Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

+19 -6

Documentation/security/keys/trusted-encrypted.rst

··· 107 107 -------------- 108 108 109 109 Encrypted keys do not depend on a trust source, and are faster, as they use AES 110 - for encryption/decryption. New keys are created from kernel-generated random 111 - numbers, and are encrypted/decrypted using a specified ‘master’ key. The 112 - ‘master’ key can either be a trusted-key or user-key type. The main disadvantage 113 - of encrypted keys is that if they are not rooted in a trusted key, they are only 114 - as secure as the user key encrypting them. The master user key should therefore 115 - be loaded in as secure a way as possible, preferably early in boot. 110 + for encryption/decryption. New keys are created either from kernel-generated 111 + random numbers or user-provided decrypted data, and are encrypted/decrypted 112 + using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or 113 + user-key type. The main disadvantage of encrypted keys is that if they are not 114 + rooted in a trusted key, they are only as secure as the user key encrypting 115 + them. The master user key should therefore be loaded in as secure a way as 116 + possible, preferably early in boot. 116 117 117 118 118 119 Usage ··· 200 199 201 200 keyctl add encrypted name "new [format] key-type:master-key-name keylen" 202 201 ring 202 + keyctl add encrypted name "new [format] key-type:master-key-name keylen 203 + decrypted-data" ring 203 204 keyctl add encrypted name "load hex_blob" ring 204 205 keyctl update keyid "update key-type:master-key-name" 205 206 ··· 305 302 default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3 306 303 82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0 307 304 24717c64 5972dcb82ab2dde83376d82b2e3c09ffc 305 + 306 + Instantiate an encrypted key "evm" using user-provided decrypted data:: 307 + 308 + $ keyctl add encrypted evm "new default user:kmk 32 `cat evm_decrypted_data.blob`" @u 309 + 794890253 310 + 311 + $ keyctl print 794890253 312 + default user:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b382d 313 + bbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0247 314 + 17c64 5972dcb82ab2dde83376d82b2e3c09ffc 308 315 309 316 Other uses for trusted and encrypted keys, such as for disk and file encryption 310 317 are anticipated. In particular the new format 'ecryptfs' has been defined

+11

MAINTAINERS

··· 7280 7280 M: Mimi Zohar <zohar@linux.ibm.com> 7281 7281 L: linux-integrity@vger.kernel.org 7282 7282 S: Supported 7283 + T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git 7283 7284 F: security/integrity/evm/ 7285 + F: security/integrity/ 7284 7286 7285 7287 EXTENSIBLE FIRMWARE INTERFACE (EFI) 7286 7288 M: Ard Biesheuvel <ardb@kernel.org> ··· 9539 9537 S: Supported 9540 9538 T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git 9541 9539 F: security/integrity/ima/ 9540 + F: security/integrity/ 9542 9541 9543 9542 INTEL 810/815 FRAMEBUFFER DRIVER 9544 9543 M: Antonino Daplas <adaplas@gmail.com> ··· 10677 10674 F: include/linux/keyctl.h 10678 10675 F: include/uapi/linux/keyctl.h 10679 10676 F: security/keys/ 10677 + 10678 + KEYS/KEYRINGS_INTEGRITY 10679 + M: Jarkko Sakkinen <jarkko@kernel.org> 10680 + M: Mimi Zohar <zohar@linux.ibm.com> 10681 + L: linux-integrity@vger.kernel.org 10682 + L: keyrings@vger.kernel.org 10683 + S: Supported 10684 + F: security/integrity/platform_certs 10680 10685 10681 10686 KFENCE 10682 10687 M: Alexander Potapenko <glider@google.com>

+1 -1

security/integrity/evm/evm_main.c

··· 86 86 else 87 87 pr_err("invalid \"%s\" mode", str); 88 88 89 - return 0; 89 + return 1; 90 90 } 91 91 __setup("evm=", evm_set_fixmode); 92 92

+5 -7

security/integrity/ima/ima_api.c

··· 217 217 const char *audit_cause = "failed"; 218 218 struct inode *inode = file_inode(file); 219 219 const char *filename = file->f_path.dentry->d_name.name; 220 + struct ima_max_digest_data hash; 220 221 int result = 0; 221 222 int length; 222 223 void *tmpbuf; 223 224 u64 i_version; 224 - struct { 225 - struct ima_digest_data hdr; 226 - char digest[IMA_MAX_DIGEST_SIZE]; 227 - } hash; 228 225 229 226 /* 230 227 * Always collect the modsig, because IMA might have already collected ··· 235 238 goto out; 236 239 237 240 /* 238 - * Dectecting file change is based on i_version. On filesystems 239 - * which do not support i_version, support is limited to an initial 240 - * measurement/appraisal/audit. 241 + * Detecting file change is based on i_version. On filesystems 242 + * which do not support i_version, support was originally limited 243 + * to an initial measurement/appraisal/audit, but was modified to 244 + * assume the file changed. 241 245 */ 242 246 i_version = inode_query_iversion(inode); 243 247 hash.hdr.algo = algo;

+23 -8

security/integrity/ima/ima_fs.c

··· 452 452 453 453 int __init ima_fs_init(void) 454 454 { 455 + int ret; 456 + 455 457 ima_dir = securityfs_create_dir("ima", integrity_dir); 456 458 if (IS_ERR(ima_dir)) 457 - return -1; 459 + return PTR_ERR(ima_dir); 458 460 459 461 ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima", 460 462 NULL); 461 - if (IS_ERR(ima_symlink)) 463 + if (IS_ERR(ima_symlink)) { 464 + ret = PTR_ERR(ima_symlink); 462 465 goto out; 466 + } 463 467 464 468 binary_runtime_measurements = 465 469 securityfs_create_file("binary_runtime_measurements", 466 470 S_IRUSR | S_IRGRP, ima_dir, NULL, 467 471 &ima_measurements_ops); 468 - if (IS_ERR(binary_runtime_measurements)) 472 + if (IS_ERR(binary_runtime_measurements)) { 473 + ret = PTR_ERR(binary_runtime_measurements); 469 474 goto out; 475 + } 470 476 471 477 ascii_runtime_measurements = 472 478 securityfs_create_file("ascii_runtime_measurements", 473 479 S_IRUSR | S_IRGRP, ima_dir, NULL, 474 480 &ima_ascii_measurements_ops); 475 - if (IS_ERR(ascii_runtime_measurements)) 481 + if (IS_ERR(ascii_runtime_measurements)) { 482 + ret = PTR_ERR(ascii_runtime_measurements); 476 483 goto out; 484 + } 477 485 478 486 runtime_measurements_count = 479 487 securityfs_create_file("runtime_measurements_count", 480 488 S_IRUSR | S_IRGRP, ima_dir, NULL, 481 489 &ima_measurements_count_ops); 482 - if (IS_ERR(runtime_measurements_count)) 490 + if (IS_ERR(runtime_measurements_count)) { 491 + ret = PTR_ERR(runtime_measurements_count); 483 492 goto out; 493 + } 484 494 485 495 violations = 486 496 securityfs_create_file("violations", S_IRUSR | S_IRGRP, 487 497 ima_dir, NULL, &ima_htable_violations_ops); 488 - if (IS_ERR(violations)) 498 + if (IS_ERR(violations)) { 499 + ret = PTR_ERR(violations); 489 500 goto out; 501 + } 490 502 491 503 ima_policy = securityfs_create_file("policy", POLICY_FILE_FLAGS, 492 504 ima_dir, NULL, 493 505 &ima_measure_policy_ops); 494 - if (IS_ERR(ima_policy)) 506 + if (IS_ERR(ima_policy)) { 507 + ret = PTR_ERR(ima_policy); 495 508 goto out; 509 + } 496 510 497 511 return 0; 498 512 out: ··· 517 503 securityfs_remove(binary_runtime_measurements); 518 504 securityfs_remove(ima_symlink); 519 505 securityfs_remove(ima_dir); 520 - return -1; 506 + 507 + return ret; 521 508 }

+1 -4

security/integrity/ima/ima_init.c

··· 47 47 struct integrity_iint_cache tmp_iint, *iint = &tmp_iint; 48 48 struct ima_event_data event_data = { .iint = iint, 49 49 .filename = boot_aggregate_name }; 50 + struct ima_max_digest_data hash; 50 51 int result = -ENOMEM; 51 52 int violation = 0; 52 - struct { 53 - struct ima_digest_data hdr; 54 - char digest[TPM_MAX_DIGEST_SIZE]; 55 - } hash; 56 53 57 54 memset(iint, 0, sizeof(*iint)); 58 55 memset(&hash, 0, sizeof(hash));

+3 -6

security/integrity/ima/ima_main.c

··· 263 263 /* reset appraisal flags if ima_inode_post_setattr was called */ 264 264 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | 265 265 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | 266 - IMA_ACTION_FLAGS); 266 + IMA_NONACTION_FLAGS); 267 267 268 268 /* 269 269 * Re-evaulate the file if either the xattr has changed or the ··· 764 764 * call to ima_post_load_data(). 765 765 * 766 766 * Callers of this LSM hook can not measure, appraise, or audit the 767 - * data provided by userspace. Enforce policy rules requring a file 767 + * data provided by userspace. Enforce policy rules requiring a file 768 768 * signature (eg. kexec'ed kernel image). 769 769 * 770 770 * For permission return 0, otherwise return -EACCES. ··· 874 874 .buf = buf, 875 875 .buf_len = size}; 876 876 struct ima_template_desc *template; 877 - struct { 878 - struct ima_digest_data hdr; 879 - char digest[IMA_MAX_DIGEST_SIZE]; 880 - } hash = {}; 877 + struct ima_max_digest_data hash; 881 878 char digest_hash[IMA_MAX_DIGEST_SIZE]; 882 879 int digest_hash_len = hash_digest_size[ima_hash_algo]; 883 880 int violation = 0;

+2 -2

security/integrity/ima/ima_policy.c

··· 428 428 /* 429 429 * ima_lsm_copy_rule() shallow copied all references, except for the 430 430 * LSM references, from entry to nentry so we only want to free the LSM 431 - * references and the entry itself. All other memory refrences will now 431 + * references and the entry itself. All other memory references will now 432 432 * be owned by nentry. 433 433 */ 434 434 ima_lsm_free_rule(entry); ··· 711 711 func, mask, func_data)) 712 712 continue; 713 713 714 - action |= entry->flags & IMA_ACTION_FLAGS; 714 + action |= entry->flags & IMA_NONACTION_FLAGS; 715 715 716 716 action |= entry->action & IMA_DO_MASK; 717 717 if (entry->action & IMA_APPRAISE) {

+2 -5

security/integrity/ima/ima_template_lib.c

··· 272 272 * digest formats: 273 273 * - DATA_FMT_DIGEST: digest 274 274 * - DATA_FMT_DIGEST_WITH_ALGO: [<hash algo>] + ':' + '\0' + digest, 275 - * where <hash algo> is provided if the hash algoritm is not 275 + * where <hash algo> is provided if the hash algorithm is not 276 276 * SHA1 or MD5 277 277 */ 278 278 u8 buffer[CRYPTO_MAX_ALG_NAME + 2 + IMA_MAX_DIGEST_SIZE] = { 0 }; ··· 307 307 int ima_eventdigest_init(struct ima_event_data *event_data, 308 308 struct ima_field_data *field_data) 309 309 { 310 - struct { 311 - struct ima_digest_data hdr; 312 - char digest[IMA_MAX_DIGEST_SIZE]; 313 - } hash; 310 + struct ima_max_digest_data hash; 314 311 u8 *cur_digest = NULL; 315 312 u32 cur_digestsize = 0; 316 313 struct inode *inode;

+12 -2

security/integrity/integrity.h

··· 15 15 #include <linux/types.h> 16 16 #include <linux/integrity.h> 17 17 #include <crypto/sha1.h> 18 + #include <crypto/hash.h> 18 19 #include <linux/key.h> 19 20 #include <linux/audit.h> 20 21 ··· 31 30 #define IMA_HASH 0x00000100 32 31 #define IMA_HASHED 0x00000200 33 32 34 - /* iint cache flags */ 35 - #define IMA_ACTION_FLAGS 0xff000000 33 + /* iint policy rule cache flags */ 34 + #define IMA_NONACTION_FLAGS 0xff000000 36 35 #define IMA_DIGSIG_REQUIRED 0x01000000 37 36 #define IMA_PERMIT_DIRECTIO 0x02000000 38 37 #define IMA_NEW_FILE 0x04000000 ··· 109 108 u8 data[2]; 110 109 } xattr; 111 110 u8 digest[]; 111 + } __packed; 112 + 113 + /* 114 + * Instead of wrapping the ima_digest_data struct inside a local structure 115 + * with the maximum hash size, define ima_max_digest_data struct. 116 + */ 117 + struct ima_max_digest_data { 118 + struct ima_digest_data hdr; 119 + u8 digest[HASH_MAX_DIGESTSIZE]; 112 120 } __packed; 113 121 114 122 /*

+15 -4

security/keys/Kconfig

··· 98 98 select CRYPTO_RNG 99 99 help 100 100 This option provides support for create/encrypting/decrypting keys 101 - in the kernel. Encrypted keys are kernel generated random numbers, 102 - which are encrypted/decrypted with a 'master' symmetric key. The 103 - 'master' key can be either a trusted-key or user-key type. 104 - Userspace only ever sees/stores encrypted blobs. 101 + in the kernel. Encrypted keys are instantiated using kernel 102 + generated random numbers or provided decrypted data, and are 103 + encrypted/decrypted with a 'master' symmetric key. The 'master' 104 + key can be either a trusted-key or user-key type. Only encrypted 105 + blobs are ever output to Userspace. 106 + 107 + If you are unsure as to whether this is required, answer N. 108 + 109 + config USER_DECRYPTED_DATA 110 + bool "Allow encrypted keys with user decrypted data" 111 + depends on ENCRYPTED_KEYS 112 + help 113 + This option provides support for instantiating encrypted keys using 114 + user-provided decrypted data. The decrypted data must be hex-ascii 115 + encoded. 105 116 106 117 If you are unsure as to whether this is required, answer N. 107 118

+52 -19

security/keys/encrypted-keys/encrypted.c

··· 78 78 {Opt_err, NULL} 79 79 }; 80 80 81 + static bool user_decrypted_data = IS_ENABLED(CONFIG_USER_DECRYPTED_DATA); 82 + module_param(user_decrypted_data, bool, 0); 83 + MODULE_PARM_DESC(user_decrypted_data, 84 + "Allow instantiation of encrypted keys using provided decrypted data"); 85 + 81 86 static int aes_get_sizes(void) 82 87 { 83 88 struct crypto_skcipher *tfm; ··· 163 158 * datablob_parse - parse the keyctl data 164 159 * 165 160 * datablob format: 166 - * new [<format>] <master-key name> <decrypted data length> 161 + * new [<format>] <master-key name> <decrypted data length> [<decrypted data>] 167 162 * load [<format>] <master-key name> <decrypted data length> 168 163 * <encrypted iv + data> 169 164 * update <new-master-key name> ··· 175 170 */ 176 171 static int datablob_parse(char *datablob, const char **format, 177 172 char **master_desc, char **decrypted_datalen, 178 - char **hex_encoded_iv) 173 + char **hex_encoded_iv, char **decrypted_data) 179 174 { 180 175 substring_t args[MAX_OPT_ARGS]; 181 176 int ret = -EINVAL; ··· 236 231 "when called from .update method\n", keyword); 237 232 break; 238 233 } 234 + *decrypted_data = strsep(&datablob, " \t"); 239 235 ret = 0; 240 236 break; 241 237 case Opt_load: ··· 601 595 static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, 602 596 const char *format, 603 597 const char *master_desc, 604 - const char *datalen) 598 + const char *datalen, 599 + const char *decrypted_data) 605 600 { 606 601 struct encrypted_key_payload *epayload = NULL; 607 602 unsigned short datablob_len; ··· 611 604 unsigned int encrypted_datalen; 612 605 unsigned int format_len; 613 606 long dlen; 607 + int i; 614 608 int ret; 615 609 616 610 ret = kstrtol(datalen, 10, &dlen); ··· 621 613 format_len = (!format) ? strlen(key_format_default) : strlen(format); 622 614 decrypted_datalen = dlen; 623 615 payload_datalen = decrypted_datalen; 616 + 617 + if (decrypted_data) { 618 + if (!user_decrypted_data) { 619 + pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n"); 620 + return ERR_PTR(-EINVAL); 621 + } 622 + if (strlen(decrypted_data) != decrypted_datalen) { 623 + pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n"); 624 + return ERR_PTR(-EINVAL); 625 + } 626 + for (i = 0; i < strlen(decrypted_data); i++) { 627 + if (!isxdigit(decrypted_data[i])) { 628 + pr_err("encrypted key: decrypted data provided must contain only hexadecimal characters\n"); 629 + return ERR_PTR(-EINVAL); 630 + } 631 + } 632 + } 633 + 624 634 if (format) { 625 635 if (!strcmp(format, key_format_ecryptfs)) { 626 636 if (dlen != ECRYPTFS_MAX_KEY_BYTES) { ··· 766 740 /* 767 741 * encrypted_init - initialize an encrypted key 768 742 * 769 - * For a new key, use a random number for both the iv and data 770 - * itself. For an old key, decrypt the hex encoded data. 743 + * For a new key, use either a random number or user-provided decrypted data in 744 + * case it is provided. A random number is used for the iv in both cases. For 745 + * an old key, decrypt the hex encoded data. 771 746 */ 772 747 static int encrypted_init(struct encrypted_key_payload *epayload, 773 748 const char *key_desc, const char *format, 774 749 const char *master_desc, const char *datalen, 775 - const char *hex_encoded_iv) 750 + const char *hex_encoded_iv, const char *decrypted_data) 776 751 { 777 752 int ret = 0; 778 753 ··· 787 760 } 788 761 789 762 __ekey_init(epayload, format, master_desc, datalen); 790 - if (!hex_encoded_iv) { 791 - get_random_bytes(epayload->iv, ivsize); 792 - 793 - get_random_bytes(epayload->decrypted_data, 794 - epayload->decrypted_datalen); 795 - } else 763 + if (hex_encoded_iv) { 796 764 ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv); 765 + } else if (decrypted_data) { 766 + get_random_bytes(epayload->iv, ivsize); 767 + memcpy(epayload->decrypted_data, decrypted_data, 768 + epayload->decrypted_datalen); 769 + } else { 770 + get_random_bytes(epayload->iv, ivsize); 771 + get_random_bytes(epayload->decrypted_data, epayload->decrypted_datalen); 772 + } 797 773 return ret; 798 774 } 799 775 800 776 /* 801 777 * encrypted_instantiate - instantiate an encrypted key 802 778 * 803 - * Decrypt an existing encrypted datablob or create a new encrypted key 804 - * based on a kernel random number. 779 + * Instantiates the key: 780 + * - by decrypting an existing encrypted datablob, or 781 + * - by creating a new encrypted key based on a kernel random number, or 782 + * - using provided decrypted data. 805 783 * 806 784 * On success, return 0. Otherwise return errno. 807 785 */ ··· 819 787 char *master_desc = NULL; 820 788 char *decrypted_datalen = NULL; 821 789 char *hex_encoded_iv = NULL; 790 + char *decrypted_data = NULL; 822 791 size_t datalen = prep->datalen; 823 792 int ret; 824 793 ··· 832 799 datablob[datalen] = 0; 833 800 memcpy(datablob, prep->data, datalen); 834 801 ret = datablob_parse(datablob, &format, &master_desc, 835 - &decrypted_datalen, &hex_encoded_iv); 802 + &decrypted_datalen, &hex_encoded_iv, &decrypted_data); 836 803 if (ret < 0) 837 804 goto out; 838 805 839 806 epayload = encrypted_key_alloc(key, format, master_desc, 840 - decrypted_datalen); 807 + decrypted_datalen, decrypted_data); 841 808 if (IS_ERR(epayload)) { 842 809 ret = PTR_ERR(epayload); 843 810 goto out; 844 811 } 845 812 ret = encrypted_init(epayload, key->description, format, master_desc, 846 - decrypted_datalen, hex_encoded_iv); 813 + decrypted_datalen, hex_encoded_iv, decrypted_data); 847 814 if (ret < 0) { 848 815 kfree_sensitive(epayload); 849 816 goto out; ··· 893 860 894 861 buf[datalen] = 0; 895 862 memcpy(buf, prep->data, datalen); 896 - ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL); 863 + ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL, NULL); 897 864 if (ret < 0) 898 865 goto out; 899 866 ··· 902 869 goto out; 903 870 904 871 new_epayload = encrypted_key_alloc(key, epayload->format, 905 - new_master_desc, epayload->datalen); 872 + new_master_desc, epayload->datalen, NULL); 906 873 if (IS_ERR(new_epayload)) { 907 874 ret = PTR_ERR(new_epayload); 908 875 goto out;