diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2010-11-23 18:55:35 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-11-28 16:55:29 -0500 |
| commit | 7e70cb4978507cf31d76b90e4cfb4c28cad87f0c (patch) | |
| tree | c5df493eef8d30dcb40d647b0528970eb4a391c6 | |
| parent | d00a1c72f7f4661212299e6cb132dfa58030bcdb (diff) | |
keys: add new key-type encrypted
Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
generated random numbers, which are encrypted/decrypted with a 'trusted'
symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
Userspace only ever sees/stores encrypted blobs.
Changelog:
- bug fix: replaced master-key rcu based locking with semaphore
(reported by David Howells)
- Removed memset of crypto_shash_digest() digest output
- Replaced verification of 'key-type:key-desc' using strcspn(), with
one based on string constants.
- Moved documentation to Documentation/keys-trusted-encrypted.txt
- Replace hash with shash (based on comments by David Howells)
- Make lengths/counts size_t where possible (based on comments by David Howells)
Could not convert most lengths, as crypto expects 'unsigned int'
(size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)
- Add 'const' where possible (based on comments by David Howells)
- allocate derived_buf dynamically to support arbitrary length master key
(fixed by Roberto Sassu)
- wait until late_initcall for crypto libraries to be registered
- cleanup security/Kconfig
- Add missing 'update' keyword (reported/fixed by Roberto Sassu)
- Free epayload on failure to create key (reported/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
remove unnecessary tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: David Safford <safford@watson.ibm.com>
Reviewed-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | include/keys/encrypted-type.h | 29 | ||||
| -rw-r--r-- | security/Kconfig | 16 | ||||
| -rw-r--r-- | security/keys/Makefile | 1 | ||||
| -rw-r--r-- | security/keys/encrypted_defined.c | 907 | ||||
| -rw-r--r-- | security/keys/encrypted_defined.h | 56 |
5 files changed, 1009 insertions, 0 deletions
diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h new file mode 100644 index 000000000000..95855017a32b --- /dev/null +++ b/include/keys/encrypted-type.h | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2010 IBM Corporation | ||
| 3 | * Author: Mimi Zohar <zohar@us.ibm.com> | ||
| 4 | * | ||
| 5 | * This program is free software; you can redistribute it and/or modify | ||
| 6 | * it under the terms of the GNU General Public License as published by | ||
| 7 | * the Free Software Foundation, version 2 of the License. | ||
| 8 | */ | ||
| 9 | |||
| 10 | #ifndef _KEYS_ENCRYPTED_TYPE_H | ||
| 11 | #define _KEYS_ENCRYPTED_TYPE_H | ||
| 12 | |||
| 13 | #include <linux/key.h> | ||
| 14 | #include <linux/rcupdate.h> | ||
| 15 | |||
| 16 | struct encrypted_key_payload { | ||
| 17 | struct rcu_head rcu; | ||
| 18 | char *master_desc; /* datablob: master key name */ | ||
| 19 | char *datalen; /* datablob: decrypted key length */ | ||
| 20 | u8 *iv; /* datablob: iv */ | ||
| 21 | u8 *encrypted_data; /* datablob: encrypted data */ | ||
| 22 | unsigned short datablob_len; /* length of datablob */ | ||
| 23 | unsigned short decrypted_datalen; /* decrypted data length */ | ||
| 24 | u8 decrypted_data[0]; /* decrypted data + datablob + hmac */ | ||
| 25 | }; | ||
| 26 | |||
| 27 | extern struct key_type key_type_encrypted; | ||
| 28 | |||
| 29 | #endif /* _KEYS_ENCRYPTED_TYPE_H */ | ||
diff --git a/security/Kconfig b/security/Kconfig index 24b8f9b491b8..95accd442d55 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -36,6 +36,22 @@ config TRUSTED_KEYS | |||
| 36 | 36 | ||
| 37 | If you are unsure as to whether this is required, answer N. | 37 | If you are unsure as to whether this is required, answer N. |
| 38 | 38 | ||
| 39 | config ENCRYPTED_KEYS | ||
| 40 | tristate "ENCRYPTED KEYS" | ||
| 41 | depends on KEYS && TRUSTED_KEYS | ||
| 42 | select CRYPTO_AES | ||
| 43 | select CRYPTO_CBC | ||
| 44 | select CRYPTO_SHA256 | ||
| 45 | select CRYPTO_RNG | ||
| 46 | help | ||
| 47 | This option provides support for create/encrypting/decrypting keys | ||
| 48 | in the kernel. Encrypted keys are kernel generated random numbers, | ||
| 49 | which are encrypted/decrypted with a 'master' symmetric key. The | ||
| 50 | 'master' key can be either a trusted-key or user-key type. | ||
| 51 | Userspace only ever sees/stores encrypted blobs. | ||
| 52 | |||
| 53 | If you are unsure as to whether this is required, answer N. | ||
| 54 | |||
| 39 | config KEYS_DEBUG_PROC_KEYS | 55 | config KEYS_DEBUG_PROC_KEYS |
| 40 | bool "Enable the /proc/keys file by which keys may be viewed" | 56 | bool "Enable the /proc/keys file by which keys may be viewed" |
| 41 | depends on KEYS | 57 | depends on KEYS |
diff --git a/security/keys/Makefile b/security/keys/Makefile index fcb107020b4a..6c941050f573 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile | |||
| @@ -14,6 +14,7 @@ obj-y := \ | |||
| 14 | user_defined.o | 14 | user_defined.o |
| 15 | 15 | ||
| 16 | obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o | 16 | obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o |
| 17 | obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o | ||
| 17 | obj-$(CONFIG_KEYS_COMPAT) += compat.o | 18 | obj-$(CONFIG_KEYS_COMPAT) += compat.o |
| 18 | obj-$(CONFIG_PROC_FS) += proc.o | 19 | obj-$(CONFIG_PROC_FS) += proc.o |
| 19 | obj-$(CONFIG_SYSCTL) += sysctl.o | 20 | obj-$(CONFIG_SYSCTL) += sysctl.o |
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c new file mode 100644 index 000000000000..0e558dcad92f --- /dev/null +++ b/security/keys/encrypted_defined.c | |||
| @@ -0,0 +1,907 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2010 IBM Corporation | ||
| 3 | * | ||
| 4 | * Author: | ||
| 5 | * Mimi Zohar <zohar@us.ibm.com> | ||
| 6 | * | ||
| 7 | * This program is free software; you can redistribute it and/or modify | ||
| 8 | * it under the terms of the GNU General Public License as published by | ||
| 9 | * the Free Software Foundation, version 2 of the License. | ||
| 10 | * | ||
| 11 | * See Documentation/keys-trusted-encrypted.txt | ||
| 12 | */ | ||
| 13 | |||
| 14 | #include <linux/uaccess.h> | ||
| 15 | #include <linux/module.h> | ||
| 16 | #include <linux/init.h> | ||
| 17 | #include <linux/slab.h> | ||
| 18 | #include <linux/parser.h> | ||
| 19 | #include <linux/string.h> | ||
| 20 | #include <keys/user-type.h> | ||
| 21 | #include <keys/trusted-type.h> | ||
| 22 | #include <keys/encrypted-type.h> | ||
| 23 | #include <linux/key-type.h> | ||
| 24 | #include <linux/random.h> | ||
| 25 | #include <linux/rcupdate.h> | ||
| 26 | #include <linux/scatterlist.h> | ||
| 27 | #include <linux/crypto.h> | ||
| 28 | #include <crypto/hash.h> | ||
| 29 | #include <crypto/sha.h> | ||
| 30 | #include <crypto/aes.h> | ||
| 31 | |||
| 32 | #include "encrypted_defined.h" | ||
| 33 | |||
| 34 | #define KEY_TRUSTED_PREFIX "trusted:" | ||
| 35 | #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1) | ||
| 36 | #define KEY_USER_PREFIX "user:" | ||
| 37 | #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1) | ||
| 38 | |||
| 39 | #define HASH_SIZE SHA256_DIGEST_SIZE | ||
| 40 | #define MAX_DATA_SIZE 4096 | ||
| 41 | #define MIN_DATA_SIZE 20 | ||
| 42 | |||
| 43 | static const char hash_alg[] = "sha256"; | ||
| 44 | static const char hmac_alg[] = "hmac(sha256)"; | ||
| 45 | static const char blkcipher_alg[] = "cbc(aes)"; | ||
| 46 | static unsigned int ivsize; | ||
| 47 | static int blksize; | ||
| 48 | |||
| 49 | struct sdesc { | ||
| 50 | struct shash_desc shash; | ||
| 51 | char ctx[]; | ||
| 52 | }; | ||
| 53 | |||
| 54 | static struct crypto_shash *hashalg; | ||
| 55 | static struct crypto_shash *hmacalg; | ||
| 56 | |||
| 57 | enum { | ||
| 58 | Opt_err = -1, Opt_new, Opt_load, Opt_update | ||
| 59 | }; | ||
| 60 | |||
| 61 | static const match_table_t key_tokens = { | ||
| 62 | {Opt_new, "new"}, | ||
| 63 | {Opt_load, "load"}, | ||
| 64 | {Opt_update, "update"}, | ||
| 65 | {Opt_err, NULL} | ||
| 66 | }; | ||
| 67 | |||
| 68 | static int aes_get_sizes(void) | ||
| 69 | { | ||
| 70 | struct crypto_blkcipher *tfm; | ||
| 71 | |||
| 72 | tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); | ||
| 73 | if (IS_ERR(tfm)) { | ||
| 74 | pr_err("encrypted_key: failed to alloc_cipher (%ld)\n", | ||
| 75 | PTR_ERR(tfm)); | ||
| 76 | return PTR_ERR(tfm); | ||
| 77 | } | ||
| 78 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
| 79 | blksize = crypto_blkcipher_blocksize(tfm); | ||
| 80 | crypto_free_blkcipher(tfm); | ||
| 81 | return 0; | ||
| 82 | } | ||
| 83 | |||
| 84 | /* | ||
| 85 | * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key | ||
| 86 | * | ||
| 87 | * key-type:= "trusted:" | "encrypted:" | ||
| 88 | * desc:= master-key description | ||
| 89 | * | ||
| 90 | * Verify that 'key-type' is valid and that 'desc' exists. On key update, | ||
| 91 | * only the master key description is permitted to change, not the key-type. | ||
| 92 | * The key-type remains constant. | ||
| 93 | * | ||
| 94 | * On success returns 0, otherwise -EINVAL. | ||
| 95 | */ | ||
| 96 | static int valid_master_desc(const char *new_desc, const char *orig_desc) | ||
| 97 | { | ||
| 98 | if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) { | ||
| 99 | if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN) | ||
| 100 | goto out; | ||
| 101 | if (orig_desc) | ||
| 102 | if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN)) | ||
| 103 | goto out; | ||
| 104 | } else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) { | ||
| 105 | if (strlen(new_desc) == KEY_USER_PREFIX_LEN) | ||
| 106 | goto out; | ||
| 107 | if (orig_desc) | ||
| 108 | if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN)) | ||
| 109 | goto out; | ||
| 110 | } else | ||
| 111 | goto out; | ||
| 112 | return 0; | ||
| 113 | out: | ||
| 114 | return -EINVAL; | ||
