diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-04-12 21:54:58 +0300 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2016-04-12 21:54:58 +0300 |
commit | ddbb41148724367394d0880c516bfaeed127b52e (patch) | |
tree | 3e5cc20804b646256525cd9c2de7a9681d7e4996 /security/keys/Kconfig | |
parent | 13100a72f40f5748a04017e0ab3df4cf27c809ef (diff) | |
download | linux-ddbb41148724367394d0880c516bfaeed127b52e.tar.xz |
KEYS: Add KEYCTL_DH_COMPUTE command
This adds userspace access to Diffie-Hellman computations through a
new keyctl() syscall command to calculate shared secrets or public
keys using input parameters stored in the keyring.
Input key ids are provided in a struct due to the current 5-arg limit
for the keyctl syscall. Only user keys are supported in order to avoid
exposing the content of logon or encrypted keys.
The output is written to the provided buffer, based on the assumption
that the values are only needed in userspace.
Future support for other types of key derivation would involve a new
command, like KEYCTL_ECDH_COMPUTE.
Once Diffie-Hellman support is included in the crypto API, this code
can be converted to use the crypto API to take advantage of possible
hardware acceleration and reduce redundant code.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/Kconfig')
-rw-r--r-- | security/keys/Kconfig | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/keys/Kconfig b/security/keys/Kconfig index 45828095080d..f826e8739023 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -85,3 +85,14 @@ config ENCRYPTED_KEYS Userspace only ever sees/stores encrypted blobs. If you are unsure as to whether this is required, answer N. + +config KEY_DH_OPERATIONS + bool "Diffie-Hellman operations on retained keys" + depends on KEYS + select MPILIB + help + This option provides support for calculating Diffie-Hellman + public keys and shared secrets using values stored as keys + in the kernel. + + If you are unsure as to whether this is required, answer N. |