Commit 7e70cb49 authored by Mimi Zohar's avatar Mimi Zohar Committed by James Morris
Browse files

keys: add new key-type encrypted



Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
generated random numbers, which are encrypted/decrypted with a 'trusted'
symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
Userspace only ever sees/stores encrypted blobs.

Changelog:
- bug fix: replaced master-key rcu based locking with semaphore
  (reported by David Howells)
- Removed memset of crypto_shash_digest() digest output
- Replaced verification of 'key-type:key-desc' using strcspn(), with
  one based on string constants.
- Moved documentation to Documentation/keys-trusted-encrypted.txt
- Replace hash with shash (based on comments by David Howells)
- Make lengths/counts size_t where possible (based on comments by David Howells)
  Could not convert most lengths, as crypto expects 'unsigned int'
  (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)
- Add 'const' where possible (based on comments by David Howells)
- allocate derived_buf dynamically to support arbitrary length master key
  (fixed by Roberto Sassu)
- wait until late_initcall for crypto libraries to be registered
- cleanup security/Kconfig
- Add missing 'update' keyword (reported/fixed by Roberto Sassu)
- Free epayload on failure to create key (reported/fixed by Roberto Sassu)
- Increase the data size limit (requested by Roberto Sassu)
- Crypto return codes are always 0 on success and negative on failure,
  remove unnecessary tests.
- Replaced kzalloc() with kmalloc()
Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
Reviewed-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent d00a1c72
/*
* Copyright (C) 2010 IBM Corporation
* Author: Mimi Zohar <zohar@us.ibm.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2 of the License.
*/
#ifndef _KEYS_ENCRYPTED_TYPE_H
#define _KEYS_ENCRYPTED_TYPE_H
#include <linux/key.h>
#include <linux/rcupdate.h>
struct encrypted_key_payload {
struct rcu_head rcu;
char *master_desc; /* datablob: master key name */
char *datalen; /* datablob: decrypted key length */
u8 *iv; /* datablob: iv */
u8 *encrypted_data; /* datablob: encrypted data */
unsigned short datablob_len; /* length of datablob */
unsigned short decrypted_datalen; /* decrypted data length */
u8 decrypted_data[0]; /* decrypted data + datablob + hmac */
};
extern struct key_type key_type_encrypted;
#endif /* _KEYS_ENCRYPTED_TYPE_H */
......@@ -36,6 +36,22 @@ config TRUSTED_KEYS
If you are unsure as to whether this is required, answer N.
config ENCRYPTED_KEYS
tristate "ENCRYPTED KEYS"
depends on KEYS && TRUSTED_KEYS
select CRYPTO_AES
select CRYPTO_CBC
select CRYPTO_SHA256
select CRYPTO_RNG
help
This option provides support for create/encrypting/decrypting keys
in the kernel. Encrypted keys are kernel generated random numbers,
which are encrypted/decrypted with a 'master' symmetric key. The
'master' key can be either a trusted-key or user-key type.
Userspace only ever sees/stores encrypted blobs.
If you are unsure as to whether this is required, answer N.
config KEYS_DEBUG_PROC_KEYS
bool "Enable the /proc/keys file by which keys may be viewed"
depends on KEYS
......
......@@ -14,6 +14,7 @@ obj-y := \
user_defined.o
obj-$(CONFIG_TRUSTED_KEYS) += trusted_defined.o
obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted_defined.o
obj-$(CONFIG_KEYS_COMPAT) += compat.o
obj-$(CONFIG_PROC_FS) += proc.o
obj-$(CONFIG_SYSCTL) += sysctl.o
This diff is collapsed.
#ifndef __ENCRYPTED_KEY_H
#define __ENCRYPTED_KEY_H
#define ENCRYPTED_DEBUG 0
#if ENCRYPTED_DEBUG
static inline void dump_master_key(const u8 *master_key,
unsigned int master_keylen)
{
print_hex_dump(KERN_ERR, "master key: ", DUMP_PREFIX_NONE, 32, 1,
master_key, master_keylen, 0);
}
static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)
{
print_hex_dump(KERN_ERR, "decrypted data: ", DUMP_PREFIX_NONE, 32, 1,
epayload->decrypted_data,
epayload->decrypted_datalen, 0);
}
static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,
unsigned int encrypted_datalen)
{
print_hex_dump(KERN_ERR, "encrypted data: ", DUMP_PREFIX_NONE, 32, 1,
epayload->encrypted_data, encrypted_datalen, 0);
}
static inline void dump_hmac(const char *str, const u8 *digest,
unsigned int hmac_size)
{
if (str)
pr_info("encrypted_key: %s", str);
print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,
hmac_size, 0);
}
#else
static inline void dump_master_key(const u8 *master_key,
unsigned int master_keylen)
{
}
static inline void dump_decrypted_data(struct encrypted_key_payload *epayload)
{
}
static inline void dump_encrypted_data(struct encrypted_key_payload *epayload,
unsigned int encrypted_datalen)
{
}
static inline void dump_hmac(const char *str, const u8 *digest,
unsigned int hmac_size)
{
}
#endif
#endif
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment