Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp376763pxv; Thu, 22 Jul 2021 02:19:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwo8zrGKIXOB4HbM5C7gntxWkUintziRzi7igH1/+GpCX3MKISHkl0QqrnjWJPMUbgHsg9h X-Received: by 2002:a92:cd8a:: with SMTP id r10mr25417507ilb.287.1626945584540; Thu, 22 Jul 2021 02:19:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626945584; cv=none; d=google.com; s=arc-20160816; b=ySild8jEHGnYG3rA1KTPYy0YrBI9KVGgTUyxykcRy53WHhthfhe/o5ZJqfbbOR/y+D QDMMUbmfGTBhKYPoO3OR5D0MWKAZmIywNZFeumEbXaLltljf+uZQr3MaN5S/omNTOBZj 8aYDgDYr2fZ1dOJ640gTc0ynS4HR0s89QYWXeu500NW2mXeywltLNk/G3WWhKNdRdcjQ oZkfxsc20g14RLaSUOeadokTZINLldt2kpI/BaTVpfdwI742BwMmBkZkH8Lne2sxdLWg RvEDST8jldWAHHjRvcOMhdTa6ItgWZCFX4tnPCS2WfUbyixQf0uJ3p6+Ur/zt/Ew9ZVt e+yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=efMjKOZ7SJKMTKp6neOcZUpAO3eg5zKun57ZsSflfwk=; b=ioWZKm2VQib8RITBBFLKVUuW78Lpe0diUSO9ptZceYwUQgXk+AzkUioAsSEV+cOGdf HAwNutVCnPtvaO9PHg8wJQYex9+9isyabR5/v4KAUrUtrzsF5Im4SjtL+n4sMBjsSVIg h9SbG9JG2vZGS8fnejeEV8WFJXYhBtwCpgHQxuMq1suQRkt+hLKOVhKzp8Lvz6r7hHTW LKVHwLvQLjezDHw/RP4g0aew0WS53govswKxaWKtTpZ3b8z804Jqf7wnoSLOspeU9p/1 EPpU5kLzTpHWwgVJ/JbdDaXgmuzo8p9QkJzlW+o/mxHeD5e88B17zzgDS3m+nknLESCJ iHpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v15si32626323jas.5.2021.07.22.02.19.32; Thu, 22 Jul 2021 02:19:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231350AbhGVIiB (ORCPT + 99 others); Thu, 22 Jul 2021 04:38:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231272AbhGVIhw (ORCPT ); Thu, 22 Jul 2021 04:37:52 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F577C0613C1 for ; Thu, 22 Jul 2021 02:18:28 -0700 (PDT) Received: from dude.hi.pengutronix.de ([2001:67c:670:100:1d::7]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m6UqF-0001NO-DL; Thu, 22 Jul 2021 11:18:07 +0200 Received: from afa by dude.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1m6UqC-0001D1-HE; Thu, 22 Jul 2021 11:18:04 +0200 From: Ahmad Fatoum To: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com, Song Liu , Richard Weinberger , Jonathan Corbet Cc: kernel@pengutronix.de, Ahmad Fatoum , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-raid@vger.kernel.org, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v1 4/4] ubifs: auth: consult encrypted and trusted keys if no logon key was found Date: Thu, 22 Jul 2021 11:18:02 +0200 Message-Id: X-Mailer: git-send-email 2.30.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::7 X-SA-Exim-Mail-From: afa@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, UBIFS auth_key can only be a logon key: This is a user key that's provided to the kernel in plaintext and that then remains within the kernel. Linux also supports trusted and encrypted keys, which have stronger guarantees: They are only exposed to userspace in encrypted form and, in the case of trusted keys, can be directly rooted to a trust source like a TPM chip. Add support for auth_key to be either a logon, encrypted or trusted key. At mount time, the keyring will be searched for a key with the supplied name in that order. Signed-off-by: Ahmad Fatoum --- To: David Howells To: Jarkko Sakkinen To: James Morris To: "Serge E. Hallyn" To: Alasdair Kergon To: Mike Snitzer To: dm-devel@redhat.com To: Song Liu To: Richard Weinberger To: Jonathan Corbet Cc: linux-kernel@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-raid@vger.kernel.org Cc: keyrings@vger.kernel.org Cc: linux-mtd@lists.infradead.org Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org --- Documentation/filesystems/ubifs.rst | 2 +- fs/ubifs/auth.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Documentation/filesystems/ubifs.rst b/Documentation/filesystems/ubifs.rst index e6ee99762534..12d08458b3d7 100644 --- a/Documentation/filesystems/ubifs.rst +++ b/Documentation/filesystems/ubifs.rst @@ -101,7 +101,7 @@ compr=zlib override default compressor and set it to "zlib" auth_key= specify the key used for authenticating the filesystem. Passing this option makes authentication mandatory. The passed key must be present in the kernel keyring - and must be of type 'logon' + and must be of type 'logon', 'encrypted' or 'trusted'. auth_hash_name= The hash algorithm used for authentication. Used for both hashing and for creating HMACs. Typical values include "sha256" or "sha512" diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c index 6a0b8d858d81..af8e9eb58a60 100644 --- a/fs/ubifs/auth.c +++ b/fs/ubifs/auth.c @@ -14,6 +14,8 @@ #include #include #include +#include +#include #include #include "ubifs.h" @@ -256,9 +258,10 @@ out_destroy: int ubifs_init_authentication(struct ubifs_info *c) { struct key *keyring_key; - const struct user_key_payload *ukp; int err; + unsigned int len; char hmac_name[CRYPTO_MAX_ALG_NAME]; + const void *key_material; if (!c->auth_hash_name) { ubifs_err(c, "authentication hash name needed with authentication"); @@ -277,6 +280,10 @@ int ubifs_init_authentication(struct ubifs_info *c) c->auth_hash_name); keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_ENCRYPTED_KEYS)) + keyring_key = request_key(&key_type_encrypted, c->auth_key_name, NULL); + if (IS_ERR(keyring_key) && IS_REACHABLE(CONFIG_TRUSTED_KEYS)) + keyring_key = request_key(&key_type_trusted, c->auth_key_name, NULL); if (IS_ERR(keyring_key)) { ubifs_err(c, "Failed to request key: %ld", @@ -286,12 +293,10 @@ int ubifs_init_authentication(struct ubifs_info *c) down_read(&keyring_key->sem); - ukp = user_key_payload_locked(keyring_key); - if (!ukp) { - /* key was revoked before we acquired its semaphore */ - err = -EKEYREVOKED; + key_material = key_extract_material(keyring_key, &len); + err = PTR_ERR_OR_ZERO(key_material); + if (err < 0) goto out; - } c->hash_tfm = crypto_alloc_shash(c->auth_hash_name, 0, 0); if (IS_ERR(c->hash_tfm)) { @@ -324,7 +329,7 @@ int ubifs_init_authentication(struct ubifs_info *c) goto out_free_hmac; } - err = crypto_shash_setkey(c->hmac_tfm, ukp->data, ukp->datalen); + err = crypto_shash_setkey(c->hmac_tfm, key_material, len); if (err) goto out_free_hmac; -- git-series 0.9.1