xfrm: redact SA secret with lockdown confidentiality

redact XFRM SA secret in the netlink response to xfrm_get_sa()
or dumpall sa.
Enable lockdown, confidentiality mode, at boot or at run time.

e.g. when enabled:
cat /sys/kernel/security/lockdown
none integrity [confidentiality]

ip xfrm state
src 172.16.1.200 dst 172.16.1.100
	proto esp spi 0x00000002 reqid 2 mode tunnel
	replay-window 0
	aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96

note: the aead secret is redacted.
Redacting secret is also a FIPS 140-2 requirement.

v1->v2
 - add size checks before memset calls
v2->v3
 - replace spaces with tabs for consistency
v3->v4
 - use kernel lockdown instead of a /proc setting
v4->v5
 - remove kconfig option

Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

This commit is contained in:

Antony Antony

2020-11-17 17:47:23 +01:00

• committed by

Steffen Klassert

parent 8be33ecfc1

commit c7a5899eb2

3 changed files with 69 additions and 7 deletions

									
										1

include/linux/security.h
									
										View file
										
				@ -127,6 +127,7 @@ enum lockdown_reason {

					LOCKDOWN_PERF,

					LOCKDOWN_TRACEFS,

					LOCKDOWN_XMON_RW,

					LOCKDOWN_XFRM_SECRET,

					LOCKDOWN_CONFIDENTIALITY_MAX,

				};

Rows
Columns

xfrm: redact SA secret with lockdown confidentiality

1 include/linux/security.h Unescape Escape View file

1

include/linux/security.h

View file