KEYS: Add placeholder for KDF usage with DH

The values computed during Diffie-Hellman key exchange are often used
in combination with key derivation functions to create cryptographic
keys.  Add a placeholder for a later implementation to configure a
key derivation function that will transform the Diffie-Hellman
result returned by the KEYCTL_DH_COMPUTE command.

[This patch was stripped down from a patch produced by Mat Martineau that
 had a bug in the compat code - so for the moment Stephan's patch simply
 requires that the placeholder argument must be NULL]

Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

4 files changed, 13 insertions, 6 deletions

diff --git a/security/keys/compat.c b/security/keys/compat.c
index c8783b3b628c..36c80bf5b89c 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
 
         case KEYCTL_DH_COMPUTE:
                 return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
-                                         arg4);
+                                         arg4, compat_ptr(arg5));
 
         default:
                 return -EOPNOTSUPP;
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 880505a4b9f1..531ed2ec132f 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -78,7 +78,8 @@ error:
 }
 
 long keyctl_dh_compute(struct keyctl_dh_params __user *params,
-                       char __user *buffer, size_t buflen)
+                       char __user *buffer, size_t buflen,
+                       void __user *reserved)
 {
         long ret;
         MPI base, private, prime, result;
@@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
                 goto out;
         }
 
+        if (reserved) {
+                ret = -EINVAL;
+                goto out;
+        }
+
         keylen = mpi_from_key(pcopy.prime, buflen, &prime);
         if (keylen < 0 || !prime) {
                 /* buflen == 0 may be used to query the required buffer size,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 8ec7a528365d..a705a7d92ad7 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -260,10 +260,11 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
 
 #ifdef CONFIG_KEY_DH_OPERATIONS
 extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
-                              size_t);
+                              size_t, void __user *);
 #else
 static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
-                                     char __user *buffer, size_t buflen)
+                                     char __user *buffer, size_t buflen,
+                                     void __user *reserved)
 {
         return -EOPNOTSUPP;
 }
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 3b135a0af344..d580ad06b792 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1688,8 +1688,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
 
         case KEYCTL_DH_COMPUTE:
                 return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
-                                         (char __user *) arg3,
-                                         (size_t) arg4);
+                                         (char __user *) arg3, (size_t) arg4,
+                                         (void __user *) arg5);
 
         default:
                 return -EOPNOTSUPP;