Merge branch 'fixes-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

+2

include/linux/key.h

··· 187 187 #define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */ 188 188 #define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */ 189 189 #define KEY_FLAG_KEEP 10 /* set if key should not be removed */ 190 + #define KEY_FLAG_UID_KEYRING 11 /* set if key is a user or user session keyring */ 190 191 191 192 /* the key type and key description string 192 193 * - the desc is used to match a key against search criteria ··· 244 243 #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ 245 244 #define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */ 246 245 #define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */ 246 + #define KEY_ALLOC_UID_KEYRING 0x0010 /* allocating a user or user session keyring */ 247 247 248 248 extern void key_revoke(struct key *key); 249 249 extern void key_invalidate(struct key *key);

+1 -3

security/keys/Kconfig

··· 45 45 bool "Large payload keys" 46 46 depends on KEYS 47 47 depends on TMPFS 48 - depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y) 49 48 select CRYPTO_AES 50 - select CRYPTO_ECB 51 - select CRYPTO_RNG 49 + select CRYPTO_GCM 52 50 help 53 51 This option provides support for holding large keys within the kernel 54 52 (for example Kerberos ticket caches). The data may be stored out to

+64 -73

security/keys/big_key.c

··· 1 1 /* Large capacity key type 2 2 * 3 + * Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 3 4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 4 5 * Written by David Howells (dhowells@redhat.com) 5 6 * ··· 17 16 #include <linux/shmem_fs.h> 18 17 #include <linux/err.h> 19 18 #include <linux/scatterlist.h> 19 + #include <linux/random.h> 20 20 #include <keys/user-type.h> 21 21 #include <keys/big_key-type.h> 22 - #include <crypto/rng.h> 23 - #include <crypto/skcipher.h> 22 + #include <crypto/aead.h> 24 23 25 24 /* 26 25 * Layout of key payload words. ··· 50 49 /* 51 50 * Key size for big_key data encryption 52 51 */ 53 - #define ENC_KEY_SIZE 16 52 + #define ENC_KEY_SIZE 32 53 + 54 + /* 55 + * Authentication tag length 56 + */ 57 + #define ENC_AUTHTAG_SIZE 16 54 58 55 59 /* 56 60 * big_key defined keys take an arbitrary string as the description and an ··· 70 64 .destroy = big_key_destroy, 71 65 .describe = big_key_describe, 72 66 .read = big_key_read, 67 + /* no ->update(); don't add it without changing big_key_crypt() nonce */ 73 68 }; 74 69 75 70 /* 76 - * Crypto names for big_key data encryption 71 + * Crypto names for big_key data authenticated encryption 77 72 */ 78 - static const char big_key_rng_name[] = "stdrng"; 79 - static const char big_key_alg_name[] = "ecb(aes)"; 73 + static const char big_key_alg_name[] = "gcm(aes)"; 80 74 81 75 /* 82 - * Crypto algorithms for big_key data encryption 76 + * Crypto algorithms for big_key data authenticated encryption 83 77 */ 84 - static struct crypto_rng *big_key_rng; 85 - static struct crypto_skcipher *big_key_skcipher; 78 + static struct crypto_aead *big_key_aead; 86 79 87 80 /* 88 - * Generate random key to encrypt big_key data 81 + * Since changing the key affects the entire object, we need a mutex. 89 82 */ 90 - static inline int big_key_gen_enckey(u8 *key) 91 - { 92 - return crypto_rng_get_bytes(big_key_rng, key, ENC_KEY_SIZE); 93 - } 83 + static DEFINE_MUTEX(big_key_aead_lock); 94 84 95 85 /* 96 86 * Encrypt/decrypt big_key data 97 87 */ 98 88 static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) 99 89 { 100 - int ret = -EINVAL; 90 + int ret; 101 91 struct scatterlist sgio; 102 - SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher); 92 + struct aead_request *aead_req; 93 + /* We always use a zero nonce. The reason we can get away with this is 94 + * because we're using a different randomly generated key for every 95 + * different encryption. Notably, too, key_type_big_key doesn't define 96 + * an .update function, so there's no chance we'll wind up reusing the 97 + * key to encrypt updated data. Simply put: one key, one encryption. 98 + */ 99 + u8 zero_nonce[crypto_aead_ivsize(big_key_aead)]; 103 100 104 - if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) { 101 + aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL); 102 + if (!aead_req) 103 + return -ENOMEM; 104 + 105 + memset(zero_nonce, 0, sizeof(zero_nonce)); 106 + sg_init_one(&sgio, data, datalen + (op == BIG_KEY_ENC ? ENC_AUTHTAG_SIZE : 0)); 107 + aead_request_set_crypt(aead_req, &sgio, &sgio, datalen, zero_nonce); 108 + aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 109 + aead_request_set_ad(aead_req, 0); 110 + 111 + mutex_lock(&big_key_aead_lock); 112 + if (crypto_aead_setkey(big_key_aead, key, ENC_KEY_SIZE)) { 105 113 ret = -EAGAIN; 106 114 goto error; 107 115 } 108 - 109 - skcipher_request_set_tfm(req, big_key_skcipher); 110 - skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, 111 - NULL, NULL); 112 - 113 - sg_init_one(&sgio, data, datalen); 114 - skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL); 115 - 116 116 if (op == BIG_KEY_ENC) 117 - ret = crypto_skcipher_encrypt(req); 117 + ret = crypto_aead_encrypt(aead_req); 118 118 else 119 - ret = crypto_skcipher_decrypt(req); 120 - 121 - skcipher_request_zero(req); 122 - 119 + ret = crypto_aead_decrypt(aead_req); 123 120 error: 121 + mutex_unlock(&big_key_aead_lock); 122 + aead_request_free(aead_req); 124 123 return ret; 125 124 } 126 125 ··· 157 146 * 158 147 * File content is stored encrypted with randomly generated key. 159 148 */ 160 - size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); 149 + size_t enclen = datalen + ENC_AUTHTAG_SIZE; 161 150 loff_t pos = 0; 162 151 163 - /* prepare aligned data to encrypt */ 164 152 data = kmalloc(enclen, GFP_KERNEL); 165 153 if (!data) 166 154 return -ENOMEM; 167 - 168 155 memcpy(data, prep->data, datalen); 169 - memset(data + datalen, 0x00, enclen - datalen); 170 156 171 157 /* generate random key */ 172 158 enckey = kmalloc(ENC_KEY_SIZE, GFP_KERNEL); ··· 171 163 ret = -ENOMEM; 172 164 goto error; 173 165 } 174 - 175 - ret = big_key_gen_enckey(enckey); 176 - if (ret) 166 + ret = get_random_bytes_wait(enckey, ENC_KEY_SIZE); 167 + if (unlikely(ret)) 177 168 goto err_enckey; 178 169 179 170 /* encrypt aligned data */ 180 - ret = big_key_crypt(BIG_KEY_ENC, data, enclen, enckey); 171 + ret = big_key_crypt(BIG_KEY_ENC, data, datalen, enckey); 181 172 if (ret) 182 173 goto err_enckey; 183 174 ··· 202 195 *path = file->f_path; 203 196 path_get(path); 204 197 fput(file); 205 - kfree(data); 198 + kzfree(data); 206 199 } else { 207 200 /* Just store the data in a buffer */ 208 201 void *data = kmalloc(datalen, GFP_KERNEL); ··· 218 211 err_fput: 219 212 fput(file); 220 213 err_enckey: 221 - kfree(enckey); 214 + kzfree(enckey); 222 215 error: 223 - kfree(data); 216 + kzfree(data); 224 217 return ret; 225 218 } 226 219 ··· 234 227 235 228 path_put(path); 236 229 } 237 - kfree(prep->payload.data[big_key_data]); 230 + kzfree(prep->payload.data[big_key_data]); 238 231 } 239 232 240 233 /* ··· 266 259 path->mnt = NULL; 267 260 path->dentry = NULL; 268 261 } 269 - kfree(key->payload.data[big_key_data]); 262 + kzfree(key->payload.data[big_key_data]); 270 263 key->payload.data[big_key_data] = NULL; 271 264 } 272 265 ··· 302 295 struct file *file; 303 296 u8 *data; 304 297 u8 *enckey = (u8 *)key->payload.data[big_key_data]; 305 - size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); 298 + size_t enclen = datalen + ENC_AUTHTAG_SIZE; 306 299 loff_t pos = 0; 307 300 308 301 data = kmalloc(enclen, GFP_KERNEL); ··· 335 328 err_fput: 336 329 fput(file); 337 330 error: 338 - kfree(data); 331 + kzfree(data); 339 332 } else { 340 333 ret = datalen; 341 334 if (copy_to_user(buffer, key->payload.data[big_key_data], ··· 351 344 */ 352 345 static int __init big_key_init(void) 353 346 { 354 - struct crypto_skcipher *cipher; 355 - struct crypto_rng *rng; 356 347 int ret; 357 348 358 - rng = crypto_alloc_rng(big_key_rng_name, 0, 0); 359 - if (IS_ERR(rng)) { 360 - pr_err("Can't alloc rng: %ld\n", PTR_ERR(rng)); 361 - return PTR_ERR(rng); 362 - } 363 - 364 - big_key_rng = rng; 365 - 366 - /* seed RNG */ 367 - ret = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng)); 368 - if (ret) { 369 - pr_err("Can't reset rng: %d\n", ret); 370 - goto error_rng; 371 - } 372 - 373 349 /* init block cipher */ 374 - cipher = crypto_alloc_skcipher(big_key_alg_name, 0, CRYPTO_ALG_ASYNC); 375 - if (IS_ERR(cipher)) { 376 - ret = PTR_ERR(cipher); 350 + big_key_aead = crypto_alloc_aead(big_key_alg_name, 0, CRYPTO_ALG_ASYNC); 351 + if (IS_ERR(big_key_aead)) { 352 + ret = PTR_ERR(big_key_aead); 377 353 pr_err("Can't alloc crypto: %d\n", ret); 378 - goto error_rng; 354 + return ret; 379 355 } 380 - 381 - big_key_skcipher = cipher; 356 + ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE); 357 + if (ret < 0) { 358 + pr_err("Can't set crypto auth tag len: %d\n", ret); 359 + goto free_aead; 360 + } 382 361 383 362 ret = register_key_type(&key_type_big_key); 384 363 if (ret < 0) { 385 364 pr_err("Can't register type: %d\n", ret); 386 - goto error_cipher; 365 + goto free_aead; 387 366 } 388 367 389 368 return 0; 390 369 391 - error_cipher: 392 - crypto_free_skcipher(big_key_skcipher); 393 - error_rng: 394 - crypto_free_rng(big_key_rng); 370 + free_aead: 371 + crypto_free_aead(big_key_aead); 395 372 return ret; 396 373 } 397 374

+1 -1

security/keys/internal.h

··· 141 141 extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx); 142 142 extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx); 143 143 144 - extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 144 + extern struct key *find_keyring_by_name(const char *name, bool uid_keyring); 145 145 146 146 extern int install_user_keyrings(void); 147 147 extern int install_thread_keyring_to_cred(struct cred *);

+4 -2

security/keys/key.c

··· 54 54 struct key_user *key_user_lookup(kuid_t uid) 55 55 { 56 56 struct key_user *candidate = NULL, *user; 57 - struct rb_node *parent = NULL; 58 - struct rb_node **p; 57 + struct rb_node *parent, **p; 59 58 60 59 try_again: 60 + parent = NULL; 61 61 p = &key_user_tree.rb_node; 62 62 spin_lock(&key_user_lock); 63 63 ··· 302 302 key->flags |= 1 << KEY_FLAG_IN_QUOTA; 303 303 if (flags & KEY_ALLOC_BUILT_IN) 304 304 key->flags |= 1 << KEY_FLAG_BUILTIN; 305 + if (flags & KEY_ALLOC_UID_KEYRING) 306 + key->flags |= 1 << KEY_FLAG_UID_KEYRING; 305 307 306 308 #ifdef KEY_DEBUGGING 307 309 key->magic = KEY_DEBUG_MAGIC;

+8 -5

security/keys/keyctl.c

··· 766 766 767 767 key = key_ref_to_ptr(key_ref); 768 768 769 + if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { 770 + ret = -ENOKEY; 771 + goto error2; 772 + } 773 + 769 774 /* see if we can read it directly */ 770 775 ret = key_permission(key_ref, KEY_NEED_READ); 771 776 if (ret == 0) 772 777 goto can_read_key; 773 778 if (ret != -EACCES) 774 - goto error; 779 + goto error2; 775 780 776 781 /* we can't; see if it's searchable from this process's keyrings 777 782 * - we automatically take account of the fact that it may be ··· 1411 1406 } 1412 1407 1413 1408 ret = keyctl_change_reqkey_auth(authkey); 1414 - if (ret < 0) 1415 - goto error; 1409 + if (ret == 0) 1410 + ret = authkey->serial; 1416 1411 key_put(authkey); 1417 - 1418 - ret = authkey->serial; 1419 1412 error: 1420 1413 return ret; 1421 1414 }

+19 -18

security/keys/keyring.c

··· 423 423 } 424 424 425 425 struct keyring_read_iterator_context { 426 - size_t qty; 426 + size_t buflen; 427 427 size_t count; 428 428 key_serial_t __user *buffer; 429 429 }; ··· 435 435 int ret; 436 436 437 437 kenter("{%s,%d},,{%zu/%zu}", 438 - key->type->name, key->serial, ctx->count, ctx->qty); 438 + key->type->name, key->serial, ctx->count, ctx->buflen); 439 439 440 - if (ctx->count >= ctx->qty) 440 + if (ctx->count >= ctx->buflen) 441 441 return 1; 442 442 443 443 ret = put_user(key->serial, ctx->buffer); ··· 472 472 return 0; 473 473 474 474 /* Calculate how much data we could return */ 475 - ctx.qty = nr_keys * sizeof(key_serial_t); 476 - 477 475 if (!buffer || !buflen) 478 - return ctx.qty; 479 - 480 - if (buflen > ctx.qty) 481 - ctx.qty = buflen; 476 + return nr_keys * sizeof(key_serial_t); 482 477 483 478 /* Copy the IDs of the subscribed keys into the buffer */ 484 479 ctx.buffer = (key_serial_t __user *)buffer; 480 + ctx.buflen = buflen; 485 481 ctx.count = 0; 486 482 ret = assoc_array_iterate(&keyring->keys, keyring_read_iterator, &ctx); 487 483 if (ret < 0) { ··· 1097 1101 /* 1098 1102 * Find a keyring with the specified name. 1099 1103 * 1100 - * All named keyrings in the current user namespace are searched, provided they 1101 - * grant Search permission directly to the caller (unless this check is 1102 - * skipped). Keyrings whose usage points have reached zero or who have been 1103 - * revoked are skipped. 1104 + * Only keyrings that have nonzero refcount, are not revoked, and are owned by a 1105 + * user in the current user namespace are considered. If @uid_keyring is %true, 1106 + * the keyring additionally must have been allocated as a user or user session 1107 + * keyring; otherwise, it must grant Search permission directly to the caller. 1104 1108 * 1105 1109 * Returns a pointer to the keyring with the keyring's refcount having being 1106 1110 * incremented on success. -ENOKEY is returned if a key could not be found. 1107 1111 */ 1108 - struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 1112 + struct key *find_keyring_by_name(const char *name, bool uid_keyring) 1109 1113 { 1110 1114 struct key *keyring; 1111 1115 int bucket; ··· 1133 1137 if (strcmp(keyring->description, name) != 0) 1134 1138 continue; 1135 1139 1136 - if (!skip_perm_check && 1137 - key_permission(make_key_ref(keyring, 0), 1138 - KEY_NEED_SEARCH) < 0) 1139 - continue; 1140 + if (uid_keyring) { 1141 + if (!test_bit(KEY_FLAG_UID_KEYRING, 1142 + &keyring->flags)) 1143 + continue; 1144 + } else { 1145 + if (key_permission(make_key_ref(keyring, 0), 1146 + KEY_NEED_SEARCH) < 0) 1147 + continue; 1148 + } 1140 1149 1141 1150 /* we've got a match but we might end up racing with 1142 1151 * key_cleanup() if the keyring is currently 'dead'

+2 -6

security/keys/proc.c

··· 187 187 struct keyring_search_context ctx = { 188 188 .index_key.type = key->type, 189 189 .index_key.description = key->description, 190 - .cred = current_cred(), 190 + .cred = m->file->f_cred, 191 191 .match_data.cmp = lookup_user_key_possessed, 192 192 .match_data.raw_data = key, 193 193 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, ··· 207 207 } 208 208 } 209 209 210 - /* check whether the current task is allowed to view the key (assuming 211 - * non-possession) 212 - * - the caller holds a spinlock, and thus the RCU read lock, making our 213 - * access to __current_cred() safe 214 - */ 210 + /* check whether the current task is allowed to view the key */ 215 211 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); 216 212 if (rc < 0) 217 213 return 0;

+4 -2

security/keys/process_keys.c

··· 77 77 if (IS_ERR(uid_keyring)) { 78 78 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 79 79 cred, user_keyring_perm, 80 - KEY_ALLOC_IN_QUOTA, 80 + KEY_ALLOC_UID_KEYRING | 81 + KEY_ALLOC_IN_QUOTA, 81 82 NULL, NULL); 82 83 if (IS_ERR(uid_keyring)) { 83 84 ret = PTR_ERR(uid_keyring); ··· 95 94 session_keyring = 96 95 keyring_alloc(buf, user->uid, INVALID_GID, 97 96 cred, user_keyring_perm, 98 - KEY_ALLOC_IN_QUOTA, 97 + KEY_ALLOC_UID_KEYRING | 98 + KEY_ALLOC_IN_QUOTA, 99 99 NULL, NULL); 100 100 if (IS_ERR(session_keyring)) { 101 101 ret = PTR_ERR(session_keyring);

+33 -41

security/keys/request_key_auth.c

··· 120 120 } 121 121 } 122 122 123 + static void free_request_key_auth(struct request_key_auth *rka) 124 + { 125 + if (!rka) 126 + return; 127 + key_put(rka->target_key); 128 + key_put(rka->dest_keyring); 129 + if (rka->cred) 130 + put_cred(rka->cred); 131 + kfree(rka->callout_info); 132 + kfree(rka); 133 + } 134 + 123 135 /* 124 136 * Destroy an instantiation authorisation token key. 125 137 */ ··· 141 129 142 130 kenter("{%d}", key->serial); 143 131 144 - if (rka->cred) { 145 - put_cred(rka->cred); 146 - rka->cred = NULL; 147 - } 148 - 149 - key_put(rka->target_key); 150 - key_put(rka->dest_keyring); 151 - kfree(rka->callout_info); 152 - kfree(rka); 132 + free_request_key_auth(rka); 153 133 } 154 134 155 135 /* ··· 155 151 const struct cred *cred = current->cred; 156 152 struct key *authkey = NULL; 157 153 char desc[20]; 158 - int ret; 154 + int ret = -ENOMEM; 159 155 160 156 kenter("%d,", target->serial); 161 157 162 158 /* allocate a auth record */ 163 - rka = kmalloc(sizeof(*rka), GFP_KERNEL); 164 - if (!rka) { 165 - kleave(" = -ENOMEM"); 166 - return ERR_PTR(-ENOMEM); 167 - } 168 - rka->callout_info = kmalloc(callout_len, GFP_KERNEL); 169 - if (!rka->callout_info) { 170 - kleave(" = -ENOMEM"); 171 - kfree(rka); 172 - return ERR_PTR(-ENOMEM); 173 - } 159 + rka = kzalloc(sizeof(*rka), GFP_KERNEL); 160 + if (!rka) 161 + goto error; 162 + rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL); 163 + if (!rka->callout_info) 164 + goto error_free_rka; 165 + rka->callout_len = callout_len; 174 166 175 167 /* see if the calling process is already servicing the key request of 176 168 * another process */ ··· 176 176 177 177 /* if the auth key has been revoked, then the key we're 178 178 * servicing is already instantiated */ 179 - if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) 180 - goto auth_key_revoked; 179 + if (test_bit(KEY_FLAG_REVOKED, 180 + &cred->request_key_auth->flags)) { 181 + up_read(&cred->request_key_auth->sem); 182 + ret = -EKEYREVOKED; 183 + goto error_free_rka; 184 + } 181 185 182 186 irka = cred->request_key_auth->payload.data[0]; 183 187 rka->cred = get_cred(irka->cred); ··· 197 193 198 194 rka->target_key = key_get(target); 199 195 rka->dest_keyring = key_get(dest_keyring); 200 - memcpy(rka->callout_info, callout_info, callout_len); 201 - rka->callout_len = callout_len; 202 196 203 197 /* allocate the auth key */ 204 198 sprintf(desc, "%x", target->serial); ··· 207 205 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL); 208 206 if (IS_ERR(authkey)) { 209 207 ret = PTR_ERR(authkey); 210 - goto error_alloc; 208 + goto error_free_rka; 211 209 } 212 210 213 211 /* construct the auth key */ 214 212 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); 215 213 if (ret < 0) 216 - goto error_inst; 214 + goto error_put_authkey; 217 215 218 216 kleave(" = {%d,%d}", authkey->serial, refcount_read(&authkey->usage)); 219 217 return authkey; 220 218 221 - auth_key_revoked: 222 - up_read(&cred->request_key_auth->sem); 223 - kfree(rka->callout_info); 224 - kfree(rka); 225 - kleave("= -EKEYREVOKED"); 226 - return ERR_PTR(-EKEYREVOKED); 227 - 228 - error_inst: 229 - key_revoke(authkey); 219 + error_put_authkey: 230 220 key_put(authkey); 231 - error_alloc: 232 - key_put(rka->target_key); 233 - key_put(rka->dest_keyring); 234 - kfree(rka->callout_info); 235 - kfree(rka); 221 + error_free_rka: 222 + free_request_key_auth(rka); 223 + error: 236 224 kleave("= %d", ret); 237 225 return ERR_PTR(ret); 238 226 }

Configure Feed

Configure Feed