Commit e2437ac2 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says:

====================
pull request (net-next): ipsec-next 2020-12-12

Just one patch this time:

1) Redact the SA keys with kernel lockdown confidentiality.
   If enabled, no secret keys are sent to uuserspace.
   From Antony Antony.

* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next:
  xfrm: redact SA secret with lockdown confidentiality
====================

Link: https://lore.kernel.org/r/20201212085737.2101294-1-steffen.klassert@secunet.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents e5795aac c7a5899e
...@@ -127,6 +127,7 @@ enum lockdown_reason { ...@@ -127,6 +127,7 @@ enum lockdown_reason {
LOCKDOWN_PERF, LOCKDOWN_PERF,
LOCKDOWN_TRACEFS, LOCKDOWN_TRACEFS,
LOCKDOWN_XMON_RW, LOCKDOWN_XMON_RW,
LOCKDOWN_XFRM_SECRET,
LOCKDOWN_CONFIDENTIALITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX,
}; };
......
...@@ -848,21 +848,84 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb ...@@ -848,21 +848,84 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb
return 0; return 0;
} }
static bool xfrm_redact(void)
{
return IS_ENABLED(CONFIG_SECURITY) &&
security_locked_down(LOCKDOWN_XFRM_SECRET);
}
static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb)
{ {
struct xfrm_algo *algo; struct xfrm_algo *algo;
struct xfrm_algo_auth *ap;
struct nlattr *nla; struct nlattr *nla;
bool redact_secret = xfrm_redact();
nla = nla_reserve(skb, XFRMA_ALG_AUTH, nla = nla_reserve(skb, XFRMA_ALG_AUTH,
sizeof(*algo) + (auth->alg_key_len + 7) / 8); sizeof(*algo) + (auth->alg_key_len + 7) / 8);
if (!nla) if (!nla)
return -EMSGSIZE; return -EMSGSIZE;
algo = nla_data(nla); algo = nla_data(nla);
strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name)); strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
if (redact_secret && auth->alg_key_len)
memset(algo->alg_key, 0, (auth->alg_key_len + 7) / 8);
else
memcpy(algo->alg_key, auth->alg_key,
(auth->alg_key_len + 7) / 8);
algo->alg_key_len = auth->alg_key_len; algo->alg_key_len = auth->alg_key_len;
nla = nla_reserve(skb, XFRMA_ALG_AUTH_TRUNC, xfrm_alg_auth_len(auth));
if (!nla)
return -EMSGSIZE;
ap = nla_data(nla);
memcpy(ap, auth, sizeof(struct xfrm_algo_auth));
if (redact_secret && auth->alg_key_len)
memset(ap->alg_key, 0, (auth->alg_key_len + 7) / 8);
else
memcpy(ap->alg_key, auth->alg_key,
(auth->alg_key_len + 7) / 8);
return 0;
}
static int copy_to_user_aead(struct xfrm_algo_aead *aead, struct sk_buff *skb)
{
struct nlattr *nla = nla_reserve(skb, XFRMA_ALG_AEAD, aead_len(aead));
struct xfrm_algo_aead *ap;
bool redact_secret = xfrm_redact();
if (!nla)
return -EMSGSIZE;
ap = nla_data(nla);
memcpy(ap, aead, sizeof(*aead));
if (redact_secret && aead->alg_key_len)
memset(ap->alg_key, 0, (aead->alg_key_len + 7) / 8);
else
memcpy(ap->alg_key, aead->alg_key,
(aead->alg_key_len + 7) / 8);
return 0;
}
static int copy_to_user_ealg(struct xfrm_algo *ealg, struct sk_buff *skb)
{
struct xfrm_algo *ap;
bool redact_secret = xfrm_redact();
struct nlattr *nla = nla_reserve(skb, XFRMA_ALG_CRYPT,
xfrm_alg_len(ealg));
if (!nla)
return -EMSGSIZE;
ap = nla_data(nla);
memcpy(ap, ealg, sizeof(*ealg));
if (redact_secret && ealg->alg_key_len)
memset(ap->alg_key, 0, (ealg->alg_key_len + 7) / 8);
else
memcpy(ap->alg_key, ealg->alg_key,
(ealg->alg_key_len + 7) / 8);
return 0; return 0;
} }
...@@ -906,20 +969,17 @@ static int copy_to_user_state_extra(struct xfrm_state *x, ...@@ -906,20 +969,17 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
goto out; goto out;
} }
if (x->aead) { if (x->aead) {
ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead); ret = copy_to_user_aead(x->aead, skb);
if (ret) if (ret)
goto out; goto out;
} }
if (x->aalg) { if (x->aalg) {
ret = copy_to_user_auth(x->aalg, skb); ret = copy_to_user_auth(x->aalg, skb);
if (!ret)
ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC,
xfrm_alg_auth_len(x->aalg), x->aalg);
if (ret) if (ret)
goto out; goto out;
} }
if (x->ealg) { if (x->ealg) {
ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); ret = copy_to_user_ealg(x->ealg, skb);
if (ret) if (ret)
goto out; goto out;
} }
......
...@@ -65,6 +65,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { ...@@ -65,6 +65,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_PERF] = "unsafe use of perf", [LOCKDOWN_PERF] = "unsafe use of perf",
[LOCKDOWN_TRACEFS] = "use of tracefs", [LOCKDOWN_TRACEFS] = "use of tracefs",
[LOCKDOWN_XMON_RW] = "xmon read and write access", [LOCKDOWN_XMON_RW] = "xmon read and write access",
[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment