diff options
| author | Antony Antony <antony.antony@secunet.com> | 2020-11-17 19:47:23 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2020-11-27 13:03:06 +0300 |
| commit | c7a5899eb26e2a4d516d53f65b6dd67be2228041 (patch) | |
| tree | 3c57c631ca926f27378b28bc9fa2a6f6d81476c8 /include/linux/security.h | |
| parent | 8be33ecfc1ffd2da20cc29e957e4cb6eb99310cb (diff) | |
| download | linux-c7a5899eb26e2a4d516d53f65b6dd67be2228041.tar.xz | |
xfrm: redact SA secret with lockdown confidentiality
redact XFRM SA secret in the netlink response to xfrm_get_sa()
or dumpall sa.
Enable lockdown, confidentiality mode, at boot or at run time.
e.g. when enabled:
cat /sys/kernel/security/lockdown
none integrity [confidentiality]
ip xfrm state
src 172.16.1.200 dst 172.16.1.100
proto esp spi 0x00000002 reqid 2 mode tunnel
replay-window 0
aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96
note: the aead secret is redacted.
Redacting secret is also a FIPS 140-2 requirement.
v1->v2
- add size checks before memset calls
v2->v3
- replace spaces with tabs for consistency
v3->v4
- use kernel lockdown instead of a /proc setting
v4->v5
- remove kconfig option
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index bc2725491560..1112a79a7dba 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -127,6 +127,7 @@ enum lockdown_reason { LOCKDOWN_PERF, LOCKDOWN_TRACEFS, LOCKDOWN_XMON_RW, + LOCKDOWN_XFRM_SECRET, LOCKDOWN_CONFIDENTIALITY_MAX, }; |