Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC6B3C43217 for ; Fri, 7 Jan 2022 13:32:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347584AbiAGNcx (ORCPT ); Fri, 7 Jan 2022 08:32:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347596AbiAGNcs (ORCPT ); Fri, 7 Jan 2022 08:32:48 -0500 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23424C06173E for ; Fri, 7 Jan 2022 05:32:48 -0800 (PST) Received: by mail-lf1-x130.google.com with SMTP id g26so15541435lfv.11 for ; Fri, 07 Jan 2022 05:32:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JgcMCFnFrjIsgT43dvK+WgNIyiihonsed1brH+P2D0k=; b=mEI7jqVRKmy03URhYvc0p0L+hMdoyra2ECiMxTX/3RiaDiocOY7DRfkPjtsujwlnRA laRjCnDCwK1qDTmyq6nNoCGz/yZaOaG5QOOZ7VrOR6faHbLme9aN91yjiYkTsxZGCqU3 4k5JSMZSJR57XTEqf8OzeKujv82JetVewZdxM0ZWhDs0Uu3Mus1YR9ktbtd3z1W4igwg OLGe3tg7o1vPb7rlUBBVQrtDmp/IS0eKKJCE+f5kkuYxTO37DUxVe6dAPFCXOkzcRuw8 yPotRtz0eEHRMTZiAJj0ytaS83kDIA9AIa6gNyk7qghA/JfTXAbHr2vpmRIwSr06EFqz SAVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JgcMCFnFrjIsgT43dvK+WgNIyiihonsed1brH+P2D0k=; b=yvSISuci+6n1a4eMclWhlLIgB1aLgANCOGhWNSh9Il9EljdGPeuxFHY2SN62LXyETO CPnJn+2H2I+s3Yx1wXeU+HuajMm7a9glfFrdHOzK6/aUcP8Izz2sAz1nXkPImKXZnbND oqjZ35GJMe09xwNyvL4IDPO1PKlReU0c9fzJxMaJrh3sWglqR4ZcxKbsnWArP271SmBI zQMeMUvidzJ+ZSbf5//7F98dT9jOoFHAjoymlgl5gdjAPeOOEf0HJLMnznqdfWWT/nSg ebhkdJ2YaRNMcnefpf5MwDwiFB+k+Ajlmv4rdmYbERLMDu6rs0IOlUd62uEpGlThkzKB yUgw== X-Gm-Message-State: AOAM531li6RYhFIU/hWYnrZ6BJnx1mIjMboPPluUH84OPFJFjCCYhAMf 4KmHkrRoeT8jJqg2rs2vNm5y3+cedhclNOycFHxnbQ== X-Google-Smtp-Source: ABdhPJxZHR0aginZgeaaYSzSUhy2Fw0PNKIoeJ95+NIIxDoKc7NxCixL2nW6SsH00NmHlbpTh1DCtZe284yoZsAR7KU= X-Received: by 2002:a2e:bf01:: with SMTP id c1mr18783547ljr.511.1641562366348; Fri, 07 Jan 2022 05:32:46 -0800 (PST) MIME-Version: 1.0 References: <20211229215330.4134835-1-yaelt@google.com> <5a38824152eeee0fc9ba0a4fd2308bb6e0970059.camel@linux.ibm.com> In-Reply-To: From: Sumit Garg Date: Fri, 7 Jan 2022 19:02:33 +0530 Message-ID: Subject: Re: [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data To: Yael Tiomkin Cc: Mimi Zohar , linux-integrity@vger.kernel.org, jejb@linux.ibm.com, Jarkko Sakkinen , corbet@lwn.net, dhowells@redhat.com, jmorris@namei.org, serge@hallyn.com, keyrings@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module , =?UTF-8?Q?Jan_L=C3=BCbbe?= , Ahmad Fatoum Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 7 Jan 2022 at 18:23, Yael Tiomkin wrote: > > Hi Sumit, > > On Fri, Jan 7, 2022 at 12:15 AM Sumit Garg wrote: > > > > Hi Yael, > > > > On Thu, 6 Jan 2022 at 01:48, Yael Tiomkin wrote: > > > > > > Hi Sumit, > > > > > > On Mon, Jan 3, 2022 at 1:51 AM Sumit Garg wrote: > > > > > > > > Hi Mimi, > > > > > > > > Apologies for the delayed reply as I was on leave for a long new year weekend. > > > > > > > > On Thu, 30 Dec 2021 at 18:59, Mimi Zohar wrote: > > > > > > > > > > Hi Sumit, > > > > > > > > > > On Thu, 2021-12-30 at 15:37 +0530, Sumit Garg wrote: > > > > > > + Jan, Ahmad > > > > > > > > > > > > On Thu, 30 Dec 2021 at 03:24, Yael Tiomkin wrote: > > > > > > > > > > > > > > The encrypted.c class supports instantiation of encrypted keys with > > > > > > > either an already-encrypted key material, or by generating new key > > > > > > > material based on random numbers. This patch defines a new datablob > > > > > > > format: [] > > > > > > > that allows to instantiate encrypted keys using > > > > > > > user-provided decrypted data, and therefore allows to perform key > > > > > > > encryption from userspace. The decrypted key material will be > > > > > > > inaccessible from userspace. > > > > > > > > > > > > This type of user-space key import feature has already been discussed > > > > > > at large in the context of trusted keys here [1]. So what makes it > > > > > > special in case of encrypted keys such that it isn't a "UNSAFE_IMPORT" > > > > > > or "DEBUGGING_IMPORT" or "DEVELOPMENT_IMPORT", ...? > > > > > > > > > > > > [1] https://lore.kernel.org/linux-integrity/74830d4f-5a76-8ba8-aad0-0d79f7c01af9@pengutronix.de/ > > > > > > > > > > > > -Sumit > > > > > > > > > > > > > > > > > > > > Reviewed-by: Mimi Zohar > > > > > > > Signed-off-by: Yael Tiomkin > > > > > > > > > > There is a difference between trusted and encrypted keys. > > > > > > > > Yeah I understand the implementation differences. > > > > > > > > > So in > > > > > addition to pointing to the rather long discussion thread, please > > > > > summarize the conclusion and, assuming you agree, include why in once > > > > > case it was acceptable and in the other it wasn't to provide userspace > > > > > key data. > > > > > > > > My major concern with importing user-space key data in *plain* format > > > > is that if import is *not* done in a safe (manufacturing or > > > > production) environment then the plain key data is susceptible to > > > > user-space compromises when the device is in the field. > > > > > > I agree this can happen. Key distribution in any scenario needs to be > > > secure and this could also potentially be an issue if the key is first > > > encrypted and then imported. > > > > Currently its not the case with encrypted keys. These are random keys > > generated within the kernel and encrypted with master key within the > > kernel and then exposed to user-space as encrypted blob only. > > > There are two different ways to create encrypted keys. One is to have > them generated within the kernel using random numbers, and the other > is by importing them in their encrypted form from user-space. > I was referring to the latter in my previous statement. > So, from a key distribution security point of view, encrypted key user-space import is **not equal to** plain key user-space import. That's why we need to have a separate compile time option as every device may come with its own threat model and may choose to enable or disable this user-space plain key import feature. -Sumit > > > > > We can make sure the documentation > > > highlights the safety requirement. > > > > > > > IMO, you should enable this feature as a compile time option. The help > > text for that config option should highlight the use-case along with a > > safety warning. > > > > -Sumit > > > > > > > > > > And it sounds like we are diverting from basic definition [1] of encrypted keys: > > > > > > > > "Trusted and Encrypted Keys are two new key types added to the > > > > existing kernel key ring service. Both of these new types are variable > > > > length symmetric keys, and in both cases all keys are created in the > > > > kernel, and **user space sees, stores, and loads** only encrypted > > > > blobs." > > > > > > > > Also, as Jarrko mentioned earlier the use-case is still not clear to > > > > me as well. Isn't user logon keys an alternative option for > > > > non-readable user-space keys? > > > > > > The goal in this change is to allow key encryption from userspace, > > > using user-provided decrypted data. This cannot be achieved in logon > > > keys, which as you mentioned, are simply non-readable user type keys. > > > > > > > > > > > > > > [1] https://www.kernel.org/doc/html/v4.13/security/keys/trusted-encrypted.html > > > > > > > > -Sumit > > > > > > > > > > > > > > thanks, > > > > > > > > > > Mimi > > > > > > > > > > > Yael