tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: s390/phmac - Refuse clear key material by default

This patch exploits the new xflag PKEY_XFLAG_NOCLEARKEY from the pkey
layer. So now by default the phmac refuses the use of clear key
material ("clear key tokens") in the setkey function with
-EINVAL.

With a new kernel module parameter "clrkey" this behavior can be
controlled. By default clrkey is 'N' but for testing purpose on module
load a true value (1, 'Y') may be given to accept clear key tokens.

Note that during selftest clear keys are always used and thus the
xflag PKEY_XFLAG_NOCLEARKEY is NOT set as long as the algorithm is in
a larval state indicated by crypto_ahash_tested() returning false.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Harald Freudenberger and committed by
Herbert Xu 452770a4 2dfca611

+20 -9
+20 -9
arch/s390/crypto/phmac_s390.c
··· 23 23 static struct crypto_engine *phmac_crypto_engine; 24 24 #define MAX_QLEN 10 25 25 26 + static bool pkey_clrkey_allowed; 27 + module_param_named(clrkey, pkey_clrkey_allowed, bool, 0444); 28 + MODULE_PARM_DESC(clrkey, "Allow clear key material (default N)"); 29 + 26 30 /* 27 31 * A simple hash walk helper 28 32 */ ··· 315 311 * This function may sleep - don't call in non-sleeping context. 316 312 */ 317 313 static inline int convert_key(const u8 *key, unsigned int keylen, 318 - struct phmac_protkey *pk) 314 + struct phmac_protkey *pk, bool tested) 319 315 { 316 + u32 xflags = PKEY_XFLAG_NOMEMALLOC; 320 317 int rc, i; 318 + 319 + if (tested && !pkey_clrkey_allowed) 320 + xflags |= PKEY_XFLAG_NOCLEARKEY; 321 321 322 322 pk->len = sizeof(pk->protkey); 323 323 ··· 336 328 } 337 329 rc = pkey_key2protkey(key, keylen, 338 330 pk->protkey, &pk->len, &pk->type, 339 - PKEY_XFLAG_NOMEMALLOC); 331 + xflags); 340 332 } 341 333 342 334 out: ··· 358 350 * unnecessary additional conversion but never to invalid data on the 359 351 * hash operation. 360 352 */ 361 - static int phmac_convert_key(struct phmac_tfm_ctx *tfm_ctx) 353 + static int phmac_convert_key(struct phmac_tfm_ctx *tfm_ctx, bool tested) 362 354 { 363 355 struct phmac_protkey pk; 364 356 int rc; ··· 367 359 tfm_ctx->pk_state = PK_STATE_CONVERT_IN_PROGRESS; 368 360 spin_unlock_bh(&tfm_ctx->pk_lock); 369 361 370 - rc = convert_key(tfm_ctx->keybuf, tfm_ctx->keylen, &pk); 362 + rc = convert_key(tfm_ctx->keybuf, tfm_ctx->keylen, &pk, tested); 371 363 372 364 /* update context */ 373 365 spin_lock_bh(&tfm_ctx->pk_lock); ··· 412 404 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; 413 405 struct hash_walk_helper *hwh = &req_ctx->hwh; 414 406 unsigned int bs = crypto_ahash_blocksize(tfm); 407 + bool tested = crypto_ahash_tested(tfm); 415 408 unsigned int offset, k, n; 416 409 int rc = 0; 417 410 ··· 453 444 rc = -EKEYEXPIRED; 454 445 goto out; 455 446 } 456 - rc = phmac_convert_key(tfm_ctx); 447 + rc = phmac_convert_key(tfm_ctx, tested); 457 448 if (rc) 458 449 goto out; 459 450 spin_lock_bh(&tfm_ctx->pk_lock); ··· 489 480 rc = -EKEYEXPIRED; 490 481 goto out; 491 482 } 492 - rc = phmac_convert_key(tfm_ctx); 483 + rc = phmac_convert_key(tfm_ctx, tested); 493 484 if (rc) 494 485 goto out; 495 486 spin_lock_bh(&tfm_ctx->pk_lock); ··· 526 517 struct kmac_sha2_ctx *ctx = &req_ctx->kmac_ctx; 527 518 unsigned int ds = crypto_ahash_digestsize(tfm); 528 519 unsigned int bs = crypto_ahash_blocksize(tfm); 520 + bool tested = crypto_ahash_tested(tfm); 529 521 unsigned int k, n; 530 522 int rc = 0; 531 523 ··· 547 537 rc = -EKEYEXPIRED; 548 538 goto out; 549 539 } 550 - rc = phmac_convert_key(tfm_ctx); 540 + rc = phmac_convert_key(tfm_ctx, tested); 551 541 if (rc) 552 542 goto out; 553 543 spin_lock_bh(&tfm_ctx->pk_lock); ··· 751 741 struct phmac_tfm_ctx *tfm_ctx = crypto_ahash_ctx(tfm); 752 742 unsigned int ds = crypto_ahash_digestsize(tfm); 753 743 unsigned int bs = crypto_ahash_blocksize(tfm); 744 + bool tested = crypto_ahash_tested(tfm); 754 745 unsigned int tmpkeylen; 755 746 u8 *tmpkey = NULL; 756 747 int rc = 0; 757 748 758 - if (!crypto_ahash_tested(tfm)) { 749 + if (!tested) { 759 750 /* 760 751 * selftest running: key is a raw hmac clear key and needs 761 752 * to get embedded into a 'clear key token' in order to have ··· 781 770 goto out; 782 771 783 772 /* convert raw key into protected key */ 784 - rc = phmac_convert_key(tfm_ctx); 773 + rc = phmac_convert_key(tfm_ctx, tested); 785 774 if (rc) 786 775 goto out; 787 776