mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/keys
History
Yael Tzur cd3bc044af KEYS: encrypted: Instantiate key with user-provided decrypted data 
For availability and performance reasons master keys often need to be
released outside of a Key Management Service (KMS) to clients. It
would be beneficial to provide a mechanism where the
wrapping/unwrapping of data encryption keys (DEKs) is not dependent
on a remote call at runtime yet security is not (or only minimally)
compromised. Master keys could be securely stored in the Kernel and
be used to wrap/unwrap keys from Userspace.

The encrypted.c class supports instantiation of encrypted keys with
either an already-encrypted key material, or by generating new key
material based on random numbers. This patch defines a new datablob
format: [<format>] <master-key name> <decrypted data length>
<decrypted data> that allows to inject and encrypt user-provided
decrypted data. The decrypted data must be hex-ascii encoded.

Signed-off-by: Yael Tzur <yaelt@google.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-02-21 19:47:45 -05:00
..
encrypted-keys KEYS: encrypted: Instantiate key with user-provided decrypted data 2022-02-21 19:47:45 -05:00
trusted-keys trusted-keys: match tpm_get_ops on all return paths 2021-05-12 22:36:37 +03:00
big_key.c security/keys: use kvfree_sensitive() 2021-01-21 16:16:09 +00:00
compat.c security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
compat_dh.c
dh.c security: DH - use KDF implementation from crypto API 2021-11-26 16:25:17 +11:00
gc.c watch_queue: Add a key/keyring notification facility 2020-05-19 15:19:06 +01:00
internal.h security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
Kconfig KEYS: encrypted: Instantiate key with user-provided decrypted data 2022-02-21 19:47:45 -05:00
key.c certs: Fix blacklist flag type confusion 2021-01-21 16:16:10 +00:00
keyctl.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
keyctl_pkey.c KEYS: remove redundant memset 2021-01-21 16:16:09 +00:00
keyring.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
Makefile KEYS: remove CONFIG_KEYS_COMPAT 2019-12-12 23:41:17 +02:00
permission.c keys: Make the KEY_NEED_* perms an enum rather than a mask 2020-05-19 15:42:22 +01:00
persistent.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
proc.c keys: Fix proc_keys_next to increase position index 2020-04-16 10:10:50 -07:00
process_keys.c ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
request_key.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
request_key_auth.c KEYS: Don't write out to userspace while holding key semaphore 2020-03-29 12:40:41 +01:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
user_defined.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00