| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 May 2016 23:09:17 +0100
From: David Howells <dhowells@...hat.com>
To: jmorris@...ei.org
cc: dhowells@...hat.com, zohar@...ux.vnet.ibm.com,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL] KEYS: Keyring changes for security/next
Hi James,
Can you pull my next branch into security/next? Barring one fix, it's been
in linux-next since the 12th April. That fix was to add a missing
dependency on a new IMA config option. The keys-next branch is composed of
the merging of three other branches:
(1) keys-misc.
This contains some miscellaneous patches, including:
(A) Efficiency enhancement in user_update().
(B) big-type keys are encrypted with a random key when stored in a
file.
(C) Provision of KEYCTL_DH_COMPUTE to do Diffie-Hellman computations
so that they can be offloaded to hardware if available in future.
(2) keys-sig.
These patches detach the public_key_signature struct from where it was
previously stored when parsing X.509 and PKCS#7 and allocate it
separately. The signature details on an X.509 certificate is then
retained with the asymmetric key so that trust determination can be
made when a key is added to a keyring rather than just at the time the
key is created.
A bug is also fixed in the determination of whether an X.509
certificate is self-signed (we were assuming that if a cert has
neither AKID nor SKID then it must be self-signed).
(3) keys-trust.
These patches change how the trustworthiness of a certificate or key
is determined. It was originally based on being able to find a key in
the system keyring that validated a signature. This, however, got
changed to add an IMA keyring as an additional source of keys. With
these patches, the signature on a key is checked any time a key is
linked into a keyring.
This is done by the use of a manager function that can be set on the
target keyring and then gets to approve the addition of a key based on
whatever criteria it likes.
The IMA MOK keyring is absorbed into a general secondary system
keyring and keys can be added there. The builtin system keyring then
only holds keys that were made part of the kernel at boot. The
manager function would then typically check one or both of these
keyrings.
More information can be found in the merge messages for (2) and (3).
Thanks,
David
---
The following changes since commit 9735a22799b9214d17d3c231fe377fc852f042e9:
Linux 4.6-rc2 (2016-04-03 09:09:40 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-next-20160505
for you to fetch changes up to d55201ce08bfae40ae0062be126f49471a55bcad:
Merge branch 'keys-trust' into keys-next (2016-05-04 17:20:20 +0100)
----------------------------------------------------------------
Keyrings changes for next
----------------------------------------------------------------
Andreas Ziegler (1):
security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA
David Howells (23):
X.509: Whitespace cleanup
KEYS: Allow authentication data to be stored in an asymmetric key
KEYS: Add identifier pointers to public_key_signature struct
X.509: Retain the key verification data
PKCS#7: Make the signature a pointer rather than embedding it
X.509: Extract signature digest and make self-signed cert checks earlier
X.509: Fix self-signed determination
KEYS: Generalise system_verify_data() to provide access to internal content
PKCS#7: Make trust determination dependent on contents of trust keyring
KEYS: Add a facility to restrict new links into a keyring
KEYS: Move x509_request_asymmetric_key() to asymmetric_type.c
KEYS: Generalise x509_request_asymmetric_key()
X.509: Use verify_signature() if we have a struct key * to use
X.509: Move the trust validation code out to its own file
KEYS: Make the system trusted keyring depend on the asymmetric key type
KEYS: Move the point of trust determination to __key_link()
KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED
certs: Add a secondary system keyring that can be added to dynamically
IMA: Use the the system trusted keyrings instead of .ima_mok
KEYS: user_update should use copy of payload made during preparsing
Merge branch 'keys-misc' into keys-next
Merge branch 'keys-sig' into keys-next
Merge branch 'keys-trust' into keys-next
Kirill Marinushkin (1):
Security: Keys: Big keys stored encrypted
Mat Martineau (1):
KEYS: Add KEYCTL_DH_COMPUTE command
Paolo Abeni (1):
security: drop the unused hook skb_owned_by
Documentation/security/keys.txt | 52 ++++++
arch/x86/kernel/kexec-bzimage64.c | 18 +-
certs/Kconfig | 9 +
certs/system_keyring.c | 139 +++++++++++---
crypto/asymmetric_keys/Kconfig | 6 +-
crypto/asymmetric_keys/Makefile | 5 +-
crypto/asymmetric_keys/asymmetric_keys.h | 2 +
crypto/asymmetric_keys/asymmetric_type.c | 96 +++++++++-
crypto/asymmetric_keys/mscode_parser.c | 21 +--
crypto/asymmetric_keys/pkcs7_key_type.c | 72 +++-----
crypto/asymmetric_keys/pkcs7_parser.c | 59 +++---
crypto/asymmetric_keys/pkcs7_parser.h | 11 +-
crypto/asymmetric_keys/pkcs7_trust.c | 43 ++---
crypto/asymmetric_keys/pkcs7_verify.c | 107 +++++------
crypto/asymmetric_keys/public_key.c | 20 +-
crypto/asymmetric_keys/restrict.c | 108 +++++++++++
crypto/asymmetric_keys/signature.c | 18 ++
crypto/asymmetric_keys/verify_pefile.c | 40 +---
crypto/asymmetric_keys/verify_pefile.h | 5 +-
crypto/asymmetric_keys/x509_cert_parser.c | 52 +++---
crypto/asymmetric_keys/x509_parser.h | 12 +-
crypto/asymmetric_keys/x509_public_key.c | 297 +++++++++---------------------
fs/cifs/cifsacl.c | 2 +-
fs/nfs/nfs4idmap.c | 2 +-
include/crypto/pkcs7.h | 6 +-
include/crypto/public_key.h | 33 ++--
include/keys/asymmetric-subtype.h | 2 +-
include/keys/asymmetric-type.h | 13 +-
include/keys/system_keyring.h | 41 ++---
include/linux/key-type.h | 1 -
include/linux/key.h | 44 +++--
include/linux/lsm_hooks.h | 1 -
include/linux/verification.h | 49 +++++
include/linux/verify_pefile.h | 22 ---
include/uapi/linux/keyctl.h | 10 +
kernel/module_signing.c | 7 +-
net/dns_resolver/dns_key.c | 2 +-
net/rxrpc/ar-key.c | 4 +-
security/integrity/Kconfig | 1 -
security/integrity/digsig.c | 15 +-
security/integrity/ima/Kconfig | 36 ++--
security/integrity/ima/Makefile | 2 +-
security/integrity/ima/ima_mok.c | 23 +--
security/keys/Kconfig | 15 ++
security/keys/Makefile | 1 +
security/keys/big_key.c | 198 ++++++++++++++++++--
security/keys/compat.c | 4 +
security/keys/dh.c | 160 ++++++++++++++++
security/keys/internal.h | 12 ++
security/keys/key.c | 42 ++++-
security/keys/keyctl.c | 5 +
security/keys/keyring.c | 46 ++++-
security/keys/persistent.c | 4 +-
security/keys/process_keys.c | 16 +-
security/keys/request_key.c | 4 +-
security/keys/request_key_auth.c | 2 +-
security/keys/user_defined.c | 42 ++---
security/security.c | 1 -
58 files changed, 1341 insertions(+), 719 deletions(-)
create mode 100644 crypto/asymmetric_keys/restrict.c
create mode 100644 include/linux/verification.h
delete mode 100644 include/linux/verify_pefile.h
create mode 100644 security/keys/dh.c
Powered by blists - more mailing lists