Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp2112172rwb; Sun, 15 Jan 2023 09:21:51 -0800 (PST) X-Google-Smtp-Source: AMrXdXsPSFp/wnUdNncwHO72a4K0ZLCGvQDfxnHtF7iwMMKRFGE5p99b3fyv9cVMxexg20VxN3wW X-Received: by 2002:a17:903:40c3:b0:194:87e5:8fa2 with SMTP id t3-20020a17090340c300b0019487e58fa2mr4266131pld.6.1673803311193; Sun, 15 Jan 2023 09:21:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673803311; cv=none; d=google.com; s=arc-20160816; b=hQnX05yME+0QNCMcogaQ0pRAqLjEjiufmpTmrSwIaU9ilI2QerDfFvtfSvqGKfratt 7wz8irUgnjGlZNlBbyra8zzsNZkDYCyA6Q0LBQoy83Dk2AmvBJ6dC8fZb9NS6pVkzA6/ e3r9sar2nhwP5yXyMQq+LP0fU5rpzQBJCO+wDR0CDXDIZZf0r0CFo+kfX3hkp/q+xU++ Y5wh/uEU6SopRIS3nJHDcqTfuB1Au7amxOVgK7dj+3VHPRdnGRie+5EkLCr2FEPOWM+I TWhHiokSckdJDU2PI5KtCrD2G4LxIRfrRPsE/K8+xgheeJRdkrjWVtz/pgaPHHBjd+5P bKzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:dkim-signature; bh=JAjCl8HEvujiqySewUFhaKhfpK0MlRGdKUqCjFEkbTQ=; b=xOZy2SOwunR0SZZXJmO/W8/ZHA4q29FpRwOoH/U1noes6rxaUdoqa8tDNVH9vIOcjd 21UTCvOuqZ56foX1gAO+JWiimKl8UUteBsmoxUMjTSjG9aim5AIiN8TtwE7UrDC4Q1tB ZwHzB+Evz8K5GkG6LJAgghTAtswQv4utPRGKKz0XZlNZ5f+h+sfGMNIy7KBGYOWpzBhv 8VJO/uzi2UZ5cPEzawTqDcwo1eKcrwpJiJaLTHidZ692kT6Vu7rNg6opwrw2dmmyGONb p53U1SCPAbg5bJ4lEnQwdUCJlKFXU8jdye9r1wEw1YQwSKkIFl6Eulxny694ND+tenAz u7PA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KFqlMYSw; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jd12-20020a170903260c00b0019463a75b96si10151795plb.295.2023.01.15.09.21.39; Sun, 15 Jan 2023 09:21:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KFqlMYSw; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231372AbjAORVF (ORCPT + 99 others); Sun, 15 Jan 2023 12:21:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231150AbjAORVE (ORCPT ); Sun, 15 Jan 2023 12:21:04 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FB7376BB; Sun, 15 Jan 2023 09:21:03 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CACFB60DB5; Sun, 15 Jan 2023 17:21:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8F54C433D2; Sun, 15 Jan 2023 17:21:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1673803262; bh=6hn1qgOMTgfXhHAsbBIsSGtuSgr5IumnurDdn7yPTTg=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=KFqlMYSwn0xVUZIoOK5T4fkKGJFA5mYlUfgvRslP7y+hE5uBVel31U8zL4ylIzcHP 5qGoCBSKoxV+XDDFqmvV6JJ3vmLwjdDg40kRl9hJWZi9osI6SDeN6ZWnz5IeXvlk8L G5X7vrXysGXkMwybHtI76sRPbOrzrPFMoOt9rIqKSEkoQySXE9WDXiGjd/PileA0P7 tC/roU537ZluR54TmCeO+XuLYXfIIbaaFm4SSMo59iNk6Q4wkyCkHK0tDBlLkiEZq6 gqkVavmdplan4KFC3j0TW9UrsB5tqs67vDsMSe3ygDhFKOInNe+u3RiP6RcgH1zeet 0doNJds+9MJdQ== Subject: [PATCH v2 07/41] SUNRPC: Obscure Kerberos encryption keys From: Chuck Lever To: linux-nfs@vger.kernel.org Cc: dhowells@redhat.com, simo@redhat.com, linux-kselftest@vger.kernel.org Date: Sun, 15 Jan 2023 12:21:01 -0500 Message-ID: <167380326106.10651.3883618931801361872.stgit@bazille.1015granger.net> In-Reply-To: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> References: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: Chuck Lever The encryption subkeys are not used after the cipher transforms have been allocated and keyed. There is no need to retain them in struct krb5_ctx. Tested-by: Scott Mayhew Signed-off-by: Chuck Lever --- include/linux/sunrpc/gss_krb5.h | 2 -- net/sunrpc/auth_gss/gss_krb5_mech.c | 43 +++++++++++++++++++++-------------- 2 files changed, 26 insertions(+), 19 deletions(-) diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index 34d54714c6a3..46eaa2ee9c21 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -110,8 +110,6 @@ struct krb5_ctx { struct xdr_netobj mech_used; u8 initiator_sign[GSS_KRB5_MAX_KEYLEN]; u8 acceptor_sign[GSS_KRB5_MAX_KEYLEN]; - u8 initiator_seal[GSS_KRB5_MAX_KEYLEN]; - u8 acceptor_seal[GSS_KRB5_MAX_KEYLEN]; u8 initiator_integ[GSS_KRB5_MAX_KEYLEN]; u8 acceptor_integ[GSS_KRB5_MAX_KEYLEN]; }; diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index afa6a692ccdd..8bc24c0684cb 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -350,42 +350,49 @@ context_derive_keys_des3(struct krb5_ctx *ctx, gfp_t gfp_mask) static int context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask) { - struct xdr_netobj c, keyin, keyout; u8 cdata[GSS_KRB5_K5CLENGTH]; + struct xdr_netobj c = { + .len = sizeof(cdata), + .data = cdata, + }; + struct xdr_netobj keyin = { + .len = ctx->gk5e->keylength, + .data = ctx->Ksess, + }; + struct xdr_netobj keyout; + int ret = -EINVAL; + void *subkey; u32 err; - c.len = GSS_KRB5_K5CLENGTH; - c.data = cdata; - - keyin.data = ctx->Ksess; - keyin.len = ctx->gk5e->keylength; + subkey = kmalloc(ctx->gk5e->keylength, gfp_mask); + if (!subkey) + return -ENOMEM; keyout.len = ctx->gk5e->keylength; + keyout.data = subkey; /* initiator seal encryption */ set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION); - keyout.data = ctx->initiator_seal; err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask); if (err) { dprintk("%s: Error %d deriving initiator_seal key\n", __func__, err); - goto out_err; + goto out; } ctx->initiator_enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, - ctx->initiator_seal); + subkey); if (ctx->initiator_enc == NULL) - goto out_err; + goto out; if (ctx->gk5e->aux_cipher) { ctx->initiator_enc_aux = context_v2_alloc_cipher(ctx, ctx->gk5e->aux_cipher, - ctx->initiator_seal); + subkey); if (ctx->initiator_enc_aux == NULL) goto out_free; } /* acceptor seal encryption */ set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_ENCRYPTION); - keyout.data = ctx->acceptor_seal; err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask); if (err) { dprintk("%s: Error %d deriving acceptor_seal key\n", @@ -394,13 +401,13 @@ context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask) } ctx->acceptor_enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, - ctx->acceptor_seal); + subkey); if (ctx->acceptor_enc == NULL) goto out_free; if (ctx->gk5e->aux_cipher) { ctx->acceptor_enc_aux = context_v2_alloc_cipher(ctx, ctx->gk5e->aux_cipher, - ctx->acceptor_seal); + subkey); if (ctx->acceptor_enc_aux == NULL) goto out_free; } @@ -445,15 +452,17 @@ context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask) goto out_free; } - return 0; + ret = 0; +out: + kfree_sensitive(subkey); + return ret; out_free: crypto_free_sync_skcipher(ctx->acceptor_enc_aux); crypto_free_sync_skcipher(ctx->acceptor_enc); crypto_free_sync_skcipher(ctx->initiator_enc_aux); crypto_free_sync_skcipher(ctx->initiator_enc); -out_err: - return -EINVAL; + goto out; } static int