linux-next/Documentation
Nikolaus Voss 5adedd4224 KEYS: encrypted: fix key instantiation with user-provided data
Commit cd3bc044af ("KEYS: encrypted: Instantiate key with
user-provided decrypted data") added key instantiation with user
provided decrypted data.  The user data is hex-ascii-encoded but was
just memcpy'ed to the binary buffer. Fix this to use hex2bin instead.

Old keys created from user provided decrypted data saved with "keyctl
pipe" are still valid, however if the key is recreated from decrypted
data the old key must be converted to the correct format. This can be
done with a small shell script, e.g.:

BROKENKEY=abcdefABCDEF1234567890aaaaaaaaaa
NEWKEY=$(echo -ne $BROKENKEY | xxd -p -c32)
keyctl add user masterkey "$(cat masterkey.bin)" @u
keyctl add encrypted testkey "new user:masterkey 32 $NEWKEY" @u

However, NEWKEY is still broken: If for BROKENKEY 32 bytes were
specified, a brute force attacker knowing the key properties would only
need to try at most 2^(16*8) keys, as if the key was only 16 bytes long.

The security issue is a result of the combination of limiting the input
range to hex-ascii and using memcpy() instead of hex2bin(). It could
have been fixed either by allowing binary input or using hex2bin() (and
doubling the ascii input key length). This patch implements the latter.

The corresponding test for the Linux Test Project ltp has also been
fixed (see link below).

Fixes: cd3bc044af ("KEYS: encrypted: Instantiate key with user-provided decrypted data")
Cc: stable@kernel.org
Link: https://lore.kernel.org/ltp/20221006081709.92303897@mail.steuer-voss.de/
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-10-19 13:01:23 -04:00
..
ABI VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
accounting filemap: make the accounting of thrashing more consistent 2022-09-26 19:46:06 -07:00
admin-guide PSI updates for v6.1: 2022-10-14 13:03:00 -07:00
arc
arm EFI updates for v6.1 2022-10-09 08:56:54 -07:00
arm64 arm64: errata: Add Cortex-A55 to the repeat tlbi list 2022-10-07 14:42:20 +01:00
block Documentation: document ublk 2022-09-02 09:31:15 -06:00
bpf Networking changes for 6.1. 2022-10-04 13:38:03 -07:00
cdrom
core-api - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
cpu-freq
crypto
dev-tools linux-kselftest-kunit-6.1-rc1-2 2022-10-12 15:01:58 -07:00
devicetree This is very quiet release for LEDs, pca963 got blinking support and 2022-10-14 13:14:03 -07:00
doc-guide Rust introduction for v6.1-rc1 2022-10-03 16:39:37 -07:00
driver-api VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
fault-injection docs: notifier-error-inject: Correct test's name 2022-10-07 10:32:16 -06:00
fb Documentation: fb: udlfb: clean up text and formatting 2022-09-27 13:21:44 -06:00
features
filesystems A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
firmware_class
firmware-guide Merge branches 'acpi-misc', 'acpi-tools' and 'acpi-docs' 2022-10-03 20:03:49 +02:00
fpga
gpu Immutable backlight-detect-refactor branch between acpi, drm-* and pdx86 2022-09-14 12:27:10 +01:00
hid
hwmon hwmon: (corsair-psu) add USB id of new revision of the HX1000i psu 2022-10-02 14:38:55 -07:00
i2c docs: i2c: slave-interface: return errno when handle I2C_SLAVE_WRITE_REQUESTED 2022-09-28 21:41:59 +02:00
ia64
iio docs: iio: add documentation for BNO055 driver 2022-09-21 18:42:56 +01:00
images
infiniband
input Merge branch 'next' into for-linus 2022-10-09 22:30:23 -07:00
isdn
kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
kernel-hacking
leds
litmus-tests
livepatch
locking Remove duplicate words inside documentation 2022-09-27 13:21:43 -06:00
loongarch docs/LoongArch: Add I14 description 2022-08-12 13:10:11 +08:00
m68k
maintainer
mhi
mips
misc-devices
mm A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
netlabel
networking Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
nios2
nvdimm
openrisc
parisc
PCI Fix of heap data and clang warnings, support for a new Intel NTB device, 2022-08-13 14:00:45 -07:00
pcmcia
peci
power
powerpc powerpc/64s: update cpu selection options 2022-09-28 19:22:10 +10:00
process A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
RCU There's not a huge amount of activity in the docs tree this time around, 2022-10-03 10:23:32 -07:00
riscv doc: RISC-V: Document that misaligned accesses are supported 2022-10-12 08:58:10 -07:00
rust x86: enable initial Rust support 2022-09-28 09:02:45 +02:00
s390 vfio/mdev: embedd struct mdev_parent in the parent data structure 2022-10-04 12:06:58 -06:00
scheduler docs: scheduler: Update new path for the sysctl knobs 2022-09-27 13:21:42 -06:00
scsi scsi: docs: Fix a typo 2022-09-01 00:33:34 -04:00
security KEYS: encrypted: fix key instantiation with user-provided data 2022-10-19 13:01:23 -04:00
sh
sound ALSA: doc: Drop snd_dma_continuous_data() usages 2022-08-24 08:00:26 +02:00
sparc
sphinx docs: kerneldoc-preamble: Test xeCJK.sty before loading 2022-08-18 11:27:55 -06:00
sphinx-static
spi
staging docs: put atomic*.txt and memory-barriers.txt into the core-api book 2022-09-29 12:55:06 -06:00
target
timers
tools A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
trace A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
translations A handful of relatively simple documentation fixes, plus a set of patches 2022-10-13 10:58:32 -07:00
usb usbip: add USBIP_URB_* URB transfer flags 2022-08-31 09:07:53 +02:00
userspace-api media updates for v6.1-rc1 2022-10-07 11:04:35 -07:00
virt ARM: 2022-10-11 20:07:44 -07:00
w1 Documentation: W1: minor typo corrections 2022-09-27 13:21:44 -06:00
watchdog
x86 - Get rid of a single ksize() usage 2022-10-04 10:12:08 -07:00
xtensa
.gitignore
arch.rst
atomic_bitops.txt wait_on_bit: add an acquire memory barrier 2022-08-26 09:30:25 -07:00
atomic_t.txt
Changes
CodingStyle
conf.py There's not a huge amount of activity in the docs tree this time around, 2022-10-03 10:23:32 -07:00
docutils.conf
dontdiff
index.rst Rust introduction for v6.1-rc1 2022-10-03 16:39:37 -07:00
Kconfig
Makefile
memory-barriers.txt docs/memory-barriers.txt: Fixup long lines 2022-08-31 05:15:31 -07:00
SubmittingPatches
subsystem-apis.rst docs: Rewrite the front page 2022-09-29 12:55:06 -06:00