From patchwork Fri Apr 21 08:30:35 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 9692103
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3C7E16038E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:34:41 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2E8D328614
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:34:41 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 23AAA28616; Fri, 21 Apr 2017 08:34:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BFE6728614
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:34:40 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1036734AbdDUIcL (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Fri, 21 Apr 2017 04:32:11 -0400
Received: from mail-oi0-f66.google.com ([209.85.218.66]:36434 "EHLO
	mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1035971AbdDUIcH (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Fri, 21 Apr 2017 04:32:07 -0400
Received: by mail-oi0-f66.google.com with SMTP id a3so12828054oii.3;
	Fri, 21 Apr 2017 01:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=I7RhRraQctk2iOg5JlsYRyEeKHeiIDbD7+E9xQA0ijw=;
	b=J6SDFAstFyiazz03VlbDiIIx5olAlNzG/1C78Pf1TnRAyboXL+TBb9DmTmUGDSwUkO
	8DnHxV8WZBfvccEgAT0VhyCStNQeZVyXSDzVMA1/Bt1cb0uuyhRuJL1p6DBnXU4p/vsD
	xtSzrIEIgtylhPMW4sqGYMdFcKH7sgU4YDcfvVI+mbjpBUh/Zam6xh6xRnZ8XErBfOCi
	O6/SBA1CB5N/Gob6KVH/LqMhms1Z4phCtXr0JAOBaSmjxd7vpFyi+gRV1AV0ZBzRCwgv
	r9StiN3ns+qJoGmRbW5cnW/oTgMARmfIBbQqEIShEmoPCvXCikxvkhqX9OYDqg4URTw+
	L3lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=I7RhRraQctk2iOg5JlsYRyEeKHeiIDbD7+E9xQA0ijw=;
	b=CZ2HhUklZFOUZEU98ikyrDpElTG9FDK3WtcIltIezaMEl9CVxvH9iY04PTqjKAfTeA
	Wr8O/tP+i0HNclsbGjjzlpy1CDC6LfyirpuQ1H0LwGdzDmk6q1G3lj8hddF3Z9ZpJ6y8
	Mv7l9SV9Ql8fWahK8Ts0VKTrtBvYiHuMuCK8Vh/3YSywI32Lk5vBL++JVYZz9OWC9mgl
	z9KBMd4aDyfeCeUynk1t30gukCLbIZstpNmVLFUfblrOyWNUl1l8PK29pH0gSSkVPxgJ
	XLwSuPTVGa3yL3bdZ9+QRuAYoRrDgBvI5YtpHsFynQwgVG0by7iB47njI5gbvh7IFpu3
	lr2w==
X-Gm-Message-State: AN3rC/6ZikT9VT2AnbfItXM02xnxuDfq4e0n8Lzk2h25EKIdYhZ5IpRi
	t1TGMBgp3WkrNg==
X-Received: by 10.84.238.198 with SMTP id l6mr14722889pln.95.1492763526618;
	Fri, 21 Apr 2017 01:32:06 -0700 (PDT)
Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net.
	[73.239.167.150]) by smtp.gmail.com with ESMTPSA id
	m187sm14593981pfm.122.2017.04.21.01.32.05
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 21 Apr 2017 01:32:06 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>, David Safford <safford@us.ibm.com>
Subject: [PATCH 3/5] KEYS: encrypted: sanitize all key material
Date: Fri, 21 Apr 2017 01:30:35 -0700
Message-Id: <20170421083037.12746-4-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.12.2
In-Reply-To: <20170421083037.12746-1-ebiggers3@gmail.com>
References: <20170421083037.12746-1-ebiggers3@gmail.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

For keys of type "encrypted", consistently zero sensitive key material
before freeing it.  This was already being done for the decrypted
payloads of encrypted keys, but not for the master key and the keys
derived from the master key.

Out of an abundance of caution and because it is trivial to do so, also
zero buffers containing the key payload in encrypted form, although
depending on how the encrypted-keys feature is used such information
does not necessarily need to be kept secret.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/encrypted-keys/encrypted.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 0010955d7876..1ca895e7e56a 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -397,7 +397,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
 	memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
 	       master_keylen);
 	ret = calc_hash(derived_key, derived_buf, derived_buf_len);
-	kfree(derived_buf);
+	kzfree(derived_buf);
 	return ret;
 }
 
@@ -533,6 +533,7 @@ static int datablob_hmac_append(struct encrypted_key_payload *epayload,
 	if (!ret)
 		dump_hmac(NULL, digest, HASH_SIZE);
 out:
+	memzero_explicit(derived_key, sizeof(derived_key));
 	return ret;
 }
 
@@ -571,6 +572,7 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
 		dump_hmac("calc", digest, HASH_SIZE);
 	}
 out:
+	memzero_explicit(derived_key, sizeof(derived_key));
 	return ret;
 }
 
@@ -722,6 +724,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
 out:
 	up_read(&mkey->sem);
 	key_put(mkey);
+	memzero_explicit(derived_key, sizeof(derived_key));
 	return ret;
 }
 
@@ -828,13 +831,13 @@ static int encrypted_instantiate(struct key *key,
 	ret = encrypted_init(epayload, key->description, format, master_desc,
 			     decrypted_datalen, hex_encoded_iv);
 	if (ret < 0) {
-		kfree(epayload);
+		kzfree(epayload);
 		goto out;
 	}
 
 	rcu_assign_keypointer(key, epayload);
 out:
-	kfree(datablob);
+	kzfree(datablob);
 	return ret;
 }
 
@@ -843,8 +846,7 @@ static void encrypted_rcu_free(struct rcu_head *rcu)
 	struct encrypted_key_payload *epayload;
 
 	epayload = container_of(rcu, struct encrypted_key_payload, rcu);
-	memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
-	kfree(epayload);
+	kzfree(epayload);
 }
 
 /*
@@ -902,7 +904,7 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
 	rcu_assign_keypointer(key, new_epayload);
 	call_rcu(&epayload->rcu, encrypted_rcu_free);
 out:
-	kfree(buf);
+	kzfree(buf);
 	return ret;
 }
 
@@ -960,33 +962,26 @@ static long encrypted_read(const struct key *key, char __user *buffer,
 
 	up_read(&mkey->sem);
 	key_put(mkey);
+	memzero_explicit(derived_key, sizeof(derived_key));
 
 	if (copy_to_user(buffer, ascii_buf, asciiblob_len) != 0)
 		ret = -EFAULT;
-	kfree(ascii_buf);
+	kzfree(ascii_buf);
 
 	return asciiblob_len;
 out:
 	up_read(&mkey->sem);
 	key_put(mkey);
+	memzero_explicit(derived_key, sizeof(derived_key));
 	return ret;
 }
 
 /*
- * encrypted_destroy - before freeing the key, clear the decrypted data
- *
- * Before freeing the key, clear the memory containing the decrypted
- * key data.
+ * encrypted_destroy - clear and free the key's payload
  */
 static void encrypted_destroy(struct key *key)
 {
-	struct encrypted_key_payload *epayload = key->payload.data[0];
-
-	if (!epayload)
-		return;
-
-	memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen);
-	kfree(key->payload.data[0]);
+	kzfree(key->payload.data[0]);
 }
 
 struct key_type key_type_encrypted = {