1. 24 1月, 2023 6 次提交
  2. 18 1月, 2023 9 次提交
  3. 07 1月, 2023 2 次提交
  4. 04 1月, 2023 1 次提交
  5. 31 12月, 2022 16 次提交
  6. 22 12月, 2022 1 次提交
    • N
      KEYS: encrypted: fix key instantiation with user-provided data · 1d1a710c
      Nikolaus Voss 提交于
      commit 5adedd42 upstream.
      
      Commit cd3bc044 ("KEYS: encrypted: Instantiate key with
      user-provided decrypted data") added key instantiation with user
      provided decrypted data.  The user data is hex-ascii-encoded but was
      just memcpy'ed to the binary buffer. Fix this to use hex2bin instead.
      
      Old keys created from user provided decrypted data saved with "keyctl
      pipe" are still valid, however if the key is recreated from decrypted
      data the old key must be converted to the correct format. This can be
      done with a small shell script, e.g.:
      
      BROKENKEY=abcdefABCDEF1234567890aaaaaaaaaa
      NEWKEY=$(echo -ne $BROKENKEY | xxd -p -c32)
      keyctl add user masterkey "$(cat masterkey.bin)" @u
      keyctl add encrypted testkey "new user:masterkey 32 $NEWKEY" @u
      
      However, NEWKEY is still broken: If for BROKENKEY 32 bytes were
      specified, a brute force attacker knowing the key properties would only
      need to try at most 2^(16*8) keys, as if the key was only 16 bytes long.
      
      The security issue is a result of the combination of limiting the input
      range to hex-ascii and using memcpy() instead of hex2bin(). It could
      have been fixed either by allowing binary input or using hex2bin() (and
      doubling the ascii input key length). This patch implements the latter.
      
      The corresponding test for the Linux Test Project ltp has also been
      fixed (see link below).
      
      Fixes: cd3bc044 ("KEYS: encrypted: Instantiate key with user-provided decrypted data")
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/ltp/20221006081709.92303897@mail.steuer-voss.de/Reviewed-by: NMimi Zohar <zohar@linux.ibm.com>
      Signed-off-by: NNikolaus Voss <nikolaus.voss@haag-streit.com>
      Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1d1a710c
  7. 08 12月, 2022 2 次提交
  8. 03 12月, 2022 2 次提交
  9. 24 11月, 2022 1 次提交