From patchwork Wed Jan 10 12:44:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Andr=C3=A9_Draszik?= X-Patchwork-Id: 10155059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A915360231 for ; Wed, 10 Jan 2018 12:44:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 96088212BE for ; Wed, 10 Jan 2018 12:44:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8842B2835B; Wed, 10 Jan 2018 12:44:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D585212BE for ; Wed, 10 Jan 2018 12:44:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933795AbeAJMoX (ORCPT ); Wed, 10 Jan 2018 07:44:23 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:35532 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932681AbeAJMoW (ORCPT ); Wed, 10 Jan 2018 07:44:22 -0500 Received: by mail-wm0-f66.google.com with SMTP id r78so1547547wme.0; Wed, 10 Jan 2018 04:44:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7qkAgdFiuQ3rZd2Ua3pM/U5oRrkhxuyFmI/DdsX8bhY=; b=dQE2Zcmx+cvVRCAEgCUB+oVFWX9XVjhKxI8iXZJNcRLAnINSmBNDJKCeb8w5Vm6Mr1 yXfMGHW/+2nU3/7o4IeKNjG1177REqHxMgZa87I6sLA8mNrSEjRBemfssI8He4DGIlmG Fpu9hkwNecL0dVavLQTudjGfqnjOxiSM/1HXPKTc7tdompgFosTJ2D8i5xVxUH5ZEZsA wS8yx5my9XqG4rBUOmR/ZzatlDMUeBAEXtdJErPcgnmqRFPmvUxigQqkdU/DWy6TmuaB 0QCyPRnVEvcgdy3cw+is4GGggX+CLJ/shFHeJGav97J6tJPLeq1yoIWraXaJ8S0S6JHT FXhQ== X-Gm-Message-State: AKwxytePkxIxZQ2/eN66Gi4K8yjezjFXkEYqVHnncBTx8OzDsaS2RVVG ZPVFBFQmOhNrtXysZ2sfd4s1ig9g4bk= X-Google-Smtp-Source: ACJfBosNK98mv1LXnjcZLLm/wF4KObtKW6pT9EgvGj8RaaqnwyhVAYQjcOuDBygBqKUGHdMIY+kJpQ== X-Received: by 10.80.204.219 with SMTP id b27mr6658666edj.18.1515588259995; Wed, 10 Jan 2018 04:44:19 -0800 (PST) Received: from tfsielt31850.garage.tyco.com ([77.107.218.170]) by smtp.gmail.com with ESMTPSA id c1sm1748119edk.72.2018.01.10.04.44.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:44:19 -0800 (PST) From: =?UTF-8?q?Andr=C3=A9=20Draszik?= To: linux-kernel@vger.kernel.org Cc: Mimi Zohar , David Howells , James Morris , "Serge E. Hallyn" , "Theodore Y. Ts'o" , Jaegeuk Kim , Kees Cook , linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fscrypt@vger.kernel.org Subject: [PATCH 1/3] encrypted-keys: add fscrypt format support Date: Wed, 10 Jan 2018 12:44:16 +0000 Message-Id: <20180110124418.24385-1-git@andred.net> X-Mailer: git-send-email 2.15.1 MIME-Version: 1.0 Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This is heavily based on commit 79a73d188726 ("encrypted-keys: add ecryptfs format support"). The 'encrypted' key type defines its own payload format which contains a symmetric key randomly generated that cannot be used directly by the fscrypt subsystem, because it instead expects an fscrypt_key structure. This patch introduces the new format 'fscrypt' that allows to store an fscrypt_key structure inside the encrypted key payload containing a randomly generated symmetric key, as the same for the format 'default' and 'ecryptfs'. More details about the usage of encrypted keys with the fscrypt subsystem can be found in the file 'Documentation/security/keys/fscrypt.rst'. Signed-off-by: André Draszik Cc: Mimi Zohar Cc: David Howells Cc: James Morris Cc: "Serge E. Hallyn" Cc: "Theodore Y. Ts'o" Cc: Jaegeuk Kim Cc: Kees Cook Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org --- security/keys/encrypted-keys/Makefile | 2 +- security/keys/encrypted-keys/encrypted.c | 19 +++++++- security/keys/encrypted-keys/fscrypt_format.c | 70 +++++++++++++++++++++++++++ security/keys/encrypted-keys/fscrypt_format.h | 20 ++++++++ 4 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 security/keys/encrypted-keys/fscrypt_format.c create mode 100644 security/keys/encrypted-keys/fscrypt_format.h diff --git a/security/keys/encrypted-keys/Makefile b/security/keys/encrypted-keys/Makefile index 7a44dce6f69d..586702ce9622 100644 --- a/security/keys/encrypted-keys/Makefile +++ b/security/keys/encrypted-keys/Makefile @@ -5,7 +5,7 @@ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o -encrypted-keys-y := encrypted.o ecryptfs_format.o +encrypted-keys-y := encrypted.o ecryptfs_format.o fscrypt_format.o masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o encrypted-keys-y += $(masterkey-y) $(masterkey-m-m) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index d92cbf9687c3..b570a930583a 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -37,6 +37,7 @@ #include "encrypted.h" #include "ecryptfs_format.h" +#include "fscrypt_format.h" static const char KEY_TRUSTED_PREFIX[] = "trusted:"; static const char KEY_USER_PREFIX[] = "user:"; @@ -45,6 +46,7 @@ static const char hmac_alg[] = "hmac(sha256)"; static const char blkcipher_alg[] = "cbc(aes)"; static const char key_format_default[] = "default"; static const char key_format_ecryptfs[] = "ecryptfs"; +static const char key_format_fscrypt[] = "fscrypt"; static unsigned int ivsize; static int blksize; @@ -62,12 +64,13 @@ enum { }; enum { - Opt_error = -1, Opt_default, Opt_ecryptfs + Opt_error = -1, Opt_default, Opt_ecryptfs, Opt_fscrypt }; static const match_table_t key_format_tokens = { {Opt_default, "default"}, {Opt_ecryptfs, "ecryptfs"}, + {Opt_fscrypt, "fscrypt"}, {Opt_error, NULL} }; @@ -185,7 +188,7 @@ static int datablob_parse(char *datablob, const char **format, } key_cmd = match_token(keyword, key_tokens, args); - /* Get optional format: default | ecryptfs */ + /* Get optional format: default | ecryptfs | fscrypt */ p = strsep(&datablob, " \t"); if (!p) { pr_err("encrypted_key: insufficient parameters specified\n"); @@ -194,6 +197,7 @@ static int datablob_parse(char *datablob, const char **format, key_format = match_token(p, key_format_tokens, args); switch (key_format) { + case Opt_fscrypt: case Opt_ecryptfs: case Opt_default: *format = p; @@ -634,6 +638,11 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, } decrypted_datalen = ECRYPTFS_MAX_KEY_BYTES; payload_datalen = sizeof(struct ecryptfs_auth_tok); + } else if (format && !strcmp(format, key_format_fscrypt)) { + ret = fscrypt_encrypted_key_reserve_payload(decrypted_datalen, + &payload_datalen); + if (ret < 0) + return ERR_PTR(ret); } encrypted_datalen = roundup(decrypted_datalen, blksize); @@ -734,6 +743,8 @@ static void __ekey_init(struct encrypted_key_payload *epayload, if (!strcmp(format, key_format_ecryptfs)) epayload->decrypted_data = ecryptfs_get_auth_tok_key((struct ecryptfs_auth_tok *)epayload->payload_data); + else if (!strcmp(format, key_format_fscrypt)) + fscrypt__ekey_init(epayload); memcpy(epayload->format, format, format_len); } @@ -762,6 +773,10 @@ static int encrypted_init(struct encrypted_key_payload *epayload, ecryptfs_fill_auth_tok((struct ecryptfs_auth_tok *)epayload->payload_data, key_desc); + } else if (format && !strcmp(format, key_format_fscrypt)) { + ret = fscrypt_valid_desc(key_desc); + if (ret < 0) + return ret; } __ekey_init(epayload, format, master_desc, datalen); diff --git a/security/keys/encrypted-keys/fscrypt_format.c b/security/keys/encrypted-keys/fscrypt_format.c new file mode 100644 index 000000000000..7620c0fa3ff9 --- /dev/null +++ b/security/keys/encrypted-keys/fscrypt_format.c @@ -0,0 +1,70 @@ +/* + * fscrypt_format.c: helper functions for the encrypted key type + * + * Copyright (C) 2006 International Business Machines Corp. + * Copyright (C) 2010 Politecnico di Torino, Italy + * TORSEC group -- http://security.polito.it + * + * Authors: + * André Draszik + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2 of the License. + */ + +#include +#define __FS_HAS_ENCRYPTION 0 +#include +#include +#include +#include "fscrypt_format.h" + + +#define FS_KEY_DESCRIPTOR_HEX_SIZE (FS_KEY_DESCRIPTOR_SIZE*2) + +int fscrypt_encrypted_key_reserve_payload(unsigned short decrypted_datalen, + unsigned short *payload_datalen) +{ + if (decrypted_datalen < AES_BLOCK_SIZE /* FS_AES_128_CBC_KEY_SIZE */ + || decrypted_datalen > FS_MAX_KEY_SIZE + || decrypted_datalen % AES_BLOCK_SIZE != 0) { + pr_err("encrypted_key: fscrypt keylen must be a multiple of %d up to %d bytes\n", + AES_BLOCK_SIZE, FS_MAX_KEY_SIZE); + return -EINVAL; + } + *payload_datalen = sizeof(struct fscrypt_key); + return 0; +} + +void fscrypt__ekey_init(struct encrypted_key_payload *epayload) +{ + struct fscrypt_key *fk = (struct fscrypt_key *)epayload->payload_data; + + epayload->decrypted_data = fk->raw; + + fk->mode = 0; + fk->size = epayload->decrypted_datalen; +} + +int fscrypt_valid_desc(const char *desc) +{ + int i; + + if (strlen(desc) != (FS_KEY_DESC_PREFIX_SIZE + + FS_KEY_DESCRIPTOR_HEX_SIZE)) + goto error; + if (memcmp(desc, FS_KEY_DESC_PREFIX, FS_KEY_DESC_PREFIX_SIZE)) + goto error; + desc += FS_KEY_DESC_PREFIX_SIZE; + for (i = 0; i < FS_KEY_DESCRIPTOR_HEX_SIZE; i++) + if (!isxdigit(desc[i])) + goto error; + + return 0; + +error: + pr_err("encrypted_key: key description must be 'fscrypt:'\n"); + return -EINVAL; +} + diff --git a/security/keys/encrypted-keys/fscrypt_format.h b/security/keys/encrypted-keys/fscrypt_format.h new file mode 100644 index 000000000000..c6d7da1a2113 --- /dev/null +++ b/security/keys/encrypted-keys/fscrypt_format.h @@ -0,0 +1,20 @@ +/* + * fscrypt_format.h: helper functions for the encrypted key type + * + * Copyright (C) 2006 International Business Machines Corp. + * Copyright (C) 2010 Politecnico di Torino, Italy + * TORSEC group -- http://security.polito.it + * + * Authors: + * André Draszik + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2 of the License. + */ +#pragma once + +int fscrypt_encrypted_key_reserve_payload(unsigned short decrypted_datalen, + unsigned short *payload_datalen); +void fscrypt__ekey_init(struct encrypted_key_payload *epayload); +int fscrypt_valid_desc(const char *desc);