136 - the key. 134 + the setsockopt() option of ALG_SET_KEY or ALG_SET_KEY_BY_KEY_SERIAL. If the 135 + key is not set the HMAC operation is performed without the initial HMAC state 136 + change caused by the key. 137 137 138 138 Symmetric Cipher API 139 139 -------------------- ··· 381 381 - the AEAD cipher type 382 382 383 383 - the RNG cipher type to provide the seed 384 + 385 + - ALG_SET_KEY_BY_KEY_SERIAL -- Setting the key via keyring key_serial_t. 386 + This operation behaves the same as ALG_SET_KEY. The decrypted 387 + data is copied from a keyring key, and uses that data as the 388 + key for symmetric encryption. 389 + 390 + The passed in key_serial_t must have the KEY_(POS|USR|GRP|OTH)_SEARCH 391 + permission set, otherwise -EPERM is returned. Supports key types: user, 392 + logon, encrypted, and trusted. 384 393 385 394 - ALG_SET_AEAD_AUTHSIZE -- Setting the authentication tag size for 386 395 AEAD ciphers. For a encryption operation, the authentication tag of

+134 -1

crypto/af_alg.c

··· 12 12 #include <linux/crypto.h> 13 13 #include <linux/init.h> 14 14 #include <linux/kernel.h> 15 + #include <linux/key.h> 16 + #include <linux/key-type.h> 15 17 #include <linux/list.h> 16 18 #include <linux/module.h> 17 19 #include <linux/net.h> ··· 21 19 #include <linux/sched.h> 22 20 #include <linux/sched/signal.h> 23 21 #include <linux/security.h> 22 + #include <linux/string.h> 23 + #include <keys/user-type.h> 24 + #include <keys/trusted-type.h> 25 + #include <keys/encrypted-type.h> 24 26 25 27 struct alg_type_list { 26 28 const struct af_alg_type *type; ··· 228 222 return err; 229 223 } 230 224 225 + #ifdef CONFIG_KEYS 226 + 227 + static const u8 *key_data_ptr_user(const struct key *key, 228 + unsigned int *datalen) 229 + { 230 + const struct user_key_payload *ukp; 231 + 232 + ukp = user_key_payload_locked(key); 233 + if (IS_ERR_OR_NULL(ukp)) 234 + return ERR_PTR(-EKEYREVOKED); 235 + 236 + *datalen = key->datalen; 237 + 238 + return ukp->data; 239 + } 240 + 241 + static const u8 *key_data_ptr_encrypted(const struct key *key, 242 + unsigned int *datalen) 243 + { 244 + const struct encrypted_key_payload *ekp; 245 + 246 + ekp = dereference_key_locked(key); 247 + if (IS_ERR_OR_NULL(ekp)) 248 + return ERR_PTR(-EKEYREVOKED); 249 + 250 + *datalen = ekp->decrypted_datalen; 251 + 252 + return ekp->decrypted_data; 253 + } 254 + 255 + static const u8 *key_data_ptr_trusted(const struct key *key, 256 + unsigned int *datalen) 257 + { 258 + const struct trusted_key_payload *tkp; 259 + 260 + tkp = dereference_key_locked(key); 261 + if (IS_ERR_OR_NULL(tkp)) 262 + return ERR_PTR(-EKEYREVOKED); 263 + 264 + *datalen = tkp->key_len; 265 + 266 + return tkp->key; 267 + } 268 + 269 + static struct key *lookup_key(key_serial_t serial) 270 + { 271 + key_ref_t key_ref; 272 + 273 + key_ref = lookup_user_key(serial, 0, KEY_NEED_SEARCH); 274 + if (IS_ERR(key_ref)) 275 + return ERR_CAST(key_ref); 276 + 277 + return key_ref_to_ptr(key_ref); 278 + } 279 + 280 + static int alg_setkey_by_key_serial(struct alg_sock *ask, sockptr_t optval, 281 + unsigned int optlen) 282 + { 283 + const struct af_alg_type *type = ask->type; 284 + u8 *key_data = NULL; 285 + unsigned int key_datalen; 286 + key_serial_t serial; 287 + struct key *key; 288 + const u8 *ret; 289 + int err; 290 + 291 + if (optlen != sizeof(serial)) 292 + return -EINVAL; 293 + 294 + if (copy_from_sockptr(&serial, optval, optlen)) 295 + return -EFAULT; 296 + 297 + key = lookup_key(serial); 298 + if (IS_ERR(key)) 299 + return PTR_ERR(key); 300 + 301 + down_read(&key->sem); 302 + 303 + ret = ERR_PTR(-ENOPROTOOPT); 304 + if (!strcmp(key->type->name, "user") || 305 + !strcmp(key->type->name, "logon")) { 306 + ret = key_data_ptr_user(key, &key_datalen); 307 + } else if (IS_REACHABLE(CONFIG_ENCRYPTED_KEYS) && 308 + !strcmp(key->type->name, "encrypted")) { 309 + ret = key_data_ptr_encrypted(key, &key_datalen); 310 + } else if (IS_REACHABLE(CONFIG_TRUSTED_KEYS) && 311 + !strcmp(key->type->name, "trusted")) { 312 + ret = key_data_ptr_trusted(key, &key_datalen); 313 + } 314 + 315 + if (IS_ERR(ret)) { 316 + up_read(&key->sem); 317 + return PTR_ERR(ret); 318 + } 319 + 320 + key_data = sock_kmalloc(&ask->sk, key_datalen, GFP_KERNEL); 321 + if (!key_data) { 322 + up_read(&key->sem); 323 + return -ENOMEM; 324 + } 325 + 326 + memcpy(key_data, ret, key_datalen); 327 + 328 + up_read(&key->sem); 329 + 330 + err = type->setkey(ask->private, key_data, key_datalen); 331 + 332 + sock_kzfree_s(&ask->sk, key_data, key_datalen); 333 + 334 + return err; 335 + } 336 + 337 + #else 338 + 339 + static inline int alg_setkey_by_key_serial(struct alg_sock *ask, 340 + sockptr_t optval, 341 + unsigned int optlen) 342 + { 343 + return -ENOPROTOOPT; 344 + } 345 + 346 + #endif 347 + 231 348 static int alg_setsockopt(struct socket *sock, int level, int optname, 232 349 sockptr_t optval, unsigned int optlen) 233 350 { ··· 371 242 372 243 switch (optname) { 373 244 case ALG_SET_KEY: 245 + case ALG_SET_KEY_BY_KEY_SERIAL: 374 246 if (sock->state == SS_CONNECTED) 375 247 goto unlock; 376 248 if (!type->setkey) 377 249 goto unlock; 378 250 379 - err = alg_setkey(sk, optval, optlen); 251 + if (optname == ALG_SET_KEY_BY_KEY_SERIAL) 252 + err = alg_setkey_by_key_serial(ask, optval, optlen); 253 + else 254 + err = alg_setkey(sk, optval, optlen); 380 255 break; 381 256 case ALG_SET_AEAD_AUTHSIZE: 382 257 if (sock->state == SS_CONNECTED)

include/uapi/linux/if_alg.h

··· 52 52 #define ALG_SET_AEAD_ASSOCLEN 4 53 53 #define ALG_SET_AEAD_AUTHSIZE 5 54 54 #define ALG_SET_DRBG_ENTROPY 6 55 + #define ALG_SET_KEY_BY_KEY_SERIAL 7 55 56 56 57 /* Operations */ 57 58 #define ALG_OP_DECRYPT 0