security/keys/big_key.c

   1 /* Large capacity key type
   2  *
   3  * Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
   4  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
   5  * Written by David Howells (dhowells@redhat.com)
   6  *
   7  * This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public Licence
   9  * as published by the Free Software Foundation; either version
  10  * 2 of the Licence, or (at your option) any later version.
  11  */
  12
  13 #define pr_fmt(fmt) "big_key: "fmt
  14 #include <linux/init.h>
  15 #include <linux/seq_file.h>
  16 #include <linux/file.h>
  17 #include <linux/shmem_fs.h>
  18 #include <linux/err.h>
  19 #include <linux/scatterlist.h>
  20 #include <linux/random.h>
  21 #include <keys/user-type.h>
  22 #include <keys/big_key-type.h>
  23 #include <crypto/aead.h>
  24
  25 /*
  26  * Layout of key payload words.
  27  */
  28 enum {
  29         big_key_data,
  30         big_key_path,
  31         big_key_path_2nd_part,
  32         big_key_len,
  33 };
  34
  35 /*
  36  * Crypto operation with big_key data
  37  */
  38 enum big_key_op {
  39         BIG_KEY_ENC,
  40         BIG_KEY_DEC,
  41 };
  42
  43 /*
  44  * If the data is under this limit, there's no point creating a shm file to
  45  * hold it as the permanently resident metadata for the shmem fs will be at
  46  * least as large as the data.
  47  */
  48 #define BIG_KEY_FILE_THRESHOLD (sizeof(struct inode) + sizeof(struct dentry))
  49
  50 /*
  51  * Key size for big_key data encryption
  52  */
  53 #define ENC_KEY_SIZE 32
  54
  55 /*
  56  * Authentication tag length
  57  */
  58 #define ENC_AUTHTAG_SIZE 16
  59
  60 /*
  61  * big_key defined keys take an arbitrary string as the description and an
  62  * arbitrary blob of data as the payload
  63  */
  64 struct key_type key_type_big_key = {
  65         .name                   = "big_key",
  66         .preparse               = big_key_preparse,
  67         .free_preparse          = big_key_free_preparse,
  68         .instantiate            = generic_key_instantiate,
  69         .revoke                 = big_key_revoke,
  70         .destroy                = big_key_destroy,
  71         .describe               = big_key_describe,
  72         .read                   = big_key_read,
  73         /* no ->update(); don't add it without changing big_key_crypt() nonce */
  74 };
  75
  76 /*
  77  * Crypto names for big_key data authenticated encryption
  78  */
  79 static const char big_key_alg_name[] = "gcm(aes)";
  80
  81 /*
  82  * Crypto algorithms for big_key data authenticated encryption
  83  */
  84 static struct crypto_aead *big_key_aead;
  85
  86 /*
  87  * Since changing the key affects the entire object, we need a mutex.
  88  */
  89 static DEFINE_MUTEX(big_key_aead_lock);
  90
  91 /*
  92  * Encrypt/decrypt big_key data
  93  */
  94 static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key)
  95 {
  96         int ret;
  97         struct scatterlist sgio;
  98         struct aead_request *aead_req;
  99         /* We always use a zero nonce. The reason we can get away with this is
 100          * because we're using a different randomly generated key for every
 101          * different encryption. Notably, too, key_type_big_key doesn't define
 102          * an .update function, so there's no chance we'll wind up reusing the
 103          * key to encrypt updated data. Simply put: one key, one encryption.
 104          */
 105         u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
 106
 107         aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
 108         if (!aead_req)
 109                 return -ENOMEM;
 110
 111         memset(zero_nonce, 0, sizeof(zero_nonce));
 112         sg_init_one(&sgio, data, datalen + (op == BIG_KEY_ENC ? ENC_AUTHTAG_SIZE : 0));
 113         aead_request_set_crypt(aead_req, &sgio, &sgio, datalen, zero_nonce);
 114         aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
 115         aead_request_set_ad(aead_req, 0);
 116
 117         mutex_lock(&big_key_aead_lock);
 118         if (crypto_aead_setkey(big_key_aead, key, ENC_KEY_SIZE)) {
 119                 ret = -EAGAIN;
 120                 goto error;
 121         }
 122         if (op == BIG_KEY_ENC)
 123                 ret = crypto_aead_encrypt(aead_req);
 124         else
 125                 ret = crypto_aead_decrypt(aead_req);
 126 error:
 127         mutex_unlock(&big_key_aead_lock);
 128         aead_request_free(aead_req);
 129         return ret;
 130 }
 131
 132 /*
 133  * Preparse a big key
 134  */
 135 int big_key_preparse(struct key_preparsed_payload *prep)
 136 {
 137         struct path *path = (struct path *)&prep->payload.data[big_key_path];
 138         struct file *file;
 139         u8 *enckey;
 140         u8 *data = NULL;
 141         ssize_t written;
 142         size_t datalen = prep->datalen;
 143         int ret;
 144
 145         ret = -EINVAL;
 146         if (datalen <= 0 || datalen > 1024 * 1024 || !prep->data)
 147                 goto error;
 148
 149         /* Set an arbitrary quota */
 150         prep->quotalen = 16;
 151
 152         prep->payload.data[big_key_len] = (void *)(unsigned long)datalen;
 153
 154         if (datalen > BIG_KEY_FILE_THRESHOLD) {
 155                 /* Create a shmem file to store the data in.  This will permit the data
 156                  * to be swapped out if needed.
 157                  *
 158                  * File content is stored encrypted with randomly generated key.
 159                  */
 160                 size_t enclen = datalen + ENC_AUTHTAG_SIZE;
 161                 loff_t pos = 0;
 162
 163                 data = kmalloc(enclen, GFP_KERNEL);
 164                 if (!data)
 165                         return -ENOMEM;
 166                 memcpy(data, prep->data, datalen);
 167
 168                 /* generate random key */
 169                 enckey = kmalloc(ENC_KEY_SIZE, GFP_KERNEL);
 170                 if (!enckey) {
 171                         ret = -ENOMEM;
 172                         goto error;
 173                 }
 174                 ret = get_random_bytes_wait(enckey, ENC_KEY_SIZE);
 175                 if (unlikely(ret))
 176                         goto err_enckey;
 177
 178                 /* encrypt aligned data */
 179                 ret = big_key_crypt(BIG_KEY_ENC, data, datalen, enckey);
 180                 if (ret)
 181                         goto err_enckey;
 182
 183                 /* save aligned data to file */
 184                 file = shmem_kernel_file_setup("", enclen, 0);
 185                 if (IS_ERR(file)) {
 186                         ret = PTR_ERR(file);
 187                         goto err_enckey;
 188                 }
 189
 190                 written = kernel_write(file, data, enclen, &pos);
 191                 if (written != enclen) {
 192                         ret = written;
 193                         if (written >= 0)
 194                                 ret = -ENOMEM;
 195                         goto err_fput;
 196                 }
 197
 198                 /* Pin the mount and dentry to the key so that we can open it again
 199                  * later
 200                  */
 201                 prep->payload.data[big_key_data] = enckey;
 202                 *path = file->f_path;
 203                 path_get(path);
 204                 fput(file);
 205                 kzfree(data);
 206         } else {
 207                 /* Just store the data in a buffer */
 208                 void *data = kmalloc(datalen, GFP_KERNEL);
 209
 210                 if (!data)
 211                         return -ENOMEM;
 212
 213                 prep->payload.data[big_key_data] = data;
 214                 memcpy(data, prep->data, prep->datalen);
 215         }
 216         return 0;
 217
 218 err_fput:
 219         fput(file);
 220 err_enckey:
 221         kzfree(enckey);
 222 error:
 223         kzfree(data);
 224         return ret;
 225 }
 226
 227 /*
 228  * Clear preparsement.
 229  */
 230 void big_key_free_preparse(struct key_preparsed_payload *prep)
 231 {
 232         if (prep->datalen > BIG_KEY_FILE_THRESHOLD) {
 233                 struct path *path = (struct path *)&prep->payload.data[big_key_path];
 234
 235                 path_put(path);
 236         }
 237         kzfree(prep->payload.data[big_key_data]);
 238 }
 239
 240 /*
 241  * dispose of the links from a revoked keyring
 242  * - called with the key sem write-locked
 243  */
 244 void big_key_revoke(struct key *key)
 245 {
 246         struct path *path = (struct path *)&key->payload.data[big_key_path];
 247
 248         /* clear the quota */
 249         key_payload_reserve(key, 0);
 250         if (key_is_positive(key) &&
 251             (size_t)key->payload.data[big_key_len] > BIG_KEY_FILE_THRESHOLD)
 252                 vfs_truncate(path, 0);
 253 }
 254
 255 /*
 256  * dispose of the data dangling from the corpse of a big_key key
 257  */
 258 void big_key_destroy(struct key *key)
 259 {
 260         size_t datalen = (size_t)key->payload.data[big_key_len];
 261
 262         if (datalen > BIG_KEY_FILE_THRESHOLD) {
 263                 struct path *path = (struct path *)&key->payload.data[big_key_path];
 264
 265                 path_put(path);
 266                 path->mnt = NULL;
 267                 path->dentry = NULL;
 268         }
 269         kzfree(key->payload.data[big_key_data]);
 270         key->payload.data[big_key_data] = NULL;
 271 }
 272
 273 /*
 274  * describe the big_key key
 275  */
 276 void big_key_describe(const struct key *key, struct seq_file *m)
 277 {
 278         size_t datalen = (size_t)key->payload.data[big_key_len];
 279
 280         seq_puts(m, key->description);
 281
 282         if (key_is_positive(key))
 283                 seq_printf(m, ": %zu [%s]",
 284                            datalen,
 285                            datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff");
 286 }
 287
 288 /*
 289  * read the key data
 290  * - the key's semaphore is read-locked
 291  */
 292 long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
 293 {
 294         size_t datalen = (size_t)key->payload.data[big_key_len];
 295         long ret;
 296
 297         if (!buffer || buflen < datalen)
 298                 return datalen;
 299
 300         if (datalen > BIG_KEY_FILE_THRESHOLD) {
 301                 struct path *path = (struct path *)&key->payload.data[big_key_path];
 302                 struct file *file;
 303                 u8 *data;
 304                 u8 *enckey = (u8 *)key->payload.data[big_key_data];
 305                 size_t enclen = datalen + ENC_AUTHTAG_SIZE;
 306                 loff_t pos = 0;
 307
 308                 data = kmalloc(enclen, GFP_KERNEL);
 309                 if (!data)
 310                         return -ENOMEM;
 311
 312                 file = dentry_open(path, O_RDONLY, current_cred());
 313                 if (IS_ERR(file)) {
 314                         ret = PTR_ERR(file);
 315                         goto error;
 316                 }
 317
 318                 /* read file to kernel and decrypt */
 319                 ret = kernel_read(file, data, enclen, &pos);
 320                 if (ret >= 0 && ret != enclen) {
 321                         ret = -EIO;
 322                         goto err_fput;
 323                 }
 324
 325                 ret = big_key_crypt(BIG_KEY_DEC, data, enclen, enckey);
 326                 if (ret)
 327                         goto err_fput;
 328
 329                 ret = datalen;
 330
 331                 /* copy decrypted data to user */
 332                 if (copy_to_user(buffer, data, datalen) != 0)
 333                         ret = -EFAULT;
 334
 335 err_fput:
 336                 fput(file);
 337 error:
 338                 kzfree(data);
 339         } else {
 340                 ret = datalen;
 341                 if (copy_to_user(buffer, key->payload.data[big_key_data],
 342                                  datalen) != 0)
 343                         ret = -EFAULT;
 344         }
 345
 346         return ret;
 347 }
 348
 349 /*
 350  * Register key type
 351  */
 352 static int __init big_key_init(void)
 353 {
 354         int ret;
 355
 356         /* init block cipher */
 357         big_key_aead = crypto_alloc_aead(big_key_alg_name, 0, CRYPTO_ALG_ASYNC);
 358         if (IS_ERR(big_key_aead)) {
 359                 ret = PTR_ERR(big_key_aead);
 360                 pr_err("Can't alloc crypto: %d\n", ret);
 361                 return ret;
 362         }
 363         ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
 364         if (ret < 0) {
 365                 pr_err("Can't set crypto auth tag len: %d\n", ret);
 366                 goto free_aead;
 367         }
 368
 369         ret = register_key_type(&key_type_big_key);
 370         if (ret < 0) {
 371                 pr_err("Can't register type: %d\n", ret);
 372                 goto free_aead;
 373         }
 374
 375         return 0;
 376
 377 free_aead:
 378         crypto_free_aead(big_key_aead);
 379         return ret;
 380 }
 381
 382 late_initcall(big_key_init);