Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e70cb49 authored by Mimi Zohar's avatar Mimi Zohar Committed by James Morris
Browse files

keys: add new key-type encrypted



Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
generated random numbers, which are encrypted/decrypted with a 'trusted'
symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
Userspace only ever sees/stores encrypted blobs.

Changelog:
- bug fix: replaced master-key rcu based locking with semaphore
  (reported by David Howells)
- Removed memset of crypto_shash_digest() digest output
- Replaced verification of 'key-type:key-desc' using strcspn(), with
  one based on string constants.
- Moved documentation to Documentation/keys-trusted-encrypted.txt
- Replace hash with shash (based on comments by David Howells)
- Make lengths/counts size_t where possible (based on comments by David Howells)
  Could not convert most lengths, as crypto expects 'unsigned int'
  (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)
- Add 'const' where possible (based on comments by David Howells)
- allocate derived_buf dynamically to support arbitrary length master key
  (fixed by Roberto Sassu)
- wait until late_initcall for crypto libraries to be registered
- cleanup security/Kconfig
- Add missing 'update' keyword (reported/fixed by Roberto Sassu)
- Free epayload on failure to create key (reported/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
  remove unnecessary tests.
- Replaced kzalloc() with kmalloc()

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
Reviewed-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent d00a1c72
Loading
Loading
Loading
Loading
+29 −0
Original line number Original line Diff line number Diff line
/*
 * Copyright (C) 2010 IBM Corporation
 * Author: Mimi Zohar <zohar@us.ibm.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, version 2 of the License.
 */

#ifndef _KEYS_ENCRYPTED_TYPE_H
#define _KEYS_ENCRYPTED_TYPE_H

#include <linux/key.h>
#include <linux/rcupdate.h>

struct encrypted_key_payload {
	struct rcu_head rcu;
	char *master_desc;	/* datablob: master key name */
	char *datalen;		/* datablob: decrypted key length */
	u8 *iv;			/* datablob: iv */
	u8 *encrypted_data;	/* datablob: encrypted data */
	unsigned short datablob_len;	/* length of datablob */
	unsigned short decrypted_datalen;	/* decrypted data length */
	u8 decrypted_data[0];	/* decrypted data +  datablob + hmac */
};

extern struct key_type key_type_encrypted;

#endif /* _KEYS_ENCRYPTED_TYPE_H */
+16 −0
Original line number Original line Diff line number Diff line
@@ -36,6 +36,22 @@ config TRUSTED_KEYS


	  If you are unsure as to whether this is required, answer N.
	  If you are unsure as to whether this is required, answer N.


config ENCRYPTED_KEYS
	tristate "ENCRYPTED KEYS"
	depends on KEYS && TRUSTED_KEYS
	select CRYPTO_AES
	select CRYPTO_CBC
	select CRYPTO_SHA256
	select CRYPTO_RNG
	help
	  This option provides support for create/encrypting/decrypting keys
	  in the kernel.  Encrypted keys are kernel generated random numbers,
	  which are encrypted/decrypted with a 'master' symmetric key. The
	  'master' key can be either a trusted-key or user-key type.
	  Userspace only ever sees/stores encrypted blobs.

	  If you are unsure as to whether this is required, answer N.

config KEYS_DEBUG_PROC_KEYS
config KEYS_DEBUG_PROC_KEYS
	bool "Enable the /proc/keys file by which keys may be viewed"
	bool "Enable the /proc/keys file by which keys may be viewed"
	depends on KEYS
	depends on KEYS
+1 −0
Original line number Original line Diff line number Diff line
@@ -14,6 +14,7 @@ obj-y := \
	user_defined.o
	user_defined.o


obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o
obj-$(CONFIG_KEYS_COMPAT) += compat.o
obj-$(CONFIG_KEYS_COMPAT) += compat.o
obj-$(CONFIG_PROC_FS) += proc.o
obj-$(CONFIG_PROC_FS) += proc.o
obj-$(CONFIG_SYSCTL) += sysctl.o
obj-$(CONFIG_SYSCTL) += sysctl.o
+907 −0

File added.

Preview size limit exceeded, changes collapsed.

+56 −0
Original line number Original line Diff line number Diff line
#ifndef __ENCRYPTED_KEY_H
#define __ENCRYPTED_KEY_H

#define ENCRYPTED_DEBUG 0

#if ENCRYPTED_DEBUG
static inline void dump_master_key(const u8 *master_key,
				   unsigned int master_keylen)
{
	print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,
		       master_key, master_keylen, 0);
}

static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)
{
	print_hex_dump(KERN_ERR, "decrypted data: ", DUMP_PREFIX_NONE, 32, 1,
		       epayload->decrypted_data,
		       epayload->decrypted_datalen, 0);
}

static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,
				       unsigned int encrypted_datalen)
{
	print_hex_dump(KERN_ERR, "encrypted data: ", DUMP_PREFIX_NONE, 32, 1,
		       epayload->encrypted_data, encrypted_datalen, 0);
}

static inline void dump_hmac(const char *str, const u8 *digest,
			     unsigned int hmac_size)
{
	if (str)
		pr_info("encrypted_key: %s", str);
	print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,
		       hmac_size, 0);
}
#else
static inline void dump_master_key(const u8 *master_key,
				   unsigned int master_keylen)
{
}

static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)
{
}

static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,
				       unsigned int encrypted_datalen)
{
}

static inline void dump_hmac(const char *str, const u8 *digest,
			     unsigned int hmac_size)
{
}
#endif
#endif