[v2,07/41] SUNRPC: Obscure Kerberos encryption keys

Message ID	167380326106.10651.3883618931801361872.stgit@bazille.1015granger.net (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-nfs-owner@vger.kernel.org> Subject: [PATCH v2 07/41] SUNRPC: Obscure Kerberos encryption keys From: Chuck Lever <cel@kernel.org> To: linux-nfs@vger.kernel.org Cc: dhowells@redhat.com, simo@redhat.com, linux-kselftest@vger.kernel.org Date: Sun, 15 Jan 2023 12:21:01 -0500 Message-ID: <167380326106.10651.3883618931801361872.stgit@bazille.1015granger.net> In-Reply-To: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> References: <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk
Series	RPCSEC GSS krb5 enhancements \| expand [v2,00/41] RPCSEC GSS krb5 enhancements [v2,01/41] SUNRPC: Add header ifdefs to linux/sunrpc/gss_krb5.h [v2,02/41] SUNRPC: Remove .blocksize field from struct gss_krb5_enctype [v2,03/41] SUNRPC: Remove .conflen field from struct gss_krb5_enctype [v2,04/41] SUNRPC: Improve Kerberos confounder generation [v2,05/41] SUNRPC: Obscure Kerberos session key [v2,06/41] SUNRPC: Refactor set-up for aux_cipher [v2,07/41] SUNRPC: Obscure Kerberos encryption keys [v2,08/41] SUNRPC: Obscure Kerberos signing keys [v2,09/41] SUNRPC: Obscure Kerberos integrity keys [v2,10/41] SUNRPC: Refactor the GSS-API Per Message calls in the Kerberos mechanism [v2,11/41] SUNRPC: Remove another switch on ctx->enctype [v2,12/41] SUNRPC: Add /proc/net/rpc/gss_krb5_enctypes file [v2,13/41] NFSD: Replace /proc/fs/nfsd/supported_krb5_enctypes with a symlink [v2,14/41] SUNRPC: Replace KRB5_SUPPORTED_ENCTYPES macro [v2,15/41] SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES [v2,16/41] SUNRPC: Remove ->encrypt and ->decrypt methods from struct gss_krb5_enctype [v2,17/41] SUNRPC: Rename .encrypt_v2 and .decrypt_v2 methods [v2,18/41] SUNRPC: Hoist KDF into struct gss_krb5_enctype [v2,19/41] SUNRPC: Clean up cipher set up for v1 encryption types [v2,20/41] SUNRPC: Parametrize the key length passed to context_v2_alloc_cipher() [v2,21/41] SUNRPC: Add new subkey length fields [v2,22/41] SUNRPC: Refactor CBC with CTS into helpers [v2,23/41] SUNRPC: Add gk5e definitions for RFC 8009 encryption types [v2,24/41] SUNRPC: Add KDF-HMAC-SHA2 [v2,25/41] SUNRPC: Add RFC 8009 encryption and decryption functions [v2,26/41] SUNRPC: Advertise support for RFC 8009 encryption types [v2,27/41] SUNRPC: Support the Camellia enctypes [v2,28/41] SUNRPC: Add KDF_FEEDBACK_CMAC [v2,29/41] SUNRPC: Advertise support for the Camellia encryption types [v2,30/41] SUNRPC: Move remaining internal definitions to gss_krb5_internal.h [v2,31/41] SUNRPC: Add KUnit tests for rpcsec_krb5.ko [v2,32/41] SUNRPC: Export get_gss_krb5_enctype() [v2,33/41] SUNRPC: Add KUnit tests RFC 3961 Key Derivation [v2,34/41] SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption [v2,35/41] SUNRPC: Add KDF KUnit tests for the RFC 6803 encryption types [v2,36/41] SUNRPC: Add checksum KUnit tests for the RFC 6803 encryption types [v2,37/41] SUNRPC: Add encryption KUnit tests for the RFC 6803 encryption types [v2,38/41] SUNRPC: Add KDF-HMAC-SHA2 Kunit tests [v2,39/41] SUNRPC: Add RFC 8009 checksum KUnit tests [v2,40/41] SUNRPC: Add RFC 8009 encryption KUnit tests [v2,41/41] SUNRPC: Add encryption self-tests

Message ID

167380326106.10651.3883618931801361872.stgit@bazille.1015granger.net (mailing list archive)

State

New, archived

Headers

Subject: [PATCH v2 07/41] SUNRPC: Obscure Kerberos encryption keys
From: Chuck Lever <cel@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: dhowells@redhat.com, simo@redhat.com,
        linux-kselftest@vger.kernel.org
Date: Sun, 15 Jan 2023 12:21:01 -0500
Message-ID: 
 <167380326106.10651.3883618931801361872.stgit@bazille.1015granger.net>
In-Reply-To: 
 <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net>
References: 
 <167380196429.10651.4103075913257868035.stgit@bazille.1015granger.net>
User-Agent: StGit/1.5
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

RPCSEC GSS krb5 enhancements | expand

Commit Message

Chuck Lever Jan. 15, 2023, 5:21 p.m. UTC

From: Chuck Lever <chuck.lever@oracle.com>

The encryption subkeys are not used after the cipher transforms have
been allocated and keyed. There is no need to retain them in struct
krb5_ctx.

Tested-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 include/linux/sunrpc/gss_krb5.h     |    2 --
 net/sunrpc/auth_gss/gss_krb5_mech.c |   43 +++++++++++++++++++++--------------
 2 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 34d54714c6a3..46eaa2ee9c21 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -110,8 +110,6 @@  struct krb5_ctx {
 	struct xdr_netobj	mech_used;
 	u8			initiator_sign[GSS_KRB5_MAX_KEYLEN];
 	u8			acceptor_sign[GSS_KRB5_MAX_KEYLEN];
-	u8			initiator_seal[GSS_KRB5_MAX_KEYLEN];
-	u8			acceptor_seal[GSS_KRB5_MAX_KEYLEN];
 	u8			initiator_integ[GSS_KRB5_MAX_KEYLEN];
 	u8			acceptor_integ[GSS_KRB5_MAX_KEYLEN];
 };
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index afa6a692ccdd..8bc24c0684cb 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -350,42 +350,49 @@  context_derive_keys_des3(struct krb5_ctx *ctx, gfp_t gfp_mask)
 static int
 context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask)
 {
-	struct xdr_netobj c, keyin, keyout;
 	u8 cdata[GSS_KRB5_K5CLENGTH];
+	struct xdr_netobj c = {
+		.len	= sizeof(cdata),
+		.data	= cdata,
+	};
+	struct xdr_netobj keyin = {
+		.len	= ctx->gk5e->keylength,
+		.data	= ctx->Ksess,
+	};
+	struct xdr_netobj keyout;
+	int ret = -EINVAL;
+	void *subkey;
 	u32 err;
 
-	c.len = GSS_KRB5_K5CLENGTH;
-	c.data = cdata;
-
-	keyin.data = ctx->Ksess;
-	keyin.len = ctx->gk5e->keylength;
+	subkey = kmalloc(ctx->gk5e->keylength, gfp_mask);
+	if (!subkey)
+		return -ENOMEM;
 	keyout.len = ctx->gk5e->keylength;
+	keyout.data = subkey;
 
 	/* initiator seal encryption */
 	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);
-	keyout.data = ctx->initiator_seal;
 	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);
 	if (err) {
 		dprintk("%s: Error %d deriving initiator_seal key\n",
 			__func__, err);
-		goto out_err;
+		goto out;
 	}
 	ctx->initiator_enc = context_v2_alloc_cipher(ctx,
 						     ctx->gk5e->encrypt_name,
-						     ctx->initiator_seal);
+						     subkey);
 	if (ctx->initiator_enc == NULL)
-		goto out_err;
+		goto out;
 	if (ctx->gk5e->aux_cipher) {
 		ctx->initiator_enc_aux =
 			context_v2_alloc_cipher(ctx, ctx->gk5e->aux_cipher,
-						ctx->initiator_seal);
+						subkey);
 		if (ctx->initiator_enc_aux == NULL)
 			goto out_free;
 	}
 
 	/* acceptor seal encryption */
 	set_cdata(cdata, KG_USAGE_ACCEPTOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);
-	keyout.data = ctx->acceptor_seal;
 	err = krb5_derive_key(ctx->gk5e, &keyin, &keyout, &c, gfp_mask);
 	if (err) {
 		dprintk("%s: Error %d deriving acceptor_seal key\n",
@@ -394,13 +401,13 @@  context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask)
 	}
 	ctx->acceptor_enc = context_v2_alloc_cipher(ctx,
 						    ctx->gk5e->encrypt_name,
-						    ctx->acceptor_seal);
+						    subkey);
 	if (ctx->acceptor_enc == NULL)
 		goto out_free;
 	if (ctx->gk5e->aux_cipher) {
 		ctx->acceptor_enc_aux =
 			context_v2_alloc_cipher(ctx, ctx->gk5e->aux_cipher,
-						ctx->acceptor_seal);
+						subkey);
 		if (ctx->acceptor_enc_aux == NULL)
 			goto out_free;
 	}
@@ -445,15 +452,17 @@  context_derive_keys_new(struct krb5_ctx *ctx, gfp_t gfp_mask)
 		goto out_free;
 	}
 
-	return 0;
+	ret = 0;
+out:
+	kfree_sensitive(subkey);
+	return ret;
 
 out_free:
 	crypto_free_sync_skcipher(ctx->acceptor_enc_aux);
 	crypto_free_sync_skcipher(ctx->acceptor_enc);
 	crypto_free_sync_skcipher(ctx->initiator_enc_aux);
 	crypto_free_sync_skcipher(ctx->initiator_enc);
-out_err:
-	return -EINVAL;
+	goto out;
 }
 
 static int

[v2,07/41] SUNRPC: Obscure Kerberos encryption keys

Commit Message

Patch