Changes in Kconfig

edc8e80b - crypto: lib/Kconfig - hide library options

Fri, 14 Mar 2025 16:05:32 +0000

crypto: lib/Kconfig - hide library optionsAny driver that needs these library functions should already be selectingthe corresponding Kconfig symbols, so there is no real point in makingthese visible.The original patch that made these user selectable described problemswith drivers failing to select the code they use, but for consistencyit's better to always use 'select' on a symbol than to mix it with'depends on'.Fixes: e56e18985596 ("lib/crypto: add prompts back to crypto libraries")Signed-off-by: Arnd Bergmann Acked-by: Jarkko Sakkinen Signed-off-by: Herbert Xu List of files: /linux-6.15/security/keys/Kconfig

be07858f - KEYS: trusted: allow use of TEE as backend without TCG_TPM support

Fri, 13 May 2022 14:56:59 +0000

KEYS: trusted: allow use of TEE as backend without TCG_TPM supportWith recent rework, trusted keys are no longer limited to TPM as trustsource. The Kconfig symbol is unchanged however leading to a few issues: - TCG_TPM is required, even if only TEE is to be used - Enabling TCG_TPM, but excluding it from available trusted sources is not possible - TEE=m && TRUSTED_KEYS=y will lead to TEE support being silently dropped, which is not the best user experienceRemedy these issues by introducing two new boolean Kconfig symbols:TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriatedependencies.Any new code depending on the TPM trusted key backend in particularor symbols exported by it will now need to explicitly state that it depends on TRUSTED_KEYS && TRUSTED_KEYS_TPMThe latter to ensure the dependency is built and the former to ensureit's reachable for module builds. There are no such users yet.Reviewed-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Reviewed-by: Pankaj Gupta Tested-by: Pankaj Gupta Tested-by: Andreas Rammhold Tested-by: Tim Harvey Tested-by: Michael Walle # on ls1028a (non-E and E)Tested-by: John Ernberg # iMX8QXPSigned-off-by: Ahmad Fatoum Signed-off-by: Jarkko Sakkinen List of files: /linux-6.15/security/keys/Kconfig

cd3bc044 - KEYS: encrypted: Instantiate key with user-provided decrypted data

Tue, 15 Feb 2022 14:19:53 +0000

KEYS: encrypted: Instantiate key with user-provided decrypted dataFor availability and performance reasons master keys often need to bereleased outside of a Key Management Service (KMS) to clients. Itwould be beneficial to provide a mechanism where thewrapping/unwrapping of data encryption keys (DEKs) is not dependenton a remote call at runtime yet security is not (or only minimally)compromised. Master keys could be securely stored in the Kernel andbe used to wrap/unwrap keys from Userspace.The encrypted.c class supports instantiation of encrypted keys witheither an already-encrypted key material, or by generating new keymaterial based on random numbers. This patch defines a new datablobformat: [] that allows to inject and encrypt user-provideddecrypted data. The decrypted data must be hex-ascii encoded.Signed-off-by: Yael Tzur Reviewed-by: Mimi Zohar Reviewed-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Signed-off-by: Mimi Zohar List of files: /linux-6.15/security/keys/Kconfig

d3b04a43 - security: DH - use KDF implementation from crypto API

Fri, 19 Nov 2021 06:59:09 +0000

security: DH - use KDF implementation from crypto APIThe kernel crypto API provides the SP800-108 counter KDF implementation.Thus, the separate implementation provided as part of the keys subsystemcan be replaced with calls to the KDF offered by the kernel crypto API.The keys subsystem uses the counter KDF with a hash primitive. Thus,it only uses the call to crypto_kdf108_ctr_generate.Signed-off-by: Stephan Mueller Acked-by: Mat Martineau Signed-off-by: Herbert Xu List of files: /linux-6.15/security/keys/Kconfig

f2219745 - security: keys: trusted: use ASN.1 TPM2 key format for the blobs

Wed, 27 Jan 2021 19:06:16 +0000

security: keys: trusted: use ASN.1 TPM2 key format for the blobsModify the TPM2 key format blob output to export and import in theASN.1 form for TPM2 sealed object keys. For compatibility with priortrusted keys, the importer will also accept two TPM2B quantitiesrepresenting the public and private parts of the key. However, theexport via keyctl pipe will only output the ASN.1 format.The benefit of the ASN.1 format is that it's a standard and thus theexported key can be used by userspace tools (openssl_tpm2_engine,openconnect and tpm2-tss-engine). The format includes policyspecifications, thus it gets us out of having to construct policyhandles in userspace and the format includes the parent meaning youdon't have to keep passing it in each time.This patch only implements basic handling for the ASN.1 format, sokeys with passwords but no policy.Signed-off-by: James Bottomley Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen List of files: /linux-6.15/security/keys/Kconfig

8fe62e0c - watch_queue: Drop references to /dev/watch_queue

Tue, 24 Nov 2020 20:28:02 +0000

watch_queue: Drop references to /dev/watch_queueThe merged API doesn't use a watch_queue device, but instead relies onpipes, so let the documentation reflect that.Fixes: f7e47677e39a ("watch_queue: Add a key/keyring notification facility")Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: David Howells Acked-by: Jarkko Sakkinen Reviewed-by: Ben Boeckel List of files: /linux-6.15/security/keys/Kconfig

521fd61c - security/keys: rewrite big_key crypto to use library interface

Mon, 11 May 2020 21:51:01 +0000

security/keys: rewrite big_key crypto to use library interfaceA while back, I noticed that the crypto and crypto API usage in big_keyswere entirely broken in multiple ways, so I rewrote it. Now, I'mrewriting it again, but this time using the simpler ChaCha20Poly1305library function. This makes the file considerably more simple; thediffstat alone should justify this commit. It also should be faster,since it no longer requires a mutex around the "aead api object" (norallocations), allowing us to encrypt multiple items in parallel. We alsobenefit from being able to pass any type of pointer, so we can get ridof the ridiculously complex custom page allocator that big_key reallydoesn't need.[DH: Change the select CRYPTO_LIB_CHACHA20POLY1305 to a depends on as select doesn't propagate and the build can end up with an =y dependending on some =m pieces. The depends on CRYPTO also had to be removed otherwise the configurator complains about a recursive dependency.]Cc: Andy Lutomirski Cc: Greg KH Cc: Linus Torvalds Cc: kernel-hardening@lists.openwall.comReviewed-by: Eric Biggers Signed-off-by: Jason A. Donenfeld Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

f7e47677 - watch_queue: Add a key/keyring notification facility

Tue, 14 Jan 2020 17:07:11 +0000

watch_queue: Add a key/keyring notification facilityAdd a key/keyring change notification facility whereby notifications aboutchanges in key and keyring content and attributes can be received.Firstly, an event queue needs to be created: pipe2(fds, O_NOTIFICATION_PIPE); ioctl(fds[1], IOC_WATCH_QUEUE_SET_SIZE, 256);then a notification can be set up to report notifications via that queue: struct watch_notification_filter filter = { .nr_filters = 1, .filters = { [0] = { .type = WATCH_TYPE_KEY_NOTIFY, .subtype_filter[0] = UINT_MAX, }, }, }; ioctl(fds[1], IOC_WATCH_QUEUE_SET_FILTER, &filter); keyctl_watch_key(KEY_SPEC_SESSION_KEYRING, fds[1], 0x01);After that, records will be placed into the queue when events occur inwhich keys are changed in some way. Records are of the following format: struct key_notification { struct watch_notification watch; __u32 key_id; __u32 aux; } *n;Where: n->watch.type will be WATCH_TYPE_KEY_NOTIFY. n->watch.subtype will indicate the type of event, such as NOTIFY_KEY_REVOKED. n->watch.info & WATCH_INFO_LENGTH will indicate the length of the record. n->watch.info & WATCH_INFO_ID will be the second argument to keyctl_watch_key(), shifted. n->key will be the ID of the affected key. n->aux will hold subtype-dependent information, such as the key being linked into the keyring specified by n->key in the case of NOTIFY_KEY_LINKED.Note that it is permissible for event records to be of variable length -or, at least, the length may be dependent on the subtype. Note also thatthe queue can be shared between multiple notifications of various types.Signed-off-by: David Howells Reviewed-by: James Morris List of files: /linux-6.15/security/keys/Kconfig

601f0093 - KEYS: remove CONFIG_KEYS_COMPAT

Wed, 09 Oct 2019 23:04:43 +0000

KEYS: remove CONFIG_KEYS_COMPATKEYS_COMPAT now always takes the value of COMPAT && KEYS. But thesecurity/keys/ directory is only compiled if KEYS is enabled, so inpractice KEYS_COMPAT is the same as COMPAT. Therefore, remove theunnecessary KEYS_COMPAT and just use COMPAT directly.(Also remove an outdated comment from compat.c.)Reviewed-by: James Morris Signed-off-by: Eric Biggers Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen List of files: /linux-6.15/security/keys/Kconfig

7743c48e - keys: Cache result of request_key*() temporarily in task_struct

Wed, 19 Jun 2019 15:10:15 +0000

keys: Cache result of request_key*() temporarily in task_structIf a filesystem uses keys to hold authentication tokens, then it needs atoken for each VFS operation that might perform an authentication check -either by passing it to the server, or using to perform a check based onauthentication data cached locally.For open files this isn't a problem, since the key should be cached in thefile struct since it represents the subject performing operations on thatfile descriptor.During pathwalk, however, there isn't anywhere to cache the key, exceptperhaps in the nameidata struct - but that isn't exposed to thefilesystems. Further, a pathwalk can incur a lot of operations, callingone or more of the following, for instance: ->lookup() ->permission() ->d_revalidate() ->d_automount() ->get_acl() ->getxattr()on each dentry/inode it encounters - and each one may need to callrequest_key(). And then, at the end of pathwalk, it will call the actualoperation: ->mkdir() ->mknod() ->getattr() ->open() ...which may need to go and get the token again.However, it is very likely that all of the operations on a singledentry/inode - and quite possibly a sequence of them - will all want to usethe same authentication token, which suggests that caching it would be agood idea.To this end: (1) Make it so that a positive result of request_key() and co. that didn't require upcalling to userspace is cached temporarily in task_struct. (2) The cache is 1 deep, so a new result displaces the old one. (3) The key is released by exit and by notify-resume. (4) The cache is cleared in a newly forked process.Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

ec8f24b7 - treewide: Add SPDX license identifier - Makefile/Kconfig

Sun, 19 May 2019 12:07:45 +0000

treewide: Add SPDX license identifier - Makefile/KconfigAdd SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any formThese files fall under the project license, GPL v2 only. The resulting SPDXlicense identifier is: GPL-2.0-onlySigned-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman List of files: /linux-6.15/security/keys/Kconfig

3cd18d19 - security/keys: BIG_KEY requires CONFIG_CRYPTO

Wed, 04 Oct 2017 10:27:00 +0000

security/keys: BIG_KEY requires CONFIG_CRYPTOThe recent rework introduced a possible randconfig build failurewhen CONFIG_CRYPTO configured to only allow modules:security/keys/big_key.o: In function `big_key_crypt':big_key.c:(.text+0x29f): undefined reference to `crypto_aead_setkey'security/keys/big_key.o: In function `big_key_init':big_key.c:(.init.text+0x1a): undefined reference to `crypto_alloc_aead'big_key.c:(.init.text+0x45): undefined reference to `crypto_aead_setauthsize'big_key.c:(.init.text+0x77): undefined reference to `crypto_destroy_tfm'crypto/gcm.o: In function `gcm_hash_crypt_remain_continue':gcm.c:(.text+0x167): undefined reference to `crypto_ahash_finup'crypto/gcm.o: In function `crypto_gcm_exit_tfm':gcm.c:(.text+0x847): undefined reference to `crypto_destroy_tfm'When we 'select CRYPTO' like the other users, we always get aconfiguration that builds.Fixes: 428490e38b2e ("security/keys: rewrite all of big_key crypto")Signed-off-by: Arnd Bergmann Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

428490e3 - security/keys: rewrite all of big_key crypto

Wed, 20 Sep 2017 14:58:39 +0000

security/keys: rewrite all of big_key cryptoThis started out as just replacing the use of crypto/rng withget_random_bytes_wait, so that we wouldn't use bad randomness at boottime. But, upon looking further, it appears that there were even deeperunderlying cryptographic problems, and that this seems to have beencommitted with very little crypto review. So, I rewrote the whole thing,trying to keep to the conventions introduced by the previous author, tofix these cryptographic flaws.It makes no sense to seed crypto/rng at boot time and then keepusing it like this, when in fact there's already get_random_bytes_wait,which can ensure there's enough entropy and be a much more standard wayof generating keys. Since this sensitive material is being storeduntrusted, using ECB and no authentication is simply not okay at all. Ifind it surprising and a bit horrifying that this code even made it pastbasic crypto review, which perhaps points to some larger issues. Thispatch moves from using AES-ECB to using AES-GCM. Since keys are uniquelygenerated each time, we can set the nonce to zero. There was also a racecondition in which the same key would be reused at the same time indifferent threads. A mutex fixes this issue now.So, to summarize, this commit fixes the following vulnerabilities: * Low entropy key generation, allowing an attacker to potentially guess or predict keys. * Unauthenticated encryption, allowing an attacker to modify the cipher text in particular ways in order to manipulate the plaintext, which is is even more frightening considering the next point. * Use of ECB mode, allowing an attacker to trivially swap blocks or compare identical plaintext blocks. * Key re-use. * Faulty memory zeroing.Signed-off-by: Jason A. Donenfeld Reviewed-by: Eric Biggers Signed-off-by: David Howells Cc: Herbert Xu Cc: Kirill Marinushkin Cc: security@kernel.orgCc: stable@vger.kernel.org List of files: /linux-6.15/security/keys/Kconfig

7cbe0932 - KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API

Thu, 08 Jun 2017 13:50:11 +0000

KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP APIThe initial Diffie-Hellman computation made direct use of the MPIlibrary because the crypto module did not support DH at the time. Nowthat KPP is implemented, KEYCTL_DH_COMPUTE should use it to get rid ofduplicate code and leverage possible hardware acceleration.This fixes an issue whereby the input to the KDF computation wouldinclude additional uninitialized memory when the result of theDiffie-Hellman computation was shorter than the input prime number.Signed-off-by: Mat Martineau Signed-off-by: David Howells Signed-off-by: James Morris List of files: /linux-6.15/security/keys/Kconfig

47b2c3ff - security/keys: add CONFIG_KEYS_COMPAT to Kconfig

Thu, 08 Jun 2017 13:47:26 +0000

security/keys: add CONFIG_KEYS_COMPAT to KconfigCONFIG_KEYS_COMPAT is defined in arch-specific Kconfigs and is missing forseveral 64-bit architectures : mips, parisc, tile.At the moment and for those architectures, calling in 32-bit userspace thekeyctl syscall would return an ENOSYS error.This patch moves the CONFIG_KEYS_COMPAT option to security/keys/Kconfig, tomake sure the compatibility wrapper is registered by default for any 64-bitarchitecture as long as it is configured with CONFIG_COMPAT.[DH: Modified to remove arm64 compat enablement also as requested by Eric Biggers]Signed-off-by: Bilal Amarni Signed-off-by: David Howells Reviewed-by: Arnd Bergmann cc: Eric Biggers Signed-off-by: James Morris List of files: /linux-6.15/security/keys/Kconfig

4cd4ca7c - keys: select CONFIG_CRYPTO when selecting DH / KDF

Tue, 11 Apr 2017 11:07:07 +0000

keys: select CONFIG_CRYPTO when selecting DH / KDFSelect CONFIG_CRYPTO in addition to CONFIG_HASH to ensure thatalso CONFIG_HASH2 is selected. Both are needed for the shashcipher support required for the KDF operation.Signed-off-by: Stephan Mueller Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

f1c316a3 - KEYS: add SP800-56A KDF support for DH

Fri, 19 Aug 2016 18:39:09 +0000

KEYS: add SP800-56A KDF support for DHSP800-56A defines the use of DH with key derivation function based on acounter. The input to the KDF is defined as (DH shared secret || otherinformation). The value for the "other information" is to be provided bythe caller.The KDF is implemented using the hash support from the kernel crypto API.The implementation uses the symmetric hash support as the input to thehash operation is usually very small. The caller is allowed to specifythe hash name that he wants to use to derive the key material allowingthe use of all supported hashes provided with the kernel crypto API.As the KDF implements the proper truncation of the DH shared secret tothe requested size, this patch fills the caller buffer up to its size.The patch is tested with a new test added to the keyutils user spacecode which uses a CAVS test vector testing the compliance withSP800-56A.Signed-off-by: Stephan Mueller Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

31e6ec45 - security/keys: make BIG_KEYS dependent on stdrng.

Wed, 26 Oct 2016 14:02:09 +0000

security/keys: make BIG_KEYS dependent on stdrng.Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"providers to be compiled into kernel. Otherwise big_key_crypto_init() failson crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. inbig_key_preparse()) results in a NULL pointer dereference.Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys stored encrypted')Signed-off-by: Artem Savkov Signed-off-by: David Howells cc: Stephan Mueller cc: Kirill Marinushkin cc: stable@vger.kernel.orgSigned-off-by: James Morris List of files: /linux-6.15/security/keys/Kconfig

ddbb4114 - KEYS: Add KEYCTL_DH_COMPUTE command

Tue, 12 Apr 2016 18:54:58 +0000

KEYS: Add KEYCTL_DH_COMPUTE commandThis adds userspace access to Diffie-Hellman computations through anew keyctl() syscall command to calculate shared secrets or publickeys using input parameters stored in the keyring.Input key ids are provided in a struct due to the current 5-arg limitfor the keyctl syscall. Only user keys are supported in order to avoidexposing the content of logon or encrypted keys.The output is written to the provided buffer, based on the assumptionthat the values are only needed in userspace.Future support for other types of key derivation would involve a newcommand, like KEYCTL_ECDH_COMPUTE.Once Diffie-Hellman support is included in the crypto API, this codecan be converted to use the crypto API to take advantage of possiblehardware acceleration and reduce redundant code.Signed-off-by: Mat Martineau Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig

13100a72 - Security: Keys: Big keys stored encrypted

Tue, 12 Apr 2016 18:54:58 +0000

Security: Keys: Big keys stored encryptedSolved TODO task: big keys saved to shmem file are now stored encrypted.The encryption key is randomly generated and saved to payload[big_key_data].Signed-off-by: Kirill Marinushkin Signed-off-by: David Howells List of files: /linux-6.15/security/keys/Kconfig