KEYS: encrypted: sanitize all key material
For keys of type "encrypted", consistently zero sensitive key material before freeing it. This was already being done for the decrypted payloads of encrypted keys, but not for the master key and the keys derived from the master key. Out of an abundance of caution and because it is trivial to do so, also zero buffers containing the key payload in encrypted form, although depending on how the encrypted-keys feature is used such information does not necessarily need to be kept secret. Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: David Safford <safford@us.ibm.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Eric Biggers
James Morris
parent
6966c74932
commit
a9dd74b252
|
|
@ -375,7 +375,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
|
||||||
memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
|
memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
|
||||||
master_keylen);
|
master_keylen);
|
||||||
ret = calc_hash(hash_tfm, derived_key, derived_buf, derived_buf_len);
|
ret = calc_hash(hash_tfm, derived_key, derived_buf, derived_buf_len);
|
||||||
kfree(derived_buf);
|
kzfree(derived_buf);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -507,6 +507,7 @@ static int datablob_hmac_append(struct encrypted_key_payload *epayload,
|
||||||
if (!ret)
|
if (!ret)
|
||||||
dump_hmac(NULL, digest, HASH_SIZE);
|
dump_hmac(NULL, digest, HASH_SIZE);
|
||||||
out:
|
out:
|
||||||
|
memzero_explicit(derived_key, sizeof(derived_key));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -545,6 +546,7 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
|
||||||
dump_hmac("calc", digest, HASH_SIZE);
|
dump_hmac("calc", digest, HASH_SIZE);
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
|
memzero_explicit(derived_key, sizeof(derived_key));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -701,6 +703,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
|
||||||
out:
|
out:
|
||||||
up_read(&mkey->sem);
|
up_read(&mkey->sem);
|
||||||
key_put(mkey);
|
key_put(mkey);
|
||||||
|
memzero_explicit(derived_key, sizeof(derived_key));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -807,13 +810,13 @@ static int encrypted_instantiate(struct key *key,
|
||||||
ret = encrypted_init(epayload, key->description, format, master_desc,
|
ret = encrypted_init(epayload, key->description, format, master_desc,
|
||||||
decrypted_datalen, hex_encoded_iv);
|
decrypted_datalen, hex_encoded_iv);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
kfree(epayload);
|
kzfree(epayload);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
rcu_assign_keypointer(key, epayload);
|
rcu_assign_keypointer(key, epayload);
|
||||||
out:
|
out:
|
||||||
kfree(datablob);
|
kzfree(datablob);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -822,8 +825,7 @@ static void encrypted_rcu_free(struct rcu_head *rcu)
|
||||||
struct encrypted_key_payload *epayload;
|
struct encrypted_key_payload *epayload;
|
||||||
|
|
||||||
epayload = container_of(rcu, struct encrypted_key_payload, rcu);
|
epayload = container_of(rcu, struct encrypted_key_payload, rcu);
|
||||||
memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
|
kzfree(epayload);
|
||||||
kfree(epayload);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -881,7 +883,7 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
|
||||||
rcu_assign_keypointer(key, new_epayload);
|
rcu_assign_keypointer(key, new_epayload);
|
||||||
call_rcu(&epayload->rcu, encrypted_rcu_free);
|
call_rcu(&epayload->rcu, encrypted_rcu_free);
|
||||||
out:
|
out:
|
||||||
kfree(buf);
|
kzfree(buf);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -939,33 +941,26 @@ static long encrypted_read(const struct key *key, char __user *buffer,
|
||||||
|
|
||||||
up_read(&mkey->sem);
|
up_read(&mkey->sem);
|
||||||
key_put(mkey);
|
key_put(mkey);
|
||||||
|
memzero_explicit(derived_key, sizeof(derived_key));
|
||||||
|
|
||||||
if (copy_to_user(buffer, ascii_buf, asciiblob_len) != 0)
|
if (copy_to_user(buffer, ascii_buf, asciiblob_len) != 0)
|
||||||
ret = -EFAULT;
|
ret = -EFAULT;
|
||||||
kfree(ascii_buf);
|
kzfree(ascii_buf);
|
||||||
|
|
||||||
return asciiblob_len;
|
return asciiblob_len;
|
||||||
out:
|
out:
|
||||||
up_read(&mkey->sem);
|
up_read(&mkey->sem);
|
||||||
key_put(mkey);
|
key_put(mkey);
|
||||||
|
memzero_explicit(derived_key, sizeof(derived_key));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* encrypted_destroy - before freeing the key, clear the decrypted data
|
* encrypted_destroy - clear and free the key's payload
|
||||||
*
|
|
||||||
* Before freeing the key, clear the memory containing the decrypted
|
|
||||||
* key data.
|
|
||||||
*/
|
*/
|
||||||
static void encrypted_destroy(struct key *key)
|
static void encrypted_destroy(struct key *key)
|
||||||
{
|
{
|
||||||
struct encrypted_key_payload *epayload = key->payload.data[0];
|
kzfree(key->payload.data[0]);
|
||||||
|
|
||||||
if (!epayload)
|
|
||||||
return;
|
|
||||||
|
|
||||||
memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen);
|
|
||||||
kfree(key->payload.data[0]);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
struct key_type key_type_encrypted = {
|
struct key_type key_type_encrypted = {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue