Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp4176967rwb; Tue, 20 Sep 2022 09:51:05 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6jIBJUB2NsRxsOzhkO1mgSfSCo+QQHayIuXvfH2VGTKW6lh17d6nGXUF/56xMWiORQ63n5 X-Received: by 2002:a17:907:7ea6:b0:77a:c72a:b851 with SMTP id qb38-20020a1709077ea600b0077ac72ab851mr18284534ejc.220.1663692665390; Tue, 20 Sep 2022 09:51:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663692665; cv=none; d=google.com; s=arc-20160816; b=lr79q4Qs0GV/J5sbpu2ad02JHNESXXjmeMpxCOxQ2RyRLFLGxQD8QOP8iCY4G/z6EO Lzi/ukwmAqT8gQmUKuuio+0u5lpa88YrcSqEbdWbIPCW8yCS/XD4istonpoIl7nQCCav ee/8sEThT8Gz8t+2udbQ6AGaIw3n9D+JAl9uwD6Vi60OByL+7v2LTJgbKUFJs5bSC99n p/mXpRFEV4REB1ZRDKFT2oV3qJF48cGJPNT+1cls5dvAX3Ah2HCDI0DPxD9brM+xyngk swlO1qyToApUxgZCvfogNmPzNP6qNOySEu01yZINIZuepoXAUrrYO5kTdZ8lzANff3SU HdqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date; bh=zoNugadeYgaNPyN5Ltq/Gq3VKZWLUNBw9Vdys91q/34=; b=NOryx7qBYVr1/o2Hl7KRndwruNrBAbSFNUOokLjE84clPfJ+09dgbrfoBfzVHRNn2O Jk15QjExhk2euwUW6LDceoFZ2dCQ8HJl9J4hHl7nmfrpPFQ2VDcSXmi+4KTrx1fCUVqJ CAeL/KkYM4EundpwqRprRrjU6Hbem2BD6y/6uQBWZSCk3qYqaHwwXxWmWxaheKECuF5D FO2G0ZU5K66m1lqLY4fe7uxBEqUirqEHssOo7ID0ZA7Re4GjCXA8vqcX7oWilfmTME+6 0iOBrQbQeu880ruz7YUnz4GiR6sJw/u0s0+MvgrIJqoCslO2NH/QnZXuiqfMwy/BcFgS xHEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g23-20020a056402321700b004539b045326si229476eda.417.2022.09.20.09.50.39; Tue, 20 Sep 2022 09:51:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229744AbiITQXo (ORCPT + 99 others); Tue, 20 Sep 2022 12:23:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229695AbiITQXm (ORCPT ); Tue, 20 Sep 2022 12:23:42 -0400 Received: from mail.steuer-voss.de (mail.steuer-voss.de [85.183.69.95]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A7AB186D4; Tue, 20 Sep 2022 09:23:38 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at mail.steuer-voss.de Received: by mail.steuer-voss.de (Postfix, from userid 1000) id C0293C206; Tue, 20 Sep 2022 18:23:34 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.steuer-voss.de (Postfix) with ESMTP id BE5DAC140; Tue, 20 Sep 2022 18:23:34 +0200 (CEST) Date: Tue, 20 Sep 2022 18:23:34 +0200 (CEST) From: Nikolaus Voss To: Mimi Zohar cc: David Howells , Jarkko Sakkinen , James Morris , "Serge E. Hallyn" , linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Yael Tzur Subject: Re: [PATCH] KEYS: encrypted: fix key instantiation with user-provided data In-Reply-To: <53730789a41358673b1715dd650706e9ffcb1199.camel@linux.ibm.com> Message-ID: <35fd816-d755-967-5712-b5496875ac7a@vosn.de> References: <20220919072317.E41421357@mail.steuer-voss.de> <53730789a41358673b1715dd650706e9ffcb1199.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 20 Sep 2022, Mimi Zohar wrote: > On Fri, 2022-09-16 at 07:45 +0200, Nikolaus Voss wrote: >> Commit cd3bc044af48 ("KEYS: encrypted: Instantiate key with user-provided >> decrypted data") added key instantiation with user provided decrypted data. >> The user data is hex-ascii-encoded but was just memcpy'ed to the binary buffer. >> Fix this to use hex2bin instead. > > Thanks, Nikolaus. We iterated a number of times over what would be the > safest userspace input. One of the last changes was that the key data > should be hex-ascii-encoded. Unfortunately, the LTP > testcases/kernel/syscalls/keyctl09.c example isn't hex-ascii-encoded > and the example in Documentation/security/keys/trusted-encrypted.rst > just cat's a file. Both expect the length to be the length of the > userspace provided data. With this patch, when hex2bin() fails, there > is no explanation. That's true. But it's true for all occurrences of hex2bin() in this file. I could pr_err() an explanation, improve the trusted-encrypted.rst example and respin the patch. Should I, or do you have another suggestion? I wasn't aware of keyctl09.c, but quickly looking into it, the user data _is_ hex-ascii-encoded, only the length is "wrong": Imho, the specified length should be the binary length as this is consistent with key-length specs in other cases (e.g. when loading the key from a blob). keyctl09.c could be easy to fix, if only the length is modified. Should I propose a patch? What is the correct/appropriate workflow there? Thanks, Niko