]> git.baikalelectronics.ru Git - kernel.git/commit
xfrm: redact SA secret with lockdown confidentiality
authorAntony Antony <antony.antony@secunet.com>
Tue, 17 Nov 2020 16:47:23 +0000 (17:47 +0100)
committerSteffen Klassert <steffen.klassert@secunet.com>
Fri, 27 Nov 2020 10:03:06 +0000 (11:03 +0100)
commit7d43a156600ffd4bd1a47fcced57c1b0392d9bb4
tree3c57c631ca926f27378b28bc9fa2a6f6d81476c8
parent0ab7e8e2e31e69843ce7182c2d56a5ac1cb6592e
xfrm: redact SA secret with lockdown confidentiality

redact XFRM SA secret in the netlink response to xfrm_get_sa()
or dumpall sa.
Enable lockdown, confidentiality mode, at boot or at run time.

e.g. when enabled:
cat /sys/kernel/security/lockdown
none integrity [confidentiality]

ip xfrm state
src 172.16.1.200 dst 172.16.1.100
proto esp spi 0x00000002 reqid 2 mode tunnel
replay-window 0
aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96

note: the aead secret is redacted.
Redacting secret is also a FIPS 140-2 requirement.

v1->v2
 - add size checks before memset calls
v2->v3
 - replace spaces with tabs for consistency
v3->v4
 - use kernel lockdown instead of a /proc setting
v4->v5
 - remove kconfig option

Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
include/linux/security.h
net/xfrm/xfrm_user.c
security/security.c