summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorFrederick Lawler <fred@cloudflare.com>2022-10-17 21:25:00 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2022-10-28 06:36:34 +0200
commit7984ceb134bf31aa9a597f10ed52d831d5aede14 (patch)
tree47ca0ed4651b0e3b8c616efcdcddf4b4d6df58d8 /crypto
parentcrypto: rockchip - Add support for RK3399 (diff)
downloadlinux-7984ceb134bf31aa9a597f10ed52d831d5aede14.tar.xz
linux-7984ceb134bf31aa9a597f10ed52d831d5aede14.zip
crypto: af_alg - Support symmetric encryption via keyring keys
We want to leverage keyring to store sensitive keys, and then use those keys for symmetric encryption via the crypto API. Among the key types we wish to support are: user, logon, encrypted, and trusted. User key types are already able to have their data copied to user space, but logon does not support this. Further, trusted and encrypted keys will return their encrypted data back to user space on read, which does not make them ideal for symmetric encryption. To support symmetric encryption for these key types, add a new ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This allows users to pass a key_serial_t to the crypto API to perform symmetric encryption. The behavior is the same as ALG_SET_KEY, but the crypto key data is copied in kernel space from a keyring key, which allows for the support of logon, encrypted, and trusted key types. Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set to leverage this feature. This follows the asymmetric_key type where key lookup calls eventually lead to keyring_search_rcu() without the KEYRING_SEARCH_NO_CHECK_PERM flag set. Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/af_alg.c135
1 files changed, 134 insertions, 1 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index e893c0f6c879..0a4fa2a429e2 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -12,6 +12,8 @@
#include <linux/crypto.h>
#include <linux/init.h>
#include <linux/kernel.h>
+#include <linux/key.h>
+#include <linux/key-type.h>
#include <linux/list.h>
#include <linux/module.h>
#include <linux/net.h>
@@ -19,6 +21,10 @@
#include <linux/sched.h>
#include <linux/sched/signal.h>
#include <linux/security.h>
+#include <linux/string.h>
+#include <keys/user-type.h>
+#include <keys/trusted-type.h>
+#include <keys/encrypted-type.h>
struct alg_type_list {
const struct af_alg_type *type;
@@ -222,6 +228,129 @@ out:
return err;
}
+#ifdef CONFIG_KEYS
+
+static const u8 *key_data_ptr_user(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct user_key_payload *ukp;
+
+ ukp = user_key_payload_locked(key);
+ if (IS_ERR_OR_NULL(ukp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = key->datalen;
+
+ return ukp->data;
+}
+
+static const u8 *key_data_ptr_encrypted(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct encrypted_key_payload *ekp;
+
+ ekp = dereference_key_locked(key);
+ if (IS_ERR_OR_NULL(ekp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = ekp->decrypted_datalen;
+
+ return ekp->decrypted_data;
+}
+
+static const u8 *key_data_ptr_trusted(const struct key *key,
+ unsigned int *datalen)
+{
+ const struct trusted_key_payload *tkp;
+
+ tkp = dereference_key_locked(key);
+ if (IS_ERR_OR_NULL(tkp))
+ return ERR_PTR(-EKEYREVOKED);
+
+ *datalen = tkp->key_len;
+
+ return tkp->key;
+}
+
+static struct key *lookup_key(key_serial_t serial)
+{
+ key_ref_t key_ref;
+
+ key_ref = lookup_user_key(serial, 0, KEY_NEED_SEARCH);
+ if (IS_ERR(key_ref))
+ return ERR_CAST(key_ref);
+
+ return key_ref_to_ptr(key_ref);
+}
+
+static int alg_setkey_by_key_serial(struct alg_sock *ask, sockptr_t optval,
+ unsigned int optlen)
+{
+ const struct af_alg_type *type = ask->type;
+ u8 *key_data = NULL;
+ unsigned int key_datalen;
+ key_serial_t serial;
+ struct key *key;
+ const u8 *ret;
+ int err;
+
+ if (optlen != sizeof(serial))
+ return -EINVAL;
+
+ if (copy_from_sockptr(&serial, optval, optlen))
+ return -EFAULT;
+
+ key = lookup_key(serial);
+ if (IS_ERR(key))
+ return PTR_ERR(key);
+
+ down_read(&key->sem);
+
+ ret = ERR_PTR(-ENOPROTOOPT);
+ if (!strcmp(key->type->name, "user") ||
+ !strcmp(key->type->name, "logon")) {
+ ret = key_data_ptr_user(key, &key_datalen);
+ } else if (IS_REACHABLE(CONFIG_ENCRYPTED_KEYS) &&
+ !strcmp(key->type->name, "encrypted")) {
+ ret = key_data_ptr_encrypted(key, &key_datalen);
+ } else if (IS_REACHABLE(CONFIG_TRUSTED_KEYS) &&
+ !strcmp(key->type->name, "trusted")) {
+ ret = key_data_ptr_trusted(key, &key_datalen);
+ }
+
+ if (IS_ERR(ret)) {
+ up_read(&key->sem);
+ return PTR_ERR(ret);
+ }
+
+ key_data = sock_kmalloc(&ask->sk, key_datalen, GFP_KERNEL);
+ if (!key_data) {
+ up_read(&key->sem);
+ return -ENOMEM;
+ }
+
+ memcpy(key_data, ret, key_datalen);
+
+ up_read(&key->sem);
+
+ err = type->setkey(ask->private, key_data, key_datalen);
+
+ sock_kzfree_s(&ask->sk, key_data, key_datalen);
+
+ return err;
+}
+
+#else
+
+static inline int alg_setkey_by_key_serial(struct alg_sock *ask,
+ sockptr_t optval,
+ unsigned int optlen)
+{
+ return -ENOPROTOOPT;
+}
+
+#endif
+
static int alg_setsockopt(struct socket *sock, int level, int optname,
sockptr_t optval, unsigned int optlen)
{
@@ -242,12 +371,16 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
switch (optname) {
case ALG_SET_KEY:
+ case ALG_SET_KEY_BY_KEY_SERIAL:
if (sock->state == SS_CONNECTED)
goto unlock;
if (!type->setkey)
goto unlock;
- err = alg_setkey(sk, optval, optlen);
+ if (optname == ALG_SET_KEY_BY_KEY_SERIAL)
+ err = alg_setkey_by_key_serial(ask, optval, optlen);
+ else
+ err = alg_setkey(sk, optval, optlen);
break;
case ALG_SET_AEAD_AUTHSIZE:
if (sock->state == SS_CONNECTED)