NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include
History
Antony Antony c7a5899eb2 xfrm: redact SA secret with lockdown confidentiality 
redact XFRM SA secret in the netlink response to xfrm_get_sa()
or dumpall sa.
Enable lockdown, confidentiality mode, at boot or at run time.

e.g. when enabled:
cat /sys/kernel/security/lockdown
none integrity [confidentiality]

ip xfrm state
src 172.16.1.200 dst 172.16.1.100
	proto esp spi 0x00000002 reqid 2 mode tunnel
	replay-window 0
	aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96

note: the aead secret is redacted.
Redacting secret is also a FIPS 140-2 requirement.

v1->v2
 - add size checks before memset calls
v2->v3
 - replace spaces with tabs for consistency
v3->v4
 - use kernel lockdown instead of a /proc setting
v4->v5
 - remove kconfig option

Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2020-11-27 11:03:06 +01:00
..
acpi pci-v5.10-changes 2020-10-22 12:41:00 -07:00
asm-generic asm-generic: fixes for v5.10 2020-10-30 13:11:46 -07:00
clocksource clocksource/drivers/sp804: Remove unused sp804_timer_disable() and timer-sp804.h 2020-09-24 10:51:04 +02:00
crypto X.509: Fix modular build of public_key_sm2 2020-10-08 16:39:14 +11:00
drm drm: drm_print.h: fix kernel-doc markups 2020-10-27 11:21:39 +01:00
dt-bindings ARM: Devicetree updates 2020-10-24 10:44:18 -07:00
keys
kunit kunit: test: fix remaining kernel-doc warnings 2020-10-26 13:23:44 -06:00
kvm ARM: 2020-10-23 11:17:56 -07:00
linux xfrm: redact SA secret with lockdown confidentiality 2020-11-27 11:03:06 +01:00
math-emu
media ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
memory
misc
net net: remove ip_tunnel_get_stats64 2020-11-09 17:50:28 -08:00
pcmcia
ras mm,hwpoison: introduce MF_MSG_UNSPLIT_THP 2020-10-16 11:11:17 -07:00
rdma RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
scsi SCSI misc on 20201023 2020-10-23 16:19:02 -07:00
soc soc/fsl/qbman: Add an argument to signal if NAPI processing is required. 2020-11-03 17:41:03 -08:00
sound ALSA: make snd_kcontrol_new name a normal string 2020-10-26 20:28:59 +01:00
target
trace afs: Fix afs_invalidatepage to adjust the dirty region 2020-10-29 13:53:04 +00:00
uapi net/packet: make packet_fanout.arr size configurable up to 64K 2020-11-09 16:41:40 -08:00
vdso
video gpu: ipu-v3: remove unused functions 2020-10-26 10:42:38 +01:00
xen xen: branch for v5.10-rc1c 2020-10-25 10:55:35 -07:00