Re: [PATCH 1/1] crypto: af_alg - Support symmetric encryption via keyring keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 17, 2022 at 02:25:00PM -0500, Frederick Lawler wrote:
> We want to leverage keyring to store sensitive keys, and then use those
> keys for symmetric encryption via the crypto API. Among the key types we
> wish to support are: user, logon, encrypted, and trusted.
> 
> User key types are already able to have their data copied to user space,
> but logon does not support this. Further, trusted and encrypted keys will
> return their encrypted data back to user space on read, which does not
> make them ideal for symmetric encryption.
> 
> To support symmetric encryption for these key types, add a new
> ALG_SET_KEY_BY_KEY_SERIAL setsockopt() option to the crypto API. This
> allows users to pass a key_serial_t to the crypto API to perform
> symmetric encryption. The behavior is the same as ALG_SET_KEY, but
> the crypto key data is copied in kernel space from a keyring key,
> which allows for the support of logon, encrypted, and trusted key types.
> 
> Keyring keys must have the KEY_(POS|USR|GRP|OTH)_SEARCH permission set
> to leverage this feature. This follows the asymmetric_key type where key
> lookup calls eventually lead to keyring_search_rcu() without the
> KEYRING_SEARCH_NO_CHECK_PERM flag set.
> 
> Signed-off-by: Frederick Lawler <fred@xxxxxxxxxxxxxx>
> ---
> RFC: https://lore.kernel.org/all/20221004212927.1539105-1-fred@xxxxxxxxxxxxxx/
> 
> We have an idea for handling the case of leaking key data with bad
> algorithms, but asymmetric keys currently have the same problem if any were
> added as a akcipher type. If KEY_*_SEARCH is not good enough, we thought
> of possibly implementing a KConfig such that we disable leaky algorithms
> when selected, or possibly the inverse where if a leaky algorithm is
> enabled, we don't allow to enable this. The problem there is now there's
> a list to maintain.
> ---
>  Documentation/crypto/userspace-if.rst |  15 ++-
>  crypto/af_alg.c                       | 135 +++++++++++++++++++++++++-
>  include/uapi/linux/if_alg.h           |   1 +
>  3 files changed, 147 insertions(+), 4 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux