From patchwork Fri Apr 21 08:30:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9692103 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3C7E16038E for ; Fri, 21 Apr 2017 08:34:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2E8D328614 for ; Fri, 21 Apr 2017 08:34:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 23AAA28616; Fri, 21 Apr 2017 08:34:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BFE6728614 for ; Fri, 21 Apr 2017 08:34:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1036734AbdDUIcL (ORCPT ); Fri, 21 Apr 2017 04:32:11 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:36434 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1035971AbdDUIcH (ORCPT ); Fri, 21 Apr 2017 04:32:07 -0400 Received: by mail-oi0-f66.google.com with SMTP id a3so12828054oii.3; Fri, 21 Apr 2017 01:32:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=I7RhRraQctk2iOg5JlsYRyEeKHeiIDbD7+E9xQA0ijw=; b=J6SDFAstFyiazz03VlbDiIIx5olAlNzG/1C78Pf1TnRAyboXL+TBb9DmTmUGDSwUkO 8DnHxV8WZBfvccEgAT0VhyCStNQeZVyXSDzVMA1/Bt1cb0uuyhRuJL1p6DBnXU4p/vsD xtSzrIEIgtylhPMW4sqGYMdFcKH7sgU4YDcfvVI+mbjpBUh/Zam6xh6xRnZ8XErBfOCi O6/SBA1CB5N/Gob6KVH/LqMhms1Z4phCtXr0JAOBaSmjxd7vpFyi+gRV1AV0ZBzRCwgv r9StiN3ns+qJoGmRbW5cnW/oTgMARmfIBbQqEIShEmoPCvXCikxvkhqX9OYDqg4URTw+ L3lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=I7RhRraQctk2iOg5JlsYRyEeKHeiIDbD7+E9xQA0ijw=; b=CZ2HhUklZFOUZEU98ikyrDpElTG9FDK3WtcIltIezaMEl9CVxvH9iY04PTqjKAfTeA Wr8O/tP+i0HNclsbGjjzlpy1CDC6LfyirpuQ1H0LwGdzDmk6q1G3lj8hddF3Z9ZpJ6y8 Mv7l9SV9Ql8fWahK8Ts0VKTrtBvYiHuMuCK8Vh/3YSywI32Lk5vBL++JVYZz9OWC9mgl z9KBMd4aDyfeCeUynk1t30gukCLbIZstpNmVLFUfblrOyWNUl1l8PK29pH0gSSkVPxgJ XLwSuPTVGa3yL3bdZ9+QRuAYoRrDgBvI5YtpHsFynQwgVG0by7iB47njI5gbvh7IFpu3 lr2w== X-Gm-Message-State: AN3rC/6ZikT9VT2AnbfItXM02xnxuDfq4e0n8Lzk2h25EKIdYhZ5IpRi t1TGMBgp3WkrNg== X-Received: by 10.84.238.198 with SMTP id l6mr14722889pln.95.1492763526618; Fri, 21 Apr 2017 01:32:06 -0700 (PDT) Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net. [73.239.167.150]) by smtp.gmail.com with ESMTPSA id m187sm14593981pfm.122.2017.04.21.01.32.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 01:32:06 -0700 (PDT) From: Eric Biggers To: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org, David Howells , linux-kernel@vger.kernel.org, Eric Biggers , Mimi Zohar , David Safford Subject: [PATCH 3/5] KEYS: encrypted: sanitize all key material Date: Fri, 21 Apr 2017 01:30:35 -0700 Message-Id: <20170421083037.12746-4-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170421083037.12746-1-ebiggers3@gmail.com> References: <20170421083037.12746-1-ebiggers3@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers For keys of type "encrypted", consistently zero sensitive key material before freeing it. This was already being done for the decrypted payloads of encrypted keys, but not for the master key and the keys derived from the master key. Out of an abundance of caution and because it is trivial to do so, also zero buffers containing the key payload in encrypted form, although depending on how the encrypted-keys feature is used such information does not necessarily need to be kept secret. Cc: Mimi Zohar Cc: David Safford Signed-off-by: Eric Biggers --- security/keys/encrypted-keys/encrypted.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 0010955d7876..1ca895e7e56a 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -397,7 +397,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, memcpy(derived_buf + strlen(derived_buf) + 1, master_key, master_keylen); ret = calc_hash(derived_key, derived_buf, derived_buf_len); - kfree(derived_buf); + kzfree(derived_buf); return ret; } @@ -533,6 +533,7 @@ static int datablob_hmac_append(struct encrypted_key_payload *epayload, if (!ret) dump_hmac(NULL, digest, HASH_SIZE); out: + memzero_explicit(derived_key, sizeof(derived_key)); return ret; } @@ -571,6 +572,7 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload, dump_hmac("calc", digest, HASH_SIZE); } out: + memzero_explicit(derived_key, sizeof(derived_key)); return ret; } @@ -722,6 +724,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, out: up_read(&mkey->sem); key_put(mkey); + memzero_explicit(derived_key, sizeof(derived_key)); return ret; } @@ -828,13 +831,13 @@ static int encrypted_instantiate(struct key *key, ret = encrypted_init(epayload, key->description, format, master_desc, decrypted_datalen, hex_encoded_iv); if (ret < 0) { - kfree(epayload); + kzfree(epayload); goto out; } rcu_assign_keypointer(key, epayload); out: - kfree(datablob); + kzfree(datablob); return ret; } @@ -843,8 +846,7 @@ static void encrypted_rcu_free(struct rcu_head *rcu) struct encrypted_key_payload *epayload; epayload = container_of(rcu, struct encrypted_key_payload, rcu); - memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); - kfree(epayload); + kzfree(epayload); } /* @@ -902,7 +904,7 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) rcu_assign_keypointer(key, new_epayload); call_rcu(&epayload->rcu, encrypted_rcu_free); out: - kfree(buf); + kzfree(buf); return ret; } @@ -960,33 +962,26 @@ static long encrypted_read(const struct key *key, char __user *buffer, up_read(&mkey->sem); key_put(mkey); + memzero_explicit(derived_key, sizeof(derived_key)); if (copy_to_user(buffer, ascii_buf, asciiblob_len) != 0) ret = -EFAULT; - kfree(ascii_buf); + kzfree(ascii_buf); return asciiblob_len; out: up_read(&mkey->sem); key_put(mkey); + memzero_explicit(derived_key, sizeof(derived_key)); return ret; } /* - * encrypted_destroy - before freeing the key, clear the decrypted data - * - * Before freeing the key, clear the memory containing the decrypted - * key data. + * encrypted_destroy - clear and free the key's payload */ static void encrypted_destroy(struct key *key) { - struct encrypted_key_payload *epayload = key->payload.data[0]; - - if (!epayload) - return; - - memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen); - kfree(key->payload.data[0]); + kzfree(key->payload.data[0]); } struct key_type key_type_encrypted = {