tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: s390/paes - Refuse clear key material by default

This patch exploits the new xflag PKEY_XFLAG_NOCLEARKEY from the pkey
layer. So now by default all the paes algorithms refuse the use of
clear key material ("clear key tokens") in the setkey function with
-EINVAL.

With a new kernel module parameter "clrkey" this behavior can be
controlled. By default clrkey is 'N' but for testing purpose on module
load a true value (1, 'Y') may be given to accept clear key tokens.

Note that during selftest clear keys are always used and thus the
xflag PKEY_XFLAG_NOCLEARKEY is NOT set as long as the algorithm is in
a larval state indicated by crypto_skcipher_tested() returning false.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Harald Freudenberger and committed by
Herbert Xu 9d58d22f 452770a4

+57 -36
+57 -36
arch/s390/crypto/paes_s390.c
··· 40 40 #define PAES_256_PROTKEY_SIZE (32 + 32) /* key + verification pattern */ 41 41 #define PXTS_256_PROTKEY_SIZE (32 + 32 + 32) /* k1 + k2 + verification pattern */ 42 42 43 + static bool pkey_clrkey_allowed; 44 + module_param_named(clrkey, pkey_clrkey_allowed, bool, 0444); 45 + MODULE_PARM_DESC(clrkey, "Allow clear key material (default N)"); 46 + 43 47 static u8 *ctrblk; 44 48 static DEFINE_MUTEX(ctrblk_lock); 45 49 ··· 196 192 * This function may sleep - don't call in non-sleeping context. 197 193 */ 198 194 static inline int convert_key(const u8 *key, unsigned int keylen, 199 - struct paes_protkey *pk) 195 + struct paes_protkey *pk, bool tested) 200 196 { 197 + u32 xflags = PKEY_XFLAG_NOMEMALLOC; 201 198 int rc, i; 199 + 200 + if (tested && !pkey_clrkey_allowed) 201 + xflags |= PKEY_XFLAG_NOCLEARKEY; 202 202 203 203 pk->len = sizeof(pk->protkey); 204 204 ··· 217 209 } 218 210 rc = pkey_key2protkey(key, keylen, 219 211 pk->protkey, &pk->len, &pk->type, 220 - PKEY_XFLAG_NOMEMALLOC); 212 + xflags); 221 213 } 222 214 223 215 out: ··· 239 231 * unnecessary additional conversion but never to invalid data on en- 240 232 * or decrypt operations. 241 233 */ 242 - static int paes_convert_key(struct s390_paes_ctx *ctx) 234 + static int paes_convert_key(struct s390_paes_ctx *ctx, bool tested) 243 235 { 244 236 struct paes_protkey pk; 245 237 int rc; ··· 248 240 ctx->pk_state = PK_STATE_CONVERT_IN_PROGRESS; 249 241 spin_unlock_bh(&ctx->pk_lock); 250 242 251 - rc = convert_key(ctx->keybuf, ctx->keylen, &pk); 243 + rc = convert_key(ctx->keybuf, ctx->keylen, &pk, tested); 252 244 253 245 /* update context */ 254 246 spin_lock_bh(&ctx->pk_lock); ··· 271 263 * pk_type, pk_len and the protected key in the tfm context. 272 264 * See also comments on function paes_convert_key. 273 265 */ 274 - static int pxts_convert_key(struct s390_pxts_ctx *ctx) 266 + static int pxts_convert_key(struct s390_pxts_ctx *ctx, bool tested) 275 267 { 276 268 struct paes_protkey pk0, pk1; 277 269 size_t split_keylen; ··· 281 273 ctx->pk_state = PK_STATE_CONVERT_IN_PROGRESS; 282 274 spin_unlock_bh(&ctx->pk_lock); 283 275 284 - rc = convert_key(ctx->keybuf, ctx->keylen, &pk0); 276 + rc = convert_key(ctx->keybuf, ctx->keylen, &pk0, tested); 285 277 if (rc) 286 278 goto out; 287 279 ··· 295 287 } 296 288 split_keylen = ctx->keylen / 2; 297 289 rc = convert_key(ctx->keybuf + split_keylen, 298 - split_keylen, &pk1); 290 + split_keylen, &pk1, tested); 299 291 if (rc) 300 292 goto out; 301 293 if (pk0.type != pk1.type) { ··· 351 343 unsigned int key_len) 352 344 { 353 345 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 346 + bool tested = crypto_skcipher_tested(tfm); 354 347 long fc; 355 348 int rc; 356 349 ··· 361 352 goto out; 362 353 363 354 /* convert key into protected key */ 364 - rc = paes_convert_key(ctx); 355 + rc = paes_convert_key(ctx, tested); 365 356 if (rc) 366 357 goto out; 367 358 ··· 391 382 392 383 static int ecb_paes_do_crypt(struct s390_paes_ctx *ctx, 393 384 struct s390_pecb_req_ctx *req_ctx, 394 - bool maysleep) 385 + bool tested, bool maysleep) 395 386 { 396 387 struct ecb_param *param = &req_ctx->param; 397 388 struct skcipher_walk *walk = &req_ctx->walk; ··· 439 430 rc = -EKEYEXPIRED; 440 431 goto out; 441 432 } 442 - rc = paes_convert_key(ctx); 433 + rc = paes_convert_key(ctx, tested); 443 434 if (rc) 444 435 goto out; 445 436 spin_lock_bh(&ctx->pk_lock); ··· 459 450 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 460 451 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 461 452 struct skcipher_walk *walk = &req_ctx->walk; 453 + bool tested = crypto_skcipher_tested(tfm); 462 454 int rc; 463 455 464 456 /* ··· 478 468 479 469 /* Try synchronous operation if no active engine usage */ 480 470 if (!atomic_read(&ctx->via_engine_ctr)) { 481 - rc = ecb_paes_do_crypt(ctx, req_ctx, false); 471 + rc = ecb_paes_do_crypt(ctx, req_ctx, tested, false); 482 472 if (rc == 0) 483 473 goto out; 484 474 } ··· 541 531 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 542 532 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 543 533 struct skcipher_walk *walk = &req_ctx->walk; 534 + bool tested = crypto_skcipher_tested(tfm); 544 535 int rc; 545 536 546 537 /* walk has already been prepared */ 547 538 548 - rc = ecb_paes_do_crypt(ctx, req_ctx, true); 539 + rc = ecb_paes_do_crypt(ctx, req_ctx, tested, true); 549 540 if (rc == -EKEYEXPIRED) { 550 541 /* 551 542 * Protected key expired, conversion is in process. ··· 613 602 unsigned int key_len) 614 603 { 615 604 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 605 + bool tested = crypto_skcipher_tested(tfm); 616 606 long fc; 617 607 int rc; 618 608 ··· 623 611 goto out; 624 612 625 613 /* convert raw key into protected key */ 626 - rc = paes_convert_key(ctx); 614 + rc = paes_convert_key(ctx, tested); 627 615 if (rc) 628 616 goto out; 629 617 ··· 653 641 654 642 static int cbc_paes_do_crypt(struct s390_paes_ctx *ctx, 655 643 struct s390_pcbc_req_ctx *req_ctx, 656 - bool maysleep) 644 + bool tested, bool maysleep) 657 645 { 658 646 struct cbc_param *param = &req_ctx->param; 659 647 struct skcipher_walk *walk = &req_ctx->walk; ··· 705 693 rc = -EKEYEXPIRED; 706 694 goto out; 707 695 } 708 - rc = paes_convert_key(ctx); 696 + rc = paes_convert_key(ctx, tested); 709 697 if (rc) 710 698 goto out; 711 699 spin_lock_bh(&ctx->pk_lock); ··· 725 713 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 726 714 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 727 715 struct skcipher_walk *walk = &req_ctx->walk; 716 + bool tested = crypto_skcipher_tested(tfm); 728 717 int rc; 729 718 730 719 /* ··· 744 731 745 732 /* Try synchronous operation if no active engine usage */ 746 733 if (!atomic_read(&ctx->via_engine_ctr)) { 747 - rc = cbc_paes_do_crypt(ctx, req_ctx, false); 734 + rc = cbc_paes_do_crypt(ctx, req_ctx, tested, false); 748 735 if (rc == 0) 749 736 goto out; 750 737 } ··· 807 794 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 808 795 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 809 796 struct skcipher_walk *walk = &req_ctx->walk; 797 + bool tested = crypto_skcipher_tested(tfm); 810 798 int rc; 811 799 812 800 /* walk has already been prepared */ 813 801 814 - rc = cbc_paes_do_crypt(ctx, req_ctx, true); 802 + rc = cbc_paes_do_crypt(ctx, req_ctx, tested, true); 815 803 if (rc == -EKEYEXPIRED) { 816 804 /* 817 805 * Protected key expired, conversion is in process. ··· 879 865 unsigned int key_len) 880 866 { 881 867 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 868 + bool tested = crypto_skcipher_tested(tfm); 882 869 long fc; 883 870 int rc; 884 871 ··· 889 874 goto out; 890 875 891 876 /* convert raw key into protected key */ 892 - rc = paes_convert_key(ctx); 877 + rc = paes_convert_key(ctx, tested); 893 878 if (rc) 894 879 goto out; 895 880 ··· 934 919 935 920 static int ctr_paes_do_crypt(struct s390_paes_ctx *ctx, 936 921 struct s390_pctr_req_ctx *req_ctx, 937 - bool maysleep) 922 + bool tested, bool maysleep) 938 923 { 939 924 struct ctr_param *param = &req_ctx->param; 940 925 struct skcipher_walk *walk = &req_ctx->walk; ··· 994 979 rc = -EKEYEXPIRED; 995 980 goto out; 996 981 } 997 - rc = paes_convert_key(ctx); 982 + rc = paes_convert_key(ctx, tested); 998 983 if (rc) { 999 984 if (locked) 1000 985 mutex_unlock(&ctrblk_lock); ··· 1021 1006 rc = -EKEYEXPIRED; 1022 1007 goto out; 1023 1008 } 1024 - rc = paes_convert_key(ctx); 1009 + rc = paes_convert_key(ctx, tested); 1025 1010 if (rc) 1026 1011 goto out; 1027 1012 spin_lock_bh(&ctx->pk_lock); ··· 1044 1029 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1045 1030 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 1046 1031 struct skcipher_walk *walk = &req_ctx->walk; 1032 + bool tested = crypto_skcipher_tested(tfm); 1047 1033 int rc; 1048 1034 1049 1035 /* ··· 1062 1046 1063 1047 /* Try synchronous operation if no active engine usage */ 1064 1048 if (!atomic_read(&ctx->via_engine_ctr)) { 1065 - rc = ctr_paes_do_crypt(ctx, req_ctx, false); 1049 + rc = ctr_paes_do_crypt(ctx, req_ctx, tested, false); 1066 1050 if (rc == 0) 1067 1051 goto out; 1068 1052 } ··· 1115 1099 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1116 1100 struct s390_paes_ctx *ctx = crypto_skcipher_ctx(tfm); 1117 1101 struct skcipher_walk *walk = &req_ctx->walk; 1102 + bool tested = crypto_skcipher_tested(tfm); 1118 1103 int rc; 1119 1104 1120 1105 /* walk has already been prepared */ 1121 1106 1122 - rc = ctr_paes_do_crypt(ctx, req_ctx, true); 1107 + rc = ctr_paes_do_crypt(ctx, req_ctx, tested, true); 1123 1108 if (rc == -EKEYEXPIRED) { 1124 1109 /* 1125 1110 * Protected key expired, conversion is in process. ··· 1207 1190 unsigned int in_keylen) 1208 1191 { 1209 1192 struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm); 1193 + bool tested = crypto_skcipher_tested(tfm); 1210 1194 u8 ckey[2 * AES_MAX_KEY_SIZE]; 1211 1195 unsigned int ckey_len; 1212 1196 long fc; ··· 1223 1205 goto out; 1224 1206 1225 1207 /* convert raw key(s) into protected key(s) */ 1226 - rc = pxts_convert_key(ctx); 1208 + rc = pxts_convert_key(ctx, tested); 1227 1209 if (rc) 1228 1210 goto out; 1229 1211 ··· 1273 1255 1274 1256 static int xts_paes_do_crypt_fullkey(struct s390_pxts_ctx *ctx, 1275 1257 struct s390_pxts_req_ctx *req_ctx, 1276 - bool maysleep) 1258 + bool tested, bool maysleep) 1277 1259 { 1278 1260 struct xts_full_km_param *param = &req_ctx->param.full_km_param; 1279 1261 struct skcipher_walk *walk = &req_ctx->walk; ··· 1317 1299 rc = -EKEYEXPIRED; 1318 1300 goto out; 1319 1301 } 1320 - rc = pxts_convert_key(ctx); 1302 + rc = pxts_convert_key(ctx, tested); 1321 1303 if (rc) 1322 1304 goto out; 1323 1305 spin_lock_bh(&ctx->pk_lock); ··· 1336 1318 struct xts_km_param *param, 1337 1319 struct skcipher_walk *walk, 1338 1320 unsigned int keylen, 1339 - unsigned int offset, bool maysleep) 1321 + unsigned int offset, 1322 + bool tested, bool maysleep) 1340 1323 { 1341 1324 struct xts_pcc_param pcc_param; 1342 1325 unsigned long cc = 1; ··· 1356 1337 rc = -EKEYEXPIRED; 1357 1338 break; 1358 1339 } 1359 - rc = pxts_convert_key(ctx); 1340 + rc = pxts_convert_key(ctx, tested); 1360 1341 if (rc) 1361 1342 break; 1362 1343 continue; ··· 1370 1351 1371 1352 static int xts_paes_do_crypt_2keys(struct s390_pxts_ctx *ctx, 1372 1353 struct s390_pxts_req_ctx *req_ctx, 1373 - bool maysleep) 1354 + bool tested, bool maysleep) 1374 1355 { 1375 1356 struct xts_km_param *param = &req_ctx->param.km_param; 1376 1357 struct skcipher_walk *walk = &req_ctx->walk; ··· 1388 1369 1389 1370 if (!req_ctx->param_init_done) { 1390 1371 rc = __xts_2keys_prep_param(ctx, param, walk, 1391 - keylen, offset, maysleep); 1372 + keylen, offset, tested, maysleep); 1392 1373 if (rc) 1393 1374 goto out; 1394 1375 req_ctx->param_init_done = true; ··· 1411 1392 rc = -EKEYEXPIRED; 1412 1393 goto out; 1413 1394 } 1414 - rc = pxts_convert_key(ctx); 1395 + rc = pxts_convert_key(ctx, tested); 1415 1396 if (rc) 1416 1397 goto out; 1417 1398 spin_lock_bh(&ctx->pk_lock); ··· 1427 1408 1428 1409 static int xts_paes_do_crypt(struct s390_pxts_ctx *ctx, 1429 1410 struct s390_pxts_req_ctx *req_ctx, 1430 - bool maysleep) 1411 + bool tested, bool maysleep) 1431 1412 { 1432 1413 int pk_state, rc = 0; 1433 1414 ··· 1455 1436 switch (ctx->fc) { 1456 1437 case CPACF_KM_PXTS_128: 1457 1438 case CPACF_KM_PXTS_256: 1458 - rc = xts_paes_do_crypt_2keys(ctx, req_ctx, maysleep); 1439 + rc = xts_paes_do_crypt_2keys(ctx, req_ctx, tested, maysleep); 1459 1440 break; 1460 1441 case CPACF_KM_PXTS_128_FULL: 1461 1442 case CPACF_KM_PXTS_256_FULL: 1462 - rc = xts_paes_do_crypt_fullkey(ctx, req_ctx, maysleep); 1443 + rc = xts_paes_do_crypt_fullkey(ctx, req_ctx, tested, maysleep); 1463 1444 break; 1464 1445 default: 1465 1446 rc = -EINVAL; ··· 1476 1457 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1477 1458 struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm); 1478 1459 struct skcipher_walk *walk = &req_ctx->walk; 1460 + bool tested = crypto_skcipher_tested(tfm); 1479 1461 int rc; 1480 1462 1481 1463 /* ··· 1495 1475 1496 1476 /* Try synchronous operation if no active engine usage */ 1497 1477 if (!atomic_read(&ctx->via_engine_ctr)) { 1498 - rc = xts_paes_do_crypt(ctx, req_ctx, false); 1478 + rc = xts_paes_do_crypt(ctx, req_ctx, tested, false); 1499 1479 if (rc == 0) 1500 1480 goto out; 1501 1481 } ··· 1558 1538 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1559 1539 struct s390_pxts_ctx *ctx = crypto_skcipher_ctx(tfm); 1560 1540 struct skcipher_walk *walk = &req_ctx->walk; 1541 + bool tested = crypto_skcipher_tested(tfm); 1561 1542 int rc; 1562 1543 1563 1544 /* walk has already been prepared */ 1564 1545 1565 - rc = xts_paes_do_crypt(ctx, req_ctx, true); 1546 + rc = xts_paes_do_crypt(ctx, req_ctx, tested, true); 1566 1547 if (rc == -EKEYEXPIRED) { 1567 1548 /* 1568 1549 * Protected key expired, conversion is in process.