Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp3885359rwi; Wed, 12 Oct 2022 08:00:28 -0700 (PDT) X-Google-Smtp-Source: AMsMyM69QUa+eWMCJQ6DaodT6BFvmctgavrOpedgAVQLfIeVJG2F7CasihimGlbl4GhhT2ktZBW/ X-Received: by 2002:a50:ff13:0:b0:43e:76d3:63e1 with SMTP id a19-20020a50ff13000000b0043e76d363e1mr27536033edu.271.1665586828634; Wed, 12 Oct 2022 08:00:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665586828; cv=none; d=google.com; s=arc-20160816; b=FSBokmb8IyF3m8+s1dfl4GUVfbSYC1lUus2PrjedTEIXjbu6sJXOeFEZDG2POEsHNX iVKJfPyMgWpYPD3zyJhL1iHU1gUTfDN+f0ZeK9MWyJ+znw44i+2FsQ+cRswpQkj13T4P YSnl43r9mBNec+/PKYqFGPjnyCbikW5LrNN2ynZ+hPNdloQULY1wBfkT9V3GtlurK08P 0ZbN8evJ6NKrq5VgXlQo6Ad6TTxhTxDDTZfA8lJ3doOoG7M5QnZS8N6w+eq0kNZSZcHu OnU2YjHt/Oc+fdVGnjUuG1uNxDSoCGJU/zaNrlr7XjYLi90Rigk3h9RjkYBQa76r8xJ3 13IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=UplEK3mqcrCacidHdATkuawjVeYJHMCCCUOFPWg9KqI=; b=HD+MPqLUrzePvgQnyS8xEUsoi71FHdgrZgy1jfcfKeKgYpUx3efQxf3CrKwdqziGLy aOKLT2vt690BsyyiJvMMp7C7T1ynvJ4yirqJSFP4m0bMXgV/LyGfcSWf8UNAVwZ/pvJB EdSd4p9LGyJAqgZESZjA4BmTxTpauSEaOqZFbMY4y+iWMB5ItRQrMgt1ikaKlc5jnJjW ZESGPbRiJxNCD00BsRUCMPR3yd75ezpkE8Gy38khM6c9XuoNgjJ4QF9Vo291uOLmItGP R9zvPwJwcwARMHagxJfotdPfesP+0oUWWn3piOwpfwtQKUYSdZP3v5N3Lz2ecQEmx5f0 4GgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=xxa3t8CN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa25-20020a170906edb900b00781b277d931si13396885ejb.390.2022.10.12.07.59.55; Wed, 12 Oct 2022 08:00:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=xxa3t8CN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229663AbiJLOuB (ORCPT + 99 others); Wed, 12 Oct 2022 10:50:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229468AbiJLOuA (ORCPT ); Wed, 12 Oct 2022 10:50:00 -0400 Received: from mail-oo1-xc2c.google.com (mail-oo1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A7301ADB2 for ; Wed, 12 Oct 2022 07:49:58 -0700 (PDT) Received: by mail-oo1-xc2c.google.com with SMTP id c187-20020a4a4fc4000000b004808e2f7affso1885087oob.13 for ; Wed, 12 Oct 2022 07:49:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=UplEK3mqcrCacidHdATkuawjVeYJHMCCCUOFPWg9KqI=; b=xxa3t8CNGe00EQznVWzeR4p9qdPhSp15k51tQXdr2nv2XNggjAfIopyLbnwFzcLn77 JONZsylSPTvToCleo2vBdV6jFtbzb+zWhvQ1yKTFTg2gTgKxiqg5DQNIFP9ft+MQ5NSR 3pJ5GyWlGcBg2zzHRMlxqIk4kXf1ULdK1QT0A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UplEK3mqcrCacidHdATkuawjVeYJHMCCCUOFPWg9KqI=; b=4GvOxH3ua1clruCxd9giiVxo39gQOrTFY62SkHIv+nT7Ht9n7VQII9btHyRzTJDy6S qeNoZCLM1JdkTfjPWhOdHqyi1UGcnkaOfaDXvZuls5q7JjJQzi750oay/tZw15tp6QzP 7+S6X6blxJmmfDbb+EvVcHgIR4rGEEQqMxytwEOgtKt159QWHTFY2PSub/21ndhpjdSZ Kqy5EOnFrEUn4MlWmgmPzUeJAm4CwgXvyAU5PygFls9lL/x8aRNwAI1JPJcjWD9JRZcU cLs6aCDiSyxS9biFVhXM9IEfAsnUA1LXimBrPW8aWeb5vvl6d9XyuzCOK69YlByWUFXw EZtA== X-Gm-Message-State: ACrzQf3Qwujo92/h6VXs70m57/hbkgxSmwuXpAygDj81KAPfsSs6eX2v tOnKtMOMeDpp5nM0M8x9paeHVQ== X-Received: by 2002:a05:6830:2682:b0:659:e2dc:f033 with SMTP id l2-20020a056830268200b00659e2dcf033mr12910298otu.196.1665586197525; Wed, 12 Oct 2022 07:49:57 -0700 (PDT) Received: from [192.168.0.41] ([184.4.90.121]) by smtp.gmail.com with ESMTPSA id k14-20020a056870818e00b0010d5d5c3fc3sm1329477oae.8.2022.10.12.07.49.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Oct 2022 07:49:57 -0700 (PDT) Message-ID: Date: Wed, 12 Oct 2022 09:49:56 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 Subject: Re: [RFC PATCH 1/1] crypto: af_alg - Support symmetric encryption via keyring keys To: Eric Biggers Cc: herbert@gondor.apana.org.au, davem@davemloft.net, hch@lst.de, smueller@chronox.de, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, kernel-team@cloudflare.com, Ondrej Mosnacek References: <20221004212927.1539105-1-fred@cloudflare.com> Content-Language: en-US From: Frederick Lawler In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Eric, On 10/11/22 6:07 PM, Eric Biggers wrote: > Hi Frederick, > > On Tue, Oct 04, 2022 at 04:29:27PM -0500, Frederick Lawler wrote: >> We want to leverage keyring to store sensitive keys, and then use those >> keys for symmetric encryption via the crypto API. Among the key types we >> wish to support are: user, logon, encrypted, and trusted. >> >> User key types are already able to have their data copied to user space, >> but logon does not support this. Further, trusted and encrypted keys will >> return their encrypted data back to user space on read, which make them not >> ideal for symmetric encryption. >> >> To support symmetric encryption for these key types, add a new >> ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This >> allows users to pass a key_serial_t to the crypto API to perform >> symmetric encryption. The behavior is the same as ALG_SET_KEY, but >> the crypto key data is copied in kernel space from a keyring key, >> which allows for the support of logon, encrypted, and trusted key types. >> >> Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set >> to leverage this feature. This follows the asymmetric_key type where key >> lookup calls eventually lead to keyring_search_rcu() without the >> KEYRING_SEARCH_NO_CHECK_PERM flag set. >> >> Signed-off-by: Frederick Lawler > > There was a similar patch several years ago by Ondrej Mosnacek: > https://lore.kernel.org/linux-crypto/20190521100034.9651-1-omosnace@redhat.com/T/#u > > Have you addressed all the feedback that was raised on that one? Thanks for sharing that. I believe I've addressed most of the feedback. Starting with we agree preferring key_serial_t. I changed to to use IS_REACHABLE(), and set ALG_SET_KEY_BY_KEY_SERIAL to 10 leaving a comment about libkcapi reserving values 7-9. I've made other additional changes since the RFC, so we should consider this code outdated. I'll submit a v1 that is a bit cleaner after the merge window. Your comment about broken crypto algorithms exposing sensitive data is interesting. We've had similar thoughts about adding additional permission, but ultimately decided to stick to the pattern asymmetric key types use. lookup_user_key() ultimately makes a call into a security hook security_key_permission() given a key_ref_t, so users can further restrict access based on keys that way if enabled. We've also had similar discussions regarding X.509 certificates, and I'm not opposed to Ondrej's suggestion of disabling this feature by default with Kconfig. I'll look into this a bit more, and we're open to suggestions here. > > Two random nits below: > >> + *dest_len = key->datalen; >> + *dest = kmalloc(*dest_len, GFP_KERNEL); >> + if (!*dest) >> + return -ENOMEM; >> + >> + memcpy(*dest, ukp->data, *dest_len); > > This should use kmemdup(). > >> + } else if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS) && >> + !strcmp(key->type->name, "encrypted")) { >> + read_key = &read_key_type_encrypted; >> + } else if (IS_ENABLED(CONFIG_TRUSTED_KEYS) && >> + !strcmp(key->type->name, "trusted")) { >> + read_key = &read_key_type_trusted; > > These need to use IS_REACHABLE(), not IS_ENABLED(). > > - Eric