linux/Documentation/security
Nikolaus Voss 5adedd4224 KEYS: encrypted: fix key instantiation with user-provided data
Commit cd3bc044af ("KEYS: encrypted: Instantiate key with
user-provided decrypted data") added key instantiation with user
provided decrypted data.  The user data is hex-ascii-encoded but was
just memcpy'ed to the binary buffer. Fix this to use hex2bin instead.

Old keys created from user provided decrypted data saved with "keyctl
pipe" are still valid, however if the key is recreated from decrypted
data the old key must be converted to the correct format. This can be
done with a small shell script, e.g.:

BROKENKEY=abcdefABCDEF1234567890aaaaaaaaaa
NEWKEY=$(echo -ne $BROKENKEY | xxd -p -c32)
keyctl add user masterkey "$(cat masterkey.bin)" @u
keyctl add encrypted testkey "new user:masterkey 32 $NEWKEY" @u

However, NEWKEY is still broken: If for BROKENKEY 32 bytes were
specified, a brute force attacker knowing the key properties would only
need to try at most 2^(16*8) keys, as if the key was only 16 bytes long.

The security issue is a result of the combination of limiting the input
range to hex-ascii and using memcpy() instead of hex2bin(). It could
have been fixed either by allowing binary input or using hex2bin() (and
doubling the ascii input key length). This patch implements the latter.

The corresponding test for the Linux Test Project ltp has also been
fixed (see link below).

Fixes: cd3bc044af ("KEYS: encrypted: Instantiate key with user-provided decrypted data")
Cc: stable@kernel.org
Link: https://lore.kernel.org/ltp/20221006081709.92303897@mail.steuer-voss.de/
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-10-19 13:01:23 -04:00
..
keys KEYS: encrypted: fix key instantiation with user-provided data 2022-10-19 13:01:23 -04:00
secrets Documentation: KVM: update amd-memory-encryption.rst references 2022-07-07 13:09:59 -06:00
tpm Documentation: drop optional BOMs 2021-05-10 15:17:34 -06:00
credentials.rst Documentation: remove current_security() reference 2020-09-09 11:33:59 -06:00
digsig.rst docs: move digsig docs to the security book 2020-05-15 12:03:48 -06:00
IMA-templates.rst ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
index.rst docs: security: Add secrets/coco documentation 2022-04-13 19:11:20 +02:00
landlock.rst landlock: Fix documentation style 2022-09-29 18:43:04 +02:00
lsm-development.rst Documentation: Replace lkml.org links with lore 2021-01-11 12:47:38 -07:00
lsm.rst Documentation: LSM: Correct the basic LSM description 2020-05-25 18:59:59 -06:00
sak.rst docs: security: move some books to it and update 2019-07-15 11:03:01 -03:00
SCTP.rst docs: fix 'make htmldocs' warning in SCTP.rst 2022-02-28 11:09:10 -05:00
self-protection.rst docs: update self-protection __ro_after_init status 2021-12-10 14:02:06 -07:00
siphash.rst Documentation: siphash: Fix typo in the name of offsetofend macro 2022-07-13 14:01:22 -06:00