KEYS: Add placeholder for KDF usage with DH

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The values computed during Diffie-Hellman key exchange are often used
in combination with key derivation functions to create cryptographic
keys. Add a placeholder for a later implementation to configure a
key derivation function that will transform the Diffie-Hellman
result returned by the KEYCTL_DH_COMPUTE command.

[This patch was stripped down from a patch produced by Mat Martineau that
had a bug in the compat code - so for the moment Stephan's patch simply
requires that the placeholder argument must be NULL]

Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

authored by

Stephan Mueller and committed by

James Morris 9 years ago 4693fc73 4340fa55

+17 -7

5 changed files

expand all

Documentation

security

keys.txt

security

keys

compat.c

dh.c

internal.h

keyctl.c

+4 -1

Documentation/security/keys.txt

··· 826 826 (*) Compute a Diffie-Hellman shared secret or public key 827 827 828 828 long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params, 829 - char *buffer, size_t buflen); 829 + char *buffer, size_t buflen, 830 + void *reserved); 830 831 831 832 The params struct contains serial numbers for three keys: 832 833 ··· 843 842 If the base is the shared generator, the result is the local 844 843 public key. If the base is the remote public key, the result is 845 844 the shared secret. 845 + 846 + The reserved argument must be set to NULL. 846 847 847 848 The buffer length must be at least the length of the prime, or zero. 848 849

+1 -1

security/keys/compat.c

··· 134 134 135 135 case KEYCTL_DH_COMPUTE: 136 136 return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3), 137 - arg4); 137 + arg4, compat_ptr(arg5)); 138 138 139 139 default: 140 140 return -EOPNOTSUPP;

+7 -1

security/keys/dh.c

··· 78 78 } 79 79 80 80 long keyctl_dh_compute(struct keyctl_dh_params __user *params, 81 - char __user *buffer, size_t buflen) 81 + char __user *buffer, size_t buflen, 82 + void __user *reserved) 82 83 { 83 84 long ret; 84 85 MPI base, private, prime, result; ··· 95 94 } 96 95 if (copy_from_user(&pcopy, params, sizeof(pcopy)) != 0) { 97 96 ret = -EFAULT; 97 + goto out; 98 + } 99 + 100 + if (reserved) { 101 + ret = -EINVAL; 98 102 goto out; 99 103 } 100 104

+3 -2

security/keys/internal.h

··· 260 260 261 261 #ifdef CONFIG_KEY_DH_OPERATIONS 262 262 extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *, 263 - size_t); 263 + size_t, void __user *); 264 264 #else 265 265 static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params, 266 - char __user *buffer, size_t buflen) 266 + char __user *buffer, size_t buflen, 267 + void __user *reserved) 267 268 { 268 269 return -EOPNOTSUPP; 269 270 }

+2 -2

security/keys/keyctl.c

··· 1688 1688 1689 1689 case KEYCTL_DH_COMPUTE: 1690 1690 return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2, 1691 - (char __user *) arg3, 1692 - (size_t) arg4); 1691 + (char __user *) arg3, (size_t) arg4, 1692 + (void __user *) arg5); 1693 1693 1694 1694 default: 1695 1695 return -EOPNOTSUPP;